Roaming profiles & laptops - Best Practices?

[Ted Kovacs]

All of our users are setup for roaming profiles. The
problem is that users with laptops see the following
error whenever they log on to the laptop and are not
connected to the network, such as when traveling.

The error is: "Windows cannot locate the server copy of
your roaming profile and is attempting to log you on with
your local profile."

How is the being handeled in your organization? Do you
not use roaming profiles for latops? Do your users just
get used to and click past this error? Is there a way to
get rid of the error?

Thanks for your help!

Ted

 

[Phillip Windell]

The error is: "Windows cannot locate the server copy of
your roaming profile and is attempting to log you on with
your local profile."

How is the being handeled in your organization? Do you
not use roaming profiles for latops?

We don't use roaming profiles for anything at all. I consider them too much
of a hassel.

Do your users just get used to and click past this error?
Is there a way to get rid of the error?

It is not an "error". It is just telling you the situation, it cannot find
the server to download the profile, so it uses the locally cached
one,...there is nothing else it could possibly do. It is just letting you
know that.

 

[Ted Kovacs]

-----Original Message-----

The error is: "Windows cannot locate the server copy of
your roaming profile and is attempting to log you on with
your local profile."

How is the being handeled in your organization? Do you
not use roaming profiles for latops?

We don't use roaming profiles for anything at all. I consider them too much
of a hassel.

Do your users just get used to and click past this error?
Is there a way to get rid of the error?

It is not an "error". It is just telling you the situation, it cannot find
the server to download the profile, so it uses the locally cached
one,...there is nothing else it could possibly do. It is just letting you
know that.

--

Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com


.

Phillip,

Thank you for the reply. I use roaming profiles as
basically a backup. For us, the only data on a
workstation that needs protection is contained within the
profiles. All other data is save to a network location.
If a machine goes down, I just drop in another with the
same programs and I am done. No configuring email, or
misc. programs like Autocad, or preferences, or listening
to users complain they lost their background image. Also
it is handy for laptops. If a laptop drive goes south, I
have all the users data from their last network logon.
How do you handle backing up these items? I'd be
interested to know.

The message, that you said is not an error per say, is
still an annoyance. Since I cannot find much about this
error on the web, I am assuming that most people are like
you and are not using roaming profiles. That makes me
wonder what point I am missing. It seems so handy to use
roaming profiles, only having to backup data on the
servers.... I thought it was pretty sweet. Please
elaborate on your dislike of roaming profiles.

Ted
tk3~shift2~wellscp.com

 

[Phillip Windell]

Thank you for the reply. I use roaming profiles as
basically a backup. For us, the only data on a

That is one "plus" to using them.

have all the users data from their last network logon.
How do you handle backing up these items? I'd be
interested to know.

Important files are kept on a file share on a File Server and the Server
gets backup to tape periodically. Files kept locally must be backed up with
the CD Burner by the user on a schedule they see fit. They know they are
responsible for this, so if it dones't get done then they lose them if the
drive dies. Other important things are usually in the form of Email. We use
Outlook as an Exchange Client so all mail is kept on the mail server and
backup to tape periodically. If users try to keep more than their box can
hold are configured with a local "Personal Folders" which is not backed
up,...so they are encouraged to save the attachments on the File Server and
not try to use their mailboxes for file storage.

The message, that you said is not an error per say, is
still an annoyance.

I understand...

elaborate on your dislike of roaming profiles.

Three things come to mind. There may be ways to avoid these problems, but
being someone who doesn't use them, I am not totally sure of the details.

1. Horribly extended logon periods. The profile is downloaded at logon, so
if the user has a lot of huge file in the "My Documents", like say
2gig,...then the machines have to download 2gig of files to the local
machine when the user logs in. I'm sure there may be ways to deal with
this, but I am not sure of the details.

2. Overwritten profiles. If network problems cause the machine to not find
the server and the user logs in with a cached account and also a locally
cached profile (like in your situation),...then the network problem gets
corrected a little later so now it can see the server. The user logs off and
the machine uploads the current profile to the server and "whala!" the good
profile on the server gets over written by the old outdated local profile.
Again there are probably ways to deal with it, but I am not aware of the
details of doing so.

3. Drive space. I just simply don't have the drive space on the Domain
Controllers for storing roaming profiles. Trying to keep the File Server's
drive from filling up is already enough of a task. Bigger drives in a RAID5
array get a bit expensive.

 

[Dave]

Hello Ted and Phillip,

Here are my comments on the topic. Keep in mind that I do this only as a
hobby, so my results may not be applicable to a *real* network. I have a
small network at home (four WinXPpro clients, Win2k3 server) and I use
roaming profiles and folder redirection.

