Solved

Connect computer HELL

Posted on 2015-01-05
13
131 Views
Last Modified: 2015-01-16
I could write for hours on this, but I have been up over 24 hours and just can't do it any more.

I have a freshly minted SBS 2008 R2 Server, fully patched as much as it would patch before running any wizards like connect to the internet, etc.

I had 6 clients on an old SBS 2003 box that was dying.  running since 2006.  (All Win 7 x64)

I decided to go ahead and take all clients back to workgroup status, and then rejoin them to a new domain name rather than migrate as it just seemed really really good that all the users have FRESH clean new blank profiles on the new domain and I had backed up their libraries and pst files....yay or so I thought.

I'm now convinced that Vista sucks like Millennium sucked.

I spent 7 hours unable to get ANY machine to connect using the http://connect option, the manually run a file option, and when I finally decided to try MANUALLY joining the domain it completely demolished one of my clients.....This client is why I'm writing....   When I tried to manually join the domain it said "welcome to XXX domain" and asked me to reboot.  But when it rebooted it hung for a long time and then loaded "this is the default profile" ...."see admin guy"....  OK no problem I've seen this before.

I go ahead and go to mS site to remove undesired profiles in registry and remove them via control panel...no change.
I manually remove the entire user profile folder from admin account and do it again per ms instructions...  no luck.
it always loads this "default profile" which you can't even run regedit in.
After a long fight I tried something new, I ran system restore back to the night before and had a nice screen showing my old domain name.
I unjoined the domian, rebooted, changed my DNS to show the new domain ip, and did "http://connect" successfully.....
It ran the connection wizard fully, I told it clean profile option,  it rebooted, then rebooted again like normal...but upon the screen showing I successfully connected to the domain, I got yet again the popup saying it was the default profile.

Get this.... the profile doesn't vanish either...  I got my user's name on the start menu, and I can create files in this "temp default profile" and reboot to still see my past created files.

I just want a clean user profile, with a clean connection to my SBS 2008 R2 server where all other clients connected to just fine once I found the update rollup 3 kb patch.

Any ideas?   I've tried more than I posted here to save someone face from falling off.

I desire to give points away for this...please....

~ike
p.s. never buying sbs 2008 again.
0
Comment
Question by:Faxxer
  • 6
  • 3
  • 2
  • +2
13 Comments
 
LVL 18

Expert Comment

by:Peter Hutchison
ID: 40532503
Active Directory needs DNS working correctly and accessible for clients to resolve ip address and communicate with the Domain Controller. Is the client's primary DNS server looking at the IP address of the new SBS 2008 server?
IF you run nslookup can you resolve addresses ok? Also, have all the SRV type addresses been added the the server?
You should see entries for _TCP, _MCDS, _kerberos, _gc, _kdc and so on in the DNS Zone?
If you run DCDIAG on the server or from a client, does it pass most of the checks?
0
 
LVL 87

Expert Comment

by:rindi
ID: 40532526
Have you made sure that the PC's NIC is set to only use the SBS server as DNS server, and not the ISP or the router?
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40532589
Does the default profile error message occur for all users who log into this machine?
0
 

Author Comment

by:Faxxer
ID: 40532794
Quick reply for 1st two...  Yes, DNS is pointing ONLY to the SERVER.
My issues with connect were solved with the update rollup 3 file after many headaches.

This particular pc was forced to try and join before that fix was applied.

VB ITS,  GREAT question...  I just attempted to log into the machine with my domain admin credentials and I got the exact same profile as the other user, except with my name on the start menu.   I know this because I created a "test" file for the desktop to track behavior of the profile's nature.
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40532844
Open Command Prompt and type in set then hit Enter. Check the value for the USERPROFILE variable - is it pointing to the other user's profile path? i.e. C:\Users\OtherUser?
0
 
LVL 5

Expert Comment

by:Robert_Turner
ID: 40533120
In all the SBS migrations I did I refused to use the http://connect site, it causes more problems than it does save time.  userprofile path variables is nothing new, you need to fix the profile path with regedit.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

There will be registry keys inside the ProfileList with two identical ones which are differentiated by the .bak extension (e.g. xxxxxx1234.bak & xxxxxx1234).

