Announcement

Collapse
No announcement yet.

Roaming Profiles problem, GPO problems, etc...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Roaming Profiles problem, GPO problems, etc...

    Hi everyone,

    I'll say it right now --> English's not my native language, but I'm doing my best...

    In october, we switched our old server (a Win2000 machine) for a new one that has Windows 2003 RC2 SP2 installed. The only things we kept from the old server was the users profiles and users’s files. I was able to use all the old profiles by doing a little but time consuming method that I found on the Internet (I still don’t know if it was a good idea…) : http://my.galagzee.com/index.php/200...ain-migration/

    I also exported-imported the users and OU (I wanted to buy some time) with a Microsoft command called LDIFDE. Here’s the commands I used :

    Export Command:

    ldifde -f exportOu.ldf -s Server -d "dc=Domain,dc=local" -p subtree -r "(objectCategory=organizationalUnit)" -l "cn,objectclass,ou"
    ldifde -f Exportuser.ldf -s ntbetonel -d "dc=Server,dc=local" -p subtree -r "(&(objectCategory=person)(objectClass=User)(given name=*))" -l "cn,displayName,distinguishedName,name,sn,userprin cipalname,givenName,objectclass,samAccountName"

    Import Command:

    ldifde -i -f ExportOU.ldf -s Server
    ldifde -i -f Exportuser.ldf -s Server


    Our actual server has all the FSMO roles. It’s also a DNS server, IIS server (for WSUS) and WINS. It’s also a McAffee ePO server. I also teamed up the Network Adapters that are built-in on the server, and I know that it may cause some trouble. I appplied a resolution from Microsoft that related to that kind of setup, but it did not solve my problem (see below).

    That's last year.. But NOW:

    I find out about this problem when I discovered that certain files in my roaming profile were not synch with the server. I tried to create a new profile (I thought it was corrupted) and that’s when I found out that when I was logging off, my new profile was not copied at all onto the server (except for the main folder, but it was empty). If there’s no copy of my profile on the workstation (locally), it cannot find it on the server and loads a TEMP profile… I even deleted my account in AD and created a fresh one, and it still doesn’t work. What is weird tough is that I created a new user, specified a profile path, and I was able to logon and logoff without error, and the profile was copied to the server. But I still have the same errors in userenv.txt… (all the info are specified further down that post)

    Also, you should know that existing users CAN logon to the server, but some has files missing too on the server, for example in the « Desktop folder ».

    So I made a lot of Googling and did not find anybody who got the exact same problem has mine, and found no real solution…

    With all the posts I read on the net, I got a pretty good idea of what kind of information I should give to troubleshoot my problem, so hang on to your hat, it’s scary…

    No Events can be found on the server but on the client-side (Windows XP SP2), I can see event 15 (http://www.eventid.net/display.asp?e...llment&phase=1) and event 1054 (http://www.eventid.net/display.asp?e...serenv&phase=1)

    In the Default Domain Policy GPO, « Always wait for the network at computer startup and logon » is set to « Enabled ».

    Windows Firewall on the server is turned off.

    DNS is looking good (no events in Event viewer) and clients- side primary DNS is set to server IP.

    DCDIAG has passed all tests.

    NETDIAG has passed all tests.

    Users have access to the shared SYSVOL folder (\\Server\SYSVOL\Domain.local

    Sharename of Roaming Profiles folder is Profiles$. Share permissions are set to Everyone Full Control and NTFS Permissions are set to Domain\Administrators - Full Control and Authenticated Users – Modify.

    At first, I looked into the « c:\Winodws\Debug\UserMode\ »Userenv.txt text file and saw that info :

    USERENV(2d8.2dc) 08:44:20:437 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 08:44:20:453 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 08:44:20:453 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 08:44:20:453 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 08:44:20:453 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 08:44:20:453 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 08:44:20:453 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.194) 08:44:44:843 ProcessGPOs: The DC for domain BETONEL is not available at startup. retrying
    USERENV(2d8.194) 08:44:44:843 RetryDCContactAtMachineStartup: Failed to query GpNetworkStartTimeoutPolicyValue with 2, exit.
    USERENV(2d8.194) 08:44:44:843 ProcessGPOs: The DC for domain BETONEL is not available after retries.
    USERENV(2d8.194) 08:44:44:843 ProcessGPOs: The DC for domain BETONEL is not available. aborting
    USERENV(2d8.560) 08:45:29:062 ProcessGPOs: The DC for domain BETONEL is not available. aborting
    USERENV(2d8.c3 08:58:16:078 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state.
    USERENV(2d8.85 09:00:31:162 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state.

