Guest Innovations Posted September 21, 2008 Posted September 21, 2008 Vista sp1, Server 2003 & 2008 dfs: The users have roaming profiles with the GP redirecting profile folders to a dfs location on the network \\domainname\dfsfilespace\Users\(username)\... profiles are also set to come from \\domainname\dfsfilespace\users\(username) recently redistributed locations on the server and now everthing has gone to crap. Users get messages at logon saying that the server copy of their profile has not been found and they will be logged on with a temporary profile, even though the network and folder appear available. Even moreso running a file sync gives hundreds of Access is Denied errors. This happens even for a newly created user that would not have issues with the old mappings. Checking via dfs pathname confirms that the user can access their folder, has full rights, and is owner.
Guest Anthony [MVP] Posted September 21, 2008 Posted September 21, 2008 Re: Redirection, Synch, Profile Failures I am not sure if you intended to say this, but folders should be redirected OUT of the profile into a different location, e.g. dfspath\users\Profiles and dfspath\users\Personal Profiles must have caching disabled, and Personal must have it enabled (if you intend to use offline files). Profiles will have only user (and Administrator, if set) access. Personal will inherit from the root folder. Regards, Anthony http://www.airdesk.co.uk "Innovations" <Innovations@discussions.microsoft.com> wrote in message news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com... > Vista sp1, Server 2003 & 2008 dfs: > > The users have roaming profiles with the GP redirecting profile folders to > a > dfs location on the network \\domainname\dfsfilespace\Users\(username)\... > profiles are also set to come from > \\domainname\dfsfilespace\users\(username) > > recently redistributed locations on the server and now everthing has gone > to > crap. > > Users get messages at logon saying that the server copy of their profile > has > not been found and they will be logged on with a temporary profile, even > though the network and folder appear available. Even moreso running a > file > sync gives hundreds of Access is Denied errors. This happens even for a > newly created user that would not have issues with the old mappings. > Checking via dfs pathname confirms that the user can access their folder, > has > full rights, and is owner.
Guest Innovations Posted September 22, 2008 Posted September 22, 2008 Re: Redirection, Synch, Profile Failures True, but no help The profiles now point to \\domainname\dfsnamespace\Profiles\username while the folder redirections now goes to \\domainname\dfsnamespace\Users\username\... each of which is in a separate share on the 2008 server, the \Profiles are set for no caching and the \Users are set for cache only selected files. Everyone has ownership and full rights to their folder under \Users. But the behavior is unchanged. I did however find a clue. When the former location of their redirected folders on the 2003 server, \\Servername\Users\username\... was still shared the applications log showed folder redirection errors saying that the NEW dfs path was Access Denied (even though the path existed and the users were owners with full rights). When the old location was unshared the error changed to say that redirection failed because the old source directory \\Servername\Users\username\... is offline So it seems that at least part of the problem is that the Vista SP1 Clients cannot seem to forget about an old GP folder redirection and cannot move to a new one no matter what the rights are. "Anthony [MVP]" wrote: > I am not sure if you intended to say this, but folders should be redirected > OUT of the profile into a different location, e.g. > dfspath\users\Profiles and > dfspath\users\Personal > > Profiles must have caching disabled, and Personal must have it enabled (if > you intend to use offline files). > > Profiles will have only user (and Administrator, if set) access. Personal > will inherit from the root folder. > > Regards, > Anthony > http://www.airdesk.co.uk > > > "Innovations" <Innovations@discussions.microsoft.com> wrote in message > news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com... > > Vista sp1, Server 2003 & 2008 dfs: > > > > The users have roaming profiles with the GP redirecting profile folders to > > a > > dfs location on the network \\domainname\dfsfilespace\Users\(username)\... > > profiles are also set to come from > > \\domainname\dfsfilespace\users\(username) > > > > recently redistributed locations on the server and now everthing has gone > > to > > crap. > > > > Users get messages at logon saying that the server copy of their profile > > has > > not been found and they will be logged on with a temporary profile, even > > though the network and folder appear available. Even moreso running a > > file > > sync gives hundreds of Access is Denied errors. This happens even for a > > newly created user that would not have issues with the old mappings. > > Checking via dfs pathname confirms that the user can access their folder, > > has > > full rights, and is owner. > >
