1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AD/Roaming Profiles

Discussion in 'Networks' started by flounder10, Sep 29, 2008.

  1. flounder10

    flounder10 Nibble Poster

    83
    1
    17
    Hi all,

    This is my first help type thread, so i may not get all the required details in first time, but give me a shout if you need any more info than what i provide here :)

    We currently have a small network of about 30 computers running 1 primary domain controller (also file server), 1 secondary domain controller (also exchange server) and 1 SQL server. All server O/S are Server 2003 and all clients are XP Pro. We have a problem with some members of staff where they logon and Windows cant find their roaming profile, and it reverts to using the local profile. I have had a browse around a few places on the internet for various problems and there are a couple of main problems which people seem to have.

    One problem being the connection to the server being lost, but we have ruled that one out as being a cause. The other one is being folder permissions for the profile storage location. Once the user is created in AD all the permissions are set automatically and we don't touch anything to do with their profile unless this problem occurs. The other problem which i have seen is that the profile is corrupted in some way.

    How can the profile be corrupted? Is this something on the server side or the client side updating the profile on the server when logging off...?

    Out of the 30 users, there have been only a handful of people who have experienced this problem (including myself). The way that we get around it is to backup certain things on their profile, delete them from AD and recreate the profile. All is happy and it may not happen again. There has been one user which has had this problem a couple of times, so we have had to delete and recreate the user a couple of times. There are currently 3 users who have the problem with their profile at the moment, but i am holding off sorting these out so i can try any suggestions that may come about :)

    Anybody have any ideas of what could be causing this problem or any suggestions on what i can to to fix it please?
     
    WIP: Net+, MCDST, MCSA, MCSE, CCNA, CCNP
  2. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Hmmm sounds like one of the first two. Normally when we have profile problems at my workplace it is down to permissions on the user's folders. As they don't have permission, they get prompted by an error message when they logon.

    Do your end-users receive any error messages? What do they say?

    Have you checked the permissions for user's folders?

    Let us know more information and we'll be able to assist further. :)

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  3. flounder10

    flounder10 Nibble Poster

    83
    1
    17
    Description: Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.

    DETAIL - Access Denied

    -----------------

    That is the error message that the user gets when logging on. Some users have had their profiles for months/years and then one day, this error pops up. Nothing has been changed server side and the user said that nothing has changed out of the ordinary.

    I have looked at my profile and the profile of someone who is getting the error when logging on and checked the permissions and they are the same.

    User@domain (full permissions)
    SYSTEM (full permissions)
    Folder owner is Administrator

    What permissions should the folders have as these are the ones set by AD when the profile is created?
     
    WIP: Net+, MCDST, MCSA, MCSE, CCNA, CCNP
  4. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Looks like everything is correct.

    Could I ask why you use Roaming and not Local Profiles for 30 accounts?

    If it is to store data, you could map a network drive to be there home folder.

    We use H:\\ServerName\Data\%UserName%
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  5. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Sounds very much like lack of permissions to me.

    Set the folder permissions to:-

    SYSTEM
    Administrators
    User

    If it's still not playing then replace ownership on the folder and subcontainers with the User's logon. (Found in the Owner tab inside Advanced Security Settings) - this should sort it out.

    Make sure that the security permissions are being propogated throughout all of the subfolders too. (A quick test is to check the security permissions of sub-files/folders. The user should have full rights and the tick boxes should be greyed out.)

    Once you've applied these changes then go to the local machine and rename the local copy of their profile (it'll be located inside C:\Documents and Settings).

    Restart the user's machine and wait for it to pull down a new copy of their profile - be on the lookout for error messages.

    Let us know how you get on. :)

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  6. flounder10

    flounder10 Nibble Poster

    83
    1
    17
    We use roaming profiles as some people (like temps) move from desk to desk in various departments. It is also to store things like Exchange server details and program profiles that are specific to that user (NBS Contracts Administrator etc)

    We have a shared drive on a PDC for profiles. The folder is called profiles with each users. (\\servername\profiles\%username%)

    @QS - Ill give that a go on someones profile now and see what i come up with :) thanks
     
    WIP: Net+, MCDST, MCSA, MCSE, CCNA, CCNP
  7. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Bizarrely - we use pretty much exactly the same notation.

    Great minds, eh? :p

    Qs
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  8. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    We try and stear clear of Roaming Profiles for most of our 12,000 or so Users as they cause alot of hassle.

