Roaming profile won't load on Windows 2000 but does on XP

B

brothervogon

Hi ,

I have just encountered a problem with roaming profiles on our network
(Mixed Windows 2003/2000 AD domain). These have worked fine until last
week when some users on Windows 2000-SP4 machines started getting
errors loading their roaming profiles. The symptoms are pointing to
permissions as the client machines log ID 1000 errors in the
application event log:

"You do not have permission to access your central profile located at
\\Server\Share\Username. Contact your network administrator."

I have checked the permissions and they are all OK (Share perms are
Everyone FC and the user has NTFS FC and is also the owner). After
logging on with a cached or temp profile you can then map a drive to
the roaming profile share with no problems and create and amend files
so it is definitely not a permissions problem.

I then set up a test account and tried logging on on two test machines.
On the 2000-SP4 machine I got the same problem but on the XP-SP2
machine it was able to load the roaming profile without problems. I
then configured success and failure auditing on the test romaing
profile share and re-ran the tests. When the test user logs on to the
XP test machine the access is logged in the security event log on the
server as expected, but when the test user logs onto the 2000 machine
there is absolutely nothing in the event log. It is almost like the
2000 machine cannot locate the server holding the profile.

I have tested name resolution and the 2000 client gets the correct IP
address from an NSLOOKUP. I cannot determine what may have changed to
have made this start hapenning. There have been no changes to Group
Policy that would have affected it.

Any help will be gratefully received.

Vaughan




The relevant sections of the user mode debug log files are:


Windows 2000

USERENV(ac.88) 12:15:38:849 LoadUserProfile: Entering, hToken =
<0x61c>, lpProfileInfo = 0x6f648
USERENV(ac.88) 12:15:38:859 LoadUserProfile: Entering, hToken =
<0x61c>, lpProfileInfo = 0x6f648
USERENV(ac.88) 12:15:38:859 LoadUserProfile: lpProfileInfo->dwFlags =
<0x0>
USERENV(ac.88) 12:15:38:869 LoadUserProfile: lpProfileInfo->lpUserName
= <test.pro1>
USERENV(ac.88) 12:15:38:869 LoadUserProfile:
lpProfileInfo->lpProfilePath = <\\Server\Share\test.pro1>
USERENV(ac.88) 12:15:38:869 LoadUserProfile:
lpProfileInfo->lpDefaultPath = <\\DC\netlogon\Default User>
USERENV(ac.88) 12:15:38:879 LoadUserProfile: NULL server name
USERENV(ac.88) 12:15:38:879 GetUserMutex: entering
USERENV(ac.88) 12:15:38:889 GetUserMutex: Waiting...
USERENV(ac.88) 12:15:38:889 GetUserMutex: Wait succeeded. Mutex
currently held.
USERENV(ac.88) 12:15:39:029 GetOldSidString: Failed to open profile
profile guid key with error 2
USERENV(ac.88) 12:15:39:039 GetProfileSid: No Guid -> Sid Mapping
available
USERENV(ac.88) 12:15:39:039 GetOldSidString: Failed to open profile
profile guid key with error 2
USERENV(ac.88) 12:15:39:049 GetProfileSid: No Guid -> Sid Mapping
available
USERENV(ac.88) 12:15:39:049 ParseProfilePath: Entering, lpProfilePath =
<\\Server\Share\test.pro1>
USERENV(ac.88) 12:15:39:049 CheckXForestLogon: checking x-forest logon,
user handle = 1564
USERENV(ac.88) 12:15:39:059 MyGetDomainDNSName: Successfully
determined fqdn CN=test.pro1,OU=NO POLICY,OU=XXX,DC=domain,DC=com
USERENV(ac.88) 12:15:39:079 MyGetDomainDNSName: Successfully obtained
domain dns name domain.com
USERENV(ac.88) 12:15:39:079 CheckXForestLogon: not XForest logon.
USERENV(ac.88) 12:15:39:149 ParseProfilePath: Tick Count = 0
USERENV(ac.88) 12:15:39:149 PingComputer: PingBufferSize set as 2048
USERENV(ac.88) 12:15:39:169 PingComputer: First time: 10
USERENV(ac.88) 12:15:39:179 PingComputer: Second time: 1
USERENV(ac.88) 12:15:39:189 PingComputer: Fast link. Exiting.
USERENV(ac.88) 12:15:39:189 ParseProfilePath: FindFirstFile failed with
error 5
USERENV(ac.88) 12:15:39:199 ParseProfilePath: You don't have permission
to your central profile server! Error = 5
USERENV(ac.88) 12:15:40:651 LoadUserProfile: ParseProfilePath returned
a directory of <>
USERENV(ac.88) 12:15:40:661 RestoreUserProfile: Entering
USERENV(ac.88) 12:15:40:661 RestoreUserProfile: User is a Admin
USERENV(ac.88) 12:15:40:661 IsCentralProfileReachable: Entering
USERENV(ac.88) 12:15:40:671 IsCentralProfileReachable: Null path.
Leaving
USERENV(ac.88) 12:15:40:671 RestoreUserProfile: Profile path = <>
USERENV(ac.88) 12:15:40:671 ExtractProfileFromBackup: Failed to open
key Software\Microsoft\Windows
NT\CurrentVersion\ProfileList\S-1-5-21-1614895754-1078081533-1417001333-82082
with error 2
USERENV(ac.88) 12:15:40:681 ExtractProfileFromBackup: Couldn't open
backup profile key. Error = 2
USERENV(ac.88) 12:15:40:681 GetOldSidString: Failed to open profile
profile guid key with error 2
USERENV(ac.88) 12:15:40:691 PatchNewProfileIfRequred: No OldSidString
found
USERENV(ac.88) 12:15:40:691 CreateLocalProfileKey: Not setting
additional Security
USERENV(ac.88) 12:15:40:701 CreateLocalProfileImage: One way or
another we haven't got an existing local profile, try and create one
USERENV(ac.88) 12:15:40:701 GetUserDomainName: DomainName = <domain>
USERENV(ac.88) 12:15:40:701 CreateSecureDirectory: Entering with
<C:\Documents and Settings\TEMP.domain>
USERENV(ac.88) 12:15:40:721 CreateSecureDirectory: Created the
directory <C:\Documents and Settings\TEMP.domain>
USERENV(ac.88) 12:15:40:721 ComputeLocalProfileName: generated the
profile directory <C:\Documents and Settings\TEMP.domain>
USERENV(ac.88) 12:15:41:813 Local profile name is <C:\Documents and
Settings\TEMP.domain>
USERENV(ac.88) 12:15:41:813 RestoreUserProfile: Working with a new
user. Go straight to issuing a default profile.
USERENV(ac.88) 12:15:41:813 RestoreUserProfile: Issuing default
profile
USERENV(ac.88) 12:15:41:823 CheckNetDefaultProfile: Entering, lpNetPath
= <\\DC\netlogon\Default User>
USERENV(ac.88) 12:15:41:823 CheckXForestLogon: checking x-forest logon,
user handle = 1564
USERENV(ac.88) 12:15:41:833 MyGetDomainDNSName: Successfully
determined fqdn CN=test.pro1,OU=NO POLICY,OU=XXX,DC=domain,DC=com
USERENV(ac.88) 12:15:41:833 MyGetDomainDNSName: Successfully obtained
domain dns name domain.com
USERENV(ac.88) 12:15:41:843 CheckXForestLogon: not XForest logon.
USERENV(ac.88) 12:15:41:903 CheckNetDefaultProfile: FindFirstFile
found a directory, but no ntuser files.
USERENV(ac.88) 12:15:41:903 CheckNetDefaultProfile: setting default
profile to NULL
USERENV(ac.88) 12:15:41:903 CheckNetDefaultProfile: Removing local
copy of network default user profile.
USERENV(ac.88) 12:15:41:913 Delnode_Recurse: Entering, lpDir =
<C:\Documents and Settings\Default User (Network)>
USERENV(ac.88) 12:15:41:913 CheckNetDefaultProfile: Leaving with a
value of 0.
USERENV(ac.88) 12:15:41:913 IssueDefaultProfile: Entering.
lpDefaultProfile = <C:\Documents and Settings\Default User.WINNT>
lpLocalProfile = <C:\Documents and Settings\TEMP.domain>
USERENV(ac.88) 12:15:41:923 CopyProfileDirectoryEx: Entering,
lpSourceDir = <C:\Documents and Settings\Default User.WINNT>,
lpDestinationDir = <C:\Documents and Settings\TEMP.domain>, dwFlags =
0xc8101




