Problem with GPO / GPP (drive mapping) when L2 authentication is in place

Issue:
We have problem with Drive Mapping (Group Policy Preference, Item level targetting). Drives are not mapped to users after restart of computer.
Tests proved:
- this problem occurs only on ports where L2 authentication (computer certificate) is enabled
- if user login immediately (if there is 10+s delay with logon then disks are mapped properly)
- from GPO logs (compared logs with and without L2auth) is obvious that when computer is connected to switch with L2 auth then, due to delays, user's GPO is applied BEFORE computer GPO ... this I do not understand at all

Details:
If mapped drives are set to Update ... they are in disconnected state after restart (red X) ... but after 20-30s it is possible to see the content (but red X remain)
If mapped drives are set to Replace ... they are not visible after restart

... if user does Logoff/Logon disks are properly mapped

Settings of drive mapping (example of user policy):
Action: Update
Location: DFS folder
Reconnect: Enable
Use first Available: Disabled
Run in logged on user's security context: Yes
Item level targetting: Security Group

(Computer policy)
Always wait for the network at computer startup and logon: Enabled

Here is description of our environment:
DC: W2k8 R2
Clients: Windows 7 x86
L2 Auth: Computer Authentication, MS Supplicant set in computer policy

Any idea how to solve this issue??? And how user's GPO could be applied before computer GPO??

Thank you.

Michal
Logica01Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Raj-GTSystems EngineerCommented:
I've seen this before in one of my environments. Can you test again with the following policy settings enabled and report back.

Computer Configuration > Administrative Templates > System > Group Policy

Startup policy processing wait time Enabled  
Amount of time to wait (in seconds): 30
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Logica01Author Commented:
Thank you. Startup policy was the one :).
Default value of Amount of time to wait is 30s.
When I increased it to 150s the problem was solved.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.