Solved

More roaming profile problems with Server 2008 TS

Posted on 2010-08-27
15
1,426 Views
Last Modified: 2012-06-27
Users, including administrator, are getting roaming profile errors when they log in.
Here's an example:

Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.
 DETAIL - The network name cannot be found.

This wasn't a problem until recently, perhaps when I shot myself in the foot by moving the server object into the TS active directory OU.
Background - SBS 2003 DC, Server 2008 member server as TS.

Poking around registry found no .bak sections in HKLM\software\microsoft\windows nt\cv\profilelist, as others have reported here.
I did make a GP change to exclude the directory containing OST files from the roaming profile - login times were getting stupid.

Weird thing is that even the administrator, which does not use a roaming profile, also gets an error that roaming profie couldn't be loaded.

Ideas, anyone?
0
Comment
Question by:geekzinc
  • 4
  • 3
  • 2
  • +3
15 Comments
 
LVL 2

Expert Comment

by:BLangers
ID: 33543632
Are the users (administrator?) actually configured to use a roaming profile?
If so, when logged on with a specific user, can you access the path to the roaming profile with explorer?
0
 

Author Comment

by:geekzinc
ID: 33546819
No - that's one of the strange bits. Administrator doesn't use a roaming profile, or have a TS profile specified.

Only one person uses the admin account (me) so that's a strange problem but not a big deal.
The temp profile thing IS a problem for the other users, because the software they use has profile-dependent settings in it, and they're annoyed at having to change them.
Plus, I wanna know WTF.
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33547686
> This wasn't a problem until recently, perhaps when I shot myself in the foot by moving the server object into the TS active directory OU.

If you move the TS back to whereever it was and reboot (or gpupdate /force) it does the issue go away? if so have another look at your policies.
0
 
LVL 2

Expert Comment

by:BLangers
ID: 33548720
Very basic, but the disk holding the "Users" folder with the profiles has sufficient diskspace available?
0
 
LVL 7

Expert Comment

by:jesaja
ID: 33549007
If I understand you right the problem occurred when you moved the server object to the TS OU on the server?

Users do not have problems loading there profile when login in to there workstations?

And the user can access the profile shared directory and create folders and files?


If so can you provide the Results Set of GPO for a user on the Terminal Server. You can do this in GPO Management on the SBS
0
 

Author Comment

by:geekzinc
ID: 33550181
Yes, the problem seems to have started after I moved the terminal server around in AD.
Users don't have any issues when they log in at the main office.

Funny thing - reviewing the group policy results report (attached) I see a reference to \\tbg3\TS Profiles. The directory was there, but not shared. I fixed that and granted rights to the remote users group. This worked for administrator, and created a new directory in that share. But another user I tested with, Glen, still had the same issues and no folder was created.

I have a feeling the loopback policy was created for the terminal server OU, and was either not completed or was configured incorrectly.
So my next step, I think, is to delete and recreate the loopback policy, and also to remove all the profiles from the TS. Wait a bit, smoke a cigar, and try again.
GKolodziej-on-tbg3.htm
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 17

Accepted Solution

by:
aoakeley earned 250 total points
ID: 33551370
> This worked for administrator, and created a new directory in that share. But another user I tested with, Glen, still had the same issues and no folder was created.

Sounds like while you are smoking the cigar you should also double check both the share and NTFS permissions on \\tbg3\TS Profiles
0
 
LVL 7

Expert Comment

by:jesaja
ID: 33552755
What about disabling the loopback GPO for testing

Why is this TS Profile Path set? In my understanding it is not necessary unless more than one terminal server is used to prevent local caching of the profile and to use one profile on each TS.

Profile path is set for each user in the user's settings under profile?
And you don't have any issues when the user is logged in on a PC in the network?
0
 
LVL 17

Expert Comment

by:aoakeley
ID: 33552779
Just on a side note. Not saying right or wrong. But I always set a ts profile path to a path on another server. Even in single ts environment. Makes it so much easier to swap ts server when a user does something silly and gets a virus on there etc...

Like I said just my point of view. Not right or wrong.
0
 

Author Comment

by:geekzinc
ID: 33553458
I'm about retest the share and folder permissions on the TS Profiles folder, so I will post back those results.

In the bigger picture, I love this site because I get more than one perspective on how things can be done. For this client, I started with SBS 2003 because it met their requirements, was fairly cheap, and we hoped the wizards would allow them to do stuff they're paying me to do (create users, add printers, etc.) HAsn't worked out that way...
Anyway, there is always feature-creep. Pretty soon they had an application they wanted used off-site, and RDC is limited to 2 users on SBS, and they had an old server I put Server 2003 and TS on. Made it a domain controller because I thought it was a good idea to have a BDC (I know, not really, but....) Then they outgrew the TS server and the only option was Server 2008, and I am still learning the differences between 2003 and 2008.
Roaming profiles became a requirement, and the CFO wanted to move and work from home...next request is server mirroring offsite. All cool things to play with and learn, but they have limited $$ and I have limited time, so it's always a balancing act.
Back to issue at hand - I set up Sonicwall firewalls at all the locations (14 and counting) so they have easy access to the file server. Application is a database, so it still requires TS. That server's only purpose is to host remote access to the application, so roaming profiles aren't required, and the TS profile can be very simple. Can't web-enable the app in TS, tho - their programmers didn't even know what I was talking about.
0
 

Author Comment

by:geekzinc
ID: 33553520
Follow up:
Share permissions on the TS Profile folder was the final problem, now resolved.

How do I divvy up points? I got valuable advice from all of you!
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34490770
Please accept http:#a33551370
0
 

Expert Comment

by:WallyMod
ID: 34523653
Apply correction requested by CV in http:#a34490770

WallyMod
Community Support Moderator
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now