I am having an issue with Roaming Profiles crashing explorer.exe on logging in.
The profiles are set up with folder redirection, and with DFS. We have two sites, Site A and Site B. When users from site A login to computers in site A, everything is fine. When Users from Site B log into computers in Site B, everything is ok aswell. When users from Site B log into computers in Site A, all is ok but when users from site A log into computers in Site B, we get the problems described above.
We are using DFS replication to keep the profiles up to date on both sites, and the profile location in the users accounts point to the DFS namespace folder for the profile, and the group policy points to the dfs namespace also. To keep things simple, we are just using the Default Domain Policy. The targets for those folders are configured to point to the server in site A and site B, however are configured to exclude targets outside the users sites therefore stopping traffic propagating across the slow WAN link connecting these sites together.
On the clients, if they are left long enough (15mins) they will log in, but explorer will completely stick until its process is restarted from task manager, then all is ok.. The client machines do have the following event Ids logged in the event viewer:
Event ID 1006: Windows cannot bind to domain 'domainname' Group Policy processing aborted
Event ID 1030: Windows cannot query for the list of Group Policy objects
Event ID 40961: The security system could not establish a secured connection with the server/ldap server. No authentication protocol was available.
Weird thing is, group policy is actually being applied. I have run dfsutil /purgemupcache to no avail, as well as checking the forward and reverse lookup zones and they are ok as well.
I am going crazy with this, please somebody help!