Announcement

Collapse
No announcement yet.

Win2K3 Srv Creating New User Accounts On Boot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Win2K3 Srv Creating New User Accounts On Boot

    My Win2K3 Server is creating a new user account when it boots up, instead of using the existing account.
    For example, assume the account is called "USER"
    It is creating a new account named "USER.DOMAIN"

    The new "USER.DOMAIN" account appears to have migrated all the settings from the "USER" account, so that it's almost impossible to tell them apart.

    My problem is that this account doesn't seem to be able to access the DHCP nor DNS server (as well as other services) and the other Win2K3 server, which is the BDC.

    I have tried to remove the HDD from the machine and on another windows machine, remove the directory "USER.DOMAIN" and place it on a USB key. Then put the drive back in and boot up again. It just creates another "USER.DOMAIN" account again but this time all the settings were also lost as if it created a completely new USER account from scratch.




    I would need to have it revert back to the original "USER" account so that everything is functional again.

    I would also like to know how this happened and why, if someone would be kind enough to explain that to me.

    Your help would be greatly appreciated.




  • #2
    In the subject field you say Windows is "creating new user accounts" (which would be really, really strange), but reading the contents of your post I get the impression that you're actually referring to a new user profile.

    Have you logged in to this particular server using this exact user account before? If not, Windows will indeed create a new profile. The only way to use the exact same user profile across multiple computers is to implement Roaming Profiles. You can also achieve partial profile synchronization using Folder Redirection.

    On the other hand, if you have logged in to this server before, using this user account, you should expect to see the same user profile. However, Windows will create a new profile under certain conditions:
    • If Roaming Profiles are configured but the profile server is unavailable, Windows will create a temporary profile which will be discarded when you log off.
    • If the profile directory for the user in question is damaged or has been deleted, Windows will create a new profile in a folder called "user.domain" or "user.computername" or "user.<some number>", depending on the circumstances.
    • If the "ProfileList" Registry setting for the user account in question has been damaged/deleted, Windows will create a new profile.
    • If the "ProfileList" entry doesn't match the SID of the user account (for instance, if you've deleted and recreated the account in Active Directory), Windows will create a new user profile

    If you can provide some more details regarding the account and whether you've logged in to this server before, I'm sure we can get to the bottom of this.

    Comment


    • #3
      Thanks Ser Olmy for the reply.

      Yes, it's User Profiles. My post is misleading.

      I have logged into this profile many times before.

      These two servers have been working fine for - I would say - about 2 years now, without much activity from admins with no issues. One of the UPS units in the cabinet had an alarm and I replaced the batteries for it. The Server was supposed to be down for about 1/2 hour or so while I did the work. On restart the server couldn't connect to DHCP (and other services) and now, is not handing out IP's. The DHCP scope shows a green indicator arrow but it doesn't seem to be authorized as per the error logs. I feel like this is an SID issue because of that and I get an "access denied" if I try to connect to the other Server (on which the correct user profile is running) for example using the DNS service.

      " - If the profile directory for the user in question is damaged or has been deleted, Windows will create a new profile in a folder called "user.domain" or "user.computername" or "user.<some number>", depending on the circumstances."

      It seems like this is what has happened.

      I am also getting a error pop up saying raupdate.exe encountered a problem and needed to close (send error report / don't send)

      What do I need to do? I need to merge the two profiles? I'm not sure exactly where the issue lies and I don't want to just blindly try to fix this. I'm actually under a lot of pressure here so your help is appreciated.
      Last edited by GreenGhost; 12th February 2016, 16:06.

      Comment


      • #4
        The only time I have seen this is when I have set up a new computer/server and have created a local user account during the set up procedure e.g. Blood on a computer named Bone. Thus, my login is bone\blood

        If I join that computer/server to a domain (e.g. named Megacorp.local), and I have an Active Directory user account named Blood, if I then log on to the server/computer a new user account is created named blood.megacorp because the machine automatically assumes I am logging onto the domain.

