Solved

Windows 7 Roaming Profile problem

Posted on 2010-08-17
35
1,353 Views
Last Modified: 2012-05-10
Hi,
      We started rolling out Windows 7 in our company and  we use Roaming profiles in our company.we had one user whose roaming profile doesn't load on windows 7.Just loads temporary profile when the users logs on.I can see the v2 profile created on the server and it doesn't load the profile when the user logs on.As the user is logged on with temp profile he cannot even connect to network shares etc(doesn't authenticate the user).

      And if he logs on to Wondows xp his roaming profile loads fine.

  Please see the attached file with one warning and two error messages from the eventviewer.please let me know the solution
Eventvwr.doc
0
Comment
Question by:t250
  • 16
  • 6
  • 3
  • +4
35 Comments
 
LVL 3

Expert Comment

by:the_scotsman_
ID: 33453239
Do you by any chance have nVidia video drivers installed?

There is a known issue where the nVidia Display Driver Service causes this problem.

If you do have nVidia graphics drivers installed, disable the nVidia Display Driver Service (this wont affect the graphics of the computer, it's only the desktop application part) then reboot.

See if this solves the issue (if you do have nVidia on the system).
0
 

Author Comment

by:t250
ID: 33453295
Hi The Scotsman,

       we don't have nVidia driver installed we have Intel Driver installed.plese see below
 
   
      \\.\DISPLAY1\Monitor0
Intel(R) G41 Express Chipset (Microsoft Corporation - WDDM 1.1)
      Memory      1421 MB
      Memory type      2
      Driver version      8.15.10.1749
Intel(R) G41 Express Chipset (Microsoft Corporation - WDDM 1.1)
      Memory type      2
      Driver version      8.15.10.1749
0
 
LVL 1

Expert Comment

by:Standis
ID: 33453299
Hi.

Check out this article: http://support.microsoft.com/kb/947242
Also valid for windows 7..

Regards,
Standis
0
 
LVL 8

Expert Comment

by:TheMak
ID: 33453366
DOWNLOAD User Profile Hive Cleanup Service AND INSTALL:
http://www.microsoft.com/downloads/details.aspx?FamilyId=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
AND THEN RUN CHECK DISK ON YOUR C DRIVE...
HOPE THIS WILL FIX IT
OR LASTLY YOU CAN TRY THIS,
http://windows.microsoft.com/en-US/windows-vista/Fix-a-corrupted-user-profile
REGARDS,
0
 

Author Comment

by:t250
ID: 33453461
Hi Standis,

      i cannot see the profilelist key in the registry.As this is is the only user logged onto this PC after we did the build so there is no profilelist.temp profile is getting deleted when the user logged off
0
 

Author Comment

by:t250
ID: 33453475
themak,

     there are no other profiles on the PC and i have even tried to give the user a brand new profile and the same error message.doesn't matter to which PC he logs on roaming profile doesn't load tried on 4 PC's
0
 
LVL 1

Expert Comment

by:Standis
ID: 33453519
Hmm, might be a ntfs security issue on the file server?
Here is one for setting proper rights on the share:
http://technet.microsoft.com/en-us/library/cc757013(WS.10).aspx

Can you write files to the profile folder (v2) when logged on as the user?

BR
Standis
0
 

Author Comment

by:t250
ID: 33453558
Standis,
   
        we also use windows server 2008 Terminal Services (Remote apps) and when the user logs onto Terminal Server his V2 profile loads ok  i.e read and write acces on the files it is only on windows 7 the v2 profile is not getting loaded.so all the permissions are fine..
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 33453584
Be sure that the user is the owner of Profile folder.