Guest Anthony [MVP] Posted September 22, 2008 Posted September 22, 2008 Re: Redirection, Synch, Profile Failures I am surprised you say it is no help, because it won't work the way you had it, and it will work the way I described. Hopefully you just meant that the problem is not yet fully solved. When you redirect, the Client-side redirection component needs access to where the folder is now, and where it is moving to. The error you describe is that the client does not have access to the new path (although you believe it does). From the PC, logged on as the user who is redirecting, try accessing the UNC path exactly as defined, i.e. \\domainname\dfsnamespace\Users\username\. If you are getting an access denied message then access is denied, you just don't know why. Have a look at the Share permissions on the actual server folder that is shared, as well as the NTFS permissions. Anthony, http://www.airdesk.com "Innovations" <Innovations@discussions.microsoft.com> wrote in message news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com... > True, but no help > > The profiles now point to \\domainname\dfsnamespace\Profiles\username > while > the folder redirections now goes to > \\domainname\dfsnamespace\Users\username\... each of which is in a > separate > share on the 2008 server, the \Profiles are set for no caching and the > \Users > are set for cache only selected files. Everyone has ownership and full > rights to their folder under \Users. > > But the behavior is unchanged. I did however find a clue. When the > former > location of their redirected folders on the 2003 server, > \\Servername\Users\username\... was still shared the applications log > showed > folder redirection errors saying that the NEW dfs path was Access Denied > (even though the path existed and the users were owners with full rights). > When the old location was unshared the error changed to say that > redirection > failed because the old source directory \\Servername\Users\username\... is > offline > > So it seems that at least part of the problem is that the Vista SP1 > Clients > cannot seem to forget about an old GP folder redirection and cannot move > to a > new one no matter what the rights are. > > "Anthony [MVP]" wrote: > >> I am not sure if you intended to say this, but folders should be >> redirected >> OUT of the profile into a different location, e.g. >> dfspath\users\Profiles and >> dfspath\users\Personal >> >> Profiles must have caching disabled, and Personal must have it enabled >> (if >> you intend to use offline files). >> >> Profiles will have only user (and Administrator, if set) access. Personal >> will inherit from the root folder. >> >> Regards, >> Anthony >> http://www.airdesk.co.uk >> >> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message >> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com... >> > Vista sp1, Server 2003 & 2008 dfs: >> > >> > The users have roaming profiles with the GP redirecting profile folders >> > to >> > a >> > dfs location on the network >> > \\domainname\dfsfilespace\Users\(username)\... >> > profiles are also set to come from >> > \\domainname\dfsfilespace\users\(username) >> > >> > recently redistributed locations on the server and now everthing has >> > gone >> > to >> > crap. >> > >> > Users get messages at logon saying that the server copy of their >> > profile >> > has >> > not been found and they will be logged on with a temporary profile, >> > even >> > though the network and folder appear available. Even moreso running a >> > file >> > sync gives hundreds of Access is Denied errors. This happens even for >> > a >> > newly created user that would not have issues with the old mappings. >> > Checking via dfs pathname confirms that the user can access their >> > folder, >> > has >> > full rights, and is owner. >> >>