    So I found out that solution from Microsoft that I applied in my workstation’s registry : http://support.microsoft.com/kb/840669/en-us
    I can see that it has helped a little (see USERENV(2d8.5b4) 09:30:52:453 ProcessGPOs: DC for domain BETONEL is reachable after retries.), but it has increased the boot time by more than 1 minute, and it’s not good. My profile’s still unable to synch with the server…

    I rebooted the PC and logged on with another account and this is what I got in Userenv.txt :

    USERENV(2d8.2dc) 09:29:37:546 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 09:29:37:546 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 09:29:37:546 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 09:29:37:546 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 09:29:37:546 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.2dc) 09:29:37:546 CUserProfile::CleanupUserProfile: Ref Count is not 0
    USERENV(2d8.5b4) 09:30:01:906 ProcessGPOs: The DC for domain BETONEL is not available at startup. retrying
    USERENV(2d8.5b4) 09:30:52:453 ProcessGPOs: DC for domain BETONEL is reachable after retries.
    USERENV(2d8.5b4) 09:31:56:890 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state.
    USERENV(2d8.85 09:32:06:859 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state.
    USERENV(2d8.880) 09:32:07:250 PolicyChangedThread: UpdateUser failed with 1008.
    USERENV(ae4.ae 09:32:21:984 LoadUserProfile: Failed to enable the restore privilege. error = c0000061
    USERENV(2d8.2dc) 09:32:34:281 ReconcileFile: Unable to open temporary file
    USERENV(2d8.2dc) 09:32:41:125 GetExclusionList: Failed to get file size of <E:\martinl\ntuser.ini>
    USERENV(2d8.e7 09:32:41:593 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state.
    USERENV(2d8.e3c) 09:38:30:031 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state.

    So I’m almost sure that by dissolving the teaming of the 2 network cards may solve that problem : USERENV(2d8.5b4) 09:30:01:906 ProcessGPOs: The DC for domain BETONEL is not available at startup. Retrying. But I don’t know what to do with this one : USERENV(2d8.85 09:00:31:162 GetGPOInfo: Local GPO's gpt.ini is not accessible, assuming default state.

    Thanks for reading this "book"! Any advice is appreciated!

  • #2
    Re: Roaming Profiles problem, GPO problems, etc...

    ok i almost read your book but stopped when i had a suggestion

    just setup a new profile folder for yourself as a test and configure these types of permissions
    share permissions: Full Control to Everyone
    Folder permissions: Full control to Domian\Administrators and Full Control to user of profile, so in this case you

    and thats it make sure all your AD profile paths are entered correctly, and also are using Home Folder paths in AD too?

    Comment


    • #3
      Re: Roaming Profiles problem, GPO problems, etc...

      What a thread to read after dinner and some ice cream.... heh.


      I'd definately be looking into network issues. Like you said, you have teamed nic cards, definately un-team them and set the Network Connections service start Automatically.

      also after you log on, make sure you can access to \\domain\sysvol\domain\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\

      Lastly, have you read this: http://support.microsoft.com/kb/842804

      hth
      Jake G

      Former Microsoft MVP - IIS ('02-'06)

      Comment


      • #4
        Re: Roaming Profiles problem, GPO problems, etc...

        Thanks for taking the time to help me, but I found the solution to my problem. And I was looking way too deep into Windows for nothing...

        Believe it or not, the problem was caused by the Video Card Drivers... (I tested every drivers one by one)

        I was working on a computer that has a Biostar TF7025-M2 motherboard with an integrated nVidia 7025 video card. I had to download the drivers on nVidia.com. If I'm using the driver made by Biostar (even the lastest one), my profile could no be synchronized with the server. I tried to update the BIOS, update all drivers, and the synch wasn't taking place at all...

        That's the weirdest thing I ever faced...

        Thanks again!

        Comment

        Working...
        X