Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Roaming profiles don't roam 1

Status
Not open for further replies.
VerbalKint04

VerbalKint04

Technical User
May 9, 2003
29
US
Here's the scoop:

We use a Citrix server (win2k) that users logon to. Some users gain "desktop" access while others only launch published applications. For the most part our roaming profiles work like a champ. However there is the occassional misfire that requires us to setup their application settings again and again. The profiles are being hosted on a Windows 2000 server as well. Also, during times that the user is logged on to two different citrix servers and logs off at the same time (or very near the same time) they get an error saying that it couldn't write a file back to the profile directory.

Does anyone have any solid experience with Win2k roaming profiles? I appreaciate any help you can offer!

OUT.
 
Sort by date Sort by votes
Make sure that you do not have any name resolution problems. Check DNS (check manual records that may have been created) and lmhosts and hosts files (in case that someone entered wrong information in those files). In addition, if you have wins, check the replication and the database has purged obsolete records.


Gladys Rodriguez
GlobalStrata Solutions
 
Upvote 0 Downvote
Hi,

Anyone facing this problem before, any solution to this?

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 5/12/2003
Time: 4:50:01 PM
User: NT AUTHORITY\SYSTEM
Computer: FMCSEA08
Description:
Windows cannot unload your registry file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL - Access is denied. , Build number ((2195)).
 
Upvote 0 Downvote
VerbalKint04,

It sounds like you have roaming profiles configured correctly. If they work 99% of the time you're golden. Truth is it still is a bit buggy and they just don't work 100% of the time.

Here is what I do see from your post though. You need some serious Group Policy action.

I usually create an OU for Citrix Servers and put the Citrix Servers in that OU.

You are going to create at least a couple of GP's for the Citrix Server OU and and apply loopback processing for each one. In loopback processing mode here is what happens. You'll notice in Group Policy there are two sections of settings. One for Computers and one for Users. Obviously they apply to those objects either Users or Computers. Well you don't want to have to put Citrix users into the Citrix Server OU. So by applying "Loopback Processing" (which is a setting within Group Policy) any user that logs into the computers in the Citrix Server OU will apply the User side GP settings.

Create one group policy that gets applied to all "Authenticated Users". This policy should be completely locked down. If you don't get a more permissive GP you're basically screwed. This prevents users who shouldn't be on a Citrix Box, or who somehow miss out on getting put into a group who should receive a GP from getting onto the box and having more control than they should. BE SURE TO DENY THIS POLICY TO CITRIX ADMINISTRATORS.

Create subsequent Group Policies with less restrictions giving them the ability to have access to the applications and OS functionality that they need. Within these GP's you should utilize Desktop redirection. This will redirect the users that receive a specific GP to be redirected to a folder that has a desktop and start menu customized for exactly what you want that group of users to see or have access to. ALSO BE SURE TO DENY THESE POLICIES TO THE CITRIX ADMINISTRATORS.

That will help resolve the problem with users losing their desktop configuration now and then when the roaming profile doesn't work. Basically whether the roaming profile works or not the user's desktop will get recreated the same way every time they log in.

I hope I explained that well enough. Let me know if you have any questions.
 
Upvote 0 Downvote
So the GPs would basically act as a "backup plan" in the event that the roaming profiles don't run? I was afraid it wasn't going to be an easy solution. :) Oh well, it'll give me something else to do, which is better than sitting at home all day long. Thanks for your help!
 
Upvote 0 Downvote
I see it as more than a backup plan. I feel that the GP's are essential on a Citrix box. It just so happens that with the combination of the GP and the roaming profiles you don't notice the fact that roaming profiles are buggy, which from my experience happens to be the case.
 
Upvote 0 Downvote
Maybe this will help you:

Source:
Source Userenv
Type Error
Description Windows cannot unload your registry class file. If you have a roaming profile, your settings are not replicated. Contact your administrator.

DETAIL Access is denied. , Build number ((2195)).
Comments Ron Terren (Last update 6/18/2003):
In our case, this occured on Dell computers. I called into Dell with this error and their techs had me remove Hotfix 329170 and reboot all the affected servers, then I did the same in the clients and all is well.

