GPO folder redirection still referencing old server after changing to new server
Hi,
We had to install a new server 2008 R2 from a Windows 2003 server that was a DC and only server with a role on our network.
All is good but the Group Policy is still referencing the old server and we are getting the error:
Failed to perform redirection of folder Desktop. The full source path was <\\server\$usersmydocs\xxx
\\server is now \\server1
We had to change the reference in the registry so everyone can actually work.
Now they still get errors on login where Windows XP Pro reports that it can't find the roaming profile and is using the local profile, but when they click ok and the system logs in it shows the proper desktop mydocs etc from the new server.
I have no idea where the folder redirection is referencing \\server the group policy shows \\server1.
Any ideas would be appreciated.
Thanks,
Gilbert.
We had to install a new server 2008 R2 from a Windows 2003 server that was a DC and only server with a role on our network.
All is good but the Group Policy is still referencing the old server and we are getting the error:
Failed to perform redirection of folder Desktop. The full source path was <\\server\$usersmydocs\xxx
\\server is now \\server1
We had to change the reference in the registry so everyone can actually work.
Now they still get errors on login where Windows XP Pro reports that it can't find the roaming profile and is using the local profile, but when they click ok and the system logs in it shows the proper desktop mydocs etc from the new server.
I have no idea where the folder redirection is referencing \\server the group policy shows \\server1.
Any ideas would be appreciated.
Thanks,
Gilbert.
ASKER
I know where to set the folder redirection.
I'm saying that even when I updated the group policy to refer to \\server1 at the client it still tries to redirect using \\server which is the name of the old server.
I don't know where the client (Windows XP pro) is getting still a reference to \\server when the group policy on the DC says \\server1
I'm saying that even when I updated the group policy to refer to \\server1 at the client it still tries to redirect using \\server which is the name of the old server.
I don't know where the client (Windows XP pro) is getting still a reference to \\server when the group policy on the DC says \\server1
Have you tried gpupdate /force from a client to ensure it is updating it's cache of the GPO? Have you used any DSN aliases for this, that is, Server1 is actually a CNAME alias to Server? If so you need to disable strict name checking.
ASKER
I have tried gpupdate/force
I have no alias to server
I have no alias to server
Did you do an inplace upgrade from 2003 to 2008? Are DNS, WINS, and SPN entries correct? Perhaps you have a theold name still registered. Confirm security on the shares and directories (can you manually map to these shares)? Are the .adm files in place and up to date on the new server. I don't like major version upgrades personally. It be worth a quick run though to "reset" the existing redirected path to some else, and go through the motions to set this up again.
ASKER
so this was not an inplace upgrade
Once the user is logged in since the registry points to \\server1 everything works.
But in the event viewer it shows still that folder redirection is trying to use \\server and fails.
I will verify dns, wins, spn all have no entries to server
what are .adm files sorry to have to ask.
The user get's his/her desktop my docs, etc everything works, but it worries me that somewhere the workstation is getting a group policy that refers to \\server.
How do I remove all old group policies and have the workstation just get new ones from the server?
It logs in correctly, has all access and permissions to all shares.
Everything else works as far as I can see.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = server1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SERVER1
Starting test: Advertising
......................... SERVER1 passed test Advertising
Starting test: FrsEvent
......................... SERVER1 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER1 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER1 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=thisd
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=thisd
......................... SERVER1 failed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: Services
......................... SERVER1 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:35
Event String:
Driver Samsung Universal Print Driver required for printer Samsung Universal Print Driver is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:36
Event String:
Driver Brother PC-FAX v.2.1 required for printer Brother PC-FAX v.2.1 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:36
Event String:
Driver Brother MFC-295CN Printer required for printer Brother MFC-295CN Printer is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:37
Event String:
Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:38
Event String:
Driver DYMO LabelWriter 450 required for printer DYMO LabelWriter 450 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:39
Event String:
Driver HP Color LaserJet 2600n required for printer HP Color LaserJet 2600n is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:40
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:40
Event String:
Driver Xerox Phaser 6128MFP-N PCL 6 required for printer Xerox Phaser 6128MFP-N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
......................... SERVER1 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : thisdomain
Starting test: CheckSDRefDom
......................... thisdomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... thisdomain passed test CrossRefValidation
Running enterprise tests on : thisdomain.local
Starting test: LocatorCheck
......................... thisdomain.local passed test LocatorCheck
Starting test: Intersite
......................... thisdomain.local passed test Intersite
Once the user is logged in since the registry points to \\server1 everything works.
