Monday, August 11, 2008

“Windows did not load your roaming profile”

I recently setup a new terminal server for a customer and it was reported that they were receiving errors when logging on. I logged on as a test account and received the following errors:

Windows did not load your roaming profile and is attempting to log you on with your local profile. Changes to the profile will not be copied to the server when you log on. Windows did not load your profile because a server copy of the profile already exists that does not have the correct security.

Either the current user or the administrator's group must be the owner of the folder. 

And

Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.


 

A bit of googling reports that the security on the user's profile path is incorrect – specifically the ownership of the path is wrong. MS Technet (http://support.microsoft.com/kb/327259) says that the profile should be owned by the user or the administrators group. I checked the folder ownership and in-deed the owner was misconfigured, however the user could still successfully log onto other servers without error – so the error is somewhat random.

According to MS, checking the owner of the profile started in W2k SP4 which is the minimum baseline of our environment, so that doesn't look like the culprit. There is a profile setting that can be configured to ignore this checking, but that downloads the network profiles into a TEMP folder instead of downloading them locally (which isn't how our other systems are working). It is possible that our imaging process has some unknown hack that turns this checking off, but that just seems stupid.