weird problems with logon scripts

G

goodcooper

[H]F Junkie
Joined
Nov 4, 2005
Messages
9,771
so i've started using logon scripts now heavily in my AD environment, i've been using the option under the user in users and computers, not the GPO logon script...

so i've made the vbscript and it works fantastically... the problem is it randomly won't run on a client machine...

i've got the drive maps set to not be persistent, so this is really getting irritating, as i get a random call from a random user about how they rebooted and now thier drives aren't mapped...

the script isn't the problem, as it isn't even running, my script drops a log file, and like i said, it's not even running... if i remote in to the box and run the script manually, it maps everything like it should...

i have found out though, that if i just BROWSE on the affected computer to the netlogon share on any DC, log out and log back in, without manually running the script... it works just fine...

so it's like it can't get to the folder somehow... if i manually browse to the share, log out and log back in it'll run it like it's supposed to....

anybody have a problem like that? trying to google this issue has been irritating to say the least...
 
are any errors logged in the Windows Event Log during user logon when the script fails to run?
 
j-sta said:
are any errors logged in the Windows Event Log during user logon when the script fails to run?
Click to expand...

the only one i found that looked like it MIGHT have something to do with the problem was the following:

This computer was not able to set up a secure session with a domain controller in domain [my domain name] due to the

following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem

persists, please contact your domain administrator.



and obviously it works fine after it's up... and all these machines are on the same network (no vpns in this case) and the DNS is all set up correctly (i think), it's almost like the network isn't initializing in time to authenticate to the server or run the logon script...

so far it's happened to like... 4 different types of machines too... so i'm really stumped...
 
so it always happens to the same machines?
ie, does it randomly occur on other machines?

do you set the Wait for Network at Logon via GPO?
if not, set it locally and see if it resolves the issue.

Computer Config -> Admin Templates -> System -> Logon
set "Always wait for the entwork at computer startup and logon" to Enabled.
at an elevated command prompt, do a gpupdate /force /boot /sync

If this resolves the issue, may be worth it to apply that setting via GPO so you don't have to run around and set it on each machine.
 
j-sta said:
so it always happens to the same machines?
ie, does it randomly occur on other machines?

do you set the Wait for Network at Logon via GPO?
if not, set it locally and see if it resolves the issue.

Computer Config -> Admin Templates -> System -> Logon
set "Always wait for the entwork at computer startup and logon" to Enabled.
at an elevated command prompt, do a gpupdate /force /boot /sync

If this resolves the issue, may be worth it to apply that setting via GPO so you don't have to run around and set it on each machine.
Click to expand...

it seems to be completely random... but here's the weird part, and makes me think your solution won't work (i'll still try it though the next user that calls)

after logging in, the script doesn't run... i had the user logoff, then logon again and it STILL wasn't running...

it seems to be only after i browse to the netlogon share on the "domain" dfs netlogon share (mydomain.local\netlogon) THEN logoff/on, will the script run....

BUT, i will try your suggestion the next person that calls...
 
that Netlogon error could be part of the issue.
We have users that randomly have issues connecting to a printer via VBS script at one of our sites. This site tends to have random latency issues. Even though they have a DC on-site, machines will occassionally try to hit a different DC for authentication. When this happens during the high latency, they will get an error.

We've also had some users get this error at logon.
 
Which OS's are running on the server and client? Functional level of the domain?

How often is this happening? 1% of logons? 20%?

You say that you are using logon scripts pretty heavily. Are these logon scripts doing anything besides mapping network drives?
 
metallicafan said:
Which OS's are running on the server and client? Functional level of the domain?

How often is this happening? 1% of logons? 20%?

You say that you are using logon scripts pretty heavily. Are these logon scripts doing anything besides mapping network drives?
Click to expand...

7, 2008R2, functional level of the domain is 2008

i'd say.... 5% of logons... that's EACH logon from everybody... i'd say at the location that i rolled this out there are 20 users... hard to put a percentage on it... just about once a day i was getting calls... at first i thought maybe it was the netlogon folder was just replicating slowly, but i probably would have seen a different error if that was the case... like logon script not found, or something like that

the script can do lots of things, if it detects a user is a member of technician's group it'll run another script, but for right now all the script pretty much does is map drives, yes.... i also wrote it to dump logs... the log's aren't being touched... and if i manually run the script it works every single time, so it's not the actual script that's the problem...
 
goodcooper said:
7, 2008R2, functional level of the domain is 2008

i'd say.... 5% of logons... that's EACH logon from everybody... i'd say at the location that i rolled this out there are 20 users... hard to put a percentage on it... just about once a day i was getting calls... at first i thought maybe it was the netlogon folder was just replicating slowly, but i probably would have seen a different error if that was the case... like logon script not found, or something like that

the script can do lots of things, if it detects a user is a member of technician's group it'll run another script, but for right now all the script pretty much does is map drives, yes.... i also wrote it to dump logs... the log's aren't being touched... and if i manually run the script it works every single time, so it's not the actual script that's the problem...
Click to expand...

Is there any particular reason you use a login script for that when a GPO Preference will do the same thing and often quite a bit more reliably?
 
does it only occur on a fresh boot? or does it also occur if the machine has been on?
did you Enable "Run logon scripts synchronously" in GPOs?
this is a remote site, what's the latency like between it and other DCs?
 
You must log in or register to reply here.
Back
Top