Solved

Roaming profile issue. Profile doesn't load when loggin in from a different workstation.

Posted on 2016-09-16
10
71 Views
Last Modified: 2016-09-27
Hello,
I have an issue with roaming profile when logging in from a different computer.

So I migrated computer A from Source domain to Target domain.
I am able to login with either testsource or test target user into computer in the target and get the roaming profile after I applied two GPOs

"Do not check for user Ownership of Roaming Profile Folders".

Now, I tried to see if I can login as the target or source user to a different computer, and it failed....I didn't get roaming profile loaded.

When I logged in as source account to the another computer in the source domain, I got access denied error.

When I tried to login as target account to another computer in the source domain, I didn't get roaming profile loaded.....I applied GPO
Allow Cross-Forest User Policy and Roaming User Profiles but still roaming profile wasn't loaded.

Could you please explain how roaming profile works across the trust and why I am not getting roaming profile when logging in from a different computer.

Thank you so much!
0
Comment
Question by:creative555
10 Comments
 

Expert Comment

by:leemar1978
ID: 41802926
Are you using folders redirection? If you are have you checked the GPO config?
0
 

Author Comment

by:creative555
ID: 41804855
I configured Roaming test profiles using the following link.

http://www.avoiderrors.net/create-roaming-profile-on-windows-server-2012/

I don't believe i am using folder redirection.
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 250 total points
ID: 41807004
What exactly is happening on the computer where the profile doesn't work: are you getting a local profile or a temporary profile?  Have you tried logging on and then, after the login process finishes, restarting the computer?  Is the profile folder already created on the server end and populated with folders when you log on to the workstation for the first time?
0
 
LVL 23

Expert Comment

by:Coralon
ID: 41807819
It sounds like you are still dealing with 2 different profiles..

By default, if the user account does not own the profile, then they are blocked from loading it.  The first policy you mentioned Do not check for user Ownership of Roaming Profile Folders turns this off.  This is good & important for what you are doing..

The 2nd policy Allow Cross-Forest User Policy and Roaming User Profiles allows people from multiple domains to roam their profiles when there is a trust in place.  Again, this is good.

So.. a couple of questions..
Are you trying to use the same name from 2 different domains? (would fail to load, by default)..
Did the profile already exist and you are trying to reuse it? (might need a permissions change).

Coralon
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:creative555
ID: 41809860
good comments! looking into it now
0
 

Author Comment

by:creative555
ID: 41809863
are you getting a local profile or a temporary profile?  

How do I determine that? I think I am getting a new local profile. It shows me three local profile and roaming on the bottom but desktop, wallpaper, everything is missing for that profile.


  Have you tried logging on and then, after the login process finishes, restarting the computer?
Yes. more than once.

 Is the profile folder already created on the server end and populated with folders when you log on to the workstation for the first time?

No. profile was not created before on the second computer.....

Question. Do I need to process second computer before I can login as target account?

What do I need to do with the second computer in order for the roaming profile to work?
0
 

Author Comment

by:creative555
ID: 41811518
are you getting a local profile or a temporary profile?  

getting local profile on the secondary workstation but No desktop, wallpaper, etc
0
 
LVL 23

Accepted Solution

by:
Coralon earned 250 total points
ID: 41811547
If you go into the system control panel (sysdm.cpl) and look in the Profiles tab, it will tell you each profile on the system and what kind it is.  Additionally, you can look at the name of your profile directory and look for things like your username with 3 digits tacked onto it..

And are both computers the same OS?

The roaming profiles across domain boundaries are complicated.  A lot depends on which domain the user belongs to, which domain the machine belongs to, and between the domains which one trusts which one.. it affects *everything*.

And can you verify if your profile on the second machine is really the correct profile and *not* a system temporary profile?  (go to the command line and do an echo %userprofile% to see the name of the profile directory..  if it doesn't have your name in it, then you'll know it is a system temp profile.

Coralon
0
 

Author Closing Comment

by:creative555
ID: 41818668
thank you so much! It is working now after reboot. I think this was due to the bad computer
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now