# Windows 10 Threshold 2 - Edge/Search issues for domain joined PCs

• ### Question

• Hi all,

My customer's company has successfully been running Windows 10 for about 1.5 months now, and yesterday Threshold 2 got released. We're talking about an environment with 7 PCs that are all domain-joined.

I upgraded 1 of the domain joined PCs to Windows 10 Threshold 2. Took a while, but completed without issues. After the upgrade, I logged into the domain account that is always being used on that particular PC. It turned out that Microsoft Edge kept crashing on startup (only showing large Edge logo, immediately closes down after that), making the browser useless.

I logged out, and logged in with the local admin account. Edge worked without any issues. Hoping that some magic took place in the background, I logged back into the domain account but Edge still kept crashing.

After figuring out that this problem only took place in the domain account and not in the local admin account, I upgraded another domain joined machine to Threshold 2. Different domain account. Also without any installation issues. Guess what? Edge also crashed on this account after the upgrade.

The only way to get Edge working for those domain accounts, was to go to Advanced System Settings > User Profiles and delete the domain profiles. After logging back into those accounts and loading a fresh profile from the server, Edge started working again.

So, in short:

• I upgraded 2 domain joined machines to Threshold 2 using 2 different domain accounts that have local admin rights.
• After the upgrade, for both domain accounts on both machines, Microsoft Edge kept crashing on startup.
• Deleting the domain user profiles via Advanced System Settings > User Profiles did the trick and made Edge start working again for the domain accounts.

I'm not sure whether this problem also occurs when the upgrade to Threshold 2 is done by a local admin account and logging into that local account immediately after the upgrade. Will try this on another domain joined PC when I get a chance to.

Hope this helps for people who are facing the same problem!
Dennis

UPDATE 14/11: I tried to upgrade another domain joined PC using the local admin account and logged into that account immediately after the upgrade. No issues again, Edge also opens without issues. However, when logging into the domain account that is being used on that PC, Edge doesn't open again! Seems to be a serious bug here. Can someone confirm this behavior in a Windows 10 domain network?

UPDATE 2 14/11: The steps in this topic to delete the Edge package and reinstall it, also works as a solution.

UPDATE 3 14/11: Situation seems to be worse; after domain users log out and log in, Edge starts crashing on startup again. Only way to fix it is to follow the steps in the link I mentioned in update 2 (deleting the Local/Packages/..MicrosoftEdge.. folder and re-creating it by running Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" -Verbose}). Hoping for a quick fix by Microsoft!

Friday, November 13, 2015 7:26 PM

### All replies

• Hi Dennis,

I can confirm I'm seeing much the same issue on domain machines - here's a comment I've just written as part of an answer to a different query before I found your post :-

ALL of mine in a test environment are now completely screwed. This is a 2012R2 domain utilizing roaming profiles. The upgrades appeared to be successful but after logging back in many features are now broken (Edge, All search ability including Cortana, Start button now only shows left hand panel).

Deleting the profile locally and logging back in makes no difference. Also tried deleting local profile and server copy - still no difference. A newly created domain user account DID work successfully but failed after a few restarts for no apparent reason in exactly the same way.

Reverting the machines back to the 10240 build fixes most things but not the ability to search for some reason.

I've also discovered that on some machines it's impossible to subsequently remove the 'windows.old' folder (some 15GB+ in size)  that is created by the upgrade since some programs are still being run from that location (Intel Display audio driver being an example).

Did the fixes you've listed 'stay fixed' after that ?

Regards,

Ian

• Edited by Sunday, November 15, 2015 1:20 PM Grammar check
Sunday, November 15, 2015 1:19 PM
• Hi Ian,

Thanks for your reply. Glad to see I'm not the only one who is facing issues.

Nope, after I got Edge fixed, it indeed stopped working again after 1 or 2 restarts. Search is also problematic on some machines... I'm also in a 2012R2 environment with roaming profiles activated.

Sunday, November 15, 2015 2:59 PM
• I have the same issues in the test environment. Edge crashes on open (opens, closes instantaneously, application log error source Apps event ID 5973) and the search doesn't work and who knows what else.

I'd like to add that we had issues with broken roaming profiles before when the test environment was in the Insider program. After installing a new build, sometimes the search for would be broken and other profile functionality too.

Non roaming profiles seem to be fine.

The environment is Win 10 Pro in on-premise AD with Server 2012 R2 domain controllers running on Server 2003 domain functional level with Win 10 (ver 5) roaming profiles.

Sunday, November 15, 2015 4:34 PM
• Thanks for the confirmation Ben.

So that's three of us running what Microsoft would surely consider the optimal platform 'today' - and this major update has clearly broken it for all three of our environments...I completely fail to see how this wasn't spotted in internal testing or though the insider program before the release was allowed to go ahead.

As you suggest, it would appear that fully standalone machines don't appear to be suffering any issues (so home users are likely unaffected). I'm now testing with non-roaming accounts but it seems I have to fully re-create the accounts as the Windows 10 machines appear to be 'remembering' that the accounts used to be roaming (even after clearing the local and server profiles completely). I can only assume that the newly created sID is then being dealt with as a totally different account.

Can only say that I'm very disappointed.  I haven't seen any other reports other than our own though which seems strange too.

Thanks again,

Ian

Sunday, November 15, 2015 4:57 PM
• Hi Ian Fretwell, Ben Hastings72, Dennis Ameling,

According to my experience, there are many similar cases that the Edge (other Metro apps)wont work well after the upgrade.
The solution included in the Dennis original post is usually useful to resolve the issue.
As a supplement, we could refer to the following link to fix the corrupted user profile if we want to keep the user profiles.
Fix a corrupted user profile (Apply to Windows 10)
http://windows.microsoft.com/en-us/windows/fix-corrupted-user-profile#1TC=windows-7

For any ideas, suggestions, using experiences about Windows 10, we could use the built-in "Feedback" (Search it directly)tool to submit them  anytime.

Best regards

Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

Monday, November 16, 2015 7:26 AM
• Hi, many thanks for the input.

Maybe we haven't been clear enough in what we've put about:-

Even a brand new user account will become 'affected' after just a few login/logout/reboots. It's not merely a case of a corrupted profile, rather that the OS seems to be now causing the corruption itself.

With regards to the inbuilt feedback - I'd love to do this - unfortunately I can't search for anything - remember - all my search functionality is gone (right click start, Cortana, taskbar - all now do nothing). So feel free to just say where the feedback option actually is and I'll get on it.

