Hi,
We’re having problems with some of the users on our AD domain. They get userenv 1508 errors (among others) when they try to log in the first time in the morning.
Some background:
Our original domain is an nt domain. All users on the AD domain (except 1 or 2) were migrated from the NT domain to the AD domain using microsoft’s ad migration tool.
The AD domain is win2k3 r2 (upgraded to r2), the clients are xp.
We were migrating users from the NT domain in a staged fashion and some had been working fine for a couple of months.
One Friday night I made some GPO changes to try to correct some time sync problems, and get the PDCE to sync with an external source.
The following Monday morning there were a rash of issues with people getting warnings that their profiles couldnt be loaded and temp profiles were being created.
It would be an unbelievable coincidence if the two events were not related (I dont believe it).
Most were able to reboot and get loaded correctly but several profile rebuilds were required.
I backed out the changes I had made previously but the problems persisted in the following days. The user could log in and out all day long with no problem, but overnight the issue was created.
At suggestions from another site, I tried GPOfix to return the group policy back to default (which was fine because previously the default group policy had been modified and this gave us the chance to default it and, instead create our own adjunct policies). However the problem persists.
About 150 of somewhat over 300 users have been migrated. Of the 150, I’d estimate about 50 of those have experienced the problem. Maybe 6 or 8 experience the problem very consistantly. Others come and go. Some seldom have the problem, many have not yet experienced it. We had 11 users reboot yesterday, 16 the day before. The 1 or 2 that were built on the AD domain have not yet had a problem.
Using Sysinternals procmon and process explorer we have determined the cause of the problem (at least in the case of our test subject) is that system (PID 4) is locking the profile’s NTuser.dat.
The problem is profile specific as we had our test user attempt to log in and when it failed, log off and attempt to log in under a different account. The attempt was successful.
For those who have daily problems, rebuilding their profiles usually give good results, but not always permanent.
We have tried installing user profile hive cleaner. Again this had some but not universal success. (and I consider it a band-aid). It worked fine for some of our sample group, but the main test user had little or no improvement.
By logging in under another account, and manually loading the users profile we have been able to determine that, in the case of the test user, the event causing the issue occurs betwen 20:00 and 20:45. The user logs out about 15:30 each day but I don’t think the event is related to the logout time (I could be wrong).
I think those are the main facts (there are certainly a hundred others).
Does anyone have any idea how we might approach finding a solution to these problems?
Thanks for your help.
k