Solved

GPO folder redirection still referencing old server after changing to new server

Posted on 2011-09-20
25
3,094 Views
Last Modified: 2012-05-12
Hi,

We had to install a new server 2008 R2 from a Windows 2003 server that was a DC and only server with a role on our network.

All is good but the Group Policy is still referencing the old server and we are getting the error:

Failed to perform redirection of folder Desktop. The full source path was <\\server\$usersmydocs\xxxxx\desktop>. The full destination path was <\\server\$usersmydocs\xxxxx\desktop>. At least one of the shares on which these paths lie is currently offline.

\\server is now \\server1

We had to change the reference in the registry so everyone can actually work.

Now they still get errors on login where Windows XP Pro reports that it can't find the roaming profile and is using the local profile, but when they click ok and the system logs in it shows the proper desktop mydocs etc from the new server.

I have no idea where the folder redirection is referencing \\server the group policy shows \\server1.

Any ideas would be appreciated.

Thanks,
Gilbert.
0
Comment
Question by:juniorsa
  • 10
  • 8
  • 4
  • +1
25 Comments
 
LVL 4

Expert Comment

by:AnthonyHamon
Comment Utility
This will be in one of your GPOs under:
User Configuration - Windows Settings - Folder Redirection - Desktop
0
 

Author Comment

by:juniorsa
Comment Utility
I know where to set the folder redirection.
I'm saying that even when I updated the group policy to refer to \\server1 at the client it still tries to redirect using \\server which is the name of the old server.
I don't know where the client (Windows XP pro) is getting still a reference to \\server when the group policy on the DC says \\server1

0
 
LVL 4

Expert Comment

by:duffme
Comment Utility
Have you tried gpupdate /force from a client to ensure it is updating it's cache of the GPO?  Have you used any DSN aliases for this, that is, Server1 is actually a CNAME alias to Server?  If so you need to disable strict name checking.
0
 

Author Comment

by:juniorsa
Comment Utility
I have tried gpupdate/force
I have no alias to server
0
 
LVL 4

Expert Comment

by:duffme
Comment Utility
Did you do an inplace upgrade from 2003 to 2008?  Are DNS, WINS, and SPN entries correct?  Perhaps you have a theold name still registered.  Confirm security on the shares and directories (can you manually map to these shares)?  Are the .adm files in place and up to date on the new server.  I don't like major version upgrades personally.  It be worth a quick run though to "reset" the existing redirected path to some else, and go through the motions to set this up again.
0
 

Author Comment

by:juniorsa
Comment Utility
so this was not an inplace upgrade
Once the user is logged in since the registry points to \\server1 everything works.
But in the event viewer it shows still that folder redirection is trying to use \\server and fails.
I will verify dns, wins, spn all have no entries to server
what are .adm files sorry to have to ask.

The user get's his/her desktop my docs, etc everything works, but it worries me that somewhere the workstation is getting a group policy that refers to \\server.

How do I remove all old group policies and have the workstation just get new ones from the server?
It logs in correctly, has all access and permissions to all shares.
Everything else works as far as I can see.

Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = server1

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site\SERVER1

      Starting test: Connectivity

         ......................... SERVER1 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site\SERVER1

      Starting test: Advertising

         ......................... SERVER1 passed test Advertising

      Starting test: FrsEvent

         ......................... SERVER1 passed test FrsEvent

      Starting test: DFSREvent

         ......................... SERVER1 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... SERVER1 passed test SysVolCheck

      Starting test: KccEvent

         ......................... SERVER1 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... SERVER1 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... SERVER1 passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=thisdomain,DC=local
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=thisdomain,DC=local
         ......................... SERVER1 failed test NCSecDesc

      Starting test: NetLogons

         ......................... SERVER1 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... SERVER1 passed test ObjectsReplicated

      Starting test: Replications

         ......................... SERVER1 passed test Replications

      Starting test: RidManager

         ......................... SERVER1 passed test RidManager

      Starting test: Services

         ......................... SERVER1 passed test Services

      Starting test: SystemLog

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 09/19/2011   17:14:35

            Event String:

            Driver Samsung Universal Print Driver required for printer Samsung Universal Print Driver is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 09/19/2011   17:14:36

            Event String:

            Driver Brother PC-FAX v.2.1 required for printer Brother PC-FAX v.2.1 is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 09/19/2011   17:14:36

            Event String:

            Driver Brother MFC-295CN Printer required for printer Brother MFC-295CN Printer is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 09/19/2011   17:14:37

            Event String:

            Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 09/19/2011   17:14:38

            Event String:

            Driver DYMO LabelWriter 450 required for printer DYMO LabelWriter 450 is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 09/19/2011   17:14:39

            Event String:

            Driver HP Color LaserJet 2600n required for printer HP Color LaserJet 2600n is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 09/19/2011   17:14:40

            Event String:

            Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 09/19/2011   17:14:40

            Event String:

            Driver Xerox Phaser 6128MFP-N PCL 6 required for printer Xerox Phaser 6128MFP-N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.