The login times are longer. The most obvious reason is the synchronization
process. There is also an issue that windows behaves differently when using
the remote profiles. When roaming profiles are not in use the system is
available for use *before* the netlogon is complete. With roaming profiles
the availability is delayed until the logon is completed. Folder
redirection makes the synchronization go a bit smoother as only changed
files are downloaded.

I haven't had any issues with overwritten profiles yet. I do get the
warning mentioned earlier when my laptop strays from my network. I haven't
been too worried about lost data due to bad synchronization, but maybe I
should be.

Remote profiles can be stored on other network shares other than the DC.

As always just my 2¢,
Dave

 

[Roland Hall]

in message :
: All other data is save to a network location.
: If a machine goes down, I just drop in another with the
: same programs and I am done. No configuring email, or
: misc. programs like Autocad, or preferences, or listening
: to users complain they lost their background image. Also
: it is handy for laptops. If a laptop drive goes south, I
: have all the users data from their last network logon.
: How do you handle backing up these items? I'd be
: interested to know.

Altiris. http://altiris.com/

If you don't have to use roaming profiles, don't. If you feel you must,
don't cache to the local drive. This is where most of the issues for
roaming profiles occurs. If the user needs a particular background image
for their desktop then the user is running the IT department. Your job is
to make sure the users have tools to get their work done. If you're
spending time and effort, not to mention extra traffic, which increases
latency on your network, then you're wasting time and money.

Sure, you may not be the decision maker which means you're the guy stuck
making this work but as your network grows, it will just get worse, not
better.

: The message, that you said is not an error per say, is
: still an annoyance. Since I cannot find much about this
: error on the web, I am assuming that most people are like
: you and are not using roaming profiles.

That's because it's not an error. It is an information message. It's also
not hard to find information regarding it:
Here is one that probably doesn't apply unless you're using WPA:
http://support.microsoft.com/default.aspx?scid=kb;en-us;873485
This covers the Event ID: 1521 the previous article mentions:
http://support.microsoft.com/?kbid=831651
Something else worth reading with better explanations:
http://www.winnetmag.com/Windows/Article/ArticleID/466/466.html
And...:
http://www.microsoft.com/resources/...Windows/XP/all/reskit/en-us/prdc_mcc_yboj.asp

That makes me
: wonder what point I am missing. It seems so handy to use
: roaming profiles, only having to backup data on the
: servers.... I thought it was pretty sweet. Please
: elaborate on your dislike of roaming profiles.

I hate them. I see roaming profiles as a waste of resources, time and money
because nobody ever uses them properly, they're usually cached, they don't
use them with folder redirection, the IT department is not in control of the
network when they are the solution for "roaming" users or disk crashes.

Educating the user, limiting your liability to supporting critical business
related documents and using Altiris or SMS as a solution for disasters is my
choice for success. If all systems are the same and locked down in certain
areas, users can still change their background images, etc. and THEY can
make sure they have a backup for personal files, as it should be. It is not
the IT department's responsibility to make sure Mary's background image is
backed up, just like it's not the government's responsibility to make sure
some Floridians are handheld because they're just too ignorant to know how
to fill out a voter registration card or punch out a "chad".

You shouldn't have to visit workstations for profile corruption when roaming
profiles are known to have issues quite a bit. For a disaster, you're
having to replace more than the profile anyway and this is where imaging,
common desktops and push technology makes your life easy. And if your
network is that big, you better already have systems ready to go.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
FAQ W2K/2K3 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382

 

[Phillip Windell]

backed up, just like it's not the government's responsibility to make sure
some Floridians are handheld because they're just too ignorant to know how
to fill out a voter registration card or punch out a "chad".

It is already starting. They are doing "early voting" in Florida and about
20 other states, and are already screwing it up. My question is,...what is
to stop them form voting early, then comming back on Nov 2nd and voting
again? "Early Voting" should be illegal and there should be a compentency
test that must be passed before they can even be registered to vote,...and
they need to show three forms of ID and show the registration card before
they are given a ballot.

I know it is off topic, but that is just a hot button of mine,..and I
suspect yours as well

 

[jas0n]

All of our users are setup for roaming profiles. The
problem is that users with laptops see the following
error whenever they log on to the laptop and are not
connected to the network, such as when traveling.

The error is: "Windows cannot locate the server copy of
your roaming profile and is attempting to log you on with
your local profile."

How is the being handeled in your organization? Do you
not use roaming profiles for latops? Do your users just
get used to and click past this error? Is there a way to
get rid of the error?

Thanks for your help!

Ted

This is also the setup in my organisation. Desktops and laptops all setup
with roaming profiles for the main reason of capturing the data on the
desktop, etc, etc.

No one actually roams and uses different computers. It is done just for
backup purposes and its only a recent introduction.

