?
Solved

Server 2008 Roaming Profiles not working

Posted on 2009-07-14
13
Medium Priority
?
9,422 Views
Last Modified: 2012-05-24
Experts,

Would somebody be able to point me in the right direction?  I've recently migrated (still in the process of actually) from a SBS 2003 environment to a 2008 one, with separate DC / Exchange / File Servers.  *one heck of a upgrade*

Unfortunately, with the Serv2k8 setup, I'm having some problems getting Roaming profiles to work as they should.

I've followed:  http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx  to a T.  As I did when I was in the 2003 enviornment - when everything was working.

My permissions match that technet article exactly, but whenever an end user tries to log in, they're given an error that their roaming profile cannot be located, so the machines creates a local profile for them - to be deleted on logoff.

As a side note, I have the user's home directory mapped to a share on the exact same server with the same folder permissions, and those work like a champ.  However, I think the reason that those are working, where the profiles fail - is that when I create a user in AD it creates the home folder at the same time, where as profiles aren't created until the user actually logs in.  So, from Domain Admin permissions to make the home folder - to user permissions trying to make the profile folder...

Either or, I'm at a stump right now.  And as I mentioned before, these are the exact same permissions I had on the SBS 2003 box where roaming profiles were in fact working.

Any ideas that can be thrown into the mix would be greatly appreciated.

**On that server the user share is:   \\server\users    While the profile share is \\server\profiles$
0
Comment
Question by:usslindstrom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 31

Assisted Solution

by:Henrik Johansson
Henrik Johansson earned 664 total points
ID: 24859563
Are you using only servername in the UNC-path? If so, add DNS-suffix.
Avoid pre-creating the individual user folders as they will be created during the logon/logoff process.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24864669
Thanks for the idea.

Unfortunately, adding the DNS suffix also gives the same result, and errors out on finding/creating the roaming profile folder.

Right now, I've left the roaming profiles folder empty, (haven't copied anything over to it) - trying to get it so they get created by the machine, and not me.  That way - the user itself would become owner of the object and have full rights over their own profile.

But . . . . . .     I haven't been able to get that far.  :(
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24864722
Ah - on a side note.

Just for testing purposes - I put "Everyone" on both the share level access and NTFS access with full permissions - and the profiles still couldn't be created.

My first inclination would have been point to DNS - but that's not the case at all.  DNS works fine, and I can resolve the fileshare via NETBIOS name and FQDN, both resolve to the same correct address.  (Also, keep in mind that the users home directory is shared from the same machine and those are working like a champ)

To test write level permissions, I hit up the root folder and am able to write to it and create folders.

Also, just for testing purposes, I tried out a solution of having roaming profiles dumped within the user's home share (fileserver\users\%username%\profile).   - But doing that also gives the same error, even if I pre-create the folder and give that particular user ownership of it.




Any more ideas that can be thrown into the mix would be greatly appreciated.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Expert Comment

by:amdaxiom
ID: 24883186
Is the new SBS 2008 server a brand new active directory domain or were you able to join it to your existing 2003 domain?

Is your old 2003 server with the roaming profiles still available?

It sounds to me like the clients may have been joined to a new domain and no longer have access to the old server.  If that is true you may want to move a computer back to the old server as a test, redirect the roaming profile locally on the computer, then join it to the new domain with the redirected profiles and see if that works.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24884674
Thnx for the comment.

Actually, the original was a SBS 2003 box.  I moved all the FSMO roles over to the new DC (2k8), and demoted the SBS box.

Once I made sure the 2k8 had everything (dns, dhcp, AD PDC, etc) I dropped the sbs box completely.

And so far so good - except these profiles.  :(
0
 
LVL 1

Expert Comment

by:amdaxiom
ID: 24884708
Okay, that makes things easier.  Did you try to login with your old server up?  I think my main concern is that in order for profiles to move the original source has to be available.  If you removed your old server before logging into any clients your clients will not be able to find their old profiles and transfer them to the new server.  So try turning your old server on and logging in with clients (if you haven't tried that).  If you have then let me know.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24884928
-At this point in the game, I'm not worried about grabbing the previous profiles.  I've got the folder redirection working for the users' "My Documents."