But in the event viewer it shows still that folder redirection is trying to use \\server and fails.
I will verify dns, wins, spn all have no entries to server
what are .adm files sorry to have to ask.
The user get's his/her desktop my docs, etc everything works, but it worries me that somewhere the workstation is getting a group policy that refers to \\server.
How do I remove all old group policies and have the workstation just get new ones from the server?
It logs in correctly, has all access and permissions to all shares.
Everything else works as far as I can see.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = server1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site\SERVER1
Starting test: Advertising
......................... SERVER1 passed test Advertising
Starting test: FrsEvent
......................... SERVER1 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER1 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER1 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=thisd
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=thisd
......................... SERVER1 failed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: Services
......................... SERVER1 passed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:35
Event String:
Driver Samsung Universal Print Driver required for printer Samsung Universal Print Driver is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:36
Event String:
Driver Brother PC-FAX v.2.1 required for printer Brother PC-FAX v.2.1 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:36
Event String:
Driver Brother MFC-295CN Printer required for printer Brother MFC-295CN Printer is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:37
Event String:
Driver CutePDF Writer required for printer CutePDF Writer is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:38
Event String:
Driver DYMO LabelWriter 450 required for printer DYMO LabelWriter 450 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:39
Event String:
Driver HP Color LaserJet 2600n required for printer HP Color LaserJet 2600n is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:40
Event String:
Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 09/19/2011 17:14:40
Event String:
Driver Xerox Phaser 6128MFP-N PCL 6 required for printer Xerox Phaser 6128MFP-N PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
......................... SERVER1 failed test SystemLog
Starting test: VerifyReferences
......................... SERVER1 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : thisdomain
Starting test: CheckSDRefDom
......................... thisdomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... thisdomain passed test CrossRefValidation
Running enterprise tests on : thisdomain.local
Starting test: LocatorCheck
......................... thisdomain.local passed test LocatorCheck
Starting test: Intersite
......................... thisdomain.local passed test Intersite
I've included some GPO info below once you've verified the name resolution and everything is correct. Make sure you have no HOSTS or LMHOSTS file entries on the workstations (C\windows\system32\driver
Are you using cached, offline files? When you say the client has it's redirected My Documents does it have the online version rather than offline? If you can't tell add or delete a file and check on the client and from the server.
The .adm (.admx, etc.) files should be stored with the policies in SYSVOL\Domain Name\Policies\ on the DCs. If whoever configured these policies previously used a local store instead you may be using a different version or something from the server. So make sure you templates are correct and then use the GPO editor from a Win7 machine when configuring Win7 specific policy entries, etc. When you download the policy templates they should also give you some instructions on how to install and use. Mind you that the templates and event their formats usually change from OS version to version. Here's a quick look for Win7 templates. You may need to check specifics for XP templates, Office, Server 2003, etc.
http://blogs.technet.com/b/johnbaker/archive/2010/02/03/windows-7-admx-templates.aspx
You can usually find templates at MS's downloads site. Search for "Group Policy templates" or "administrative templates" and the application or OS version you are interested in.
http://www.microsoft.com/download
Are you using cached, offline files? When you say the client has it's redirected My Documents does it have the online version rather than offline? If you can't tell add or delete a file and check on the client and from the server.
The .adm (.admx, etc.) files should be stored with the policies in SYSVOL\Domain Name\Policies\ on the DCs. If whoever configured these policies previously used a local store instead you may be using a different version or something from the server. So make sure you templates are correct and then use the GPO editor from a Win7 machine when configuring Win7 specific policy entries, etc. When you download the policy templates they should also give you some instructions on how to install and use. Mind you that the templates and event their formats usually change from OS version to version. Here's a quick look for Win7 templates. You may need to check specifics for XP templates, Office, Server 2003, etc.
http://blogs.technet.com/b/johnbaker/archive/2010/02/03/windows-7-admx-templates.aspx
You can usually find templates at MS's downloads site. Search for "Group Policy templates" or "administrative templates" and the application or OS version you are interested in.
http://www.microsoft.com/download
Hi, you say that you have changed the server can i assume this is a new server and you have installed server 2008 from scratch or it came supplied with server 2008 and you have just set it upo
you made no mention of migration so I can only assume that you have just dumped a domain controller into the extisting domain replacing the old one andf just copied the files and folders, sharing them as they were before leaving the clients to log onto the client XP,vista ,7 machines or whatever.
if this is the case then server1 is the new domain controller and as you did not migrate, then you also now have a new domain and the client boxes are still trying to log into the old domain which is why the profiles cannot be loaded.