Thanks again,

Ian

Monday, November 16, 2015 8:45 AM
• Additional issues that I've found since 'upgrading':-

RSAT tools no longer work. Cannot be re-installed because (I'm in the UK) even though I have US English added as a language - the actual language pack has been removed and it's not giving me any option to download it now. Removing US English and re-adding makes no difference.

System tray icons for all OS based things (i.e. volume, date/time, network) are no longer left-clickable.

Monday, November 16, 2015 9:13 AM
• Hi,
we have the same issue. Today i have tested this in my test enviroment. Clean Server 2012R2 istallation and a clean Windows 10 1511 installation (no upgrade). Without roaming profiles it works perfekt. After changing the user account to use roaming profiles, edge and search are broken. it must be a bug in Windows 10.
Monday, November 16, 2015 11:47 AM
• Same problem here - not upgraded to W10 yet because of resistance to trying v1 of anything so testing clean v1511 Pro install in a VM with a clean v5 profile. Problem occurs with that as well so it's not like there was any legacy profile baggage left around - a new v5 profile was created.

Wondering if it's a roaming profile/group policy combo that's causing the problem so about to revert snaptshot back, zap profile and try again with the roaming profile disabled for the user's account.

Rob.

Tuesday, November 17, 2015 10:07 AM
• Even a brand new user account will become 'affected' after just a few login/logout/reboots. It's not merely a case of a corrupted profile, rather that the OS seems to be now causing the corruption itself.

I concur with this - testing a clean W10 install with a clean v5 profile and the problem occurs immediately. Attached are some logs which might be related.

https://dl.dropboxusercontent.com/u/36684956/Edge%20fault.zip

Rob.

Tuesday, November 17, 2015 10:10 AM
• This may or may not be related but VM Workstation v12 introduced something a bit weird in the latest release in that you get this message the first time you logon:

What this means is that the following sequence occurs:

1. v5 roaming profile on network is not empty (but does exist)
2. User logs on to Windows 10 - as no roaming profile on network, then a new profile is created
3. VMware quirk above kicks in and logs the user off before getting to the desktop - thus copying the new v5 profile to the network
4. User logs back on and Edge won't load

The key point here is that Edge is not been run the first time the profile is copied to the network, the profile will have be created from the default settings.

It might not be related at all but thought I'd mention it.

Tuesday, November 17, 2015 10:25 AM
• I've disabled group policy for the user part and the fault still occurs. Forgot to deny the computer bit so will do that now.

Tuesday, November 17, 2015 10:26 AM
• Okay maybe the VMware Tools thing is a bit of a red-herring but can confirm the fault occurs with the following sequence:

1. Group policy disabled for both the user and computer accounts (confirmed by gpresult /r)
2. No profile exists for user anywhere either locally or on the domain (rather the profile.v5 folder is empty)
3. User logs onto clean Windows 10 v1511 VM and new profile is created
4. Edge launches and shows the welcome screen
5. Log off - creating profile.v5 folder on network
6. Log back on - Edge opens and then closes immediately

Can't get much cleaner than that!

Tuesday, November 17, 2015 10:41 AM
• Okay, I'm out of ideas now :-) I thought it might be because the profile.v5 folder on the network was simply empty and therefore wasn't created by Windows 10 itself. But it's not as it doesn't work either way.

I've battled with permissions on roaming profile folders for years with the way it locks down permissions by default to prevent other users getting in there. Sensible in a way but also means that IT support people can't clear the profile without twiddling with permissions. So our new user script created the empty profile folders first with more permissions than is created by default, specifically they are inherited and include the IT support account. Also means that any backup or migration tool that's file copy based can get into the folders.

So in my last test, I deleted the profile.v5 folder on the network and let Windows 10 create it and it ended up with these permissions:

fileacl "\\server01\dfs\users\user.name\profile.V5"
\\server01\dfs\users\user.name\profile.V5;NT AUTHORITY\SYSTEM:F
\\server01\dfs\users\user.name\profile.V5;MIDDLE-EARTH\user.name:F

In previous tests, the permissions were this:

fileacl "\\server01\dfs\users\user.name\profile.V5"
\\server01\dfs\users\user.name\profile.V5;MYDOMAIN\user.name:F[I]
\\server01\dfs\users\user.name\profile.V5;CREATOR OWNER:U/F/F[I]
\\server01\dfs\users\user.name\profile.V5;NT AUTHORITY\SYSTEM:F[I]
\\server01\dfs\users\user.name\profile.V5;MYDOMAIN\it.support:F[I]

So effectively the same permissions but as I said, another dead end as it wasn't permission quirks on the roaming profile folder.

Cheers, Rob.

Tuesday, November 17, 2015 10:55 AM
• As posted above, the following PowerShell commands does get it going again:

Remove-Item "C:\Users\$($Env:Username)\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe" -Recurse -Force
Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml" -Verbose}
# (here to allow copy & paste of this text)


But it's a pretty drastic workaround as it zaps all the user's Edge settings and the killer - requires admin rights.

Let's hope this one is fixed pretty quickly!

Cheers, Rob.

Tuesday, November 17, 2015 11:11 AM
• Can only say that I'm very disappointed.  I haven't seen any other reports other than our own though which seems strange too.

Yes, this is a little strange for such a potentially big problem....

Cheers, Rob.

Tuesday, November 17, 2015 11:18 AM
• Later... that workaround only works for the current session. Log off and back on and Edge stops again.
Tuesday, November 17, 2015 11:21 AM
• Looks like we really need MS to acknowledge that there's an issue now. Still not seen any official posts about it.
Tuesday, November 17, 2015 12:23 PM
• I would just like to add a me too.
Running Win10 in domain for months without issue.
Installed November Update and now Edge crashes upon start.
Cleared profile and works OK on first login but fails again upon logout and back in.

Tuesday, November 17, 2015 3:25 PM
• If this is widespread, then the support calls around the world are going to go ballistic :-(

Tuesday, November 17, 2015 3:49 PM
• Same here, on both a physical system that's been upgraded to 1511 and a freshly installed 1511 VM. Log on as domain user (with no local or remote profile), Edge works, log off, log back on, Edge crashes.

This is no fun at all. I don't use Edge that frequently, and the normal start menu search still works for me, at least.

If I turn off roaming profile replication through Group Policy ("Allow only local profiles") and start over with no local profile, Edge keeps working, so this must be some kind of accidental suicide during profile replication.

