I am redirecting several folders using Group Policy. Everything works as expected on Windows XP clients, but on a Windows Vista client, some of the folders redirect, and some of them fail to redirect. For the ones that fail, the following event (with identifying information altered) is logged:
Log Name: Application Source: Microsoft-Windows-Folder Redirection Date: 5/14/2009 2:34:38 PM Event ID: 502 Task Category: None Level: Error Keywords: Classic User: CORP\username Computer: machinename.corp.mycompany.com Description: Failed to apply policy and redirect folder "Desktop" to "\\corp.mycompany.com\net\users\desktop\username". Redirection options=1001. The following error occurred: "Can not create folder "\\corp.mycompany.com\net\users\desktop\username"". Error details: "This file is currently not available for use on this computer. ".
I have made sure that there is no pre-existing folder with the name in question, so that I can be sure that Windows creates the folder with the permissions that it wants. I set up my permissions on the parent folder using TechNet's guidance, and I can manually create the folder in question using the command prompt while logged on as the user in question.
Why is this failing? What possible causes should I look for?
EDIT: I tried Zoredache's suggestions, and the alternate test GPO and redirected folder share worked. I then switched back to my original location, turned on auditing, and monitored with ProcMon on the client side, and everything worked fine. Our file server that hosts redirected folders is a virtual machine, and I turned off a couple of other virtual machines on the same host at the same time that I switched to the new redirected folder share. This was foolish, because now I don't know if there was a resource issue on the virtual machine host that was causing the problem, or if there is a Heisenbug--a bug that disappears when I audit and monitor the redirected folder-creation process. Although I do not have any evidence that Zoredache's suggestion resolved my particular issue, I recognize that it is excellent advice, and I am going to mark it as the accepted answer.
You mention that you can create the folder manually. Have you also tried changing the permissions manually. Does the user have the ability to change the permissions of the folder? Did you check the share permissions aren't blocking access that they would have gotten based on the acls?
If you can't figure it out, I would setup a test folder/gpu give the test users full control to see if redirection works. Then start locking things down based on the technet advice and see where it breaks.
You have to allow "Authenticated Users" (Or a more specific group) the ability to create folders under the root. Probably should give "Administrators" "Full Control" at this time as well.
You should also assign CREATOR OWNER "Full Control" of ONLY sub folders.
That way a new user has the ability to: 1) Create the initial re-directed folder under the root share 2) Retain control of that folder and only that folder
Make sure you also setup share permissions on your root share allowing "Authenticated Users" to R/W.
If permissions is the issue, here's a knowledgebase article that lists the recommended NTFS permissions you should set on locations for redirected folder:
How to dynamically create security-enhanced redirected folders by using folder redirection in Windows 2000 and in Windows Server 2003 http://support.microsoft.com/kb/274443
I was experiencing this same problem. I used http://technet.microsoft.com/en-us/library/cc736916%28WS.10%29.aspx to setup my NTFS permissions. For my share permissions, I had "Authenticated Users" > Change and "Administrators" > Full Control.
I logged onto the Vista PC as the user experiencing the problem. I then ran "gpupdate /force". It prompted me to log off. Once I logged back on, everything was working. I don't expect this to work for everyone, just sharing my experience.
Do one of the following: Enable both "Grant the user exclusive rights to Documents" and "Also apply redirection policy to Windows 2000, Windows 200 Server, Windows XP, and Windows Server 2003 operating systems". When both are enabled then the Synchronization Partnership is successfully created and documents are synchronized between the local profile and the home directory.
-- OR -- Disable both "Grant the user exclusive rights to Documents" and "Also apply redirection policy to Windows 2000, Windows 200 Server, Windows XP, and Windows Server 2003 operating systems". When both are disabled then the Synchronization Partnership is successfully created and documents are synchronized between the local profile and the home directory.