Jump to content

Redirection, Synch, Profile Failures

Guest Innovations

By Guest Innovations
in Windows 2003 Server

 Share

Recommended Posts

Guest Innovations

Guest Innovations

Posted
Posted

Vista sp1, Server 2003 & 2008 dfs:

 

The users have roaming profiles with the GP redirecting profile folders to a

dfs location on the network \\domainname\dfsfilespace\Users\(username)\...

profiles are also set to come from \\domainname\dfsfilespace\users\(username)

 

recently redistributed locations on the server and now everthing has gone to

crap.

 

Users get messages at logon saying that the server copy of their profile has

not been found and they will be logged on with a temporary profile, even

though the network and folder appear available. Even moreso running a file

sync gives hundreds of Access is Denied errors. This happens even for a

newly created user that would not have issues with the old mappings.

Checking via dfs pathname confirms that the user can access their folder, has

full rights, and is owner.

  • Replies 7
  • Created
  • Last Reply

Popular Days

Popular Days

Guest Anthony [MVP]

Guest Anthony [MVP]

Posted
Posted

Re: Redirection, Synch, Profile Failures

 

I am not sure if you intended to say this, but folders should be redirected

OUT of the profile into a different location, e.g.

dfspath\users\Profiles and

dfspath\users\Personal

 

Profiles must have caching disabled, and Personal must have it enabled (if

you intend to use offline files).

 

Profiles will have only user (and Administrator, if set) access. Personal

will inherit from the root folder.

 

Regards,

Anthony

http://www.airdesk.co.uk

 

 

"Innovations" <Innovations@discussions.microsoft.com> wrote in message

news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com...

> Vista sp1, Server 2003 & 2008 dfs:

>

> The users have roaming profiles with the GP redirecting profile folders to

> a

> dfs location on the network \\domainname\dfsfilespace\Users\(username)\...

> profiles are also set to come from

> \\domainname\dfsfilespace\users\(username)

>

> recently redistributed locations on the server and now everthing has gone

> to

> crap.

>

> Users get messages at logon saying that the server copy of their profile

> has

> not been found and they will be logged on with a temporary profile, even

> though the network and folder appear available. Even moreso running a

> file

> sync gives hundreds of Access is Denied errors. This happens even for a

> newly created user that would not have issues with the old mappings.

> Checking via dfs pathname confirms that the user can access their folder,

> has

> full rights, and is owner.

Guest Innovations

Guest Innovations

Posted
Posted

Re: Redirection, Synch, Profile Failures

 

True, but no help

 

The profiles now point to \\domainname\dfsnamespace\Profiles\username while

the folder redirections now goes to

\\domainname\dfsnamespace\Users\username\... each of which is in a separate

share on the 2008 server, the \Profiles are set for no caching and the \Users

are set for cache only selected files. Everyone has ownership and full

rights to their folder under \Users.

 

But the behavior is unchanged. I did however find a clue. When the former

location of their redirected folders on the 2003 server,

\\Servername\Users\username\... was still shared the applications log showed

folder redirection errors saying that the NEW dfs path was Access Denied

(even though the path existed and the users were owners with full rights).

When the old location was unshared the error changed to say that redirection

failed because the old source directory \\Servername\Users\username\... is

offline

 

So it seems that at least part of the problem is that the Vista SP1 Clients

cannot seem to forget about an old GP folder redirection and cannot move to a

new one no matter what the rights are.

 

"Anthony [MVP]" wrote:

> I am not sure if you intended to say this, but folders should be redirected

> OUT of the profile into a different location, e.g.

> dfspath\users\Profiles and

> dfspath\users\Personal

>

> Profiles must have caching disabled, and Personal must have it enabled (if

> you intend to use offline files).

>

> Profiles will have only user (and Administrator, if set) access. Personal

> will inherit from the root folder.

>

> Regards,

> Anthony

> http://www.airdesk.co.uk

>

>

> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com...

> > Vista sp1, Server 2003 & 2008 dfs:

> >

> > The users have roaming profiles with the GP redirecting profile folders to

> > a

> > dfs location on the network \\domainname\dfsfilespace\Users\(username)\...

> > profiles are also set to come from

> > \\domainname\dfsfilespace\users\(username)

> >

> > recently redistributed locations on the server and now everthing has gone

> > to

> > crap.

> >

> > Users get messages at logon saying that the server copy of their profile

> > has

> > not been found and they will be logged on with a temporary profile, even

> > though the network and folder appear available. Even moreso running a

> > file

> > sync gives hundreds of Access is Denied errors. This happens even for a

> > newly created user that would not have issues with the old mappings.