         ......................... SERVER1 failed test SystemLog

      Starting test: VerifyReferences

         ......................... SERVER1 passed test VerifyReferences

   
   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : thisdomain

      Starting test: CheckSDRefDom

         ......................... thisdomain passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... thisdomain passed test CrossRefValidation

   
   Running enterprise tests on : thisdomain.local

      Starting test: LocatorCheck

         ......................... thisdomain.local passed test LocatorCheck

      Starting test: Intersite

         ......................... thisdomain.local passed test Intersite

0
 
LVL 4

Expert Comment

by:duffme
Comment Utility
I've included some GPO info below once you've verified the name resolution and everything is correct.  Make sure you have no HOSTS or LMHOSTS file entries on the workstations (C\windows\system32\drivers\etc) that might take preference over DNS.  Check WINS and DNS. and use setSPN.exe to list and correct SPN entries.   I'd be curious to see what happens if you unjoin a client and rejoin it too.

Are you using cached, offline files?  When you say the client has it's redirected My Documents does it have the online version rather than offline?  If you can't tell add or delete a file and check on the client and from the server.

The .adm (.admx, etc.) files should be stored with the policies in SYSVOL\Domain Name\Policies\ on the DCs.  If whoever configured these policies previously used a local store instead you may be using a different version or something from the server.  So make sure you templates are correct and then use the GPO editor from a Win7 machine when configuring Win7 specific policy entries, etc.  When you download the policy templates they should also give you some instructions on how to install and use.  Mind you that the templates and event their formats usually change from OS version to version.  Here's a quick look for Win7 templates.  You may need to check specifics for XP templates, Office, Server 2003, etc.

http://blogs.technet.com/b/johnbaker/archive/2010/02/03/windows-7-admx-templates.aspx

You can usually find templates at MS's downloads site.  Search for "Group Policy templates" or "administrative templates" and the application or OS version you are interested in.
http://www.microsoft.com/download
0
 
LVL 2

Expert Comment

by:brammer90
Comment Utility
Hi, you say that you have changed the server can i assume this is a new server and you have installed server 2008 from scratch or it came supplied with server 2008 and you have just set it upo
you made no mention of migration so I can only assume that you have just dumped a domain controller into the extisting domain replacing the old one andf just copied the files and folders, sharing them as they were before leaving the clients to log onto the client XP,vista ,7  machines or whatever.

if this is the case then server1 is the new domain controller and as you did not migrate, then you also now have a new domain and the client boxes are still trying to log into the old domain which is why the profiles cannot be loaded.

Its all a question of SID's and not just moving files - if the new server was still called \\server - it still wouldnt work.

you will need to join each of the clients to the new domain but if the profiles were roaming, they will be on the server and you will need to copy them.

hope this helps
0
 

Author Comment

by:juniorsa
Comment Utility
Just to be clear, I installed windows 2008 on the new server.
I joined the new server to the existing domain.
I transferred all roles to the new server
I dcpromo'd the old server to demote it so it is no longer a DC.
I have used asdi as well as ntdsutil to make sure there are no other references to the old server as far as I can see in left.
I have also tried to be thorogh going through the dns to make sure that server is no longer referenced.


I will check duffme's suggestions and get back here.

Once the folders are re-directed all permissions and files are working as before.

It's really the login where we get sporadic messages that profile is not available and it is using a temporary profile.

0
 
LVL 2

Expert Comment

by:brammer90
Comment Utility
if you are worried about what policies are being processed by the client simply goto one of the clients's dos box and type

gpupdate /force - this will then make sure that all the policies are being processed
then type gpresult - this will tell you what policies are being processed

BUT TWO THINGS TO REMEMBER

1.   A group policy sets the clients regisitry to perform certain settings and removing the policy wont set the registry back to what it was before so if a GPO on \\server was set and that same GPO on \\server1 is not defined then, in essence the GPO on \\server will win even though its not mentioned or used any more.

if the old server is still running, its maybe best to go through gpedit and double check any entries on the old server that you have not defined on the new server.

With that in mind .....

