[OpenAFS] Testing OpenAFS with Windows XP Roaming Profiles....

Jeffrey Altman jaltman@secure-endpoints.com
Fri, 17 Sep 2010 08:49:31 -0400

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 9/15/2010 10:45 AM, Claudio Prono wrote:
> Hello all,
> I am testing a solution like: OpenAFS with kerberos, Windows XP with
> Integrated logon and roaming profile.
> OpenAFS works, Kerberos works, integrated logon works... The profile on=

> AFS not.
> I have manually copied the profile in a directory on AFS like
> "msprofile", edited the windows registry at key:
> NT\CurrentVersion\ProfileList and changed the key ProfileImagePath to
> \\afs\mediaservice-test.pri\users\claudio\msprofile
> Deleted the local profile, rebooted the machine, logged in as claudio..=
> and...a new local profile was created!!! If i check the registry key, i=
> is changed again to the default (something like %SystemDrive%\Documents=

> and Settings\claudio.TESTAFS)...
> What i am doing wrong? What is the best solution?
> Cordially,
> Claudio Prono.


I cannot tell you what you are doing wrong because I do not know what is
failing yet.   The logon process is extremely complicated and without
identifying which of the many Windows operations is failing, it is
impossible to provide advice as to what should be altered.

You are not using Active Directory to provide the profile location
information which is going to complicate manners.  The first thing you
need to identify is what paths are actually being accessed and which are
failing.  You can do this using the SysInternals Process Monitor tool.
Configure it to log all file system activity starting from boot to a
file.  Be sure to give it a disk with lots of open space.

You can obtain the tool from

After you have a failed logon attempt, you can search the log data for
the path that you believe it should be attempting to access.  You can
also search for the new profile path that is created and work backwards
through the log seeking AFS file path operations that fail.  Note that
all FASTIO operations will fail and that is normal.

Jeffrey Altman

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.9 (MingW32)