Solved

Windows Logon Script not running

Posted on 2010-08-23
8
1,382 Views
Last Modified: 2012-05-10
I have a Windows 7 machine running in a Windows 2003 environment. When I log on a script should run that maps drives on that machine but never does. I have checked on the DC in the GPO and the script is in the correct place and it linked and Enforced but still no luck.

When I run RSOP on the target machine it shows a red X on Computer Configuration and an Exclamation point on User Configuration. When I drill down in User Configuration\Windows Settings\Scripts\Logon it shows an old script that has been deleted. To me is sounds like the AD is not updating or my machine is not accepting updates from the DC.

How can I fix this, Troubleshoot?

Thank You in Advance for all your assistance.
0
Comment
Question by:tparus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 20

Accepted Solution

by:
woolnoir earned 125 total points
ID: 33501668
have you tried forcing a policy refresh ?

gpupdate /force

0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33501675
The above command doesnt explain why the policy isnt being updated, but its usefull because it should fix the problem... assuming the actual policy refresh isnt the root cause. Let me know if the above command fixes the issue..
0
 
LVL 2

Expert Comment

by:hydrokid
ID: 33501679
do check for firewall to be off.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33501702
If you see a policy that is failing in RSOP view then it is possible that it is still linked to an OU that user account is tied to. Have you checked the name of the GPO and searched in GPMC.msc to see if you can find this? If you find it, remove all groups/users from the scope and do gpupdate /force and also reboot the machine.

As you have stated this is something that is failed with the GPO. I would also test the script to ensure that it is working properly. If you put the script in the "Startup Folder" does this map the drives for you?

Also, take a look in the event viewer as this should also give you some more detail on the failing GPO that is being applied.
0
 
LVL 6

Assisted Solution

by:guydemarco
guydemarco earned 125 total points
ID: 33502102
See if the key below is present:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLinkedConnections = 1 (DWord)
(http://support.microsoft.com/default.aspx/kb/937624)

If that doesn't work, check that "Use Kerberos DES encryption types for this account" is unchecked.

If that doesn't work, enable group policy\computer configuration\administrative templates\system|logon\ "always wait for the network at computer startup and logon"

Lastly, you can either run it with a VBS or move it to NETLOGON instead of SYSVOL.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33502405
tparus ; very interested to see if any of the solutions help - let us know when you have tested.
0
 

Author Comment

by:tparus
ID: 33503106
This problem is very odd and I believe there is more than one cause to this problem. I tested the issue where my firewall was enabled and disabled then logged out then back in, no use. I then tried forcing the update of the GP which returned two issues.

1. Folder redirection failed due to the change in the file system on Windows 7 vs XP so the policy doesn't know where the My Documents folder is now located. This is any easy fix and it was only a warning.
2. This one is more complicated and really don't know how to go about fixing this one. The error was that it attempted to read file \\domain name\SysVol\domain name\Policies\<ID #>\gpt.ini. it gives three reasons:
a) Name resolution\Network problems. (Pinged the DC and the name returned correctly. Not the problem)
b) File Replication Service Latency. ( We only have one DC so that couldn't be the problem however I recently demoted a secondary DC to a member server and removed all domain services but the DC still wants to replicate to it. How do i fix this?)
c) DFS client has been disabled.

I ran GPRESULT /H GPReport.html as suggested and looked through the report and there were some issues but none of them related to the Logon script.

The one thing that I did notice is that I was a member of the Domain Admins group. I removed myself from the Domain Admins group and restarted my machine and logged in. The folders mapped however, I don't know if this was the fix to the problem because these folders have been mapping on and off all during the time I was a member or the Domain Admins group.

In a way this issue is fixed however I believe it may return. I will do some digging to see if I can find more issues but hope this issue may be resolved.
0
 
LVL 6

Expert Comment

by:guydemarco
ID: 33503178
This is known as a tough one because there's several ways for it to crash out, usually related to user authentication. Sometimes the script tries to run on cached credentials, which fails. Sometimes it tries to pull rights, but the GP script is in a location that the user can't get to (netvol versus sysvol, for example). Or it could be a missing reg key. Hopefully one of the suggestions I posted will fix it.
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question