Its all a question of SID's and not just moving files - if the new server was still called \\server - it still wouldnt work.
you will need to join each of the clients to the new domain but if the profiles were roaming, they will be on the server and you will need to copy them.
hope this helps
you made no mention of migration so I can only assume that you have just dumped a domain controller into the extisting domain replacing the old one andf just copied the files and folders, sharing them as they were before leaving the clients to log onto the client XP,vista ,7 machines or whatever.
if this is the case then server1 is the new domain controller and as you did not migrate, then you also now have a new domain and the client boxes are still trying to log into the old domain which is why the profiles cannot be loaded.
Its all a question of SID's and not just moving files - if the new server was still called \\server - it still wouldnt work.
you will need to join each of the clients to the new domain but if the profiles were roaming, they will be on the server and you will need to copy them.
hope this helps
ASKER
Just to be clear, I installed windows 2008 on the new server.
I joined the new server to the existing domain.
I transferred all roles to the new server
I dcpromo'd the old server to demote it so it is no longer a DC.
I have used asdi as well as ntdsutil to make sure there are no other references to the old server as far as I can see in left.
I have also tried to be thorogh going through the dns to make sure that server is no longer referenced.
I will check duffme's suggestions and get back here.
Once the folders are re-directed all permissions and files are working as before.
It's really the login where we get sporadic messages that profile is not available and it is using a temporary profile.
I joined the new server to the existing domain.
I transferred all roles to the new server
I dcpromo'd the old server to demote it so it is no longer a DC.
I have used asdi as well as ntdsutil to make sure there are no other references to the old server as far as I can see in left.
I have also tried to be thorogh going through the dns to make sure that server is no longer referenced.
I will check duffme's suggestions and get back here.
Once the folders are re-directed all permissions and files are working as before.
It's really the login where we get sporadic messages that profile is not available and it is using a temporary profile.
if you are worried about what policies are being processed by the client simply goto one of the clients's dos box and type
gpupdate /force - this will then make sure that all the policies are being processed
then type gpresult - this will tell you what policies are being processed
BUT TWO THINGS TO REMEMBER
1. A group policy sets the clients regisitry to perform certain settings and removing the policy wont set the registry back to what it was before so if a GPO on \\server was set and that same GPO on \\server1 is not defined then, in essence the GPO on \\server will win even though its not mentioned or used any more.
if the old server is still running, its maybe best to go through gpedit and double check any entries on the old server that you have not defined on the new server.
With that in mind .....
2. The WMI filter in the GPO will relate to the new OS's so the setting may not succeed if the WMI filter does not relate to the correct OS
gpupdate /force - this will then make sure that all the policies are being processed
then type gpresult - this will tell you what policies are being processed
BUT TWO THINGS TO REMEMBER
1. A group policy sets the clients regisitry to perform certain settings and removing the policy wont set the registry back to what it was before so if a GPO on \\server was set and that same GPO on \\server1 is not defined then, in essence the GPO on \\server will win even though its not mentioned or used any more.
if the old server is still running, its maybe best to go through gpedit and double check any entries on the old server that you have not defined on the new server.
With that in mind .....
2. The WMI filter in the GPO will relate to the new OS's so the setting may not succeed if the WMI filter does not relate to the correct OS
ASKER
as I mentioned I did the gpupdate/force
I have also done the gpresult
do you suggest that I delete the registry keys? maybe the permissions are not set correctly?
Please keep in mind the registry has been modified to reflect \\server1
The registry entries work and the workstations get's their redirection but not before the phantom group policy that refers to \\server fails.
That is what is confusing, the error shows that they the group policy reflects \\server and the registry key works.
My mystery is why the gpo that I can see on the only server which refers to \\server1 doesn't get to the workstation.
The workstation logs say
Failed to perform redirection of folder Desktop. The full source path was <\\server\$usersmydocs\xxx
The client side OS is windows xp pro, it hasn't changed
The Server went from 2003 to 2008.
