AD/Roaming Profiles

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi all,

This is my first help type thread, so i may not get all the required details in first time, but give me a shout if you need any more info than what i provide here

We currently have a small network of about 30 computers running 1 primary domain controller (also file server), 1 secondary domain controller (also exchange server) and 1 SQL server. All server O/S are Server 2003 and all clients are XP Pro. We have a problem with some members of staff where they logon and Windows cant find their roaming profile, and it reverts to using the local profile. I have had a browse around a few places on the internet for various problems and there are a couple of main problems which people seem to have.

One problem being the connection to the server being lost, but we have ruled that one out as being a cause. The other one is being folder permissions for the profile storage location. Once the user is created in AD all the permissions are set automatically and we don't touch anything to do with their profile unless this problem occurs. The other problem which i have seen is that the profile is corrupted in some way.

How can the profile be corrupted? Is this something on the server side or the client side updating the profile on the server when logging off...?

Out of the 30 users, there have been only a handful of people who have experienced this problem (including myself). The way that we get around it is to backup certain things on their profile, delete them from AD and recreate the profile. All is happy and it may not happen again. There has been one user which has had this problem a couple of times, so we have had to delete and recreate the user a couple of times. There are currently 3 users who have the problem with their profile at the moment, but i am holding off sorting these out so i can try any suggestions that may come about

Anybody have any ideas of what could be causing this problem or any suggestions on what i can to to fix it please?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hmmm sounds like one of the first two. Normally when we have profile problems at my workplace it is down to permissions on the user's folders. As they don't have permission, they get prompted by an error message when they logon.

Do your end-users receive any error messages? What do they say?

Have you checked the permissions for user's folders?

Let us know more information and we'll be able to assist further.

Qs

 

Description: Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.

DETAIL - Access Denied

-----------------

That is the error message that the user gets when logging on. Some users have had their profiles for months/years and then one day, this error pops up. Nothing has been changed server side and the user said that nothing has changed out of the ordinary.

I have looked at my profile and the profile of someone who is getting the error when logging on and checked the permissions and they are the same.

User@domain (full permissions)
SYSTEM (full permissions)
Folder owner is Administrator

What permissions should the folders have as these are the ones set by AD when the profile is created?

 

Looks like everything is correct.

Could I ask why you use Roaming and not Local Profiles for 30 accounts?

If it is to store data, you could map a network drive to be there home folder.

We use H:\\ServerName\Data\%UserName%

 

Sounds very much like lack of permissions to me.

Set the folder permissions to:-

SYSTEM
Administrators
User

If it's still not playing then replace ownership on the folder and subcontainers with the User's logon. (Found in the Owner tab inside Advanced Security Settings) - this should sort it out.

Make sure that the security permissions are being propogated throughout all of the subfolders too. (A quick test is to check the security permissions of sub-files/folders. The user should have full rights and the tick boxes should be greyed out.)

Once you've applied these changes then go to the local machine and rename the local copy of their profile (it'll be located inside C:\Documents and Settings).

Restart the user's machine and wait for it to pull down a new copy of their profile - be on the lookout for error messages.

Let us know how you get on.

Qs

 

We use roaming profiles as some people (like temps) move from desk to desk in various departments. It is also to store things like Exchange server details and program profiles that are specific to that user (NBS Contracts Administrator etc)

We have a shared drive on a PDC for profiles. The folder is called profiles with each users. (\\servername\profiles\%username%)

@QS - Ill give that a go on someones profile now and see what i come up with thanks

 

Bizarrely - we use pretty much exactly the same notation.

Great minds, eh?

Qs

 

We try and stear clear of Roaming Profiles for most of our 12,000 or so Users as they cause alot of hassle.

They are usually only for Laptop Users. When these experience issues, we just .old the local profile and pull it from the server and clear out all the other profiles left on the laptop.

 

Get Out Of My Brain!

We do the same...

 

Dont suppose they are being hasty in shutting there machines down (turning them off before the profile has updated on the server)friday evening you know keen to get to the local drinking establishment. If the machine crashes before the profile is updated I suppose it might cause an issue even if the user doesnt see it.

 

I can't speak for a couple of the others, but my profile done this about a year ago, but i dont "kill" the computer in that way so i dont damage anything to do with the profile

My manager asked me the same question as a possible solution, but some of the others aren't like that with computers thankfully

@craigie1977 - Could you explain the setup that you have for your profiles etc please?

 

Slow links can cause this to happen. If link speed is not an issue, then your server might be getting hammered - how large are their profiles? Had this happen at a bank with about 40 users... found out that they were attempting to synchronize many gigs of data.

Nothing wrong with doing roaming profiles... but documents should reside on the server and only on the server.

 

Network is on a 1000Mb/s link. The profiles are relatively small and looking at around 20-50MB. All files and documents are stored on the server using networked drives.

 

How's the server's performance looking?

 

Between 08:30 & 09:00 when everyone is logging onto their computers, the server is not at that high usage.

The PDC is a 3Ghz Dual Core Xeon with 2GB RAM. As there are only 30 users (at most) the logging on is spread between the 30 mins window. There is normally about 20/25 users logged in at any one time as the other people are surveyors out on site or others visiting our tenants.

 

Hmm... at that point, I'd probably sniff traffic when a likely candidate computer attempts to log on to see 1) how much data is being transferred, and 2) what communication is occurring when failures occur.

 

Ill give that one a crack when i get in tomorrow morning

I have disabled offline files as 1) i dont like it 2) it doesnt like syncing .mdb files

 

By default, MS advise against syncing mdb files (MS Access) files - but this can be overriden.

Linky

 

I'm actually having the same problem myself. I've come to a few conclusions though due to looking through the event logs.

1. disable the offline caching on the share where the profiles are stored
2. back up the system state
3. make sure that all the clients have dns records

I haven't done any of these yet but let us know if you get it sorted.

Edit: if you can help it you shouldn't really have the exchange server sitting on a DC.