Roaming profile won't load on Windows 2000 but does on XP

View Full Version : Roaming profile won't load on Windows 2000 but does on XP

brothervogon@yahoo.com

10-02-2006, 04:47 PM

Hi ,

I have just encountered a problem with roaming profiles on our network
(Mixed Windows 2003/2000 AD domain). These have worked fine until last
week when some users on Windows 2000-SP4 machines started getting
errors loading their roaming profiles. The symptoms are pointing to
permissions as the client machines log ID 1000 errors in the
application event log:

"You do not have permission to access your central profile located at
\\Server\Share\Username. Contact your network administrator."

I have checked the permissions and they are all OK (Share perms are
Everyone FC and the user has NTFS FC and is also the owner). After
logging on with a cached or temp profile you can then map a drive to
the roaming profile share with no problems and create and amend files
so it is definitely not a permissions problem.

I then set up a test account and tried logging on on two test machines.
On the 2000-SP4 machine I got the same problem but on the XP-SP2
machine it was able to load the roaming profile without problems. I
then configured success and failure auditing on the test romaing
profile share and re-ran the tests. When the test user logs on to the
XP test machine the access is logged in the security event log on the
server as expected, but when the test user logs onto the 2000 machine
there is absolutely nothing in the event log. It is almost like the
2000 machine cannot locate the server holding the profile.

I have tested name resolution and the 2000 client gets the correct IP
address from an NSLOOKUP. I cannot determine what may have changed to
have made this start hapenning. There have been no changes to Group
Policy that would have affected it.

Any help will be gratefully received.

Vaughan

The relevant sections of the user mode debug log files are:

