Roaming user profile problems - EventId: 1509, 1511, 1511

Discussion in 'Windows Small Business Server' started by Nick, Mar 9, 2009.

  1. Nick

    Nick Guest

    We have recently started seeing some Roaming User Profile problems, Source:
    UserEnv, EventId: 1509, 1511, 1511. If the user reboots thing are generally
    then fine. These are mostly user profiles that have been working fine for
    the past four years.

    Has anyone else noticed similar problems recently, could it be down to a
    recent MS update.

    Nick
     
    Nick, Mar 9, 2009
    #1
    1. Advertisements

  2. Nope, no problems seen here. I'm posting my standard boilerplate on roaming
    profiles below, as you may find a clue therein.

    ********************
    General tips:

    1. Set up a share on the server. For example - d:\profiles, shared as
    profiles$ to make it hidden from browsing. Make sure this share is *not* set
    to allow offline files/caching! (that's on by default - disable it)

    2. Make sure the share permissions on profiles$ indicate everyone=full
    control. Set the NTFS security to administrators, system, and users=full
    control.

    3. In the users' ADUC properties, specify \\server\profiles$\%username% in
    the profiles field

    4. Have each user log into the domain once - if this is an existing user
    with a profile you wish to keep, have them log in at their usual
    workstationand log out. The profile is now roaming.

    5. If you want the administrators group to automatically have permissions to
    the profiles folders, you'll need to make the appropriate change in group
    policy. Look in computer configuration/administrative templates/system/user
    profiles - there's an option to add administrators group to the roaming
    profiles permissions. Do this *before* the users' roaming profile folders
    are created - it isn't retroactive.

    ********************
    Notes:

    Make sure users understand that they should not log into multiple computers
    at the same time when they have roaming profiles (unless you make the
    profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
    them, which has major disadvantages),. Explain that the 'last one out wins'
    when it comes to uploading the final, changed copy of the profile. If you
    want to restrict multiple simultaneous network logins, look at LimitLogon
    (too much overhead for me), or this:
    http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

    ********************
    Keep your profiles TINY. Via group policy, you should be redirecting My
    Documents (at the very least) - to a subfolder of the user's home directory
    or user folder. Also consider redirecting Desktop & Application Data
    similarly..... so the user will end up with:

    \\server\users\%username%\My Documents,
    \\server\users\%username%\Desktop,
    \\server\users\%username%\Application Data.

    [Alternatively, just manually re-target My Documents to
    \\server\users\%username% (this is not optimal, however!)]

    You should use folder redirection even without roaming profiles, but it's
    especially critical if you *are* using them.

    If you aren't going to also redirect the desktop using policies, tell users
    that they are not to store any files on the desktop or you will beat them
    with a
    stick. Big profile=slow login/logout, and possible profile corruption.

    ********************
    Note that user profiles are not compatible between different OS versions,
    even between W2k/XP. Keep all your computers. Keep your workstations as
    identical as possible - meaning, OS version is the same, SP level is the
    same, app load is (as much as possible) the same.

    *********************
    If you also have Terminal Services users, make sure you set up a different
    TS profile path for them in their ADUC properties - e.g.,
    \\server\tsprofiles$\%username%

    ********************
    Do not let people store any data locally - all data belongs on the server.

    ********************
    The User Profile Hive Cleanup Utility should be running on all your
    computers. You can download it here:
    http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

    ********************
    Roaming profile & folder redirection article -
    http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html
     
    Lanwench [MVP - Exchange], Mar 9, 2009
    #2
    1. Advertisements

  3. Nick

    Nick Guest

    Just noticed additional detail in case that suggests any further clues:

    DETAIL - The specified network name is no longer available.

    These are not new user profiles, most have been working fine for years but
    only recently been seeing these errors.

    Nick
     
    Nick, Mar 10, 2009
    #3
  4. Check out my suggestions and then post back if you still have the problem.
     
    Lanwench [MVP - Exchange], Mar 10, 2009
    #4
  5. Nick

    Nick Guest

    Lanwench,

    This feels much more like a network problem than anything particularly
    related to the profiles.

    Moving on to your suggestions:
    Yep, that is how they are done except ours is not $ hidden.
    Yep, thats how our user profiles work.
    These profiles have been running for years, not new ones.
    Yep, did that a while back.

    Thanks, for your suggestions.
    Nick


    "Lanwench [MVP - Exchange]"
     
    Nick, Mar 10, 2009
    #5
  6. Nick

    Nick Guest

    Another potential clue. One workstation had a TCP flood warning this
    morning, that machine has now been virus checked but nothing more than a few
    cookies was found.

