|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
User authenticates, skips logon scriptServer 2003 AD domain; GPO governs user logon; GPO includes a logon script.
I have a user, not sure if it's the only user, who today does not execute the logon script (drives aren't mapped, the log file the script writes to is not modified by this logon). GPO includes folder redirection, and that happens - My Documents is set to her network My Documents. Yesterday she logged on, all was well. This may be happening occasionally to others, my first advice was "logout, login again" thinking that would fix as it usually does when I get such a call. It didn't. How can I track this down?
Show quote
Hide quote
"MC Murphy" <MCMur***@discussions.microsoft.com> wrote in message By chance, was the workstation or laptop locked, and they simply logged back news:555BFC7B-FFB8-4FDF-88CF-23C6751C796D@microsoft.com... > Server 2003 AD domain; GPO governs user logon; GPO includes a logon > script. > I have a user, not sure if it's the only user, who today does not execute > the > logon script (drives aren't mapped, the log file the script writes to is > not > modified by this logon). GPO includes folder redirection, and that > happens - > My Documents is set to her network My Documents. Yesterday she logged on, > all was well. This may be happening occasionally to others, my first > advice > was "logout, login again" thinking that would fix as it usually does when > I > get such a call. It didn't. How can I track this down? in? Or were they offline at the time of logging back in, which would use Cached Credentials? -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT Microsoft Certified Trainer ace***@mvps.RemoveThisPart.org For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers. I restarted the computer after the first occurrence, then it happened again.
I logged in a test acount on the machine, it executed the script (mappe drives, etc). Then she logged in again, still no login script. Thanks. Show quoteHide quote "Ace Fekay [Microsoft Certified Trainer]" wrote: > > "MC Murphy" <MCMur***@discussions.microsoft.com> wrote in message > news:555BFC7B-FFB8-4FDF-88CF-23C6751C796D@microsoft.com... > > Server 2003 AD domain; GPO governs user logon; GPO includes a logon > > script. > > I have a user, not sure if it's the only user, who today does not execute > > the > > logon script (drives aren't mapped, the log file the script writes to is > > not > > modified by this logon). GPO includes folder redirection, and that > > happens - > > My Documents is set to her network My Documents. Yesterday she logged on, > > all was well. This may be happening occasionally to others, my first > > advice > > was "logout, login again" thinking that would fix as it usually does when > > I > > get such a call. It didn't. How can I track this down? > > By chance, was the workstation or laptop locked, and they simply logged back > in? Or were they offline at the time of logging back in, which would use > Cached Credentials? > > -- > Ace > > This posting is provided "AS-IS" with no warranties or guarantees and > confers no rights. > > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT > Microsoft Certified Trainer > ace***@mvps.RemoveThisPart.org > > For urgent issues, you may want to contact Microsoft PSS directly. Please > check http://support.microsoft.com for regional support phone numbers. > > In news:E43A1F35-8C82-4733-BA83-71033E667533@microsoft.com, MC Murphy <MCMur***@discussions.microsoft.com>, posted the following:> I restarted the computer after the first occurrence, then it happened I assume the workstation only has the internal DNS server in it's IP > again. I logged in a test acount on the machine, it executed the > script (mappe drives, etc). Then she logged in again, still no login > script. Thanks. > proprties, otherwise various issues will occur. Run an RSOP using the GPMC to confer that the machine is in the scope of the GPO. Also run a gpresults on the machine when it does work, and when it does not work and compare the results. Also assuming replication is working, on the machine, run "echo %logonserver% to see which DC authenticated the user. Check that DC for any replication problems. When you specifiy a logon script in a GPO, it gets stored in the Sysvol, which is supposed to replicate automatically to all DCs' sysvol locations. If one is having repl problems, it may not get a copy of the file, therefore there is nothing to run. -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT Microsoft Certified Trainer ace***@mvps.RemoveThisPart.org For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers. gpresults showed for both the user and the machine:
Group Policy was applied from: CDC-UTILWINB.CDCFCUNET.local Group Policy slow link threshold: 500 kbps Applied Group Policy Objects ----------------------------- CDC OU Policy Her logonserver was a different domain controller, but I checked SYSVOL on all domain controllers, in the correct GPO folder, they all have a current logon.vbs Show quoteHide quote "Ace Fekay [Microsoft Certified Trainer]" wrote: > In news:E43A1F35-8C82-4733-BA83-71033E667533@microsoft.com, > MC Murphy <MCMur***@discussions.microsoft.com>, posted the following: > > I restarted the computer after the first occurrence, then it happened > > again. I logged in a test acount on the machine, it executed the > > script (mappe drives, etc). Then she logged in again, still no login > > script. Thanks. > > > > I assume the workstation only has the internal DNS server in it's IP > proprties, otherwise various issues will occur. > > Run an RSOP using