Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Apparent bug with roaming default profile

  • Filter
  • Time
  • Show
Clear All
new posts

  • Apparent bug with roaming default profile

    I have found what I believe is a bug with the roaming default profile between Windows Vista and Windows Server 2008. I hope this is the right place to post this.

    Windows Server 2008 is the domain controller.
    Windows Vista is a member of the domain.
    A roaming default profile has been placed in the NETLOGON share on the DC. The folder that holds the roaming default profile is Default User.v2.

    A user account that has never logged on logs on to the domain from the Vista computer. The user is prompted to change their password as this option is set on the account (User must change password at next logon). User changes the password, but only gets the local default profile - not the profile from NETLOGON on the DC.

    Another user logs on to the domain from the same Vista computer. This user has never logged on but his password is not required to be changed at next logon. This user gets the roaming default profile as hoped.

    I have tried and retried this scenario and always get the same results. So, it "appears" that there is a bug with the roaming default profile when the user must change their password at first logon.

    Anybody else experience this? or not?


  • #2
    Re: Apparent bug with roaming default profile

    Interesting. I cannot try this myself right now, but I will later next week. In the meantime, did you do some searching around to see if anyone else got the same behavior?

    Daniel Petri
    Microsoft Most Valuable Professional - Active Directory Directory Services


    • #3
      Re: Apparent bug with roaming default profile

      Can you turn on auditing on the NETLOGON folder ? I would expect an access denied failure audit with extended error code 0xc0000224 :
      # for hex 0xc0000224 / decimal -1073741276 :

      So the first attempt to access the default profile will fail (before changing the password), and I think W2K8/Vista will not try to access the profile again after obtaining a valid Kerb ticket.

      I can bet that first attempt results in access denied. The only question is whether there is a second attempt - and that can be easily checked with auditing turned on and checking whether you get any success/failure audits after the failed attempts.
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"


      • #4
        Re: Apparent bug with roaming default profile


        I turned on auditing as you suggested. There was no failure event and no event suggesting the SYSVOL share or its contents were even attempted to be accessed. The only shares accessed were the IPC$ and SYSVOL, both successfully.
        I tried it again, this time, with the user account not required to change the password and as expected, plenty of success audits on the share and all of the profile files as they were copied down. It appears that when the user is required to change his password, the default user.v2 profile on the share on the DC is not even attempted to be accessed.



        • #5
          Re: Apparent bug with roaming default profile

          Did anyone ever confirm that this is a known bug, or (more importantly) find a solution? We are in the process of setting up a domain with Windows Server 2008 DCs and Windows Server 2003 R2 member servers, and having this exact same problem.

          It is a huge issue for us, as we are dealing with a high volume of end users on Terminal Servers, that need frequent password resets. Every time we reset a password and it is set for "User must change password at next logon", the user receives the local default profile after they finish the password change procedure. They should be receiving their roaming profile, but they are not. In our case, this causes the login to fail (because we have locked-down desktops for end users, which do not permit them to continue with a "full" default desktop).

          Once their initial login with the default local profile fails, they can open a new window and connect again using the new password they changed to -- the next login attempt succeeds with the new password and they are back to the correct roaming profile.

          Thanks in advance.
          Last edited by Amir Fasad; 2nd December 2008, 18:55.


          • #6
            Re: Apparent bug with roaming default profile


            I have not received any confirmation from anywhere that it is a confirmed bug, but my testing seems to point that way (unless MS spins it as a 'feature' of some sort). I found this problem while writing a textbook on the 70-640 exam and unfortunately have not had time to revisit the issue. (in the lab in my book, I work around it by making sure the user is not required to change the password at next logon.) Sorry I can't be of more help, but thanks for confirming that it was not just my set up.



            • #7
              Re: Apparent bug with roaming default profile

              Thanks Greg.

              Apparently there is a solution to the original problem you found, but still no solution to my problem.

              Here is the information about the fix for Vista clients with this problem:


              Here is a thread at the MS Forums with other people experiencing the same issue I am experiencing (since the above fix does not apply to non-Vista machines):


              Sounds like a lot of upset people experiencing the same thing I am. One person there does have a script to act as a workaround, we may test that and see if it works. Still not optimal -- it's disappointing that this has been a known issue for a long time, with no apparent fix from MS.