    Event Type: Warning
    Event Source: Tcpip
    Event Category: None
    Event ID: 4226
    Date: 10/03/2009
    Time: 10:51:47
    Description:
    TCP/IP has reached the security limit imposed on the number of concurrent
    TCP connect attempts.


    Nick
     
    Nick, Mar 10, 2009
    #6
  7. Could be, yes.
    No, because SBS doesn't create this path at all. And it's up to you, but I
    prefer to leave my share permissions wide open and control all via NTFS
    perms. This is especially true for profiles.
    What about UPHClean?
    What about folder redirection?
     
    Lanwench [MVP - Exchange], Mar 10, 2009
    #7
  8. Nick

    Nick Guest

    "Lanwench [MVP - Exchange]"
    UPHClean running on all workstations, has been for a few years.
    Folder redirection as per SBS standard setup, all in 'User Shared Folders'
    share.
     
    Nick, Mar 10, 2009
    #8
  9. OK - make sure it's v 1.6d.
    That doesn't redirect anything but My Documents. I like to redirect My Docs,
    App Data and Desktop. I don't use the built-in GPO (SBS console) stuff - I
    set up my own. I have never had problems with it when I've done it that way.
    You might try it....
     
    Lanwench [MVP - Exchange], Mar 11, 2009
    #9
  10. Nick

    Joe Dunne Guest

    You mentioned keeping the profile small. What do you consider a reasonable size? What it too large?

    THanks,

    Joe



    Lanwench [MVP - Exchange] wrote:

    Re: Roaming user profile problems - EventId: 1509, 1511, 1511
    10-Mar-09


    OK - make sure it's v 1.6d.


    That doesn't redirect anything but My Documents. I like to redirect My Docs,
    App Data and Desktop. I don't use the built-in GPO (SBS console) stuff - I
    set up my own. I have never had problems with it when I've done it that way.
    You might try it....

    Previous Posts In This Thread:

    Roaming user profile problems - EventId: 1509, 1511, 1511
    We have recently started seeing some Roaming User Profile problems, Source:
    UserEnv, EventId: 1509, 1511, 1511. If the user reboots thing are generally
    then fine. These are mostly user profiles that have been working fine for
    the past four years.

    Has anyone else noticed similar problems recently, could it be down to a
    recent MS update.

    Nick

    Re: Roaming user profile problems - EventId: 1509, 1511, 1511

    Nope, no problems seen here. I'm posting my standard boilerplate on roaming
    profiles below, as you may find a clue therein.

    ********************
    General tips:

    1. Set up a share on the server. For example - d:\profiles, shared as
    profiles$ to make it hidden from browsing. Make sure this share is *not* set
    to allow offline files/caching! (that's on by default - disable it)

    2. Make sure the share permissions on profiles$ indicate everyone=full
    control. Set the NTFS security to administrators, system, and users=full
    control.

    3. In the users' ADUC properties, specify \\server\profiles$\%username% in
    the profiles field

    4. Have each user log into the domain once - if this is an existing user
    with a profile you wish to keep, have them log in at their usual
    workstationand log out. The profile is now roaming.

    5. If you want the administrators group to automatically have permissions to
    the profiles folders, you'll need to make the appropriate change in group
    policy. Look in computer configuration/administrative templates/system/user
    profiles - there's an option to add administrators group to the roaming
    profiles permissions. Do this *before* the users' roaming profile folders
    are created - it isn't retroactive.

    ********************
    Notes:

    Make sure users understand that they should not log into multiple computers
    at the same time when they have roaming profiles (unless you make the
    profiles mandatory by renaming ntuser.dat to ntuser.man so they can't change
    them, which has major disadvantages),. Explain that the 'last one out wins'
    when it comes to uploading the final, changed copy of the profile. If you
    want to restrict multiple simultaneous network logins, look at LimitLogon
    (too much overhead for me), or this:
    http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8768

    ********************
    Keep your profiles TINY. Via group policy, you should be redirecting My
    Documents (at the very least) - to a subfolder of the user's home directory
    or user folder. Also consider redirecting Desktop & Application Data
    similarly..... so the user will end up with:

    \\server\users\%username%\My Documents,
    \\server\users\%username%\Desktop,
    \\server\users\%username%\Application Data.

