Roaming Profile wackiness. Here's a challenge for the pros.

[Atlanta Thrashers Fan]

I've got problems with getting user profiles to work properly.
I'm an admin at a high school. We were using generic logins and now I
switched to having a login for each student and to using roaming
profiles with a redirected 'My Documents' folder. We've had problems
with 'losing' files all along. Supposedly, a student would save a
file in their folder, go to another computer and poof! The file
wouldn't be there. I've never been able to see this happen, but I
have a few teachers that are pretty computer savvy and they said that
they have. I know that some of it is because students sometimes get
an error on their profile and are forced to use a temporary profile
that causes them to lose their work when they logout.
I've had to make some permissions changes to the folders and I
use a script that give me, teachers and the students full rights to
their respective folders. Even though the students have full rights
to their folders, they can't make changes because of the way the
computers are locked down. The vbscript I wrote formats an XCACLS
command and uses that to change the permission. I keep telling it to
propagate those changes all the way down the folder structure, but it
doesn't always do it. As a result, some students don't have access to
all folders in their profile.
Also, even students who DO have the correct permissions on their
folders sometimes get an 'Access Denied' error when they login.
We have a server that is dedicated to user profiles. It isn't a
domain controller. It's somewhere around a 2Ghz Celeron with 512MB
RAM and a 200GB hard drive.
There doesn't seem to be anything in the event logs that gives me
a clue to what's going on. I really need for the profiles to be
reliable. Any help you can give is GREATLY appreciated.

 

[Herb Martin]

I've got problems with getting user profiles to work properly.
I'm an admin at a high school. We were using generic logins and now I
switched to having a login for each student and to using roaming
profiles with a redirected 'My Documents' folder. We've had problems
with 'losing' files all along. Supposedly, a student would save a
file in their folder, go to another computer and poof! The file
wouldn't be there.

That can actually happen if some of your computers
cannot contact (or authenticate with) the server.

I've never been able to see this happen, but I
have a few teachers that are pretty computer savvy and they said that
they have.

And you must really try to document it because
many people are notorious for depending on
Explorer and "losing" conscious knowledge of
their file locations.

And if it is happening the "standard" way as I
mentioned above you WILL find the file in the
local cached copy of the users profile on the
machine they were using when they saved it.

One thing that exacerbates the problem is if
people logon to multiple machines at the same
time -- make different changes to the profile --
and then logoff thus saving both (one over the
other) back to the profile server OR never
logoff but crash or disconnect from the network
thus never saving back to the roaming server.

I know that some of it is because students sometimes get
an error on their profile and are forced to use a temporary profile
that causes them to lose their work when they logout.

Yes, that is one of the symptoms.

I've had to make some permissions changes to the folders and I
use a script that give me, teachers and the students full rights to
their respective folders. Even though the students have full rights
to their folders, they can't make changes because of the way the
computers are locked down. The vbscript I wrote formats an XCACLS
command and uses that to change the permission. I keep telling it to
propagate those changes all the way down the folder structure, but it
doesn't always do it. As a result, some students don't have access to
all folders in their profile.

Xcacls DOES whatever you tell it to do so
if it isn't working you have made an error.

(Sorry, but that is just the truth and I have done
it many times myself as XCalcs has a slightly
irritating command like that is somewhat picky
about syntax -- more than most programs.)

Also, even students who DO have the correct permissions on their
folders sometimes get an 'Access Denied' error when they login.

Sounds like failure to authenticate which is usually
a DNS problem.

We have a server that is dedicated to user profiles. It isn't a
domain controller. It's somewhere around a 2Ghz Celeron with 512MB
RAM and a 200GB hard drive.

Or the file server isn't (always) properly authenticating
in the domain itself.

There doesn't seem to be anything in the event logs that gives me
a clue to what's going on. I really need for the profiles to be
reliable. Any help you can give is GREATLY appreciated.

Check DNS (and authentication from some or all
of the problem machines).


--
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /serverC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]