More roaming profile problems with Server 2008 TS

Posted on 2010-08-27
Last Modified: 2012-06-27
Users, including administrator, are getting roaming profile errors when they log in.
Here's an example:

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.
 DETAIL - The network name cannot be found.

This wasn't a problem until recently, perhaps when I shot myself in the foot by moving the server object into the TS active directory OU.
Background - SBS 2003 DC, Server 2008 member server as TS.

Poking around registry found no .bak sections in HKLM\software\microsoft\windows nt\cv\profilelist, as others have reported here.
I did make a GP change to exclude the directory containing OST files from the roaming profile - login times were getting stupid.

Weird thing is that even the administrator, which does not use a roaming profile, also gets an error that roaming profie couldn't be loaded.

Ideas, anyone?
Question by:geekzinc
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3

Expert Comment

ID: 33543632
Are the users (administrator?) actually configured to use a roaming profile?
If so, when logged on with a specific user, can you access the path to the roaming profile with explorer?

Author Comment

ID: 33546819
No - that's one of the strange bits. Administrator doesn't use a roaming profile, or have a TS profile specified.

Only one person uses the admin account (me) so that's a strange problem but not a big deal.
The temp profile thing IS a problem for the other users, because the software they use has profile-dependent settings in it, and they're annoyed at having to change them.
Plus, I wanna know WTF.
LVL 17

Expert Comment

ID: 33547686
> This wasn't a problem until recently, perhaps when I shot myself in the foot by moving the server object into the TS active directory OU.

If you move the TS back to whereever it was and reboot (or gpupdate /force) it does the issue go away? if so have another look at your policies.
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why


Expert Comment

ID: 33548720
Very basic, but the disk holding the "Users" folder with the profiles has sufficient diskspace available?

Expert Comment

ID: 33549007
If I understand you right the problem occurred when you moved the server object to the TS OU on the server?

Users do not have problems loading there profile when login in to there workstations?

And the user can access the profile shared directory and create folders and files?

If so can you provide the Results Set of GPO for a user on the Terminal Server. You can do this in GPO Management on the SBS

Author Comment

ID: 33550181
Yes, the problem seems to have started after I moved the terminal server around in AD.
Users don't have any issues when they log in at the main office.

Funny thing - reviewing the group policy results report (attached) I see a reference to \\tbg3\TS Profiles. The directory was there, but not shared. I fixed that and granted rights to the remote users group. This worked for administrator, and created a new directory in that share. But another user I tested with, Glen, still had the same issues and no folder was created.

I have a feeling the loopback policy was created for the terminal server OU, and was either not completed or was configured incorrectly.
So my next step, I think, is to delete and recreate the loopback policy, and also to remove all the profiles from the TS. Wait a bit, smoke a cigar, and try again.
LVL 17

Accepted Solution

aoakeley earned 250 total points
ID: 33551370
> This worked for administrator, and created a new directory in that share. But another user I tested with, Glen, still had the same issues and no folder was created.

Sounds like while you are smoking the cigar you should also double check both the share and NTFS permissions on \\tbg3\TS Profiles

Expert Comment

ID: 33552755
What about disabling the loopback GPO for testing

Why is this TS Profile Path set? In my understanding it is not necessary unless more than one terminal server is used to prevent local caching of the profile and to use one profile on each TS.

Profile path is set for each user in the user's settings under profile?
And you don't have any issues when the user is logged in on a PC in the network?
LVL 17

Expert Comment

ID: 33552779
Just on a side note. Not saying right or wrong. But I always set a ts profile path to a path on another server. Even in single ts environment. Makes it so much easier to swap ts server when a user does something silly and gets a virus on there etc...

Like I said just my point of view. Not right or wrong.

Author Comment

ID: 33553458
I'm about retest the share and folder permissions on the TS Profiles folder, so I will post back those results.

In the bigger picture, I love this site because I get more than one perspective on how things can be done. For this client, I started with SBS 2003 because it met their requirements, was fairly cheap, and we hoped the wizards would allow them to do stuff they're paying me to do (create users, add printers, etc.) HAsn't worked out that way...
Anyway, there is always feature-creep. Pretty soon they had an application they wanted used off-site, and RDC is limited to 2 users on SBS, and they had an old server I put Server 2003 and TS on. Made it a domain controller because I thought it was a good idea to have a BDC (I know, not really, but....) Then they outgrew the TS server and the only option was Server 2008, and I am still learning the differences between 2003 and 2008.
Roaming profiles became a requirement, and the CFO wanted to move and work from request is server mirroring offsite. All cool things to play with and learn, but they have limited $$ and I have limited time, so it's always a balancing act.
Back to issue at hand - I set up Sonicwall firewalls at all the locations (14 and counting) so they have easy access to the file server. Application is a database, so it still requires TS. That server's only purpose is to host remote access to the application, so roaming profiles aren't required, and the TS profile can be very simple. Can't web-enable the app in TS, tho - their programmers didn't even know what I was talking about.

Author Comment

ID: 33553520
Follow up:
Share permissions on the TS Profile folder was the final problem, now resolved.

How do I divvy up points? I got valuable advice from all of you!
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34490770
Please accept http:#a33551370

Expert Comment

ID: 34523653
Apply correction requested by CV in http:#a34490770

Community Support Moderator

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question