You also have to know that the folder with folder for Windows 7 and Windows Vista has to be named:

\\fileserver\profile\user1 (Windwos XP)
\\fileserver\profile\user1.v2 (Windwos 7 and Windwos Vista)

You also be aware that there is no interoperability between Windwos XP and Windows 7 profile i.e. you cannot use the same profile. At least not without folder redirection.
0
 

Author Comment

by:t250
ID: 33453612
simonlimon:

  user is oner of the profile folder and we are using different profile for xp and windows 7 i.e v2.
0
 
LVL 1

Expert Comment

by:Standis
ID: 33453845
And there are no other TS profile path on the remote desktops profile tab in aduc?
(Windows will try to load the TS profile first - if the path exists of course...)
0
 
LVL 8

Expert Comment

by:TheMak
ID: 33453943
First Download Tool (x86fre_GRMRSAT_MSU) from http://www.microsoft.com/downloads/details.aspx?FamilyID=7d2f6ad7-656b-4313-a005-4e344e43997d&displaylang=en and Install it on one win7 client Computer and configure it according to Microsoft. after that go to win2003 Domain Group Policy Editor, computer-administrative templates-system-user profiles and Enable "Leave Windows Installer & Group policy Software Installation and Wait for Remote User Profile. After that Login on win7 computer profile will be load then logoff and login with administrator account and delete that roaming profile from my computer property- advance system setting-click on profile and delete it. Then log off and again login with those profile which you have deleted profile will be load from server again do log off and login with administrator account and delete those roaming profile from c:\user and log off from administrator account and login using those account which you have deleted then it will show after login you have login with Temp profile and your files will not be present there then restart system in safe mode go to "start-run-regedit-hkey local machine-software-microsoft-windowsNT-current version-profileList-and select any value in left side after Expanding profileList it will show a user name in right side with other value then delete left side value which contain that user name which you have deleted earlier from C:\ user and Restart computer in normal mode and Now you will be able to login with that User with all Data which you have deleted earlier and there is not any error like You have Logged in Temp Profile.
http://social.technet.microsoft.com/Forums/en-US/w7itproui/thread/6a7941b8-f459-4b10-b75b-1f758c1c751a
 
Regards,
 
0
 

Author Comment

by:t250
ID: 33454099
standis,


  there is no other TSProfilepath on the  remote desktops profile tab in aduc
0
 

Author Comment

by:t250
ID: 33455272
Hi Guys,

      this is what iam seeing in the eventviewer as well. i can logon to this PC as any other user in the domain with no issues except one user
   
The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

0
 
LVL 8

Expert Comment

by:TheMak
ID: 33456593
there is some replication problem between domains, I suggest you delete the account and create it on the  domain controller that will fix this issue. To understand Rreplication have a look to the links below,
Active Directory Replication
http://www.comptechdoc.org/os/windows/win2k/win2kadrepl.html
http://technet.microsoft.com/en-us/library/cc772726(WS.10).aspx
 Best Practices Analyzer for Active Directory Domain Services
http://technet.microsoft.com/en-us/library/dd391875%28WS.10%29.aspx
0
 

Author Comment

by:t250
ID: 33457659
The maK
 this account has been created three years back and works on xp and Windows server 2008 terminal servers for some reason we are getting this problem only on windows 7.I have even given local profile still same thing in the event viewer
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 8

Expert Comment

by:TheMak
ID: 33461680
Could you please post a complete ipconfig /all from both Dc and Windows 7 PC.
Regards,
 
0
 
LVL 8

Expert Comment

by:TheMak
ID: 33461776
Group Policy preprocessing uses security to act on behalf of the computer or user. Incorrect permissions or security failures can prevent Group Policy from applying to the computer or user.  Hence you will see above message, try this below link......
http://technet.microsoft.com/en-us/library/cc727272(WS.10).aspx
0
 

Author Comment

by:t250
ID: 33462716
TheMak,
       Previously we have delegated control in AD for this user to create ,delete users etc does this have any effect and also this user used to be member of Domain Admins but not anymore...As we have created s Separate Admin Account

  Not sure because of this will he have any issues logging into Windows 7 PC's...?  
0
 
LVL 8

Expert Comment

by:TheMak
ID: 33463229
No this will not create any issue but check user again by giving domain admins privileges for testing purpose.
Regards,
 
