[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1775
  • Last Modified:

VBS Login Script not executing on Windows 2008 Desktop Services

I have a VBS login script that works fine in Terminal Services 2003 server and also on the desktops connecting to Active Directory. However, when a user connects to the Windows 2008 Terminal Server or Remote Desktop Services, the login script does not execute. Other observations:
- If you navigate to the Login Script location, and execute it manually, it works fine.
- The script is launched via group policy
- This seems to have happened ever since day 1 of installing RDS 2008
0
skaceli1
Asked:
skaceli1
  • 4
  • 3
1 Solution
 
tstritofCommented:
Hi,

have you tried running RSOP to determine if the login script GPO is applied correctly on your 2008 RDS?

What is your login script location? W2K3 and W2K8 have different structures of user folders ("Documents and Settings" on 2K3 and "Users" on 2K8). This can cause problems in some scenarios when folder mapping/GPO application/logins/user profiles are concerned.

Regards,
Tomislav
0
 
skaceli1Author Commented:
It appears that the GPO is applied correctly in teh 2008 RDS. After running RSOP, I can see what scripts are assigned to run on user logon under User Configuration.

The script location is under the netlogon directory for the domain server. If you go \\domainserver\netlogon and run it from there it works fine.
0
 
tstritofCommented:
Are there any errors logged in event log on RDS or domain controller (system/application/security)? Also check RDS logs on W2K8.

The behaviour you describe might point to GPO not being processed at logon due to network connectivity problems ("slow network"). This can be explicitly overriden by forcing scripts to run even in "slow network" conditions. Try editing the GPO that applies to terminal server. Open the:

Computer Configuration -> (Policies) -> Administrative Templates -> System -> Group Policy

Find "Scripts policy processing", enable it and set "Allow processing across a slow network connection". After that go to your RDS and run gpupdate /force in elevated command prompt. Then log off and check if the script runs on next logon.

Regards,
Tomislav
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
skaceli1Author Commented:
Still no good. I tried the following:
Logs - no error
Policy - added the recommended policy change above
Location - moved the server under the workstations group in AD and still no go.
0
 
tstritofCommented:
Hi,

could you please try the following:
- run gpupdate /force /wait:-1 when logged on to the console as administrator,
- run gpupdate /force /wait:-1 when logged on through RDP as administrator,
- run gpupdate /target:User /force /wait:-1 when logged on through RDP as regular user

Check event logs for errors on each step. If any one processing takes more than 10 minutes before it returns to command prompt then it's probably timing out so report that too.

Finally try the following:
- log on through RDP as administrator
- run gpupdate /target:Computer /force /wait:-1
- run gpupdate /target:User /sync
- log off
- log on again through RDP as administrator

If any errors or timeouts are reported in event logs please report.

Finally check in RDS Host Management what processes are started after you log on, and how long it takes for a session and it's processes to disappear from the RDS after user logs off.

Regards,
Tomislav
0
 
skaceli1Author Commented:
At this time we went ahead and added the login script to the startup menu and seems to be working. Awarding the points for the effort. Will try your recommendation sometime soon.
0
 
tstritofCommented:
Thx, when you find cause of the problem I'll be grateful if you post back here with it.

Regards,
Tomislav
0
 
Spike99On-Site IT TechnicianCommented:
We've seen the same thing.

We have a 2003 AD domain but we started adding 2008 servers last year.  At first, we also had trouble getting GPOs to apply to the new 2008 servers.  None of it was applying:  computer & log on scripts, redirected desktops, mapped printers and drives. It was driving us nuts until one of my co-workers found this solution:  give the DOMAIN COMPUTERS group READ rights to the GPO.

You can do that In The GP Management console's Delegation tab.  Click ADD to add the Domain Computers group.  you only need to grant the group READ rights.

That's all we had to do to fix it.

Alicia
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now