So basically, all users would be starting a new profile when they log in.  Or at least that's what's supposed to be happening here.  :P
0
 
LVL 1

Accepted Solution

by:
amdaxiom earned 672 total points
ID: 24888597
So you've already deleted everyone's local profiles in the User Profiles tool and you're still getting this error?  What if a user logs into a computer that they've never logged into before?  The error is "roaming profile cannot be located"  meaning the profile cannot be found on the old server.  Not "Roaming profile cannot be created" which would be a permissions issue (which is where you are thinking the issue is).

If you completely wipe the profile off the local computer I'd be surprised if you were still receiving that error.  If you turn off the old server, then you will of course receive that error because the roaming profile is on the old server still.  A new roaming profile is not created during the login process.  It's created when the user logs out.  But during the login process the old roaming profile is looked for and that is what the error message is indicating.  Delete all local profile information and the user on the next login will not look for their roaming profile and, will create a new local profile, and when they log out their profile will be uploaded to their new roaming profile location.
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24904515
Yeah - unfortunately, the error still comes up after wiping any local profiles.

Just for testing, I also made a test account in AD..  And logged in for the first time on that account.

The exact error is:

"Windows cannot locate your roaming profile (read only) and is attempting to log you on with your local profile.  Possible causes of this error include network problems or insufficient security rights.  If this problem persists, contact your network administrator."

I really do think it's the later part of the problem of not having rights to create the folder on the server itself.  Which, in itself is very strange, because one of my testing phases was to give everyone full control of both the share level and NTFS level of the folder.

--------------------

I can't thank you enough for helping me through this issue.  Anything else you can help me throw into the fix-it fire, I really appreciate it.
0
 

Assisted Solution

by:Wheelsup
Wheelsup earned 664 total points
ID: 24904891
I presume the client PC's are XP? If so the recommended fix for roaming profiles for XP clients is:  http://support.microsoft.com/defau [...] -US;831651

I had a similar issue way back and this sorted it out, but I've not had it yet with Vista machines. I'm not entirely sure, but the problem appeared to be logins were too quick and needed a logon delay.

If the clients are wireless, try this: http://support.microsoft.com/kb/873485/en-us

0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24948862
Sorry for the late response.  Work's been hectic on and off - hard to stay focused at some points.

The clients all range from XP, SP1-SP3 - to Vista - to even Win7.  All computers have the error when logging in, and the roaming profile is not created.  Also, I've got the group policy forcing the system to wait for the network prior to continue processi\ng.

One singular note of thought, which shouldn't be an issue at all.  Is that I have the file server (hosting the user / profile shares) as a virtualized machine now, under virtual server 2k5.  ~could there be something in the configuration that dis-allows connections for roaming directories in a Virtual Enviornment?          This is really doubtful - since I do have the users "My Documents" etc redirected to the same virtual server, which are working fine.

Thanks for everyone's help so far - any other addons I can throw into the mix are always appreciated...
0
 
LVL 5

Author Comment

by:usslindstrom
ID: 24959827
THANK YOU EVERYONE FOR YOUR HELP!  I figured out the dilemma.

It would appear in my haste of running over the migration, that I mistakingly had the group policy set where the file server was located:

Prevent Roaming Profile changes from propagating to the server  -  I had it as enabled.

Change it back to "Not Configured" and viola.  Extremely devistating in my conquest of roaming profiles here.  lol



I really appreciate everyone's time on this issue.  You guys had me thinking about every possible solution - and stripping apart the GPO line by line.  Wouldn't have found it without you guys.  :)
0
 
LVL 5

Author Closing Comment

by:usslindstrom
ID: 31603558
Very much appreciated everybody!  :)
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question