> > Checking via dfs pathname confirms that the user can access their folder,

> > has

> > full rights, and is owner.

>

>

Guest Anthony [MVP]

Guest Anthony [MVP]

Posted
Posted

Re: Redirection, Synch, Profile Failures

 

I am surprised you say it is no help, because it won't work the way you had

it, and it will work the way I described. Hopefully you just meant that the

problem is not yet fully solved.

 

When you redirect, the Client-side redirection component needs access to

where the folder is now, and where it is moving to.

The error you describe is that the client does not have access to the new

path (although you believe it does).

From the PC, logged on as the user who is redirecting, try accessing the UNC

path exactly as defined, i.e. \\domainname\dfsnamespace\Users\username\. If

you are getting an access denied message then access is denied, you just

don't know why. Have a look at the Share permissions on the actual server

folder that is shared, as well as the NTFS permissions.

Anthony,

http://www.airdesk.com

 

 

"Innovations" <Innovations@discussions.microsoft.com> wrote in message

news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com...

> True, but no help

>

> The profiles now point to \\domainname\dfsnamespace\Profiles\username

> while

> the folder redirections now goes to

> \\domainname\dfsnamespace\Users\username\... each of which is in a

> separate

> share on the 2008 server, the \Profiles are set for no caching and the

> \Users

> are set for cache only selected files. Everyone has ownership and full

> rights to their folder under \Users.

>

> But the behavior is unchanged. I did however find a clue. When the

> former

> location of their redirected folders on the 2003 server,

> \\Servername\Users\username\... was still shared the applications log

> showed

> folder redirection errors saying that the NEW dfs path was Access Denied

> (even though the path existed and the users were owners with full rights).

> When the old location was unshared the error changed to say that

> redirection

> failed because the old source directory \\Servername\Users\username\... is

> offline

>

> So it seems that at least part of the problem is that the Vista SP1

> Clients

> cannot seem to forget about an old GP folder redirection and cannot move

> to a

> new one no matter what the rights are.

>

> "Anthony [MVP]" wrote:

>

>> I am not sure if you intended to say this, but folders should be

>> redirected

>> OUT of the profile into a different location, e.g.

>> dfspath\users\Profiles and

>> dfspath\users\Personal

>>

>> Profiles must have caching disabled, and Personal must have it enabled

>> (if

>> you intend to use offline files).

>>

>> Profiles will have only user (and Administrator, if set) access. Personal

>> will inherit from the root folder.

>>

>> Regards,

>> Anthony

>> http://www.airdesk.co.uk

>>

>>

>> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

>> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com...

>> > Vista sp1, Server 2003 & 2008 dfs:

>> >

>> > The users have roaming profiles with the GP redirecting profile folders

>> > to

>> > a

>> > dfs location on the network

>> > \\domainname\dfsfilespace\Users\(username)\...

>> > profiles are also set to come from

>> > \\domainname\dfsfilespace\users\(username)

>> >

>> > recently redistributed locations on the server and now everthing has

>> > gone

>> > to

>> > crap.

>> >

>> > Users get messages at logon saying that the server copy of their

>> > profile

>> > has

>> > not been found and they will be logged on with a temporary profile,

>> > even

>> > though the network and folder appear available. Even moreso running a

>> > file

>> > sync gives hundreds of Access is Denied errors. This happens even for

>> > a

>> > newly created user that would not have issues with the old mappings.

>> > Checking via dfs pathname confirms that the user can access their

>> > folder,

>> > has

>> > full rights, and is owner.

>>

>>

Guest Innovations

Guest Innovations

Posted
Posted

Re: Redirection, Synch, Profile Failures

 

I am surprised too, but there does not seem to be any change at all.

 

When logged in as the user on their computer I can navigate all the way to

\\domainname\dfsnamespace\Users\username\... and even into the subfolders.

checking on the server the file permissions are:

SYSTEM:full

(username):Full

Administrators:Full

Authenticated Users:Special (via MS knowledge base article)

....And the user is the owner of the entire directory structure.

 

When the old GP policy folder is not shared on the network the error

messages in the apps log are.

 

For each shared folder:

Failed to apply policy and redirect folder "Contacts" to

"\\domainname\dfsnamespace\Users\(username)\Contacts".

Redirection options=80001211.

The following error occurred: "Failed to redirect because the source

directory "\\(Servername)\Data\Users\(username)\Contacts" is offline".

Error details: "The network path was not found.

