Forum Discussion
Having trouble with FSLogix user profile sharing - any good troubleshooting steps to follow?
Johan_Eriksson sorry for the stupid question but did you follow the steps to enable FSLogix and point that agent to the path you have created
- Johan_ErikssonApr 04, 2019Brass Contributor
No questions are stupid when troubleshooting: I specified the UNC path to the share.
My suspicion is that step 5. under https://docs.microsoft.com/en-us/azure/virtual-desktop/create-host-pools-user-profile#prepare-the-virtual-machine-to-act-as-a-file-share-for-user-profiles is perhaps lacking some permissions that FSLogix require.
On a hunch, I gave "Domain Users" full control to the share and it started to work. I then removed "Domain Users" and FSLogix was unable to load the profile. My wild guess is therefore that "Domain Computers" full control permissions are insufficient for proper operations.
(Also note that the link FSLogix documentation at the end of that section only leads to a login prompt for me. I tried to get a user account from FSLogix, but it was not accepted.)
- Stefan GeorgievApr 04, 2019Microsofthmm...good news is that you got it working :)...and the slightly better news is that we have an update to the document on permissions in particular...should be there in 24 hours as I think it was published today (this is the bad news). So its pasted below :)
1. Add the Windows Virtual Desktop AD Users to an Active Directory security group. This security group will be used to authenticate the Windows Virtual Desktop users to the file share virtual machine you just created.
2. Connect to the file share virtual machine.
3. On the file share virtual machine, create a folder on the C drive that will be used as the profile share.
4. Right-click the new folder, select Properties, select Sharing, then select Advanced sharing....
5. Select Share this folder, select Permissions..., then select Add....
6. Search for the security group to which you added the session host virtual machines, then make sure that group has Full Control.
7. After adding the security group, right-click the folder, select Properties, select Sharing, then copy down the Network Path to use for later.- Johan_ErikssonApr 04, 2019Brass Contributor
Thanks, makes sense. You may want to also change step 6. to refer to "Windows Virtual Desktop users" rather than "session host virtual machines".
- JaviMoraApr 27, 2020Copper Contributor
Hi
We are doing this with azure storage instead of using a server and it doesn't work.
We followed the instructions on this link.
We create the share
We enable AAD DS
We assign specific users with "Storage File Data SMB Share Contributor" role to the share
We mount the share on a VM and configure full access for domain users
But still not allowing access
On the event log I can see this message:
No Create access: \\intechwvd.file.core.windows.net\wvdprofiles\S-1-5-21-303179029-2383376087-3032883996-1139_jmorales-test (The user name or password is incorrect.)
- ksganesh18Jun 16, 2020Copper Contributor
JaviMora We are having the same issue. Were you able to fix it?