Forum Widgets
Latest Discussions
How to check the file is fslogix redirection file?
hi,I am a developer。I write a minifilter,which altitude is 138200。 I want to check a fileobject is a FSLogix’s redirection file。I foud four ECP GUID in the fslogix driver。 I want to check in minifilter precreate callback function,but it is not effect。 Could you tell me the problem?thanks! DEFINE_GUID(GUID_1, 0x5AE07381, 0xAA1E, 0x4571, 0xB4, 0x3B, 0x37, 0x2C, 0x2C, 0xDD, 0x96, 0x0A); DEFINE_GUID(GUID_2, 0xE40898B8, 0x1D08, 0x4434, 0xB2, 0xC9, 0x78, 0xD6, 0xB8, 0x83, 0xBF, 0xEB); DEFINE_GUID(GUID_3, 0xFD7F2404, 0x788C, 0x48D3, 0xA7, 0x1B, 0x35, 0x60, 0xD5, 0x70, 0x8F, 0x45); DEFINE_GUID(GUID_4, 0x9414EEF8, 0xE320, 0x43F8, 0xA5, 0x1A, 0x32, 0x58, 0x48, 0x24, 0x10, 0xCF); BOOLEAN xxxIsKernelModeEcpPresent( _In_ PFLT_FILTER Filter, _In_ PFLT_CALLBACK_DATA Data, _In_ LPCGUID EcpType, _Outptr_opt_result_buffer_(*EcpContextSize) PVOID *EcpContext, _Out_opt_ ULONG *EcpContextSize ) { NTSTATUS status; PECP_LIST ecpList; PVOID ecpContext; ULONG ecpContextSize; PAGED_CODE(); if (EcpContext) { *EcpContext = NULL; } if (EcpContextSize) { *EcpContextSize = 0; } status = FltGetEcpListFromCallbackData(Filter, Data, &ecpList); if (NT_SUCCESS(status) && (ecpList != NULL)) { status = FltFindExtraCreateParameter(Filter, ecpList, EcpType, &ecpContext, &ecpContextSize); if (NT_SUCCESS(status)) { if (!FltIsEcpFromUserMode(Filter, ecpContext)) { if (EcpContext) { *EcpContext = ecpContext; } if (EcpContextSize) { *EcpContextSize = ecpContextSize; } return TRUE; } } } return FALSE; } FLT_PREOP_CALLBACK_STATUS xxxPreCreate ( _Inout_ PFLT_CALLBACK_DATA Data, _In_ PCFLT_RELATED_OBJECTS FltObjects, _Flt_CompletionContext_Outptr_ PVOID* CompletionContext ) { FLT_PREOP_CALLBACK_STATUS returnStatus = FLT_PREOP_SUCCESS_NO_CALLBACK; NTSTATUS status; PFILE_OBJECT fileObject = Data->Iopb->TargetFileObject; PAGED_CODE(); createContext.Flags = 0; if (!fileObject) { return FLT_PREOP_SUCCESS_NO_CALLBACK; } // // Skip pre-rename operations which always open a directory. // if (FlagOn(Data->Iopb->OperationFlags, SL_OPEN_TARGET_DIRECTORY)) { return FLT_PREOP_SUCCESS_NO_CALLBACK; } // // Skip paging files. // if (FlagOn(Data->Iopb->OperationFlags, SL_OPEN_PAGING_FILE)) { return FLT_PREOP_SUCCESS_NO_CALLBACK; } // // Skip DASD opens // if (FlagOn(FltObjects->FileObject->Flags, FO_VOLUME_OPEN)) { return FLT_PREOP_SUCCESS_NO_CALLBACK; } if (UpmIsKernelModeEcpPresent(UpmData->FilterHandle, Data, &GUID_1, NULL, NULL)) { UPM_ASSERT(FALSE); } if (UpmIsKernelModeEcpPresent(UpmData->FilterHandle, Data, &GUID_2, NULL, NULL)) { UPM_ASSERT(FALSE); } if (UpmIsKernelModeEcpPresent(UpmData->FilterHandle, Data, &GUID_3, NULL, NULL)) { UPM_ASSERT(FALSE); } if (UpmIsKernelModeEcpPresent(UpmData->FilterHandle, Data, &GUID_4, NULL, NULL)) { UPM_ASSERT(FALSE); }
FSLogix loads local profile after loading the first time
Hi All, So the issue is the folling: - Server 2016 broker - Server 2016 dc - Server 2016 RDSH (4x) - Server 2016 Fileserver Everytime i login with a new profile which is placed on the FS it all works fine. VHDX is mounted logoff goes fine all is well. Second time i login i get a local profile and no VHDX is mounted. Here are the GPO's that i use, including the settings: FSLogixhide Policy Setting Comment Roam Recycle Bin Enabled Roam Recycle Bin Enabled FSLogix/Profile Containershide Policy Setting Comment Delete Local Profile When VHD Should Apply Enabled Delete Local Profile When VHD Should Apply Enabled Policy Setting Comment Enabled Enabled Enabled Enabled Policy Setting Comment Install Appx Packages Disabled Profile Type Enabled Normal Profile Policy Setting Comment VHD Locations Enabled VHD Locations \\Server\Share$\ FSLogix/Profile Containers/Advancedhide Policy Setting Comment Prevent Login With Temp Profile Enabled Prevent Login With Temp Profile Enabled - If i open the FSLogix Profile status logs i see the following: Tested with multiple users and the first login goes perfectly then the second time it creates a local profile. No open files on the Fileserver when we logout, which is good. Share permissions for the time being is set on everyone - FC. NTFS If i delete the profiles on the Fileserver share and log the users back in the first time it works perfectly again. Same issue when we login for a second time. Hope that anyone could help me out here. If you need more info, let me know. Thanks in advanceMicrosoft MFA, FSLogix and RDS Collection?