Wednesday, November 18, 2015 1:24 PM
• Just so you can add to the amount of effect users, I am experiencing Edge crashing, clicking start button has a huge lag and Cortana/search doesn't work at all.
Wednesday, November 18, 2015 10:40 PM
• Just like to say same here, Edge is a no go after Windows 10 1511 installation on all our Domain joined computers with roaming profile and folder redirection.
Thursday, November 19, 2015 3:15 AM
• Installed Cumulative Update KB3118754 today, problem persists. Still hoping that Microsoft will get this fixed ASAP!
Thursday, November 19, 2015 10:00 PM
• Yep, KB3118754 not changed anything for me either.
Friday, November 20, 2015 4:35 PM
• Dear Mr. Ameling,

since the November-update of Windows 10 we have the same problems with the Edge-browser in our Windows-domain as well as you have described in here. If a Domain-user with a server-based profile signs in for the first time on a Windows 10 computer with the November-update Edge can be started and closed without problems. As soon as that user signs out and in again Edge is starting and closing immediately. This behavior is reproducible.

Users with local accounts only are not affected by this.

It is interesting that Microsoft did not notice that annoying problem before officially publishing the November-update.

Up to now they published no solution patch for that problem. Even that patch issued a couple of days later did not help at all.

Monday, November 23, 2015 9:27 AM
• So it would seem that the November update has now been pulled - along with a pretty vague excuse as to why - certainly doesn't seem to justify the action - unlike the issues we're all seeing!!

Also thought people might like to know that the RSAT tools for Windows 10 were also updated on the 19th Nov - these will once again install and work on a machine updated with the November build (but obviously they don't fix anything other than themselves).

• Edited by Monday, November 23, 2015 1:18 PM Grammar checking
Monday, November 23, 2015 1:17 PM
• We have six workstations running 8.1 and one server (2012R2).  I am the owner (not an IT guy) that decided to upgrade my Surface Pro 2 to Windows 10 Pro over the weekend so I could "test it out" for a while before upgrading the entire office.  It was also working fine until I docked it this morning at my office.  It is taking a "very" long time to sign onto the server, Edge crashes on startup and Cortana is not working.  I can still use Internet Explorer so I am going to try and find a setting to have Cortana use Internet Explorer until this is fixed (I think I saw that option somewhere).  Otherwise, I suspect that I might have to revert back to 8.1 for a while; what a waste of time...

Thanks for your original post, I thought I had done something wrong.

Dan

UPDATE: I went into control panel, and changed my default browser from Edge to Explorer.  Now Cortana and all internet links are working fine.  Will leave it this way until I confirm that the Edge/Server issue is corrected.  I have spent too much time getting everything set up.
• Edited by Monday, November 23, 2015 7:07 PM
Monday, November 23, 2015 3:28 PM
• Hmm, I wondered if they might do that! I've got a VM that I use for supporting a small client temporarily. They are an Office 365 user with Office 2016 and Windows 10 so wanted to be as close to their environment as possible. My VM upgraded a few days ago and I've just tried using it. Totally broken! Half the icons on the task bar were blank and the start menu was not responding at all. Could search for Edge but nothing happened on clicking it. Not good!

Fortunately as this is a VM, I had a snapshot to quickly go back to.

Monday, November 23, 2015 3:44 PM
• Actually they haven't pulled the November update - maybe...

http://betanews.com/2015/11/21/microsoft-pulls-the-windows-10-november-update/

All a bit confusing. Gone from new media creation but not from updates. Will see - have just rolled my VM back so will see if tries to update.

Monday, November 23, 2015 3:46 PM
• We're seeing the same issue here on a Win2008/R2 domain.  On Workstations with the 1511 update, users with roaming profiles cannot launch Edge, Cortana, Xbox, Bing News, Bing Money, Bing Sports.  Deleting the local app folder and re-adding it with powershell gets them going again.  However, the very next login, they'll be back to the same non-functional state.

We did find another more persistent fix.  You'd have to repeat this process on each workstation the user logs in on but it might help some people in some scenarios.

1. Use the advanced system settings to delete the roaming user profile from the affected workstation.
2. Log in as that user to create a fresh, new copy of the roaming profile
3. Verify Edge & other Win10 Bing apps work
4. Before you logout for the first time, open regedit add add full control rights for ALL APPLICATION PROFILES on the HKCU\SOFTWARE\Classes key.  Apply the security change, then on the advanced security dialog, check the "Replace all child object permissions with inheritable permission entries from this object".  It will probably report that some items couldn't be updated.  That seems to be OK.

There may be some collateral damage from this but we haven't seen it yet.  Unfortunately this isn't a great fix for us as our users do actually roam on a few machines and this fix has to be applied on each machine the first time they log in :(

Edit 12-14-2015

as mentioned by jokland_cat on 12/9, the more specific registry path that should be modified is actually HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe

There should be FAR less potential collateral damage by updating this key rather than the entire SOFTWARE\Classes key.

Also, see Christian Ullrich's post on 12/10 with powershell script to automate the process...

Monday, November 23, 2015 4:39 PM
• To add insult to injury I've just noticed one more thing that is not working for me in this update and that's the "Go back to an earlier build" button. I press it and nothing happens.

I don't want to sound like a drama queen but I have spent far too much time struggling to get Windows 10 to work reliably. I am going to reinstall Windows 7.

Monday, November 23, 2015 4:58 PM
• thanks, that powershell script gets me working again.

• Edited by Tuesday, November 24, 2015 2:16 PM
Tuesday, November 24, 2015 2:15 PM
• KB3120677 has been released over last two days - just about to test...

http://www.neowin.net/news/microsoft-rolls-out-updated-cumulative-update-kb3120677-for-windows-10

Wednesday, November 25, 2015 8:21 PM
• Nope - same problem. Edge opens and instantly closes. Nice one Microsoft!
Wednesday, November 25, 2015 8:36 PM
• Just posted this to Windows 10 Feedback as well: Windows-Feedback:?contextid=348&feedbackid=b79f8417-b8c5-418f-b84f-3bba4a33b08e&form=1&src=2

(Clicking the link might not work; try to copy/paste the link in your address bar in that case.)

Are you guys able to Upvote this? Then Microsoft might prioritize better on this one...

• Edited by Thursday, November 26, 2015 1:47 PM
• Proposed as answer by Thursday, November 26, 2015 2:35 PM
• Unproposed as answer by Thursday, November 26, 2015 2:35 PM
Thursday, November 26, 2015 1:46 PM
• Same problem here.
Thursday, November 26, 2015 2:35 PM
• Same problem with my customers. Clean Windows 10 install, Domainmembers, roaming profiles -> no Search, no Edge,no Cortana. Tried everything and nothing helps. If future updates work like this....very scaring.
• Edited by Thursday, November 26, 2015 8:17 PM
Thursday, November 26, 2015 8:16 PM
• Same problem here. Patch KB3116908 did not help for me. Any comments?
Thursday, December 3, 2015 2:25 PM
• Just to add I am facing the same problems as everyone else here.

