Hello,
I'm new to Zentyal and Windows AD, and I've just installed Zenytal 6.0 as a standalone Domain Controller (hostname master, domain insieme.lan) with roaming profiles enabled.
I successfully joined a Windows 10 VM to the domain (INSIEME) and created a new domain user (alex) with romaing profile (\\master.INSIEME.LAN\profiles\alex), and I have the same problem: GPO's are not applied on user logon.
I followed your suggestion and created the above registry keys, but it did not help.
Moreover, after I modified the default domain policy (I set password expiration to 42 days) and rebooted the W10 client, the roaming profile stopped working: on logon windows now complains about a problem with mobile profile and uses a saved local profile.
The event viewer says that User profile service is unable to access the server copy of the mobile profile, but the profile dir (/home/samba/profiles/alex and /home/samba/profiles/alex.V6) are still there (they were created by Windows on first logon), and I can access the profile path \\master.INSIEME.LAN\profiles\alex and \\master.INSIEME.LAN\profiles\alex.V6 using Explorer when logged in as user 'alex', so I cannot understand why Windows cannot find the profile.
I also created a "\\*\PROFILES" key similar to "\\*\SYSVOL" and "\\*\NETLOGON" above, but again with no result.
I also appended ",RequireIntegrity=0,RequirePrivacy=0" (from this post
https://blogs.technet.microsoft.com/leesteve/2017/08/09/demystifying-the-unc-hardening-dilemma/) to the keys value, but nothing helped.
Does anyone have any suggestion?
Thanks,
Alessandro