• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9511
  • Last Modified:

Server 2008 Roaming Profiles not working


Would somebody be able to point me in the right direction?  I've recently migrated (still in the process of actually) from a SBS 2003 environment to a 2008 one, with separate DC / Exchange / File Servers.  *one heck of a upgrade*

Unfortunately, with the Serv2k8 setup, I'm having some problems getting Roaming profiles to work as they should.

I've followed:  http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx  to a T.  As I did when I was in the 2003 enviornment - when everything was working.

My permissions match that technet article exactly, but whenever an end user tries to log in, they're given an error that their roaming profile cannot be located, so the machines creates a local profile for them - to be deleted on logoff.

As a side note, I have the user's home directory mapped to a share on the exact same server with the same folder permissions, and those work like a champ.  However, I think the reason that those are working, where the profiles fail - is that when I create a user in AD it creates the home folder at the same time, where as profiles aren't created until the user actually logs in.  So, from Domain Admin permissions to make the home folder - to user permissions trying to make the profile folder...

Either or, I'm at a stump right now.  And as I mentioned before, these are the exact same permissions I had on the SBS 2003 box where roaming profiles were in fact working.

Any ideas that can be thrown into the mix would be greatly appreciated.

**On that server the user share is:   \\server\users    While the profile share is \\server\profiles$
3 Solutions
Henrik JohanssonSystems engineerCommented:
Are you using only servername in the UNC-path? If so, add DNS-suffix.
Avoid pre-creating the individual user folders as they will be created during the logon/logoff process.
usslindstromAuthor Commented:
Thanks for the idea.

Unfortunately, adding the DNS suffix also gives the same result, and errors out on finding/creating the roaming profile folder.

Right now, I've left the roaming profiles folder empty, (haven't copied anything over to it) - trying to get it so they get created by the machine, and not me.  That way - the user itself would become owner of the object and have full rights over their own profile.

But . . . . . .     I haven't been able to get that far.  :(
usslindstromAuthor Commented:
Ah - on a side note.

Just for testing purposes - I put "Everyone" on both the share level access and NTFS access with full permissions - and the profiles still couldn't be created.

My first inclination would have been point to DNS - but that's not the case at all.  DNS works fine, and I can resolve the fileshare via NETBIOS name and FQDN, both resolve to the same correct address.  (Also, keep in mind that the users home directory is shared from the same machine and those are working like a champ)

To test write level permissions, I hit up the root folder and am able to write to it and create folders.

Also, just for testing purposes, I tried out a solution of having roaming profiles dumped within the user's home share (fileserver\users\%username%\profile).   - But doing that also gives the same error, even if I pre-create the folder and give that particular user ownership of it.

Any more ideas that can be thrown into the mix would be greatly appreciated.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Is the new SBS 2008 server a brand new active directory domain or were you able to join it to your existing 2003 domain?

Is your old 2003 server with the roaming profiles still available?

It sounds to me like the clients may have been joined to a new domain and no longer have access to the old server.  If that is true you may want to move a computer back to the old server as a test, redirect the roaming profile locally on the computer, then join it to the new domain with the redirected profiles and see if that works.
usslindstromAuthor Commented:
Thnx for the comment.

Actually, the original was a SBS 2003 box.  I moved all the FSMO roles over to the new DC (2k8), and demoted the SBS box.

Once I made sure the 2k8 had everything (dns, dhcp, AD PDC, etc) I dropped the sbs box completely.

And so far so good - except these profiles.  :(
Okay, that makes things easier.  Did you try to login with your old server up?  I think my main concern is that in order for profiles to move the original source has to be available.  If you removed your old server before logging into any clients your clients will not be able to find their old profiles and transfer them to the new server.  So try turning your old server on and logging in with clients (if you haven't tried that).  If you have then let me know.
usslindstromAuthor Commented:
-At this point in the game, I'm not worried about grabbing the previous profiles.  I've got the folder redirection working for the users' "My Documents."

So basically, all users would be starting a new profile when they log in.  Or at least that's what's supposed to be happening here.  :P
So you've already deleted everyone's local profiles in the User Profiles tool and you're still getting this error?  What if a user logs into a computer that they've never logged into before?  The error is "roaming profile cannot be located"  meaning the profile cannot be found on the old server.  Not "Roaming profile cannot be created" which would be a permissions issue (which is where you are thinking the issue is).

If you completely wipe the profile off the local computer I'd be surprised if you were still receiving that error.  If you turn off the old server, then you will of course receive that error because the roaming profile is on the old server still.  A new roaming profile is not created during the login process.  It's created when the user logs out.  But during the login process the old roaming profile is looked for and that is what the error message is indicating.  Delete all local profile information and the user on the next login will not look for their roaming profile and, will create a new local profile, and when they log out their profile will be uploaded to their new roaming profile location.
usslindstromAuthor Commented:
Yeah - unfortunately, the error still comes up after wiping any local profiles.

Just for testing, I also made a test account in AD..  And logged in for the first time on that account.

The exact error is:

"Windows cannot locate your roaming profile (read only) and is attempting to log you on with your local profile.  Possible causes of this error include network problems or insufficient security rights.  If this problem persists, contact your network administrator."

I really do think it's the later part of the problem of not having rights to create the folder on the server itself.  Which, in itself is very strange, because one of my testing phases was to give everyone full control of both the share level and NTFS level of the folder.


I can't thank you enough for helping me through this issue.  Anything else you can help me throw into the fix-it fire, I really appreciate it.
I presume the client PC's are XP? If so the recommended fix for roaming profiles for XP clients is:  http://support.microsoft.com/defau [...] -US;831651

I had a similar issue way back and this sorted it out, but I've not had it yet with Vista machines. I'm not entirely sure, but the problem appeared to be logins were too quick and needed a logon delay.

If the clients are wireless, try this: http://support.microsoft.com/kb/873485/en-us

usslindstromAuthor Commented:
Sorry for the late response.  Work's been hectic on and off - hard to stay focused at some points.

The clients all range from XP, SP1-SP3 - to Vista - to even Win7.  All computers have the error when logging in, and the roaming profile is not created.  Also, I've got the group policy forcing the system to wait for the network prior to continue processi\ng.

One singular note of thought, which shouldn't be an issue at all.  Is that I have the file server (hosting the user / profile shares) as a virtualized machine now, under virtual server 2k5.  ~could there be something in the configuration that dis-allows connections for roaming directories in a Virtual Enviornment?          This is really doubtful - since I do have the users "My Documents" etc redirected to the same virtual server, which are working fine.

Thanks for everyone's help so far - any other addons I can throw into the mix are always appreciated...
usslindstromAuthor Commented:
THANK YOU EVERYONE FOR YOUR HELP!  I figured out the dilemma.

It would appear in my haste of running over the migration, that I mistakingly had the group policy set where the file server was located:

Prevent Roaming Profile changes from propagating to the server  -  I had it as enabled.

Change it back to "Not Configured" and viola.  Extremely devistating in my conquest of roaming profiles here.  lol

I really appreciate everyone's time on this issue.  You guys had me thinking about every possible solution - and stripping apart the GPO line by line.  Wouldn't have found it without you guys.  :)
usslindstromAuthor Commented:
Very much appreciated everybody!  :)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Tackle projects and never again get stuck behind a technical roadblock.
Join Now