The registry permission as mentioned else where seems to fix most of the problems - but they do come back.

Another problem I have is an application (cadsoft eagle) - if I install the x64 version - roaming profile domain users cannot run it - nothing happens when you try to start the software. Local (non-domain) user on the computer can start the application no problem.

It gets interesting when we install the x86 version of the software, then roaming profile domain users can run that ok!!!!

I suspect this is all related to how windows 10 is handling roaming profiles / registry permissions / appdata folder permissions, etc.

It is a pretty serious issue, which Microsoft is pretty quiet on.....

Friday, December 4, 2015 1:30 AM
• >It is a pretty serious issue, which Microsoft is pretty quiet on.....<o:p></o:p>

That is what's really worrying me about this. Microsoft haven't publically commented on this which is not what I expect for the company I've recommended for many years :-(
Friday, December 4, 2015 10:24 AM
• Can I ask is everyone suffering from this using Folder Redirection as well?  is so are you redirecting all the folders (appdata/roaming, documents, etc, etc) ? and what are your directories to exclude from roaming profile settings look like?

Monday, December 7, 2015 4:04 PM
• As long as I'm not using a roaming profile, folder redirection is working perfectly.  I haven't tried a roaming profile without folder redirection though.
Monday, December 7, 2015 6:55 PM
• Hello,

Same problem.

On a Clean installation Windows 2012 R2, and Windows 10 Pro, Microsoft Edge crashes at start when I use roaming profile (Internet explorer works fine), but when I don't use Roaming Profile, all is working fine.

Did someone found a solution?

Thank you and have a nice day!

Tuesday, December 8, 2015 7:37 AM
• Yes we use roaming profiles and folder redirection (of documents & favourites) and we have the following folders excluded:

Cheers, Rob.

Tuesday, December 8, 2015 10:43 AM
• I'd rule out folder redirection because we have experienced all the above mentioned 'phenomena' and we have no folder redirection whatsoever.

We do have a DFS namespace that points to the SMB share on which the roaming profile resides. Does someone use DFS?

Tuesday, December 8, 2015 11:06 AM
• No DFS for us.

It appears that either no one is using windows 10 in a domain environment with roaming profiles judging by the Microsoft silence -or- we are the minority and there is something common with all our environments which is causing this.

It would be nice to hear from someone who does not have this issue!!!

Tuesday, December 8, 2015 11:48 AM
• No DFS for us.

It appears that either no one is using windows 10 in a domain environment with roaming profiles judging by the Microsoft silence -or- we are the minority and there is something common with all our environments which is causing this.

It would be nice to hear from someone who does not have this issue!!!

The kind of environments that use roaming profiles are probably also the kind of environments that are looking more closely at the LTSB version, which doesn't have Edge or Cortana in the first place.

But more generally, yes, there are a lot of problems with roaming profiles in 10 (many to do with the loss of appdata\local on moving from one machine to another), and Microsoft don't seem overly bothered about this.

Tuesday, December 8, 2015 1:14 PM
• Yes, we use DFS.
Tuesday, December 8, 2015 3:55 PM
• Aside: I know that Microsoft want to applications to move towards storing their configuration in the cloud which makes a lot of sense. But it'll be many years before all legacy applications have been re-factored & updated to stop using the registry and/or data stored in the profiles. Until then, they must keep full support for roaming profiles otherwise enterprises just won't upgrade to Windows 10.
Tuesday, December 8, 2015 6:57 PM
• Alright, what can we do?

Dec patch day (10586.29) didn't fix it.

We need to bring this to Microsoft's attention and get MS to acknowledge the issue.

What's the next move? A support ticket of sorts?

The clock is ticking, no? We can defer how long? 4 months? Starting Nov.

(A bit off-topic: WSUS has a new classification 'upgrade' that includes 1511)

A note on LTSB: MS advertises it as a solution for 'extreme' conditions like flight traffic control, intensive care units etc. And it's also only for Enterprise edition. Not an option for Pro edition.

Wednesday, December 9, 2015 1:00 PM
• A note on LTSB: MS advertises it as a solution for 'extreme' conditions like flight traffic control, intensive care units etc. And it's also only for Enterprise edition. Not an option for Pro edition.

True that it's only an option for Enterprise, but the rest looks more like Microsoft encouraging people in their preferred direction rather than any particular problem with using LTSB for other purposes. i.e. that looks like spin, for Microsoft's benefit, not ours.

As far as we're concerned, LTSB is Enterprise as it should have been (mostly), and what's currently available as "Enterprise" is unsuitable for many enterprise environments.

For our purposes, it's often LTSB or stay on 7.

(For example, for our student PCs, we need consistency of interface and functionality across the academic year. Including testing beforehand, this means from May/June of one year to late August of the next - around 15 months. There's nothing 'extreme' about that as far as I can see, but also no way of achieving it with Microsoft's imposed upgrade schedule without using LTSB.)

Wednesday, December 9, 2015 1:46 PM
• After installing the last cumulative update (kb3116869) now the same issue on build 10240. Congratulations Microsoft, what is it for a shit?
Wednesday, December 9, 2015 4:20 PM
• Same problem here. Clean Windows 10 install, after join to AD domain. Start Menu, Search, Edge and Cortana stop working. Tried everything with no luck. Some Oficial solution or workaround?

Wednesday, December 9, 2015 4:49 PM
• Hi

I solved the Edge crash  setting the perrmissions in that registry key:

HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe

to Full control on ALL APPLICATION PACKAGES  principal.

I hope this help other people.

Kind regards

Wednesday, December 9, 2015 7:14 PM
• After installing the last cumulative update (kb3116869) now the same issue on build 10240. Congratulations Microsoft, what is it for a shit?

I hope this is a joke :(

I'll find out tomorrow.

Wednesday, December 9, 2015 11:03 PM
• Not a joke :(. Yesterday two user reported this issue. In the evening i have disabled all roaming profiles. Otherwise, i would stress in the morning.
Thursday, December 10, 2015 6:48 AM
• Awesome thanks a bunch solved it for me and several clients...now to roll it out.
Thursday, December 10, 2015 7:58 AM
• Since this appears to be part of "local settings" this makes me think this work around would have to be applied on each computer that the user logs into.  Can anyone confirm or deny that?  If this has to happen on each computer a roaming user logs into, this is not a sufficient fix.
Thursday, December 10, 2015 4:59 PM
• Even worse.  December patches bring this same issue to the 10240 RTM build!

