HKLM\Software\fslogix.
Created a Profiles key with the following values:
Name: Enabled, Type: DWORD, Value: 1
Name: VHDLocations, Type: Multi-String Value, Value: \\remoteshare\Profiles
However my test accounts were being logged on with temporary profiles. Luckily fslogix has good logging. I configured verbose logging (HKLM\SOFTWARE\FSLogix\Logging\LoggingLevel=0)
The log file can be located %ProgramData%\FSLogix\Logs\Profile\Profile-xxxx.log
[00:29:42.963][tid:00000d60.00002248][INFO] VHD attached
[00:29:42.963][tid:00000d60.00000d64][INFO] Volume attach event
[00:29:43.056][tid:00000d60.00002248][INFO] Volume name: \\?\Volume{c58d9a99-2a23-420d-ab67-b45e416cfaae}\
[00:29:43.056][tid:00000d60.00002248][INFO] Configuration setting not found: SOFTWARE\FSLogix\Profiles\CleanOutNotifications. Using default: 1
[00:29:43.056][tid:00000d60.00002248][INFO] Prep1
[00:29:43.056][tid:00000d60.00002248][INFO] Status set to 100: Waiting for the Windows Profile Service to determine the user's profile folder
[00:29:43.056][tid:00000d60.00002248][INFO] Profile refcount incremented to: 1
[00:29:43.056][tid:00000d60.00002248][INFO] Configuration setting not found: SOFTWARE\FSLogix\Profiles\CleanOutNotifications. Using default: 1
[00:29:43.056][tid:00000d60.00002248][INFO] Prep1
[00:29:43.074][tid:00000d60.00002248][INFO] Configuration setting not found: SOFTWARE\FSLogix\Profiles\RegisterAppNotifications. Using default: 1
[00:29:43.074][tid:00000d60.00002248][INFO] Prep2
[00:29:43.074][tid:00000d60.00002248][INFO] Prep2 \AppData\Local\Microsoft\Windows\UsrClass.dat was not found.
[00:29:43.074][tid:00000d60.00002248][INFO] OneDriveTemp setup
[00:29:43.074][tid:00000d60.00002248][INFO] C:\OneDriveTemp\S-1-5-21-1xxxxxxxx--> \\?\Volume{c58d9a99-2a23-420d-ab67-b45e416cfaae}\ODTemp
[00:29:43.074][tid:00000d60.00002248][INFO] OneDriveTemp setup successful
[00:29:43.074][tid:00000d60.00002248][INFO] Configuration setting not found: SOFTWARE\FSLogix\Profiles\CleanOutNotifications. Using default: 1
[00:29:43.074][tid:00000d60.00002248][INFO] Prep1
[00:29:43.074][tid:00000d60.00002248][INFO] Configuration setting not found: SOFTWARE\FSLogix\Profiles\PreventLoginWithFailure. Using default: 0
[00:29:43.074][tid:00000d60.00002248][INFO] vhd(x) \\remoteshare\Profiles\S-1-5-21-1xxxxx_ghampson\Profile_ghampson.vhd has 29932.54 MB left (99.78 % free)
[00:29:43.074][tid:00000d60.00002248][INFO] LoadProfile successful. User: ghampson. SID: S-1-5-21xxxxxx
[00:29:43.074][tid:00000d60.00002248][INFO] loadProfile time: 12797 milliseconds
[00:29:43.074][tid:00000d60.00002248][INFO] ===== End Session: LoadProfile: ghampson
[00:29:43.074][tid:00000d60.00002248][INFO] ===== End Session: Logon
[00:29:43.135][tid:00000d60.00001508][INFO] ===== Begin Session: Profile Directory Changed: S-1-5-21-108xxxxxxx
[00:29:43.135][tid:00000d60.00001508][INFO] New Profile Directory: C:\Users\ghampson
[00:29:43.135][tid:00000d60.00001508][INFO] Configuration setting not found: SOFTWARE\FSLogix\Profiles\ProfileDirSDDL. Using default:
[00:29:43.135][tid:00000d60.00001508][ERROR:00000013] CreateDirectory failure: \\?\Volume{c58d9a99-2a23-420d-ab67-b45e416cfaae}\Profile (The media is write protected.)
[00:29:43.135][tid:00000d60.00001508][ERROR:00000013] Creating VHD Profile directory: \\?\Volume{c58d9a99-2a23-420d-ab67-b45e416cfaae}\Profile (The media is write protected.)
[00:29:43.135][tid:00000d60.00001508][INFO] Added redirection C:\Users\ghampson -> \\?\Volume{c58d9a99-2a23-420d-ab67-b45e416cfaae}\Profile
[00:29:43.135][tid:00000d60.00001508][INFO] Configuration setting not found: SOFTWARE\FSLogix\Profiles\KeepLocalDir. Using default: 0
[00:29:43.135][tid:00000d60.00001508][INFO] Local temp directory: C:\Users\local_ghampson
[00:29:43.135][tid:00000d60.00001508][INFO] Successfully handled: S-1-5-21-1xxxxxxxx
[00:29:43.135][tid:00000d60.00001508][INFO] ===== End Session: Profile Directory Changed: S-1-5-21-1xxxxxxx
[00:29:43.197][tid:00000d60.00001bb4][INFO] ===== Begin Session: Profile Directory Changed: S-1-5-21-10xxxxxxxx
[00:29:43.197][tid:00000d60.00001bb4][INFO] New Profile Directory: C:\Users\TEMP
[00:29:43.213][tid:00000d60.00001bb4][INFO] ===== End Session: Profile Directory Changed: S-1-5-21-10xxxxxxx
So it looked like the flow was as follows:
- the VHD was created successfully on the remote share (verified)
- the VHD was mounted successfully
- fslogix could not copy files to the mounted VHD
- fslogix profile could not be loaded
- temporary local profile was created
This was the key line from the log file
CreateDirectory failure: \\?\Volume{c58d9a99-2a23-420d-ab67-b45e416cfaae}\Profile (The media is write protected.)
The mounted VHD file was write-protected, but why? I've implemented this solution previously and didn't have this problem. Group policy is always a good place to start and sure enough I found the problem there.
GPO: Deny write access to fixed drives not protected by BitLocker
This GPO setting was enabled. The result was that all fixed drives that are not BitLocker-protected would be mounted as read-only.
I filtered the GPO targeting so that the GPO was not applied to the WVD desktops and all was good. I hope this helps you if you run into the same issue.
Until next time....
Hi Gerry, thanks very much for this, had the same issue and did not occur to me to check BitLocker. FYI, i have managed to configure FSLogix to re-direct the profile to a VHD stored in Azure File Share storage account.
ReplyDeleteVery good. Thanks for letting me know. It was an awkward one to find :)
Delete