DrCheese (4th October 2010)
We are experiencing a real weird issue around the entire site and from what we can see, it is totally intermittent.
Symptom of Issue
Students log onto workstations around the school, on different types of machines all with the same Windows 7 Enterprise image. The ideal logon would be to have a redirected start menu, desktop and documents which are all located on our file server.
Most of the time students logon with no issue but randomly we get some users who may not receive one of the three or possible none. We have been able to identify that the issue does not relate to a particular user, workstation etc. The reason that this is weird, is that the same user can move location to another PC in the room and the logon works. Other users may then go to the faulty machine and use it with no issues with redirection.
Event viewer logs show the redirection has access denied and yet permissions are set correctly as we set them via a group.
After some testing we have managed to replicate the issue by logging onto a machine as a student and then just as you get past the welcome message, pull out the network cable.
Upon doing the above, the test student will experience the issues stated. We have then tried restarting the PC on numerous times and yet the student still recieves no redirection of any kind even after removing the local profile.
Another interesting issue we have seen is that when the student recieves this problem, we have tried accessing the File Server and shares for desktop through explorer but recieve access denied!!
We are now at the end of our tether and staff/students are getting really frustrated as we have no fix for them when the issue occurs other thatn to move pc.
We are now thinking its image related??
Windows 7 Enterprise workstations using same sysprep image
Windows Server 2008 R2 Servers over Hyper V
Blades on 172 address range with VLANs
Workstations on 192 address range so not to affect CCTV and VOIP.
Core switch has Helper address for two networks
DrCheese (4th October 2010)
I've had something similar this week, do you have the following Group Policy enabled:
Computer Configuration - Administrative Templates - System - User Profiles - Prevent Roaming Profile changes from propagating to the server
This was producing similar behaviour for us, with folder redirection intermittantly failing with Access Denied.
On the original issue, did you wipe the registry setting under:
HKLM - Software - Microsoft - Windows NT - CurrentVersion - ProfileList
If you wipe those, and then get the student to login, it might fix the folder redirection issue...
But we have the same issue here, and its certainly worse with laptops, especially if you're share is \\Server\2006\StudentMyDocs for example. One thing that I'm trying is changing all the student my Docs folders into hidden shares (There's a script that will do it automatically I found somewhere!) and then changing the student redirection to be their home directory, and then changing (on bulk) all the student AD properties so that their home directory points to \\server\%USERNAME%$ This has definately cured the laptop issue, but remains to be seen as to whether it will cure the random dropping of student my documents.
Also, Winner, did you have that GPO setting enable or disabled, and did it cure, or cause the problem? I'm feeling a bit dense, so I might not have caught your meaning!
As a final note, would anyone have a script that will check as soon as the student is logged on that the My Documents has redirected properly? The worst thing is that a student logs onto, does some work, but then can't save it because his My Documents hasn't redirected. I was thinking the script would try to write something to the Z: drive (or whatever drive their My Docs is stored on), and then scan to see if it can see the file, if it can see it, then do nothing, but if not, then raise an error message to the effect of "Your My Documents are not available, please reboot the machine and login again. If this is the second time you've seen this message, please inform your teacher/ICT support"
In our district we found this issue to be caused by the Temporary Profile issue. We resolved this by setting our Computer's, Computer Configuration Group Policy with the following Enabled:
Computer Configuration - Administrative Templates - System - User Profiles - Do not log users on with temporary profiles
These are the Group Policy settings we use which resolved the issue for us. This allows staff to logon to a machine with their roaming profiles (AppData, Docs etc. redirected), and students to logon with mandatory profiles:
Computer Configuration - Policies - Administrative Templates - System - User Profiles
Add the Administrators security group to roaming user profiles - Enabled
Delete cached copies of roaming profiles - Enabled
Delete user profiles older than a specified number of days on system restart - Enabled
Delete user profiles older than (days) - 1
Do not check for user ownership of Roaming Profile Folders - Enabled
Do not log users on with temporary profiles - Enabled
Prevent Roaming Profile changes from propagating to the server - Disabled
Set maximum wait time for the network if a user has a roaming user profile or remote home directory - Enabled
Wait for network for maximum (seconds) - 60
Wait for remote user profile - Enabled
I love you guys, this was driving me crazy! I'd randomly get a student who's folders wouldn't redirect with "access denied" errors. Even accessing the share direct would cause the error. Move them to another computer and it was fine.
The eventlog was full of "unable to create folder blah" and gave the target of the redirected folder.
I was only able to fix it on a machine by deleting the users local profile and flushing the local offline files cache, but this didn't fix the root cause of the problem, hopefully this will.
also just to check you're not redirecting to a mapped drive?
Darn it, I still get this error >.<
Our redirected desktops/startmenus are stored on a DFS share i.e \\school\dfs$
Students are redirected to this using \\school\dfs$\desktopsandstartmenus\KS3
When this error occurs, students when logged on can no longer access \\school\dfs$ - They straight away get an "access denied" Also, If I log onto the machine I also get an access denied when attempting to access the share.
