New users get temp profiles

Hi All,

Help! I have no clue what is going on. :'(

This just started two days ago.

Whenever I create any new user on my NT Domain Controller
and log into my WS08R2 Terminal Server with the new user's
Domain account, I get a message in the Event log and in
a pop up:

Your user profile was not loaded correctly you have
been logged on with a temporary profile (Event ID 1151)

*THIS IS NOT THE VISTA ERROR* that is resolved by deleting
the corrupted key in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\ProfileList". The key NEVER gets created.

Also in my event log, I get Event ID 1515:

Windows has backed up this user's profile. Windows will
automatically try to use the backed up profile the next
time this user logs on.

And Event 1508:

Windows was unable to load the registry. This is often
caused by insufficient memory or insufficient security
rights. DETAIL - The process cannot access the file
because it is being used by another process

Other symptoms:

1) the users C:\Users\xxxxx directory never gets created

2) I can edit the registry through Regedit till my eyes pop out

3) My "netlogon" script, does not run on the new users (old users
work fine). I can run my netlogon script manually without event

4) deleting the user and recreating it has no symptom change

5) addition new users have same symptom


I have Googled till my eyes burn. All I get is how to fix
this in Vista. What in the world is going on?

Many thanks,
-T

"ToddAndMargo" <> wrote in message
news:...
> Hi All,
>
> Help! I have no clue what is going on. :'(
>
> This just started two days ago.
>
> Whenever I create any new user on my NT Domain Controller
> and log into my WS08R2 Terminal Server with the new user's
> Domain account, I get a message in the Event log and in
> a pop up:
>
> Your user profile was not loaded correctly you have
> been logged on with a temporary profile (Event ID 1151)
>
> *THIS IS NOT THE VISTA ERROR* that is resolved by deleting
> the corrupted key in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\ProfileList". The key NEVER gets created.
>
> Also in my event log, I get Event ID 1515:
>
> Windows has backed up this user's profile. Windows will
> automatically try to use the backed up profile the next
> time this user logs on.
>
> And Event 1508:
>
> Windows was unable to load the registry. This is often
> caused by insufficient memory or insufficient security
> rights. DETAIL - The process cannot access the file
> because it is being used by another process
>
> Other symptoms:
>
> 1) the users C:\Users\xxxxx directory never gets created
>
> 2) I can edit the registry through Regedit till my eyes pop out
>
> 3) My "netlogon" script, does not run on the new users (old users
> work fine). I can run my netlogon script manually without event
>
> 4) deleting the user and recreating it has no symptom change
>
> 5) addition new users have same symptom
>
>
> I have Googled till my eyes burn. All I get is how to fix
> this in Vista. What in the world is going on?
>
> Many thanks,
> -T


Do you have a profile path setup in the user's ADUC properties? If so, what
are the share and NTFS permissions on the user's folder the path is pointing
to?

Is SMS or SCOM involved?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Ace Fekay [MCT] wrote:
> "ToddAndMargo" <> wrote in message
> news:...
>> Hi All,
>>
>> Help! I have no clue what is going on. :'(
>>
>> This just started two days ago.
>>
>> Whenever I create any new user on my NT Domain Controller
>> and log into my WS08R2 Terminal Server with the new user's
>> Domain account, I get a message in the Event log and in
>> a pop up:
>>
>> Your user profile was not loaded correctly you have
>> been logged on with a temporary profile (Event ID 1151)
>>
>> *THIS IS NOT THE VISTA ERROR* that is resolved by deleting
>> the corrupted key in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>> NT\CurrentVersion\ProfileList". The key NEVER gets created.
>>
>> Also in my event log, I get Event ID 1515:
>>
>> Windows has backed up this user's profile. Windows will
>> automatically try to use the backed up profile the next
>> time this user logs on.
>>
>> And Event 1508:
>>
>> Windows was unable to load the registry. This is often
>> caused by insufficient memory or insufficient security
>> rights. DETAIL - The process cannot access the file
>> because it is being used by another process
>>
>> Other symptoms:
>>
>> 1) the users C:\Users\xxxxx directory never gets created
>>
>> 2) I can edit the registry through Regedit till my eyes pop out
>>
>> 3) My "netlogon" script, does not run on the new users (old users
>> work fine). I can run my netlogon script manually without event
>>
>> 4) deleting the user and recreating it has no symptom change
>>
>> 5) addition new users have same symptom
>>
>>
>> I have Googled till my eyes burn. All I get is how to fix
>> this in Vista. What in the world is going on?
>>
>> Many thanks,
>> -T
>
>
> Do you have a profile path setup in the user's ADUC properties? If so, what
> are the share and NTFS permissions on the user's folder the path is pointing
> to?
>
> Is SMS or SCOM involved?

