I manage a PS4 farm of about 30 Win 2K3 servers. These are VMs running on ESX 3.01.
Recently I switched over from one WI server to a new one because the original one had several issues. Since the change some users are missing their X (Shared) and Y (Common) mapped drives when logging into five of the nine full desktop servers. The drives map fine for users when logging into the other four full desktop servers.
The drives are mapped by a login script that has not changed. The login script is run through a group policy that applies to all users in Citrix. All nine servers are in the same OU.
Tonight I am planning on recreating the LHC on the five servers with issues. Is there anything else I will want to try off-hours that might fix the problem if re-creating the LHC doesn’t resolve the issue? Thanks.
I noticed that there are two errors in the application event log -
Windows cannot query for the list of Group Policy objects. Check the event log for possible messages previously logged by the policy engine that describes the reason for this. Event ID 1030
and
Windows cannot access the file gpt.ini for GPO cn={AF0F2AD4-297D-4198-86D1-C6900037901A},cn=policies,cn=system,DC=PR,DC=local. The file must be present at the location <\\PR.local\sysvol\PR.local\Policies\{AF0F2AD4-297D-4198-86D1-C6900037901A}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted. Event ID 1058
These errors appears to be present on all servers HOWEVER yesterday the errors stopped on the servers that are mapping drives correctly. It is still showing recently (within the last 10 minutes) on the servers still having the issue. None of the servers were rebooted in the last 24 hours. I can browse to the netlogon folder using Windows Explorer on all nine servers.
I have Googled the error and checked some things out.
The DFS service is set to manual on all servers and is stopped on all servers. I am guessing this isn't the cause because why is it working on some servers even with it turned off?
The netlogon service is running on all servers.
Any ideas??? Thanks.
I also did some testing by logging in with my account and then browsing to the netlogon folder and running the drive mapping script from the servers missing the mapped drives. The script runs and the drives appear. However when I log on to that same server as someone else the mapped drives are not there. I have to browse to the netlogon folder and run the script and the mapped drives appear.
So apparently I need to find a way to run the login script for each user on these servers. Why is it working on some servers and not others if they are in the same OU??? Thanks.
Do you have the same GPO linked to all OU's and have Loopback processing enabled. Run GPResult on the Servers to see if the user and admins are using the same GPO' for the TS's
--Emil
are the dns settings the same on all servers?
Citrix Tips How To Speed Up Citrix Logons
Check out MS's KB 842804
Normal 0 false false false MicrosoftInternetExplorer4
You can also run the script on each server as a local group policy. Copy the logon script locally.
I ran GPRESULT on two servers. One that is mapping drives fine and one this is not. The one that is not gave me --
U:\>gpresultINFO: The user "JJ\smithj" does not have RSOP data.
The other server gave me the expected info re: GPs. (about two pages worth)
So apparently GPs are not being applied to some servers even though they are in the same OU as the ones that are. Any ideas on what else I can check? Thanks.
I keep seeing event id 1058:
Windows cannot access the file gpt.ini for GPO cn={AF0F2AD4-297D-4198-86D1-C6900037901A},cn=policies,cn=system,DC=PR,DC=local. The file must be present at the location <\\PR.local\sysvol\PR.local\Policies\{AF0F2AD4-297D-4198-86D1-C6900037901A}\gpt.ini>. (The system cannot find the path specified. ). Group Policy processing aborted.
When I look at \\pr.local\SYSVOL\PR.local\Policies I see many other GUIDs for policies, but not one that starts AF0F. Any ideas? Can I re-create this policy and gpt.ini somehow? Thanks.
Did you try the workaround in that MS KB article? KB 842804
Yes I did. I ran dfsutil /PurgeMupCache on each affected server. Issue remains. Thanks.
Sorry, nothing specific to offer, but there are lots of possibilities to chase here:
http://www.eventid.net/display.asp?eventid=1058&eventno=1752&source=Userenv&phase=1
Alan Osborne
President (MCSE, CCNA, VCP, CCA)
VCIT Consulting - Citrix/Terminal Services Remote Desktop Solutions for SMB
VCIT website My Blog
It is really strange. Some of the servers show all policies listed in \\pr.local\SYSVOL\PR.local\Policies. Those servers all have no issues applying group policies.
However the servers that have the UserEnv errors (event IDs 1030 and 1058) are missing the GUID of the GPO that is supposed to be applied on those servers. So of course the one that is actually needed is missing. The other 16 GUIDs appear in the list. However those policies aren't meant to be applied on those servers.
As a test I created a new GPO a few minutes ago on the main DC. I then ran GPUPDATE /FORCE. The new policy doesn't show up either on the servers that have the issue. However on the other desktop servers located in the same OU I browse to \\pr.local\SYSVOL\PR.local\Policies and see the new policy. I logged on to both servers as myself.
So what gives? This appears to be machine specific. For some reason certain servers are not seeing any new GPOs. Any ideas??? THANKS.
Maybe there is an issue with the machine account in AD? Does GPresult throw any usefuly errors? Maybe try removing one from the domain and rejoin it.
Just thoughts, I have no solid answer for ya..
Good luck.
we have an issue in our citrix farm where a certain gpo won't get applied correctly to random servers. no rhyme or reason to it. we have no idea why it happens, possibly a flaky DC? a reboot always fixes it.
have you looked at your domain controllers? anything useful in the logs there? definitely sounds like a gpo/AD issue. have you rebooted the servers in question? I don't think it would be related to the WI change. Has there been any changes to the OU/GPO structure? Are the machines clones? are the sids conflicting? I like the idea of disjoining and rejoining the domain too.