Windows 2000

USERENV(ac.88) 12:15:38:849 LoadUserProfile: Entering, hToken =
<0x61c>, lpProfileInfo = 0x6f648
USERENV(ac.88) 12:15:38:859 LoadUserProfile: Entering, hToken =
<0x61c>, lpProfileInfo = 0x6f648
USERENV(ac.88) 12:15:38:859 LoadUserProfile: lpProfileInfo->dwFlags =
<0x0>
USERENV(ac.88) 12:15:38:869 LoadUserProfile: lpProfileInfo->lpUserName
= <test.pro1>
USERENV(ac.88) 12:15:38:869 LoadUserProfile:
lpProfileInfo->lpProfilePath = <\\Server\Share\test.pro1>
USERENV(ac.88) 12:15:38:869 LoadUserProfile:
lpProfileInfo->lpDefaultPath = <\\DC\netlogon\Default User>
USERENV(ac.88) 12:15:38:879 LoadUserProfile: NULL server name
USERENV(ac.88) 12:15:38:879 GetUserMutex: entering
USERENV(ac.88) 12:15:38:889 GetUserMutex: Waiting...
USERENV(ac.88) 12:15:38:889 GetUserMutex: Wait succeeded. Mutex
currently held.
USERENV(ac.88) 12:15:39:029 GetOldSidString: Failed to open profile
profile guid key with error 2
USERENV(ac.88) 12:15:39:039 GetProfileSid: No Guid -> Sid Mapping
available
USERENV(ac.88) 12:15:39:039 GetOldSidString: Failed to open profile
profile guid key with error 2
USERENV(ac.88) 12:15:39:049 GetProfileSid: No Guid -> Sid Mapping
available
USERENV(ac.88) 12:15:39:049 ParseProfilePath: Entering, lpProfilePath =
<\\Server\Share\test.pro1>
USERENV(ac.88) 12:15:39:049 CheckXForestLogon: checking x-forest logon,
user handle = 1564
USERENV(ac.88) 12:15:39:059 MyGetDomainDNSName: Successfully
determined fqdn CN=test.pro1,OU=NO POLICY,OU=XXX,DC=domain,DC=com
USERENV(ac.88) 12:15:39:079 MyGetDomainDNSName: Successfully obtained
domain dns name domain.com
USERENV(ac.88) 12:15:39:079 CheckXForestLogon: not XForest logon.
USERENV(ac.88) 12:15:39:149 ParseProfilePath: Tick Count = 0
USERENV(ac.88) 12:15:39:149 PingComputer: PingBufferSize set as 2048
USERENV(ac.88) 12:15:39:169 PingComputer: First time: 10
USERENV(ac.88) 12:15:39:179 PingComputer: Second time: 1
USERENV(ac.88) 12:15:39:189 PingComputer: Fast link. Exiting.
USERENV(ac.88) 12:15:39:189 ParseProfilePath: FindFirstFile failed with
error 5
USERENV(ac.88) 12:15:39:199 ParseProfilePath: You don't have permission
to your central profile server! Error = 5
USERENV(ac.88) 12:15:40:651 LoadUserProfile: ParseProfilePath returned
a directory of <>
USERENV(ac.88) 12:15:40:661 RestoreUserProfile: Entering
USERENV(ac.88) 12:15:40:661 RestoreUserProfile: User is a Admin
USERENV(ac.88) 12:15:40:661 IsCentralProfileReachable: Entering
USERENV(ac.88) 12:15:40:671 IsCentralProfileReachable: Null path.
Leaving
USERENV(ac.88) 12:15:40:671 RestoreUserProfile: Profile path = <>
USERENV(ac.88) 12:15:40:671 ExtractProfileFromBackup: Failed to open
key Software\Microsoft\Windows
NT\CurrentVersion\ProfileList\S-1-5-21-1614895754-1078081533-1417001333-82082
with error 2
USERENV(ac.88) 12:15:40:681 ExtractProfileFromBackup: Couldn't open
backup profile key. Error = 2
USERENV(ac.88) 12:15:40:681 GetOldSidString: Failed to open profile
profile guid key with error 2
USERENV(ac.88) 12:15:40:691 PatchNewProfileIfRequred: No OldSidString
found
USERENV(ac.88) 12:15:40:691 CreateLocalProfileKey: Not setting
additional Security
USERENV(ac.88) 12:15:40:701 CreateLocalProfileImage: One way or
another we haven't got an existing local profile, try and create one
USERENV(ac.88) 12:15:40:701 GetUserDomainName: DomainName = <domain>
USERENV(ac.88) 12:15:40:701 CreateSecureDirectory: Entering with
<C:\Documents and Settings\TEMP.domain>
USERENV(ac.88) 12:15:40:721 CreateSecureDirectory: Created the
directory <C:\Documents and Settings\TEMP.domain>
USERENV(ac.88) 12:15:40:721 ComputeLocalProfileName: generated the
profile directory <C:\Documents and Settings\TEMP.domain>
USERENV(ac.88) 12:15:41:813 Local profile name is <C:\Documents and
Settings\TEMP.domain>
USERENV(ac.88) 12:15:41:813 RestoreUserProfile: Working with a new
user. Go straight to issuing a default profile.
USERENV(ac.88) 12:15:41:813 RestoreUserProfile: Issuing default
profile
USERENV(ac.88) 12:15:41:823 CheckNetDefaultProfile: Entering, lpNetPath
= <\\DC\netlogon\Default User>
USERENV(ac.88) 12:15:41:823 CheckXForestLogon: checking x-forest logon,
user handle = 1564
USERENV(ac.88) 12:15:41:833 MyGetDomainDNSName: Successfully
determined fqdn CN=test.pro1,OU=NO POLICY,OU=XXX,DC=domain,DC=com
USERENV(ac.88) 12:15:41:833 MyGetDomainDNSName: Successfully obtained
domain dns name domain.com
USERENV(ac.88) 12:15:41:843 CheckXForestLogon: not XForest logon.
USERENV(ac.88) 12:15:41:903 CheckNetDefaultProfile: FindFirstFile
found a directory, but no ntuser files.
USERENV(ac.88) 12:15:41:903 CheckNetDefaultProfile: setting default
profile to NULL
USERENV(ac.88) 12:15:41:903 CheckNetDefaultProfile: Removing local
copy of network default user profile.
USERENV(ac.88) 12:15:41:913 Delnode_Recurse: Entering, lpDir =
<C:\Documents and Settings\Default User (Network)>
USERENV(ac.88) 12:15:41:913 CheckNetDefaultProfile: Leaving with a
value of 0.
USERENV(ac.88) 12:15:41:913 IssueDefaultProfile: Entering.
lpDefaultProfile = <C:\Documents and Settings\Default User.WINNT>
lpLocalProfile = <C:\Documents and Settings\TEMP.domain>
USERENV(ac.88) 12:15:41:923 CopyProfileDirectoryEx: Entering,
lpSourceDir = <C:\Documents and Settings\Default User.WINNT>,
lpDestinationDir = <C:\Documents and Settings\TEMP.domain>, dwFlags =
0xc8101

