Solved

Roaming profile issue. Profile doesn't load when loggin in from a different workstation.

Posted on 2016-09-16
10
122 Views
Last Modified: 2016-09-27
Hello,
I have an issue with roaming profile when logging in from a different computer.

So I migrated computer A from Source domain to Target domain.
I am able to login with either testsource or test target user into computer in the target and get the roaming profile after I applied two GPOs

"Do not check for user Ownership of Roaming Profile Folders".

Now, I tried to see if I can login as the target or source user to a different computer, and it failed....I didn't get roaming profile loaded.

When I logged in as source account to the another computer in the source domain, I got access denied error.

When I tried to login as target account to another computer in the source domain, I didn't get roaming profile loaded.....I applied GPO
Allow Cross-Forest User Policy and Roaming User Profiles but still roaming profile wasn't loaded.

Could you please explain how roaming profile works across the trust and why I am not getting roaming profile when logging in from a different computer.

Thank you so much!
0
Comment
Question by:creative555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 

Expert Comment

by:leemar1978
ID: 41802926
Are you using folders redirection? If you are have you checked the GPO config?
0
 

Author Comment

by:creative555
ID: 41804855
I configured Roaming test profiles using the following link.

http://www.avoiderrors.net/create-roaming-profile-on-windows-server-2012/

I don't believe i am using folder redirection.
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 250 total points
ID: 41807004
What exactly is happening on the computer where the profile doesn't work: are you getting a local profile or a temporary profile?  Have you tried logging on and then, after the login process finishes, restarting the computer?  Is the profile folder already created on the server end and populated with folders when you log on to the workstation for the first time?
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 25

Expert Comment

by:Coralon
ID: 41807819
It sounds like you are still dealing with 2 different profiles..

By default, if the user account does not own the profile, then they are blocked from loading it.  The first policy you mentioned Do not check for user Ownership of Roaming Profile Folders turns this off.  This is good & important for what you are doing..

The 2nd policy Allow Cross-Forest User Policy and Roaming User Profiles allows people from multiple domains to roam their profiles when there is a trust in place.  Again, this is good.

So.. a couple of questions..
Are you trying to use the same name from 2 different domains? (would fail to load, by default)..
Did the profile already exist and you are trying to reuse it? (might need a permissions change).

Coralon
0
 

Author Comment

by:creative555
ID: 41809860
good comments! looking into it now
0
 

Author Comment

by:creative555
ID: 41809863
are you getting a local profile or a temporary profile?  

How do I determine that? I think I am getting a new local profile. It shows me three local profile and roaming on the bottom but desktop, wallpaper, everything is missing for that profile.


  Have you tried logging on and then, after the login process finishes, restarting the computer?
Yes. more than once.

 Is the profile folder already created on the server end and populated with folders when you log on to the workstation for the first time?

No. profile was not created before on the second computer.....

Question. Do I need to process second computer before I can login as target account?

What do I need to do with the second computer in order for the roaming profile to work?
0
 

Author Comment

by:creative555
ID: 41811518
are you getting a local profile or a temporary profile?  

getting local profile on the secondary workstation but No desktop, wallpaper, etc
0
 
LVL 25

Accepted Solution

by:
Coralon earned 250 total points
ID: 41811547
If you go into the system control panel (sysdm.cpl) and look in the Profiles tab, it will tell you each profile on the system and what kind it is.  Additionally, you can look at the name of your profile directory and look for things like your username with 3 digits tacked onto it..

And are both computers the same OS?

The roaming profiles across domain boundaries are complicated.  A lot depends on which domain the user belongs to, which domain the machine belongs to, and between the domains which one trusts which one.. it affects *everything*.

And can you verify if your profile on the second machine is really the correct profile and *not* a system temporary profile?  (go to the command line and do an echo %userprofile% to see the name of the profile directory..  if it doesn't have your name in it, then you'll know it is a system temp profile.

Coralon
0
 

Author Closing Comment

by:creative555
ID: 41818668
thank you so much! It is working now after reboot. I think this was due to the bad computer
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
In-place Upgrading Dirsync to Azure AD Connect
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question