User profile failed to attach - WVD

Copper Contributor

Have successfull deployed WVD and was working perfect.

Now when few users are getting the attached error when they try to login.

"The user profile failed to attach. Please contact support"

Worst part is even my id is throwing the same error, which is a admin account.

We are using Azure File Shar to store the user profile through FSLogix.

 

Tried to remote all session hosts to check if my session is stuck , but no luck, got the same error on all.

Found no solution and hence posting here for help!!.Login Error.png

 

 

 

8 Replies

@Nandish Mahadevappaa lot of things can cause this problem. You didn't change anything?

 

- Did you change the firewall & networking on the storage account?

- Did you change the permissions on the Azure File Share (I think it should be Storage File Data SMB Share Contributor)

- Are you able to logon with a local account?

- Did you (or someone) regenerated your storage account keys?

 

Also, how did you configure the FSLogix settings? Directly in the register or with GPO's? Multiple hosts or a single host?

 

Thank you,

 

@Jente_Vandijck 

My comments below.

 

- Did you change the firewall & networking on the storage account?

Nope, no changes done to firewall & networking

 

- Did you change the permissions on the Azure File Share (I think it should be Storage File Data SMB Share Contributor)

I have contributor access to whole resourse group

 

- Are you able to logon with a local account?

Interestingly even the local admin has the same issue, but there are other production users who can login.

 

- Did you (or someone) regenerated your storage account keys?

No, if we had done, everyone who would failed to login right?

@Jenet_V

 

Found the below error in FSlogix events:

 

 

Eventvwr.png

 

A policy is set to delete local profile if found during logon as per the below link.

https://docs.microsoft.com/en-us/fslogix/profile-container-configuration-reference#deletelocalprofil...

 

When i logged into WVD using another account i could find a user profile in my name under Users folder, tried deleting it, but NTUSer.dat file doesn't get deleted, I cannot restart the VM as other users are connected to it.

@Nandish Mahadevappaare you running the latest version of FSLogix? Do you see a .lock file on your VHD(x) storage?

 

 

@Nandish Mahadevappa have you solved this? I have the same issue. I tried deleting the VHD file and the directory it was in on my azure VHD volume but that didn't help either.

I had the same issue and got it figured out finally. It felt like a permissions issue and it is.

In this article, https://docs.microsoft.com/en-us/azure/virtual-desktop/create-file-share#assign-azure-rbac-permissio...

It shows how to set the NTFS perms up. It doesn't really say that you need to do the ICACLS part for every user...beforehand. 

Once you create the mapped drives, you need to run a set of icacls commands for the main profile and the Office profiles...The following commands for both drive letters.

icacls <mounted-drive-letter>: /grant <user-email>:(M)

icacls <mounted-drive-letter>: /grant "Creator Owner":(OI)(CI)(IO)(M)

icacls <mounted-drive-letter>: /remove "Authenticated Users"

icacls <mounted-drive-letter>: /remove "Builtin\Users"

 

You need to run the first line for EVERY user that is going to log in! 

icacls <mounted-drive-letter>: /grant <user-email>:(M)

 

Hope that helps!

 

@Mark Plantenberg You can use a group instead of each individual email address.  Example:

 

icacls <drive>: /grant "<group name>":(M)

I experienced the same issue, I don't if you have been able to resolve but for the sake of who will be visiting this page again, please follow this documentation https://docs.microsoft.com/en-us/fslogix/use-group-policy-templates-ht

according to the above documentation, it says Manually creating registry keys using Windows Registry Editor: it is not recommended since error prone and potentially high risk. Manual effort is required and scale to many hosts is difficult. Should be used only for testing and prototyping on a single machine.

see also detailed steps here https://www.robinhobo.com/how-to-implement-fslogix-profile-container-using-azure-files-and-active-di... as that MS documentation isn't really explanatory