We had been deferring the 1511 upgrade to avoid this problem.  Now it seems we have to also avoid all security updates?  Come on Microsoft!  What is going on over there do they even use their own products?  Do they not use roaming profiles at all?

Thursday, December 10, 2015 5:47 PM
• I'm suffering from the same problems on my Windows 10 PCs as well.  My users can live without Cortana, Edge, etc... but one other symptom that I'm having is that broken Cortana goes on huge downloading sprees from Microsoft IP address 204.79.197.200, downloading gigabytes of data at a time per user.  I've had to rate-limit connectivity to 204.79.197.200 to a fairly slow speed to prevent Cortana on everyone's computers from using up my entire 100megabit internet connection.  If I look at the App History in the Task Manager of a broken user, I often find that Cortana has transferred 15-20GB of data.  A non-broken local user typically shows under 100 megabytes of Cortana data.

Anyone else having this same problem along with all of the other symptoms?  Last week there was one day that even with my rate-limit in place, Cortana collectively on all of my broken PCs transferred 125GB of data, that's right, 125GB in one day.   The huge Cortana downloads happen day after day.

Thursday, December 10, 2015 6:42 PM

Anyone else having this same problem along with all of the other symptoms?

Yes, oh God, yes. Thanks for telling me about this; I just looked at my task manager, and it's sitting there at just under 5 GiB right now, 1.3 of them from this week, and I have not even been in every day.

Update: It gets better: I shut down my access to that address (which is www.bing.com) completely to get rid of the downloads, and that broke the start menu search entirely!

<plea mode="futile">Microsoft must get on this and fix it!</plea>

Thursday, December 10, 2015 8:22 PM

Anyone else having this same problem along with all of the other symptoms?

Yes, oh God, yes. Thanks for telling me about this; I just looked at my task manager, and it's sitting there at just under 5 GiB right now, 1.3 of them from this week, and I have not even been in every day.

Update: It gets better: I shut down my access to that address (which is www.bing.com) completely to get rid of the downloads, and that broke the start menu search entirely!

<plea mode="futile">Microsoft must get on this and fix it!</plea>

I concur, this problem needs a resolution.  The high network use of Cortana is what got my attention to this problem to begin with, and for a network that isn't aware of what is happening I could see this issue being crippling to their internet usage.

But for some more detail about the Cortana huge downloads, it always seems to be 6 simultaneous download sessions from 204.79.197.200 per PC.  Here's one that's active right now on my network from a single PC, looks like close to 2GB of data downloaded so far total between all 6 sessions.

TCP outside  204.79.197.200:443 inside  x.x.x.200:51420, idle 0:00:00, bytes 276640445, flags UIO
TCP outside  204.79.197.200:443 inside  x.x.x.200:51399, idle 0:00:00, bytes 327617074, flags UIO
TCP outside  204.79.197.200:443 inside  x.x.x.200:51398, idle 0:00:00, bytes 388349232, flags UIO
TCP outside  204.79.197.200:443 inside  x.x.x.200:51396, idle 0:00:00, bytes 351734869, flags UIO
TCP outside  204.79.197.200:443 inside  x.x.x.200:51395, idle 0:00:00, bytes 384296909, flags UIO
TCP outside  204.79.197.200:443 inside  x.x.x.200:51393, idle 0:00:00, bytes 284583910, flags UIO

• Edited by Thursday, December 10, 2015 10:03 PM
Thursday, December 10, 2015 9:52 PM
• My current attempt at a fix, using the proposed idea of assigning additional permissions to certain registry keys. This is intended to be assigned as a login script (it appears that it fixes the problem from the current session forward):

#!PowerShell. De pilo pendet.

function MakeACE() {

# S-1-15-2-1 is WELL_KNOWN_SID_TYPE::WinBuiltinAnyPackageSid, "APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES".
# The self-documenting NTAccount type results in an object that "cannot be translated".
$id = New-Object System.Security.Principal.SecurityIdentifier("S-1-15-2-1") New-Object System.Security.AccessControl.RegistryAccessRule($id,
[System.Security.AccessControl.RegistryRights]::FullControl,
[System.Security.AccessControl.InheritanceFlags]::ContainerInherit,
[System.Security.AccessControl.PropagationFlags]::None,
[System.Security.AccessControl.AccessControlType]::Allow)

}

function GrantRequiredAccess($key) {$acl = Get-Acl $key$acl.AddAccessRule((MakeACE))
Set-Acl $key$acl

}

# All Windows 10, since Microsoft apparently managed to break build 10240 as well in December 2015, after having shipped 10586 broken from the start.
if ([Environment]::OSVersion.Version.Major -eq 10) {

GrantRequiredAccess "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe"
GrantRequiredAccess "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy"

}
Note: Using SetACL.exe, this can be done in two lines instead.
Thursday, December 10, 2015 10:26 PM
• The fix above from BrandonGoodman of setting "ALL APPLICATION PACKAGES" to full control permissions of registry HKEY_CURRENT_USER\SOFTWARE\Classes has resolved it for one user I've tried it on so far. I haven't been able to try to see if it resolves it when they log onto a different computer or not.

But with the user logged on, I tried to launch Edge, Cortana etc...  they all crash.   Then setting the registry permission to HKCU, Edge works correctly afterward and Cortana ceases it's gigantic downloads.  I didn't have to log out and back in after applying the permissions, and I didn't have to start with a fresh non-broken profile.  It appears to have fixed a previously broken user profile.

Trying it on a second user, the user for whatever reason doesn't even have write access to their own HKCU\Software\Classes, so I get permission denied trying to apply the permissions.  It looks like Local Administrators on the computer are set to full control of those registry keys though, so I suspect if I temporarily set the user as Local Admin, change the permissions (and grant full control to their own user as well while I'm doing it), I assume that will fix it as well.

No idea what's different about a roaming profile versus a local profile regarding this though.  My own user is a local user, it works correctly, and the "ALL APPLICATION PACKAGES" permission mentioned above is set to only READ access.  So I'm boggled why the local profile works with that permission but the roaming profile does not.

Thursday, December 10, 2015 11:43 PM
• Hi,

Just to put my 'two cents' in the thread, I've also been plagued with this issue on one domain connected machine. The best part is that I see the Cortana errors all over the event viewer but Cortana isn't even available on my region (Portugal). Start menu search is highly inconsistent as well: when it does return results for typed in strings it won't give out all of them (for example the powershell shortcuts are never listed).

