Will keep this as brief as I can. Environment: NT4 network, (8) win2k servers in citrix farm. Publishing desktop using Tricerat. Roaming profiles. SQL data store on dedicated server. Average 180 - 190 users on 7 servers. Try to keep one for testing. Users Profiles stored on separate file server (NAS appliance). About 2 mo ago we started getting some users timing out and getting local profiles while logging on. As we were still using MS Access data store, I figured that was where the bottleneck was. Bought Dell 2650 with plenty of RAM and put win2k OS on RAID 1 drives, SQL 2000 on RAID 5 drives. Converted the farm to SQL data store. Helped some, but still get a few each morning. We solve it by blowing off the user in MMC and deleting local profile on server. That's not my real problem, just background.
Citrix servers were running Win 2k SP2 and Metaframe XP FR2. Had a security analysis by outside firm (we are a bank and heavily regulated). They blew a cork about the service packs, especially MS04-011 Sasser fix. I explained that service packs frequently break more than they fix in a Citrix environment and how we needed to extensively test each fix before we roll it out. They were still insistent that at the very least we apply KB835732. I applied that to my test server and tested for a day, no apparent problems, then rolled it out to all my servers. Started having problems with a few people unable to get an ica session, with an error message about being unable to create a temporary profile. Only happened to certain users, but happened to those users no matter what server or workstation they were on. Uninstalled the patch and everything back to whatever normal is.
Thought perhaps there was a conflict because the servers were only on sp2. Started gradually bringing my test server up to latest patches. Installed SP3, tested. Installed FR3, tested. Installed SP4, tested. Had a few printer issues, installed XE 103w2k082 and everything seemed to work. Installed kb835732 again and same results - some users got the error, most didn't. Compared everything about the users - domain groups, ica client version, etc. Found no correlations whatsoever.
Event viewer had several events with an id of 1000. "Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator" and "Windows cannot unload your registry class file. if you have a roaming profile, your settings are not replicated. Contact your administrator. DETAIL Access is denied. Build number ({2195})"
Looked on the server and under documents and settings, it is creating a folder named temp instead of the username. The permissions on the temp folder are for the user trying to get on, tho - full permissions. Even when I restart and delete the temp folders, and try it again with one of the affected users, same thing.
Anybody have any idea what hotfix addresses this? I have searched everywhere and can't seem to come up with anything.
Citrix servers were running Win 2k SP2 and Metaframe XP FR2. Had a security analysis by outside firm (we are a bank and heavily regulated). They blew a cork about the service packs, especially MS04-011 Sasser fix. I explained that service packs frequently break more than they fix in a Citrix environment and how we needed to extensively test each fix before we roll it out. They were still insistent that at the very least we apply KB835732. I applied that to my test server and tested for a day, no apparent problems, then rolled it out to all my servers. Started having problems with a few people unable to get an ica session, with an error message about being unable to create a temporary profile. Only happened to certain users, but happened to those users no matter what server or workstation they were on. Uninstalled the patch and everything back to whatever normal is.
Thought perhaps there was a conflict because the servers were only on sp2. Started gradually bringing my test server up to latest patches. Installed SP3, tested. Installed FR3, tested. Installed SP4, tested. Had a few printer issues, installed XE 103w2k082 and everything seemed to work. Installed kb835732 again and same results - some users got the error, most didn't. Compared everything about the users - domain groups, ica client version, etc. Found no correlations whatsoever.
Event viewer had several events with an id of 1000. "Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder. Contact your network administrator" and "Windows cannot unload your registry class file. if you have a roaming profile, your settings are not replicated. Contact your administrator. DETAIL Access is denied. Build number ({2195})"
Looked on the server and under documents and settings, it is creating a folder named temp instead of the username. The permissions on the temp folder are for the user trying to get on, tho - full permissions. Even when I restart and delete the temp folders, and try it again with one of the affected users, same thing.
Anybody have any idea what hotfix addresses this? I have searched everywhere and can't seem to come up with anything.