RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
↑ Back to the top
Consider the following scenario:
��������� Two different domains; CONTOSO and TECH
��������� Users are in CONTOSO domain
��������� The terminal server and the profile share are on TECH domain
��������� There is a one way trust between CONTOSO and TECH domains
��������� The TECH is the trusting domain and CONTOSO domain is trusted domain
��������� Users logon to Terminal Server, which is the TECH Domain using CONTOSO user accounts.
With this scenario, you are unable to get TS profile redirection applied through Group Policy to for the following:
��������� Set path for TS roaming profiles
��������� TS user home directory
↑ Back to the top
The permissions are not properly set on �Allowed to Authenticate� on Terminal Server and Profile Server.
Extract from Userenv:
USERENV(3b0.3d8) 13:55:39:633 LoadUserProfile: Entering, hToken = <0xb48>, lpProfileInfo = 0x14d4df0
USERENV(3b0.3d8) 13:55:39:633 LoadUserProfile: lpProfileInfo->dwFlags = <0x0>
USERENV(3b0.3d8) 13:55:39:648 LoadUserProfile: lpProfileInfo->lpUserName = <Username>
USERENV(3b0.3d8) 13:55:39:648 LoadUserProfile: lpProfileInfo->lpProfilePath = <\\<ServerName>\<Sharename>\<FolderName>\<Username>
USERENV(3b0.3d8) 13:55:39:648 LoadUserProfile: lpProfileInfo->lpDefaultPath = <\\<DCName>\netlogon\Default User>
USERENV(3b0.3d8) 13:55:39:648 LoadUserProfile: NULL server name
USERENV(3b0.3d8) 13:55:39:664 LoadUserProfile: User sid: S-1-5-21-842925246-1202660629-682003330-291167
USERENV(3b0.3d8) 13:55:39:664 CSyncManager::EnterLock <S-1-5-21-842925246-1202660629-682003330-291167>
USERENV(3b0.3d8) 13:55:39:664 CSyncManager::EnterLock: No existing entry found
USERENV(3b0.3d8) 13:55:39:664 CSyncManager::EnterLock: New entry created
USERENV(3b0.3d8) 13:55:39:679 CHashTable::HashAdd: S-1-5-21-842925246-1202660629-682003330-291167 added in bucket 12
USERENV(3b0.3d8) 13:55:39:679 LoadUserProfile: Wait succeeded. In critical section.
USERENV(3b0.3d8) 13:55:39:679 GetUserGuid: Failed to get user guid with 1355.
USERENV(3b0.3d8) 13:55:39:695 GetProfileSid: No Guid -> Sid Mapping available
USERENV(3b0.3d8) 13:55:39:695 TestIfUserProfileLoaded:� return with error 2.
USERENV(3b0.3d8) 13:55:39:695 GetUserGuid: Failed to get user guid with 1355.
USERENV(3b0.3d8) 13:55:39:711 GetProfileSid: No Guid -> Sid Mapping available
USERENV(3b0.3d8) 13:55:39:711 LoadUserProfile: Expanded profile path is <\\<ServerName>\<Sharename>\<FolderName>\<Username>
USERENV(3b0.3d8) 13:55:39:711 ParseProfilePath: Entering, lpProfilePath = <\\<ServerName>\<Sharename>\<FolderName>\<Username>
USERENV(3b0.3d8) 13:55:39:711 CheckXForestLogon: checking x-forest logon, user handle = 2888
USERENV(3b0.3d8) 13:55:39:726 CheckXForestLogon: policy set to disable XForest check
USERENV(3b0.3d8) 13:55:39:945 AbleToBypassCSC: Try to bypass CSC
USERENV(3b0.3d8) 13:55:40:195 AbleToBypassCSC: tried NPAddConnection3ForCSCAgent. Error 1935
USERENV(3b0.3d8) 13:55:40:664 ParseProfilePath: CSC bypassed failed. Ignoring Roaming profile path
USERENV(3b0.3d8) 13:55:40:664 ReportError: Impersonating user.
USERENV(3b0.3d8) 13:55:40:679 ReportError: Logging Error <Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you logoff. Possible causes of this error include network problems or insufficient security rights. If this problem persists, contact your network administrator.��
�
�
�
DETAIL - Logon Failure: The machine you are logging onto is protected by an authentication firewall.� The specified account is not allowed to authenticate to the machine.
↑ Back to the top
Once we give the "Allow to Authenticate" permission on Terminal Server and Profile Server, we would get the profile path.
↑ Back to the top