Sync or Swim

Another look at offline folders that comes with a workaround.

Bill: Your recent article on offline folder synchronization definitely brought up some good points, but did not address the real problem according to the way I read that person's question. I have a similar problem:

UserA is working on a Windows 2000 Professional workstation with My Documents redirected to a home folder on ServerA via Group Policy in a native AD environment. UserA makes changes to Document A and logs off.

The files synchronize as expected, by showing the server and path of the location being synchronized, \\ServerA\UserA.

UserB logs onto the same Windows 2000 Professional workstation with the separate policy redirecting folders to \\ServerB\UserB. Whether or not UserB makes any changes, when UserB logs off the same synchronization window pops up and shows synchronization occurring on both \\ServerA and \\ServerB. However, it ends with an error that there is insufficient permissions to synchronize with \\ServerA.

If I log back in as UserB and log off and choose "Setup" when the Offline Files are synchronizing, then I can uncheck which server I do not want to synchronize from this profile. This will then remove the error when UserB logs off. However, I sure don't want to make this profile change for every user.

I appreciate the topics you address—many times there are some interesting tidbits to be learned!
—Scott Krahn

Get Help from Bill

Got a Windows or Exchange question or need troubleshooting help? Or maybe you want a better explanation than provided in the manuals? Describe your dilemma in an e-mail to Bill at mailto:boswell@101com.com; the best questions get answered in this column.

When you send your questions, please include your full first and last name, location, certifications (if any) with your message. (If you prefer to remain anonymous, specify this in your message but submit the requested information for verification purposes.)

Scott: After reading your excellent problem definition, I absolutely agree that I did not address the core issue when I answered the first reader on this subject. This whole business of redirected shell folders and offline caching turns out to present a very interesting situation.

I'd like to clarify a couple of points in Scott's scenario. Redirecting the My Documents folder to separate shares based on the user's folder is not a good idea. The better approach is to create a root share with the path \\ServerA\UserDocs then redirect the My Documents folders to that root share using basic redirection with the path; for example, a redirection path of \\ServerA\UserDocs\%username% creates individual user folders under the UserDocs share.

Setting NTFS permissions on the root folders to give the domain Users account Read/Execute/Traverse permission avoids the synchronization error without given the users Write/Create rights at the root of UserDocs. This meets your design specification of keeping users from finding a cranny where they can stuff their MP3 files and other data detritus.

The more interesting issue, though, is why redirected My Documents folders from multiple users of the same machine results in a synchronization event that touches all the shared folders.

Ignoring My Documents for a moment, let's do a test on a standard, run-of-the-mill shared folder:

Let's say UserA maps to \\serverA\Data and configures the mapped drive for offline folder caching. The icon for the share now changes to the double-headed arrow. (This assumes that the share has been configured to permit offline caching.)

If UserA creates a file in the mapped drive then opens the Synchronization Manager, he sees the \\serverA\Data UNC in the synchronization list. When he logs off, he sees a synchronization transaction for this UNC.

A little while later, UserB logs onto the same machine. UserB maps a drive to \\serverB\Apps and configures the mapped drive for offline folder caching. The icon for the share changes and he saves a file in the mapped drive.
When UserB opens Synchronization Manager, he sees the \\serverB\Apps UNC in the synchronization list. He does not see \\serverA\Data. This is what you'd expect, because these settings get stored in the Registry in HKEY_Current_User under Software | Microsoft | Windows | CurrentVersion | Netcache.

Now... let's do the same thing by redirecting My Documents. Configure two GPOs that redirect My Documents to two different locations, \\serverA\UserDocs and \\serverB\UserDocs. Link the first GPO to OU-A and the second GPO to OU-B. OU-A contains UserA and OU-B contains UserB.
UserA logs on and verifies that the My Document redirection has taken effect by looking at the path in the Properties window. UserA configures My Documents for offline caching and puts a file in it.

If UserA opens the Synchronization Manager after creating or modifying a file in \\serverA\Data, he sees the \\serverA\UserDocs UNC in the synchronization list. When he logs off, he sees the sync checks for this UNC.
Now UserB logs on and verifies My Document redirection and configures for offline caching and plops in a file.

Here's the change: When UserB opens Synchronization Manager, he sees the \\serverB\UserDocs UNC and the \\serverA\UserDocs UNC in the synchronization list. When he logs off, he sees both UNC paths doing a sync.
You'll see the same behavior if you manually redirect My Documents rather than using Group Policy Objects.

Just to drive home a point, I configured five different users in five different OUs with five different GPOs, each redirecting My Documents to one of five different servers. As each user logged onto a single desktop and configured My Documents for offline caching, the UNC path for that user would get added to the UNC paths for the other users in Synchronization Manager.

When I got to the fifth user, I went back and logged on as the first user. This user now showed all five UNC paths in Synchronization Manager. The same held true for the other users.

This problem would be more acute with Windows XP because, unlike Windows 2000, Windows XP automatically uses offline caching for redirected shell folders unless you set a Group Policy Object to prevent it.

Bottom line? I'm trying to find out why offline caching of redirected shell folders behaves differently than standard shared folders and what can possibly be done from a central policy to prevent this behavior. The shell folder offline cache entries do not get stored in a central repository in the Registry. They apparently get added to each user's HKCU Registry profile from the main offline folder cache database.

Only laptop users should use offline caching. Configure a Group Policy to block offline caching and link this policy to OUs that contain standard desktops. Laptop users don't tend to share their machines very often, so they would not build up many synchronization events. The workaround for those users would be to open Synchronization Manager and uncheck all UNC paths except their own.