Hi Ace,

Thank you for the help. I am going nuts here. :'(

Not to sound too ignorant here, but what are "ADUC",
"SMS", and "SCOM"?

On the NTFS, do you mean "C:\Users" individual folder? It never
gets created. He gets "C:\Users\TEMP", which gets erased when
he logs out. I tried copying and renaming TEMP to his real name,
with his permissions, but next time he logs in, he gets TEMP again.

Many thanks,
-T

Hello ToddAndMargo,

See inline.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Ace Fekay [MCT] wrote:
>
>> "ToddAndMargo" <> wrote in message
>> news:...
>>
>>> Hi All,
>>>
>>> Help! I have no clue what is going on. :'(
>>>
>>> This just started two days ago.
>>>
>>> Whenever I create any new user on my NT Domain Controller
>>> and log into my WS08R2 Terminal Server with the new user's
>>> Domain account, I get a message in the Event log and in
>>> a pop up:
>>> Your user profile was not loaded correctly you have been logged on
>>> with a temporary profile (Event ID 1151)
>>>
>>> *THIS IS NOT THE VISTA ERROR* that is resolved by deleting
>>> the corrupted key in "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
>>> NT\CurrentVersion\ProfileList". The key NEVER gets created.
>>> Also in my event log, I get Event ID 1515:
>>>
>>> Windows has backed up this user's profile. Windows will
>>> automatically try to use the backed up profile the next time this
>>> user logs on.
>>>
>>> And Event 1508:
>>>
>>> Windows was unable to load the registry. This is often caused by
>>> insufficient memory or insufficient security rights. DETAIL - The
>>> process cannot access the file because it is being used by another
>>> process
>>>
>>> Other symptoms:
>>>
>>> 1) the users C:\Users\xxxxx directory never gets created
>>>
>>> 2) I can edit the registry through Regedit till my eyes pop out
>>>
>>> 3) My "netlogon" script, does not run on the new users (old users
>>> work fine). I can run my netlogon script manually without event
>>>
>>> 4) deleting the user and recreating it has no symptom change
>>>
>>> 5) addition new users have same symptom
>>>
>>> I have Googled till my eyes burn. All I get is how to fix this in
>>> Vista. What in the world is going on?
>>>
>>> Many thanks,
>>> -T
>> Do you have a profile path setup in the user's ADUC properties? If
>> so, what are the share and NTFS permissions on the user's folder the
>> path is pointing to?
>>
>> Is SMS or SCOM involved?
>>
> Hi Ace,
>
> Thank you for the help. I am going nuts here. :'(
>
> Not to sound too ignorant here, but what are "ADUC", "SMS", and
> "SCOM"?

AD UC is Active directory users and computers, where you find on the user
account properties the profile path mentioned by Ace.

SMS is System Management service http://www.microsoft.com/smserver/ev...s/default.mspx

SCOM is System Center Operqations manager http://www.microsoft.com/systemcente...s/default.aspx

> On the NTFS, do you mean "C:\Users" individual folder? It never
> gets created. He gets "C:\Users\TEMP", which gets erased when
> he logs out. I tried copying and renaming TEMP to his real name,
> with his permissions, but next time he logs in, he gets TEMP again.

If users logon with a TEMP profile this normally means you use a roaming
profile stored on a server(user account properties the profile path) in the
network, which they are not able to access, either the NTFS permissions or
the share permissions on that folder are not correct.

