Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1462
  • Last Modified:

More roaming profile problems with Server 2008 TS

Users, including administrator, are getting roaming profile errors when they log in.
Here's an example:

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.
 DETAIL - The network name cannot be found.

This wasn't a problem until recently, perhaps when I shot myself in the foot by moving the server object into the TS active directory OU.
Background - SBS 2003 DC, Server 2008 member server as TS.

Poking around registry found no .bak sections in HKLM\software\microsoft\windows nt\cv\profilelist, as others have reported here.
I did make a GP change to exclude the directory containing OST files from the roaming profile - login times were getting stupid.

Weird thing is that even the administrator, which does not use a roaming profile, also gets an error that roaming profie couldn't be loaded.

Ideas, anyone?
0
geekzinc
Asked:
geekzinc
  • 4
  • 3
  • 2
  • +3
1 Solution
 
BLangersCommented:
Are the users (administrator?) actually configured to use a roaming profile?
If so, when logged on with a specific user, can you access the path to the roaming profile with explorer?
0
 
geekzincAuthor Commented:
No - that's one of the strange bits. Administrator doesn't use a roaming profile, or have a TS profile specified.

Only one person uses the admin account (me) so that's a strange problem but not a big deal.
The temp profile thing IS a problem for the other users, because the software they use has profile-dependent settings in it, and they're annoyed at having to change them.
Plus, I wanna know WTF.
0
 
aoakeleyCommented:
> This wasn't a problem until recently, perhaps when I shot myself in the foot by moving the server object into the TS active directory OU.

If you move the TS back to whereever it was and reboot (or gpupdate /force) it does the issue go away? if so have another look at your policies.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
BLangersCommented:
Very basic, but the disk holding the "Users" folder with the profiles has sufficient diskspace available?
0
 
jesajaCommented:
If I understand you right the problem occurred when you moved the server object to the TS OU on the server?

Users do not have problems loading there profile when login in to there workstations?

And the user can access the profile shared directory and create folders and files?


If so can you provide the Results Set of GPO for a user on the Terminal Server. You can do this in GPO Management on the SBS
0
 
geekzincAuthor Commented:
Yes, the problem seems to have started after I moved the terminal server around in AD.
Users don't have any issues when they log in at the main office.

Funny thing - reviewing the group policy results report (attached) I see a reference to \\tbg3\TS Profiles. The directory was there, but not shared. I fixed that and granted rights to the remote users group. This worked for administrator, and created a new directory in that share. But another user I tested with, Glen, still had the same issues and no folder was created.

I have a feeling the loopback policy was created for the terminal server OU, and was either not completed or was configured incorrectly.
So my next step, I think, is to delete and recreate the loopback policy, and also to remove all the profiles from the TS. Wait a bit, smoke a cigar, and try again.
GKolodziej-on-tbg3.htm
0
 
aoakeleyCommented:
> This worked for administrator, and created a new directory in that share. But another user I tested with, Glen, still had the same issues and no folder was created.

Sounds like while you are smoking the cigar you should also double check both the share and NTFS permissions on \\tbg3\TS Profiles
0
 
jesajaCommented:
What about disabling the loopback GPO for testing

Why is this TS Profile Path set? In my understanding it is not necessary unless more than one terminal server is used to prevent local caching of the profile and to use one profile on each TS.

Profile path is set for each user in the user's settings under profile?
And you don't have any issues when the user is logged in on a PC in the network?
0
 
aoakeleyCommented:
Just on a side note. Not saying right or wrong. But I always set a ts profile path to a path on another server. Even in single ts environment. Makes it so much easier to swap ts server when a user does something silly and gets a virus on there etc...

Like I said just my point of view. Not right or wrong.
0
 
geekzincAuthor Commented:
I'm about retest the share and folder permissions on the TS Profiles folder, so I will post back those results.

In the bigger picture, I love this site because I get more than one perspective on how things can be done. For this client, I started with SBS 2003 because it met their requirements, was fairly cheap, and we hoped the wizards would allow them to do stuff they're paying me to do (create users, add printers, etc.) HAsn't worked out that way...
Anyway, there is always feature-creep. Pretty soon they had an application they wanted used off-site, and RDC is limited to 2 users on SBS, and they had an old server I put Server 2003 and TS on. Made it a domain controller because I thought it was a good idea to have a BDC (I know, not really, but....) Then they outgrew the TS server and the only option was Server 2008, and I am still learning the differences between 2003 and 2008.
Roaming profiles became a requirement, and the CFO wanted to move and work from home...next request is server mirroring offsite. All cool things to play with and learn, but they have limited $$ and I have limited time, so it's always a balancing act.
Back to issue at hand - I set up Sonicwall firewalls at all the locations (14 and counting) so they have easy access to the file server. Application is a database, so it still requires TS. That server's only purpose is to host remote access to the application, so roaming profiles aren't required, and the TS profile can be very simple. Can't web-enable the app in TS, tho - their programmers didn't even know what I was talking about.
0
 
geekzincAuthor Commented:
Follow up:
Share permissions on the TS Profile folder was the final problem, now resolved.

How do I divvy up points? I got valuable advice from all of you!
0
 
Darius GhassemCommented:
Please accept http:#a33551370
0
 
WallyModCommented:
Apply correction requested by CV in http:#a34490770

WallyMod
Community Support Moderator
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now