We have a Windows 2019 RDS collection that includes 7 RDSH servers. We implement conditional access policies to require MFA for all users and set the 'sign-in frequency' to 90 days. Initially, we whitelisted our office WAN IP by adding it as a trusted/named location. This allowed users to bypass MFA when working from the RDS. However, we then discovered that some users, who only work from the office, had never set up MFA (due to the trusted location/exception). As this is a security concern, we decided to remove the office IP from the trusted locations to ensure that all users registered for MFA. Now, users are prompted for MFA each time they log into the RDS, repeatedly. Even though we set the sign-in frequency to 90 days, I suspect this is because they often connect to a different RDS server each morning, which MFA interprets as a new device. Is there a way to store the MFA session token or cookie in the users' FSLogix profile?Using Microsoft MFA on RDS with FSLogix
We have a Windows 2019 RDS collection consisting of 7 x RDSH servers. We have a Conditional Access Policies which enforces MFA when accessing any M365 resource. We had previously excluded our office WAN IP (i.e: a trusted location) from the CA policy. This was to allow RDS users to operate without needing to provide MFA. However, we found that some office based users had never registered for MFA, since they only work on-site. This posed a security risk, so we decided to remove our office IP from the CA policy exceptions list. Now, all users are MFA registered, however, they're experiencing repeated prompts for MFA while working in the RDS environment. For instance, when a user opens Outlook, they are challenged for MFA 3 or 4 times. This doesn't happen if they're working locally on their laptop. In our CA policy, we have configured the 'sign-in frequency' to 90 days, but this does not seem to make any difference on the RDS. I suspect this issue arises because we're using FSLogix user profiles and office containers and a user might be placed on RDS1 one day and then on RDS7 the follow day. Is there anyway to save the MFA session token within the users FSLogix profile?
FSlogix Profile associating to wrong Azure Machine registration
Hello, We have Citrix non persistent VDI setup with FSLogix profile management. We use MS Office only for Word and Excel - there is no Outlook or Teams setup. We have hybrid deployment with we do not sync Non persistent VDI OU to Azure. Machines register as users' devices when they log in to MS Office only. During DR exercise we moved users from Production datacenter and DR datacenter Citrix Storefront. Machine name of these non-persistent windows 2019 VDIs on both ends have different names. The FSLogix profile from Prod was Robocopy to DR file share. There are two issues 1- That when user Office token tries renewing it shows in Azure User logs that it was attempted using the old VDI machines name. The activation then fails with 62ubh error. To resolve we can remove the old machine's associated to the user's under the Azure profile and then remove Microsoft.AAD.BrokerPlugin_vnggnktrrj file in C:\%Userprofile%\AppData\Local\Packages. Have the user reboot and then reactivate office. 2- At that point after it takes two tries, it times out with CA0000 error, that device could not be registered- but user gets logged in to MS Office. The VDI from DR never registers in Azure under the user's name under Devices. No issue DSREGCMD /Status and machine has SCP access. We are not resetting the Profiles because it takes time copying their setup preferences.
