Forum Discussion
AVD with FSLogix - profiles not loading
Additional info:
Profiles are stored on an Azure file share.
The storage account is AD joined.
As a test, I redirected the profile to store on the local D drive of the AVD (via registry setting) and it worked fine.
When connected to the AVD and the profile fails to load from the Azure file share, I can map a drive to and access that same file share if I choose the option 'login as a different user' and re-enter my same login credentials. (if i don't re-enter credentials, it will fail with the account restrictions error.)
Could you share your configuration for permissions both in Azure and NTFS on the Azure File Share.
Users needs to have the Storage File Data SMB Share Contributor in Azure on the storage account , and "create folders" permissions on the folder of the fslogix container.
Also I can not read of the discussions if users are synced from Active Directory to Entra ID and the group membership of Storage File Data SMB Share Contributor is granted to the users via a group?
We have a group called AVD Users and that group does have 'Storage File Data SMB Share Contributor' access on the storage account. On the file share, that group has modify access to 'this folder only'. My regular account and the people that use the virtual desktops are in the AVD Users group.
Thanks Chris. Yes, we have a group "AVD Users" that has "Storage File Data SMB Share Contributor" rights on the Azure storage account. My regular account as well as that of the people that connect are in that AVD Users group. On the file share, the AVD Users group has modify access to 'this folder only'.
This had been working up until late March / early April. I'm 99% sure no Azure settings were changed by myself or manager. The desktops do get monthly updates and FSLogix app updates as well. One of the weirdest things, the profile will load correctly about 1 in 20 times. 🤔
Very strange issue. One thing that crossed my mind is to check if the Azure File Share provisioned storage capacity is running near 100%?
Also, could you provide us the error codes that FS Logix outputs in the event log of the session host?
Provisioned storage is 100 Gb and used is 3.61 Gb.
Here are some logs. There are several audit failures with event ID 5061. No warnings or errors under application or system. (I modified userid and SID for security.)
Event 5061Cryptographic operation.Subject:Security ID: company\tomAccount Name: TomAccount Domain: companyLogon ID: 0xD5D595ACryptographic Parameters:Provider Name: Microsoft Software Key Storage ProviderAlgorithm Name: UNKNOWNKey Name: Microsoft Connected Devices Platform device certificateKey Type: User key.Cryptographic Operation:Operation: Open Key.Return Code: 0x80090016---[09:46:38.370][tid:00000e90.00000f54][ERROR:0000052f] FindFile failed for path: \\acct.file.core.windows.net\sharename\tom_S-1-5-21-1112748588-11111111-1111111-11111\Profile*.VHDX (Account restrictions are preventing this user from signing in. For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced.)
[09:46:38.370][tid:00000e90.00000f54][INFO] Configuration setting not found: SOFTWARE\FSLogix\Profiles\VHDNamePattern. Using default: Profile_%username%
[09:46:39.134][tid:00000e90.00000f54][ERROR:0000052f] No Create access: \\acct.file.core.windows.net\sharename\tom_S-1-5-21-1112748588-11111111-1111111-11111-test (Account restrictions are preventing this user from signing in. For example: blank passwords aren't allowed, sign-in times are limited, or a policy restriction has been enforced.)
[09:46:39.134][tid:00000e90.00000f54][INFO] LocalDisk::find checking access returning after 772 milliseconds
[09:46:39.134][tid:00000e90.00000f54][INFO] Status set to 6: Cannot retrieve virtual disk location