I recently had to rebuild a Small Business Server 2003 Standard after a crash. I then rejoined the workstations to the domain. Subsequently, many of the Windows XP Pro workstation domain members are experiencing intermittent locked profiles when a user attempts to login, usually after several hours of having no account logged in. A reboot resolves the issue.
We are not using roaming profiles or Terminal Services, and UPHClean in its native configuration is not shedding any light. I have removed and reinstalled the Trend Micro AV client, and disabled many (but not all - some are mission-critical) of the third-party startup services/applications. On three of the workstations, I have renamed the profile and started with a clean profile and copied user files over (but not the Application Data or Local Settings folder, let alone the NTUSER.DAT file).
Any ideas? I'm stumped...
-
At that point I would disjoin from the domain, reboot, delete all user profiles except local administrator. Delete all computer accounts in question from AD users and computers. Then I would rejoin but with computer names that have never been used before on the domain.
BTW, what do you mean when you say the profile is locked.
Also, I have found that when working with SBS it is always best just to use the built-in wizards rather than do anything manually. I'd use the SBS method of rejoining.
Raintree : Thank you. The client finds my replacing their profiles as very disrupting, and I am currently working remotely. If the Trend Micro vector mentioned above and a potential Microsoft call do not pan out, I will start over as you suggest. Please see the above comments regarding the Event IDs for Microsoft's description of the locked (in use) profile. I, too, frequently recommend folks use the wizards. I have also gotten used to cleaning up the left-overs from the wizards misfiring (stranded _SBS_USER accounts, for example). :)From flashkube -
Are you sure your network isn't affected by any malware? I ask because Conficker can lock out user accounts. The reboot fixing the problem could be a red-herring, as many domains will automatically reset the lockout after a period of inactivity.
Raintree : Thank you. A scan by Trend Micro WFBS 5.1 and MalwareByte's AntiMalware (both with current defs) currently come up clean. I checked previously with Trend to verify that Conficker variants were indeed on their definitions list...From Gavin McTaggart -
When you "rebuilt" the server did you just restore AD from a backup or do a new install ?
Raintree : Restored from backup.JJ01 : Did you scan AD/DNS for errors using dcdiag and netdiag ?From JJ01 -
I would log all users off from workstations and then reset everybody's password and then ask them to login using new passwords.
All of these assuming restored backup also restored same user accounts with same SID.
From KAPes -
Have you try to enable user environment debug logging?
Maybe it can help you to identify the cause.
From Tanarri
0 comments:
Post a Comment