Even though I get the same Edge/Cortana issues everyones been reporting, I also have strange behaviors with the roaming files data, in a very inconsistent way. For example, using AutoCAD on such a machine, which places a lot of user specific support files on the roaming folders, will often break because those folders get lost or incomplete.

Friday, December 11, 2015 11:24 AM
• Another 2p.

Just to confirm that we can see the same issues with Edge failing to start, and with Cortana downloading large amounts of data, and that the permissions fix clears both issues once they occur. Still not sure exactly what changes to break them, as they work on first login, and sometimes on second login.

With Autocad, are you using redirected folders for appdata etc or are you relying on the roaming mechanism to keep those files?

Friday, December 11, 2015 2:59 PM
• Thanks to jokland_cat and to Christian Ulrich.

The workaround with the script from Christian Ulrich works with our computers. Until now, there are only a few users that reported the issue, I'm not sure if this is because most of them still prefer IE or if not all of them are affected. Afraid of side effects of changing registry permissions on all computers with a netlogon script, I've deployed only a sccm package, so that affected users can start the script from softwarecenter.

Friday, December 11, 2015 5:03 PM
• Thanks to jokland_cat and to Christian Ulrich.

Until now, there are only a few users that reported the issue, I'm not sure if this is because most of them still prefer IE or if not all of them are affected.

My experience is that many of my users were unaffected because they were still on the RTM version (build 10240) AND hadn't rebooted their computers yet to finish installing this week's Windows Updates.   After rebooting, the RTM builds are now broken.

Here's some additional info from my experience manually changing the registry setting on a handful of user's computers.

All of the Windows 10 RTM (10240) installs I encountered work correctly until installing this week's KB3116869 cumulative update.  After that install and a reboot, the users Edge, Cortana, etc... are broken.   The registry permission change made the apps work again in this case as well.

I encountered one broken user whose Cortana had downloaded 95GB of data total according to the app history in the task manager, another user Cortana had downloaded 45GB of data total so far.

Other than that, from playing around with other registry permission changes on test users, DON'T change the permissions on HKEY_CURRENT_USER\Software itself.   I set ALL APPLICATION PACKAGES to full control on the main SOFTWARE key and then told it to propagate to child objects..... it took away the user's permission to the Classes key after doing so.  I tried it again with a second test user to make sure I hadn't made a mistake somewhere and thought I clicked a box, and the same result.

<edited to remove what I thought was this not being an issue initially on Version 1511 (threshold 2) until one of the cumulative updates.  The user I encountered that worked correctly on threshold 2 was not using a roaming profile.>
• Edited by Friday, December 11, 2015 7:18 PM
Friday, December 11, 2015 6:33 PM
• This works perfectly on both 10240 RTM and the 1511 update.  We added this process to our domain login scripts so that it will happen on each machine they roam to seamlessly.

We also noticed that News, Money & Sports had the same issues so we added microsoft.bingnews_8wekyb3d8bbwe, microsoft.bingsports_8wekyb3d8bbwe, microsoft.bingfinance_8wekyb3d8bbwe to the permission powershell script.
Monday, December 14, 2015 6:18 PM
• This has been reported on Nov 18, though not in its full context. There is a ticket on Edge and roaming profiles on 1511 https://connect.microsoft.com/IE/feedback/details/2031419/ie11-and-edge-crash-on-start-if-customer-use-roaming-profile-win10-1511

It is technically "under investigation".

The Powershell script works nicely. Thanks! I put in in a GPO with a WMI filter to target Win 10 computers 240 and 1511 builds.

SELECT * FROM WIN32_OperatingSystem WHERE Version LIKE '10.0.%'

Monday, December 14, 2015 7:55 PM
• The problem with that ticket on the "Connect" site is that they've reported it as an Internet Explorer problem for the IE team.  In our experience, this doesn't affect IE in any way, shape or form.  I would assume that one involving IE is a separate issue.
Monday, December 14, 2015 8:12 PM
• We encounter the same issue. W10 Enterprise 10.240 and also new image with 1511 build. As soon as they are joined to domain and roaming profile being used, cortana, edge and startmenu crashes (rpc failure)

Really great job of MS. When they continue to deliver such great stable updates and new releases windows 10 they will have a lot of good friends inside the IT departments of companies.

I will raise incident at MS premier support to sort out what officially will be solution by them as we are in the beginning of rolling out W10 enterprise to our company.

Tuesday, December 15, 2015 10:02 AM
• I'm also having this problem, but using Christian Ulrich's script fixed the problem for the most part.

However, Cortana still crashes without launching.  After I click on Cortana, I notice the issue where there's a delay launching the Start Menu.  If I logoff and log back on, the Start Menu appears normally again until i accidentally hit Cortana again.

I do see a few errors in the event log related to Cortana crashing:

• Event ID 1000 - "Faulting application name: SearchUI.exe, version: 10.0.10586.17, time stamp: 0x56518e0a..."
• Then a Windows Error Report is created (not much useful information in the dump file, but then again, i'm not too good at reading those)
• About a minute later, Event ID 2486 "App Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy+CortanaUI did not launch within its allotted time."

Is anyone still having this issue after applying the registry "patch"?  I'm using build 10586.

Also, I'm not seeing the huge amount of data usage by Cortana that's been reported by some users.  It's only used 20.2MB in the past 2 days.

Thursday, December 17, 2015 5:34 AM
• It looks like a new cumulative update KB3124200 was just released, but doesn't appear to fix the roaming profile problems :(

I installed KB3124200 on my build 1511 computer a few minutes ago and it updates the OS Build to 10586.36.

Created a brand new user with a roaming profile, logged in, Edge works etc...waited until everything got done being set up, then logged out.   Logged in again, Edge now broken and Cortana starts it's gigantic downloads.

Emu_99>   Any info from MS Premier Support on when Microsoft is going to issue a proper fix for this problem?

