cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

Dale Hayter
Copper Contributor

‎Nov 11 2020 05:56 AM - edited ‎Nov 11 2020 05:57 AM

‎Nov 11 2020 05:56 AM - edited ‎Nov 11 2020 05:57 AM

WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

Hi. We have a mutli-session Win10 WVD farm up and running. We are running 1909 with the latest quality updates applied. FSLogix profile container is being used. 

 

We are seeing intermittent issues with users not being able to login. They are being presented with the error:

 

"The Group Policy Client Service failed the sign-in. Access is denied"

 

wvderror.png

 

From investigation, cant see anything appropriate in the event logs. Anyone seen this issue before?

 

 

96.1K Views
0 Likes
58 Replies
Reply
58 Replies
CaptainReboot

‎Feb 20 2022 03:11 PM

‎Feb 20 2022 03:11 PM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

We installed the preview in our production environment and have not had the issue come up again. We have about 50 users across 3 pools and around 15 hosts. The Preview version is 2.9.8048, not 2.9.7979.
1 Like
Reply
sachin1988

‎Feb 22 2022 03:21 PM

‎Feb 22 2022 03:21 PM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

Will this resolved permanently once and after installation of latest version (FSLogix) ?
0 Likes
Reply
CaptainReboot

‎Feb 23 2022 07:13 AM

‎Feb 23 2022 07:13 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

It has resolved it for us so far. We have not seen the error come up since. Please note that you need the preview version of FSLogix, not the latest production version.
0 Likes
Reply
Lee_E

‎Mar 07 2022 09:23 AM

‎Mar 07 2022 09:23 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

Since this preview was January, I know there's a subsequent issue with it, and it's now March can we have an update please? I have a few affected users who log on when I'm not working, due to time zones and me being the only IT person in the business. I can't have them not working until I get back to work, imagine if I was on leave for a week.
0 Likes
Reply
Guido

‎Mar 07 2022 09:32 AM - edited ‎Mar 07 2022 09:35 AM

‎Mar 07 2022 09:32 AM - edited ‎Mar 07 2022 09:35 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

@Lee_E Hello. Sorry for the issue you are experiencing. We released a fix for the public preview a few weeks ago please check :FSLogix 2201 Public Preview Update 1 is now available - Microsoft Tech Community 

That issue has restarted our QA process. Unfortunately we cannot commit to a date until it meets our quality bar. I'll keep you all posted here. Sorry for the inconveniences that this is causing.

 

0 Likes
Reply
Lee_E

‎Mar 13 2022 01:43 PM

‎Mar 13 2022 01:43 PM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

I've set up a 5 minute scheduled task that runs a script (below).  It's not pretty and if someone logs off and back on in less than 5 minutes it may still error until the 5 minute point but it works for us. We can run this with minimal complications until a production ready version is released.  Hope this helps a few of you.

$profilesKey = "HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileService\References\"
$userProfiles = Get-ChildItem -Path $profilesKey
ForEach ($userProfile in $userProfiles) { 
    $RefCountProperty = Get-ItemPropertyValue -Path "Registry::$userProfile" -Name "RefCount"
    If ($RefCountProperty[0] -eq 1) {
        $RefCountProperty[0] = 0
        Set-ItemProperty -Path "Registry::$userProfile" -Name "RefCount" -Value $RefCountProperty 
    }
}

 

3 Likes
Reply
bloggin1725

‎May 12 2022 12:35 PM

‎May 12 2022 12:35 PM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

@michael_moshkovich 

 

Hi Michael, we are seeing this issue with the latest FSLogix version running on Server 2022.  If I set the Refcount key to 0 then the affected person can log in again.