2. The WMI filter in the GPO will relate to the new OS's so the setting may not succeed if the WMI filter does not relate to the correct OS
0
 

Author Comment

by:juniorsa
Comment Utility
as I mentioned I did the gpupdate/force
I have also done the gpresult

do you suggest that I delete the registry keys? maybe the permissions are not set correctly?

Please keep in mind the registry has been modified to reflect \\server1

The registry entries work and the workstations get's their redirection but not before the phantom group policy that refers to \\server fails.

That is what is confusing, the error shows that they the group policy reflects \\server and the registry key works.

My mystery is why the gpo that I can see on the only server which refers to \\server1 doesn't get to the workstation.

The workstation logs say
Failed to perform redirection of folder Desktop. The full source path was <\\server\$usersmydocs\xxxxx\desktop>. The full destination path was <\\server\$usersmydocs\xxxxx\desktop>. At least one of the shares on which these paths lie is currently offline.


The client side OS is windows xp pro, it hasn't changed
The Server went from 2003 to 2008.
I manually have changed the registry settings to point to server1

BTW I changed the workstations to workgroup not domain and re-joined to domain.

Still same results, I have verified that dns is properly configured.

Non the less I can't understand where this reference to the old server is coming from!!!

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Expert Comment

by:brammer90
Comment Utility
remember that the settings remain to the old settings if they are not defined .

this is going to be a really daft question.
have you re set the GPO for DESKTOP folder redirection which is seperate from the documents redirection.

if you havnt, then the desktop is trying to be read from the old server - and dont forget to check the setting 'copy contents from old location to new location' if this is set - it will also fail cos the old location is \\server t, simply clear the box and 'dot' leave contents in old location.
0
 

Author Comment

by:juniorsa
Comment Utility
AppData \\server1\$UsersMyDocs
Desktop \\server1\$UsersMyDocs
Documents \\server1\$UsersMyDocs

cut and pasted from server Group Policy Management console.

This does not happen on all workstations

It seems like certain workstations have some memory of the old server, I don't know where it is stored.
I think I might have to re-install the workstations in question.
0
 
LVL 2

Expert Comment

by:brammer90
Comment Utility
the policy that you have shown here will only apply to vista / 7 clients.
there is a seperate on for XP clients which im sure you siad you had.

remeber the WMI filter i mentioned

0
 

Author Comment

by:juniorsa
Comment Utility
where is the policy for xp clients maybe that's it.
Please specify.
Thanks
Maybe a screen print would be better.
0
 
LVL 2

Expert Comment

by:brammer90
Comment Utility
I suggest you create a seperate policy and call it folder redirection for xp clients.

Setup the folder settings for desktop and use the image as a guide note the 3rd tick box
Also in the GPO managment part have a look at the at the WMI Filter setting on the bottom of the screen circled in red

Im not sure with server 08 but you may need to add the users to a folder redirection policy account and give it the appropriate permissions to read and apply the policy - you do this with sbs 08 which uses the same server core  the settings screen the main gp editot screen showing wmi filterthe images arnt that good but you can see where to look
0
 

Author Comment

by:juniorsa
Comment Utility
BTW I also on the settings tab for each option choose apply these settings to Windows 2000, 2000 server, XP, and 2003 operating systems.
0
 
LVL 2

Expert Comment

by:brammer90
Comment Utility
Dont forget documents and appdata folders dont exist on XP thats why you need a seperate GPO for the XP clients
0
 
LVL 2

Expert Comment

by:brammer90
Comment Utility
another thing you can check is the regisitry setting
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

and check the desktop locations there
0
 
LVL 2

Expert Comment

by:brammer90
Comment Utility
that last post referred to a win xp client by the way
0
 
LVL 4

Expert Comment

by:duffme
Comment Utility
If you are not seeing the GPO entries for XP clients that brammer mentions read my notes about .adm files above to make sure you have the templates to read these.

0
 

Accepted Solution

by:
juniorsa earned 0 total points
Comment Utility
Due to having Remote access and Routing installed caused another IP address to be assigned to the server.
When the client would get this IP address they would have various problems.
Once I disabled this IP all is working properly.

I am dissappointed and surprised that Windows 2008 server allows you to install Routing and Remote access on a domain controller and then assigns an IP address that can cause such havoc.

Also it would be great if in the logs they would log server name and IP address this would have made short work of finding the problems.

Very frustrated but all is working properly now.

Thanks to everyone.

0
 

Author Closing Comment

by:juniorsa
Comment Utility
I found the solution on my own.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Know what services you can and cannot, should and should not combine on your server.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now