        The computer/server distinguishes the local account bone\blood from the Active Directory domain account megacorp\blood. But, these accounts are listed as blood and blood.megacorp

        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Originally posted by GreenGhost View Post
          What do I need to do? I need to merge the two profiles? I'm not sure exactly where the issue lies and I don't want to just blindly try to fix this.
          Precisely. Some further detective work is required to find out what's actually causing the issue.

          The non-working DHCP service and the inability to connect to other services is not related to the user profile. Your account retains all access rights regardless of the profile, so something else is going on here. It's much more likely that your profile issues is the symptom of an underlying network issue.

          First things first:
          • Have you checked the IP settings on the server? What does "ipconfig /all" report?
          • Is the network interface visible in Device Manager, and can you see it in Network and Sharing Center under "Change adapter settings"?
          • Can you ping the IP address of the other server?
          • Can you ping the other server by name?
          • Is this server a Domain Controller?

          You should perform the above tests/checks using an account with administrative privileges. If the server isn't a Domain Controller, a local account with sufficient privileges can be used.

          Comment


          • #6
            I get this when trying to post a reply..... It's not easy being Green.......
            Attached Files

            Comment


            • #7
              EDIT: Finally.. I could post an answer


              Thanks for the help, guys.

              - Have you checked the IP settings on the server? What does "ipconfig /all" report?

              The server has a static IP. I checked it and it's still the same/correct IP.

              - Can you ping the IP address of the other server?

              Networking is fine and I can ping the other server and any other machine (that also has a static IP) on the same network/subnets.

              - Can you ping the other server by name?

              I'm actually running WINS so, yes I can ping the other server by name

              - Is this server a Domain Controller?

              It is the PCD in the domain and there is also another BDC machine in the same domain (also same O/S). These are the only two windows servers.

              "You should perform the above tests/checks using an account with administrative privileges. If the server isn't a Domain Controller, a local account with sufficient privileges can be used.'"

              There is another profile with administrator priviledges that is already on the machine (see USERNAME2 below) that doesn't seem to be corrupted. I logged in with this account but I get the same results (no access with DHCP, DNS, etc...) However, at least it's not creating another profile (ie: USERNAME2.DOMAIN)

              The C:/Documents and Settings folder in Windows Explorer looks like this:

              C:/
              - Documents and Settings
              - - USERNAME1
              - - USERNAME1.DOMAIN
              - - All Users
              - - Default User
              - - USERNAME2
              - Inetpub
              - Program Files
              - etc....

              So I am thinking that the "USERNAME1 profile is corrupted as you mentioned above. When I log in as USERNAME1, I can see "C:\Documents and Settings\USERNAME1.DOMAIN" in the command prompt window. So I know I'm not in the correct profile.




              In Windows Explorer I can see both machines.
              If I try to open WINS, DHCP or DNS, I cannot connect to the other machine from the console. It gives me an access denied error.
              For AD, I can connect and administer. Although AD is getting DNS errors. I can try to see if I could post the content of the errors here if it helps?

              Comment


              • #8
                Yes, do post the error messages you're receiving.

                It would seem you're having some kind of authentication and/or name resolution issues disrupting communication between your DCs, I recommend you run dcdiag on both servers and post the results.

                You're probably right about the profile being corrupted. Unfortunately, if you copied the entire profile directory to another location (you mentioned a USB drive), you're likely to have missed some files due to permission issues, which would render the copy unusable. But as I mentioned, the profile does in no way affect the rights of the user account.

                The name of a profile directory is not necessarily related to the name of the corresponding user account. For instance, if you rename a user account, the name of the profile directory stays the same. The fact that you're seeing a directory called "USERNAME.001" or somesuch does not imply the existence of a user account by that name. By the way, the mapping between account SIDs and profile directories are local to each machine and can be found in the registry under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList".

                I wouldn't spend too much time on the profile issue, especially since it may not be fixable. If the old profile contains shortcuts, documents or other data that are of value to you, you could just copy those over to the new profile directory.

                Comment


                • #9
                  Thanks for your help. There were problems with DNS and then there were problems where I could not log into any services of the other DC. To make the story short, I spent about 4 days straight on both machines and finally fixed the issue. Then I fixed the problem with the corrupted profile.

                  What a mess. Anyway it's done now.

                  Comment

                  Working...
                  X