# Cannot delete or move files in "My Documents" (Offline files)



## PG Croat

I got an issue with a user. For some reason he is unable to move or delete files in his "My Documents", it gives the error “Cannot remove folder. This operation is only supported when you are connected to the server”.

The My Documents is actually hosted on a server but the files are made available offline and are synched when the laptop is back on the network. This normally allows users to move or delete the files but this particular user actually disabled the Offline files. I re-enabled it and had the laptop synch the files when I had him send it here. I quickly tested to see if the files could be opened while offline and it worked but I did not test to see if they could be moved or deleted. Now it is back out in the field and the user is experiencing this issue.

I remoted into it and compared the setting to a laptop that is running Offline Files correctly and they appear to be the same. Why can't he move or delete them?


----------



## AlbertMC2

You can try this - Reinitialize the offline cache
http://support.microsoft.com/kb/230738


----------



## PG Croat

Sorry for the late reply. The computer was out in the field but I requested that it to be sent here. I actually created a new "My Documents" folder for him on the server, it is currently trying to synchronize now. Its taking longer than normal but when its done I'll see if that resolves it. If it doesn't, I'll try that solution.

Kinda wish I checked the forum first. The solution you linked seems to be faster than the one I am trying right now.


----------



## PG Croat

Neither solution worked. I have re-initialized the offline cache, replaced his My Documents folder, re-created his local profile and it still will not let him delete while offline.

Whats odd is that I created a new local profile and let it initialize a new My Document folder but it still synchronized even though I removed his old My Documents folder. There shouldn't have been anything to synch with and yet it synched up all of his photos.


----------



## PG Croat

Ok, I experimented by logging in as him on a different laptop. It has the same problem. So I think its safe to say that its an issue with his profile and not a problem with the OS on the computer.

Any suggestions? I'm stuck


----------



## AlbertMC2

He doesn't have rights/permission to delete? Only to read/write/modify perhaps?


----------



## PG Croat

His permissions are the same as everybody else's. I was thinking that too but the permissions wouldn't change if he was offline. As long as he is online he can delete or move those files but the second he tries doing that away from the network it tells him he need to be on the nserver to do it.

Its really weird, every other account can do it just fine, its just his that is causing all the trouble.


----------



## PG Croat

I have officially run out of ideas. I have gone as far as removing the account off the server completely and still it will not allow you to move or delete the folders in "My Documents":upset:


----------



## AlbertMC2

When deleting you are pressing ctrl+shift and then clicking delete on the folder menu to delete everything on the PC? You then have to restart. This should delete everything (offline) on the PC.

I have asked one of the networking moderators to have a look. Perhaps (and possibly) they will have better recommendations than I have.


----------



## 2xg

Hello,

Is this issue in a DC environment? If it is, I would check the GPO settings in network folders restriction, a Network Admin would know these things. 

You may also re-create his Roaming Profile(if you have one setup), but before that....let's fix his corrupt profile by following this guide.

I have used User Profile Hive Cleanup Service before and it works for me. It's for XP only.


----------



## inspiron21

Is it that only some of the folders/files of Mydocs are marked for offline availability ? If so try making everything in Mydocs as offline. Recently we have faced a similar issue in Vista where trying to delete files has given the error you mentioned. Making everything offline has solved our problem..


----------



## PG Croat

AlbertMC2: I've done that, but it doesn't help. It won't even let you move the folders but you can move, edit, and delete the files within them. Its just the folder.

2xg: I have gone as far as recreating his profile from scratch and just pasting the contents of his My pictures back. Still he is unable to move or delete the folders while away from the network. Even newly created folders cannot be moved or deleted when offline once it has been synched with the server.

inspiron21: The entire My Documents folder is set to be available offline, the profiles are scripted to do that automatically when they are created. His is the only one that has this issue and it was working fine when I initially set up the computer for him a couple of weeks agao. Something happened in the two weeks he had the laptop, simply disabling Offline Files wouldn't have messed the folders up like this (I re-enabled it cause he initially reported an issue with not being able to open My Documents at all).


----------



## 2xg

Is this a Roaming Profile issue? Have you tried the User profile hive cleanup?


----------



## PG Croat

Ok, so evidently its not just him. It happens with my account as well. I just didn't notice cause I am always on the network. So why are we not able to delete the folders while we are off the network? We can definitely delete files, even in the folders we cannot delete. You would think deleting folders would be plausible.


----------



## 2xg

Please check your Server's Event Viewer's logs for any errors and post the Event ID Nos. here related to your issue.

Also, I'm waiting for your reply regarding *Post#13*.


----------



## PG Croat

The scripts aren't something I developed. I don't know if they are roaming profiles. Nothing is listed in the user path or local path under the profile tab.


----------



## PG Croat

As for the event viewer, I don't see any errors that could be related to this issue.


----------



## 2xg

You meant from the AD Users and Computer's Profile Tab correct?