Guest Innovations Posted September 22, 2008 Posted September 22, 2008 Re: Redirection, Synch, Profile Failures I am surprised too, but there does not seem to be any change at all. When logged in as the user on their computer I can navigate all the way to \\domainname\dfsnamespace\Users\username\... and even into the subfolders. checking on the server the file permissions are: SYSTEM:full (username):Full Administrators:Full Authenticated Users:Special (via MS knowledge base article) ....And the user is the owner of the entire directory structure. When the old GP policy folder is not shared on the network the error messages in the apps log are. For each shared folder: Failed to apply policy and redirect folder "Contacts" to "\\domainname\dfsnamespace\Users\(username)\Contacts". Redirection options=80001211. The following error occurred: "Failed to redirect because the source directory "\\(Servername)\Data\Users\(username)\Contacts" is offline". Error details: "The network path was not found. AND Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights. DETAIL - The system cannot find the path specified. When the old folder is unshared the second error is unchanged but the first changes to (one for each folder): Failed to apply policy and redirect folder "RoamingAppData" to "\\domainname\dfsnamespace\Users\(username)\Application Data". Redirection options=80009211. The following error occurred: "Can not create folder "\\domainname\dfsfilespace\Users\(username)\Application Data"". Error details: "This security ID may not be assigned as the owner of this object. " as for the folder \\domainname\dfsnamespace\Profiles\(username) they exist and all employees have full rights. "Anthony [MVP]" wrote: > I am surprised you say it is no help, because it won't work the way you had > it, and it will work the way I described. Hopefully you just meant that the > problem is not yet fully solved. > > When you redirect, the Client-side redirection component needs access to > where the folder is now, and where it is moving to. > The error you describe is that the client does not have access to the new > path (although you believe it does). > From the PC, logged on as the user who is redirecting, try accessing the UNC > path exactly as defined, i.e. \\domainname\dfsnamespace\Users\username\. If > you are getting an access denied message then access is denied, you just > don't know why. Have a look at the Share permissions on the actual server > folder that is shared, as well as the NTFS permissions. > Anthony, > http://www.airdesk.com > > > "Innovations" <Innovations@discussions.microsoft.com> wrote in message > news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com... > > True, but no help > > > > The profiles now point to \\domainname\dfsnamespace\Profiles\username > > while > > the folder redirections now goes to > > \\domainname\dfsnamespace\Users\username\... each of which is in a > > separate > > share on the 2008 server, the \Profiles are set for no caching and the > > \Users > > are set for cache only selected files. Everyone has ownership and full > > rights to their folder under \Users. > > > > But the behavior is unchanged. I did however find a clue. When the > > former > > location of their redirected folders on the 2003 server, > > \\Servername\Users\username\... was still shared the applications log > > showed > > folder redirection errors saying that the NEW dfs path was Access Denied > > (even though the path existed and the users were owners with full rights). > > When the old location was unshared the error changed to say that > > redirection > > failed because the old source directory \\Servername\Users\username\... is > > offline > > > > So it seems that at least part of the problem is that the Vista SP1 > > Clients > > cannot seem to forget about an old GP folder redirection and cannot move > > to a > > new one no matter what the rights are. > > > > "Anthony [MVP]" wrote: > > > >> I am not sure if you intended to say this, but folders should be > >> redirected > >> OUT of the profile into a different location, e.g. > >> dfspath\users\Profiles and > >> dfspath\users\Personal > >> > >> Profiles must have caching disabled, and Personal must have it enabled > >> (if > >> you intend to use offline files). > >> > >> Profiles will have only user (and Administrator, if set) access. Personal > >> will inherit from the root folder. > >> > >> Regards, > >> Anthony > >> http://www.airdesk.co.uk > >> > >> > >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message > >> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com... > >> > Vista sp1, Server 2003 & 2008 dfs: > >> > > >> > The users have roaming profiles with the GP redirecting profile folders > >> > to > >> > a > >> > dfs location on the network > >> > \\domainname\dfsfilespace\Users\(username)\... > >> > profiles are also set to come from > >> > \\domainname\dfsfilespace\users\(username) > >> > > >> > recently redistributed locations on the server and now everthing has > >> > gone > >> > to > >> > crap. > >> > > >> > Users get messages at logon saying that the server copy of their > >> > profile > >> > has > >> > not been found and they will be logged on with a temporary profile, > >> > even > >> > though the network and folder appear available. Even moreso running a > >> > file > >> > sync gives hundreds of Access is Denied errors. This happens even for > >> > a > >> > newly created user that would not have issues with the old mappings. > >> > Checking via dfs pathname confirms that the user can access their > >> > folder, > >> > has > >> > full rights, and is owner. > >> > >> >
