Mar 18 2020 06:20 PM
Have successfull deployed WVD and was working perfect.
Now when few users are getting the attached error when they try to login.
"The user profile failed to attach. Please contact support"
Worst part is even my id is throwing the same error, which is a admin account.
We are using Azure File Shar to store the user profile through FSLogix.
Tried to remote all session hosts to check if my session is stuck , but no luck, got the same error on all.
Found no solution and hence posting here for help!!.
Mar 19 2020 12:18 AM - edited Mar 19 2020 12:19 AM
@Nandish Mahadevappaa lot of things can cause this problem. You didn't change anything?
- Did you change the firewall & networking on the storage account?
- Did you change the permissions on the Azure File Share (I think it should be Storage File Data SMB Share Contributor)
- Are you able to logon with a local account?
- Did you (or someone) regenerated your storage account keys?
Also, how did you configure the FSLogix settings? Directly in the register or with GPO's? Multiple hosts or a single host?
Thank you,
Mar 19 2020 05:38 PM - edited Mar 19 2020 05:39 PM
My comments below.
- Did you change the firewall & networking on the storage account?
Nope, no changes done to firewall & networking
- Did you change the permissions on the Azure File Share (I think it should be Storage File Data SMB Share Contributor)
I have contributor access to whole resourse group
- Are you able to logon with a local account?
Interestingly even the local admin has the same issue, but there are other production users who can login.
- Did you (or someone) regenerated your storage account keys?
No, if we had done, everyone who would failed to login right?
Mar 19 2020 09:05 PM
@Jenet_V
Found the below error in FSlogix events:
A policy is set to delete local profile if found during logon as per the below link.
When i logged into WVD using another account i could find a user profile in my name under Users folder, tried deleting it, but NTUSer.dat file doesn't get deleted, I cannot restart the VM as other users are connected to it.
Mar 20 2020 01:20 AM
@Nandish Mahadevappaare you running the latest version of FSLogix? Do you see a .lock file on your VHD(x) storage?
Oct 01 2020 03:27 AM
@Nandish Mahadevappa have you solved this? I have the same issue. I tried deleting the VHD file and the directory it was in on my azure VHD volume but that didn't help either.
Oct 27 2020 01:57 PM
I had the same issue and got it figured out finally. It felt like a permissions issue and it is.
In this article, https://docs.microsoft.com/en-us/azure/virtual-desktop/create-file-share#assign-azure-rbac-permissio...
It shows how to set the NTFS perms up. It doesn't really say that you need to do the ICACLS part for every user...beforehand.
Once you create the mapped drives, you need to run a set of icacls commands for the main profile and the Office profiles...The following commands for both drive letters.
icacls <mounted-drive-letter>: /grant <user-email>:(M)
icacls <mounted-drive-letter>: /grant "Creator Owner":(OI)(CI)(IO)(M)
icacls <mounted-drive-letter>: /remove "Authenticated Users"
icacls <mounted-drive-letter>: /remove "Builtin\Users"
You need to run the first line for EVERY user that is going to log in!
icacls <mounted-drive-letter>: /grant <user-email>:(M)
Hope that helps!
Oct 27 2020 03:22 PM
@Mark Plantenberg You can use a group instead of each individual email address. Example:
icacls <drive>: /grant "<group name>":(M)
Jan 17 2022 04:40 AM