locked
UPDs don't detach, users get temporary profiles RRS feed

  • Question

  • We just installed a new Server 2012 R2 RDS Farm:

    2x Connection Broker Servers in HA mode (configured for Collection Redirection), 4x Session Hosts, 1x File Server dedicated to UPDs, no Gateway Server.

    All Servers were updated with Windows Updates and RDS-specific hot-fixes before being put into production.

    When the issue happens, some users get a temporary profile. We have to find the Session Host where the UPD is still mounted and detach it in Disk Management, then delete the profile .bak registry entries from HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileList

    UPDs are configured to store all user settings on \\FileServer\Share. No excluded folders.

    Problem occurs randomly: different days and times, random users

    Any ideas what prevents the User Profile Disks from dismounting when the user logs off?

    Thursday, July 28, 2016 6:42 PM

Answers

  • Hi,

    If possible, please test to see if the October 2016 Preview of Monthly Quality Rollup is applicable/solves the issue.

    October 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2

    https://support.microsoft.com/kb/3192404

    Please see document below for description of fixes:

    Windows 8.1 and Windows Server 2012 R2 update history

    https://support.microsoft.com/help/24717/windows-8-1-windows-server-2012-r2-update-history

    Excerpt:

    "Addressed issue where the user profile disk (UPD) does not get unmounted when a user logs off. Therefore, users get temporary profiles and are not able to work with their own profiles during their next logon. The Event ID 20491 with a description of “Remote Desktop Services could not disconnect a user disk for the user account with a SID of <SID>. The error code is 0xAA.93” will be logged."

    Thanks.

    -TP

    • Proposed as answer by Amy Wang_ Tuesday, October 25, 2016 12:08 PM
    • Marked as answer by TP []MVP Saturday, January 21, 2017 7:05 PM
    Tuesday, October 18, 2016 6:00 PM

All replies

  • Hi,

    As this issue occurs randomly, I suggest you try to find a pattern such as timing, workload, running applications.

    If there are any third party applications installed, please try to disable and uninstall them to see whether the issue persists.

    In addition, please also check event logs to get more clues.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Amy Wang_ Thursday, August 4, 2016 3:57 PM
    • Unproposed as answer by BCT-Tech Thursday, August 4, 2016 4:01 PM
    Friday, July 29, 2016 6:15 AM
  • Found this on another thread:
    I found the problem in my scenario.  It turned out that the problem are certain thinclients that don't support NLA.

    When the thinclient connects to one session hosts is prompted for credentials. Apparently, after entering it's credentials by the action of the load balancer is sent to another session host and asked for credentials for a second time. That's a very common problem with legacy thinclients and Windows XP.

    During the redirect from the first session host to the second one the profile (VHDX) remains locked for a few seconds. If the user types the password fast enough then he gets the temporary profile because the VHDX was still locked.

    I found more people with the same scenario and the same problem:

    http://pei.com/2013/05/temporary-profiles-on-server-2012-rds/?replytocom=2647#respond
    We did have "Allow connections only from computers running Remote Desktop with Network Level Authentication" unchecked.  Could this be causing the issue?
    Friday, July 29, 2016 6:39 PM
  • Hi,

    I doubt that’s the cause of issue as the issue is random, it should be caused by factors that could change such as network condition, running applications and so on.

    Best Regards,

    Amy   


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 1, 2016 7:25 AM
  • I want to leave this topic open until we find a solution that works. Please don't mark any responses as proposed answers until we do.

    90% of our users have WYSE Thin Clients.

    Here is what we have tried so far with no luck:

    1. Uninstalled Symantec Endpoint Cloud, installed Sophos AV on Session Hosts
    2. Set UPD disk to “high” resource shares in vSphere / ESXi
    3. Enabled RDS keep-alive, set to 1 minute
    4. Added all Servers to the Windows Authorization Access Group in AD
    5. Configured Session timeout settings in the Collection (they were already set in Group Policy)
    6. Tried disabling write caching on a UPD, but settings came back when it was reconnected
    7. Enabled NLA on the wnos.ini file, required NLA on Session Hosts and Connection Brokers
    8. Disabled UDP on the wnos.ini file
    9. Disabled page file on Session Hosts (tried to reduce I/O)
    10. Created “AsynchronousCredits“ registry entry for SMB on Server sharing UPDs
    11. Removed “Disconnect” user option via Group Policy to force users to logoff instead
    12. Migrated all RDS Servers to the same LUN, increased I/O speed of LUN
    13. Enabled "Do not log users on with temporary profiles" in Group Policy

    We have the UPDs set to "Store all user settings and data". However, there was a Group Policy already in place to set user's home folder to the P:\ drive on a different Server, and re-direct user's My Docs, Music, Pictures and Videos to that folder.

