XP not running Logon scripts in NT domain

Hi,
just wondering if you can help me. I have a NT4 sp6 PDC running simple logon scripts. (mapping a drive, running a program and setting the time) This Script runs without a hitch on 95, 98 and ME machines at logon. I have several XP Pro machines on the same network but these do not run the script at all.

if I navigate to the netlogon share on the PDC the script runs flawlessly on the XP Pro machines.

I have followed the MS KB articles and altered the GP snap in tweaks ie wait until network has logged on and run scripts synchronously. Still no joy.

The XP machines do log into the Domain and receive network authentication as they are able to navigate through all network resources.

Hope someone out there has some ideas to help.

Thanks for your time.

 

Not exactly sure how you did Synch. There are several and they aren't the same. Take a look at Run Logon Script Sync and several of the links from it. May be a solution there. If not, post back and we'll try some other stuff.

 

Hi Newt,
thanks for the reply and the Link.
OK here is where we are at,
I edited the RunLogonScriptSync using the gpedit.msc method. After reading through the link that you sent I had a look in the registry and only found the aforementioned key in the user profiles. Thought that was strange! Anyway added the dword value manually to the windows\logon section but still had no effect on running the script.
I would also like to mention, may have no bearing on this prob whatsoever but it is still curious, since allowing the XP machines to join the domain (they previously ran in a workgroup) some of me 95, 98 machines kick their connection to a particular share. If the share is remapped or even visited through network neighbourhood the link seems refreshed and normal access is resumed. (maybe it is time to retire the NT4 workhorse?)
Anyway thanks again for the reply and I am anxious for any other advice.

Paul

 

Sorry I can't give you any direct help on this issue. We went to 2K AD at the same time we got our first XP-pro systems and no longer tried to use Logon Scripts.

I think your idea of moving to 2K AD Domains is good. In the mean while, here is another possible source of your problem - based on the fact that XP handles a specific script variable very differently than any previous OS versions.

Logon scripts that run in Windows XP may not work if %0 or %0\..\ is used in the script.

 

thanks Newt for your perseverance,
OK as regards moving to 2000 AD I cant see us doing that for at least six months. We are just about to enter our manic phase!! so can not afford the down time just yet.

Found this issue but unfortunately it does not affect the script as I have not used any %0% language.
the script I have is this;

<<\\Emtec2\Audits\auditp\vsawin.exe

<<rem net use v: \\Emtec2\Audits\auditp

<<rem v:\vsawin

<<rem net use v: /delete

<<net time \\192.168.1.3 /set /yes

real basic!!!

the reason for the rem lines is that when the script is run on XP machines by navigation to the file UNC paths are not recognised. However, the 95 and 98 machines do not recognise the net use commands during execution of the script so I have to leave the rem lines in for now. ( am looking at using the OS detector as in the above link.)

Sorry for rambling...

Having said all that about the UNC paths etc the XP machines still do not see the script itself. I know this because I have set up a test machine that runs a similar script to the one above but leaves any drives mapped to prove that it has been run.

OK I am out of breath now,
does this shed any more light on my problem???

thanks for your time

PJ

 

Are you using roaming profiles? If so, does a particular login work if the user is on a non-XP machine and then fail on an XP machine?

And a google search for XP login script not running turned up more articles that may help you out. They will at least show you that lots of folks are having issues with login scripts on XP PCs.

I just tried my account with a login to a classic NT4 domain we still have operational and it found & ran my login script there. Couple of errors but I know what caused them. I'm using XP-pro SP1. So I know it can work w/o any modifications to the PC setup - at least some places.

 

Hi Newt,
Hope you had a good weekend!
OK the profiles are not roaming as such but each account is allowed to log on to any workstation and when my account with all the privilages and a test account are used they work on 95,98 but not if the OS is XP.

Have used that search term and most of the articles that I read use the wait for network and run scripts sync solution.

As we have already worked out they dont seem to solve my problem.
Is there any special settings in XP to tell it that it is not logging on to an AD domain but an NT PDC instead?? Does the PDC need BDC?? Can I make a 2000 server created as a domain member a BDC without reinstalling?? Should I??

