logon script stopped working
- From: "gregski" <gregski@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Sep 2005 07:58:03 -0700
Single 2k DC
2k & XP Workstations
Hi all,
My network logon script has recently stopped working. It's your typical
batch file that maps a single drive (T:) to a dc share. This was setup
before my tenure here, so it's been running fine for a long time. The user
logon script is set in the Default Domain GPO (user configuration). Users
are placed in various OU's. The OU's have no GPOs linked to them
individually and they do not block policy inheritance.
After logon the batch file can be successfuly run. I can also get the drive
to map by placing the batch file name in the logon script entry of a users
account profile properties.
About a week before this happened, I invoked folder redirection for the
users My Documents and Desktop. This was done in the Default Domain GPO.
These were originally directed to their roaming profile (located on the dc),
but now go to folders in their home drive (located on a member server). I'm
thinking this has slowed down the logon process and the logon script doesn't
run fully as a result. All other parts of the GPO apply ok.
Research & Testing:
Indeed, if a slow network connection is detected, logon scripts are not run.
I have therefore tried: running user logon script synchronously and
disabling user slow network detection.
The batch file is located in the dc netlogon share. I copied it to the
default user logon script folder location for the GPO and have it run from
there.
I tried a new GPO with the user logon script setting. I first linked it to
the domain and then linked it to a test OU.
The problem is user related and not computer related. The logon script
still works for some users, but not others, with both using the same
computer. I can get the script to run for me if I remove myself from a
certain security group. But, this is not consistant, so it's not a group
permissions issue. I can create a test user that is a member of the same
groups as a user that won't run the logon script and the test user will run
the logon script. I'm thinking it's a profile size problem: a profile above
a certain size over a slow logon causes the problem.
I have also tried running the logon script in the GPO computer configuration
without success.
Below are portions of the logon process for both successful and unsuccessful
mappings (taken from userenv.log). They are identical to a point. The
unsuccessful log is 4 times the size of the successful one too. The last
point where they are the same is started with asterisks(**).
No Mapping:
USERENV(27c.280) 08:26:23:413 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(27c.280) 08:26:23:413
=========================================================
USERENV(27c.280) 08:26:23:413 LoadUserProfile: Entering, hToken = <0x1d0>,
lpProfileInfo = 0x6e3e0
USERENV(27c.280) 08:26:23:413 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(27c.280) 08:26:23:413 LoadUserProfile: lpProfileInfo->lpUserName =
<gskawinski>
USERENV(27c.280) 08:26:23:429 LoadUserProfile: lpProfileInfo->lpProfilePath
= <\\spsdc\spsroam\gskawinski>
USERENV(27c.280) 08:26:23:429 LoadUserProfile: lpProfileInfo->lpDefaultPath
= <\\SPSDC\netlogon\Default User>
USERENV(27c.280) 08:26:23:429 LoadUserProfile: NULL server name
USERENV(27c.280) 08:26:23:429 LoadUserProfile: In console winlogon process
USERENV(27c.280) 08:26:23:429 In LoadUserProfileP
USERENV(27c.280) 08:26:23:429
=========================================================
USERENV(27c.280) 08:26:23:429 LoadUserProfile: Entering, hToken = <0x1d0>,
lpProfileInfo = 0x6e3e0
USERENV(27c.280) 08:26:23:429 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(27c.280) 08:26:23:429 LoadUserProfile: lpProfileInfo->lpUserName =
<gskawinski>
USERENV(27c.280) 08:26:23:429 LoadUserProfile: lpProfileInfo->lpProfilePath
= <\\spsdc\spsroam\gskawinski>
USERENV(27c.280) 08:26:23:429 LoadUserProfile: lpProfileInfo->lpDefaultPath
= <\\SPSDC\netlogon\Default User>
USERENV(27c.280) 08:26:23:429 LoadUserProfile: NULL server name
USERENV(27c.280) 08:26:23:429 LoadUserProfile: User sid:
S-1-5-21-1801674531-583907252-725345543-1426
USERENV(27c.280) 08:26:23:429 CSyncManager::EnterLock
<S-1-5-21-1801674531-583907252-725345543-1426>
USERENV(27c.280) 08:26:23:429 CSyncManager::EnterLock: No existing entry found
USERENV(27c.280) 08:26:23:429 CSyncManager::EnterLock: New entry created
USERENV(27c.280) 08:26:23:429 CHashTable::HashAdd:
S-1-5-21-1801674531-583907252-725345543-1426 added in bucket 9
**USERENV(27c.280) 08:26:23:429 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(27c.280) 08:26:23:429 LoadUserProfile: Expanded profile path is
\\spsdc\spsroam\gskawinski
USERENV(27c.280) 08:26:23:429 ParseProfilePath: Entering, lpProfilePath =
<\\spsdc\spsroam\gskawinski>
USERENV(27c.280) 08:26:23:429 CheckXForestLogon: checking x-forest logon,
user handle = 464
USERENV(27c.280) 08:26:23:429 CheckXForestLogon: not XForest logon.
