Logon Script Problems

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Lately, we have seen a problem with our logon scripts on several XP machines.
The machines are authenticating to Windows 2000 AD, simple BAT files map
network drives with the net use command. Logon scripts are stored in the
standard sysvol location and are specified for each user in their user
properties. The problem is that sometimes the script doesn't run. You can
reboot several times and it still may not run. We have found that a logoff
works better for trying to get it to run the second time. We have played
with synchronous and asynchronous settings and that didn't seem to help. We
have contacted Microsoft and they were no help. We have verified DNS
settings. We have lookad at every KB article we have found and made some
registry changes. We have verified NIC sort order. We have disable wireless
controllers on laptops. We are running out of things to try. Any other
thoughts? We could really use the help... thanks!
 
posting the result of set command here may help. To do this, run cmd, and then type set and press Enter.

Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
Lately, we have seen a problem with our logon scripts on several XP machines.
The machines are authenticating to Windows 2000 AD, simple BAT files map
network drives with the net use command. Logon scripts are stored in the
standard sysvol location and are specified for each user in their user
properties. The problem is that sometimes the script doesn't run. You can
reboot several times and it still may not run. We have found that a logoff
works better for trying to get it to run the second time. We have played
with synchronous and asynchronous settings and that didn't seem to help. We
have contacted Microsoft and they were no help. We have verified DNS
settings. We have lookad at every KB article we have found and made some
registry changes. We have verified NIC sort order. We have disable wireless
controllers on laptops. We are running out of things to try. Any other
thoughts? We could really use the help... thanks!
 
Just because you didn't mention them (but with everything else, I'm sure
you'v been through this), Do you have multiple DCs available for logon? When
you connect to \\DC-1\netlogon is the script in there? How 'bout
\\DC-2\netlogon? Are the scripts the same?
A couple of things, when a cached logon occurs with a live connection it
usually takes noticably longer than with no connection (cable unplugged,
etc) so that might be a clue. If logons are happening at normal rate and you
can immediately connect to a share on both DCs, that would imply that either
the netlogon share cannot be found, or that the script is not present. I've
also run into problems with DCOM after installing (but not immediately
after) HP printer software. I had DCOM errors in the event logs. Problem
resolved by removing the HP software and installing just the bare driver.
Probably won't help, but there's my 2 cents.

....kurt
 
Paul Webendorfer said:
Lately, we have seen a problem with our logon scripts on several XP machines.
The machines are authenticating to Windows 2000 AD, simple BAT files map
network drives with the net use command. Logon scripts are stored in the
standard sysvol location and are specified for each user in their user
properties. The problem is that sometimes the script doesn't run. You can
reboot several times and it still may not run. We have found that a logoff
works better for trying to get it to run the second time. We have played
with synchronous and asynchronous settings and that didn't seem to help. We
have contacted Microsoft and they were no help. We have verified DNS
settings. We have lookad at every KB article we have found and made some
registry changes. We have verified NIC sort order. We have disable wireless
controllers on laptops. We are running out of things to try. Any other
thoughts? We could really use the help... thanks!
Click to expand...

How exactly did you ascertain that the scripts failed to run?
I have seen many installations where the script actually ran
but it bombed out for some reason.
 
The command prompt window never appears on the task bar and the network
drives are not available on My Computer.

Paul
 
This proves nothing at all! Make the first line of your
logon script like so:
echo %date% %time% >> c:\test.log

Now if c:\test.log does not exist after logging on then
you will know for sure.
 
Okay, point taken.

I added the line to the script, shut down the machine, brought it back up
and logged in. The file was not created. The script isn't running, right?

I shut the machine down and brought it back up to cause the problem again
(the problem doesn't seem to happen just logging in). About 3 seconds after
logging on, I tried to manually launch the script. The Test file was
created, but for every network drive, I got: "System Error 67 has occured.
The network name cannot be found."

Any other thoughts?

Thanks,
Paul
 
This is a good starting point - now you know for sure that
the script does not run.

I am concerned about your System Error 67 and I think
you should resolve this first before moving on to your
script. It might be the underlying cause of your problem.

Presumably Error 67 occurs when the script runs a
command such as

net use s: \\YourServer\SomeShare

- Do you get the same error when running the command
from a Command Prompt?
- Do you get it all of the time or just some of the time?
- If you get it only some of the time, is there a pattern?
- Have you examined your DNS settings? Are they correct?
Are they the same on all machines, i.e. on those where
the problem occurs and those where it does not occur?
- Have you examined your WINS settings and your subnet
mask? Are they appropriate?
- Is the problem account dependent?
 
That's quite a list:

- I will have to try it from a CMD... I am confident that I will get the
same result though. It seems like something has not fully connectd when the
script tries to run or something is preventing the connection and script run.
- It seems that it always happens from a cold boot. Does not always happen
from a reboot or logon. On some machines it happens every time on a cold
boot.
- DNS and WINS appear to be setup correctly and are setup the same for all
clients via DHCP.
* DNS question though... I have 3 DNS servers, 1 in the local subnet, 1 in
a different local subnet, and 1 in a different remote subnet. The local
subnet machine was the first DC in our AD and points to itself only for DNS.
It has forwarders to ISP for Internet. The other DNS point to themselves
first and the local subnet machine second. Is that correct? I have seen
conflicting advice on this.
- Not all machines on the network do this, but all of the machines that do
it are XP machines
- The problem does not seem account dependent.
 
Okay, it does not work if I try a net use in CMD... same thing, System Error
67.

Here is one more piece of potentially valuable information. In the
userenv.log file I am seeing a consistent problem:

USERENV(190.194) 17:38:10:187 CheckUserInMachineForest: Failed to enumerate
forest domains with 1717.
USERENV(190.194) 17:38:10:187 CheckXForestLogon : CheckUserInMachineForest
failed with 1717

Any other thoughts?

Paul
 
So, just for the sake of proving that this is a name resolution issue, what
if you type the net use in CMD using the IP address instead of the
computername

net use x: //192.168.0.3/share

?
 
Also, remember that "net use" is a netbios thing and DNS is really not
required if WINS is working or even if the two hosts are within broadcast
proximity of each other. In looking at hits on google I couldn't find
anything specific for (190.194) userenv.log entry, but some clues in other
errors were duplicate names, inability to resolve the name, duplicate SIDs,
etc.

....kurt
 
Back
Top