Thursday, December 17, 2015 6:47 PM
• I ran the script with a fresh profile (it's roaming). It worked... until I made changes to Edge. After changing the default home page and search engine, I signed out and signed back in and Edge started crashing again.
Friday, December 18, 2015 6:06 PM
• Mine broken also.  Tired for the past 5 days no joy

Friday, December 18, 2015 7:09 PM
• My current attempt at a fix, using the proposed idea of assigning additional permissions to certain registry keys. This is intended to be assigned as a login script (it appears that it fixes the problem from the current session forward):

#!PowerShell. De pilo pendet.

function MakeACE() {

# S-1-15-2-1 is WELL_KNOWN_SID_TYPE::WinBuiltinAnyPackageSid, "APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES".
# The self-documenting NTAccount type results in an object that "cannot be translated".
$id = New-Object System.Security.Principal.SecurityIdentifier("S-1-15-2-1") New-Object System.Security.AccessControl.RegistryAccessRule($id,
[System.Security.AccessControl.RegistryRights]::FullControl,
[System.Security.AccessControl.InheritanceFlags]::ContainerInherit,
[System.Security.AccessControl.PropagationFlags]::None,
[System.Security.AccessControl.AccessControlType]::Allow)

}

function GrantRequiredAccess($key) {$acl = Get-Acl $key$acl.AddAccessRule((MakeACE))
Set-Acl $key$acl

}

# All Windows 10, since Microsoft apparently managed to break build 10240 as well in December 2015, after having shipped 10586 broken from the start.
if ([Environment]::OSVersion.Version.Major -eq 10) {

GrantRequiredAccess "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe"
GrantRequiredAccess "HKCU:\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cortana_cw5n1h2txyewy"

}
Note: Using SetACL.exe, this can be done in two lines instead.

Worked for me ty! ty!
Friday, December 18, 2015 8:31 PM
• Got the same problem!

Also got a weird problem that SOMETIMES a profile fully syncs local and locallow and all other excluded folders (wtf?). Never had this with XP, 7 and 8.1.

Really MS? Are you allready trying to let administrators see how bad Win10 is? You want them to upgrade is it not? This is a beta OS!

REAL fix is needed very soon!

Wednesday, December 23, 2015 8:50 AM
• Also got a weird problem that SOMETIMES a profile fully syncs local and locallow and all other excluded folders (wtf?). Never had this with XP, 7 and 8.1.

Are you running Threshold 2 (build 10586)? The issue that sometimes a profile syncs locally seems to be solved in that build.
Wednesday, December 23, 2015 1:10 PM
• Also got a weird problem that SOMETIMES a profile fully syncs local and locallow and all other excluded folders (wtf?). Never had this with XP, 7 and 8.1.

Are you running Threshold 2 (build 10586)? The issue that sometimes a profile syncs locally seems to be solved in that build.

Yes I'm running that build. It did not happen a lot so didn't know that was fixed. Now Edge....

I still cannot fully understand how this could happen. MS is running and testing the OS internally or are they running on OSX :p would be funny.

Wednesday, December 23, 2015 2:45 PM
• Hi, yes, incident was raised at MS Premier Support.
Problem is known to MS and the case has been forworded to the product group. But no quick solution like private hotfix or even a General available.
(maybe also due christmas and holidays not such large resources available...)
As I'm also on vacation now and luckily we are "only" at the begin of a Pilot deployment with w10 i agreed next contact with them begin january...
BR
Emu

Wednesday, December 23, 2015 6:10 PM
• I can confirm the same problems in a server 2012 essentials environment.  Hard to believe this isn't a major issue for MS to solve.
Thursday, December 24, 2015 4:04 AM
• Hi, yes, incident was raised at MS Premier Support.
Problem is known to MS and the case has been forworded to the product group. But no quick solution like private hotfix or even a General available.
(maybe also due christmas and holidays not such large resources available...)
As I'm also on vacation now and luckily we are "only" at the begin of a Pilot deployment with w10 i agreed next contact with them begin january...
BR
Emu

Didn't want to see the issue dropped due to holiday. New contributor here - same problem. Win 10 on domain, no edge, no search, no left click start... Off Domain all is well.  All other OS works fine, just not Win 10. buggy...
Tuesday, December 29, 2015 12:00 AM
• I have a similar problem, however, mine is about Explorer.exe freezing a lot and needing a reset from time to time in Mandatory Profiles (in normal Roaming do not happens). And aparently Search/Cortana/Privacy Settings is related to the issue.

About the Universal apps don't work on roaming profiles, I think that there is and GPO setting that prevents them from installing and running on special profiles (roaming or mandatory).

The setting is at: Computer Configuration/Policies/Administrative Templates/Windows Components/App Package Deployment/Allow deployment operations in special profiles

Enabling this will force the special profile to keep the Apps and not vanish them.

• Edited by Wednesday, December 30, 2015 2:53 PM Enable Link
Wednesday, December 30, 2015 2:51 PM
• Same issues here. Everything great, until 1511 10856. Then No Edge, No Search (No Cortana which is just a Search Extension), DNS Domain, Static IP, 2 Windows Server 2008 R2 (Until 2016 are available) over 50 Users Roaming Profile, It's not practical to make all new users. Even on my Direct From Dell new WIN10 Pro based, not upgraded at factory. Worked Great, but as soon as 1511 hit. Bam. Tried above Fixes, seems to have fixed Edge, but no Search/Cortana. Edge and Cortana aren't major blows, as haven't had time to get used to them, but the Search is a Problem. Only Known solution I've found , is to use the search function that's embedded in the File Explorer in the Top Right. Tried all Solutions in this thread, None Worked.
But desperately Looking for a sensible solution or fix from MS asap.
Thursday, December 31, 2015 5:25 PM
• Same issues here!

@MS: Please fix this quick!!!!!

PS: First time I'm happy about Chrome in the Company!

Friday, January 1, 2016 11:48 PM
• Tried above Fixes, seems to have fixed Edge, but no Search/Cortana. Edge and Cortana aren't major blows, as haven't had time to get used to them, but the Search is a Problem. Only Known solution I've found , is to use the search function that's embedded in the File Explorer in the Top Right. Tried all Solutions in this thread, None Worked.
But desperately Looking for a sensible solution or fix from MS asap.

I've got the same experience as Brent Warren Lubbock Texas on at least some of my users (maybe most of them) with roaming profiles.  The above registry fix doesn't get Cortana/search working correctly.  It does cease the Cortana gigantic downloads though, and it seems to make Edge work again.

Still waiting on a fix from Microsoft before I deploy any additional Windows 10 machines.

Tuesday, January 5, 2016 2:55 PM
• Having the same issue as all. Domain joined Windows 10 build 10586 with roaming profiles.

Edge and Cortana not working. Many users have Start menu either not working or only showing left pane and none of the standard built in apps under 'All Apps'

This is causing a major headache, forcing me to move users to local profiles one by one as they experience the issue.

Come on Microsoft, this needs full attention, NOW!

Tuesday, January 5, 2016 5:57 PM
• Same issue with Windows 10 build 1511 upgrade and roaming profiles.  I see "Search Windows" instead of Cortana and "Cortana & Search settings" in Settings just won't open.

