I run primarily Linux but I do have a Windows server for those who need a bigger Windows machine to work on and make it available via remote desktop. To have it play nicely with the rest of our systems, I also run a domain via Samba. While I don’t like roaming profiles, my users are used to it and the messages about unable to load a profile bother them.
Recently a user needed access to the Window server but then had weird access denied errors when trying to logon. I had them in the remote desktop group and the only messages in the logs were with loading errors about the profile.
The error shown was “Group Policy Client Service Failed The Logon.” Searching show this was a symptom of a corrupted profile and thus I deleted it, but then after that it was never regenerated and thus the missing profile messages every time since.
Thanks to a guy named Steve on the mailing list, I was able to determine what was going wrong. Within the registry, Windows stores some info about the profile, in particular is the location on the server.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowNT\CurrentVersion\ProfileList stores a list of user SIDs and they key CentralProfile was wrong. Deleting the entry from ProfileList fixed the profile errors and now its all good.