Windows XP

USERENV(484.488) 13:41:23:215
=========================================================
USERENV(484.488) 13:41:23:215 LoadUserProfile: Entering, hToken =
<0x5ec>, lpProfileInfo = 0x6e3e0
USERENV(484.488) 13:41:23:215 LoadUserProfile: lpProfileInfo->dwFlags =
<0x0>
USERENV(484.488) 13:41:23:215 LoadUserProfile:
lpProfileInfo->lpUserName = <test.pro1>
USERENV(484.488) 13:41:23:215 LoadUserProfile:
lpProfileInfo->lpProfilePath = <\\Server\Share\test.pro1>
USERENV(484.488) 13:41:23:215 LoadUserProfile:
lpProfileInfo->lpDefaultPath = <\\DC\netlogon\Default User>
USERENV(484.488) 13:41:23:215 LoadUserProfile: NULL server name
USERENV(484.488) 13:41:23:215 LoadUserProfile: In console winlogon
process
USERENV(484.488) 13:41:23:215 In LoadUserProfileP
USERENV(484.488) 13:41:23:215
=========================================================
USERENV(484.488) 13:41:23:225 LoadUserProfile: Entering, hToken =
<0x5ec>, lpProfileInfo = 0x6e3e0
USERENV(484.488) 13:41:23:225 LoadUserProfile: lpProfileInfo->dwFlags =
<0x0>
USERENV(484.488) 13:41:23:225 LoadUserProfile:
lpProfileInfo->lpUserName = <test.pro1>
USERENV(484.488) 13:41:23:225 LoadUserProfile:
lpProfileInfo->lpProfilePath = <\\Server\Share\test.pro1>
USERENV(484.488) 13:41:23:225 LoadUserProfile:
lpProfileInfo->lpDefaultPath = <\\DC\netlogon\Default User>
USERENV(484.488) 13:41:23:225 LoadUserProfile: NULL server name
USERENV(484.488) 13:41:23:225 LoadUserProfile: User sid:
S-1-5-21-1614895754-1078081533-1417001333-82082
USERENV(484.488) 13:41:23:225 CSyncManager::EnterLock
<S-1-5-21-1614895754-1078081533-1417001333-82082>
USERENV(484.488) 13:41:23:225 CSyncManager::EnterLock: No existing
entry found
USERENV(484.488) 13:41:23:225 CSyncManager::EnterLock: New entry
created
USERENV(484.488) 13:41:23:225 CHashTable::HashAdd:
S-1-5-21-1614895754-1078081533-1417001333-82082 added in bucket 16
USERENV(484.488) 13:41:23:235 LoadUserProfile: Wait succeeded. In
critical section.
USERENV(484.488) 13:41:23:255 LoadUserProfile: Expanded profile path is
\\Server\Share\test.pro1
USERENV(484.488) 13:41:23:255 ParseProfilePath: Entering, lpProfilePath
= <\\Server\Share\test.pro1>
USERENV(484.488) 13:41:23:255 CheckXForestLogon: checking x-forest
logon, user handle = 1516
USERENV(484.488) 13:41:23:255 CheckXForestLogon: not XForest logon.
USERENV(484.488) 13:41:23:295 AbleToBypassCSC: Try to bypass CSC
USERENV(484.488) 13:41:23:375 AbleToBypassCSC: tried
NPAddConnection3ForCSCAgent. Error 2109
USERENV(484.488) 13:41:23:375 AbleToBypassCSC: Share \\Server\Share
mapped to drive E. Returned Path E:\test.pro1
USERENV(484.488) 13:41:23:375 ParseProfilePath: CSC bypassed. Profile
path E:\test.pro1
USERENV(484.488) 13:41:23:375 ParseProfilePath: Tick Count = 0
USERENV(484.488) 13:41:23:395 PingComputer: Adapter speed 100000000 bps
USERENV(484.488) 13:41:23:405 PingComputer: First time: 8
USERENV(484.488) 13:41:23:405 PingComputer: Fast link. Exiting.
USERENV(484.488) 13:41:23:405 ParseProfilePath: GetFileAttributes found
something with attributes <0x10>
USERENV(484.488) 13:41:23:405 ParseProfilePath: Found a directory
USERENV(484.488) 13:41:23:405 LoadUserProfile: ParseProfilePath
returned a directory of <E:\test.pro1>
USERENV(484.488) 13:41:23:405 RestoreUserProfile: Entering
USERENV(484.488) 13:41:23:405 IsCentralProfileReachable: Entering
USERENV(484.488) 13:41:23:405 CheckRoamingShareOwnership: checking
ownership for E:\test.pro1
USERENV(484.488) 13:41:23:415 CheckRoamingShareOwnership: owner is the
right user
USERENV(484.488) 13:41:23:415 IsCentralProfileReachable: Testing
<E:\test.pro1\ntuser.man>
USERENV(484.488) 13:41:23:485 IsCentralProfileReachable: Profile is
not reachable, error = 2
USERENV(484.488) 13:41:23:485 IsCentralProfileReachable: Testing
<E:\test.pro1\ntuser.dat>
USERENV(484.488) 13:41:23:536 IsCentralProfileReachable: Found a user
profile.
USERENV(484.488) 13:41:23:546 RestoreUserProfile: Central Profile is
reachable
USERENV(484.488) 13:41:23:546 RestoreUserProfile: Central Profile is
roaming
USERENV(484.488) 13:41:23:546 RestoreUserProfile: Profile path =
<E:\test.pro1>
USERENV(484.488) 13:41:23:546 ExtractProfileFromBackup: A profile
already exists
USERENV(484.488) 13:41:23:546 PatchNewProfileIfRequred: A profile
already exists with the current sid, exitting
USERENV(484.488) 13:41:23:546 CreateLocalProfileKey: Not setting
additional Security
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Found
entry in profile list for existing local profile
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Local
profile image filename = <%SystemDrive%\Documents and
Settings\test.pro1>
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Expanded
local profile image filename = <C:\Documents and Settings\test.pro1>
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: No local
mandatory profile. Error = 2
USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Found
local profile image file ok <C:\Documents and
Settings\test.pro1\ntuser.dat>
USERENV(484.488) 13:41:23:556 Local Existing Profile Image is reachable
USERENV(484.488) 13:41:23:566 Local profile name is <C:\Documents and
Settings\test.pro1>
USERENV(484.488) 13:41:23:566 RestoreUserProfile: Reconciling roaming
profile with local profile
USERENV(484.488) 13:41:23:646 GetExclusionList: The exclusion on both
server and client are same: <Local Settings;Temporary Internet
Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook>
USERENV(484.488) 13:41:23:696 CopyProfileDirectoryEx: Entering,
lpSourceDir = <E:\test.pro1>, lpDestinationDir = <C:\Documents and
Settings\test.pro1>, dwFlags = 0x4c20
USERENV(484.488) 13:41:23:706 CopyProfileDirectoryEx: lpExclusionList =
<Local Settings;Temporary Internet Files;History;Temp;Local
Settings\Application Data\Microsoft\Outlook>