FRXTray functionality replacement
Our company has used FsLogix going back well before Microsoft stepped in and we have always relied on the FRXTray stoplight for Profile troubleshooting. This tool makes it easy for my field staff to know when the users profile has loaded or not. Now that the tool has been removed in 25.02 (3.25) I am left wondering how my field staff can easily determine if the profile isn't loading. Is there another tool or command line item that can be run, or is it a matter of slogging though the logs to find the answer?Error copying profile (0x00000001): Incorrect function.
The latest version of FSLogix is experiencing problems with the command: frx copy-profile C:\Program Files\FSLogix\Apps>frx copy-profile -filename d:\temp\Profile_test.vhdx -username test -size-mbs=30720 -dynamic=1 label=profile-test-verbose User test" SID is "S-1-5-21-2971068368-244597684-1576390238-2601" Volume Label: profile-test Session count: 6 Found user: Found user: Found user: test Found user: Found user: Found user: VHD not found. Creating... Create success. Attaching... Attach success. Getting physical path... Get physical path success. Opening device... Open device success. Initializing disk... Initialize disk success. Getting volume name... . Formatting volume: \\?\Volume{5bc41fa6-5d2b-4389-99de-f4306343069c}\ Format success GetSecurityDescriptor success GetDACL success Set security success Copying profile for user S-1-5-21-2971068368-244597684-1576390238-2601 to volume \\?\Volume{5bc41fa6-5d2b-4389-99de-f4306343069c}\ Looking for Profile Path in registry CopyProfileToVolume SID: S-1-5-21-2971068368-244597684-1576390238-2601 Volume: \\?\Volume{5bc41fa6-5d2b-4389-99de-f4306343069c}\ profileImagePath: C:\Users\test Exporting registry information Export Profile registry data error: 0x00000001 Error copying profile (0x00000001): Incorrect function. After downgrading to version 2.9.8612.60056, I was able to migrate the local profile. However, the command needed to be run twice because the first attempt resulted in an error: Export Profile registry data error: 0x00000002 Error copying profile (0x00000002): The system cannot find the file specified.
FSLogix 2.9.8884.27471 redirections.xml and remaining files in the redirected folders
Hi Together, I want to know how you handle the fact that when a new exclusion was added to the redirections.xml the old/orphan files remains in the user profile. We have thousands of profiles which cannot be cleaned manually. Why does FSlogix not offer and option to copy the content to the redirected folder or just delete this orphan files? best regards Bernd
FSLogix and ODFC with OST files. Some users keep reverting to %localappdata%
Hi Everyone, First post so please be gentle. I'm posting under a personal account and not office as Firm doesn't allow joining with Firm email. Running Citrix / Windows 2019 Server / FSLogix 2.9.8784.63912. All users citrix (450 users) across 20 servers. 20vCPU 86GB RAM. We use PVS golden image and reboot all citrix servers nightly @ 3am We use UPM so FSLogix is only for ODFC. O365 Exchange. We do have on-prem exchange but no mailboxes on it Scenario We are finding that users OST files are being created on the network share (\\Server\ODFC) and are working fine for a period of time. However users eventually 'break' (as I call it) and the OST reverts back to being created %localappdata%\Microsoft\Outlook . Once the user is in this state at every logoff the OST file is lost and next login it is recreated in %localappdata% and the OST is being rebuilt. When we found 120 of 450 staff in this situation it flooded our gateway for 2 hours as OSTs were being re-created every morning. Even though FSLogix is running and setting up the user once the user's Outlook profile has created an OST in %localappdata% that's where it will get created every morning as users login. Until we do the following So we started cleaning them up. The only way was to: Remote into the user's session Close Outlook Delete outlook profile create outlook profile start outlook This would result in the OST file being created / updated again on our network share (\\Server\ODFC) We are finding that some users are stable and remain in this state for one day, two days, one week, one month? there's no logic or pattern. Once the user reverts back to defaulting the OST to %localappdata% that it where it remains until we repeat the above steps. We are pulling our hair out on this one. Looking at the ODFC logs (FRXTRAY) when I review a user who breaks on that day their ODFC log is unremarkable. There's nothing in there to suggest why or what is going on. When I compare the ODFC log from the same server on the same day for another user who didn't break they're identical (except for SIDs etc..) We've even written a powershell script to start Outlook for the staff and the script basically does the following Check reg ForceOSTPath exists; if not loop get ForceOSTPath value and check user can access if not loop once both conditions are true start outlook. Even after adding this - it is still breaking randomly. I've googled and nothing is coming up. Either this is unique to us? or I'm not asking / googling the right question. Please help