Not a good solution, I know, but I hope to find a better one soon. For now, I hope this helps.

comments powered by Disqus

Reader Comments:

Fri, Aug 25, 2006 Ragnar Norway

Clear description of this feature, how to configure and what to avoid. Great.

Wed, Mar 30, 2005 Warren New Zealand

Like Martin and Anonymous, I just don't like that Marty at all. Marty, pull your head in ol' son.

Fri, Jul 16, 2004 Alastair Weller Anonymous

This article may help anyone experiencing this problem. I haven't tried it yet (have only just found it) but this site was one of the ones I looked at whilst looking for a solution.

Fri, Nov 21, 2003 Josh Anonymous

We use offline files extensively on laptops and have had good success with it most of the time. Unfortunately, we have seen issues that seem to only occur on Windows XP. Windows XP laptops can randomly go into offline mode even when they are connected reliably to the LAN. This happens at several different sites, but not with all computer types. Switch types also do not seem to play a part. I have yet to find a solution, but have seen many people complaining about this behavior, especially with XP SP1. Some people believe that a bug was introduced in SP1 that causes this. I would rather see this fixed before making synchronization a per user event, instead of a machine wide event.

Tue, Sep 16, 2003 Anonymous Anonymous

This is a real issue that microsoft should have addressed with XP

Thu, Aug 28, 2003 Anonymous Anonymous

To Marty, Offline Files is definately NOT for wired workstations. What kind of clown school did you go to for IT training? Offline files syncing all over the place because you don't know how to set up a fault tolerant DFS solution or properly make back-ups?? Get real. Do you even understand that this whole problem is being caused by the improper use of offline files on wired work stations?

Wed, Aug 27, 2003 Martin UK

To the last commenter. Read the whole paragraph you muppet!
Bill, thany you for your coverage on this topic. I have an added quandry though, we only use Offline files on laptops, the trouble we have had though is that:
UserA (a domain user) who is synchronising his redirected My Documents folder.
Everythings working fine, until UserB (member of domain Admins) logs onto the laptop to install a patch/software update
UserA logs back on and decides the synchronisation process is taking too long, he only wants to synchronise folders 1 and 2 of 4, but the Make Available offline checkbox is no longer available, ists greyed out. So he deletes the files from Offline Files, only to find they reappear (sometimes instantly if online)
Any ideas?

Tue, Aug 26, 2003 Marty Denver

Bill, you suggest ot give all "Domain Users" read rights to everyone's documents? What planet are you from? This will not fly in most organizations, I'm surprise you suggested it.

Also, for those of you who think offline files for desktops makes no sense, you obviousaly haven't worked in an environment where the file server goes down or gets rebooted for patches, etc. Or you haven't worked with large documents over a slow WAN link to another continent. Even though most environments have stable file servers and fast links, as someone else suggested in the previous article, Offline Files can be a real life saver.

Tue, Aug 26, 2003 Anonymous Anonymous

Very interesting. What does Microsoft say?

Sun, Aug 24, 2003 Anonymous Anonymous

The thing is, this "problem behavior" is absolutely desirable when you use offline files correctly. Think of it in terms of a shared laptop instead of a wired workstation. It is not hard to see how beneficial it is for all users sharing the laptop to get their files updated after every user logs off. Activating offline files on a hard wired workstation makes no sense at all.

Thu, Aug 21, 2003 Matt NC

And imaginge how extensive the problem gets when the PC is shared among 20 or more Nurses! This is an issue of Microsoft putting a feature out that has not been fully explained, tested, and certainly not designed in a way as to be useful in the manner implied in the "Explain" dialogue. It wauld have been so easy to state the limitations of this bug....I mean feature.....

Wed, Aug 20, 2003 Tracy Hull Redmond, WA

As the tester for CSC (Offline Files) and Shared Folders I find your article extremely useful and accurate. But the core of the issue is in the functionality of CSC as Todd says: Win2k, XP, and W2K3 offline files is implemented on a per machine basis rather than a per user basis. This is why you see the behavior of all users files sync'ing when you logoff. This functionality is scheduled to change in the next Windows release. The original design of CSC (according to the dev who wrote it) was to create a solution for the mobile user, and the single workstation user. Great (and challenging) topic and component.

Wed, Aug 20, 2003 Greg Shepherd Anonymous

More! More! I am looking at nearly the exact thing you are looking at Bill and am trying to decide on the best way to accomplish this. Multiple users at one station, one user at one station, etc. I do desire to use offline folders as well as redirected foldes as a hedge against the local site server going down. That way the user still has their docs to work on and can sync when the server is back online. At least that is my current thought. Great treatment on this topic!

Wed, Aug 20, 2003 Todd Michigan

I think the problem is rooted more in the offline files functionality than in configuration. I experience the same issue with just standard offline files.

While I am in my office, I log on using a domain account and I have manually selected a few files on the network here for offline synchronization.

When I undock my laptop and head out into the field to client's locations, some times I use a local account that I have set up just for that purpose. When I attempt to shut down the laptop from that local user account, it tries to synchronize my offline files from the other account. I just end up having to click stop and cancel the process each time.

While it's annoying, it's not a show-stopper, so my guess is that more people actually have this problem than Microsoft may realize and they haven't yet attempted to address this issue.

I believe that there is simply an underlying flaw in the implementation of offline files and synchronization. I'm using XP Pro. Hopefully they will get this fixed in later versions of the OS.

Tue, Aug 19, 2003 ian Anonymous

That sounds like the right answer. I'm pretty sure you still have to use loopback policy in the new GPO to make it work. It seems redundant, but it is how you keep user policies from taking precedence over any polices you set for a computer OU. In general the user policies are applied after the computer policies. If you don't use loopback, I'm thinking those 'offline files' will still be syncing according to domain policy.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.