Another problem seems to have occured.... I have just had 3 95 machines that did not manage to obtain a lease and IP from the DHCP server?? Curious-er and curious-er (PDC and DHCP same machine)

Any Ideas anyone??

Many thanks for your time

Paul

 

You only need a BDC (on each subnet) if the domain is fairly large or if there are frequent logon authentication issues with all operating systems. But it's a good idea on any but the smallest domains.

As to adding the 2K server to the mix as a domain controller, yes/no/maybe. Take a look at This thread from another forum that deals with the issue.

Re: the XP boxes not running the logon script - thats a puzzler. Do you have NBT enabled on the XP PCs and are they set to use WINS servers as well as DNS?

As an experiment, set up an LMHosts file on one XP box, enable LMHosts in the networking properties, and see if it begins to behave.

 

The XP boxes use wins servers as well as DNS - they are supplied by the gateway (Network firewall, DNS server, WINS Server, Apache web server etc.)
Only 1 subnet.
Usure what NBT is sorry.
Not sure how to set up an LMHOSTS file but will have a look for hints, unless you have any good links.
Thanks for that other thread on promoting 2000 member servers, it has given me the ammunition to try and force an upgrade sooner rather than later. (Sorry another question just popped into my head...... ill have a look through the forum!!)
We have about 50 users on the Domain so would we require a BDC??
Thanks for the reply and your time, again, Newt.

Thanks
Paul

 

Sorry. NTB = NetBT = NetBIOS (Network Basic Input Output System) over TCP/IP - and NOT to be confused with NetBeui because it isn't although NetBeui has to use it in order to function. Without going into a long explanation about NBT, just make sure you have it checked in the TCP/IP section of the network settings.

There is a file on the PC already called LMHosts.sam and it is a pretty good sample file for how to set up a real one. Just make sure the real one doesn't have an extension at the end. It is simply a way to tell the PC where the file is located what the IP address and name of each server is and to pre-load some domain information to speed up connection things.

If it has you baffled after you read a bit, you can do the critical parts of matching server name to IP address by using the Hosts file. It lacks some features of LMHosts (like the Domain information pre-load) but is simply a text file consisting of a line for each server address / name matching. Something like

192.168.0.1 Mainserver
192.168.0.2 Otherserver

As to the need for a BDC - not required for that few users but not a bad idea either. Really needed if you have more than one network in your domain connected by router(s). You need a DC on each subnet for things to work smoothly.

 

aaah sorry was a little dense with NTB but have it configured to either pick settings from DHCP or enable it. I also enabled it by default as well.
Had a go at LMHosts file this is what I Typed...... it did not work however.....
# LMHosts file for XP machines
# Created to force the XP machines to run the Audit Software
# Located on the Emtec2 server

192.168.1.4 emtec2
192.168.1.3 nt server #PRE #DOM:emtec_domain

#INCLUDE \\emtec2\audits\auditp\vsawin.exe +new

the last line should trigger a brand new audit. This does not happen.

Still baffled. Oh and settings are wait for network and run net logon scripts sync.

Thanks for your time and sorry it is taking sooooo long.

 

192.168.1.3 nt server #PRE #DOM:emtec_domain

Not sure how many of your problems it is causing but if you really have a server with a space in the name, you shouldn't.

For one thing, your LMhosts file sees that the IP belongs to two different machines, "nt" & "server ", and neither exists. Since the #PRE forces that address/name match into cache on the PC it's doubtful that PC would ever be able to find a server using that IP by name - any name.

Is emtec_domain the real domain name?

The #INCLUDE line looks like it should work unless the file is confused by the server name. I really don't know about that.