 

AND

 

Windows cannot locate the server copy of your roaming profile and is

attempting to log you on with your local profile. Changes to the profile will

not be copied to the server when you log off. This error may be caused by

network problems or insufficient security rights.

DETAIL - The system cannot find the path specified.

 

When the old folder is unshared the second error is unchanged but the first

changes to (one for each folder):

 

Failed to apply policy and redirect folder "RoamingAppData" to

"\\domainname\dfsnamespace\Users\(username)\Application Data".

Redirection options=80009211.

The following error occurred: "Can not create folder

"\\domainname\dfsfilespace\Users\(username)\Application Data"".

Error details: "This security ID may not be assigned as the owner of this

object.

"

 

as for the folder \\domainname\dfsnamespace\Profiles\(username) they exist

and all employees have full rights.

 

"Anthony [MVP]" wrote:

> I am surprised you say it is no help, because it won't work the way you had

> it, and it will work the way I described. Hopefully you just meant that the

> problem is not yet fully solved.

>

> When you redirect, the Client-side redirection component needs access to

> where the folder is now, and where it is moving to.

> The error you describe is that the client does not have access to the new

> path (although you believe it does).

> From the PC, logged on as the user who is redirecting, try accessing the UNC

> path exactly as defined, i.e. \\domainname\dfsnamespace\Users\username\. If

> you are getting an access denied message then access is denied, you just

> don't know why. Have a look at the Share permissions on the actual server

> folder that is shared, as well as the NTFS permissions.

> Anthony,

> http://www.airdesk.com

>

>

> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

> news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com...

> > True, but no help

> >

> > The profiles now point to \\domainname\dfsnamespace\Profiles\username

> > while

> > the folder redirections now goes to

> > \\domainname\dfsnamespace\Users\username\... each of which is in a

> > separate

> > share on the 2008 server, the \Profiles are set for no caching and the

> > \Users

> > are set for cache only selected files. Everyone has ownership and full

> > rights to their folder under \Users.

> >

> > But the behavior is unchanged. I did however find a clue. When the

> > former

> > location of their redirected folders on the 2003 server,

> > \\Servername\Users\username\... was still shared the applications log

> > showed

> > folder redirection errors saying that the NEW dfs path was Access Denied

> > (even though the path existed and the users were owners with full rights).

> > When the old location was unshared the error changed to say that

> > redirection

> > failed because the old source directory \\Servername\Users\username\... is

> > offline

> >

> > So it seems that at least part of the problem is that the Vista SP1

> > Clients

> > cannot seem to forget about an old GP folder redirection and cannot move

> > to a

> > new one no matter what the rights are.

> >

> > "Anthony [MVP]" wrote:

> >

> >> I am not sure if you intended to say this, but folders should be

> >> redirected

> >> OUT of the profile into a different location, e.g.

> >> dfspath\users\Profiles and

> >> dfspath\users\Personal

> >>

> >> Profiles must have caching disabled, and Personal must have it enabled

> >> (if

> >> you intend to use offline files).

> >>

> >> Profiles will have only user (and Administrator, if set) access. Personal

> >> will inherit from the root folder.

> >>

> >> Regards,

> >> Anthony

> >> http://www.airdesk.co.uk

> >>

> >>

> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

> >> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com...

> >> > Vista sp1, Server 2003 & 2008 dfs:

> >> >

> >> > The users have roaming profiles with the GP redirecting profile folders

> >> > to

> >> > a

> >> > dfs location on the network

> >> > \\domainname\dfsfilespace\Users\(username)\...

> >> > profiles are also set to come from

> >> > \\domainname\dfsfilespace\users\(username)

> >> >

> >> > recently redistributed locations on the server and now everthing has

> >> > gone

> >> > to

> >> > crap.

> >> >

> >> > Users get messages at logon saying that the server copy of their

> >> > profile

> >> > has

> >> > not been found and they will be logged on with a temporary profile,

> >> > even

> >> > though the network and folder appear available. Even moreso running a

> >> > file

> >> > sync gives hundreds of Access is Denied errors. This happens even for

> >> > a

> >> > newly created user that would not have issues with the old mappings.

> >> > Checking via dfs pathname confirms that the user can access their

> >> > folder,

> >> > has

> >> > full rights, and is owner.

> >>

> >>

>

Guest Anthony [MVP]

Guest Anthony [MVP]

Posted
Posted

Re: Redirection, Synch, Profile Failures

 

I would take this one step at a time.