the GPMC to confer that the machine is in the scope of the > GPO. Also run a gpresults on the machine when it does work, and when it does > not work and compare the results. > > Also assuming replication is working, on the machine, run "echo > %logonserver% to see which DC authenticated the user. Check that DC for any > replication problems. When you specifiy a logon script in a GPO, it gets > stored in the Sysvol, which is supposed to replicate automatically to all > DCs' sysvol locations. If one is having repl problems, it may not get a copy > of the file, therefore there is nothing to run. > > -- > Ace > > This posting is provided "AS-IS" with no warranties or guarantees and > confers no rights. > > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT > Microsoft Certified Trainer > ace***@mvps.RemoveThisPart.org > > For urgent issues, you may want to contact Microsoft PSS directly. Please > check http://support.microsoft.com for regional support phone numbers. > > And that DNS server issue. This was an issue several weeks back, then I
found one of my dhcp servers handing out an ISP's dns server as its alternate DNS server, instead of just my internal servers. But I fixed that, and verified this problem machine/user with IPCONFIG /all, it has just the internal dns servers/domain controllers. Show quoteHide quote "MC Murphy" wrote: > gpresults showed for both the user and the machine: > Group Policy was applied from: CDC-UTILWINB.CDCFCUNET.local > Group Policy slow link threshold: 500 kbps > > Applied Group Policy Objects > ----------------------------- > CDC OU Policy > Her logonserver was a different domain controller, but I checked SYSVOL on > all domain controllers, in the correct GPO folder, they all have a current > logon.vbs > > "Ace Fekay [Microsoft Certified Trainer]" wrote: > > > In news:E43A1F35-8C82-4733-BA83-71033E667533@microsoft.com, > > MC Murphy <MCMur***@discussions.microsoft.com>, posted the following: > > > I restarted the computer after the first occurrence, then it happened > > > again. I logged in a test acount on the machine, it executed the > > > script (mappe drives, etc). Then she logged in again, still no login > > > script. Thanks. > > > > > > > I assume the workstation only has the internal DNS server in it's IP > > proprties, otherwise various issues will occur. > > > > Run an RSOP using the GPMC to confer that the machine is in the scope of the > > GPO. Also run a gpresults on the machine when it does work, and when it does > > not work and compare the results. > > > > Also assuming replication is working, on the machine, run "echo > > %logonserver% to see which DC authenticated the user. Check that DC for any > > replication problems. When you specifiy a logon script in a GPO, it gets > > stored in the Sysvol, which is supposed to replicate automatically to all > > DCs' sysvol locations. If one is having repl problems, it may not get a copy > > of the file, therefore there is nothing to run. > > > > -- > > Ace > > > > This posting is provided "AS-IS" with no warranties or guarantees and > > confers no rights. > > > > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT > > Microsoft Certified Trainer > > ace***@mvps.RemoveThisPart.org > > > > For urgent issues, you may want to contact Microsoft PSS directly. Please > > check http://support.microsoft.com for regional support phone numbers. > > > > In news:7228625F-D754-4EC6-87BA-D979E2FB88F0@microsoft.com, MC Murphy <MCMur***@discussions.microsoft.com>, posted the following:> And that DNS server issue. This was an issue several weeks back, Interesting about a prior DNS issue. I assume all the DCs are only using the > then I found one of my dhcp servers handing out an ISP's dns server > as its alternate DNS server, instead of just my internal servers. > But I fixed that, and verified this problem machine/user with > IPCONFIG /all, it has just the internal dns servers/domain > controllers. > internal DNS servers. Therefore, if you feel the DNS infrastructure is running clean, and all machines can resolve all internal DCs, no services are disabled on any DCs (such as the DHCP Client service), etc, and there are no errors in the DC event viewers, or the client machines that this is occuring on, then I think you will need to dig a little deeper with GPO logging. Try creating a separate OU, link the GPO to it, then move that user into it. Then enable logging and see what is happening. Please take a look at the following links to help guide you. Fixing Group Policy problems by using log files http://technet.microsoft.com/en-us/library/cc775423.aspx Enable Logging for Group Policy Object Editor Client Side Extensions http://technet.microsoft.com/en-us/library/cc759167.aspx Troubleshooting Group Policy application problems http://support.microsoft.com/kb/250842 Enable Verbose Global Policy Logging http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/RegistryTips/Miscellaneous/EnableVerboseGlobalPolicyLogging.html JSI Tip 3100. How do enable Group Policy debug logging on a Windows 2000 Server? http://windowsitpro.com/article/articleid/74419/jsi-tip-3100-how-do-enable-group-policy-debug-logging-on-a-windows-2000-server.html Ace 
Other interesting topics
Not Pulling an IP
AD Container VB Script returns all group memberships for a user EXCEPT Exchange Dist groups Domain functional level Delegate ad workstations to domain DNS during Domain Controller demotion Demotion doesn't properly remove server from DNS Best way to give local admin rights only across the domain disabling 3g modems that connect to PCs via usb and pcmcia Errors from dcdiag |
|||||||||||||||||||||||
