Forum Discussion

Nandish Mahadevappa's avatar
Nandish Mahadevappa
Copper Contributor
Mar 19, 2020

User profile failed to attach - WVD

Have successfull deployed WVD and was working perfect.

Now when few users are getting the attached error when they try to login.

"The user profile failed to attach. Please contact support"

Worst part is even my id is throwing the same error, which is a admin account.

We are using Azure File Shar to store the user profile through FSLogix.

 

Tried to remote all session hosts to check if my session is stuck , but no luck, got the same error on all.

Found no solution and hence posting here for help!!.

 

 

 

  • Nandish Mahadevappaa lot of things can cause this problem. You didn't change anything?

     

    - Did you change the firewall & networking on the storage account?

    - Did you change the permissions on the Azure File Share (I think it should be Storage File Data SMB Share Contributor)

    - Are you able to logon with a local account?

    - Did you (or someone) regenerated your storage account keys?

     

    Also, how did you configure the FSLogix settings? Directly in the register or with GPO's? Multiple hosts or a single host?

     

    Thank you,

     

    • Nandish Mahadevappa's avatar
      Nandish Mahadevappa
      Copper Contributor

      Jente_Vandijck 

      My comments below.

       

      - Did you change the firewall & networking on the storage account?

      Nope, no changes done to firewall & networking

       

      - Did you change the permissions on the Azure File Share (I think it should be Storage File Data SMB Share Contributor)

      I have contributor access to whole resourse group

       

      - Are you able to logon with a local account?

      Interestingly even the local admin has the same issue, but there are other production users who can login.

       

      - Did you (or someone) regenerated your storage account keys?

      No, if we had done, everyone who would failed to login right?

  • craigwoodburn's avatar
    craigwoodburn
    Copper Contributor

    Nandish Mahadevappa have you solved this? I have the same issue. I tried deleting the VHD file and the directory it was in on my azure VHD volume but that didn't help either.

  • I had the same issue and got it figured out finally. It felt like a permissions issue and it is.

    In this article, https://docs.microsoft.com/en-us/azure/virtual-desktop/create-file-share#assign-azure-rbac-permissions-to-windows-virtual-desktop-users

    It shows how to set the NTFS perms up. It doesn't really say that you need to do the ICACLS part for every user...beforehand. 

    Once you create the mapped drives, you need to run a set of icacls commands for the main profile and the Office profiles...The following commands for both drive letters.

    icacls <mounted-drive-letter>: /grant <user-email>:(M)

    icacls <mounted-drive-letter>: /grant "Creator Owner":(OI)(CI)(IO)(M)

    icacls <mounted-drive-letter>: /remove "Authenticated Users"

    icacls <mounted-drive-letter>: /remove "Builtin\Users"

     

    You need to run the first line for EVERY user that is going to log in! 

    icacls <mounted-drive-letter>: /grant <user-email>:(M)

     

    Hope that helps!

     

    • patrick-h's avatar
      patrick-h
      Brass Contributor

      Mark Plantenberg You can use a group instead of each individual email address.  Example:

       

      icacls <drive>: /grant "<group name>":(M)

  • DevMickeal's avatar
    DevMickeal
    Copper Contributor
    I experienced the same issue, I don't if you have been able to resolve but for the sake of who will be visiting this page again, please follow this documentation https://docs.microsoft.com/en-us/fslogix/use-group-policy-templates-ht

    according to the above documentation, it says Manually creating registry keys using Windows Registry Editor: it is not recommended since error prone and potentially high risk. Manual effort is required and scale to many hosts is difficult. Should be used only for testing and prototyping on a single machine.

    see also detailed steps here https://www.robinhobo.com/how-to-implement-fslogix-profile-container-using-azure-files-and-active-directory-authentication-for-windows-virtual-desktop-wvd/ as that MS documentation isn't really explanatory

Resources