Richard G. Harper

10-02-2006, 09:53 PM

Have we checked for DNS issues - are the troublesome machines pointing to
only domain DNS for name resolution?

--
Richard G. Harper [MVP Shell/User] rgharper@gmail.com
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

<brothervogon@yahoo.com> wrote in message
news:1159804022.674565.194270@m73g2000cwd.googlegroups.com...
> Hi ,
>
> I have just encountered a problem with roaming profiles on our network
> (Mixed Windows 2003/2000 AD domain). These have worked fine until last
> week when some users on Windows 2000-SP4 machines started getting
> errors loading their roaming profiles. The symptoms are pointing to
> permissions as the client machines log ID 1000 errors in the
> application event log:
>
> "You do not have permission to access your central profile located at
> \\Server\Share\Username. Contact your network administrator."
>
> I have checked the permissions and they are all OK (Share perms are
> Everyone FC and the user has NTFS FC and is also the owner). After
> logging on with a cached or temp profile you can then map a drive to
> the roaming profile share with no problems and create and amend files
> so it is definitely not a permissions problem.
>
> I then set up a test account and tried logging on on two test machines.
> On the 2000-SP4 machine I got the same problem but on the XP-SP2
> machine it was able to load the roaming profile without problems. I
> then configured success and failure auditing on the test romaing
> profile share and re-ran the tests. When the test user logs on to the
> XP test machine the access is logged in the security event log on the
> server as expected, but when the test user logs onto the 2000 machine
> there is absolutely nothing in the event log. It is almost like the
> 2000 machine cannot locate the server holding the profile.
>
> I have tested name resolution and the 2000 client gets the correct IP
> address from an NSLOOKUP. I cannot determine what may have changed to
> have made this start hapenning. There have been no changes to Group
> Policy that would have affected it.
>
> Any help will be gratefully received.
>
> Vaughan
>
>
>
>
> The relevant sections of the user mode debug log files are:
>
>
> Windows 2000
>
> USERENV(ac.88) 12:15:38:849 LoadUserProfile: Entering, hToken =
> <0x61c>, lpProfileInfo = 0x6f648
> USERENV(ac.88) 12:15:38:859 LoadUserProfile: Entering, hToken =
> <0x61c>, lpProfileInfo = 0x6f648
> USERENV(ac.88) 12:15:38:859 LoadUserProfile: lpProfileInfo->dwFlags =
> <0x0>
> USERENV(ac.88) 12:15:38:869 LoadUserProfile: lpProfileInfo->lpUserName
> = <test.pro1>
> USERENV(ac.88) 12:15:38:869 LoadUserProfile:
> lpProfileInfo->lpProfilePath = <\\Server\Share\test.pro1>
> USERENV(ac.88) 12:15:38:869 LoadUserProfile:
> lpProfileInfo->lpDefaultPath = <\\DC\netlogon\Default User>
> USERENV(ac.88) 12:15:38:879 LoadUserProfile: NULL server name
> USERENV(ac.88) 12:15:38:879 GetUserMutex: entering
> USERENV(ac.88) 12:15:38:889 GetUserMutex: Waiting...
> USERENV(ac.88) 12:15:38:889 GetUserMutex: Wait succeeded. Mutex
> currently held.
> USERENV(ac.88) 12:15:39:029 GetOldSidString: Failed to open profile
> profile guid key with error 2
> USERENV(ac.88) 12:15:39:039 GetProfileSid: No Guid -> Sid Mapping
> available
> USERENV(ac.88) 12:15:39:039 GetOldSidString: Failed to open profile
> profile guid key with error 2
> USERENV(ac.88) 12:15:39:049 GetProfileSid: No Guid -> Sid Mapping