1) If you set up a completely new test account with these new DFS paths,

does it work? This will tell you whether permissions are correct

 

2) The profile error is caused by incorrect permissions on Existing

profiles. It sounds as though you had previously mixed up profile location

with the home folder location. The Home folder is created when the account

is set up, by the person setting up the account. The profile folder is

created by the user, when they first log off. If the folder already exists

it will not be created by the user logging off, and will not have the right

permissions. You would need to delete the roaming copy of the profile and

let it be recreated in the correct location by the user.

 

3) It sounds as though the permissions for the redirected documents folder

are correct, but step 1 above will tell you that.

 

Hope that helps,

Anthony

http://www.airdesk.com

 

 

"Innovations" <Innovations@discussions.microsoft.com> wrote in message

news:F5A8D495-11D9-4EAE-B2B0-A9E0C306B484@microsoft.com...

> I am surprised too, but there does not seem to be any change at all.

>

> When logged in as the user on their computer I can navigate all the way to

> \\domainname\dfsnamespace\Users\username\... and even into the subfolders.

> checking on the server the file permissions are:

> SYSTEM:full

> (username):Full

> Administrators:Full

> Authenticated Users:Special (via MS knowledge base article)

> ...And the user is the owner of the entire directory structure.

>

> When the old GP policy folder is not shared on the network the error

> messages in the apps log are.

>

> For each shared folder:

> Failed to apply policy and redirect folder "Contacts" to

> "\\domainname\dfsnamespace\Users\(username)\Contacts".

> Redirection options=80001211.

> The following error occurred: "Failed to redirect because the source

> directory "\\(Servername)\Data\Users\(username)\Contacts" is offline".

> Error details: "The network path was not found.

>

> AND

>

> Windows cannot locate the server copy of your roaming profile and is

> attempting to log you on with your local profile. Changes to the profile

> will

> not be copied to the server when you log off. This error may be caused by

> network problems or insufficient security rights.

> DETAIL - The system cannot find the path specified.

>

> When the old folder is unshared the second error is unchanged but the

> first

> changes to (one for each folder):

>

> Failed to apply policy and redirect folder "RoamingAppData" to

> "\\domainname\dfsnamespace\Users\(username)\Application Data".

> Redirection options=80009211.

> The following error occurred: "Can not create folder

> "\\domainname\dfsfilespace\Users\(username)\Application Data"".

> Error details: "This security ID may not be assigned as the owner of this

> object.

> "

>

> as for the folder \\domainname\dfsnamespace\Profiles\(username) they exist

> and all employees have full rights.

>

> "Anthony [MVP]" wrote:

>

>> I am surprised you say it is no help, because it won't work the way you

>> had

>> it, and it will work the way I described. Hopefully you just meant that

>> the

>> problem is not yet fully solved.

>>

>> When you redirect, the Client-side redirection component needs access to

>> where the folder is now, and where it is moving to.

>> The error you describe is that the client does not have access to the new

>> path (although you believe it does).

>> From the PC, logged on as the user who is redirecting, try accessing the

>> UNC

>> path exactly as defined, i.e. \\domainname\dfsnamespace\Users\username\.

>> If

>> you are getting an access denied message then access is denied, you just

>> don't know why. Have a look at the Share permissions on the actual server

>> folder that is shared, as well as the NTFS permissions.

>> Anthony,

>> http://www.airdesk.com

>>

>>

>> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

>> news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com...

>> > True, but no help

>> >

>> > The profiles now point to \\domainname\dfsnamespace\Profiles\username

>> > while

>> > the folder redirections now goes to

>> > \\domainname\dfsnamespace\Users\username\... each of which is in a

>> > separate

>> > share on the 2008 server, the \Profiles are set for no caching and the

>> > \Users

>> > are set for cache only selected files. Everyone has ownership and full

>> > rights to their folder under \Users.

>> >

>> > But the behavior is unchanged. I did however find a clue. When the

>> > former

>> > location of their redirected folders on the 2003 server,

>> > \\Servername\Users\username\... was still shared the applications log

>> > showed

>> > folder redirection errors saying that the NEW dfs path was Access

>> > Denied

>> > (even though the path existed and the users were owners with full

>> > rights).

>> > When the old location was unshared the error changed to say that

>> > redirection

>> > failed because the old source directory \\Servername\Users\username\...

>> > is

>> > offline

>> >

>> > So it seems that at least part of the problem is that the Vista SP1

>> > Clients

>> > cannot seem to forget about an old GP folder redirection and cannot

>> > move

>> > to a

>> > new one no matter what the rights are.

