Windows Logon Script not running
I have a Windows 7 machine running in a Windows 2003 environment. When I log on a script should run that maps drives on that machine but never does. I have checked on the DC in the GPO and the script is in the correct place and it linked and Enforced but still no luck.
When I run RSOP on the target machine it shows a red X on Computer Configuration and an Exclamation point on User Configuration. When I drill down in User Configuration\Windows Settings\Scripts\Logon it shows an old script that has been deleted. To me is sounds like the AD is not updating or my machine is not accepting updates from the DC.
How can I fix this, Troubleshoot?
Thank You in Advance for all your assistance.
When I run RSOP on the target machine it shows a red X on Computer Configuration and an Exclamation point on User Configuration. When I drill down in User Configuration\Windows Settings\Scripts\Logon it shows an old script that has been deleted. To me is sounds like the AD is not updating or my machine is not accepting updates from the DC.
How can I fix this, Troubleshoot?
Thank You in Advance for all your assistance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Adrian Cantrill
The above command doesnt explain why the policy isnt being updated, but its usefull because it should fix the problem... assuming the actual policy refresh isnt the root cause. Let me know if the above command fixes the issue..
do check for firewall to be off.
If you see a policy that is failing in RSOP view then it is possible that it is still linked to an OU that user account is tied to. Have you checked the name of the GPO and searched in GPMC.msc to see if you can find this? If you find it, remove all groups/users from the scope and do gpupdate /force and also reboot the machine.
As you have stated this is something that is failed with the GPO. I would also test the script to ensure that it is working properly. If you put the script in the "Startup Folder" does this map the drives for you?
Also, take a look in the event viewer as this should also give you some more detail on the failing GPO that is being applied.
As you have stated this is something that is failed with the GPO. I would also test the script to ensure that it is working properly. If you put the script in the "Startup Folder" does this map the drives for you?
Also, take a look in the event viewer as this should also give you some more detail on the failing GPO that is being applied.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
tparus ; very interested to see if any of the solutions help - let us know when you have tested.
ASKER
This problem is very odd and I believe there is more than one cause to this problem. I tested the issue where my firewall was enabled and disabled then logged out then back in, no use. I then tried forcing the update of the GP which returned two issues.
1. Folder redirection failed due to the change in the file system on Windows 7 vs XP so the policy doesn't know where the My Documents folder is now located. This is any easy fix and it was only a warning.
2. This one is more complicated and really don't know how to go about fixing this one. The error was that it attempted to read file \\domain name\SysVol\domain name\Policies\<ID #>\gpt.ini. it gives three reasons:
a) Name resolution\Network problems. (Pinged the DC and the name returned correctly. Not the problem)
b) File Replication Service Latency. ( We only have one DC so that couldn't be the problem however I recently demoted a secondary DC to a member server and removed all domain services but the DC still wants to replicate to it. How do i fix this?)
c) DFS client has been disabled.
I ran GPRESULT /H GPReport.html as suggested and looked through the report and there were some issues but none of them related to the Logon script.
The one thing that I did notice is that I was a member of the Domain Admins group. I removed myself from the Domain Admins group and restarted my machine and logged in. The folders mapped however, I don't know if this was the fix to the problem because these folders have been mapping on and off all during the time I was a member or the Domain Admins group.
In a way this issue is fixed however I believe it may return. I will do some digging to see if I can find more issues but hope this issue may be resolved.
1. Folder redirection failed due to the change in the file system on Windows 7 vs XP so the policy doesn't know where the My Documents folder is now located. This is any easy fix and it was only a warning.
2. This one is more complicated and really don't know how to go about fixing this one. The error was that it attempted to read file \\domain name\SysVol\domain name\Policies\<ID #>\gpt.ini. it gives three reasons:
a) Name resolution\Network problems. (Pinged the DC and the name returned correctly. Not the problem)
b) File Replication Service Latency. ( We only have one DC so that couldn't be the problem however I recently demoted a secondary DC to a member server and removed all domain services but the DC still wants to replicate to it. How do i fix this?)
c) DFS client has been disabled.
I ran GPRESULT /H GPReport.html as suggested and looked through the report and there were some issues but none of them related to the Logon script.
The one thing that I did notice is that I was a member of the Domain Admins group. I removed myself from the Domain Admins group and restarted my machine and logged in. The folders mapped however, I don't know if this was the fix to the problem because these folders have been mapping on and off all during the time I was a member or the Domain Admins group.
In a way this issue is fixed however I believe it may return. I will do some digging to see if I can find more issues but hope this issue may be resolved.
This is known as a tough one because there's several ways for it to crash out, usually related to user authentication. Sometimes the script tries to run on cached credentials, which fails. Sometimes it tries to pull rights, but the GP script is in a location that the user can't get to (netvol versus sysvol, for example). Or it could be a missing reg key. Hopefully one of the suggestions I posted will fix it.