The Registry key with the .bak extension contains the user's actual profile while the one without the .bak contains the temporary profile.

Delete the Registry Key WITHOUT the .bak extension and rename the one with it to xxxxx1234 (without the .bak). Notice the fields on the right, there should be a value named RefCount, change the value to 0.

Reboot the machine.

http://support.microsoft.com/kb/947242/en-gb

Ensure you have a backup of user data before attempting this.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 18

Expert Comment

by:Peter Hutchison
ID: 40533147
Looks like an issue that was resolved in Update Rollup 2 - Issue 5:
http://support2.microsoft.com/kb/2660819/en-us?sd=rss&spid=15817

BTW, there is now a Rollup 4 for SBS 2011 standard:
http://support.microsoft.com/kb/2885319
0
 

Author Comment

by:Faxxer
ID: 40533252
Hi VB...
Here's what I've observed...
I logged on as LOCAL administrator on the machine and I got a REAL profile with SET at CMD revealing proper username and profile path...

I then logged off and the Ctrl+alt+delete option automatically chooses the domain login as the default, so I put in my user's name and password ....  Got the "default" profile again....Here is what SET in cmd revealed....
Username is "System" instead of my user
and the userprofile is c:\windows\system32\config\systemprofile

You supected this was the case!   I don't suppose you have a way for me to just wipe out every profile save the local admin account and start clean?

And....  Will I need to remove the user and pc from the domain server before I try this again?

......notes for other commentors....

Hi Robert, there are no .bak showing in profile list....unfortunately, i've been in this fix attempt several times and cleaned out profilelist in the registry...it just seems to be something else....

Peter...  I'm on sbs 2008 r2 on this particular issue, not an sbs 2011 (which I love MUCH more than 2008 by the way!!!!)
0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40533262
I don't suppose you have a way for me to just wipe out every profile save the local admin account and start clean?
Go to Control Panel > System > Advanced system settings on the top left > click the Settings button in the User Profiles box > select the profile you want to delete > click on the Delete button > repeat for any other profile you want to remove

Probably best to restart the computer first, log in with your local admin account then use the above process to remove the profiles as sometimes the files get locked by the system.

And....  Will I need to remove the user and pc from the domain server before I try this again?
No need for either at this point.
0
 

Author Comment

by:Faxxer
ID: 40534023
OK...  One observation.

I can NOT delete the "default" profile which is different than the administrator account I am using to do this....

I tried rebooting to see if default would unlock but nope.

I still get the default user profile...

I tried to use the tool to copy the default profile to a already existing profile ....there are multiple folder sets now with the infamous .000  .001  .002...etc.  in the user profile list under the "users" folder.
0
 

Author Comment

by:Faxxer
ID: 40534912
One more observation....
I have ONLY the Local administrator account that works...BUT in the registry It has no GUID key in the profilelist nor does it have a corresponding GUID match in the GUID reg folder right above it...

looking at a healthy pc joined...  each valid user profile had a matching GUID entry in profilelist and the above folder GUID as well...they matched identically.

The guid comes from where exactly?  From the local machine or from the domain server?  Which part is handed to the client from the server?   And does knowing this tidbit do any good?
0
 

Accepted Solution

by:
Faxxer earned 0 total points
ID: 40543286
Well I ended up wiping the machine and reinstalling from a clean disk.   Of course it connected fine then.

Thank you all for helping.

Ike
0
 

Author Closing Comment

by:Faxxer
ID: 40553084
Much thanks to all who tried to help, but nothing seemed to work.   Ended up reformatting the box and doing a clean install.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now