Re: sbs roaming profile not loading on local client

Hello Thomas,

Thank you for your reply.

After checking the latest log files, I found the errors are almost the same
as before.

In order to keep track of the troubleshooting, I would like to confirm if
all the steps in my last reply have been performed.

If not, please take some time with them and let me know the result.

In addition, I understand that you have a concern to the workaround.

I would like to confirm if you could use an Administrator account to log on
the server.

If yes, we can try following steps to change the ownership.

1. Log on the server as an administrator.
2. Copy the important files from problematic accounts' profile folder to
another folder.
3. Select all the files, right click them and click properties page.
4. Then, in the security tab, please click Advanced button.
5. In the Owner tab, please change the owner to Administrators and select
the option of "Replace owner on sub-containers and objects"
6. Recreate the problematic accounts.
7. Copy the files to the newly created accounts' profile folder.
8. Repeat step 3 to step 5 to change the owner to the newly created account.

In addition, there is a tool with name subinacl.exe from resource kit could
help you do some work like this. Below information is for your reference,
however, please understand that the usage of the resource kit tools is not
supported in the private newsgroup and you may post to the public newsgroup
for more information about it.

SubInACL (SubInACL.exe)
http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-
93cf-ed6985e3927b&displaylang=en

SubInACL is a command-line tool that enables administrators to obtain
security information about files, registry keys, and services, and transfer
this information from user to user, from local or global group to group,
and from domain to domain. For example, if a user has moved from one domain
(DomainA) to another (DomainB), the administrator can replace DomainA\User
with DomainB\User in the security information for the user's files. This
gives the user access to the same files from the new domain.

SubInACL enables administrators to do the following:

" Display security information associated with files, registry keys,
or services. This information includes owner, group, permission access
control list (ACL), discretionary ACL (DACL), and system ACL (SACL).
" Change the owner of an object.
" Replace the security information for one identifier (account,
group, well-known security identifier (SID)) with that of another
identifier.
" Migrate security information about objects. This is useful if you
have reorganized a network's domains and need to migrate the security
information for files from one domain to another.

If you have any concern, please feel free to let me know.