> Nothing is listed in the user path or local path under the profile tab.


Alright, you'll have to check the GPO Script, you might have a corrupt GPO. Can you try accessing the GPO? Also, please post the *Event ID errors*.


----------



## 2xg

Anything related to DNS or AD errors?


----------



## PG Croat

This error was listed near the bottom regarding the DNS server:

Event Type:	Error
Event Source:	DNS
Event Category:	None
Event ID:	4004
Date: 4/17/2007
Time: 2:37:41 PM
User: N/A
Computer:	Not going to show that on here for security purposes
Description:
The DNS server was unable to complete directory service enumeration of zone (local server name, security purposes again). This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..


----------



## PG Croat

As for the GPO, I'm not sure where that is.


----------



## 2xg

Are you the Network Admin? Also, if you look at the Date of that Event log, it's 2007, anything for 2010 of August?


----------



## PG Croat

Yeah, I'm the network admin but it was my employer that set this all up. As for other errors for August, nothing DNS related but there are five warnings that seem to have come up every day at the same time, each with a different directory partition, in the Directory Service. Looks like they have been popping up for months now:

Event Type:	Warning
Event Source:	NTDS Replication
Event Category:	Backup 
Event ID:	2089
Date: 8/13/2010
Time: 9:54:15 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer:	confidential
Description:
This directory partition has not been backed up since at least the following number of days. 

Directory partition: 
DC=ForestDnsZones,DC=confidential,DC=local 

'Backup latency interval' (days): 
30 

It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition. 

By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key. 

'Backup latency interval' (days) registry key: 
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days) 


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Every other error or warning appears to be a few months old and likely not related to this issue.


----------



## PG Croat

I just found this error:

Event Type:	Error
Event Source:	NTDS Replication
Event Category:	DS RPC Client 
Event ID:	2087
Date: 6/23/2010
Time: 8:58:14 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer:	confidential
Description:
Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. 

Source domain controller: 
another confidential 
Failing DNS host name: 
keeping that confidential as well

NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1: 

Registry Path: 
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client 

User Action: 

1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498. 

2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>". 

3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns 

dcdiag /test:dns 

4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows: 

dcdiag /test:dns 

5) For further analysis of DNS error failures see KB 824449: 
http://support.microsoft.com/?kbid=824449 

Additional Data 
Error value: 
11004 The requested name is valid, but no data of the requested type was found. 


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


----------



## 2xg

Lets try a simple possible resolution for now. If this doesn't work, it is going to be complicated and you need to be prepared.

To open Group Policy from Active Directory Users and Computers:

1. Start=> Admin Tools=> Active Directory Users and Computers.

2. In the console tree, right-click on the OU(locate the problematic User here) for which to access Group Policy.

3. Click Properties, and click Group Policy, click Open.

4. In GPO Editor, expand User Configuration=> Administrative Templates=> Network=> Offline Files. In here, find the attached file, and Enable/Disable stuff here. I already noted from the attached GPO file which ones are need to be disabled/enabled.

Then when done modifying the OU's GPO, exit out of the GPO Editor and open up and command prompt, type *gpupdate/force* press enter. From the problematic User's computer, log off then log back on. See if this User is still having an issue.


----------



## PG Croat

For step 4 I don't see "User Configuration"


----------



## PG Croat

nevermind, I just ran gpedit.msc to get there. You want me to do this on the server hosting the My document folders?


----------



## 2xg

Oh yeah you can run *gpedit.msc* also if you don't have any OU's, don't you?



> nevermind, I just ran gpedit.msc to get there. You want me to do this on the server hosting the My document folders?


Correct


----------



## PG Croat

It didn't work but it should be noted that I checked the group policy on the laptop after the reboot and it remained with all the settings set at "Not Configured". I don't think the policy was pushed on to it. Though I did manually make the changes on the laptop and then rebooted but it still did not work.

On another note, GPO is enabled.


----------



## PG Croat

Is there a way to block site policies?


----------



## 2xg

It will be way easier/hassle free for you to create a New User AD Account and replace the problematic User AD Account. I don't think there's an the issue with the script, it's either a corrupt GPO setting or User Profile's issue.

===================
Another experiment that might work is create a new OU and move that problematic User to the new OU and apply the GPO. Please check this out, similar to your issue. It might give you some idea on how to troubleshoot yours.



> Is there a way to block site policies?


Not sure what you meant by this? Is this a different issue?


----------



## PG Croat

It turns out that the group policy we have set for remote users, which includes this particular user, is being overwritten by our site policy. So all the remote users are being synched with the same policy that the office users have rather than "Remote User" policy we created for them.

Unfortunately we can't seem to find a way to block that Site Policy, it takes priority and establishes itself when the computer is connected here in the office (ie: the remote user policy was never in place since I set the computers up here in the office). This user was just the first to report it because he is one of only a handful that is actually required to come into the office to work instead of the field once every blue moon. When he came in it synched all the folders and files in his My Documents and now he cannot move or delete the folders when away from the network.