Windows XP

USERENV(484.488) 13:41:23:215
=========================================================
USERENV(484.488) 13:41:23:215 LoadUserProfile: Entering, hToken =
<0x5ec>, lpProfileInfo = 0x6e3e0
USERENV(484.488) 13:41:23:215 LoadUserProfile: lpProfileInfo->dwFlags =
<0x0>
USERENV(484.488) 13:41:23:215 LoadUserProfile:
lpProfileInfo->lpUserName = <test.pro1>
USERENV(484.488) 13:41:23:215 LoadUserProfile:
lpProfileInfo->lpProfilePath = <\\Server\Share\test.pro1>
USERENV(484.488) 13:41:23:215 LoadUserProfile:
lpProfileInfo->lpDefaultPath = <\\DC\netlogon\Default User>
USERENV(484.488) 13:41:23:215 LoadUserProfile: NULL server name
USERENV(484.488) 13:41:23:215 LoadUserProfile: In console winlogon
process
USERENV(484.488) 13:41:23:215 In LoadUserProfileP
USERENV(484.488) 13:41:23:215
=========================================================
USERENV(484.488) 13:41:23:225 LoadUserProfile: Entering, hToken =
<0x5ec>, lpProfileInfo = 0x6e3e0
USERENV(484.488) 13:41:23:225 LoadUserProfile: lpProfileInfo->dwFlags =
<0x0>
USERENV(484.488) 13:41:23:225 LoadUserProfile:
lpProfileInfo->lpUserName = <test.pro1>
USERENV(484.488) 13:41:23:225 LoadUserProfile:
lpProfileInfo->lpProfilePath = <\\Server\Share\test.pro1>
USERENV(484.488) 13:41:23:225 LoadUserProfile:
lpProfileInfo->lpDefaultPath = <\\DC\netlogon\Default User>
USERENV(484.488) 13:41:23:225 LoadUserProfile: NULL server name
USERENV(484.488) 13:41:23:225 LoadUserProfile: User sid:
S-1-5-21-1614895754-1078081533-1417001333-82082
USERENV(484.488) 13:41:23:225 CSyncManager::EnterLock
<S-1-5-21-1614895754-1078081533-1417001333-82082>
USERENV(484.488) 13:41:23:225 CSyncManager::EnterLock: No existing
entry found
USERENV(484.488) 13:41:23:225 CSyncManager::EnterLock: New entry
created
USERENV(484.488) 13:41:23:225 CHashTable::HashAdd:
S-1-5-21-1614895754-1078081533-1417001333-82082 added in bucket 16
USERENV(484.488) 13:41:23:235 LoadUserProfile: Wait succeeded. In
critical section.
USERENV(484.488) 13:41:23:255 LoadUserProfile: Expanded profile path is
\\Server\Share\test.pro1
USERENV(484.488) 13:41:23:255 ParseProfilePath: Entering, lpProfilePath
= <\\Server\Share\test.pro1>
USERENV(484.488) 13:41:23:255 CheckXForestLogon: checking x-forest
logon, user handle = 1516
USERENV(484.488) 13:41:23:255 CheckXForestLogon: not XForest logon.
USERENV(484.488) 13:41:23:295 AbleToBypassCSC: Try to bypass CSC
USERENV(484.488) 13:41:23:375 AbleToBypassCSC: tried
NPAddConnection3ForCSCAgent. Error 2109
USERENV(484.488) 13:41:23:375 AbleToBypassCSC: Share \\Server\Share
mapped to drive E. Returned Path E:\test.pro1
USERENV(484.488) 13:41:23:375 ParseProfilePath: CSC bypassed. Profile
path E:\test.pro1
USERENV(484.488) 13:41:23:375 ParseProfilePath: Tick Count = 0
USERENV(484.488) 13:41:23:395 PingComputer: Adapter speed 100000000 bps
USERENV(484.488) 13:41:23:405 PingComputer: First time: 8
USERENV(484.488) 13:41:23:405 PingComputer: Fast link. Exiting.
USERENV(484.488) 13:41:23:405 ParseProfilePath: GetFileAttributes found
something with attributes <0x10>
USERENV(484.488) 13:41:23:405 ParseProfilePath: Found a directory
USERENV(484.488) 13:41:23:405 LoadUserProfile: ParseProfilePath
returned a directory of <E:\test.pro1>
USERENV(484.488) 13:41:23:405 RestoreUserProfile: Entering
USERENV(484.488) 13:41:23:405 IsCentralProfileReachable: Entering
USERENV(484.488) 13:41:23:405 CheckRoamingShareOwnership: checking
ownership for E:\test.pro1
USERENV(484.488) 13:41:23:415 CheckRoamingShareOwnership: owner is the
right user
USERENV(484.488) 13:41:23:415 IsCentralProfileReachable: Testing
<E:\test.pro1\ntuser.man>
USERENV(484.488) 13:41:23:485 IsCentralProfileReachable: Profile is
not reachable, error = 2
USERENV(484.488) 13:41:23:485 IsCentralProfileReachable: Testing
<E:\test.pro1\ntuser.dat>
USERENV(484.488) 13:41:23:536 IsCentralProfileReachable: Found a user
profile.
USERENV(484.488) 13:41:23:546 RestoreUserProfile: Central Profile is
reachable
USERENV(484.488) 13:41:23:546 RestoreUserProfile: Central Profile is
roaming
USERENV(484.488) 13:41:23:546 RestoreUserProfile: Profile path =
<E:\test.pro1>
USERENV(484.488) 13:41:23:546 ExtractProfileFromBackup: A profile
already exists
USERENV(484.488) 13:41:23:546 PatchNewProfileIfRequred: A profile
already exists with the current sid, exitting
USERENV(484.488) 13:41:23:546 CreateLocalProfileKey: Not setting
additional Security
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Found
entry in profile list for existing local profile
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Local
profile image filename = <%SystemDrive%\Documents and
Settings\test.pro1>
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Expanded
local profile image filename = <C:\Documents and Settings\test.pro1>
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: No local
mandatory profile. Error = 2
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Found
local profile image file ok <C:\Documents and
Settings\test.pro1\ntuser.dat>
USERENV(484.488) 13:41:23:556 Local Existing Profile Image is reachable
USERENV(484.488) 13:41:23:566 Local profile name is <C:\Documents and
Settings\test.pro1>
USERENV(484.488) 13:41:23:566 RestoreUserProfile: Reconciling roaming
profile with local profile
USERENV(484.488) 13:41:23:646 GetExclusionList: The exclusion on both
server and client are same: <Local Settings;Temporary Internet
Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook>
USERENV(484.488) 13:41:23:696 CopyProfileDirectoryEx: Entering,
lpSourceDir = <E:\test.pro1>, lpDestinationDir = <C:\Documents and
Settings\test.pro1>, dwFlags = 0x4c20
USERENV(484.488) 13:41:23:706 CopyProfileDirectoryEx: lpExclusionList =
<Local Settings;Temporary Internet Files;History;Temp;Local
Settings\Application Data\Microsoft\Outlook>
 
