Profile Issues
in [Terminal Services]
|
From: Lanwench [MVP - Exchange] on 23 Apr 2008 08:59 teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > Thanks so much for your reply. The caching error is gone. I have > question regarding the registry. Every day or so, I see a message > stating "the registry has exceeded the allowed limit. The system > will not be able to handle any further requests." I opened the > registry and discovered over 50 old user profiles. Some of these > user have been gone for years. Do you have any information on how to > "clean" up the registry safely? I don't typically like to go in this > area, however, we are experiencing an ongoing issue that needs to be > addressed. Check out delprof from the resource kit - or change your policy to delete cached profiles. Don't muck around in the registry. > > Thanks again. > > "Lanwench [MVP - Exchange]" wrote: > >> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: >>> Thanks for your reply. As for the answers to your questions: >>> >>>> Yes - do this. Disable offline caching on the shared that store >>>> profiles. >>> >>> The option to disable offline caching states "Files or programs from >>> the share will not be available offline." Are there any negative >>> impacts if we enable this? >> >> Nope. You should never have it enabled on any folder that holds >> profiles. >> >>> Can I disable this while users are >>> currently logged on the system, or should I wait until they are off? >> >> I'd do it ASAP. They will need to log out / back in before the >> message goes away, tho. >> >>> >>>> I'm presuming you've got TS profile paths defined for each user >>>> either in ADUC or via GPO (with loopback processing). >>> >>> Yes. I use ADUC. My TS profile paths point to our fileserver, >>> i.e., \\fileserver\profiles >> >> OK - but you need separate profiles for your TS users - don't use >> the same path you use for regular desktop users. And you can >> (should!) specify the TS profile path in the GPO you use to manage >> your terminal servers, not in ADUC, to make sure it gets applied to >> any user who happens to log into TS. >> >> Also make sure you've set up your GPO here to grant the >> Administrators group permission to the profiles. >>> >>>> You should be using folder redirection so that the profiles are >>>> kept miniscule - do this for My Documents, Application Data, and >>>> Desktop, for both TS users and regular users. >>> >>> I am not sure how to do folder redirection. Do you do this within >>> ADUC? >> >> No - it's via group policy. I'd set up a custom GPO that redirects My >> Documents, Application Data, and Desktop, and link it to the >> appropriate parent OU - so it affects *all* users regardless of >> where they log in, TS or no (if you have multiple offices/locations >> you'll need to create separate policies linked at the appropriate >> OUs). >> >> I choose the option to redirect everyone to the same location, which >> creates a folder under the parent. As the parent I tend to use >> something like \\server\users - permissions on that folder are set >> up as per KB 274443 >> >> So, each user winds up with >> >> \\server\users\%username%\My Documents >> \\server\users\%username%\Application Data >> \\server\users\%username%\Desktop >> >> In the policy under each folder, I *untick* the option to grant users >> exclusive permission. The root folder has the permissions set up >> properly already so that the user, Administrators & System all have >> the access they need- and other users don't have access to stuff >> they shouldn't. >> >> Enabling the administrator to have access to redirected folders >> http://support.microsoft.com/kb/288991 >> >> Roaming profile & folder redirection article - >> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html >>> >> >>>> Also,you can set your policy to delete the cached profiles if you >>>> like. >>> >>> Is this in mmc > Group Policy Editor >> >> Easier to install the GPMC (group policy managment console) - makes >> managing this SO much nicer. Put it on all your DCs. >> >>>> Administrative Templates > >>> System > User Profiles. If so, would I do this on both terminal >>> servers? >> >> Put both TS boxes in the same OU and create a custom GPO with >> loopback processing applied- follow the steps in KB 278295 >> >> >>> >>>> Hmmm. Why is this pointing to a drive called M, just out of >>>> curiosity? >>> >>> Our C:\ has been mapped to M:\. I am not sure why they did that. >>> In any case, all our programs and documents and settings are stored >>> on the M:\ drive. >> >> OK..... >>> >>>> UPHClean *should* be taking care of this.....but do answer the >>>> questions/stuff above. >>> >>> I don't know why UPHClean is not taking care of it. Do you know if >>> there is a new release? >> >> 1.6 is the latest AFAIK. But cleaning up the above may render this >> irrelevant as it may just start working:-) >>> >>> >>> >>> >>> >>> >>> "Lanwench [MVP - Exchange]" wrote: >>> >>>> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: >>>>> I am fairly new to profiles and have been reading a lot of >>>>> information to educate myself. We run two terminal servers >>>>> (Citrix Farm) on Windows Server 2003. UPHClean is installed. >>>>> I've been seeing the following error: >>>>> >>>>> Event ID 1525: >>>>> >>>>> Windows has detected that Offline Caching is enabled on the >>>>> Roaming Profile share - to avoid potential profile corruption, >>>>> Offline Caching must be disabled on shares where roaming user >>>>> profiles are stored. >>>> >>>> Yes - do this. Disable offline caching on the shared that store >>>> profiles. I'm presuming you've got TS profile paths defined for >>>> each user either in ADUC or via GPO (with loopback processing). >>>>> >>>>> Our profiles are stored on our Fileserver. Everytime a user logs >>>>> on, it also creates a local profile, which tends to take up a lot >>>>> of disk space. >>>> >>>> You should be using folder redirection so that the profiles are >>>> kept miniscule - do this for My Documents, Application Data, and >>>> Desktop, for both TS users and regular users. >>>> >>>> Also,you can set your policy to delete the cached profiles if you >>>> like. >>>>> >>>>> In addition to the error 1525, I received the following: >>>>> >>>>> Windows was unable to load the registry. This is often caused by >>>>> insufficient memory or insufficient security rights. >>>>> >>>>> DETAIL - Insufficient system resources exist to complete the >>>>> requested service. for M:\Documents and >>>>> Settings\[username]\ntuser.dat >>>> >>>> Hmmm. Why is this pointing to a drive called M, just out of >>>> curiosity? >>>>> >>>>> When this occurred, an error was on the screen stating the server >>>>> was "Low on registry space and any further requests would be >>>>> denied." Does anyone know how to increase the registry space? >>>>> >>>>> And lastly, I am having a problem when a user tries to log on and >>>>> they are loaded onto a temporary profile. >>>>> >>>>> Windows cannot load the locally stored profile. Possible causes of >>>>> this error include insufficient security rights or a corrupt local >>>>> profile. If this problem persists, contact your network >>>>> administrator. >>>>> >>>>> DETAIL - The process cannot access the file because it is being >>>>> used by another process. >>>>> >>>>> Their ntuser.dat file appears to be in use, however, they are not >>>>> logged on. Does anyone know how to close this file? >>>> >>>> UPHClean *should* be taking care of this.....but do answer the >>>> questions/stuff above.
From: teenzbutler on 23 Apr 2008 13:48 Thanks. I am going to download the resources kit. "Lanwench [MVP - Exchange]" wrote: > teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > > Thanks so much for your reply. The caching error is gone. I have > > question regarding the registry. Every day or so, I see a message > > stating "the registry has exceeded the allowed limit. The system > > will not be able to handle any further requests." I opened the > > registry and discovered over 50 old user profiles. Some of these > > user have been gone for years. Do you have any information on how to > > "clean" up the registry safely? I don't typically like to go in this > > area, however, we are experiencing an ongoing issue that needs to be > > addressed. > > Check out delprof from the resource kit - or change your policy to delete > cached profiles. > Don't muck around in the registry. > > > > Thanks again. > > > > "Lanwench [MVP - Exchange]" wrote: > > > >> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > >>> Thanks for your reply. As for the answers to your questions: > >>> > >>>> Yes - do this. Disable offline caching on the shared that store > >>>> profiles. > >>> > >>> The option to disable offline caching states "Files or programs from > >>> the share will not be available offline." Are there any negative > >>> impacts if we enable this? > >> > >> Nope. You should never have it enabled on any folder that holds > >> profiles. > >> > >>> Can I disable this while users are > >>> currently logged on the system, or should I wait until they are off? > >> > >> I'd do it ASAP. They will need to log out / back in before the > >> message goes away, tho. > >> > >>> > >>>> I'm presuming you've got TS profile paths defined for each user > >>>> either in ADUC or via GPO (with loopback processing). > >>> > >>> Yes. I use ADUC. My TS profile paths point to our fileserver, > >>> i.e., \\fileserver\profiles > >> > >> OK - but you need separate profiles for your TS users - don't use > >> the same path you use for regular desktop users. And you can > >> (should!) specify the TS profile path in the GPO you use to manage > >> your terminal servers, not in ADUC, to make sure it gets applied to > >> any user who happens to log into TS. > >> > >> Also make sure you've set up your GPO here to grant the > >> Administrators group permission to the profiles. > >>> > >>>> You should be using folder redirection so that the profiles are > >>>> kept miniscule - do this for My Documents, Application Data, and > >>>> Desktop, for both TS users and regular users. > >>> > >>> I am not sure how to do folder redirection. Do you do this within > >>> ADUC? > >> > >> No - it's via group policy. I'd set up a custom GPO that redirects My > >> Documents, Application Data, and Desktop, and link it to the > >> appropriate parent OU - so it affects *all* users regardless of > >> where they log in, TS or no (if you have multiple offices/locations > >> you'll need to create separate policies linked at the appropriate > >> OUs). > >> > >> I choose the option to redirect everyone to the same location, which > >> creates a folder under the parent. As the parent I tend to use > >> something like \\server\users - permissions on that folder are set > >> up as per KB 274443 > >> > >> So, each user winds up with > >> > >> \\server\users\%username%\My Documents > >> \\server\users\%username%\Application Data > >> \\server\users\%username%\Desktop > >> > >> In the policy under each folder, I *untick* the option to grant users > >> exclusive permission. The root folder has the permissions set up > >> properly already so that the user, Administrators & System all have > >> the access they need- and other users don't have access to stuff > >> they shouldn't. > >> > >> Enabling the administrator to have access to redirected folders > >> http://support.microsoft.com/kb/288991 > >> > >> Roaming profile & folder redirection article - > >> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html > >>> > >> > >>>> Also,you can set your policy to delete the cached profiles if you > >>>> like. > >>> > >>> Is this in mmc > Group Policy Editor > >> > >> Easier to install the GPMC (group policy managment console) - makes > >> managing this SO much nicer. Put it on all your DCs. > >> > >>>> Administrative Templates > > >>> System > User Profiles. If so, would I do this on both terminal > >>> servers? > >> > >> Put both TS boxes in the same OU and create a custom GPO with > >> loopback processing applied- follow the steps in KB 278295 > >> > >> > >>> > >>>> Hmmm. Why is this pointing to a drive called M, just out of > >>>> curiosity? > >>> > >>> Our C:\ has been mapped to M:\. I am not sure why they did that. > >>> In any case, all our programs and documents and settings are stored > >>> on the M:\ drive. > >> > >> OK..... > >>> > >>>> UPHClean *should* be taking care of this.....but do answer the > >>>> questions/stuff above. > >>> > >>> I don't know why UPHClean is not taking care of it. Do you know if > >>> there is a new release? > >> > >> 1.6 is the latest AFAIK. But cleaning up the above may render this > >> irrelevant as it may just start working:-) > >>> > >>> > >>> > >>> > >>> > >>> > >>> "Lanwench [MVP - Exchange]" wrote: > >>> > >>>> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > >>>>> I am fairly new to profiles and have been reading a lot of > >>>>> information to educate myself. We run two terminal servers > >>>>> (Citrix Farm) on Windows Server 2003. UPHClean is installed. > >>>>> I've been seeing the following error: > >>>>> > >>>>> Event ID 1525: > >>>>> > >>>>> Windows has detected that Offline Caching is enabled on the > >>>>> Roaming Profile share - to avoid potential profile corruption, > >>>>> Offline Caching must be disabled on shares where roaming user > >>>>> profiles are stored. > >>>> > >>>> Yes - do this. Disable offline caching on the shared that store > >>>> profiles. I'm presuming you've got TS profile paths defined for > >>>> each user either in ADUC or via GPO (with loopback processing). > >>>>> > >>>>> Our profiles are stored on our Fileserver. Everytime a user logs > >>>>> on, it also creates a local profile, which tends to take up a lot > >>>>> of disk space. > >>>> > >>>> You should be using folder redirection so that the profiles are > >>>> kept miniscule - do this for My Documents, Application Data, and > >>>> Desktop, for both TS users and regular users. > >>>> > >>>> Also,you can set your policy to delete the cached profiles if you > >>>> like. > >>>>> > >>>>> In addition to the error 1525, I received the following: > >>>>> > >>>>> Windows was unable to load the registry. This is often caused by > >>>>> insufficient memory or insufficient security rights. > >>>>> > >>>>> DETAIL - Insufficient system resources exist to complete the > >>>>> requested service. for M:\Documents and > >>>>> Settings\[username]\ntuser.dat > >>>> > >>>> Hmmm. Why is this pointing to a drive called M, just out of > >>>> curiosity? > >>>>> > >>>>> When this occurred, an error was on the screen stating the server > >>>>> was "Low on registry space and any further requests would be > >>>>> denied." Does anyone know how to increase the registry space? > >>>>> > >>>>> And lastly, I am having a problem when a user tries to log on and > >>>>> they are loaded onto a temporary profile. > >>>>> > >>>>> Windows cannot load the locally stored profile. Possible causes of > >>>>> this error include insufficient security rights or a corrupt local > >>>>> profile. If this problem persists, contact your network > >>>>> administrator. > >>>>> > >>>>> DETAIL - The process cannot access the file because it is being > >>>>> used by another process. > >>>>> > >>>>> Their ntuser.dat file appears to be in use, however, they are not > >>>>> logged on. Does anyone know how to close this file? > >>>> > >>>> UPHClean *should* be taking care of this.....but do answer the > >>>> questions/stuff above. > > > >
From: Lanwench [MVP - Exchange] on 23 Apr 2008 14:10 teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > Thanks. I am going to download the resources kit. You're welcome. You can set up a batch file to run delprof regularly to delete profiles that are older than X days - google for more help with that. > > "Lanwench [MVP - Exchange]" wrote: > >> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: >>> Thanks so much for your reply. The caching error is gone. I have >>> question regarding the registry. Every day or so, I see a message >>> stating "the registry has exceeded the allowed limit. The system >>> will not be able to handle any further requests." I opened the >>> registry and discovered over 50 old user profiles. Some of these >>> user have been gone for years. Do you have any information on how >>> to "clean" up the registry safely? I don't typically like to go in >>> this area, however, we are experiencing an ongoing issue that needs >>> to be addressed. >> >> Check out delprof from the resource kit - or change your policy to >> delete cached profiles. >> Don't muck around in the registry. >>> >>> Thanks again. >>> >>> "Lanwench [MVP - Exchange]" wrote: >>> >>>> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: >>>>> Thanks for your reply. As for the answers to your questions: >>>>> >>>>>> Yes - do this. Disable offline caching on the shared that store >>>>>> profiles. >>>>> >>>>> The option to disable offline caching states "Files or programs >>>>> from the share will not be available offline." Are there any >>>>> negative impacts if we enable this? >>>> >>>> Nope. You should never have it enabled on any folder that holds >>>> profiles. >>>> >>>>> Can I disable this while users are >>>>> currently logged on the system, or should I wait until they are >>>>> off? >>>> >>>> I'd do it ASAP. They will need to log out / back in before the >>>> message goes away, tho. >>>> >>>>> >>>>>> I'm presuming you've got TS profile paths defined for each user >>>>>> either in ADUC or via GPO (with loopback processing). >>>>> >>>>> Yes. I use ADUC. My TS profile paths point to our fileserver, >>>>> i.e., \\fileserver\profiles >>>> >>>> OK - but you need separate profiles for your TS users - don't use >>>> the same path you use for regular desktop users. And you can >>>> (should!) specify the TS profile path in the GPO you use to manage >>>> your terminal servers, not in ADUC, to make sure it gets applied to >>>> any user who happens to log into TS. >>>> >>>> Also make sure you've set up your GPO here to grant the >>>> Administrators group permission to the profiles. >>>>> >>>>>> You should be using folder redirection so that the profiles are >>>>>> kept miniscule - do this for My Documents, Application Data, and >>>>>> Desktop, for both TS users and regular users. >>>>> >>>>> I am not sure how to do folder redirection. Do you do this within >>>>> ADUC? >>>> >>>> No - it's via group policy. I'd set up a custom GPO that redirects >>>> My Documents, Application Data, and Desktop, and link it to the >>>> appropriate parent OU - so it affects *all* users regardless of >>>> where they log in, TS or no (if you have multiple offices/locations >>>> you'll need to create separate policies linked at the appropriate >>>> OUs). >>>> >>>> I choose the option to redirect everyone to the same location, >>>> which creates a folder under the parent. As the parent I tend to >>>> use something like \\server\users - permissions on that folder are >>>> set up as per KB 274443 >>>> >>>> So, each user winds up with >>>> >>>> \\server\users\%username%\My Documents >>>> \\server\users\%username%\Application Data >>>> \\server\users\%username%\Desktop >>>> >>>> In the policy under each folder, I *untick* the option to grant >>>> users exclusive permission. The root folder has the permissions >>>> set up properly already so that the user, Administrators & System >>>> all have the access they need- and other users don't have access >>>> to stuff they shouldn't. >>>> >>>> Enabling the administrator to have access to redirected folders >>>> http://support.microsoft.com/kb/288991 >>>> >>>> Roaming profile & folder redirection article - >>>> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html >>>>> >>>> >>>>>> Also,you can set your policy to delete the cached profiles if you >>>>>> like. >>>>> >>>>> Is this in mmc > Group Policy Editor >>>> >>>> Easier to install the GPMC (group policy managment console) - makes >>>> managing this SO much nicer. Put it on all your DCs. >>>> >>>>>> Administrative Templates > >>>>> System > User Profiles. If so, would I do this on both terminal >>>>> servers? >>>> >>>> Put both TS boxes in the same OU and create a custom GPO with >>>> loopback processing applied- follow the steps in KB 278295 >>>> >>>> >>>>> >>>>>> Hmmm. Why is this pointing to a drive called M, just out of >>>>>> curiosity? >>>>> >>>>> Our C:\ has been mapped to M:\. I am not sure why they did that. >>>>> In any case, all our programs and documents and settings are >>>>> stored on the M:\ drive. >>>> >>>> OK..... >>>>> >>>>>> UPHClean *should* be taking care of this.....but do answer the >>>>>> questions/stuff above. >>>>> >>>>> I don't know why UPHClean is not taking care of it. Do you know >>>>> if there is a new release? >>>> >>>> 1.6 is the latest AFAIK. But cleaning up the above may render this >>>> irrelevant as it may just start working:-) >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> "Lanwench [MVP - Exchange]" wrote: >>>>> >>>>>> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: >>>>>>> I am fairly new to profiles and have been reading a lot of >>>>>>> information to educate myself. We run two terminal servers >>>>>>> (Citrix Farm) on Windows Server 2003. UPHClean is installed. >>>>>>> I've been seeing the following error: >>>>>>> >>>>>>> Event ID 1525: >>>>>>> >>>>>>> Windows has detected that Offline Caching is enabled on the >>>>>>> Roaming Profile share - to avoid potential profile corruption, >>>>>>> Offline Caching must be disabled on shares where roaming user >>>>>>> profiles are stored. >>>>>> >>>>>> Yes - do this. Disable offline caching on the shared that store >>>>>> profiles. I'm presuming you've got TS profile paths defined for >>>>>> each user either in ADUC or via GPO (with loopback processing). >>>>>>> >>>>>>> Our profiles are stored on our Fileserver. Everytime a user >>>>>>> logs on, it also creates a local profile, which tends to take >>>>>>> up a lot of disk space. >>>>>> >>>>>> You should be using folder redirection so that the profiles are >>>>>> kept miniscule - do this for My Documents, Application Data, and >>>>>> Desktop, for both TS users and regular users. >>>>>> >>>>>> Also,you can set your policy to delete the cached profiles if you >>>>>> like. >>>>>>> >>>>>>> In addition to the error 1525, I received the following: >>>>>>> >>>>>>> Windows was unable to load the registry. This is often caused by >>>>>>> insufficient memory or insufficient security rights. >>>>>>> >>>>>>> DETAIL - Insufficient system resources exist to complete the >>>>>>> requested service. for M:\Documents and >>>>>>> Settings\[username]\ntuser.dat >>>>>> >>>>>> Hmmm. Why is this pointing to a drive called M, just out of >>>>>> curiosity? >>>>>>> >>>>>>> When this occurred, an error was on the screen stating the >>>>>>> server was "Low on registry space and any further requests >>>>>>> would be denied." Does anyone know how to increase the registry >>>>>>> space? >>>>>>> >>>>>>> And lastly, I am having a problem when a user tries to log on >>>>>>> and they are loaded onto a temporary profile. >>>>>>> >>>>>>> Windows cannot load the locally stored profile. Possible causes >>>>>>> of this error include insufficient security rights or a corrupt >>>>>>> local profile. If this problem persists, contact your network >>>>>>> administrator. >>>>>>> >>>>>>> DETAIL - The process cannot access the file because it is being >>>>>>> used by another process. >>>>>>> >>>>>>> Their ntuser.dat file appears to be in use, however, they are >>>>>>> not logged on. Does anyone know how to close this file? >>>>>> >>>>>> UPHClean *should* be taking care of this.....but do answer the >>>>>> questions/stuff above.
From: teenzbutler on 24 Apr 2008 10:27 Hi again. I ran the delprof.exe program and it only finds profiles within the My Documents and Settings. I always clean out old profiles from that folder manually, so there wasn't much to clean out. However, the registry still has a lot of profiles that need to be removed. Can you suggest a tool that cleans the registry of old profiles? "Lanwench [MVP - Exchange]" wrote: > teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > > Thanks. I am going to download the resources kit. > > You're welcome. You can set up a batch file to run delprof regularly to > delete profiles that are older than X days - google for more help with that. > > > > > > "Lanwench [MVP - Exchange]" wrote: > > > >> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > >>> Thanks so much for your reply. The caching error is gone. I have > >>> question regarding the registry. Every day or so, I see a message > >>> stating "the registry has exceeded the allowed limit. The system > >>> will not be able to handle any further requests." I opened the > >>> registry and discovered over 50 old user profiles. Some of these > >>> user have been gone for years. Do you have any information on how > >>> to "clean" up the registry safely? I don't typically like to go in > >>> this area, however, we are experiencing an ongoing issue that needs > >>> to be addressed. > >> > >> Check out delprof from the resource kit - or change your policy to > >> delete cached profiles. > >> Don't muck around in the registry. > >>> > >>> Thanks again. > >>> > >>> "Lanwench [MVP - Exchange]" wrote: > >>> > >>>> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > >>>>> Thanks for your reply. As for the answers to your questions: > >>>>> > >>>>>> Yes - do this. Disable offline caching on the shared that store > >>>>>> profiles. > >>>>> > >>>>> The option to disable offline caching states "Files or programs > >>>>> from the share will not be available offline." Are there any > >>>>> negative impacts if we enable this? > >>>> > >>>> Nope. You should never have it enabled on any folder that holds > >>>> profiles. > >>>> > >>>>> Can I disable this while users are > >>>>> currently logged on the system, or should I wait until they are > >>>>> off? > >>>> > >>>> I'd do it ASAP. They will need to log out / back in before the > >>>> message goes away, tho. > >>>> > >>>>> > >>>>>> I'm presuming you've got TS profile paths defined for each user > >>>>>> either in ADUC or via GPO (with loopback processing). > >>>>> > >>>>> Yes. I use ADUC. My TS profile paths point to our fileserver, > >>>>> i.e., \\fileserver\profiles > >>>> > >>>> OK - but you need separate profiles for your TS users - don't use > >>>> the same path you use for regular desktop users. And you can > >>>> (should!) specify the TS profile path in the GPO you use to manage > >>>> your terminal servers, not in ADUC, to make sure it gets applied to > >>>> any user who happens to log into TS. > >>>> > >>>> Also make sure you've set up your GPO here to grant the > >>>> Administrators group permission to the profiles. > >>>>> > >>>>>> You should be using folder redirection so that the profiles are > >>>>>> kept miniscule - do this for My Documents, Application Data, and > >>>>>> Desktop, for both TS users and regular users. > >>>>> > >>>>> I am not sure how to do folder redirection. Do you do this within > >>>>> ADUC? > >>>> > >>>> No - it's via group policy. I'd set up a custom GPO that redirects > >>>> My Documents, Application Data, and Desktop, and link it to the > >>>> appropriate parent OU - so it affects *all* users regardless of > >>>> where they log in, TS or no (if you have multiple offices/locations > >>>> you'll need to create separate policies linked at the appropriate > >>>> OUs). > >>>> > >>>> I choose the option to redirect everyone to the same location, > >>>> which creates a folder under the parent. As the parent I tend to > >>>> use something like \\server\users - permissions on that folder are > >>>> set up as per KB 274443 > >>>> > >>>> So, each user winds up with > >>>> > >>>> \\server\users\%username%\My Documents > >>>> \\server\users\%username%\Application Data > >>>> \\server\users\%username%\Desktop > >>>> > >>>> In the policy under each folder, I *untick* the option to grant > >>>> users exclusive permission. The root folder has the permissions > >>>> set up properly already so that the user, Administrators & System > >>>> all have the access they need- and other users don't have access > >>>> to stuff they shouldn't. > >>>> > >>>> Enabling the administrator to have access to redirected folders > >>>> http://support.microsoft.com/kb/288991 > >>>> > >>>> Roaming profile & folder redirection article - > >>>> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html > >>>>> > >>>> > >>>>>> Also,you can set your policy to delete the cached profiles if you > >>>>>> like. > >>>>> > >>>>> Is this in mmc > Group Policy Editor > >>>> > >>>> Easier to install the GPMC (group policy managment console) - makes > >>>> managing this SO much nicer. Put it on all your DCs. > >>>> > >>>>>> Administrative Templates > > >>>>> System > User Profiles. If so, would I do this on both terminal > >>>>> servers? > >>>> > >>>> Put both TS boxes in the same OU and create a custom GPO with > >>>> loopback processing applied- follow the steps in KB 278295 > >>>> > >>>> > >>>>> > >>>>>> Hmmm. Why is this pointing to a drive called M, just out of > >>>>>> curiosity? > >>>>> > >>>>> Our C:\ has been mapped to M:\. I am not sure why they did that. > >>>>> In any case, all our programs and documents and settings are > >>>>> stored on the M:\ drive. > >>>> > >>>> OK..... > >>>>> > >>>>>> UPHClean *should* be taking care of this.....but do answer the > >>>>>> questions/stuff above. > >>>>> > >>>>> I don't know why UPHClean is not taking care of it. Do you know > >>>>> if there is a new release? > >>>> > >>>> 1.6 is the latest AFAIK. But cleaning up the above may render this > >>>> irrelevant as it may just start working:-) > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> "Lanwench [MVP - Exchange]" wrote: > >>>>> > >>>>>> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > >>>>>>> I am fairly new to profiles and have been reading a lot of > >>>>>>> information to educate myself. We run two terminal servers > >>>>>>> (Citrix Farm) on Windows Server 2003. UPHClean is installed. > >>>>>>> I've been seeing the following error: > >>>>>>> > >>>>>>> Event ID 1525: > >>>>>>> > >>>>>>> Windows has detected that Offline Caching is enabled on the > >>>>>>> Roaming Profile share - to avoid potential profile corruption, > >>>>>>> Offline Caching must be disabled on shares where roaming user > >>>>>>> profiles are stored. > >>>>>> > >>>>>> Yes - do this. Disable offline caching on the shared that store > >>>>>> profiles. I'm presuming you've got TS profile paths defined for > >>>>>> each user either in ADUC or via GPO (with loopback processing). > >>>>>>> > >>>>>>> Our profiles are stored on our Fileserver. Everytime a user > >>>>>>> logs on, it also creates a local profile, which tends to take > >>>>>>> up a lot of disk space. > >>>>>> > >>>>>> You should be using folder redirection so that the profiles are > >>>>>> kept miniscule - do this for My Documents, Application Data, and > >>>>>> Desktop, for both TS users and regular users. > >>>>>> > >>>>>> Also,you can set your policy to delete the cached profiles if you > >>>>>> like. > >>>>>>> > >>>>>>> In addition to the error 1525, I received the following: > >>>>>>> > >>>>>>> Windows was unable to load the registry. This is often caused by > >>>>>>> insufficient memory or insufficient security rights. > >>>>>>> > >>>>>>> DETAIL - Insufficient system resources exist to complete the > >>>>>>> requested service. for M:\Documents and > >>>>>>> Settings\[username]\ntuser.dat > >>>>>> > >>>>>> Hmmm. Why is this pointing to a drive called M, just out of > >>>>>> curiosity? > >>>>>>> > >>>>>>> When this occurred, an error was on the screen stating the > >>>>>>> server was "Low on registry space and any further requests > >>>>>>> would be denied." Does anyone know how to increase the registry > >>>>>>> space? > >>>>>>> > >>>>>>> And lastly, I am having a problem when a user tries to log on > >>>>>>> and they are loaded onto a temporary profile. > >>>>>>> > >>>>>>> Windows cannot load the locally stored profile. Possible causes > >>>>>>> of this error include insufficient security rights or a corrupt > >>>>>>> local profile. If this problem persists, contact your network > >>>>>>> administrator. > >>>>>>> > >>>>>>> DETAIL - The process cannot access the file because it is being > >>>>>>> used by another process. > >>>>>>> > >>>>>>> Their ntuser.dat file appears to be in use, however, they are > >>>>>>> not logged on. Does anyone know how to close this file? > >>>>>> > >>>>>> UPHClean *should* be taking care of this.....but do answer the > >>>>>> questions/stuff above. > > > >
From: Lanwench [MVP - Exchange] on 24 Apr 2008 11:03 teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: > Hi again. I ran the delprof.exe program and it only finds profiles > within the My Documents and Settings. I always clean out old > profiles from that folder manually, Ah. Never do that. Always do it from control panel | system, or using delprof. > so there wasn't much to clean > out. However, the registry still has a lot of profiles that need to > be removed. Can you suggest a tool that cleans the registry of old > profiles? There shouldn't be anything important that's related to this, left in the registry if you delete the profiles properly - as it is, I would leave the registry alone. Don't use registry cleaning tools in general (not even on workstations, let alone your TS box). > > "Lanwench [MVP - Exchange]" wrote: > >> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: >>> Thanks. I am going to download the resources kit. >> >> You're welcome. You can set up a batch file to run delprof regularly >> to delete profiles that are older than X days - google for more help >> with that. >> >> >>> >>> "Lanwench [MVP - Exchange]" wrote: >>> >>>> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: >>>>> Thanks so much for your reply. The caching error is gone. I have >>>>> question regarding the registry. Every day or so, I see a message >>>>> stating "the registry has exceeded the allowed limit. The system >>>>> will not be able to handle any further requests." I opened the >>>>> registry and discovered over 50 old user profiles. Some of these >>>>> user have been gone for years. Do you have any information on how >>>>> to "clean" up the registry safely? I don't typically like to go >>>>> in this area, however, we are experiencing an ongoing issue that >>>>> needs to be addressed. >>>> >>>> Check out delprof from the resource kit - or change your policy to >>>> delete cached profiles. >>>> Don't muck around in the registry. >>>>> >>>>> Thanks again. >>>>> >>>>> "Lanwench [MVP - Exchange]" wrote: >>>>> >>>>>> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: >>>>>>> Thanks for your reply. As for the answers to your questions: >>>>>>> >>>>>>>> Yes - do this. Disable offline caching on the shared that store >>>>>>>> profiles. >>>>>>> >>>>>>> The option to disable offline caching states "Files or programs >>>>>>> from the share will not be available offline." Are there any >>>>>>> negative impacts if we enable this? >>>>>> >>>>>> Nope. You should never have it enabled on any folder that holds >>>>>> profiles. >>>>>> >>>>>>> Can I disable this while users are >>>>>>> currently logged on the system, or should I wait until they are >>>>>>> off? >>>>>> >>>>>> I'd do it ASAP. They will need to log out / back in before the >>>>>> message goes away, tho. >>>>>> >>>>>>> >>>>>>>> I'm presuming you've got TS profile paths defined for each user >>>>>>>> either in ADUC or via GPO (with loopback processing). >>>>>>> >>>>>>> Yes. I use ADUC. My TS profile paths point to our fileserver, >>>>>>> i.e., \\fileserver\profiles >>>>>> >>>>>> OK - but you need separate profiles for your TS users - don't use >>>>>> the same path you use for regular desktop users. And you can >>>>>> (should!) specify the TS profile path in the GPO you use to >>>>>> manage your terminal servers, not in ADUC, to make sure it gets >>>>>> applied to any user who happens to log into TS. >>>>>> >>>>>> Also make sure you've set up your GPO here to grant the >>>>>> Administrators group permission to the profiles. >>>>>>> >>>>>>>> You should be using folder redirection so that the profiles are >>>>>>>> kept miniscule - do this for My Documents, Application Data, >>>>>>>> and Desktop, for both TS users and regular users. >>>>>>> >>>>>>> I am not sure how to do folder redirection. Do you do this >>>>>>> within ADUC? >>>>>> >>>>>> No - it's via group policy. I'd set up a custom GPO that >>>>>> redirects My Documents, Application Data, and Desktop, and link >>>>>> it to the appropriate parent OU - so it affects *all* users >>>>>> regardless of where they log in, TS or no (if you have multiple >>>>>> offices/locations you'll need to create separate policies linked >>>>>> at the appropriate OUs). >>>>>> >>>>>> I choose the option to redirect everyone to the same location, >>>>>> which creates a