USERENV(27c.280) 08:26:23:460 AbleToBypassCSC: Try to bypass CSC
USERENV(27c.280) 08:26:23:460 AbleToBypassCSC: tried
NPAddConnection3ForCSCAgent. Error 2109
USERENV(27c.280) 08:26:23:460 AbleToBypassCSC: Share \\spsdc\spsroam mapped
to drive E. Returned Path E:\gskawinski
USERENV(27c.280) 08:26:23:460 ParseProfilePath: CSC bypassed. Profile path
E:\gskawinski
USERENV(27c.280) 08:26:23:460 ParseProfilePath: Tick Count = 0
USERENV(27c.280) 08:26:23:460 PingComputer: Adapter speed 100000000 bps
USERENV(27c.280) 08:26:23:460 PingComputer: First time: 0
USERENV(27c.280) 08:26:23:460 PingComputer: Fast link. Exiting.
USERENV(27c.280) 08:26:23:460 ParseProfilePath: GetFileAttributes found
something with attributes <0x30>
USERENV(27c.280) 08:26:23:460 ParseProfilePath: Found a directory
USERENV(27c.280) 08:26:23:476 LoadUserProfile: ParseProfilePath returned a
directory of <E:\gskawinski>
USERENV(27c.280) 08:26:23:476 RestoreUserProfile: Entering
USERENV(27c.280) 08:26:23:476 RestoreUserProfile: User is a Admin
USERENV(27c.280) 08:26:23:476 IsCentralProfileReachable: Entering
USERENV(27c.280) 08:26:23:476 CheckRoamingShareOwnership: checking ownership
for E:\gskawinski
USERENV(27c.280) 08:26:23:476 CheckRoamingShareOwnership: owner is admin
USERENV(27c.280) 08:26:23:476 IsCentralProfileReachable: Testing
<E:\gskawinski\ntuser.man>
USERENV(27c.280) 08:26:23:476 IsCentralProfileReachable: Profile is not
reachable, error = 2
USERENV(27c.280) 08:26:23:476 IsCentralProfileReachable: Testing
<E:\gskawinski\ntuser.dat>
USERENV(27c.280) 08:26:23:476 IsCentralProfileReachable: Found a user
profile.
USERENV(27c.280) 08:26:23:476 RestoreUserProfile: Central Profile is
reachable
USERENV(27c.280) 08:26:23:476 RestoreUserProfile: Central Profile is roaming
Mapping Successful:
USERENV(27c.280) 08:33:52:433 LoadUserProfile: Yes, we can impersonate the
user. Running as self
USERENV(27c.280) 08:33:52:433
=========================================================
USERENV(27c.280) 08:33:52:433 LoadUserProfile: Entering, hToken = <0x7e8>,
lpProfileInfo = 0x6e3e0
USERENV(27c.280) 08:33:52:433 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(27c.280) 08:33:52:433 LoadUserProfile: lpProfileInfo->lpUserName =
<gskawinski>
USERENV(27c.280) 08:33:52:448 LoadUserProfile: lpProfileInfo->lpProfilePath
= <\\spsdc\spsroam\gskawinski>
USERENV(27c.280) 08:33:52:448 LoadUserProfile: lpProfileInfo->lpDefaultPath
= <\\SPSDC\netlogon\Default User>
USERENV(27c.280) 08:33:52:448 LoadUserProfile: NULL server name
USERENV(27c.280) 08:33:52:448 LoadUserProfile: In console winlogon process
USERENV(27c.280) 08:33:52:448 In LoadUserProfileP
USERENV(27c.280) 08:33:52:448
=========================================================
USERENV(27c.280) 08:33:52:448 LoadUserProfile: Entering, hToken = <0x7e8>,
lpProfileInfo = 0x6e3e0
USERENV(27c.280) 08:33:52:448 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(27c.280) 08:33:52:448 LoadUserProfile: lpProfileInfo->lpUserName =
<gskawinski>
USERENV(27c.280) 08:33:52:448 LoadUserProfile: lpProfileInfo->lpProfilePath
= <\\spsdc\spsroam\gskawinski>
USERENV(27c.280) 08:33:52:448 LoadUserProfile: lpProfileInfo->lpDefaultPath
= <\\SPSDC\netlogon\Default User>
USERENV(27c.280) 08:33:52:448 LoadUserProfile: NULL server name
USERENV(27c.280) 08:33:52:448 LoadUserProfile: User sid:
S-1-5-21-1801674531-583907252-725345543-1426
USERENV(27c.280) 08:33:52:448 CSyncManager::EnterLock
<S-1-5-21-1801674531-583907252-725345543-1426>
USERENV(27c.280) 08:33:52:448 CSyncManager::EnterLock: No existing entry found
USERENV(27c.280) 08:33:52:448 CSyncManager::EnterLock: New entry created
USERENV(27c.280) 08:33:52:448 CHashTable::HashAdd:
S-1-5-21-1801674531-583907252-725345543-1426 added in bucket 9
**USERENV(27c.280) 08:33:52:448 LoadUserProfile: Wait succeeded. In critical
section.