 

Yes crazy as it sounds that is the domain name and the server name does have a space in it. Both of these issues were inherited and to be quite honest I have not had chance to make the necessary alterations.
The NTB name for the server or at least the internet name has a - in between nt and server. The domain name has got to be changed when we move to an AD which is probably going to happen in the next 6 months or so but I am loath to make the change at present.
In the LMHosts file can I not enclose the server name in quotes and use the hex number of the space in between??
Do I need to specify the NT SERVER at all?? Th machine already logs on to the Domain and and knows where the DHCP and PDC is as they are the same.
Thanks for your patience,
Paul

 

new development that has left me speechless.....
just had a win 2k laptop returned that needs to be included into the network for a time.......
just added it to the Domain, in the same way that the XP boxes were added and guess what......
yes you are correct, it executed the logon script without any hassel at all!!!
So now am utterly baffled cause I thought 2k and XP logged on the same way??
Has this latest update changed any views on why XP will not log on to the NT4 domain??
Look forward to your replies,
Paul

 

No flashes of insight on my part just now. One last thing to try and if it doesn't help, I'd suggest placing a call to Microsoft Tech Support. It should be a free one with these symptoms and those folks are seriously smart when it comes to their apps and operating systems doing strange things.

For now, please post the following and please don't mask any of the values. Do this on both an XP PC that is not working right and a 2K PC that is. Just make sure the information is identified so we can tell which is which. And do it right after each has finished a logon.

- start~run~cmd
- ipconfig /all > c:\setttings.txt
- Copy the entire contents of settings.txt and post it.

 

OK I have the results from the ip configuration routine and I have noticed that the 2k machine has a DNS search order and suffix so I am going to try and alter my XP box to the same. I will let you know how I get on.
here are the settings for the XP machine;
Windows IP Configuration

Host Name . . . . . . . . . . . . : Net-IT2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/100 VM Network Connection
Physical Address. . . . . . . . . : 00-08-02-17-1D-BE
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.11
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.3
DNS Servers . . . . . . . . . . . : 192.168.1.254
Primary WINS Server . . . . . . . : 192.168.1.254
Lease Obtained. . . . . . . . . . : 14 July 2003 08:58:48
Lease Expires . . . . . . . . . . : 17 July 2003 08:58:48

And now for the 2K machine;
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : Landrover1
Primary DNS Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : emtec-training.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : emtec-training.com
Description . . . . . . . . . . . : SH572B-3Com OC 10/100 LAN PCCard
Physical Address. . . . . . . . . : 00-50-DA-53-8C-85
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.37
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.3
DNS Servers . . . . . . . . . . . : 192.168.1.254
Primary WINS Server . . . . . . . : 192.168.1.254
Lease Obtained. . . . . . . . . . : Monday, July 14, 2003 09:25:48
Lease Expires . . . . . . . . . . : Thursday, July 17, 2003 09:25:48

OK fixed connection-specific DNS suffix on XP machine and it has made no difference. The 2K setup for TCP/IP is the same as the XP settings except that it does not have file and printer sharing added to the adapters configuration page and has ip protocols added to the options section of the advanced section of the TCP/IP setup screen. Are there significant differences between the security policies in 2K and XP?? ie does 2K allow scripts where XP wont??

thanks for your time
Paul

 

Paul - thanks for the info. Unfortunately everything looks fine on both machines.

From what I can read and from a couple of folks who are more familiar with that end of networking than I am, no one seems to have a clue.

XP should support scripts just fine and security for XP-pro and 2K is identical if you have Simple File Sharing on XP turned off. If you have it on you have made the machines a good few IQ points less intelligent.

But glad you asked because I'd forgotten about the Simple File Sharing and have no real idea what effect it might have if turned on.

Otherwise I'm out of ideas. Looks to me like it should be working. At this point all I can suggest is that you open a tech support call to Microsoft. Should be a free call since you have an OS feature that just isn't working.

If you haven't dealt with their tech support, it is excellent for strange problems. I've done several via email and have been very satisfied. You might even point them to this thread once you get a case opened since it should help the tech eliminate the things we've already discussed.

 

OK Newt,
thanks for all your time and patience. I guess I will have to open a tech support call.
I will post a conclusion should I receive one.
Cheers all
Paul

 

Paul - yes, please do post your results.

I'd be very, very surprised if the M$ tech support folks can't get you sorted out.

Did you notice my comment about turning off Simple File Sharing? If so, it apparently didn't help but I still think you'll be better off without it since it removes so many of the normal security features of the NT operating systems.