However, accessing it via \\school.full.dns.name\dfs$ lets me on fine! - Whist I could change the student redirection to use the full DNS name, I'm fairly sure that will just move the error
It appears that windows 7 loves to sync redirected folders into the offline files, regardless of what you may have set in policy. This is so that it can index the redirected folder and allow users to search the startmenu. For some reason, it's then not allowing users to access the offline version and the only way to clear the error is flush the CSC database by creating a DWORD entry called "FormatDatabase" and setting the entry to "1" in
If you attempt to view the offline folder via the sync centre and click through to \\school\dfs$ you are given an access denied.
I have absolutely no idea what sets this error off and it's driving me insane!
For the moment, I've just murdered the Offline files service via policy. This breaks the startmenu search, but it's better than no startmenu!
tommej (8th October 2010)
ok, worked out why it does it now, just not how to fix it.
User 1 - Logs on, Windows syncs \\school\dfs share down so that indexing works. For whatever reason (Slow link detection/network unplugged/whatever) Windows 7 goes into offline mode. User logs off.
User 2 - Logs on, Windows still thinks \\school\dfs is in offline mode so tries to take it back online, but can't because for it gets upset about not having access to the existing offline version to check for changes, so it throws up access denied errors. This is why you get an error when you try to access the share. For whatever reason, it's trying to associate another users offline files with it's own, as they are on the same server.
Damned if I know how to resolve it tho, other than murdering offline files like above. If the original user that took it into offline mode logs on, they can put it back in online mode and fix it for all the other users.
Edit: someone else online having the same problem http://www.wapshere.com/missmiis/dfs...from-windows-7 - Same fix as mine tho.
Last edited by DrCheese; 8th October 2010 at 03:19 PM.
The same thing happened to a couple of laptops here just this week. We also redirect to a DFS share and it gave the access denied error.
I do wonder if it is related to this DHCP/Netlogon bug? I did notice this appear in event viewer on the laptops with the issues on.
So has anybody had any luck with this yet? In all of my testing that I did when originally setting up our MDT and Windows 7 images, I never once encountered this error. However, upon putting our Win7 Pro image on 2 of our laptop carts at our Middle School, we seem to be getting this same issue. As with the others, it is completely random. Student A can log into a laptop and have their their home drives attempt to map (it even shows up under Computer), but it never actually connects them. You can see the drive there under Computer, but the student has no access to it at all and it then maps all of their folders down to the local folders which is a real problem (especially when they saved their document to the computer and can't find it when they login somewhere else...and they don't know which computer they were on the day before so I can retrieve it for them).
We have both teachers and students becoming increasingly frustrated by this issue as a class will use 15 laptops and maybe 1/3 of them will have the problem. However, if that 1/3 logs in somewhere else, they are fine. I have checked permissions, GPOs, anything that I can try, but I just can't figure it out (sorry if I'm venting). The problem has become bad enough that we are actually considering going back to XP for the meantime to get rid of the problem as none of our XP machines exhibit the issue. I really don't want to have to do that as I have put countless hours into learning how to setup MDT with Win7 and many many tests that never had this issue.
So, in short...anybody got any ideas?
2000 Level Domain (not sure if that is part of the problem or not...didn't think it would though)
4 2003 Domain Controllers along with one old NT Server that we use for certificates (can't wait till we can get rid of that old thing!).
Mixed Environment - Mostly Windows XP Pro, but trying to get to Windows 7.
All I can say is that disabling offline files via group policy and formatting the offline files database with the FormatDatabase registry key above at least once after offline files is disabled seems to have resolved this issue for us for the time being, abit at the cost of indexed search (Start menu) I do need to find a more longterm fix for this issue but it has at least stopped students/staff from losing work.
The way I solved this issue is to give each student their own hidden share for their my docs, then in AD, change their home directory to be \\server\%USERNAME%$ (you will need to confirm each student one by one afterwards, a right pain...). Once this is done, make a GPO that redirects My Docs to be the Z: drive. So far, students not having their my documents mapped is a very small minority.
I've also changed the mandatory profile so that the library doesn't have c:\users\public in anywhere. Make sure you keep c:\users\%username% as that is what windows 7 uses to redirect! Remove that and no one gets any documents.
I'm going to try to store a local mandatory profile onto each laptop, and point all users logging onto the laptops to point to the local profile. Hopefully this should reduce log in times from 1-10 minutes to 10-20 seconds. Testing has gone well so far!
Thanks DrCheese. I just disabled the offline files for our laptop carts (students don't need offline files anyway) and also set up Group Policy Preferences to Create a DWORD entry like you said to format the database. I will be leaving in a few minutes to head over to our Middle School to test it out while my XP image (a backup in case this doesn't work) finishes grabbing updates. However, I have just tested on one here at our High School and it logged me on with a temporary profile. Everything seemed to still be mapped, but it does make me worry...
Will let you know how things go...wish me luck!
Vista Offline Files Redirection Failed When local Cache put in Offline Mode
This guy has exactly the same problem as I described in my post above, except on Vista (Which is pretty much the same under the skin...) The MSFT poster just tells the OP to disable the ability to go offline (which is pretty much what we've done).
Last edited by DrCheese; 27th October 2010 at 02:11 AM.
There are currently 1 users browsing this thread. (0 members and 1 guests)