>> >

>> > "Anthony [MVP]" wrote:

>> >

>> >> I am not sure if you intended to say this, but folders should be

>> >> redirected

>> >> OUT of the profile into a different location, e.g.

>> >> dfspath\users\Profiles and

>> >> dfspath\users\Personal

>> >>

>> >> Profiles must have caching disabled, and Personal must have it enabled

>> >> (if

>> >> you intend to use offline files).

>> >>

>> >> Profiles will have only user (and Administrator, if set) access.

>> >> Personal

>> >> will inherit from the root folder.

>> >>

>> >> Regards,

>> >> Anthony

>> >> http://www.airdesk.co.uk

>> >>

>> >>

>> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

>> >> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com...

>> >> > Vista sp1, Server 2003 & 2008 dfs:

>> >> >

>> >> > The users have roaming profiles with the GP redirecting profile

>> >> > folders

>> >> > to

>> >> > a

>> >> > dfs location on the network

>> >> > \\domainname\dfsfilespace\Users\(username)\...

>> >> > profiles are also set to come from

>> >> > \\domainname\dfsfilespace\users\(username)

>> >> >

>> >> > recently redistributed locations on the server and now everthing has

>> >> > gone

>> >> > to

>> >> > crap.

>> >> >

>> >> > Users get messages at logon saying that the server copy of their

>> >> > profile

>> >> > has

>> >> > not been found and they will be logged on with a temporary profile,

>> >> > even

>> >> > though the network and folder appear available. Even moreso running

>> >> > a

>> >> > file

>> >> > sync gives hundreds of Access is Denied errors. This happens even

>> >> > for

>> >> > a

>> >> > newly created user that would not have issues with the old mappings.

>> >> > Checking via dfs pathname confirms that the user can access their

>> >> > folder,

>> >> > has

>> >> > full rights, and is owner.

>> >>

>> >>

>>

Guest Innovations

Guest Innovations

Posted
Posted

Re: Redirection, Synch, Profile Failures

 

A new user does not have the profile loading error and the log shows the

folder redirection occuring normally. HOWEVER file synching fails with an

access denied error and there does not seem to be any information actually

synching up with the server.

 

In addition all sorts of users are getting access denied errors with their

My Documents and other offline files.

 

"Anthony [MVP]" wrote:

> I would take this one step at a time.

> 1) If you set up a completely new test account with these new DFS paths,

> does it work? This will tell you whether permissions are correct

>

> 2) The profile error is caused by incorrect permissions on Existing

> profiles. It sounds as though you had previously mixed up profile location

> with the home folder location. The Home folder is created when the account

> is set up, by the person setting up the account. The profile folder is

> created by the user, when they first log off. If the folder already exists

> it will not be created by the user logging off, and will not have the right

> permissions. You would need to delete the roaming copy of the profile and

> let it be recreated in the correct location by the user.

>

> 3) It sounds as though the permissions for the redirected documents folder

> are correct, but step 1 above will tell you that.

>

> Hope that helps,

> Anthony

> http://www.airdesk.com

>

>

> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

> news:F5A8D495-11D9-4EAE-B2B0-A9E0C306B484@microsoft.com...

> > I am surprised too, but there does not seem to be any change at all.

> >

> > When logged in as the user on their computer I can navigate all the way to

> > \\domainname\dfsnamespace\Users\username\... and even into the subfolders.

> > checking on the server the file permissions are:

> > SYSTEM:full

> > (username):Full

> > Administrators:Full

> > Authenticated Users:Special (via MS knowledge base article)

> > ...And the user is the owner of the entire directory structure.

> >

> > When the old GP policy folder is not shared on the network the error

> > messages in the apps log are.

> >

> > For each shared folder:

> > Failed to apply policy and redirect folder "Contacts" to

> > "\\domainname\dfsnamespace\Users\(username)\Contacts".

> > Redirection options=80001211.

> > The following error occurred: "Failed to redirect because the source

> > directory "\\(Servername)\Data\Users\(username)\Contacts" is offline".

> > Error details: "The network path was not found.

> >

> > AND

> >

> > Windows cannot locate the server copy of your roaming profile and is

> > attempting to log you on with your local profile. Changes to the profile

> > will

> > not be copied to the server when you log off. This error may be caused by

> > network problems or insufficient security rights.

> > DETAIL - The system cannot find the path specified.

> >

> > When the old folder is unshared the second error is unchanged but the

> > first

> > changes to (one for each folder):

> >

> > Failed to apply policy and redirect folder "RoamingAppData" to

> > "\\domainname\dfsnamespace\Users\(username)\Application Data".

