Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Big Problem with Roaming Profiles & Logins 1

Status
Not open for further replies.
jawajones

jawajones

MIS
May 31, 2001
10
US
I'm having a huge problem here with roaming profiles, policies and logins. Here is the scenario:

My network is supporting about 100-120 users currently. I have 2 Metaframe 1.8 servers running on NT TSE 4.0. I am implementing roaming profiles and policies. The problem I have run into is that the directories containing the profiles and policies is stored on the PDC. When I had an issue with the PDC this past week and it was offline in the morning users where able to be authenticated by the BDC but they did not receive their policy and profile. This is a major issue because my users rely on their desktop icons and start menu to access their applications.

I wanted to move all of the directories to another file server so that if the PDC was offline or unavailable users could still login and it would be seamless to them. Problem is that once I did that the logins and my Metaframe servers were slowed to a crawl. The first 5 to 10 users could login fine but after that things just seem to seize up. It would take 10 or 15 minutes to login at the console even. This is obviously unacceptable so I had to change everything back, between fending off pissed off management and end users. Can anyone explain why this would be? CitrixEngineer you sound like a genius if you read this help me out!

Thanks in advance (JJ)Jawa Jones
 
Sort by date Sort by votes
100-120 users on 2 M/F servers? That's fairly tight! In that situation I'd have a 3rd M/F server - even if it was only acting as Master Browser.

Are you seeing a lot of rpc errors in the event log? Do you have any Win9x clients on the network? If so, you may be seeing an issue I came across when I cut my teeth on MetaFrame;

For two nightmarish months I tried to work out why I could get my 10 pilot users working fine on 2 quad-proc servers, but any more than that and logins would slow to as much as an hour.

The answer came to me from Rick Mack, who wrote this fantastic article
...oh, and I found out why he had the problem with his Win9x boxes. He'd set the number of MaxWorkItems to be a multiple of the maximum that Win9.x can use. Confused? So was I after a Microsoft guy explained this to me!

Anyway, the fix is to use a number that is not a multiple of 64, eg 5000, instead of 4096 - which is the square of 64.

I hope this fixes the problem for you.


*genius* s-)

...I wish!

Good Luck!
 
Upvote 0 Downvote
Thanks CitrixEngineer. You gave me some more stuff to look into at least! I was stumped. The thing that baffles me is that everything runs fine from the PDC but the slow logins occurred when running from the NT file server.

My old boss (the previous Systems Administrator) and I had tried this once and failed in the same manner. I have already made the MaxWorkItems modification on all my NT servers (PDC, BDC, SQL and File) but I believe I have set it to 4096, and yes they are for the most part all Win95 clients! So maybe that is the issue, or at least part of it.

One other thing I noticed which has me slightly confused. The problem did not occur until I had unshared the directories on the PDC (Profiles, Policies, Custom [containing desktop settings etc...], Kixscript [containing kixscript controlling drive mappings], and Users. I had first moved everything over to the File server and pointed the policies, user settings in UMFD, Usrlogon.cmd on Metaframe boxes to kixscript last Sunday night. Monday and Tuesday was fine. Tuesday night I unshared or removed the share on all the directories on the PDC except for the Policy directory. From what I understand the policy must sit on a domain controller so it made sense to leave that shared and to also be sure it was available on the BDC. Wednesday morning the slow logons occurred.

That is when I reshared the directories and redirected everything back to the PDC for a quick and painless recovery. My BDC is currently offline because the way I see it, it is a door stop unless it provides me with some "Backup" hence its name! Until I can get to the bottom of this I'm planning to keep it offline but duplicate everything on the PDC. Then if I need to I can hopefully bring it online synchronize and promote it to PDC. Not ideal, won't even work if my PDC totally crashes, but it provides with a bit of backup.

I discovered something else interesting this Wednesday night. Now everything is directed to the PDC as I mentioned above. However on Wednesday night I had taken the File server offline and was logging into Metaframe as a few of my users to test some network permission changes. (The file server was down for some reason I don't remember why. I had shut it down temporarily). Well all the users I logged in did not get their profile or policy. Or they only got a partial profile (desktop settings but no desktop icons or start menu). I immediately fired up the File server and then logged some users in and they were fine.

Somehow even though things are redirected to the PDC again it is still looking to the File server for something. This must have been what happened when I unshared the directories on the PDC. Logons where flipping out because it couldn't see the directories on the PDC anymore.

But why? Am I missing something blantantly obvious or is this a somewhat bizarre phenomenom. Ok these are computers we are talking about. There has to be a logical explanation!

Anyways that was a long winded response, but I thought if nothing else this might prove to be intriguing to some of you. Perhaps someone can explain to me what is happening, or maybe we can all learn something interesting about NT policies and profiles that perhaps we didn't know. I sure learned a heck of a lot this past week, but am unfortunately not much farther along than where I started!

And CitrixEngineer you may not be a genius but you sure got the notches in your belt! Thanks for imparting your great wisdom!


(JJ)Jawa Jones
 
Upvote 0 Downvote
Oh and to answer your question. I don't see any rpc errors in the event log, but I do see a whole bunch of NWRdr and RDR errors. When I was learning the system I was told that that was pretty normal and that the integrators (a major Citrix integrator) said they hadn't ever seen a Citrix box that didn't have those.

I agree that it would be nice to have a 3rd server, but that's not going to happen. Corporate changes and all that, IT is kinda on the back burner. I'm sure you know how that is! My servers are Compaq Proliant 5500's, quad PPro 200, 1gig of RAM. Kind of dinosaurs implemented about 3 years ago, but they get the job done! (JJ)Jawa Jones
 
Upvote 0 Downvote
What you are saying reminds me of something else I've seen only once; that the PDC/BDC are not replicating correctly.

Is the BDC able to authenticate to the PDC correctly? If you manually synchronise the domain and get errors, then this could be the problem.

What SPs are you running? If you're not up to at least SP4 on ALL NT servers, then arrange for that to be done ASAP.

Maybe this link will help

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sebastian42
  • Question
Possibly a timing problem
Replies
0
Views
376
Sebastian42
Sebastian42
bklabel1
  • Locked
  • Question
Reflections Attachmate with OpenVMS
Replies
1
Views
142
yamyam
yamyam
JayIT
  • Locked
  • Question
XenApp 6.5. Random temp profiles created on servers
Replies
0
Views
75
JayIT
JayIT
dumbchemist
  • Locked
  • Question
Using IDE to SATA/SATA to IDE converters with Netware 5
Replies
18
Views
306
goombawaho
goombawaho
badger007
  • Locked
  • Question
simh vax openvms editor problem
Replies
1
Views
132
badger007
badger007

Part and Inventory Search

Sponsor

Back
Top