Saturday, September 26, 2009

Roaming Profiles Sync-to-Server Problems

For several years, I’ve used roaming profiles in my Microsoft Active Directory domain at home so my family members get to keep their settings after I reimage their computers, which happens once in a while.  Sure I could have used the USMT or FAST wizard or copied the data manually but this “enterprise” way of doing it allowed me to learn the technology enough to actually be able to recommend (or not) to my clients, based on personal experiences with it.  Note here that using ONLY roaming profiles to store user data and settings on a server is NOT recommended.  A comprehensive desktop strategy which integrates several technologies such as redirected folders, and appropriate exclusions via Group Policies, among other things is required for good results.  In my home setup, I’ve used Dan Holme’s solutions collection 3, as described in his Microsoft Press book “Windows Administration Resource Kit, Productivity Solutions for IT Professionals”, ISBN 978-0-7356-2431-3.  This has served me quite well.  Before implementing these solutions, roaming profiles and other technologies never worked well together in my network, so I highly recommend his book.

One particular headache with roaming profiles however is when the profile stops being uploaded to the server at logoff.  I’ve discovered this happens for different reasons, and each time, it was difficult to identify the root cause.  Searching the Internet for the particular error message (or lack thereof), or event ID, did not always lead to any conclusive fix.  Most of the time, solutions such as domain un-join/re-join, or deleting the local profile, I thought were too drastic, and felt like they never would reveal the true cause of the problem.  In general, I tend to troubleshoot in a more methodical way, and don’t fall for the random “shoot-in-every-direction-until-you-kill-the-problem” method.

So, I thought I’d share my findings here in hopes they’d be useful for others.

Once, I replaced a Windows Vista Business x86 no-brand machine for a user with a new Windows Vista Business x64 HP Pavilion machine.  The swap went well, and the user logged in and got his desktop and settings just like in his old machine.  At logoff however, I noticed it was very fast, and the usual 30 seconds to a minute the system takes to write the roaming profile to the server just wasn’t there.  No error message or event ID was present in this case, and had I not been paying attention and known better, I would have concluded “wow, this new machine is fast” and been done with it!  So, I looked on the server and noticed the last time the ntuser.dat file was written was when he had last logged off his old computer.  So, I Googled for a long time and finally found someone with an HP computer who had the same problem and who had to disable the “NVIDIA Display Driver Service” from msconfig/services tab.  When I implemented this workaround, the roaming profile started to get written to the server again at logoff.  And, the service has been disabled ever since with no adverse effect and no impact that I can tell.  This was reported to HP and they advised they would fix it.  I do not know the status of this case however.

Another time, on my own machine, I got an error message at logoff that my roaming profile was not completely synchronized with the server.  I therefore checked the server and found ntuser.dat had indeed been updated when I logged off.  I logged back in and then got a balloon pop up in systray which indicated that I was logged on with a temporary profile.  I went to the even log and found many event ID 1509 errors followed by 1504 corresponding to the previous logoff.  The event 1509 errors were “Windows cannot copy file C:\Users\username\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TSACWEND\cisco.elementk.com…” “The filename or extension is too long”.  So, I looked into this directory and indeed found many nested folders under this.  Basically, this is cached data from my previous training session I had just taken at Cisco elementk.  The training was apparently based on Flash and had cached too many levels of folders, which prevented the roaming profile mechanism from copying them to the server.  Because I was done with the course and did not need these “cookie-like” files anymore, I deleted the “cisco.elementk.com” folder and did a logoff.  No further errors!

As you can see, roaming profiles can be a bit finicky, however, if you take the time to research the error, it is possible to fix without resorting to the more drastic measures suggested in some online forums.