We just can't find a way for the "Remote Users" policy to take priority over the site policy now. If we can get it to do that then I think it'll finally be resolved.


----------



## PG Croat

In other words, I want the Organizational Unit policy to overwrite the Site policy. Simply selecting "No Override" doesn't seem to work.


----------



## 2xg

Here's how....you may do this on your own risk bec. I won't be responsible for any failure, if there's any. Also, an advice for you..you should do this after business hours or weekend. 



PG Croat said:


> In other words, I want the Organizational Unit policy to overwrite the Site policy. Simply selecting "No Override" doesn't seem to work.


----------



## PG Croat

Heres the odd thing. The remote user container has the "Remote user" group policy which is set to "No Override" but the user's settings are still the same. It appears as though it is applying the policy set for a container that is the child of another container that is the sibling of the parent container of the one in question. The best way I can describe it is that the cousin container's policy is being applied rather than the "Remote Users" policy.

The reason it is doing that is because the cousin's policy is being applied to the entire office. Any computers connected to it has this policy forced on it, regardless of the fact that the user is organized in the "Remote Users" container. What I found was that it may be due to the link order:

1. Local Group Policy object—Each computer has exactly one Group Policy object that is stored locally. This processes for both computer and user Group Policy processing. 


2. Site—Any GPOs that have been linked to the site that the computer belongs to are processed next. Processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the site in Group Policy Management Console (GPMC). The GPO with the lowest link order is processed last, and therefore has the highest precedence.


3. Domain—Processing of multiple domain-linked GPOs is in the order specified by the administrator, on the Linked Group Policy Objects tab for the domain in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence.


4. Organizational units—GPOs that are linked to the organizational unit that is highest in the Active Directory hierarchy are processed first, then GPOs that are linked to its child organizational unit, and so on. Finally, the GPOs that are linked to the organizational unit that contains the user or computer are processed.


It looks like the office policy is being used as the Site Policy and will not allow the OU to override it or block it. I disabled the "No Override" option for the office policy but the remote user is still set up with the office policy Folder redirection is still set to put "My Documents" on the local server. We actually don't want this group of remote users' documents redirected. Not sure why the OU isn't overriding it, if that order is correct it should be applied last (overriding the site policy)


----------



## 2xg

How many users do you have in your organization? Out of these so many Users, only one is having an issue? Are there any other Users that belong to that particular OU where this User is residing?


----------



## PG Croat

We have just over 100 users on our network. This is no longer an issue with just one user. It turns out that it is an issue with generally everybody whose computer has been set up here in the office but do not normally work in it.

For some reason the policy for the office is pushed onto their computer regardless of the group their accounts are placed in.


----------



## 2xg

Oh no...that doesn't sounds good. It looks like more problem in your side too bec. you have to deal with it and troubleshoot.

Let me see what workaround or fix we can do about this and will get back to you.


----------



## PG Croat

I have tried to set the site policy so it is not enforced and made sure that "No Override" is disabled. I then went into the "Remote User" group policy where I set it to be enforced, I enabled "No Override" and explicitly set the My Documents Redirect to redirect it to the user's local profile.

At first I thought it worked. Loading a profile on the computer resulted in the network drives still being mapped and the My Documents set to the local My Documents folder but once I rebooted the computer, while still connected to the network, it reverted back to the site policy with My Documents redirected to the server location again.

Any ideas?


----------



## PG Croat

I brute forced it into redirecting it to the local drive by changing the entry in the registry. That allowed me to move the location of My Documents. That fixed the issue for the user who reported the issue. At least I can send his back for now but I still got to figure out how to keep the OU from being overridden by the Site policy. At least I can do that without being asked if its fixed yet every 5 minutes lol


----------



## 2xg

You may not like this suggestion, but here it is. Since originally you did not establish the GPO and all the Scripts created, I'd start from scratch. It's going to be a big headache for you and it's happening now what the previous IT people have implemented in your network. I have dealt with a major network issue 2 years ago when I was hired to do a consulting job and their nework was such a mess, I had to start from scratch. I had to re-configure all Server Roles and GPO as well. In your case, my recommendation will be re-configure GPO back from default. Locate all the Scripts written, you may use the same Scripts if you want, but I wouldn't. Can't think of anymore things to suggest you.


----------



## leenco12

PG Croat said:


> Neither solution worked. I have re-initialized the offline cache, replaced his My Documents folder, re-created his local profile and it still will not let him delete while offline.
> 
> Whats odd is that I created a new local profile and let it initialize a new My Document folder but it still synchronized even though I removed his old My Documents folder. There shouldn't have been anything to synch with and yet it synched up all of his photos.


Ok, I experimented by logging in as him on a different laptop. It has the same problem. So I think its safe to say that its an issue with his profile and not a problem with the OS on the computer.
____________________
watch movies online


----------