> available
> USERENV(ac.88) 12:15:39:049 ParseProfilePath: Entering, lpProfilePath =
> <\\Server\Share\test.pro1>
> USERENV(ac.88) 12:15:39:049 CheckXForestLogon: checking x-forest logon,
> user handle = 1564
> USERENV(ac.88) 12:15:39:059 MyGetDomainDNSName: Successfully
> determined fqdn CN=test.pro1,OU=NO POLICY,OU=XXX,DC=domain,DC=com
> USERENV(ac.88) 12:15:39:079 MyGetDomainDNSName: Successfully obtained
> domain dns name domain.com
> USERENV(ac.88) 12:15:39:079 CheckXForestLogon: not XForest logon.
> USERENV(ac.88) 12:15:39:149 ParseProfilePath: Tick Count = 0
> USERENV(ac.88) 12:15:39:149 PingComputer: PingBufferSize set as 2048
> USERENV(ac.88) 12:15:39:169 PingComputer: First time: 10
> USERENV(ac.88) 12:15:39:179 PingComputer: Second time: 1
> USERENV(ac.88) 12:15:39:189 PingComputer: Fast link. Exiting.
> USERENV(ac.88) 12:15:39:189 ParseProfilePath: FindFirstFile failed with
> error 5
> USERENV(ac.88) 12:15:39:199 ParseProfilePath: You don't have permission
> to your central profile server! Error = 5
> USERENV(ac.88) 12:15:40:651 LoadUserProfile: ParseProfilePath returned
> a directory of <>
> USERENV(ac.88) 12:15:40:661 RestoreUserProfile: Entering
> USERENV(ac.88) 12:15:40:661 RestoreUserProfile: User is a Admin
> USERENV(ac.88) 12:15:40:661 IsCentralProfileReachable: Entering
> USERENV(ac.88) 12:15:40:671 IsCentralProfileReachable: Null path.
> Leaving
> USERENV(ac.88) 12:15:40:671 RestoreUserProfile: Profile path = <>
> USERENV(ac.88) 12:15:40:671 ExtractProfileFromBackup: Failed to open
> key Software\Microsoft\Windows
> NT\CurrentVersion\ProfileList\S-1-5-21-1614895754-1078081533-1417001333-82082
> with error 2
> USERENV(ac.88) 12:15:40:681 ExtractProfileFromBackup: Couldn't open
> backup profile key. Error = 2
> USERENV(ac.88) 12:15:40:681 GetOldSidString: Failed to open profile
> profile guid key with error 2
> USERENV(ac.88) 12:15:40:691 PatchNewProfileIfRequred: No OldSidString
> found
> USERENV(ac.88) 12:15:40:691 CreateLocalProfileKey: Not setting
> additional Security
> USERENV(ac.88) 12:15:40:701 CreateLocalProfileImage: One way or
> another we haven't got an existing local profile, try and create one
> USERENV(ac.88) 12:15:40:701 GetUserDomainName: DomainName = <domain>
> USERENV(ac.88) 12:15:40:701 CreateSecureDirectory: Entering with
> <C:\Documents and Settings\TEMP.domain>
> USERENV(ac.88) 12:15:40:721 CreateSecureDirectory: Created the
> directory <C:\Documents and Settings\TEMP.domain>
> USERENV(ac.88) 12:15:40:721 ComputeLocalProfileName: generated the
> profile directory <C:\Documents and Settings\TEMP.domain>
> USERENV(ac.88) 12:15:41:813 Local profile name is <C:\Documents and
> Settings\TEMP.domain>
> USERENV(ac.88) 12:15:41:813 RestoreUserProfile: Working with a new
> user. Go straight to issuing a default profile.
> USERENV(ac.88) 12:15:41:813 RestoreUserProfile: Issuing default
> profile
> USERENV(ac.88) 12:15:41:823 CheckNetDefaultProfile: Entering, lpNetPath
> = <\\DC\netlogon\Default User>
> USERENV(ac.88) 12:15:41:823 CheckXForestLogon: checking x-forest logon,
> user handle = 1564
> USERENV(ac.88) 12:15:41:833 MyGetDomainDNSName: Successfully
> determined fqdn CN=test.pro1,OU=NO POLICY,OU=XXX,DC=domain,DC=com
> USERENV(ac.88) 12:15:41:833 MyGetDomainDNSName: Successfully obtained
> domain dns name domain.com
> USERENV(ac.88) 12:15:41:843 CheckXForestLogon: not XForest logon.
> USERENV(ac.88) 12:15:41:903 CheckNetDefaultProfile: FindFirstFile