    They are usually only for Laptop Users. When these experience issues, we just .old the local profile and pull it from the server and clear out all the other profiles left on the laptop.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  9. Qs

    Qs Semi-Honorary Member Gold Member

    3,081
    70
    171
    Get Out Of My Brain!

    We do the same...
     
    Certifications: MCT, MCSE: Private Cloud, MCSA (2008), MCITP: EA, MCITP: SA, MCSE: 2003, MCSA: 2003, MCITP: EDA7, MCITP: EDST7, MCITP: EST Vista, MCTS: Exh 2010, MCTS:ServerVirt, MCTS: SCCM07 & SCCM2012, MCTS: SCOM07, MCTS: Win7Conf, MCTS: VistaConf, MCDST, MCP, MBCS, HND: Applied IT, ITIL v3: Foundation, CCA
  10. dales

    dales Gigabyte Poster

    1,998
    46
    97
    Dont suppose they are being hasty in shutting there machines down (turning them off before the profile has updated on the server)friday evening you know keen to get to the local drinking establishment. If the machine crashes before the profile is updated I suppose it might cause an issue even if the user doesnt see it.
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  11. flounder10

    flounder10 Nibble Poster

    83
    1
    17
    I can't speak for a couple of the others, but my profile done this about a year ago, but i dont "kill" the computer in that way so i dont damage anything to do with the profile :p

    My manager asked me the same question as a possible solution, but some of the others aren't like that with computers thankfully :p

    @craigie1977 - Could you explain the setup that you have for your profiles etc please? :)
     
    WIP: Net+, MCDST, MCSA, MCSE, CCNA, CCNP
  12. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Slow links can cause this to happen. If link speed is not an issue, then your server might be getting hammered - how large are their profiles? Had this happen at a bank with about 40 users... found out that they were attempting to synchronize many gigs of data.

    Nothing wrong with doing roaming profiles... but documents should reside on the server and only on the server.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  13. flounder10

    flounder10 Nibble Poster

    83
    1
    17
    Network is on a 1000Mb/s link. The profiles are relatively small and looking at around 20-50MB. All files and documents are stored on the server using networked drives.
     
    WIP: Net+, MCDST, MCSA, MCSE, CCNA, CCNP
  14. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    How's the server's performance looking?
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  15. flounder10

    flounder10 Nibble Poster

    83
    1
    17
    Between 08:30 & 09:00 when everyone is logging onto their computers, the server is not at that high usage.

    The PDC is a 3Ghz Dual Core Xeon with 2GB RAM. As there are only 30 users (at most) the logging on is spread between the 30 mins window. There is normally about 20/25 users logged in at any one time as the other people are surveyors out on site or others visiting our tenants.
     
    WIP: Net+, MCDST, MCSA, MCSE, CCNA, CCNP
  16. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Hmm... at that point, I'd probably sniff traffic when a likely candidate computer attempts to log on to see 1) how much data is being transferred, and 2) what communication is occurring when failures occur.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  17. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Fairly common problem tbh.

    Another way you can fix it is to take out the roaming profile path in AD, rename the profile on the server as .old, get the user to log out and back in. Then put the profile path back in and the next time the user logs out it will upload the local copy of the profile to the server again.

    Make sure offline folders is switch off, sometimes this can cause probs with roaming profiles.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  18. flounder10

    flounder10 Nibble Poster

    83
    1
    17
    Ill give that one a crack when i get in tomorrow morning :)

    I have disabled offline files as 1) i dont like it 2) it doesnt like syncing .mdb files :)
     
    WIP: Net+, MCDST, MCSA, MCSE, CCNA, CCNP
  19. derkit

    derkit Gigabyte Poster

    1,479
    54
    112
    By default, MS advise against syncing mdb files (MS Access) files - but this can be overriden.

    Linky
     
    Certifications: MBCS, BSc(Hons), Cert(Maths), A+, Net+, MCDST, ITIL-F v3, MCSA
    WIP: 70-293
  20. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    I'm actually having the same problem myself. I've come to a few conclusions though due to looking through the event logs.

    1. disable the offline caching on the share where the profiles are stored
    2. back up the system state
    3. make sure that all the clients have dns records

    I haven't done any of these yet but let us know if you get it sorted.

    Edit: if you can help it you shouldn't really have the exchange server sitting on a DC.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685

Share This Page

Loading...