What im getting from this thread is that profiles should not be cached
locally, is this for desktops permanently connected to the network? im
thinking laptops that are worked on away from the office frequently qould
need a locallly cached copy of their profile ..... ?

For us, currently all are locally cached for both desktops and laptops. All
laptops receive the information message when not attached to the network
(Ive seen a comment about being able to reduce the time it displays for to 1
second which may be useful to you)

We also redirect the my documents to the file server for all systems and for
laptops use offline files pointed at the X drive which is their home
folder..

 

[Roland Hall]

: : > backed up, just like it's not the government's responsibility to make
sure
: > some Floridians are handheld because they're just too ignorant to know
how
: > to fill out a voter registration card or punch out a "chad".
:
: It is already starting. They are doing "early voting" in Florida and about
: 20 other states, and are already screwing it up. My question is,...what is
: to stop them form voting early, then comming back on Nov 2nd and voting
: again? "Early Voting" should be illegal and there should be a
compentency
: test that must be passed before they can even be registered to vote,...and
: they need to show three forms of ID and show the registration card before
: they are given a ballot.
:
: I know it is off topic, but that is just a hot button of mine,..and I
: suspect yours as well

OMG! Don't get me started! I'm long-winded enough [as I see the room shake
their heads in agreement]. My greatest issue, and always has been of the
stinkin' Liberals is illegal voting, illegal aliens and of course the "dead"
vote, the way Kennedy won. We could then move to immigrants being put on
Social Security, and amnesty for criminals [illegal aliens] and just have a
day with it.

I'm trying to get a site setup called netfraud.us so everybody can bitch to
their heart's content and have direct contact information to people who have
to get re-elected to keep their jobs. It was originally designed to expose
corruption on the net by Neustar and DIRECTI but will include hosts and
other registrars also. If all goes well it will spawn one for elections and
voting and we can stay OT here, where it's always peaceful and never OT.
*cough*

 

[Roland Hall]

in message :
: : > All of our users are setup for roaming profiles. The
: > problem is that users with laptops see the following
: > error whenever they log on to the laptop and are not
: > connected to the network, such as when traveling.
: >
: > The error is: "Windows cannot locate the server copy of
: > your roaming profile and is attempting to log you on with
: > your local profile."
: >
: > How is the being handeled in your organization? Do you
: > not use roaming profiles for latops? Do your users just
: > get used to and click past this error? Is there a way to
: > get rid of the error?
: >
: > Thanks for your help!
: >
: > Ted
:
: This is also the setup in my organisation. Desktops and laptops all setup
: with roaming profiles for the main reason of capturing the data on the
: desktop, etc, etc.
:
: No one actually roams and uses different computers. It is done just for
: backup purposes and its only a recent introduction.
:
: What im getting from this thread is that profiles should not be cached
: locally, is this for desktops permanently connected to the network? im
: thinking laptops that are worked on away from the office frequently qould
: need a locallly cached copy of their profile ..... ?
:
: For us, currently all are locally cached for both desktops and laptops.
All
: laptops receive the information message when not attached to the network
: (Ive seen a comment about being able to reduce the time it displays for to
1
: second which may be useful to you)
:
: We also redirect the my documents to the file server for all systems and
for
: laptops use offline files pointed at the X drive which is their home
: folder..

Laptop users do need to be treated differently and if they didn't have the
cache, they couldn't logon with their domain account when not on the domain.
They would need a local account, which is what I prefer to use. I'm not
sure what the X drive is you're referring to.

Here is another issue that you can run into with roaming profiles. If you
have multiple [redundant] connections on your switches, to keep them from
looping, you need to enable spanning tree. The problem is, when you do not
cache roaming profiles locally [for many reasons mainly for corruption
minimization] you can have a delay which is greater than the timeout for
waiting for a response from the domain to authenticate. The user will
timeout the first time and the second time the message will not present
itself and they'll log in. This requires enabling portfast on your switches
which eliminates the delay. If you do cache the roaming profiles, you do
not experience this issue but then you're more vulnerable to profile
corruption and synchronization issues, not to mention increased latency and
slower network performance.

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
FAQ W2K/2K3 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382

 

[jas0n]

Laptop users do need to be treated differently and if they didn't have the

cache, they couldn't logon with their domain account when not on the domain.
They would need a local account, which is what I prefer to use. I'm not
sure what the X drive is you're referring to.

We use X: as the users home folder share ... we redirect my documents to
it so files are not local on the pc (this was prior to roaming profiles)
and now it keeps the files out of their profile.

For laptop users this X: drive is used to work offline with standard
offline files.

