Re: Roaming man profile, 2000 server and xp pro clients

From: Chris Hall (ChrisHall_at_discussions.microsoft.com)
Date: 11/27/04 

Date: Sat, 27 Nov 2004 07:35:03 -0800

Thanks Steve,
Well its a few days later and there seems to be a consistent new behavior
poking it's shadowy head up. The error message "Windows cannot locate the
mandatory roaming profile." seems to have disappearred and in its place is a
message "The system cannot log you on now because the domain HQ is not
available". Once the password has been entered 3 times OR you wait a few
minutes it will allow you to login.

"Steve Duff [MVP]" wrote:

> The most frequent cause of this is a computer with a network adapter
> driver that doesn't ready up or get an IP before the login screen appears.
>
> This has become quite common in my experience with newer gigabit
> Ethernet adapters or WPA Wi-Fi adapters and especially under
> Windows XP which has an accelerated boot sequence.
>
> You can usually detect if this is happening if you look at the sequence of
> events logged at power-up in the workstation system event log.
>
> One hard solution would be to disable cached credentials
> on the workstation. This prevents users from logging in unless the
> network connection is active at the time, and a functioning DC
> can be located. When cached credentials are disabled and a DC
> cannnot be found to authenticate, you can't get past the login screen.
>
> You can also try to fix this by installing dependencies in the services,
> or updating network drivers, etc. Network chipset and wi-fi driver
> developers have not done what they should to address this though,
> and it can sometimes be quite maddening to nail down a solution
> if this is your cause. With 300 users, asking them to wait a little
> before logging on is not - in my view - a very workable option.
>
> Also, note that you want to be VERY sure you have functioning
> admin accounts with known passwords on the workstations if you
> do elect to disable cached credentials through a registry hack or
> policy. If you don't you can easily end up with a workstation that
> cannot be logged into at all.
>
> Steve Duff, MCSE, MVP
> Ergodic Systems, Inc.
>
> "Chris Hall" <ChrisHall@discussions.microsoft.com> wrote in message news:8A2532F3-652D-484E-A016-91D6551635CE@microsoft.com...
> > We have around 300 clients logging into a domain with one of 12 accounts. All
> > profiles are mandatory roaming profiles located on one of 12 win 2000
> > servers, each at the physical location with the clients on 100 MB switched
> > networks. The entire network is within a 30 mile diameter connected by
> > separate T1s. We monitor the physical connections and bandwidth usage and
> > there is very low bandwidth consumption. The win 2000 AD master is here at my
> > physical location.
> >
> > When a client system cant login I can terminal services to it and login to
> > the admin account, so I know it is not a physical hardware issue.
> > I have read thru a few walkthroughs and on how to set these profiles up, but
> > not one on how to deal with this problem on an existing network.
> >
> > We continue to get an error message: Windows cannot locate the mandatory
> > roaming profile.
> > It used to load a temp desktop when it failed to get its profile, but that
> > allowed users to get past the security settings of the account so we renamed
> > all the profile folders on the 12 servers to .man. Then they just couldnt
> > login without sometimes rebooting 3-5 times or calling us to remote into them
> > and delete the cached profile folder, release the IP and reboot the computer.
> > We made sure all parent folders have read permission for the everyone
> > group--this solved 50% of the problem, but it still happens daily on many of
> > the computers.
> >
> > Any more ideas?
>
>
>

Relevant Pages

  • Re: Windows cannot log you on because your profile cannot be loade
    ... this user can login to any other computers. ... we do not have roaming profile so what's the load? ... How to Setup Windows, Network, VPN & Remote Access on ... The only error is when a domain user tries to login to the ...
    (microsoft.public.windowsxp.network_web)
  • Re: Roaming Profile still tries to load off network
    ... unplugging the network cable fixes it. ... This is why you see events that the computer can't find the domain controller in the event logs even before you logon to the computer when you are off the domain. ... This is also how the computer knows to used the cached credentials and does so very quickly istead of sitting at the logon prompt for about a minute after you enter your password. ... Now since the computer already knows that I am off the domain because it already failed a check for itself and fell back to using cached credentials it should used the local copy of the profile without trying to get it from the server. ...
    (microsoft.public.windowsxp.general)
  • Re: Unable to connect to domain when network disconnected
    ... To use the cached credentials on the workstation without the domain, the user have to login ONCE to the domain with his user account and password. ... huge installation of Active Directory to the clients. ... unplug from the network and when they trying ...
    (microsoft.public.win2000.active_directory)
  • Re: Administrator Profile corruption
    ... Make sure that network cable and devices are plugged in and functioning ... I'm on administrator.clc.006 it just creates a new profile everytime login. ... Also under GPO Policy Events I'm getting EVENTID 1097 ' Windows cannot find ...
    (microsoft.public.windows.server.sbs)
  • Re: Cached Credentials
    ... The cached credentials for my domain admin account still worked ... network, and it logged in fine for his domain acct.. ... able to login with no direct contact with the DC.. ... How can I set this up, I am trying to avoid him logging in locally. ...
    (microsoft.public.windows.server.active_directory)