Guest Anthony [MVP] Posted September 24, 2008 Posted September 24, 2008 Re: Redirection, Synch, Profile Failures I would take this one step at a time. 1) If you set up a completely new test account with these new DFS paths, does it work? This will tell you whether permissions are correct 2) The profile error is caused by incorrect permissions on Existing profiles. It sounds as though you had previously mixed up profile location with the home folder location. The Home folder is created when the account is set up, by the person setting up the account. The profile folder is created by the user, when they first log off. If the folder already exists it will not be created by the user logging off, and will not have the right permissions. You would need to delete the roaming copy of the profile and let it be recreated in the correct location by the user. 3) It sounds as though the permissions for the redirected documents folder are correct, but step 1 above will tell you that. Hope that helps, Anthony http://www.airdesk.com "Innovations" <Innovations@discussions.microsoft.com> wrote in message news:F5A8D495-11D9-4EAE-B2B0-A9E0C306B484@microsoft.com... > I am surprised too, but there does not seem to be any change at all. > > When logged in as the user on their computer I can navigate all the way to > \\domainname\dfsnamespace\Users\username\... and even into the subfolders. > checking on the server the file permissions are: > SYSTEM:full > (username):Full > Administrators:Full > Authenticated Users:Special (via MS knowledge base article) > ...And the user is the owner of the entire directory structure. > > When the old GP policy folder is not shared on the network the error > messages in the apps log are. > > For each shared folder: > Failed to apply policy and redirect folder "Contacts" to > "\\domainname\dfsnamespace\Users\(username)\Contacts". > Redirection options=80001211. > The following error occurred: "Failed to redirect because the source > directory "\\(Servername)\Data\Users\(username)\Contacts" is offline". > Error details: "The network path was not found. > > AND > > Windows cannot locate the server copy of your roaming profile and is > attempting to log you on with your local profile. Changes to the profile > will > not be copied to the server when you log off. This error may be caused by > network problems or insufficient security rights. > DETAIL - The system cannot find the path specified. > > When the old folder is unshared the second error is unchanged but the > first > changes to (one for each folder): > > Failed to apply policy and redirect folder "RoamingAppData" to > "\\domainname\dfsnamespace\Users\(username)\Application Data". > Redirection options=80009211. > The following error occurred: "Can not create folder > "\\domainname\dfsfilespace\Users\(username)\Application Data"". > Error details: "This security ID may not be assigned as the owner of this > object. > " > > as for the folder \\domainname\dfsnamespace\Profiles\(username) they exist > and all employees have full rights. > > "Anthony [MVP]" wrote: > >> I am surprised you say it is no help, because it won't work the way you >> had >> it, and it will work the way I described. Hopefully you just meant that >> the >> problem is not yet fully solved. >> >> When you redirect, the Client-side redirection component needs access to >> where the folder is now, and where it is moving to. >> The error you describe is that the client does not have access to the new >> path (although you believe it does). >> From the PC, logged on as the user who is redirecting, try accessing the >> UNC >> path exactly as defined, i.e. \\domainname\dfsnamespace\Users\username\. >> If >> you are getting an access denied message then access is denied, you just >> don't know why. Have a look at the Share permissions on the actual server >> folder that is shared, as well as the NTFS permissions. >> Anthony, >> http://www.airdesk.com >> >> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message >> news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com... >> > True, but no help >> > >> > The profiles now point to \\domainname\dfsnamespace\Profiles\username >> > while >> > the folder redirections now goes to >> > \\domainname\dfsnamespace\Users\username\... each of which is in a >> > separate >> > share on the 2008 server, the \Profiles are set for no caching and the >> > \Users >> > are set for cache only selected files. Everyone has ownership and full >> > rights to their folder under \Users. >> > >> > But the behavior is unchanged. I did however find