    [Alternatively, just manually re-target My Documents to
    \\server\users\%username% (this is not optimal, however!)]

    You should use folder redirection even without roaming profiles, but it's
    especially critical if you *are* using them.

    If you aren't going to also redirect the desktop using policies, tell users
    that they are not to store any files on the desktop or you will beat them
    with a
    stick. Big profile=slow login/logout, and possible profile corruption.

    ********************
    Note that user profiles are not compatible between different OS versions,
    even between W2k/XP. Keep all your computers. Keep your workstations as
    identical as possible - meaning, OS version is the same, SP level is the
    same, app load is (as much as possible) the same.

    *********************
    If you also have Terminal Services users, make sure you set up a different
    TS profile path for them in their ADUC properties - e.g.,
    \\server\tsprofiles$\%username%

    ********************
    Do not let people store any data locally - all data belongs on the server.

    ********************
    The User Profile Hive Cleanup Utility should be running on all your
    computers. You can download it here:
    http://www.microsoft.com/downloads/...6D-8912-4E18-B570-42470E2F3582&displaylang=en

    ********************
    Roaming profile & folder redirection article -
    http://www.windowsnetworking.com/ar...e-Folder-Redirection-Windows-Server-2003.html

    Re: Roaming user profile problems - EventId: 1509, 1511, 1511
    Just noticed additional detail in case that suggests any further clues:

    DETAIL - The specified network name is no longer available.

    These are not new user profiles, most have been working fine for years but
    only recently been seeing these errors.

    Nick



    Re: Roaming user profile problems - EventId: 1509, 1511, 1511
    Check out my suggestions and then post back if you still have the problem.

    Lanwench,This feels much more like a network problem than anything
    Lanwench,

    This feels much more like a network problem than anything particularly
    related to the profiles.

    Moving on to your suggestions:


    Yep, that is how they are done except ours is not $ hidden.


    Ours has Everyone=Read, <domainname> group (which includes all users)=Full.
    I think this is how SBS must have created them in the first place.


    Yep, thats how our user profiles work.


    These profiles have been running for years, not new ones.


    Yep, did that a while back.

    Thanks, for your suggestions.
    Nick


    "Lanwench [MVP - Exchange]"

    Another potential clue.
    Another potential clue. One workstation had a TCP flood warning this
    morning, that machine has now been virus checked but nothing more than a few
    cookies was found.

    Event Type: Warning
    Event Source: Tcpip
    Event Category: None
    Event ID: 4226
    Date: 10/03/2009
    Time: 10:51:47
    Description:
    TCP/IP has reached the security limit imposed on the number of concurrent
    TCP connect attempts.


    Nick




    Re: Roaming user profile problems - EventId: 1509, 1511, 1511

    Could be, yes.

    No, because SBS doesn't create this path at all. And it's up to you, but I
    prefer to leave my share permissions wide open and control all via NTFS
    perms. This is especially true for profiles.

    What about UPHClean?
    What about folder redirection?

    Re: Roaming user profile problems - EventId: 1509, 1511, 1511
    "Lanwench [MVP - Exchange]"

    UPHClean running on all workstations, has been for a few years.
    Folder redirection as per SBS standard setup, all in 'User Shared Folders'
    share.

    Re: Roaming user profile problems - EventId: 1509, 1511, 1511

    OK - make sure it's v 1.6d.


    That doesn't redirect anything but My Documents. I like to redirect My Docs,
    App Data and Desktop. I don't use the built-in GPO (SBS console) stuff - I
    set up my own. I have never had problems with it when I've done it that way.
    You might try it....


    Submitted via EggHeadCafe - Software Developer Portal of Choice
    Register COM Components Remotely with ASP
    http://www.eggheadcafe.com/tutorial...d-68dbca3ab2ca/register-com-components-r.aspx
     
    Joe Dunne, Feb 8, 2010
    #10
  11. Nick

    Foxden

    Joined:
    Mar 8, 2013
    Messages:
    1
    Likes Received:
    0
    Event 1509

    I had the same problem today & this worked for me:
    Go to the folder where the user profiles are & go to the folder properties of each user & untick the "Read-only (Only applies to files in folder)". This tickbox will re-appear (I don't know why) when you go back to the folder properties but all user profiles should save when they log off.
    Setup:
    VirtualBox running 1 Server 2008 R8, basic AD with roaming profiles, 2 virtual client machines, XP (this one works fine) & Windows 7 (worked fine for a while)
     
    Foxden, Mar 8, 2013
    #11
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.