Best regards,

Manfred Zhuang(MSFT)
Microsoft Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| X-Tomcat-ID: 140761387
| References: <1186767976.845099.66210@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
<1187834397.131970.44860@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain
| Content-Transfer-Encoding: 7bit
| From: v-mzhuan@xxxxxxxxxxxxxxxxxxxx (Manfred Zhuang [MSFT])
| Organization: Microsoft
| Date: Thu, 23 Aug 2007 12:03:09 GMT
| Subject: Re: sbs roaming profile not loading on local client
| X-Tomcat-NG: microsoft.public.windows.server.sbs
| Message-ID: <kxAWT2X5HHA.360@xxxxxxxxxxxxxxxxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Lines: 297
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:58445
| NNTP-Posting-Host: TOMCATIMPORT1 10.201.218.122
|
| Hello Thomas,
|
| Thank you for your detailed information and the log files.
|
| After checking them, I found the user failed to get GUID.
|
| To narrow down the cause, I suggest you try following steps:
|
| Suggestion 1:
| ==========
| Please refer to following KB article to force Kerberos to use TCP:
|
| How to force Kerberos to use TCP instead of UDP in Windows Server 2003,
in
| Windows XP, and in Windows 2000
| http://support.microsoft.com/kb/244474
|
| Suggestion 2: Change MTU
| ==========
| This issue can also occur if the MTU (Maximum Transfer Unit) is set too
| high.
|
| Let's modify it to have a check:
|
| NOTE: Please do this on both the server and the client workstation.
|
| To change the MTU (Maximum Transmission Unit) setting:
|
| 1. Start Registry Editor (regedit.exe).
| 2. Browse to the following registry key and you will find several
sub-keys
| under it:
|
|
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interf
| aces
|
| 3. Highlight the sub-key one by one till you find the value of
"IPAddress"
| is the one of the network adapter which connects to your LAN.
| 4. Highlight the sub-key we just found, please check if there is a value
| whose name is "MTU" (without the quotes). If you can find it, please
right
| click it and choose Delete.
| 5. Right click the blank area of the right window pane and choose
| New->DWORD Value.
| 6. Type "MTU" (without the quotes) as the value name and click OK.
| 7. Right click MTU and choose Modify, please test following value one by
| one to see if it works:
|
| 1500
| 1492
| 1400
| 1200
|
| Please restart the computer after each change to check the issue.
|
| Suggestion 3: Run change user permission wizard for the problematic user
| account
| ==================
| 1. Open Server Management
| 2. Click Users in the left pane.
| 3. Click Change User Permissions in the right pane
| 4. Click Next.
| 5. Select Administrator template, ensure Replace any permissions granted
to
| the users is selected. Then click Next
| 6. Move the problematic user account to the right.
| 7. Click Next, then click Finish.
|
| After that, please check if the issue persists. If it does not work, the
| issue can be caused by corrupted user accounts. Please check if following
| workaround can address your concern:
|
| Workaround:
| =============
| I noticed that the newly created user account works properly. If you do
not
| have special concern, I suggest you backup the important files for the
| problematic user accounts, then delete and recreate the accounts. After
| that, restore the files to the new accounts.
|
| Please try the above steps at your earliest convenience. If you have any
| concern, please feel free to let me know.
|
| Best regards,
|
| Manfred Zhuang(MSFT)
| Microsoft Online Newsgroup Support
|
| Get Secure! - www.microsoft.com/security
|
| =====================================================
| This newsgroup only focuses on SBS technical issues. If you have issues
| regarding other Microsoft products, you'd better post in the
corresponding
| newsgroups so that they can be resolved in an efficient and timely
manner.
| You can locate the newsgroup here:
| http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
|
| When opening a new thread via the web interface, we recommend you check
the
| "Notify me of replies" box to receive e-mail notifications when there are
| any updates in your thread. When responding to posts via your newsreader,
| please "Reply to Group" so that others may learn and benefit from your
| issue.
|
| Microsoft engineers can only focus on one issue per thread. Although we
| provide other information for your reference, we recommend you post
| different incidents in different threads to keep the thread clean. In
doing
| so, it will ensure your issues are resolved in a timely manner.
|
| For urgent issues, you may want to contact Microsoft CSS directly. Please
| check http://support.microsoft.com for regional support phone numbers.
|
| Any input or comments in this thread are highly appreciated.
| =====================================================
|
| This posting is provided "AS IS" with no warranties, and confers no
rights.
| --------------------
| | From: ThomCarrIII@xxxxxxxxx
| | Newsgroups: microsoft.public.windows.server.sbs
| | Subject: Re: sbs roaming profile not loading on local client
| | Date: Wed, 22 Aug 2007 18:59:57 -0700
| | Organization: http://groups.google.com
| | Lines: 167
| | Message-ID: <1187834397.131970.44860@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
| | References: <1186767976.845099.66210@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
| | <X$v8IxZ3HHA.2340@xxxxxxxxxxxxxxxxxxxxxx>
| | NNTP-Posting-Host: 12.77.37.49
| | Mime-Version: 1.0
| | Content-Type: text/plain; charset="us-ascii"
| | Content-Transfer-Encoding: quoted-printable
| | X-Trace: posting.google.com 1187834397 2730 127.0.0.1 (23 Aug 2007
| 01:59:57 GMT)
| | X-Complaints-To: groups-abuse@xxxxxxxxxx
| | NNTP-Posting-Date: Thu, 23 Aug 2007 01:59:57 +0000 (UTC)
| | In-Reply-To: <X$v8IxZ3HHA.2340@xxxxxxxxxxxxxxxxxxxxxx>
| | User-Agent: G2/1.0
| | X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
AT&T
| CSM8.2; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET
CLR
| 3.0.04506.30),gzip(gfe),gzip(gfe)
| | Complaints-To: groups-abuse@xxxxxxxxxx
| | Injection-Info: q3g2000prf.googlegroups.com; posting-host=12.77.37.49;
| | posting-account=ps2QrAMAAAA6_jCuRt2JEIpn5Otqf_w0
| | Bytes: 8204
| | X-Original-Bytes: 8161
| | Path:
|
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!newsfeed0
|
0.sul.t-online.de!t-online.de!border2.nntp.dca.giganews.com!border1.nntp.dca