Here is another issue that you can run into with roaming profiles. If you
have multiple [redundant] connections on your switches, to keep them from
looping, you need to enable spanning tree. The problem is, when you do not
cache roaming profiles locally [for many reasons mainly for corruption
minimization] you can have a delay which is greater than the timeout for
waiting for a response from the domain to authenticate. The user will
timeout the first time and the second time the message will not present
itself and they'll log in. This requires enabling portfast on your switches
which eliminates the delay. If you do cache the roaming profiles, you do
not experience this issue but then you're more vulnerable to profile
corruption and synchronization issues, not to mention increased latency and
slower network performance.

So, corruption is likely to occur with us caching the profiles locally -
any particular reasons or just because that part is flaky?

I have seen some odd behavoir on logging on with a laptop with a cached
local profile, it complaining on first attempt that 'The handle is
invalid' but then working fine after that. That has happened a couple of
times.

One thing thats soon going to happen is we are moving to a mandatory
roaming profile where users cant use the desktop for anything and there
will be set icons, etc.

 

[Roland Hall]

in message
:> Laptop users do need to be treated differently and if they didn't have
the
: > cache, they couldn't logon with their domain account when not on the
domain.
: > They would need a local account, which is what I prefer to use. I'm not
: > sure what the X drive is you're referring to.
:
: We use X: as the users home folder share ... we redirect my documents to
: it so files are not local on the pc (this was prior to roaming profiles)
: and now it keeps the files out of their profile.
:
: For laptop users this X: drive is used to work offline with standard
: offline files.
:
: > Here is another issue that you can run into with roaming profiles. If
you
: > have multiple [redundant] connections on your switches, to keep them
from
: > looping, you need to enable spanning tree. The problem is, when you do
not
: > cache roaming profiles locally [for many reasons mainly for corruption
: > minimization] you can have a delay which is greater than the timeout for
: > waiting for a response from the domain to authenticate. The user will
: > timeout the first time and the second time the message will not present
: > itself and they'll log in. This requires enabling portfast on your
switches
: > which eliminates the delay. If you do cache the roaming profiles, you
do
: > not experience this issue but then you're more vulnerable to profile
: > corruption and synchronization issues, not to mention increased latency
and
: > slower network performance.
:
: So, corruption is likely to occur with us caching the profiles locally -
: any particular reasons or just because that part is flaky?
:
: I have seen some odd behavoir on logging on with a laptop with a cached
: local profile, it complaining on first attempt that 'The handle is
: invalid' but then working fine after that. That has happened a couple of
: times.
:
: One thing thats soon going to happen is we are moving to a mandatory
: roaming profile where users cant use the desktop for anything and there
: will be set icons, etc.

What you find out, over time, eventually your job and the user's experience
on the network gets better the more you restrict their customizability of
the desktop. You'll hear both arguments but let's face facts, as an
administrator you try to minimize your vendors and outside support to a
single number, if possible. You purchase the same model for servers,
workstations, peripherals, etc. to minimize support costs and headaches. It
only makes sense to then try to minimize the time it takes to support your
users by having common setups (hardware, software, desktops, etc.).
Allowing a user to add a shortcut is no big deal. Allowing them to load
software or save files locally causes management nightmares, especially
during moves, upgrades, etc. They seem to be able to realize this computer
at their desk does not belong to them. It belongs to the company and to
take an approach of individuality is not productive for the company. There
is no reason someone needs to put pictures of their kids on their desktop,
etc. They can put a picture on their desk which will allow them to view
them even when their desktop [Windows] is covered.

I take a different approach than some administrators. If the user cannot
install software, then they do not need to create shortcuts. All the
shortcuts they need are put on their quick access toolbar which gives them
better access than having them on their desktop. Files can be saved in
their network home directory so they get backed up each night. Personal
files can be saved in their temp directory and are not guaranteed. And,
policies and procedures keeps them under control. They are there to work,
not play and it's not their home computer. I've heard the argument, well,
our users move around a lot so we need roaming profiles. That's just BS. If
all the desktops are the same, there is no reason to have them other than
when certain profiles have to be created for application server processes,
i.e. Outlook. But, why does someone need to move to a different system and
then check their mail?

How to prevent local caching of roaming profiles:
http://www.windowsnetworking.com/kb.../Disable/Disablecachingofroamingprofiles.html
http://www.computing.net/windows2000/wwwboard/forum/59191.html

For mandatory profiles, this might be helpful:
http://techrepublic.com.com/5100-24_11-5239498.html

Something you're already doing but added for others:
http://www.knowledgenet.com/em/kn/ms/2000/news1000/hottip1.html

--
Roland Hall
/* This information is distributed in the hope that it will be useful, but
without any warranty; without even the implied warranty of merchantability
or fitness for a particular purpose. */
Online Support for IT Professionals -
http://support.microsoft.com/servicedesks/technet/default.asp?fr=0&sd=tech
How-to: Windows 2000 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;308201
FAQ W2K/2K3 DNS:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;291382