[OpenAFS] Global Drives with Windows 2k

Matthew Cocker matt@cs.auckland.ac.nz
Wed, 25 Sep 2002 14:38:08 +1200 

Hi the gpo setting that maybe screwing everything up is the one to make 
sure that the administrator has access permissions on a profile. Before 
w2k sp2 the profile was created with only the user allowed access to the 
profile. For the admins to access the profile files they had to take 
ownership of the profile directory then add themselves to the ACLs. It 
was such a pain that we got rid of roaming profiles. After sp2 for 
windows2000 there was a GPO setting to force the administrators to be 
added to all new profiles. In xp sp1 there is new gpo setting to check 
existing profiles and add the administrator groups to then if they are 
not already on the acl list.

My guess is set the GPO to pre-xp sp1 and it will work again.

GPO is

"computer configuration\administration templates\system\user profiles\Do 
not check for user ownership of roaming profile folders"

Cheers

Matt

Bruno Lopes wrote:

> Hello,
>
> We just managed to get XP to play nice with afs profiles.
> As soon as we installed SP1 we got some errors, which we pinned down 
> on a group policy.
> I believe it is located in Administrative Templates -> User Profiles 
> -> Revert to Pre SP1 (this i got from the guy who does the win2k 
> policy on the phone, so it may be slightly off).
> After 'fliping' that switch to pre-sp1 behavior all was well. I 
> believe windows got messed up on the owner of the folders, since it 
> tried to check it's membership.
> I may just be waaaayyy off here,but then again, someone may find this 
> usefull.
>
> Bruno Lopes
>
>
> At 15:48 24-09-2002 -0400, you wrote:
>
>> Hi,
>>
>> We are now seeing the same showstopper problem with Windows XP SP1 
>> and Transarc AFS 3.6 Patch 4 (2.32).  We've been running fine with 
>> roaming profiles and redirected folders for over 4000 active users.  
>> As soon as we installed service pack 1 on Windows XP Pro the profiles 
>> cannot download out of afs filespace.
>>
>> The error message that Windows XP returns is along the lines that the 
>> owner of the roaming profile share location is not correct or is not 
>> a member of the administrators group.
>>
>> The XP "c:\winnt\debug\usermode\userenv.log" contains the following 
>> upon logon...
>>
>> USERENV(17c.180) 14:56:38:001 CheckRoamingShareOwnership: owner is 
>> S-1-0!
>> USERENV(17c.180) 14:56:38:001 IsCentralProfileReachable: Ownership 
>> check failed with 8007051B
>> USERENV(17c.180) 14:56:38:001 ReportError: Impersonating user.
>> USERENV(17c.180) 14:56:41:666 RestoreUserProfile:  User being logged 
>> off because of no temp profile policy
>> USERENV(17c.180) 14:56:41:676 RestoreUserProfile: Could not load the 
>> user profile. Error = 3
>> USERENV(17c.180) 14:56:41:676 ReportError: Impersonating user.
>> USERENV(17c.180) 14:56:42:287 LoadUserProfile: RestoreUserProfile 
>> returned FALSE
>> USERENV(17c.180) 14:56:42:287 LoadUserProfile: LoadUserProfileP 
>> failed with error 3
>>
>> At the bottom of this message is the output of the "afsd.log".
>>
>> I'm not sure what is going on.  It looks like XP may be trying to get 
>> the owner of the share that exists in AFS filespace.  Since AFS 
>> doesn't support NTFS acl's this is failing.  But, this in my mind 
>> shouldn't happen.  Microsoft should not be trying to obtain the owner 
>> of the roaming profile location.
>>
>> We've got reports that the next Transarc release (3.6 patch 6) may 
>> have support for Windows XP.  The current version of AFS doesn't 
>> officially support Windows XP, only Windows 2000 is supported.
>>
>> I can only hope that Transarc sees and fixes this problem before they 
>> release patch 6.
>>
>> Any help is appreciated.
>>
>> Thanks,
>>
>> Rodney
>>
>> Rodney M. Dyer
>> PC Systems Programmer
>> College of Engineering Computing Services
>> University of North Carolina at Charlotte
>> Email rmdyer@uncc.edu
>> Phone (704)687-3518
>> Help Desk Line (704)687-3150
>> FAX (704)687-2352
>> Office  267 Smith Building
>>
>
> <snip>
>
>
>
>> At 01:39 PM 9/23/2002 +0200, you wrote:
>>
>>> Hello,
>>>
>>> I am supporting the windows (2000)machines in the student computer rooms
>>> of our polytechnicum.
>>> All students are using roaming profiles on the AFS.
>>> Everything was working well with the IBM AFS Client 3.6.2.26 - until
>>> installing SP3 for Windows 2k: the redirecting of the Directories
>>> Application Data and Desktop (working fine 'til then) cannot be
>>> established without errors: Internet Explorer favorites cannot be read
>>> or created and the Icon "Show Desktop" of the Quick-Launch-Bar is not
>>> working any more. Only after un-redirecting the Foldes Application Data
>>> to the roaming profile (%userprofile%) makes favorites an the
>>> Show-Desktop-Icon working. But this is not a could solution, because
>>> Logon/Logoff with unredirected Desktop-Folder and Application Data takes
>>> long time.
>>>
>>> Because of this I tried to use the Open AFS Client 1.2.2.b. I also would
>>> like to switch to this client, because our servers are / will be
>>> switched to open afs too.
>>>
>>> But this client is working worse - even with Windows 2000 without SP3.
>>> The Global Drive ist loaded, but not usable. This an error message
>>> appears:
>>>
>>> "Windows cannot create profile directory
>>> Z:\users\a\avostud\profiles\hgglobal\win.pds.  You will be logged on
>>> with a local profile only. Changes to the profile will not be propagated
>>> to the server. Contact your network administrator. "
>>>
>>> and after this:
>>>
>>> "Windows cannot find the local profile and is logging you on with a
>>> temporary profile. Changes you make to this profile will be lost when
>>> you log off."
>>>
>>> But after Logon all the necessary directories on AFS are available and I
>>> have full access according to my tokens, obtained when logging into
>>> Windows.
>>> So it thought, the reason is a slow network connection. But changing the
>>> group policy in that way, that slow network connections are accepted,
>>> brings to solution of this problem.
>>>
>>> To mount the Profile-AFS-Drive in the Windows 2K Start-Script with
>>>
>>> "net use z: \\%computername%-afs\ethz.ch /persistent:no" (working with
>>> former AFS-Clients and Windows NT4)
>>>
>>> instead of using global drives also cannot load the Drive with error
>>> message:
>>>
>>> "System error 53 has occurred.
>>>
>>> The network path was not found."
>>>
>>> I have seen, that this problem was discussed in former months, but never
>>> I've seen a solution for this. Maybe I'm blind - then I would be glad
>>> telling me, how to find it.
>>>
>>> Bye
>>>
>>> Andreas
>>> _________________________
>>>
>>> Andreas Voss
>>> Informatikdienste / Basisdienste
>>> ETH-Zentrum SOW E 14
>>> Sonneggstrasse 63
>>> 8092 Zuerich
>>>
>>> Telefon: 0041-1-632.48.48
>>> Fax: 0041-1-632.17.41
>>> _______________________________________________
>>> OpenAFS-info mailing list
>>> OpenAFS-info@openafs.org
>>> https://lists.openafs.org/mailman/listinfo/openafs-info
>>
>>
>> _______________________________________________
>> OpenAFS-info mailing list
>> OpenAFS-info@openafs.org
>> https://lists.openafs.org/mailman/listinfo/openafs-info
>
>
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info