> found a directory, but no ntuser files.
> USERENV(ac.88) 12:15:41:903 CheckNetDefaultProfile: setting default
> profile to NULL
> USERENV(ac.88) 12:15:41:903 CheckNetDefaultProfile: Removing local
> copy of network default user profile.
> USERENV(ac.88) 12:15:41:913 Delnode_Recurse: Entering, lpDir =
> <C:\Documents and Settings\Default User (Network)>
> USERENV(ac.88) 12:15:41:913 CheckNetDefaultProfile: Leaving with a
> value of 0.
> USERENV(ac.88) 12:15:41:913 IssueDefaultProfile: Entering.
> lpDefaultProfile = <C:\Documents and Settings\Default User.WINNT>
> lpLocalProfile = <C:\Documents and Settings\TEMP.domain>
> USERENV(ac.88) 12:15:41:923 CopyProfileDirectoryEx: Entering,
> lpSourceDir = <C:\Documents and Settings\Default User.WINNT>,
> lpDestinationDir = <C:\Documents and Settings\TEMP.domain>, dwFlags =
> 0xc8101
>
>
>
>
> Windows XP
>
> USERENV(484.488) 13:41:23:215
> =========================================================
> USERENV(484.488) 13:41:23:215 LoadUserProfile: Entering, hToken =
> <0x5ec>, lpProfileInfo = 0x6e3e0
> USERENV(484.488) 13:41:23:215 LoadUserProfile: lpProfileInfo->dwFlags =
> <0x0>
> USERENV(484.488) 13:41:23:215 LoadUserProfile:
> lpProfileInfo->lpUserName = <test.pro1>
> USERENV(484.488) 13:41:23:215 LoadUserProfile:
> lpProfileInfo->lpProfilePath = <\\Server\Share\test.pro1>
> USERENV(484.488) 13:41:23:215 LoadUserProfile:
> lpProfileInfo->lpDefaultPath = <\\DC\netlogon\Default User>
> USERENV(484.488) 13:41:23:215 LoadUserProfile: NULL server name
> USERENV(484.488) 13:41:23:215 LoadUserProfile: In console winlogon
> process
> USERENV(484.488) 13:41:23:215 In LoadUserProfileP
> USERENV(484.488) 13:41:23:215
> =========================================================
> USERENV(484.488) 13:41:23:225 LoadUserProfile: Entering, hToken =
> <0x5ec>, lpProfileInfo = 0x6e3e0
> USERENV(484.488) 13:41:23:225 LoadUserProfile: lpProfileInfo->dwFlags =
> <0x0>
> USERENV(484.488) 13:41:23:225 LoadUserProfile:
> lpProfileInfo->lpUserName = <test.pro1>
> USERENV(484.488) 13:41:23:225 LoadUserProfile:
> lpProfileInfo->lpProfilePath = <\\Server\Share\test.pro1>
> USERENV(484.488) 13:41:23:225 LoadUserProfile:
> lpProfileInfo->lpDefaultPath = <\\DC\netlogon\Default User>
> USERENV(484.488) 13:41:23:225 LoadUserProfile: NULL server name
> USERENV(484.488) 13:41:23:225 LoadUserProfile: User sid:
> S-1-5-21-1614895754-1078081533-1417001333-82082
> USERENV(484.488) 13:41:23:225 CSyncManager::EnterLock
> <S-1-5-21-1614895754-1078081533-1417001333-82082>
> USERENV(484.488) 13:41:23:225 CSyncManager::EnterLock: No existing
> entry found
> USERENV(484.488) 13:41:23:225 CSyncManager::EnterLock: New entry
> created
> USERENV(484.488) 13:41:23:225 CHashTable::HashAdd:
> S-1-5-21-1614895754-1078081533-1417001333-82082 added in bucket 16
> USERENV(484.488) 13:41:23:235 LoadUserProfile: Wait succeeded. In
> critical section.
> USERENV(484.488) 13:41:23:255 LoadUserProfile: Expanded profile path is
> \\Server\Share\test.pro1
> USERENV(484.488) 13:41:23:255 ParseProfilePath: Entering, lpProfilePath
> = <\\Server\Share\test.pro1>
> USERENV(484.488) 13:41:23:255 CheckXForestLogon: checking x-forest
> logon, user handle = 1516
> USERENV(484.488) 13:41:23:255 CheckXForestLogon: not XForest logon.
> USERENV(484.488) 13:41:23:295 AbleToBypassCSC: Try to bypass CSC
> USERENV(484.488) 13:41:23:375 AbleToBypassCSC: tried
> NPAddConnection3ForCSCAgent. Error 2109
