See if you can figure this one out.

I have one policy, ES_Student, for Student users in two containers: ES and PS.
I have one policy, ES_Staff, for Teacher users in two containers: ES and PS.
And one policy for the workstations for both schools. The WS objects are all in one context: workstations.

Both policies reside on the same server, both ES and PS share this server.
The files for the policies are in PS\Public\Policies\Workstation, ..\Staff and ..\Students respectively and all users have R and F to the Policies directory.
Each set of policies is applied to their respective group: ES_Staff policy to ES Teachers and PS Teachers, ES_Student policy to ES students and PS Students and ES_Workstation policy to the workstations.

All three policies work in the ES container, but only the teacher and workstation policies works in the PS container.
When I try to log in as a PS student, the DLU does not get created and Windows asks for it's login.
If I create a Windows student account, DLU does not use it and still asks for the Windows login. If I login to the created student account, the rest of the policy gets applied: account restrictions, etc.
If I change the workstation's context and log in as an ES student, the policy does not apply.

An error I am seeing in the Policy logs (NWGINA.log) is:
12/13/2010 09:30:15:531 Canonicalized Name : CN=PSStudent.OU=WWPS.O=WILKESBOE
12/13/2010 09:30:16:500 Unable to retrieve DLU configuration: 1240
12/13/2010 09:30:16:500 GinaProcessDynamicLocalUser exiting with 1240
12/13/2010 09:30:16:546 GinaLsaLogonUser FAILED 3221225581
12/13/2010 09:30:16:546 LogonUser FAILED -1073741715
12/13/2010 09:30:16:546 LogonUser FAILED 1326
12/13/2010 09:30:16:546 Local login FAILED ask for the local password

Is there an explanation as to why all three policies work in the ES context, but in the PS context the WS and teacher policies work but the student policy does not work?

Thanks in advance.