> > Redirection options=80009211.

> > The following error occurred: "Can not create folder

> > "\\domainname\dfsfilespace\Users\(username)\Application Data"".

> > Error details: "This security ID may not be assigned as the owner of this

> > object.

> > "

> >

> > as for the folder \\domainname\dfsnamespace\Profiles\(username) they exist

> > and all employees have full rights.

> >

> > "Anthony [MVP]" wrote:

> >

> >> I am surprised you say it is no help, because it won't work the way you

> >> had

> >> it, and it will work the way I described. Hopefully you just meant that

> >> the

> >> problem is not yet fully solved.

> >>

> >> When you redirect, the Client-side redirection component needs access to

> >> where the folder is now, and where it is moving to.

> >> The error you describe is that the client does not have access to the new

> >> path (although you believe it does).

> >> From the PC, logged on as the user who is redirecting, try accessing the

> >> UNC

> >> path exactly as defined, i.e. \\domainname\dfsnamespace\Users\username\.

> >> If

> >> you are getting an access denied message then access is denied, you just

> >> don't know why. Have a look at the Share permissions on the actual server

> >> folder that is shared, as well as the NTFS permissions.

> >> Anthony,

> >> http://www.airdesk.com

> >>

> >>

> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

> >> news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com...

> >> > True, but no help

> >> >

> >> > The profiles now point to \\domainname\dfsnamespace\Profiles\username

> >> > while

> >> > the folder redirections now goes to

> >> > \\domainname\dfsnamespace\Users\username\... each of which is in a

> >> > separate

> >> > share on the 2008 server, the \Profiles are set for no caching and the

> >> > \Users

> >> > are set for cache only selected files. Everyone has ownership and full

> >> > rights to their folder under \Users.

> >> >

> >> > But the behavior is unchanged. I did however find a clue. When the

> >> > former

> >> > location of their redirected folders on the 2003 server,

> >> > \\Servername\Users\username\... was still shared the applications log

> >> > showed

> >> > folder redirection errors saying that the NEW dfs path was Access

> >> > Denied

> >> > (even though the path existed and the users were owners with full

> >> > rights).

> >> > When the old location was unshared the error changed to say that

> >> > redirection

> >> > failed because the old source directory \\Servername\Users\username\...

> >> > is

> >> > offline

> >> >

> >> > So it seems that at least part of the problem is that the Vista SP1

> >> > Clients

> >> > cannot seem to forget about an old GP folder redirection and cannot

> >> > move

> >> > to a

> >> > new one no matter what the rights are.

> >> >

> >> > "Anthony [MVP]" wrote:

> >> >

> >> >> I am not sure if you intended to say this, but folders should be

> >> >> redirected

> >> >> OUT of the profile into a different location, e.g.

> >> >> dfspath\users\Profiles and

> >> >> dfspath\users\Personal

> >> >>

> >> >> Profiles must have caching disabled, and Personal must have it enabled

> >> >> (if

> >> >> you intend to use offline files).

> >> >>

> >> >> Profiles will have only user (and Administrator, if set) access.

> >> >> Personal

> >> >> will inherit from the root folder.

> >> >>

> >> >> Regards,

> >> >> Anthony

> >> >> http://www.airdesk.co.uk

> >> >>

> >> >>

> >> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

> >> >> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com...

> >> >> > Vista sp1, Server 2003 & 2008 dfs:

> >> >> >

> >> >> > The users have roaming profiles with the GP redirecting profile

> >> >> > folders

> >> >> > to

> >> >> > a

> >> >> > dfs location on the network

> >> >> > \\domainname\dfsfilespace\Users\(username)\...

> >> >> > profiles are also set to come from

> >> >> > \\domainname\dfsfilespace\users\(username)

> >> >> >

> >> >> > recently redistributed locations on the server and now everthing has

> >> >> > gone

> >> >> > to

> >> >> > crap.

> >> >> >

> >> >> > Users get messages at logon saying that the server copy of their

> >> >> > profile

> >> >> > has

> >> >> > not been found and they will be logged on with a temporary profile,

> >> >> > even

> >> >> > though the network and folder appear available. Even moreso running

> >> >> > a

> >> >> > file

> >> >> > sync gives hundreds of Access is Denied errors. This happens even

> >> >> > for

> >> >> > a

> >> >> > newly created user that would not have issues with the old mappings.

> >> >> > Checking via dfs pathname confirms that the user can access their

> >> >> > folder,

> >> >> > has

> >> >> > full rights, and is owner.