Also you are not able to modify TEMP folders because they will be deleted
when the user logoff.

> Many thanks,
> -

Meinolf Weber [MVP-DS] wrote:
>> On the NTFS, do you mean "C:\Users" individual folder? It never
>> gets created. He gets "C:\Users\TEMP", which gets erased when
>> he logs out. I tried copying and renaming TEMP to his real name,
>> with his permissions, but next time he logs in, he gets TEMP again.
>
> If users logon with a TEMP profile this normally means you use a roaming
> profile stored on a server(user account properties the profile path) in
> the network, which they are not able to access, either the NTFS
> permissions or the share permissions on that folder are not correct.
>
> Also you are not able to modify TEMP folders because they will be
> deleted when the user logoff.

Hi Meinolf,

The server in question (WS08R2 Terminal Server) is not a domain
controller of any flavor. So no Active Directory (AD). The NT
Domain Controller also does not have AD.

By "Roaming", are you referring to "%userprofile%\AppData\Roaming"?
If so, new Domain users do not get one as "%userprofile%" never
gets created.

By "roaming, might you be referring to the registry settings in
"HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\WindowsNT\
CurrentVersion\ProfileList"? If so, they exist for current
users from the Domain, but do not get created for new Domain
users.

In WS08, are "roaming" profiles those profiles that are not local
(those imported from the Domain controller)? Or are you referring to
something else?

I have not tried creating a local users and seeing what happens.
The only local users are Administrator" and "Guest", which is
disabled.

By TEMP I mean "C:\users\TEMP" not "%userprofile%\AppData\Local\Temp"

When a new Domain user logs in, say "foo", instead of getting
a "C:\Users\foo" directory created, he gets "C:\Users\TEMP".
Foo can modify to his hearts content inside it, but
Foo gets his "C:\Users\TEMP" erased when he logs out, loosing
everything.

What NTFS permissions does your "C:\Users" have?

Mine:
Everyone: Read and Execute, List, Read
System: everything
Administrators (local): everything
Uses (local): Read and Execute, List, Read


Many thanks,
-T

ToddAndMargo wrote:

> I have not tried creating a local users and seeing what happens.
> The only local users are Administrator" and "Guest", which is
> disabled.

Update. I can create a local user account without problems.

"ToddAndMargo" <> wrote in message
news:...
> ToddAndMargo wrote:
>
>> I have not tried creating a local users and seeing what happens.
>> The only local users are Administrator" and "Guest", which is
>> disabled.
>
> Update. I can create a local user account without problems.


So it works with a user account that you created?

With Terminal services, you would create the user account in Computer
Management, Local Users, etc. You can specify roaming profiles, logon
scripts, etc.

When a user, such as "Bob" would log on and only seeing a temp folder, where
was Bob's account created? On this machine, or in AD? But you said you don't
have AD? I'm a little confused.

Ace

Ace Fekay [MCT] wrote:
> "ToddAndMargo" <> wrote in message
> news:...
>> ToddAndMargo wrote:
>>
>>> I have not tried creating a local users and seeing what happens.
>>> The only local users are Administrator" and "Guest", which is
>>> disabled.
>> Update. I can create a local user account without problems.
>
>
> So it works with a user account that you created?
>
> With Terminal services, you would create the user account in Computer
> Management, Local Users, etc. You can specify roaming profiles, logon
> scripts, etc.
>
> When a user, such as "Bob" would log on and only seeing a temp folder, where
> was Bob's account created? On this machine, or in AD? But you said you don't
> have AD? I'm a little confused.

Hi Ace,

All users that are created locally on the Terminal Server
(TS) do not have a problem.

New users that reside on a separate computer acting as an
"NT Domain Controller" can log into the TS, but get
%userprofile% = C:\Users\TEMP. This behavior was
first observed last Wednesday. Old users on the
NT Domain Controller work fine.