> USERENV(484.488) 13:41:23:375 AbleToBypassCSC: Share \\Server\Share
> mapped to drive E. Returned Path E:\test.pro1
> USERENV(484.488) 13:41:23:375 ParseProfilePath: CSC bypassed. Profile
> path E:\test.pro1
> USERENV(484.488) 13:41:23:375 ParseProfilePath: Tick Count = 0
> USERENV(484.488) 13:41:23:395 PingComputer: Adapter speed 100000000 bps
> USERENV(484.488) 13:41:23:405 PingComputer: First time: 8
> USERENV(484.488) 13:41:23:405 PingComputer: Fast link. Exiting.
> USERENV(484.488) 13:41:23:405 ParseProfilePath: GetFileAttributes found
> something with attributes <0x10>
> USERENV(484.488) 13:41:23:405 ParseProfilePath: Found a directory
> USERENV(484.488) 13:41:23:405 LoadUserProfile: ParseProfilePath
> returned a directory of <E:\test.pro1>
> USERENV(484.488) 13:41:23:405 RestoreUserProfile: Entering
> USERENV(484.488) 13:41:23:405 IsCentralProfileReachable: Entering
> USERENV(484.488) 13:41:23:405 CheckRoamingShareOwnership: checking
> ownership for E:\test.pro1
> USERENV(484.488) 13:41:23:415 CheckRoamingShareOwnership: owner is the
> right user
> USERENV(484.488) 13:41:23:415 IsCentralProfileReachable: Testing
> <E:\test.pro1\ntuser.man>
> USERENV(484.488) 13:41:23:485 IsCentralProfileReachable: Profile is
> not reachable, error = 2
> USERENV(484.488) 13:41:23:485 IsCentralProfileReachable: Testing
> <E:\test.pro1\ntuser.dat>
> USERENV(484.488) 13:41:23:536 IsCentralProfileReachable: Found a user
> profile.
> USERENV(484.488) 13:41:23:546 RestoreUserProfile: Central Profile is
> reachable
> USERENV(484.488) 13:41:23:546 RestoreUserProfile: Central Profile is
> roaming
> USERENV(484.488) 13:41:23:546 RestoreUserProfile: Profile path =
> <E:\test.pro1>
> USERENV(484.488) 13:41:23:546 ExtractProfileFromBackup: A profile
> already exists
> USERENV(484.488) 13:41:23:546 PatchNewProfileIfRequred: A profile
> already exists with the current sid, exitting
> USERENV(484.488) 13:41:23:546 CreateLocalProfileKey: Not setting
> additional Security
> USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Found
> entry in profile list for existing local profile
> USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Local
> profile image filename = <%SystemDrive%\Documents and
> Settings\test.pro1>
> USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Expanded
> local profile image filename = <C:\Documents and Settings\test.pro1>
> USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: No local
> mandatory profile. Error = 2
> USERENV(484.488) 13:41:23:556 GetExistingLocalProfileImage: Found
> local profile image file ok <C:\Documents and
> Settings\test.pro1\ntuser.dat>
> USERENV(484.488) 13:41:23:556 Local Existing Profile Image is reachable
> USERENV(484.488) 13:41:23:566 Local profile name is <C:\Documents and
> Settings\test.pro1>
> USERENV(484.488) 13:41:23:566 RestoreUserProfile: Reconciling roaming
> profile with local profile
> USERENV(484.488) 13:41:23:646 GetExclusionList: The exclusion on both
> server and client are same: <Local Settings;Temporary Internet
> Files;History;Temp;Local Settings\Application Data\Microsoft\Outlook>
> USERENV(484.488) 13:41:23:696 CopyProfileDirectoryEx: Entering,
> lpSourceDir = <E:\test.pro1>, lpDestinationDir = <C:\Documents and
> Settings\test.pro1>, dwFlags = 0x4c20
> USERENV(484.488) 13:41:23:706 CopyProfileDirectoryEx: lpExclusionList =
> <Local Settings;Temporary Internet Files;History;Temp;Local
> Settings\Application Data\Microsoft\Outlook>
>