a clue. When the >> > former >> > location of their redirected folders on the 2003 server, >> > \\Servername\Users\username\... was still shared the applications log >> > showed >> > folder redirection errors saying that the NEW dfs path was Access >> > Denied >> > (even though the path existed and the users were owners with full >> > rights). >> > When the old location was unshared the error changed to say that >> > redirection >> > failed because the old source directory \\Servername\Users\username\... >> > is >> > offline >> > >> > So it seems that at least part of the problem is that the Vista SP1 >> > Clients >> > cannot seem to forget about an old GP folder redirection and cannot >> > move >> > to a >> > new one no matter what the rights are. >> > >> > "Anthony [MVP]" wrote: >> > >> >> I am not sure if you intended to say this, but folders should be >> >> redirected >> >> OUT of the profile into a different location, e.g. >> >> dfspath\users\Profiles and >> >> dfspath\users\Personal >> >> >> >> Profiles must have caching disabled, and Personal must have it enabled >> >> (if >> >> you intend to use offline files). >> >> >> >> Profiles will have only user (and Administrator, if set) access. >> >> Personal >> >> will inherit from the root folder. >> >> >> >> Regards, >> >> Anthony >> >> http://www.airdesk.co.uk >> >> >> >> >> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message >> >> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com... >> >> > Vista sp1, Server 2003 & 2008 dfs: >> >> > >> >> > The users have roaming profiles with the GP redirecting profile >> >> > folders >> >> > to >> >> > a >> >> > dfs location on the network >> >> > \\domainname\dfsfilespace\Users\(username)\... >> >> > profiles are also set to come from >> >> > \\domainname\dfsfilespace\users\(username) >> >> > >> >> > recently redistributed locations on the server and now everthing has >> >> > gone >> >> > to >> >> > crap. >> >> > >> >> > Users get messages at logon saying that the server copy of their >> >> > profile >> >> > has >> >> > not been found and they will be logged on with a temporary profile, >> >> > even >> >> > though the network and folder appear available. Even moreso running >> >> > a >> >> > file >> >> > sync gives hundreds of Access is Denied errors. This happens even >> >> > for >> >> > a >> >> > newly created user that would not have issues with the old mappings. >> >> > Checking via dfs pathname confirms that the user can access their >> >> > folder, >> >> > has >> >> > full rights, and is owner. >> >> >> >> >>
Guest Innovations Posted September 24, 2008 Posted September 24, 2008 Re: Redirection, Synch, Profile Failures A new user does not have the profile loading error and the log shows the folder redirection occuring normally. HOWEVER file synching fails with an access denied error and there does not seem to be any information actually synching up with the server. In addition all sorts of users are getting access denied errors with their My Documents and other offline files. "Anthony [MVP]" wrote: > I would take this one step at a time. > 1) If you set up a completely new test account with these new DFS paths, > does it work? This will tell you whether permissions are correct > > 2) The profile error is caused by incorrect permissions on Existing > profiles. It sounds as though you had previously mixed up profile location > with the home folder location. The Home folder is created when the account > is set up, by the person setting up the account. The profile folder is > created by the user, when they first log off. If the folder already exists > it will not be created by the user logging off, and will not have the right > permissions. You would need to delete the roaming copy of the profile and > let it be recreated in the correct location by the user. > > 3) It sounds as though the permissions for the redirected documents folder > are correct, but step 1 above will tell you that. > > Hope that helps, > Anthony > http://www.airdesk.com > > > "Innovations" <Innovations@discussions.microsoft.com> wrote in message > news:F5A8D495-11D9-4EAE-B2B0-A9E0C306B484@microsoft.com... > > I am surprised too, but there does not seem to be any change at all. > > > > When logged in as the user on their computer I can navigate all the way to > > \\domainname\dfsnamespace\Users\username\... and even into the subfolders. > > checking on the server the file permissions are: > > SYSTEM:full > > (username):Full > > Administrators:Full > > Authenticated Users:Special (via MS knowledge base article) > > ...And the user is the owner of the entire directory structure. > > > > When the old GP policy folder is not shared on the network the error > > messages in the apps log are. > > > > For each shared folder: > > Failed to apply policy and