# Windows 2008 TS Logon (profile) issues



## cajunthomas (Feb 19, 2012)

PROBLEM:

When logging onto a Windows 2008 Terminal Server remotely (must be a remote logon) error is displayed “The User Profile Service service failed the logon. User profile cannot be loaded.” And logon does not go ahead. 

When removing the profile path from the 2003 server, Active Directory Users and Computers, logon, properties, profile tab – logon CAN go ahead but this is NOT wanted – the use of the profile is needed. 

Help! 

SYSTEM SET-UP

WINDOWS 2003 SERVER – Domain controller – users active directory users and computers to create logons to the server and has defined profiles. When creating a profile the profile path is on this server \\compname\cfg$\Manprofiles\

Terminal Service User Profile is also set to \\compname\cfg$\Manprofiles\

There is a field below this in Active Directory that is labeled Terminal Services Home Folder which is currently set to “local” which is blank and will only accept a dedicated address on the server itself – i.e . D:\\..\Manprofiles\


Then there is a WINDOWS 2008 STANDARD, SERVICE PACK 2 pc set-up as a TERMINAL SERVER. Roles activated are: 

File Server
Terminal Server
Web Server

When logons are created on the 2003 server, they are then created on the TERMINAL SERVER using create new user, browsing to the Domain Computer and selecting the user account wanted. 

They are then given the account type of REMOTE DESKTOP USER. 

When going into CONTROL PANEL -> USER ACCOUNTS -> CONFIGURE ADVANCED USER PROFILE PROPERTIES -> PROFILES -> CHANGE TYPE there is a greyed out (not able to be selected) Roaming Profiles option and a selected Local option. 

After attempting the remote logon, the following error shows up on the 2008 Terminal Server under Server Manager:


EVENT PROPERTIES – EVENT 1060, TERMINALSERVICES – REMOTE CONNECTION MANAGER

The Terminal Services User Home Directory was not set because the path specified does not exist or not accessible. The default Home Directory Path was used instead. User Name: Data Director Domain: CMOUKDF

oOo

If the Terminal Services Home Folder path, on the 2003 server under Active Dir Users & Comps, is set to: 

d:\cfg\Manprofiles\DFSTAFF.man

The same error appears:

EVENT PROPERTIES – EVENT 1060, TERMINALSERVICES – REMOTE CONNECTION MANAGER

The Terminal Services User Home Directory was not set because the path specified does not exist or not accessible. The default Home Directory Path was used instead. User Name: Data Director Domain: CMOUKDF


----------



## djaburg (May 15, 2008)

Has the server been joined to the domain? If so, why create the users on the 2008 server since it should already have the domain users in there.


----------



## cajunthomas (Feb 19, 2012)

Thanks for the reply. 

Yes the terminal server (2008) computer is connected to the domain. 

If I have not created a logon on the 2008 computer with and try to logon to \domain\account I get an error: "The connection was denied because the user account is not authorized for remote login."

I _do_ need to logon remotely.

When I create a logon to the Terminal Server I go to create a logon, then access the domain and select the logon _from the list generated by the domain _. 

However to answer your question and to investigate the potential solution - I deleted the logon from the 2008 server and then attempted to logon directly at the TS server. I got the same error on profile service failing that I typed into my original posting. 

I definitely have a feeling that the issue lies with the profile settings either on the 2003 machine in active directory or on the 2008 machine or both. 

Any other ideas?


----------



## djaburg (May 15, 2008)

First you need to make sure you've enabled remote login on the accounts in question. Then when you attempt to login to the server and you get the message that the user profile service could not be started because the user profile could not be loaded. Sounds like perhaps a permissions issue. I'm assuming that each user has their own user profile? I would do a simple permissions test by logging in to the server TS (without specifying the profile path as you stated), then navigate to the directory that contains the profile and see if that works. If you can't get access to it, you need to verify permissions or group membership.

Also take a look here for more information.


----------



## Wand3r3r (Sep 17, 2010)

You did install 2008 RDP client cals on the 2008 TS server right? How many?


----------



## cajunthomas (Feb 19, 2012)

There are two points to answer here

a) TS Licenses - yes there are 5 user licenses installed. 

b) I read the document that you attached on profile and folder redirection in Windows Server 2003. Very useful for something else that I need to get done so thank you! But other than making sure that the profile path on the 2003 server was shared (it wasn't) there was nothing else that I need to adjust as this was mainly all in place. 

To try and give a little more information - 

- The 2003 computer defines two generic profiles - general user and staff. These profiles give access to a database viewing program. Most are general user logons which are quite restricted and a few are staff profiles which have a few more permissions but are still not administrator level. 

- Users do not save ANYTHING to the logons to this server or workstations. They are simply used for database viewing. The profiles define user rights and access levels. 

- After reading the document attached I shared the directory where the profile path is stored and still got the same error on profile services service failing. 

- If, on the 2003 server, in active directory -> userID -> properties -> profiles tab - I _REMOVE_ the path to the profile that defines general user or staff user then I _CAN_ remotely logon and access the DB program that is used (bespoke software) HOWEVER I loose the specialist permissions etc that these profiles define, so closer - but I still need to find a way to do this that allows use of these profiles... 

I am not sure what you refer to on verifying group membership or permissions or where to look for this? So did not do anyone on that point. 

Thanks so far!


----------