|
giganews.com!nntp.giganews.com!postnews.google.com!q3g2000prf.googlegroups.
| com!not-for-mail
| | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:58383
| | X-Tomcat-NG: microsoft.public.windows.server.sbs
| |
| | Manfred, I emailed you the files you requested.
| | On Aug 13, 7:22 am, v-mzh...@xxxxxxxxxxxxxxxxxxxx (Manfred Zhuang
| | [MSFT]) wrote:
| | > Hello Customer,
| | >
| | > Thank you for posting here.
| | >
| | > From your post, I understand that after updating the Group Policies,
| | > roamingprofiledoesnotwork on a XP client, but it works when using TS
| | > via RWW. If I have misunderstood your concern, please feel free to
| correct
| | > me.
| | >
| | > This issue can be caused by several factors. I suggest you try
following
| | > steps to narrow down the cause:
| | >
| | > 1. Logon to client computer by local administrator account. Remove the
| | > roamingprofilethat saved in local computer's C:\Documents and Settings
| | > folder.
| | > 2. Copy the RoamingProfileon the Server share for backup purpose if
| there
| | > are important files. Then delete it.
| | > 3. Logon to client computer with affected user account and check how
it
| | > goes.
| | >
| | > If the issue still exists, let's do the following and collect some
| | > information:
| | >
| | > 1. If the user logon on other computers, does the RoamingProfilework?
If
| | > other users logon on the problematic computer, what is the result?
| | >
| | > 2. Please let me know what changes were made when updating the Group
| Policy
| | > last time.
| | >
| | > 3. User env log
| | > ==================
| | > a. On an affected client computer, use Registry Editor to add the
| following
| | > registry value (or modify it, if the value already exists):
| | > Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
| | > NT\CurrentVersion\Winlogon
| | > Value: UserEnvDebugLevel
| | > Value Type: REG_DWORD
| | > Value Data: 10002 (Hexadecimal)
| | >
| | > b. Restart the client computer.
| | > c. Logon to domain to reproduce the issue.
| | > d. Logon to client computer with local administrator account, email
me
| the
| | > C:\Windowds\Debug\UserMode\Userenv.log file. Please let me know the
| domain
| | > account name and the local user account name in this step.
| | >
| | > 4. GP result
| | > ========
| | > Reproduce the issue, type the following command in command prompt,
and
| then
| | > press ENTER:
| | > "gpresult -Z > C:\gpresult_z.txt" (without the quotation marks)
| | >
| | > This creates a list of the implemented policies on the machine in the
| | > following text file: C:\gpresult_z.txt. Please send this file to me.
| | >
| | > 5. MPS reports:
| | > ==========
| | > a. Download the Network Edition of MPS_Report tool
|
fromhttp://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-...
| | > 15706/MPSRPT_NETWORK.EXE, run it on the XP client computer. Email me
the
| | > %COMPUTERNAME%_MPSReports_.CAB file which is under the
| | > %systemroot%\MPSReports\network\bin\cab directory.
| | >
| | > b. Download the Directory Edition of MPS_Report
|
toolhttp://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-...
| | > 15706/MPSRPT_DirSvc.EXE. Run it on the SBS Server. Email me the
| | > %COMPUTERNAME%_MPSReports_.CAB file which is under the
| | > %systemroot%\MPSReports\DirSvc\Logs\Cab directory
| | >
| | > Please send the log files to me at v-mzh...@xxxxxxxxxxxxx
| | >
| | > I appreciate your time and cooperation. If anything is unclear,
please
| feel
| | > free to let me know. I am looking forward to hearing from you.
| | >
| | > Best regards,
| | >
| | > Manfred Zhuang(MSFT)
| | > Microsoft Online Newsgroup Support
| | >
| | > Get Secure! -www.microsoft.com/security
| | >
| | > =====================================================
| | > This newsgroup only focuses on SBS technical issues. If you have
issues
| | > regarding other Microsoft products, you'd better post in the
| corresponding
| | > newsgroups so that they can be resolved in an efficient and timely
| manner.
| | > You can locate the newsgroup
| here:http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
| | >
| | > When opening a new thread via the web interface, we recommend you
check
| the
| | > "Notify me of replies" box to receive e-mail notifications when there
| are
| | > any updates in your thread. When responding to posts via your
| newsreader,
| | > please "Reply to Group" so that others may learn and benefit from your
| | > issue.
| | >
| | > Microsoft engineers can only focus on one issue per thread. Although
we
| | > provide other information for your reference, we recommend you post
| | > different incidents in different threads to keep the thread clean. In
| doing
| | > so, it will ensure your issues are resolved in a timely manner.
| | >
| | > For urgent issues, you may want to contact Microsoft CSS directly.
| Please
| | > checkhttp://support.microsoft.comfor regional support phone numbers.
| | >
| | > Any input or comments in this thread are highly appreciated.
| | > =====================================================
| | >
| | > This posting is provided "AS IS" with no warranties, and confers no
| rights.
| | > --------------------
| | > | From: ThomCarr...@xxxxxxxxx
| | > | Newsgroups: microsoft.public.windows.server.sbs
| | > | Subject: sbs roamingprofilenotloadingon local client
| | > | Date: Fri, 10 Aug 2007 10:46:16 -0700
| | > | Organization:http://groups.google.com
| | > | Lines: 10
| | > | Message-ID: <1186767976.845099.66...@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
| | > | NNTP-Posting-Host: 151.196.120.240
| | > | Mime-Version: 1.0
| | > | Content-Type: text/plain; charset="iso-8859-1"
| | > | X-Trace: posting.google.com 1186767977 24526 127.0.0.1 (10 Aug 2007
| | > 17:46:17 GMT)
| | > | X-Complaints-To: groups-ab...@xxxxxxxxxx
| | > | NNTP-Posting-Date: Fri, 10 Aug 2007 17:46:17 +0000 (UTC)
| | > | User-Agent: G2/1.0
| | > | X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
5.1;
| .NET
| | > CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
| | > 3.0.04506.30),gzip(gfe),gzip(gfe)
| | > | Complaints-To: groups-ab...@xxxxxxxxxx
| | > | Injection-Info: e9g2000prf.googlegroups.com;
| posting-host=151.196.120.240;
| | > | posting-account=ps2QrAMAAAA6_jCuRt2JEIpn5Otqf_w0
| | > | Path:
| | >
|
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS01.phx.gbl!news-out­
|

.