folder under the parent. As the parent I tend to >>>>>> use something like \\server\users - permissions on that folder >>>>>> are set up as per KB 274443 >>>>>> >>>>>> So, each user winds up with >>>>>> >>>>>> \\server\users\%username%\My Documents >>>>>> \\server\users\%username%\Application Data >>>>>> \\server\users\%username%\Desktop >>>>>> >>>>>> In the policy under each folder, I *untick* the option to grant >>>>>> users exclusive permission. The root folder has the permissions >>>>>> set up properly already so that the user, Administrators & System >>>>>> all have the access they need- and other users don't have access >>>>>> to stuff they shouldn't. >>>>>> >>>>>> Enabling the administrator to have access to redirected folders >>>>>> http://support.microsoft.com/kb/288991 >>>>>> >>>>>> Roaming profile & folder redirection article - >>>>>> http://www.windowsnetworking.com/articles_tutorials/Profile-Folder-Redirection-Windows-Server-2003.html >>>>>>> >>>>>> >>>>>>>> Also,you can set your policy to delete the cached profiles if >>>>>>>> you like. >>>>>>> >>>>>>> Is this in mmc > Group Policy Editor >>>>>> >>>>>> Easier to install the GPMC (group policy managment console) - >>>>>> makes managing this SO much nicer. Put it on all your DCs. >>>>>> >>>>>>>> Administrative Templates > >>>>>>> System > User Profiles. If so, would I do this on both terminal >>>>>>> servers? >>>>>> >>>>>> Put both TS boxes in the same OU and create a custom GPO with >>>>>> loopback processing applied- follow the steps in KB 278295 >>>>>> >>>>>> >>>>>>> >>>>>>>> Hmmm. Why is this pointing to a drive called M, just out of >>>>>>>> curiosity? >>>>>>> >>>>>>> Our C:\ has been mapped to M:\. I am not sure why they did >>>>>>> that. In any case, all our programs and documents and settings >>>>>>> are stored on the M:\ drive. >>>>>> >>>>>> OK..... >>>>>>> >>>>>>>> UPHClean *should* be taking care of this.....but do answer the >>>>>>>> questions/stuff above. >>>>>>> >>>>>>> I don't know why UPHClean is not taking care of it. Do you know >>>>>>> if there is a new release? >>>>>> >>>>>> 1.6 is the latest AFAIK. But cleaning up the above may render >>>>>> this irrelevant as it may just start working:-) >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> "Lanwench [MVP - Exchange]" wrote: >>>>>>> >>>>>>>> teenzbutler <teenzbutler(a)discussions.microsoft.com> wrote: >>>>>>>>> I am fairly new to profiles and have been reading a lot of >>>>>>>>> information to educate myself. We run two terminal servers >>>>>>>>> (Citrix Farm) on Windows Server 2003. UPHClean is installed. >>>>>>>>> I've been seeing the following error: >>>>>>>>> >>>>>>>>> Event ID 1525: >>>>>>>>> >>>>>>>>> Windows has detected that Offline Caching is enabled on the >>>>>>>>> Roaming Profile share - to avoid potential profile corruption, >>>>>>>>> Offline Caching must be disabled on shares where roaming user >>>>>>>>> profiles are stored. >>>>>>>> >>>>>>>> Yes - do this. Disable offline caching on the shared that store >>>>>>>> profiles. I'm presuming you've got TS profile paths defined for >>>>>>>> each user either in ADUC or via GPO (with loopback processing). >>>>>>>>> >>>>>>>>> Our profiles are stored on our Fileserver. Everytime a user >>>>>>>>> logs on, it also creates a local profile, which tends to take >>>>>>>>> up a lot of disk space. >>>>>>>> >>>>>>>> You should be using folder redirection so that the profiles are >>>>>>>> kept miniscule - do this for My Documents, Application Data, >>>>>>>> and Desktop, for both TS users and regular users. >>>>>>>> >>>>>>>> Also,you can set your policy to delete the cached profiles if >>>>>>>> you like. >>>>>>>>> >>>>>>>>> In addition to the error 1525, I received the following: >>>>>>>>> >>>>>>>>> Windows was unable to load the registry. This is often caused >>>>>>>>> by insufficient memory or insufficient security rights. >>>>>>>>> >>>>>>>>> DETAIL - Insufficient system resources exist to complete the >>>>>>>>> requested service. for M:\Documents and >>>>>>>>> Settings\[username]\ntuser.dat >>>>>>>> >>>>>>>> Hmmm. Why is this pointing to a drive called M, just out of >>>>>>>> curiosity? >>>>>>>>> >>>>>>>>> When this occurred, an error was on the screen stating the >>>>>>>>> server was "Low on registry space and any further requests >>>>>>>>> would be denied." Does anyone know how to increase the >>>>>>>>> registry space? >>>>>>>>> >>>>>>>>> And lastly, I am having a problem when a user tries to log on >>>>>>>>> and they are loaded onto a temporary profile. >>>>>>>>> >>>>>>>>> Windows cannot load the locally stored profile. Possible >>>>>>>>> causes of this error include insufficient security rights or >>>>>>>>> a corrupt local profile. If this problem persists, contact >>>>>>>>> your network administrator. >>>>>>>>> >>>>>>>>> DETAIL - The process cannot access the file because it is >>>>>>>>> being used by another process. >>>>>>>>> >>>>>>>>> Their ntuser.dat file appears to be in use, however, they are >>>>>>>>> not logged on. Does anyone know how to close this file? >>>>>>>> >>>>>>>> UPHClean *should* be taking care of this.....but do answer the >>>>>>>> questions/stuff above.
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 Prev: log on termincal server not working Next: Problem with T-Server User CAL Win 2003 SP1 |