Solved

Terminal Server 20120 R2 loading temp profiles intermittently

Posted on 2014-12-08
5
1,490 Views
Last Modified: 2015-01-08
I deployed a 2012 R2 terminal server for a client recently and intermittently when they log in they are getting temp profiles. As far as I can tell there is no rhyme or reason to when it happens. Has anyone else experienced this and found a way to prevent it from happening? I know the profile attaches both to the registry and file system so there is an extra step not used in previous iterations of terminal server. Is there a way to make that process more seamless or is it really just a craps shoot?
0
Comment
Question by:PIMSupport
  • 3
  • 2
5 Comments
 
LVL 16

Accepted Solution

by:
Spike99 earned 500 total points
Comment Utility
So, what error are users seeing at logon? If you didn't get a screenshot of the error, you should see the error logged in the System or Application event log at the time the user logged on. That should give you the details about why the server failed to load the user's profile & is logging them on with a temp profile.

A large variety of issues can cause temp profiles in Server 2008 & 2012.  Although, my experience with 2012 is more limited, I have plenty of experience with failed profiles in 2008.  In my experience, the cause was usually the failure of the server to copy a file or folder from the user's roaming profile folder to the local profile folder in C:\Users.  The reasons why the server failed to copy the file or folder were varied:  file name is too long (temp files usually), it couldn't find a file or folder, or the user lacked full access to the network copy of their roaming profile.

Also, please keep in mind that Server 2008 and Server 2012 are very picky about profiles.  In Server 2003 & earlier, you could "clear" the user's profile from the server by just removing the folder in C:\Documents and Settings. Clearing the profile can resolve all types of issues, but Server 2008 & 2012 won't let you do it that way.  It used to be our standard practice to just delete the local profile folder to resolve profile issues.  It would leave behind the registry entry, but with Server 2003, Windows would just recreate the local profile folder at next logon.  So, it didn't really cause us any problems doing it that way.  But, we found out the hard way that if you delete the local folder without clearing out the associated registry entry, the user will get an error at logon that the server failed to find the local copy of the profile & is loading them with a temp profile.  That error will persist until you clear out the registry entry.  So, it's better to use the System Properties dialog's Advanced tab to clear out user profile instead of just deleting the folder.

If someone did delete the user profile folder on C: without clearing out the registry entry, you can delete the registry entry to resolve the issue.  Look in this key for the user's unique SID (Security ID):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Users with Temp profile issues will have 2 keys in that path when they're logged on:  SID & SID.bak.  The SID key should disappear when they log off, leaving only the BAK key (which is where Windows backed up the original profile key when it couldn't load the profile).

To find the user's profile key, scroll through the list to find the keys ending in .BAK, & then single click on the .BAK key.  You can tell the user name by looking at the data of the ProfileImagePath String value on the right side of the REGEDIT window, which should be C:\users\%username%.  I would have the user log off & then delete the .BAK key associated with their account, which should resolve the profile problem.

I hope this helps.
0
 

Author Comment

by:PIMSupport
Comment Utility
After getting a decent pool of information to gather from it appears that when the server restarts not all the user profiles are removed from the registry hive. I found one user who still was in the registry after the restart and when I logged in as that user the .bak profile appeared and it acted like it was their first time logging in. I logged the user back out, deleted the .bak profile, logged them back in and it worked.

Ideally they would log out every night before they leave but that is not going to happen every single time just because they have been in a culture of leaving it open or just disconnecting. I'm trying to break them of that habit but these are some older folks who are set in their ways and figuring out something to tweak on the machine end would be a better fix. I'm experimenting with a script I found to log off all terminal users but that was just recently and I am still working the bugs out.

The underlying issue here is that Backup Exec 2014 fails to back up this hyper-v terminal server if users are logged in. Something happens with the VSS and there are snapshot failures and all sorts of other headaches. Not only that but this place has 2 shifts so I am trying to get things done in a small window.
0
 
LVL 16

Assisted Solution

by:Spike99
Spike99 earned 500 total points
Comment Utility
You could configure remote desktop time out settings to automatically log users off after being idle for a given amount of time.  If you're not familiar with that, here's a technet article on how to change those settings in 2012 (very similar to how it's done in 2003 & 2008).

This superuser.com forum post offers some tips about changing those settings:
http://superuser.com/questions/558920/disable-windows-server-2012-automatic-log-off

For example, in my old job we would set the Idle Session Limit to 4 hours. After 4 hours, the idle session would be disconnected. Then, we would end any disconnected sessions after another 4 hours.

You could also run a scheduled task to log off any users at a given time. I found a batch file on MS.com that looks promising.   check out this page:

http://support.microsoft.com/KB/259436

Although this article references Windows NT, I think the script should work just fine in newer Server OSs.  I don't have access to a 2012 server to try that out on, unfortunately.  You could run that every night to force users off the system prior to the scheduled nightly backup.
0
 

Author Closing Comment

by:PIMSupport
Comment Utility
This appears to be a result of users being logged on when a server is restarted. I found a script that is working via task. The contents are below. Thanks again for your help.

@echo on
@CLS
cd\
for /f "tokens=3" %%a in ('query session ^| find /i "rdp" ^| find /v ">rdp"') do (if %%a LSS 65536 logoff.exe %%a)
ping 1.1.1.1 -n 1 -w 60000 > nul
for /f "tokens=2" %%i in ('QWinSta ^| Find /i "Disc"') Do Echo y | RWinSta %%i
0
 
LVL 16

Expert Comment

by:Spike99
Comment Utility
cool, I was glad I could help.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Table of Contents: Lesson 1 - Installing Windows Server 2012 (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2012/A_11592-Become-an-Administrator-Installing-Windows-Server-2012.html) Lesson 2 - Configuring Ser…
This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now