    We are thinking this may be causing a conflict, or not allowing all data to be written to the UPD or redirected folder before the user logs off.

    Thursday, August 4, 2016 4:17 PM
  • Hi,

    Thank you for the update!

    You may move user account into a new OU temporarily to perform a quick test.

    Best Regards,

    Amy


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, August 5, 2016 1:03 PM
  • We are still battling this UPD issue on a daily basis.  We have also tried these possible solutions with no luck:

    14. Migrated all folder-redirected files to the UPD, and disabled folder-redirection for all users
    15. Enable Group Policy to "Increase the maximum retries to unload and update the user profile"
    16. Enable Group Policy to "Do not forcefully unload the users registry at user logoff"
    17. Increased the number of CPU cores on each RDS Session Host
    18. Changed the CPU Resource Allocation of the Session Host Servers from normal to high

    Thursday, September 8, 2016 9:30 PM
  • BCT-Tech 

    Wondering where you stood on this issue. I am still facing the same issues and have made pretty much the same exact changes to our environment as you mentioned in your steps. Do you have Office Click to Run service installed? MS has told me that is the issue in my case but I am not 100% certain this is the only problem

    Tuesday, September 13, 2016 3:00 AM
  • BCT-Tech 

    Wondering where you stood on this issue. I am still facing the same issues and have made pretty much the same exact changes to our environment as you mentioned in your steps. Do you have Office Click to Run service installed? MS has told me that is the issue in my case but I am not 100% certain this is the only problem


    Yes, we have Office 2016 ProPlus / Office 365 Enterprise E3.  I saw that thread on the click-to-run service possibly being the cause.  Our issue is random so it would be hard to replicate.  We have about 60 users, and have to detach anywhere from 1-6 UPDs per day.
    Tuesday, September 13, 2016 4:36 AM
  • Hi,

    There are multiple cases opened with MS about the issue, and there is no solution found yet.

    Quoted from one case, “there is a recognized problem with OfficeClickToRun causing UPD unmount to fail intermittently”, and I will keep you guys updated if there’s any progress.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Edited by Amy Wang_ Wednesday, September 14, 2016 6:53 AM
    Wednesday, September 14, 2016 6:52 AM
  • Hi,

    If possible, please test to see if the October 2016 Preview of Monthly Quality Rollup is applicable/solves the issue.

    October 2016 Preview of Monthly Quality Rollup for Windows 8.1 and Windows Server 2012 R2

    https://support.microsoft.com/kb/3192404

    Please see document below for description of fixes:

    Windows 8.1 and Windows Server 2012 R2 update history

    https://support.microsoft.com/help/24717/windows-8-1-windows-server-2012-r2-update-history

    Excerpt:

    "Addressed issue where the user profile disk (UPD) does not get unmounted when a user logs off. Therefore, users get temporary profiles and are not able to work with their own profiles during their next logon. The Event ID 20491 with a description of “Remote Desktop Services could not disconnect a user disk for the user account with a SID of <SID>. The error code is 0xAA.93” will be logged."

    Thanks.

    -TP

    • Proposed as answer by Amy Wang_ Tuesday, October 25, 2016 12:08 PM
    • Marked as answer by TP []MVP Saturday, January 21, 2017 7:05 PM
    Tuesday, October 18, 2016 6:00 PM
  • If possible, please see if the October 2016 Preview of Monthly Quality Rollup is applicable/solves the issue.

    We installed this on 10/18/16 and have not had any UPD issues since. Hopefully this is the permanent fix.
    Friday, October 21, 2016 4:22 PM