I manually have changed the registry settings to point to server1
BTW I changed the workstations to workgroup not domain and re-joined to domain.
Still same results, I have verified that dns is properly configured.
Non the less I can't understand where this reference to the old server is coming from!!!
I have also done the gpresult
do you suggest that I delete the registry keys? maybe the permissions are not set correctly?
Please keep in mind the registry has been modified to reflect \\server1
The registry entries work and the workstations get's their redirection but not before the phantom group policy that refers to \\server fails.
That is what is confusing, the error shows that they the group policy reflects \\server and the registry key works.
My mystery is why the gpo that I can see on the only server which refers to \\server1 doesn't get to the workstation.
The workstation logs say
Failed to perform redirection of folder Desktop. The full source path was <\\server\$usersmydocs\xxx
The client side OS is windows xp pro, it hasn't changed
The Server went from 2003 to 2008.
I manually have changed the registry settings to point to server1
BTW I changed the workstations to workgroup not domain and re-joined to domain.
Still same results, I have verified that dns is properly configured.
Non the less I can't understand where this reference to the old server is coming from!!!
remember that the settings remain to the old settings if they are not defined .
this is going to be a really daft question.
have you re set the GPO for DESKTOP folder redirection which is seperate from the documents redirection.
if you havnt, then the desktop is trying to be read from the old server - and dont forget to check the setting 'copy contents from old location to new location' if this is set - it will also fail cos the old location is \\server t, simply clear the box and 'dot' leave contents in old location.
this is going to be a really daft question.
have you re set the GPO for DESKTOP folder redirection which is seperate from the documents redirection.
if you havnt, then the desktop is trying to be read from the old server - and dont forget to check the setting 'copy contents from old location to new location' if this is set - it will also fail cos the old location is \\server t, simply clear the box and 'dot' leave contents in old location.
ASKER
AppData \\server1\$UsersMyDocs
Desktop \\server1\$UsersMyDocs
Documents \\server1\$UsersMyDocs
cut and pasted from server Group Policy Management console.
This does not happen on all workstations
It seems like certain workstations have some memory of the old server, I don't know where it is stored.
I think I might have to re-install the workstations in question.
Desktop \\server1\$UsersMyDocs
Documents \\server1\$UsersMyDocs
cut and pasted from server Group Policy Management console.
This does not happen on all workstations
It seems like certain workstations have some memory of the old server, I don't know where it is stored.
I think I might have to re-install the workstations in question.
the policy that you have shown here will only apply to vista / 7 clients.
there is a seperate on for XP clients which im sure you siad you had.
remeber the WMI filter i mentioned
there is a seperate on for XP clients which im sure you siad you had.
remeber the WMI filter i mentioned
ASKER
where is the policy for xp clients maybe that's it.
Please specify.
Thanks
Maybe a screen print would be better.
Please specify.
Thanks
Maybe a screen print would be better.
I suggest you create a seperate policy and call it folder redirection for xp clients.
Setup the folder settings for desktop and use the image as a guide note the 3rd tick box
Also in the GPO managment part have a look at the at the WMI Filter setting on the bottom of the screen circled in red
Im not sure with server 08 but you may need to add the users to a folder redirection policy account and give it the appropriate permissions to read and apply the policy - you do this with sbs 08 which uses the same server core
the images arnt that good but you can see where to look
Setup the folder settings for desktop and use the image as a guide note the 3rd tick box
Also in the GPO managment part have a look at the at the WMI Filter setting on the bottom of the screen circled in red
Im not sure with server 08 but you may need to add the users to a folder redirection policy account and give it the appropriate permissions to read and apply the policy - you do this with sbs 08 which uses the same server core
the images arnt that good but you can see where to look
ASKER
BTW I also on the settings tab for each option choose apply these settings to Windows 2000, 2000 server, XP, and 2003 operating systems.
Dont forget documents and appdata folders dont exist on XP thats why you need a seperate GPO for the XP clients
another thing you can check is the regisitry setting
HKEY_LOCAL_MACHINE\SOFTWAR
and check the desktop locations there
HKEY_LOCAL_MACHINE\SOFTWAR
and check the desktop locations there
that last post referred to a win xp client by the way
If you are not seeing the GPO entries for XP clients that brammer mentions read my notes about .adm files above to make sure you have the templates to read these.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found the solution on my own.
User Configuration - Windows Settings - Folder Redirection - Desktop