brothervogon@yahoo.com

10-03-2006, 12:04 PM

Hi Richard,

I have resolved the problem now. I tried another test user that was set
up to use the profile server at our secondary site and that worked fine
from the Windows 2000 test PC. After some digging around I found that
the root profile share on the main site server did not have the List
Folder Contents NTFS permission for the Server\Users group but the
secondary site server did have this set. I added it to the primary site
server and this fixed the problem.

I have not been able to determine whether the permission was on the
folder and was subsequently removed or if something else changed to
cause the issue. I also don't see why it was still working with XP, but
as it is now working I'm not going to worry about that too much.

Thanks for your help, it did get me thinking and trying other things
which led to the solution.

Vaughan

Lanwench [MVP - Exchange]

10-03-2006, 02:42 PM

In news:1159804022.674565.194270@m73g2000cwd.googlegroups.com,
brothervogon@yahoo.com <brothervogon@yahoo.com> typed:
> Hi ,
>
> I have just encountered a problem with roaming profiles on our network
> (Mixed Windows 2003/2000 AD domain). These have worked fine until last
> week when some users on Windows 2000-SP4 machines started getting
> errors loading their roaming profiles. The symptoms are pointing to
> permissions as the client machines log ID 1000 errors in the
> application event log:
>
> "You do not have permission to access your central profile located at
> \\Server\Share\Username. Contact your network administrator."
>
> I have checked the permissions and they are all OK (Share perms are
> Everyone FC and the user has NTFS FC and is also the owner). After
> logging on with a cached or temp profile you can then map a drive to
> the roaming profile share with no problems and create and amend files
> so it is definitely not a permissions problem.
>
> I then set up a test account and tried logging on on two test
> machines. On the 2000-SP4 machine I got the same problem but on the
> XP-SP2 machine it was able to load the roaming profile without
> problems. I then configured success and failure auditing on the test
> romaing profile share and re-ran the tests. When the test user logs
> on to the XP test machine the access is logged in the security event
> log on the server as expected, but when the test user logs onto the
> 2000 machine there is absolutely nothing in the event log. It is
> almost like the 2000 machine cannot locate the server holding the
> profile.
>
> I have tested name resolution and the 2000 client gets the correct IP
> address from an NSLOOKUP. I cannot determine what may have changed to
> have made this start hapenning. There have been no changes to Group
> Policy that would have affected it.
>
> Any help will be gratefully received.
>
> Vaughan

One thing to note is that profiles are not compatible between OS versions.
You are likely going to run into profile corruption problems. Don't use
roaming profiles if you don't have fairly identical workstations.

<snip>

Richard G. Harper

10-04-2006, 01:32 AM

Even if I couldn't help, I'm glad you got a nudge to look in other places.

--
Richard G. Harper [MVP Shell/User] rgharper@gmail.com
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

<brothervogon@yahoo.com> wrote in message
news:1159873446.465851.186000@i3g2000cwc.googlegroups.com...
> Hi Richard,
>
> I have resolved the problem now. I tried another test user that was set
> up to use the profile server at our secondary site and that worked fine
> from the Windows 2000 test PC. After some digging around I found that
> the root profile share on the main site server did not have the List
> Folder Contents NTFS permission for the Server\Users group but the
> secondary site server did have this set. I added it to the primary site
> server and this fixed the problem.
>
> I have not been able to determine whether the permission was on the
> folder and was subsequently removed or if something else changed to
> cause the issue. I also don't see why it was still working with XP, but
> as it is now working I'm not going to worry about that too much.
>
> Thanks for your help, it did get me thinking and trying other things
> which led to the solution.
>
> Vaughan
>