USERENV(27c.280) 08:33:52:448 TestIfUserProfileLoaded: Profile already
loaded.
USERENV(27c.280) 08:33:52:573 MyRegLoadKey: Returning 00000000
USERENV(27c.280) 08:33:52:573 CreateClassHive: existing user classes hive
found
USERENV(27c.280) 08:33:52:573 Profile was loaded but the Ref Count is 1 !!!
USERENV(27c.280) 08:33:52:573 LoadUserProfile: Leaving critical Section.
USERENV(27c.280) 08:33:52:573 CSyncManager::LeaveLock
<S-1-5-21-1801674531-583907252-725345543-1426>
USERENV(27c.280) 08:33:52:573 CSyncManager::LeaveLock: Lock released
USERENV(27c.280) 08:33:52:573 CHashTable::HashDelete:
S-1-5-21-1801674531-583907252-725345543-1426 deleted
USERENV(27c.280) 08:33:52:573 CSyncManager::LeaveLock: Lock deleted
USERENV(27c.280) 08:33:52:573 LoadUserProfile: Impersonated user: 000007e8,
00000000
USERENV(27c.280) 08:33:52:573 LoadUserProfile: Reverted to user: 00000000
USERENV(27c.280) 08:33:52:573 LoadUserProfile: Leaving with a value of 1.
USERENV(27c.280) 08:33:52:573
=========================================================
USERENV(27c.280) 08:33:52:573 LoadUserProfile: LoadUserProfileP succeeded
USERENV(27c.280) 08:33:52:573 LoadUserProfile: Returning success. Final
Information follows:
USERENV(27c.280) 08:33:52:573 lpProfileInfo->UserName = <gskawinski>
USERENV(27c.280) 08:33:52:573 lpProfileInfo->lpProfilePath =
<\\spsdc\spsroam\gskawinski>
USERENV(27c.280) 08:33:52:573 lpProfileInfo->dwFlags = 0x0
USERENV(27c.280) 08:33:52:573 LoadUserProfile: Returning TRUE. hProfile =
<0x98>
USERENV(27c.280) 08:33:52:964 IsSyncForegroundPolicyRefresh: Synchronous,
Reason: policy set to SYNC
USERENV(27c.7a0) 08:33:52:964 IsSyncForegroundPolicyRefresh: Synchronous,
Reason: policy set to SYNC
USERENV(27c.7a0) 08:33:53:448 ApplyGroupPolicy: Entering. Flags = 6
USERENV(27c.7a0) 08:33:53:448 ProcessGPOs:
USERENV(27c.7a0) 08:33:53:448 ProcessGPOs:
USERENV(27c.7a0) 08:33:53:448 ProcessGPOs: Starting user Group Policy
(Background) processing...
USERENV(27c.7a0) 08:33:53:448 ProcessGPOs:
USERENV(27c.7a0) 08:33:53:448 ProcessGPOs:
USERENV(27c.7a0) 08:33:53:448 EnterCriticalPolicySectionEx: Entering with
timeout 600000 and flags 0x0
USERENV(27c.7a0) 08:33:53:448 EnterCriticalPolicySectionEx: User critical
section has been claimed. Handle = 0x914
USERENV(27c.7a0) 08:33:53:448 EnterCriticalPolicySectionEx: Leaving
successfully.
USERENV(27c.7a0) 08:33:53:448 ProcessGPOs: Machine role is 2.
USERENV(27c.7a0) 08:33:53:448 PingComputer: Adapter speed 100000000 bps
USERENV(27c.7a0) 08:33:53:448 PingComputer: First time: 0
USERENV(27c.7a0) 08:33:53:448 PingComputer: Fast link. Exiting.
Thanks for all the help!
.
- Prev by Date: Re: Better Group Policy Management
- Next by Date: Re: Computer Configuration/User Configuration cross-usage
- Previous by thread: Re: group policy and roaming profiles
- Next by thread: Re: GPO listing.
- Index(es):
Relevant Pages
|