Think of my "NT Domain Controller" as an "old"
"NT 4.0" Primary Domain Controller (PDC). No AD.
(samba-3.0.33-3.15.el5_4)

Things that have changed since last Wednesday:
1) installed Cobian Backup on the TS
2) upgraded my NT Domain Controller

I am thinking of turning off Cobian's service
tomorrow and seeing if a new user I created on
the PDC can get in without the TEMP problem. I
am thinking that Cobian may be holding something
open in the registry.

Event 1508: Windows was unable to load the registry

I am thinking that this may be the cause. Otherwise,
I will revert the PDC Tuesday when I am out at the
customer's site.

It would be really, really nice if Windows would tell
me exactly why it can't create a roaming user account.
But, then again, it may have (error 1508). Still,
it could be a bit more verbose.

I will keep everyone apprised. Thank you for all
the help.

-T

Hello ToddAndMargo,

Please clarify the "New users that reside on a separate computer acting as
an NT Domain Controller",is that machine a NT4 PDC or not, you stated something
with samba-3.0.33-3.15.el5_4 server?

Is the firewall disabled form the 2008 R2 machine?

Also 2008 and higher have a a higher level of security configuration which
blocks connectivity with with NT4 in a domain.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Ace Fekay [MCT] wrote:
>
>> "ToddAndMargo" <> wrote in message
>> news:...
>>
>>> ToddAndMargo wrote:
>>>
>>>> I have not tried creating a local users and seeing what happens.
>>>> The only local users are Administrator" and "Guest", which is
>>>> disabled.
>>>>
>>> Update. I can create a local user account without problems.
>>>
>> So it works with a user account that you created?
>>
>> With Terminal services, you would create the user account in Computer
>> Management, Local Users, etc. You can specify roaming profiles, logon
>> scripts, etc.
>>
>> When a user, such as "Bob" would log on and only seeing a temp
>> folder, where was Bob's account created? On this machine, or in AD?
>> But you said you don't have AD? I'm a little confused.
>>
> Hi Ace,
>
> All users that are created locally on the Terminal Server (TS) do not
> have a problem.
>
> New users that reside on a separate computer acting as an
> "NT Domain Controller" can log into the TS, but get
> %userprofile% = C:\Users\TEMP. This behavior was
> first observed last Wednesday. Old users on the
> NT Domain Controller work fine.
> Think of my "NT Domain Controller" as an "old"
> "NT 4.0" Primary Domain Controller (PDC). No AD.
> (samba-3.0.33-3.15.el5_4)
> Things that have changed since last Wednesday:
> 1) installed Cobian Backup on the TS
> 2) upgraded my NT Domain Controller
> I am thinking of turning off Cobian's service
> tomorrow and seeing if a new user I created on
> the PDC can get in without the TEMP problem. I
> am thinking that Cobian may be holding something
> open in the registry.
> Event 1508: Windows was unable to load the registry
>
> I am thinking that this may be the cause. Otherwise, I will revert
> the PDC Tuesday when I am out at the customer's site.
>
> It would be really, really nice if Windows would tell
> me exactly why it can't create a roaming user account.
> But, then again, it may have (error 1508). Still,
> it could be a bit more verbose.
> I will keep everyone apprised. Thank you for all
> the help.
> -T
>

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:. com...
> Hello ToddAndMargo,
>
> Please clarify the "New users that reside on a separate computer acting as
> an NT Domain Controller",is that machine a NT4 PDC or not, you stated
> something with samba-3.0.33-3.15.el5_4 server?
>
> Is the firewall disabled form the 2008 R2 machine?
>
> Also 2008 and higher have a a higher level of security configuration which
> blocks connectivity with with NT4 in a domain.
>
> Best regards
>
> Meinolf Weber

Hi Meinolf,

It appears he has an old NT4 domain.

To Todd&Margo:

AD or NT4, they are domains. So when you create a domain account, it doesn't
"work." Check all properties of the new domain account and compare it to a
domain user account that does work. It's possible you have a roaming profile
set on other accuonts that was not set on the new account, or that the
security on the 2008 machine, as Meinolf indicated.

Ace