redirect folder "Contacts" to > > "\\domainname\dfsnamespace\Users\(username)\Contacts". > > Redirection options=80001211. > > The following error occurred: "Failed to redirect because the source > > directory "\\(Servername)\Data\Users\(username)\Contacts" is offline". > > Error details: "The network path was not found. > > > > AND > > > > Windows cannot locate the server copy of your roaming profile and is > > attempting to log you on with your local profile. Changes to the profile > > will > > not be copied to the server when you log off. This error may be caused by > > network problems or insufficient security rights. > > DETAIL - The system cannot find the path specified. > > > > When the old folder is unshared the second error is unchanged but the > > first > > changes to (one for each folder): > > > > Failed to apply policy and redirect folder "RoamingAppData" to > > "\\domainname\dfsnamespace\Users\(username)\Application Data". > > Redirection options=80009211. > > The following error occurred: "Can not create folder > > "\\domainname\dfsfilespace\Users\(username)\Application Data"". > > Error details: "This security ID may not be assigned as the owner of this > > object. > > " > > > > as for the folder \\domainname\dfsnamespace\Profiles\(username) they exist > > and all employees have full rights. > > > > "Anthony [MVP]" wrote: > > > >> I am surprised you say it is no help, because it won't work the way you > >> had > >> it, and it will work the way I described. Hopefully you just meant that > >> the > >> problem is not yet fully solved. > >> > >> When you redirect, the Client-side redirection component needs access to > >> where the folder is now, and where it is moving to. > >> The error you describe is that the client does not have access to the new > >> path (although you believe it does). > >> From the PC, logged on as the user who is redirecting, try accessing the > >> UNC > >> path exactly as defined, i.e. \\domainname\dfsnamespace\Users\username\. > >> If > >> you are getting an access denied message then access is denied, you just > >> don't know why. Have a look at the Share permissions on the actual server > >> folder that is shared, as well as the NTFS permissions. > >> Anthony, > >> http://www.airdesk.com > >> > >> > >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message > >> news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com... > >> > True, but no help > >> > > >> > The profiles now point to \\domainname\dfsnamespace\Profiles\username > >> > while > >> > the folder redirections now goes to > >> > \\domainname\dfsnamespace\Users\username\... each of which is in a > >> > separate > >> > share on the 2008 server, the \Profiles are set for no caching and the > >> > \Users > >> > are set for cache only selected files. Everyone has ownership and full > >> > rights to their folder under \Users. > >> > > >> > But the behavior is unchanged. I did however find a clue. When the > >> > former > >> > location of their redirected folders on the 2003 server, > >> > \\Servername\Users\username\... was still shared the applications log > >> > showed > >> > folder redirection errors saying that the NEW dfs path was Access > >> > Denied > >> > (even though the path existed and the users were owners with full > >> > rights). > >> > When the old location was unshared the error changed to say that > >> > redirection > >> > failed because the old source directory \\Servername\Users\username\... > >> > is > >> > offline > >> > > >> > So it seems that at least part of the problem is that the Vista SP1 > >> > Clients > >> > cannot seem to forget about an old GP folder redirection and cannot > >> > move > >> > to a > >> > new one no matter what the rights are. > >> > > >> > "Anthony [MVP]" wrote: > >> > > >> >> I am not sure if you intended to say this, but folders should be > >> >> redirected > >> >> OUT of the profile into a different location, e.g. > >> >> dfspath\users\Profiles and > >> >> dfspath\users\Personal > >> >> > >> >> Profiles must have caching disabled, and Personal must have it enabled > >> >> (if > >> >> you intend to use offline files). > >> >> > >> >> Profiles will have only user (and Administrator, if set) access. > >> >> Personal > >> >> will inherit from the root folder. > >> >> > >> >> Regards, > >> >> Anthony > >> >> http://www.airdesk.co.uk > >> >> > >> >> > >> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message > >> >> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com... > >> >> > Vista sp1, Server 2003 & 2008 dfs: > >> >> > > >> >> > The users have roaming profiles with the GP redirecting profile > >> >> > folders > >> >> > to > >> >> > a > >> >> > dfs location on the network > >> >> > \\domainname\dfsfilespace\Users\(username)\... > >> >> > profiles are also set to come