0 Likes
Reply
Andreas Möri

‎May 13 2022 05:49 AM

‎May 13 2022 05:49 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

same for us "access denied" for users (less then before but still happening)... with AVD and Windows 10 Enterprise multi-session (mostly when 2 or more sessions hosts are in a AVD-ppol)
0 Likes
Reply
SOVE-82

‎Jun 09 2022 02:10 PM

‎Jun 09 2022 02:10 PM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

Hi,
I installed fslogix 2201 hotfix 1 but we still have this issue.
We are using profile and office container in a RDS environment.
We notice the problem when the server does an unexpected reboot and with user logged on.
With Lab I noticed that this issue appear only when office 365 Is installed, without it there is no issues.
If I delete the "user" folder the user can log in. If can help under the user folder there is ntuser.dat file (without Office 365, the folder is empty).
Regards
0 Likes
Reply
msmendon

‎Oct 24 2022 03:18 AM

‎Oct 24 2022 03:18 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

Hi,

Still, we are facing this issue for some of the users.

Any solution?

Regards
0 Likes
Reply
StevenR

‎Oct 26 2022 06:23 AM

‎Oct 26 2022 06:23 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

Life saver, I had this issue when not even using fslogix but was on an Azure AD joined AVD, deleting the user from the "Reference" folder fixed it, Thanks
0 Likes
Reply
chakrapani1

‎Nov 11 2022 07:06 AM

‎Nov 11 2022 07:06 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

@Guido - in my case user is getting same Group policy error but Ref count is already 00000 . Let me know how can we fix this

 

0 Likes
Reply
StevenR

‎Nov 11 2022 07:42 AM

‎Nov 11 2022 07:42 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

In regedit HKLM:SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileService\References\ have you tried deleting the user effected s-15-21 folder completely as this resolved the issue for me.
0 Likes
Reply
jszabo_98

‎Dec 12 2022 04:33 PM

‎Dec 12 2022 04:33 PM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

This is still happening for us.
0 Likes
Reply
Johan Vanneuville

‎Dec 12 2022 10:45 PM

‎Dec 12 2022 10:45 PM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

Got it also yesterday, rebooting the host fixed the issue
0 Likes
Reply
jszabo_98

‎Dec 16 2022 05:47 AM - edited ‎Dec 16 2022 05:53 AM

‎Dec 16 2022 05:47 AM - edited ‎Dec 16 2022 05:53 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

I was able to predict the problem happening with this script.  I checked the non-zero usernames against who was logged in with the 'quser' command.  Code formatting doesn't work?

 

# profilecheck.ps1

function sid2user {
  param($id)
  $SID = New-Object System.Security.Principal.SecurityIdentifier($id)
  $objUser = $SID.Translate([System.Security.Principal.NTAccount])
  $objUser.Value
}

get-itemproperty HKLM:\SOFTWARE\Microsoft\Windows` NT\CurrentVersion\ProfileService\References\* refcount |
select @{n='Sid';e={$_.pschildname}},@{n='User';e={sid2user $_.pschildname}},@{n='Refcount';e={$_.refcount[0]}}

 

# example:

.\profilecheck.ps1 | ? refcount

 

Sid User Refcount
--- ---- --------
S-2-4-11-3423303271-1025932689-3187700767-574700 jszabo_98 1

 

0 Likes
Reply
jszabo_98

‎Dec 16 2022 08:01 AM

‎Dec 16 2022 08:01 AM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

I successfully predicted this happening by looking for users with a non-zero refcount, and seeing if they were actually logged in.  I tried to post some powershell, but I don't see it yet.

0 Likes
Reply
alozzy

‎Dec 29 2022 03:15 PM - edited ‎Dec 29 2022 03:19 PM

‎Dec 29 2022 03:15 PM - edited ‎Dec 29 2022 03:19 PM

Re: WVD logon issues. The Group Policy Client Service failed the sign-in. Access is denied.

I'm hopeful that upgrading from "FSLogix 2201 hotfix 1 (2.9.8171.14983)" to "FSLogix 2210 (2.9.8361.52326)" resolves the issue for me.

 

In particular, this bug fix note for hotfix 2 (2.9.8228.50276) sounds promising:

 

"Resolved an issue during profile cleanup where user registry hives would be removed regardless of the FSLogix local group exclusions."

 

In my case, the affected user is a member of an AD group that is in turn a member of  the local "FSLogix Profile Exclude List" group. So, it makes sense that fslogix is interfering with the user's hive despite being a member of that exclusion group - because of that bug.

0 Likes
Reply