> >> >>

> >> >>

> >>

>

Guest Anthony [MVP]

Guest Anthony [MVP]

Posted
Posted

Re: Redirection, Synch, Profile Failures

 

1) The new permissions sound OK then. Syncing is done per machine, so you

probably just have another user on the machine you tested from whose

existing permissions are wrong. It is the permissions on the existing

folders for existing users that are wrong.

2) Same

3) Same

Anthony

http://www.airdesk.com

 

"Innovations" <Innovations@discussions.microsoft.com> wrote in message

news:B97F38FB-F2D8-4B51-BC86-B687F101F53F@microsoft.com...

> A new user does not have the profile loading error and the log shows the

> folder redirection occuring normally. HOWEVER file synching fails with an

> access denied error and there does not seem to be any information actually

> synching up with the server.

>

> In addition all sorts of users are getting access denied errors with their

> My Documents and other offline files.

>

> "Anthony [MVP]" wrote:

>

>> I would take this one step at a time.

>> 1) If you set up a completely new test account with these new DFS paths,

>> does it work? This will tell you whether permissions are correct

>>

>> 2) The profile error is caused by incorrect permissions on Existing

>> profiles. It sounds as though you had previously mixed up profile

>> location

>> with the home folder location. The Home folder is created when the

>> account

>> is set up, by the person setting up the account. The profile folder is

>> created by the user, when they first log off. If the folder already

>> exists

>> it will not be created by the user logging off, and will not have the

>> right

>> permissions. You would need to delete the roaming copy of the profile and

>> let it be recreated in the correct location by the user.

>>

>> 3) It sounds as though the permissions for the redirected documents

>> folder

>> are correct, but step 1 above will tell you that.

>>

>> Hope that helps,

>> Anthony

>> http://www.airdesk.com

>>

>>

>> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

>> news:F5A8D495-11D9-4EAE-B2B0-A9E0C306B484@microsoft.com...

>> > I am surprised too, but there does not seem to be any change at all.

>> >

>> > When logged in as the user on their computer I can navigate all the way

>> > to

>> > \\domainname\dfsnamespace\Users\username\... and even into the

>> > subfolders.

>> > checking on the server the file permissions are:

>> > SYSTEM:full

>> > (username):Full

>> > Administrators:Full

>> > Authenticated Users:Special (via MS knowledge base article)

>> > ...And the user is the owner of the entire directory structure.

>> >

>> > When the old GP policy folder is not shared on the network the error

>> > messages in the apps log are.

>> >

>> > For each shared folder:

>> > Failed to apply policy and redirect folder "Contacts" to

>> > "\\domainname\dfsnamespace\Users\(username)\Contacts".

>> > Redirection options=80001211.

>> > The following error occurred: "Failed to redirect because the source

>> > directory "\\(Servername)\Data\Users\(username)\Contacts" is offline".

>> > Error details: "The network path was not found.

>> >

>> > AND

>> >

>> > Windows cannot locate the server copy of your roaming profile and is

>> > attempting to log you on with your local profile. Changes to the

>> > profile

>> > will

>> > not be copied to the server when you log off. This error may be caused

>> > by

>> > network problems or insufficient security rights.

>> > DETAIL - The system cannot find the path specified.

>> >

>> > When the old folder is unshared the second error is unchanged but the

>> > first

>> > changes to (one for each folder):

>> >

>> > Failed to apply policy and redirect folder "RoamingAppData" to

>> > "\\domainname\dfsnamespace\Users\(username)\Application Data".

>> > Redirection options=80009211.

>> > The following error occurred: "Can not create folder

>> > "\\domainname\dfsfilespace\Users\(username)\Application Data"".

>> > Error details: "This security ID may not be assigned as the owner of

>> > this

>> > object.

>> > "

>> >

>> > as for the folder \\domainname\dfsnamespace\Profiles\(username) they

>> > exist

>> > and all employees have full rights.

>> >

>> > "Anthony [MVP]" wrote:

>> >

>> >> I am surprised you say it is no help, because it won't work the way

>> >> you

>> >> had

>> >> it, and it will work the way I described. Hopefully you just meant

>> >> that

>> >> the

>> >> problem is not yet fully solved.

>> >>

>> >> When you redirect, the Client-side redirection component needs access

>> >> to

>> >> where the folder is now, and where it is moving to.

>> >> The error you describe is that the client does not have access to the

>> >> new

>> >> path (although you believe it does).

