Solved

More roaming profile problems with Server 2008 TS

Posted on 2010-08-27
15
1,437 Views
Last Modified: 2012-06-27
Users, including administrator, are getting roaming profile errors when they log in.
Here's an example:

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.
 DETAIL - The network name cannot be found.

This wasn't a problem until recently, perhaps when I shot myself in the foot by moving the server object into the TS active directory OU.
Background - SBS 2003 DC, Server 2008 member server as TS.

Poking around registry found no .bak sections in HKLM\software\microsoft\windows nt\cv\profilelist, as others have reported here.
I did make a GP change to exclude the directory containing OST files from the roaming profile - login times were getting stupid.

Weird thing is that even the administrator, which does not use a roaming profile, also gets an error that roaming profie couldn't be loaded.

Ideas, anyone?
0
Comment
Question by:geekzinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3
15 Comments
 
LVL 2

Expert Comment

by:BLangers
ID: 33543632
Are the users (administrator?) actually configured to use a roaming profile?
If so, when logged on with a specific user, can you access the path to the roaming profile with explorer?
0
 

Author Comment

by:geekzinc
ID: 33546819
No - that's one of the strange bits. Administrator doesn't use a roaming profile, or have a TS profile specified.

Only one person uses the admin account (me) so that's a strange problem but not a big deal.
The temp profile thing IS a problem for the other users, because the software they use has profile-dependent settings in it, and they're annoyed at having to change them.
Plus, I wanna know WTF.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33547686
> This wasn't a problem until recently, perhaps when I shot myself in the foot by moving the server object into the TS active directory OU.

If you move the TS back to whereever it was and reboot (or gpupdate /force) it does the issue go away? if so have another look at your policies.
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 
LVL 2

Expert Comment

by:BLangers
ID: 33548720
Very basic, but the disk holding the "Users" folder with the profiles has sufficient diskspace available?
0
 
LVL 7

Expert Comment

by:jesaja
ID: 33549007
If I understand you right the problem occurred when you moved the server object to the TS OU on the server?

Users do not have problems loading there profile when login in to there workstations?

And the user can access the profile shared directory and create folders and files?


If so can you provide the Results Set of GPO for a user on the Terminal Server. You can do this in GPO Management on the SBS
0
 

Author Comment

by:geekzinc
ID: 33550181
Yes, the problem seems to have started after I moved the terminal server around in AD.
Users don't have any issues when they log in at the main office.

Funny thing - reviewing the group policy results report (attached) I see a reference to \\tbg3\TS Profiles. The directory was there, but not shared. I fixed that and granted rights to the remote users group. This worked for administrator, and created a new directory in that share. But another user I tested with, Glen, still had the same issues and no folder was created.

I have a feeling the loopback policy was created for the terminal server OU, and was either not completed or was configured incorrectly.
So my next step, I think, is to delete and recreate the loopback policy, and also to remove all the profiles from the TS. Wait a bit, smoke a cigar, and try again.
GKolodziej-on-tbg3.htm
0
 
LVL 17

Accepted Solution

by:
aoakeley earned 250 total points
ID: 33551370
> This worked for administrator, and created a new directory in that share. But another user I tested with, Glen, still had the same issues and no folder was created.

Sounds like while you are smoking the cigar you should also double check both the share and NTFS permissions on \\tbg3\TS Profiles
0
 
LVL 7

Expert Comment

by:jesaja
ID: 33552755
What about disabling the loopback GPO for testing

Why is this TS Profile Path set? In my understanding it is not necessary unless more than one terminal server is used to prevent local caching of the profile and to use one profile on each TS.

Profile path is set for each user in the user's settings under profile?
And you don't have any issues when the user is logged in on a PC in the network?
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33552779
Just on a side note. Not saying right or wrong. But I always set a ts profile path to a path on another server. Even in single ts environment. Makes it so much easier to swap ts server when a user does something silly and gets a virus on there etc...

Like I said just my point of view. Not right or wrong.
0
 

Author Comment

by:geekzinc
ID: 33553458
I'm about retest the share and folder permissions on the TS Profiles folder, so I will post back those results.

In the bigger picture, I love this site because I get more than one perspective on how things can be done. For this client, I started with SBS 2003 because it met their requirements, was fairly cheap, and we hoped the wizards would allow them to do stuff they're paying me to do (create users, add printers, etc.) HAsn't worked out that way...
Anyway, there is always feature-creep. Pretty soon they had an application they wanted used off-site, and RDC is limited to 2 users on SBS, and they had an old server I put Server 2003 and TS on. Made it a domain controller because I thought it was a good idea to have a BDC (I know, not really, but....) Then they outgrew the TS server and the only option was Server 2008, and I am still learning the differences between 2003 and 2008.
Roaming profiles became a requirement, and the CFO wanted to move and work from home...next request is server mirroring offsite. All cool things to play with and learn, but they have limited $$ and I have limited time, so it's always a balancing act.
Back to issue at hand - I set up Sonicwall firewalls at all the locations (14 and counting) so they have easy access to the file server. Application is a database, so it still requires TS. That server's only purpose is to host remote access to the application, so roaming profiles aren't required, and the TS profile can be very simple. Can't web-enable the app in TS, tho - their programmers didn't even know what I was talking about.
0
 

Author Comment

by:geekzinc
ID: 33553520
Follow up:
Share permissions on the TS Profile folder was the final problem, now resolved.

How do I divvy up points? I got valuable advice from all of you!
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34490770
Please accept http:#a33551370
0
 

Expert Comment

by:WallyMod
ID: 34523653
Apply correction requested by CV in http:#a34490770

WallyMod
Community Support Moderator
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision Office 365 tenants, synchronize your on-premise Active Directory, and implement Single Sign-On.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question