none
Roaming Profile/Redirected folders issue with DFS...

    Question

  • We currently host our Remote Desktop user profiles and redirected desktops and mydocs on DFS shares.  The DFS Namespace is hosted one several servers and the targets are on two servers.  The first folder target server is running Server 2008 R2 and the second folder target server is running Server 2012.  The remote desktop session hosts are running Server 2008 R2. We have made no changes to either server nor DFS in the last two weeks.  The last two mornings users have come in and gotten temporary profiles and their file redirection has failed.

    Here are the associated event log entries for the profile:

    Log Name:      Application
    Source:        Microsoft-Windows-User Profiles Service
    Date:          7/19/2013 7:08:44 AM
    Event ID:      1521
    Task Category: None
    Level:         Error
    Keywords:     
    User:          XXXXXX
    Computer:      XXXXXX
    Description:
    Windows cannot locate the server copy of your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log off. This error may be caused by network problems or insufficient security rights.

     DETAIL - Access is denied.

    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-User Profiles Service" Guid="{89B1E9F0-5AFF-44A6-9B44-0A07A7CE5845}" />
        <EventID>1521</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-19T12:08:44.470588600Z" />
        <EventRecordID>529822</EventRecordID>
        <Correlation />
        <Execution ProcessID="1324" ThreadID="4976" />
        <Channel>Application</Channel>
        <Computer>xxxxxx</Computer>
        <Security UserID="xxxxxx" />
      </System>
      <EventData>
        <Data Name="Error">Access is denied.
    </Data>
      </EventData>
    </Event>

    Here is a logged event for one of the folder redirects:

    Log Name:      Application
    Source:        Microsoft-Windows-Folder Redirection
    Date:          7/19/2013 7:08:46 AM
    Event ID:      502
    Task Category: None
    Level:         Error
    Keywords:     
    User:          xxxxxx
    Computer:      xxxxxx
    Description:
    Failed to apply policy and redirect folder "Documents" to "\\xxxxxxx\rttshares\tsuserfiles\documents\xxxxxxx\My Documents".
     Redirection options=0x9001.
     The following error occurred: "Can not create folder "\\xxxxxxx\rttshares\tsuserfiles\documents\xxxxxx\My Documents"".
     Error details: "Access is denied.
    ".
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Microsoft-Windows-Folder Redirection" Guid="{7D7B0C39-93F6-4100-BD96-4DDA859652C5}" />
        <EventID>502</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-07-19T12:08:46.264220600Z" />
        <EventRecordID>529828</EventRecordID>
        <Correlation ActivityID="{59036F9D-3072-4BDE-83DA-BA020238BF83}" />
        <Execution ProcessID="1324" ThreadID="4432" />
        <Channel>Application</Channel>
        <Computer>xxxxx</Computer>
        <Security UserID="xxxxxx" />
      </System>
      <EventData Name="EVENT_FDEPLOY_FailedToApplyPolicy">
        <Data Name="FromFolder">Documents</Data>
        <Data Name="ToFolder">\\xxxxx\rttshares\tsuserfiles\documents\xxxxxxx\My Documents</Data>
        <Data Name="Options">0x9001</Data>
        <Data Name="Error">Can not create folder "\\xxxxxx\rttshares\tsuserfiles\documents\xxxx\My Documents"</Data>
        <Data Name="ErrorDetails">Access is denied.
    </Data>
      </EventData>
    </Event>

    Based upon the errors it would be natural to assume there was a permissions error.  I've reviewed the share level and ntfs permissions and found them to be consistent with recommendations on technet.  When I login with administrator credentials I get a temporary profile as well.  I can navigate to the DFS share from the run dialog and the share is accessible.  After I access the DFS share I log off the RDS session host and back on and I get my profile and redirected folders.  All users who login after that point also get their profiles and redirected folders successfully.  For the rest of the day we have no issues.  We only have these issues first thing in the morning.

    I am stumped.

    Any ideas?

    Thanks in advance for your help.

    Friday, July 19, 2013 5:27 PM

Answers