Forum Discussion

Nandish Mahadevappa's avatar
Nandish Mahadevappa
Copper Contributor
Mar 19, 2020

User profile failed to attach - WVD

Have successfull deployed WVD and was working perfect. Now when few users are getting the attached error when they try to login. "The user profile failed to attach. Please contact support" Worst p...
Mark Plantenberg's avatar
Mark Plantenberg
Copper Contributor
Oct 27, 2020

I had the same issue and got it figured out finally. It felt like a permissions issue and it is.

In this article, https://docs.microsoft.com/en-us/azure/virtual-desktop/create-file-share#assign-azure-rbac-permissions-to-windows-virtual-desktop-users

It shows how to set the NTFS perms up. It doesn't really say that you need to do the ICACLS part for every user...beforehand. 

Once you create the mapped drives, you need to run a set of icacls commands for the main profile and the Office profiles...The following commands for both drive letters.

icacls <mounted-drive-letter>: /grant <user-email>:(M)

icacls <mounted-drive-letter>: /grant "Creator Owner":(OI)(CI)(IO)(M)

icacls <mounted-drive-letter>: /remove "Authenticated Users"

icacls <mounted-drive-letter>: /remove "Builtin\Users"

 

You need to run the first line for EVERY user that is going to log in! 

icacls <mounted-drive-letter>: /grant <user-email>:(M)

 

Hope that helps!

 

  • patrick-h's avatar
    patrick-h
    Brass Contributor
    Oct 27, 2020

    Mark Plantenberg You can use a group instead of each individual email address.  Example:

     

    icacls <drive>: /grant "<group name>":(M)

Resources