Re: Roaming man profile, 2000 server and xp pro clients

From: Chris Hall (ChrisHall_at_discussions.microsoft.com)
Date: 11/27/04

• Next message: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• Previous message: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• In reply to: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• Next in thread: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• Reply: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• Messages sorted by: [ date ] [ thread ]

Date: Sat, 27 Nov 2004 07:47:01 -0800

<Chuckle> It is worth mentioning that what I did on 11/22/04 after receiving
your advice was to change the domain policy "Number of previous logons to
cache from 10 to 0".

"Chris Hall" wrote:

> Thanks Steve,
> Well its a few days later and there seems to be a consistent new behavior
> poking it's shadowy head up. The error message "Windows cannot locate the
> mandatory roaming profile." seems to have disappearred and in its place is a
> message "The system cannot log you on now because the domain HQ is not
> available". Once the password has been entered 3 times OR you wait a few
> minutes it will allow you to login.
>
>
> "Steve Duff [MVP]" wrote:
>
> > The most frequent cause of this is a computer with a network adapter
> > driver that doesn't ready up or get an IP before the login screen appears.
> >
> > This has become quite common in my experience with newer gigabit
> > Ethernet adapters or WPA Wi-Fi adapters and especially under
> > Windows XP which has an accelerated boot sequence.
> >
> > You can usually detect if this is happening if you look at the sequence of
> > events logged at power-up in the workstation system event log.
> >
> > One hard solution would be to disable cached credentials
> > on the workstation. This prevents users from logging in unless the
> > network connection is active at the time, and a functioning DC
> > can be located. When cached credentials are disabled and a DC
> > cannnot be found to authenticate, you can't get past the login screen.
> >
> > You can also try to fix this by installing dependencies in the services,
> > or updating network drivers, etc. Network chipset and wi-fi driver
> > developers have not done what they should to address this though,
> > and it can sometimes be quite maddening to nail down a solution
> > if this is your cause. With 300 users, asking them to wait a little
> > before logging on is not - in my view - a very workable option.
> >
> > Also, note that you want to be VERY sure you have functioning
> > admin accounts with known passwords on the workstations if you
> > do elect to disable cached credentials through a registry hack or
> > policy. If you don't you can easily end up with a workstation that
> > cannot be logged into at all.
> >
> > Steve Duff, MCSE, MVP
> > Ergodic Systems, Inc.
> >
> > "Chris Hall" <ChrisHall@discussions.microsoft.com> wrote in message news:8A2532F3-652D-484E-A016-91D6551635CE@microsoft.com...
> > > We have around 300 clients logging into a domain with one of 12 accounts. All
> > > profiles are mandatory roaming profiles located on one of 12 win 2000
> > > servers, each at the physical location with the clients on 100 MB switched
> > > networks. The entire network is within a 30 mile diameter connected by
> > > separate T1s. We monitor the physical connections and bandwidth usage and
> > > there is very low bandwidth consumption. The win 2000 AD master is here at my
> > > physical location.
> > >
> > > When a client system cant login I can terminal services to it and login to
> > > the admin account, so I know it is not a physical hardware issue.
> > > I have read thru a few walkthroughs and on how to set these profiles up, but
> > > not one on how to deal with this problem on an existing network.
> > >
> > > We continue to get an error message: Windows cannot locate the mandatory
> > > roaming profile.
> > > It used to load a temp desktop when it failed to get its profile, but that
> > > allowed users to get past the security settings of the account so we renamed
> > > all the profile folders on the 12 servers to .man. Then they just couldnt
> > > login without sometimes rebooting 3-5 times or calling us to remote into them
> > > and delete the cached profile folder, release the IP and reboot the computer.
> > > We made sure all parent folders have read permission for the everyone
> > > group--this solved 50% of the problem, but it still happens daily on many of
> > > the computers.
> > >
> > > Any more ideas?
> >
> >
> >

• Next message: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• Previous message: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• In reply to: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• Next in thread: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• Reply: Chris Hall: "Re: Roaming man profile, 2000 server and xp pro clients"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint