Solved

Windows Logon Script not running

Posted on 2010-08-23
8
1,378 Views
Last Modified: 2012-05-10
I have a Windows 7 machine running in a Windows 2003 environment. When I log on a script should run that maps drives on that machine but never does. I have checked on the DC in the GPO and the script is in the correct place and it linked and Enforced but still no luck.

When I run RSOP on the target machine it shows a red X on Computer Configuration and an Exclamation point on User Configuration. When I drill down in User Configuration\Windows Settings\Scripts\Logon it shows an old script that has been deleted. To me is sounds like the AD is not updating or my machine is not accepting updates from the DC.

How can I fix this, Troubleshoot?

Thank You in Advance for all your assistance.
0
Comment
Question by:tparus
8 Comments
 
LVL 20

Accepted Solution

by:
woolnoir earned 125 total points
ID: 33501668
have you tried forcing a policy refresh ?

gpupdate /force

0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33501675
The above command doesnt explain why the policy isnt being updated, but its usefull because it should fix the problem... assuming the actual policy refresh isnt the root cause. Let me know if the above command fixes the issue..
0
 
LVL 2

Expert Comment

by:hydrokid
ID: 33501679
do check for firewall to be off.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 33501702
If you see a policy that is failing in RSOP view then it is possible that it is still linked to an OU that user account is tied to. Have you checked the name of the GPO and searched in GPMC.msc to see if you can find this? If you find it, remove all groups/users from the scope and do gpupdate /force and also reboot the machine.

As you have stated this is something that is failed with the GPO. I would also test the script to ensure that it is working properly. If you put the script in the "Startup Folder" does this map the drives for you?

Also, take a look in the event viewer as this should also give you some more detail on the failing GPO that is being applied.
0
 
LVL 6

Assisted Solution

by:guydemarco
guydemarco earned 125 total points
ID: 33502102
See if the key below is present:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
EnableLinkedConnections = 1 (DWord)
(http://support.microsoft.com/default.aspx/kb/937624)

If that doesn't work, check that "Use Kerberos DES encryption types for this account" is unchecked.

If that doesn't work, enable group policy\computer configuration\administrative templates\system|logon\ "always wait for the network at computer startup and logon"

Lastly, you can either run it with a VBS or move it to NETLOGON instead of SYSVOL.
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 33502405
tparus ; very interested to see if any of the solutions help - let us know when you have tested.
0
 

Author Comment

by:tparus
ID: 33503106
This problem is very odd and I believe there is more than one cause to this problem. I tested the issue where my firewall was enabled and disabled then logged out then back in, no use. I then tried forcing the update of the GP which returned two issues.

1. Folder redirection failed due to the change in the file system on Windows 7 vs XP so the policy doesn't know where the My Documents folder is now located. This is any easy fix and it was only a warning.
2. This one is more complicated and really don't know how to go about fixing this one. The error was that it attempted to read file \\domain name\SysVol\domain name\Policies\<ID #>\gpt.ini. it gives three reasons:
a) Name resolution\Network problems. (Pinged the DC and the name returned correctly. Not the problem)
b) File Replication Service Latency. ( We only have one DC so that couldn't be the problem however I recently demoted a secondary DC to a member server and removed all domain services but the DC still wants to replicate to it. How do i fix this?)
c) DFS client has been disabled.

I ran GPRESULT /H GPReport.html as suggested and looked through the report and there were some issues but none of them related to the Logon script.

The one thing that I did notice is that I was a member of the Domain Admins group. I removed myself from the Domain Admins group and restarted my machine and logged in. The folders mapped however, I don't know if this was the fix to the problem because these folders have been mapping on and off all during the time I was a member or the Domain Admins group.

In a way this issue is fixed however I believe it may return. I will do some digging to see if I can find more issues but hope this issue may be resolved.
0
 
LVL 6

Expert Comment

by:guydemarco
ID: 33503178
This is known as a tough one because there's several ways for it to crash out, usually related to user authentication. Sometimes the script tries to run on cached credentials, which fails. Sometimes it tries to pull rights, but the GP script is in a location that the user can't get to (netvol versus sysvol, for example). Or it could be a missing reg key. Hopefully one of the suggestions I posted will fix it.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question