Announcement

Collapse
No announcement yet.

Temporary User profile (domain) error

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Temporary User profile (domain) error

    First I have all windows 7 Pro x64 computers with a server2008 r2 as AD/DNS/file server. The Firewall/Gateway is our DHCP server.

    I have an existing user and am attempting to change the computer but when I attempt to log into any other computer, I get the message that the user has been logged on as a temporary profile. This all worked last month. The only thing that has changed is a new antivirus (Avast business) and Managed IT server program. The user can still log into her own computer thankfully. This isn't an error or corrupt profile because, it has never existed on these other computers before. I just now created a local (domain) user profile.
    I started getting DNS errors after the manage it program had been installed. Therefore I looked into the computer's log, and this is what I've found.
    In order older to new

    10:42 Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

    DETAIL -
    1 user registry handles leaked from \Registry\User\S-1-5-21-1800419290-1931311706-344186445-500:
    Process 1188 (\Device\HarddiskVolume2\Windows\System32\svchost. exe) has opened key \REGISTRY\USER\S-1-5-21-1800419290-1931311706-344186445-500\Printers\DevModePerUser

    10:42 Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.

    DETAIL - Access is denied.

    10:42 Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

    10:42 The server {20A10BD4-0FF4-45E8-87EF-D2708E99CEAA} did not register with DCOM within the required timeout.
    I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
    Chris Robertson
    The Computer Doctor

  • #2
    Not sure I understand. Where is this message being displayed since you say she can log onto her own computer?
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2

    Comment


    • #3
      Are roaming profiles enabled for the user in AD? (the error above seems to indicate so)
      If so, in user properties in ADUC, is the roaming profile set to a UNC path (\\server\profiles\username) or to a local path (C:\something)?
      If a UNC, when you check the server location, is there a folder there for the user?

      Also, is this affecting only one user, or is it a general problem? (create a new user in ADUC - copy the bad one, then confirm profile settings are the same) and try logging onto 2 computers
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        We receive this message on any computer we attempt to logon her profile. I currently can't logon with any new users. Only users that have logged on before. Previously we were able to logon to any domain computer with our username/password.
        Ossian-I haven't seen anyoption in AD to enable roaming profiles. Most everything is default on the server. All the paths are UNC paths. This is going on with most all users. I've gotten some DNS errors on a few of the machines.
        The current dns settings are
        Server: 192.168.0.200 (itself. it is the DNS server)
        Firewall: ISP DNS, Google DNS, ISP secondary DNS
        Computers: 192.168.0.200 (DNS server), ISP primary DNS, -Wins 192.168.0.200 (enabled), LMhosts enabled, Netbios default

        The server dcdiag test passed too.

        Your help is greatly appreciated.
        Last edited by crobertson; 12th May 2015, 19:39.
        I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
        Chris Robertson
        The Computer Doctor

        Comment


        • #5
          I haven't got a DC in front of me at the moment, but IIRC roaming profiles are in ADUC User Properties on the tab that also has home directories

          Is there more than one DC in the environment?
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            No roaming profile. Previously we were able to set at any computer and log into the computer. It will not load your documents from the server or another computer, just gives you access. I'm currently resetting permission and securities on one computer. Any new OS install works perfectly. I can log in as any domain user. The currently computer, the log says profile service was no able to create a local profile. Access Denied.
            This tells me it is a security issue, but it doesn't elaborate. I remove all remnants of user profiles that I'm trying to log in as. All I ever read about is that it is a corrupt profile, but I know it is not, because new users or users that have never logged into a computer won't either.
            This all started with a It company loading a management software onto our server. They swear it couldn't/didn't make any changes, but now all computers are effected.
            I already know I'm not that bright. Please be constructive. Only give your 2cents if it helps. Don't be condesending or demeaning. It doesn't make you look smart. You just look like an arse.
            Chris Robertson
            The Computer Doctor

            Comment


            • #7
              Originally posted by crobertson
              The currently computer, the log says profile service was no able to create a local profile. Access Denied.
              This indicates to me that you have the Profile loading from the Server and permissions are not correct on the Profile SHARE / UNC Path folder on the Server where the Profile is stored. Have you had a look in the ADUC-->User Properties tab that Ossian suggested. If you are unsure of what or where it is then let us know and we will post a screen shot of where to look. Ta.

              Have a look at the below link for a fix to the Temp Profile loading on Windows 7.

              temporary user profile always loads windows 7
              1 1 was a racehorse.
              2 2 was 1 2.
              1 1 1 1 race 1 day,
              2 2 1 1 2

              Comment


              • #8
                Hi, What happens if you create a brand new AD user and try to logon? Is there any housekeeping or some process that deletes folders from c:\users on these machines?
                You may want to check that all the correct folders are in c:\users i've seen what you're describing when someone deleted the 'default' folder form c:\users, you will have to show hidden items to check if it's still there.
                When you say that you're removing all the profile remnants, you should be removing it via System properties > advanced > user profiles. Also the reg key you can check is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
                This may help too:
                https://support.microsoft.com/en-us/kb/947215
                Please remember to award reputation points if you have received good advice.
                I do tend to think 'outside the box' so others may not always share the same views.

                MCITP -W7,
                MCSA+Messaging, CCENT, ICND2 slowly getting around to.

                Comment


                • #9
                  First of all, remove the ISP DNS from your clients. AD domain clients should ONLY use the AD DNS server for DNS. This includes the Domain Controller itself. Also, in your scenario the domain controller should use it's own ip address for primary DNS and should use 127.0.0.1 as secondary DNS. You've got the primary DNS correct but you need to add 127.0.0.1 as secondary DNS. In the properties of the DNS server you can use forwarders or root hints or both, it doesn't matter. The DNS settings of your firewall are irrelevant to the problem. Fix the DNS settings and then reboot all machines *including the DC) and see if the problem persists. If it does then reverse the most recent change you made when the problem started (uninstall the IT management program) and see what happens.
                  Last edited by joeqwerty; 17th May 2015, 16:42.

                  Comment

                  Working...
                  X