from > >> >> > \\domainname\dfsfilespace\users\(username) > >> >> > > >> >> > recently redistributed locations on the server and now everthing has > >> >> > gone > >> >> > to > >> >> > crap. > >> >> > > >> >> > Users get messages at logon saying that the server copy of their > >> >> > profile > >> >> > has > >> >> > not been found and they will be logged on with a temporary profile, > >> >> > even > >> >> > though the network and folder appear available. Even moreso running > >> >> > a > >> >> > file > >> >> > sync gives hundreds of Access is Denied errors. This happens even > >> >> > for > >> >> > a > >> >> > newly created user that would not have issues with the old mappings. > >> >> > Checking via dfs pathname confirms that the user can access their > >> >> > folder, > >> >> > has > >> >> > full rights, and is owner. > >> >> > >> >> > >> >
Guest Anthony [MVP] Posted September 25, 2008 Posted September 25, 2008 Re: Redirection, Synch, Profile Failures 1) The new permissions sound OK then. Syncing is done per machine, so you probably just have another user on the machine you tested from whose existing permissions are wrong. It is the permissions on the existing folders for existing users that are wrong. 2) Same 3) Same Anthony http://www.airdesk.com "Innovations" <Innovations@discussions.microsoft.com> wrote in message news:B97F38FB-F2D8-4B51-BC86-B687F101F53F@microsoft.com... > A new user does not have the profile loading error and the log shows the > folder redirection occuring normally. HOWEVER file synching fails with an > access denied error and there does not seem to be any information actually > synching up with the server. > > In addition all sorts of users are getting access denied errors with their > My Documents and other offline files. > > "Anthony [MVP]" wrote: > >> I would take this one step at a time. >> 1) If you set up a completely new test account with these new DFS paths, >> does it work? This will tell you whether permissions are correct >> >> 2) The profile error is caused by incorrect permissions on Existing >> profiles. It sounds as though you had previously mixed up profile >> location >> with the home folder location. The Home folder is created when the >> account >> is set up, by the person setting up the account. The profile folder is >> created by the user, when they first log off. If the folder already >> exists >> it will not be created by the user logging off, and will not have the >> right >> permissions. You would need to delete the roaming copy of the profile and >> let it be recreated in the correct location by the user. >> >> 3) It sounds as though the permissions for the redirected documents >> folder >> are correct, but step 1 above will tell you that. >> >> Hope that helps, >> Anthony >> http://www.airdesk.com >> >> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message >> news:F5A8D495-11D9-4EAE-B2B0-A9E0C306B484@microsoft.com... >> > I am surprised too, but there does not seem to be any change at all. >> > >> > When logged in as the user on their computer I can navigate all the way >> > to >> > \\domainname\dfsnamespace\Users\username\... and even into the >> > subfolders. >> > checking on the server the file permissions are: >> > SYSTEM:full >> > (username):Full >> > Administrators:Full >> > Authenticated Users:Special (via MS knowledge base article) >> > ...And the user is the owner of the entire directory structure. >> > >> > When the old GP policy folder is not shared on the network the error >> > messages in the apps log are. >> > >> > For each shared folder: >> > Failed to apply policy and redirect folder "Contacts" to >> > "\\domainname\dfsnamespace\Users\(username)\Contacts". >> > Redirection options=80001211. >> > The following error occurred: "Failed to redirect because the source >> > directory "\\(Servername)\Data\Users\(username)\Contacts" is offline". >> > Error details: "The network path was not found. >> > >> > AND >> > >> > Windows cannot locate the server copy of your roaming profile and is >> > attempting to log you on with your local profile. Changes to the >> > profile >> > will >> > not be copied to the server when you log off. This error may be caused >> > by >> > network problems or insufficient security rights. >> > DETAIL - The system cannot find the path specified. >> > >> > When the old folder is unshared the second error is unchanged but the >> > first >> > changes to (one for each folder): >> > >> > Failed to apply policy and redirect folder "RoamingAppData" to >> > "\\domainname\dfsnamespace\Users\(username)\Application Data". >> > Redirection options=80009211. >> > The following error occurred: "Can not create folder >> > "\\domainname\dfsfilespace\Users\(username)\Application Data"". >> > Error details: "This security ID may not be assigned as