>> >> From the PC, logged on as the user who is redirecting, try accessing

>> >> the

>> >> UNC

>> >> path exactly as defined, i.e.

>> >> \\domainname\dfsnamespace\Users\username\.

>> >> If

>> >> you are getting an access denied message then access is denied, you

>> >> just

>> >> don't know why. Have a look at the Share permissions on the actual

>> >> server

>> >> folder that is shared, as well as the NTFS permissions.

>> >> Anthony,

>> >> http://www.airdesk.com

>> >>

>> >>

>> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in message

>> >> news:BA8164C6-4BB9-43C7-AE58-C0CE78FD8F09@microsoft.com...

>> >> > True, but no help

>> >> >

>> >> > The profiles now point to

>> >> > \\domainname\dfsnamespace\Profiles\username

>> >> > while

>> >> > the folder redirections now goes to

>> >> > \\domainname\dfsnamespace\Users\username\... each of which is in a

>> >> > separate

>> >> > share on the 2008 server, the \Profiles are set for no caching and

>> >> > the

>> >> > \Users

>> >> > are set for cache only selected files. Everyone has ownership and

>> >> > full

>> >> > rights to their folder under \Users.

>> >> >

>> >> > But the behavior is unchanged. I did however find a clue. When the

>> >> > former

>> >> > location of their redirected folders on the 2003 server,

>> >> > \\Servername\Users\username\... was still shared the applications

>> >> > log

>> >> > showed

>> >> > folder redirection errors saying that the NEW dfs path was Access

>> >> > Denied

>> >> > (even though the path existed and the users were owners with full

>> >> > rights).

>> >> > When the old location was unshared the error changed to say that

>> >> > redirection

>> >> > failed because the old source directory

>> >> > \\Servername\Users\username\...

>> >> > is

>> >> > offline

>> >> >

>> >> > So it seems that at least part of the problem is that the Vista SP1

>> >> > Clients

>> >> > cannot seem to forget about an old GP folder redirection and cannot

>> >> > move

>> >> > to a

>> >> > new one no matter what the rights are.

>> >> >

>> >> > "Anthony [MVP]" wrote:

>> >> >

>> >> >> I am not sure if you intended to say this, but folders should be

>> >> >> redirected

>> >> >> OUT of the profile into a different location, e.g.

>> >> >> dfspath\users\Profiles and

>> >> >> dfspath\users\Personal

>> >> >>

>> >> >> Profiles must have caching disabled, and Personal must have it

>> >> >> enabled

>> >> >> (if

>> >> >> you intend to use offline files).

>> >> >>

>> >> >> Profiles will have only user (and Administrator, if set) access.

>> >> >> Personal

>> >> >> will inherit from the root folder.

>> >> >>

>> >> >> Regards,

>> >> >> Anthony

>> >> >> http://www.airdesk.co.uk

>> >> >>

>> >> >>

>> >> >> "Innovations" <Innovations@discussions.microsoft.com> wrote in

>> >> >> message

>> >> >> news:A6440281-C8B4-4539-8B60-3B5120E895F9@microsoft.com...

>> >> >> > Vista sp1, Server 2003 & 2008 dfs:

>> >> >> >

>> >> >> > The users have roaming profiles with the GP redirecting profile

>> >> >> > folders

>> >> >> > to

>> >> >> > a

>> >> >> > dfs location on the network

>> >> >> > \\domainname\dfsfilespace\Users\(username)\...

>> >> >> > profiles are also set to come from

>> >> >> > \\domainname\dfsfilespace\users\(username)

>> >> >> >

>> >> >> > recently redistributed locations on the server and now everthing

>> >> >> > has

>> >> >> > gone

>> >> >> > to

>> >> >> > crap.

>> >> >> >

>> >> >> > Users get messages at logon saying that the server copy of their

>> >> >> > profile

>> >> >> > has

>> >> >> > not been found and they will be logged on with a temporary

>> >> >> > profile,

>> >> >> > even

>> >> >> > though the network and folder appear available. Even moreso

>> >> >> > running

>> >> >> > a

>> >> >> > file

>> >> >> > sync gives hundreds of Access is Denied errors. This happens

>> >> >> > even

>> >> >> > for

>> >> >> > a

>> >> >> > newly created user that would not have issues with the old

>> >> >> > mappings.

>> >> >> > Checking via dfs pathname confirms that the user can access their

>> >> >> > folder,

>> >> >> > has

>> >> >> > full rights, and is owner.

>> >> >>

>> >> >>

>> >>

>>

 Share
Go to topic listing
×
×
  • Create New...