Woodrow Wayne Collins
To work around this problem, turn on the IPSec Policy agent. Windows 2000 Service Pack 3 is supposed to fix this problem. See Q319909 for details.
Links Q319909
 
Upvote 0 Downvote
The problem with trying to uninstall HotFix 329170 is that it is part of SP4. I have 6 Citrix servers in a farm and 4 of them are running SP4 while the others are running SP3 with this Hotfix on them.

I don't want to back-track by uninstalling, I want to move forward.

I did find this article on Symantecs site that was posted in July 2003 for users of Symantec Corporate NAV 7.6.

I am waiting to get the software to upgrade to see if it works.

I also saw mention of disabling the MDM service. This sounded promising until I noticed not all of my Citrix Servers were running MDM.

Let me know if anyone has any other updates.
 
Upvote 0 Downvote
Now, I have for sure found a solution to the roaming profile and 60 second logoff time problem. I have to thank members at for helping find this solution (
I am running both SP3 and SP4 Windows 2000 servers in my Citrix Farm.

The problem lies with VNC Server. I am running the infamous Microsoft HotFix Q329170 on the SP3 servers. I found, on both the SP3 servers with the HotFix and the SP4 servers, if I removed VNC Server my roaming profiles started working again, the Userenv error disappeared and my logoff time dropped substantially.

Now, there were a few hoops I had to jump through to get VNC to uninstall properly before the roaming profiles started working. Please read this whole post before starting.

When I did a regular uninstall, I would get a message stating some components of VNC Server could not be removed and I needed to remove them manually. I also noticed the VNC Server Service was still registered and listed in the services. So this is what I did:

1. Go to the RealVNC or VNC program group (depending on your version) and run the "unregister the VNC server service".
2. Open Control Panel and uninstall VNC. (May get message stating some items could not be removed, remove them manually).
3. Reboot server
4. Once the server came back up, if you are running Citrix or Terminal Server, immediately disallow remote logins.
5. Change user mode of the server to "install mode" by opening a command prompt and typing "change user/install". (TS and Citrix only).
6. Run a fresh install of VNC and make sure you set the VNC Server service to re-register. You may get prompted about the directory and such already existing...overwrite everything and finish the install. Once the install is complete, you may be asked to reboot. Reboot server, disallow logins, change to "install mode" again and immediately go to the Control Panel and uninstall VNC. This time it will successfully unregister the VNC Server Service itself and uninstall VNC completely.
7. Reboot the server.

Now your roaming profiles should be working again. Run some test to see if they are. I would go to the folder of a test user where their roaming profile would be stored and delete all the sub folders and files, log in to a TS or Citrix server with that test account, then log off, switch back to watch the folder where their roaming profile would be stored and see if the files and folders reappeared.

NOTE: I have eight Citrix Servers in a farm. I did have trouble with the above steps on 2 of the servers and still could not get the roaming profiles to work and still had the 60 second log off time. I had to run REGEDIT on these two servers, after following the above steps, and delete every instance of VNC in the registry. (Obviously use EXTREME CARE when messing with your registry. Updating your ERD and backing up your registry first would be a good idea). Once I finished searching the registry, I rebooted the servers again with the cleaned registry and my raoming profiles started working on these 2 other servers as well. :)

Good luck to all those users and Administrators that have been fighting this problem. ;)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

wmin3
  • Locked
  • Question
Roaming Profiles not moving to new Windows Server 2012
Replies
0
Views
72
wmin3
wmin3
JayIT
  • Locked
  • Question
. Random temp profiles created on servers
Replies
0
Views
46
JayIT
JayIT
markjson
  • Locked
  • Question
SBS 2008 is refusing to create and load roaming profile, complaining of slow connection
Replies
2
Views
52
markjson
markjson
1DMF
  • Locked
  • Question
Folder Redirection & Roaming Profiles
Replies
0
Views
51
1DMF
1DMF
Deepseadata
  • Locked
  • Question
Do I have redirected folders or roaming profiles?
Replies
3
Views
89
ShackDaddy
ShackDaddy

Part and Inventory Search

Sponsor

Back
Top