Solved

Terminal Server 20120 R2 loading temp profiles intermittently

Posted on 2014-12-08
5
1,633 Views
Last Modified: 2015-01-08
I deployed a 2012 R2 terminal server for a client recently and intermittently when they log in they are getting temp profiles. As far as I can tell there is no rhyme or reason to when it happens. Has anyone else experienced this and found a way to prevent it from happening? I know the profile attaches both to the registry and file system so there is an extra step not used in previous iterations of terminal server. Is there a way to make that process more seamless or is it really just a craps shoot?
0
Comment
Question by:PIMSupport
  • 3
  • 2
5 Comments
 
LVL 17

Accepted Solution

by:
Spike99 earned 500 total points
ID: 40487689
So, what error are users seeing at logon? If you didn't get a screenshot of the error, you should see the error logged in the System or Application event log at the time the user logged on. That should give you the details about why the server failed to load the user's profile & is logging them on with a temp profile.

A large variety of issues can cause temp profiles in Server 2008 & 2012.  Although, my experience with 2012 is more limited, I have plenty of experience with failed profiles in 2008.  In my experience, the cause was usually the failure of the server to copy a file or folder from the user's roaming profile folder to the local profile folder in C:\Users.  The reasons why the server failed to copy the file or folder were varied:  file name is too long (temp files usually), it couldn't find a file or folder, or the user lacked full access to the network copy of their roaming profile.

Also, please keep in mind that Server 2008 and Server 2012 are very picky about profiles.  In Server 2003 & earlier, you could "clear" the user's profile from the server by just removing the folder in C:\Documents and Settings. Clearing the profile can resolve all types of issues, but Server 2008 & 2012 won't let you do it that way.  It used to be our standard practice to just delete the local profile folder to resolve profile issues.  It would leave behind the registry entry, but with Server 2003, Windows would just recreate the local profile folder at next logon.  So, it didn't really cause us any problems doing it that way.  But, we found out the hard way that if you delete the local folder without clearing out the associated registry entry, the user will get an error at logon that the server failed to find the local copy of the profile & is loading them with a temp profile.  That error will persist until you clear out the registry entry.  So, it's better to use the System Properties dialog's Advanced tab to clear out user profile instead of just deleting the folder.

If someone did delete the user profile folder on C: without clearing out the registry entry, you can delete the registry entry to resolve the issue.  Look in this key for the user's unique SID (Security ID):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Users with Temp profile issues will have 2 keys in that path when they're logged on:  SID & SID.bak.  The SID key should disappear when they log off, leaving only the BAK key (which is where Windows backed up the original profile key when it couldn't load the profile).

To find the user's profile key, scroll through the list to find the keys ending in .BAK, & then single click on the .BAK key.  You can tell the user name by looking at the data of the ProfileImagePath String value on the right side of the REGEDIT window, which should be C:\users\%username%.  I would have the user log off & then delete the .BAK key associated with their account, which should resolve the profile problem.

I hope this helps.
0
 

Author Comment

by:PIMSupport
ID: 40504901
After getting a decent pool of information to gather from it appears that when the server restarts not all the user profiles are removed from the registry hive. I found one user who still was in the registry after the restart and when I logged in as that user the .bak profile appeared and it acted like it was their first time logging in. I logged the user back out, deleted the .bak profile, logged them back in and it worked.

Ideally they would log out every night before they leave but that is not going to happen every single time just because they have been in a culture of leaving it open or just disconnecting. I'm trying to break them of that habit but these are some older folks who are set in their ways and figuring out something to tweak on the machine end would be a better fix. I'm experimenting with a script I found to log off all terminal users but that was just recently and I am still working the bugs out.

The underlying issue here is that Backup Exec 2014 fails to back up this hyper-v terminal server if users are logged in. Something happens with the VSS and there are snapshot failures and all sorts of other headaches. Not only that but this place has 2 shifts so I am trying to get things done in a small window.
0
 
LVL 17

Assisted Solution

by:Spike99
Spike99 earned 500 total points
ID: 40505568
You could configure remote desktop time out settings to automatically log users off after being idle for a given amount of time.  If you're not familiar with that, here's a technet article on how to change those settings in 2012 (very similar to how it's done in 2003 & 2008).

This superuser.com forum post offers some tips about changing those settings:
http://superuser.com/questions/558920/disable-windows-server-2012-automatic-log-off

For example, in my old job we would set the Idle Session Limit to 4 hours. After 4 hours, the idle session would be disconnected. Then, we would end any disconnected sessions after another 4 hours.

You could also run a scheduled task to log off any users at a given time. I found a batch file on MS.com that looks promising.   check out this page:

http://support.microsoft.com/KB/259436

Although this article references Windows NT, I think the script should work just fine in newer Server OSs.  I don't have access to a 2012 server to try that out on, unfortunately.  You could run that every night to force users off the system prior to the scheduled nightly backup.
0
 

Author Closing Comment

by:PIMSupport
ID: 40537954
This appears to be a result of users being logged on when a server is restarted. I found a script that is working via task. The contents are below. Thanks again for your help.

@echo on
@CLS
cd\
for /f "tokens=3" %%a in ('query session ^| find /i "rdp" ^| find /v ">rdp"') do (if %%a LSS 65536 logoff.exe %%a)
ping 1.1.1.1 -n 1 -w 60000 > nul
for /f "tokens=2" %%i in ('QWinSta ^| Find /i "Disc"') Do Echo y | RWinSta %%i
0
 
LVL 17

Expert Comment

by:Spike99
ID: 40538502
cool, I was glad I could help.
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question