0
 

Author Comment

by:t250
ID: 33464714
Themak,

    Added user to domain admins group still the same issue

Regards
0
 

Author Comment

by:t250
ID: 33475922
Guys,,

   any solution for this issue please as i cannot log this user using local profile as well
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 33546511
After reading through the various issues, I suspect this is an issue with the machine, not with the profile or user account. Honestly, I'd just format and reinstall Windows 7. OEM images are notorious for not being "domain friendly" and setting odd (and very buried, difficult to find) permissions that interfere with proper domain functionality...ESPECIALLY when folder redirection, roaming profiles, or remote apps are used.
HTH
-Cliff
 
0
 

Author Comment

by:t250
ID: 33548569
cliff,

   if i logon to this machine as any other user everything works ok it is just this user.I have even tried logging on this user on other windows 7 PC's as well still the same issue.

   is this user logs on to XP PC everything works ok
0
 
LVL 7

Expert Comment

by:jesaja
ID: 33549074
I have see this behavior on windows 7 roaming profiles especially when they are transfered from windows XP profiles
In my case the error appeared when unloading the profile.

This error attached points to a process with ID 1100 that is blocking the registry key.  I just had to kill this process with this ID and the profile was unloaded correct.

In your case the profile is even not loaded.

How did you transfer windows XP settings to the new windows 7 profile?

Due to that windows xp profile is loaded security setting must be fine

First I would try to create a clean new profile for this user. Make sure to rename XP and Windows 7 profiles during the test.

Did you try to login from another windows 7 computer for this user?


0
 
LVL 7

Expert Comment

by:jesaja
ID: 33549105
The security error points

http://support.microsoft.com/kb/938457


How did you join the win 7 to the domain. Did you use the SBS connect homepage?
And the user has been created through the SBS wizard


I just ask because on the SBS everything is set through scripts. Security Settings, GPOs etc.
0
 

Author Comment

by:t250
ID: 33567020
HI,

 i have renamed the old profile on the server and logged onto pc as the user and still the same msg roaming profile couldn't be loaded and cannot connect to any of the network drives.it does look like windows 7 machines doesn't even authenticate this user as he cannot connect to any of the network drives.

   when tried to connect any of the network drives when logged on as this user a windows pops up with the password box again and also "The system detected a possible attempt to compromise secuirty.plase ensure you can contact the server that authenticated you"
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 33574138
Check firewall settings:

http://support.microsoft.com/kb/938457


Also, is the clock set correctly, would  seem like a kerberos error?
0
 

Author Comment

by:t250
ID: 33574714
Simonlimon,

       firewall settings are correct as i can logon to this PC as  other user  and everything is fine.Problem is only with this user.he gets the same message when he logs onto any windows 7 PC.And when he logs onto Windows xp PC everything is fine.

   Clock is set correctly
0
 
LVL 7

Expert Comment

by:jesaja
ID: 33579620
You have to check connectivity

are you using dhcp to assign ip to the client, check it the ip, dns etc is correct

ping the dc by ip, netbios and DNS name from that Workstation,

if you can resole name etc then DNS is ok.

try disableing IPv6

if this did not help

try rejoin the pc to the domain
0
 
LVL 10

Expert Comment

by:simonlimon
ID: 33580569
Can you check the event viewer on the windows 7 machine ? Is there anything strange there?
0
 

Assisted Solution

by:t250
t250 earned 0 total points
ID: 33796856
HI All,

  i have found the solution for this myself.For this user Account in AD "Use Kerberos DES Encryption for this Account" is checked and i have unchecked and the issue is now resolved,.please  see the below link from Microsoft Technet

http://technet.microsoft.com/en-us/library/ff646918(WS.10).aspx
0
 

Accepted Solution

by:
t250 earned 0 total points
ID: 33796982
I would like to cancel the above request as i i have founf the solution and want to awrd the points to myself
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup". After a while, you have entered a loop for Auto repair which does not fix anything and you will be in a  panic as all your work w…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now