the owner of >> > this >> > object. >> > " >> > >> > as for the folder \\domainname\dfsnamespace\Profiles\(username) they >> > exist >> > and all employees have full rights. >> > >> > "Anthony [MVP]" wrote: >> > >> >> I am surprised you say it is no help, because it won't work the way >> >> you >> >> had >> >> it, and it will work the way I described. Hopefully you just meant >> >> that >> >> the >> >> problem is not yet fully solved. >> >> >> >> When you redirect, the Client-side redirection component needs access >> >> to >> >> where the folder is now, and where it is moving to. >> >> The error you describe is that the client does not have access to the >> >> new >> >> path (although you believe it does). >> >> From the PC, logged on as the user who is redirecting, try accessing >> >> the >> >> UNC >> >> path exactly as defined, i.e. >> >> \\domainname\dfsnamespace\Users\username\. >> >> If >> >> you are getting an access denied message then access is denied, you >> >> just >> >> don't know why. Have a look at the Share permissions on the actual >> >> server >> >> folder that is shared, as well as the NTFS permissions. >> >> Anthony, >> >> http://www.airdesk.com >> >> >> >> >> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message >> >> news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com... >> >> > True, but no help >> >> > >> >> > The profiles now point to >> >> > \\domainname\dfsnamespace\Profiles\username >> >> > while >> >> > the folder redirections now goes to >> >> > \\domainname\dfsnamespace\Users\username\... each of which is in a >> >> > separate >> >> > share on the 2008 server, the \Profiles are set for no caching and >> >> > the >> >> > \Users >> >> > are set for cache only selected files. Everyone has ownership and >> >> > full >> >> > rights to their folder under \Users. >> >> > >> >> > But the behavior is unchanged. I did however find a clue. When the >> >> > former >> >> > location of their redirected folders on the 2003 server, >> >> > \\Servername\Users\username\... was still shared the applications >> >> > log >> >> > showed >> >> > folder redirection errors saying that the NEW dfs path was Access >> >> > Denied >> >> > (even though the path existed and the users were owners with full >> >> > rights). >> >> > When the old location was unshared the error changed to say that >> >> > redirection >> >> > failed because the old source directory >> >> > \\Servername\Users\username\... >> >> > is >> >> > offline >> >> > >> >> > So it seems that at least part of the problem is that the Vista SP1 >> >> > Clients >> >> > cannot seem to forget about an old GP folder redirection and cannot >> >> > move >> >> > to a >> >> > new one no matter what the rights are. >> >> > >> >> > "Anthony [MVP]" wrote: >> >> > >> >> >> I am not sure if you intended to say this, but folders should be >> >> >> redirected >> >> >> OUT of the profile into a different location, e.g. >> >> >> dfspath\users\Profiles and >> >> >> dfspath\users\Personal >> >> >> >> >> >> Profiles must have caching disabled, and Personal must have it >> >> >> enabled >> >> >> (if >> >> >> you intend to use offline files). >> >> >> >> >> >> Profiles will have only user (and Administrator, if set) access. >> >> >> Personal >> >> >> will inherit from the root folder. >> >> >> >> >> >> Regards, >> >> >> Anthony >> >> >> http://www.airdesk.co.uk >> >> >> >> >> >> >> >> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in >> >> >> message >> >> >> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com... >> >> >> > Vista sp1, Server 2003 & 2008 dfs: >> >> >> > >> >> >> > The users have roaming profiles with the GP redirecting profile >> >> >> > folders >> >> >> > to >> >> >> > a >> >> >> > dfs location on the network >> >> >> > \\domainname\dfsfilespace\Users\(username)\... >> >> >> > profiles are also set to come from >> >> >> > \\domainname\dfsfilespace\users\(username) >> >> >> > >> >> >> > recently redistributed locations on the server and now everthing >> >> >> > has >> >> >> > gone >> >> >> > to >> >> >> > crap. >> >> >> > >> >> >> > Users get messages at logon saying that the server copy of their >> >> >> > profile >> >> >> > has >> >> >> > not been found and they will be logged on with a temporary >> >> >> > profile, >> >> >> > even >> >> >> > though the network and folder appear available. Even moreso >> >> >> > running >> >> >> > a >> >> >> > file >> >> >> > sync gives hundreds of Access is Denied errors. This happens >> >> >> > even >> >> >> > for >> >> >> > a >> >> >> > newly created user that would not have issues with the old >> >> >> > mappings. >> >> >> > Checking via dfs pathname confirms that the user can access their >> >> >> > folder, >> >> >> > has >> >> >> > full rights, and is owner. >> >> >> >> >> >> >> >> >>
Recommended Posts