R

Richard G. Harper

Have we checked for DNS issues - are the troublesome machines pointing to
only domain DNS for name resolution?

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
 
B

brothervogon

Hi Richard,

I have resolved the problem now. I tried another test user that was set
up to use the profile server at our secondary site and that worked fine
from the Windows 2000 test PC. After some digging around I found that
the root profile share on the main site server did not have the List
Folder Contents NTFS permission for the Server\Users group but the
secondary site server did have this set. I added it to the primary site
server and this fixed the problem.

I have not been able to determine whether the permission was on the
folder and was subsequently removed or if something else changed to
cause the issue. I also don't see why it was still working with XP, but
as it is now working I'm not going to worry about that too much.

Thanks for your help, it did get me thinking and trying other things
which led to the solution.

Vaughan
 
L

Lanwench [MVP - Exchange]

In
Hi ,

I have just encountered a problem with roaming profiles on our network
(Mixed Windows 2003/2000 AD domain). These have worked fine until last
week when some users on Windows 2000-SP4 machines started getting
errors loading their roaming profiles. The symptoms are pointing to
permissions as the client machines log ID 1000 errors in the
application event log:

"You do not have permission to access your central profile located at
\\Server\Share\Username. Contact your network administrator."

I have checked the permissions and they are all OK (Share perms are
Everyone FC and the user has NTFS FC and is also the owner). After
logging on with a cached or temp profile you can then map a drive to
the roaming profile share with no problems and create and amend files
so it is definitely not a permissions problem.

I then set up a test account and tried logging on on two test
machines. On the 2000-SP4 machine I got the same problem but on the
XP-SP2 machine it was able to load the roaming profile without
problems. I then configured success and failure auditing on the test
romaing profile share and re-ran the tests. When the test user logs
on to the XP test machine the access is logged in the security event
log on the server as expected, but when the test user logs onto the
2000 machine there is absolutely nothing in the event log. It is
almost like the 2000 machine cannot locate the server holding the
profile.

I have tested name resolution and the 2000 client gets the correct IP
address from an NSLOOKUP. I cannot determine what may have changed to
have made this start hapenning. There have been no changes to Group
Policy that would have affected it.

Any help will be gratefully received.

Vaughan
Click to expand...

One thing to note is that profiles are not compatible between OS versions.
You are likely going to run into profile corruption problems. Don't use
roaming profiles if you don't have fairly identical workstations.

<snip>
 
R

Richard G. Harper

Even if I couldn't help, I'm glad you got a nudge to look in other places.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Roaming Profile issue on WIndows XP SP2 PC 4
Logon problem - Profile locked - Temporary profile created 3
Roaming Profile falis on XP... UserEnv Error 2
Re: Computer hangs at 'loading your personal settings' 2
Roaming profile problem 2
Failed to get UserGuid - policy does not apply 2
Slow in "Applying Personal Setting" 0
WCG Stats Thursday 19 September 2019 1

Top