This is nuts Microsoft!

Wednesday, January 6, 2016 5:12 PM
• In my experience once Edge is broken by this IE also doesn't work. Can't believe they didn't test the build with roaming profiles, one of their own technologies.
Thursday, January 7, 2016 10:38 AM
• This worked for me!

Thanks

Patrick

Patrick Tournay

Monday, January 11, 2016 9:28 AM
• There was a new Cumulative Update for Windows 10 build 1511 today, KB3124263, that changes the OS Build to 10586.63.   It doesn't appear to have fixed anything regarding the broken roaming profiles.  I created a new roaming profile, logged out and back in, and Edge, Cortana, etc.. are broken just as before  :(

Tuesday, January 12, 2016 7:36 PM
• In my experience once Edge is broken by this IE also doesn't work. Can't believe they didn't test the build with roaming profiles, one of their own technologies.

This is what blows my mind.  Is Microsoft really not testing this thing at all before releasing it?

And to make matters worse, this stuff has been repeatedly reported in the Feedback app for months, and there are not any fixes.  Hell, to my knowledge, Microsoft has not even acknowledged that it's a problem.  Is that a nod to Microsoft basically saying, "We know about it but aren't going to fix it"?

Wednesday, January 13, 2016 3:17 AM
• I got the same error since mid-December but I do not turn on 1511 Threshold 2
Wednesday, January 13, 2016 11:28 AM
• :bump:

Still an issue. MS could at least acknowledge this, instead they remain silent.

I got the same error since mid-December but I do not turn on 1511 Threshold 2

Could u tell us your build number then, please?

----------

Also, adding or more likely the act of trying to add an MSA to an domain account seems to break the roaming profile in so far, that it somehow resets the security settings on the folders and renders those (and the profile) useless.

On the side: Adding an MSA via Accounts -> Add Microsoft-Account is not quite possible since the window will close itself almost immediately, but we were able to add one over the insider preview builds, where one has to connect to an account.

Did anyone else encounter something like this ?

• Edited by Monday, January 18, 2016 2:12 PM
Monday, January 18, 2016 11:29 AM
• I've just discovered this thread; have the same Edge (and selected other apps) problems with 1511 on a domain with roaming profiles. For the record, the delete Edge cache/reinstall Edge fix works (for the remainder of the Windows session). The registry ACL change does not. Cortana is working normally. Small sample size...tested on my account on my computer only so far.

I don't recall having difficulties adding my MSA, but I do know the Edge problem followed immediately. The machine was a clean install of 1511 at the time. That's been my focus until finding this thread, and I've seen threads dating back to long before 10240 about this problem with MSA's overlaid on domain accounts.

About to disable roaming profiles for my account, delete my roaming profile, and let Windows create a new local profile.

That's not a big deal in this system...my home domain/lab system. My wife and I are the only users. But I am an IT consultant with 2 clients about to implement roaming profiles. One has 10% W10 machines, the other hasn't started W10 migration yet. Really glad I ran across this thread before rolling it out!

Thanks to all the contributors who've put so much time into puzzling this out and posting their findings.

I think every version of Windows later than 7 has had serious roaming profile issues. They fix one, and introduce another.

Completely agree that MS needs to get on this for Win 10 to be taken seriously in enterprise. Have upvoted all the related comments to this issue on the feedback thread. Concerns me that there are about 6 or 8 threads with only 2 or 3 votes each. Sounds like it's pretty repeatable.

Tuesday, January 19, 2016 5:26 AM
• Having the same problem.. :(

I've investigated this a bit more - apparently the 'normal' situation under "Appcontainer\Storage" in the registry is for each app's entry to be accessible to it's own SID/user only. The SID's are listed in AppContainer\Mappings .

The only exception is Edge, which has a second SID that needs access. For some strange reason, that second SID only has read access on the first login of a new account, but needs SetValue and CreateSubKey permissions to get Edge working again on a 'broken' account.

I don't really like the idea of giving "full control" to "all application packages" because it essentially breaks the whole security model that MS designed around the Metro apps.

So, i've written My First PowerShell Script (tm), reusing parts of Christian's script. It iterates over all apps and fixes their permissions. It only grants the minimum amount of permissions, as close to the original permissions as possible (the only exception are the extra 2 permissions for Edge).

function MakeACE($sid,$right) {
$id = New-Object System.Security.Principal.SecurityIdentifier($sid)
New-Object System.Security.AccessControl.RegistryAccessRule($id,$right,
[System.Security.AccessControl.InheritanceFlags]::ContainerInherit,
[System.Security.AccessControl.PropagationFlags]::None,
[System.Security.AccessControl.AccessControlType]::Allow)
}

if ([Environment]::OSVersion.Version.Major -eq 10) {

get-childitem -Path "Registry::HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\" | Foreach {
$prop = Get-ItemProperty -Path Registry::$_
$sid =$prop.PSChildName
$app =$prop.Moniker

$key = "HKCU:\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\$($app)"$acl = Get-Acl $key$ace = MakeACE $sid ([System.Security.AccessControl.RegistryRights]::FullControl)$acl.AddAccessRule($ace) if (!$app.CompareTo("microsoft.microsoftedge_8wekyb3d8bbwe")) {
$ace = MakeACE "S-1-15-3-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194" ([System.Security.AccessControl.RegistryRights]::SetValue)$acl.AddAccessRule($ace)$ace = MakeACE "S-1-15-3-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194" ([System.Security.AccessControl.RegistryRights]::CreateSubKey)
$acl.AddAccessRule($ace)

}

Set-Acl $key$acl

}

}

• Edited by Tuesday, January 19, 2016 5:00 PM
Tuesday, January 19, 2016 4:59 PM
• Hi to all,

I think the main problem about this is, that the (free) upgrade is actually not allowed for Domain Computers that are in Active Directory or which are using WSUS as update service (I don't know which of you all had done the free upgrade and which of you installed Windows 10 as a new Installation).

The (free) upgrade is only allowed for private persons or at the end of this month for small businesses, that won't use Active Directory or WSUS.

Perhaps, this is the reason why the roaming profiles won't work and Microsoft hasn't got a better way to block the free upgrade.

Just refer to this link:

Kind regards,

Stefan

Tuesday, January 19, 2016 7:26 PM
• I would like to add my voice to this thread. Is Microsoft really serious about Windows 10 in the Enterprise?

We are a UK school and preparing for a possible Windows 10 rollout this summer across 300 plus machines. In testing, we have hit exactly the same issue with Roaming Profiles - totally busted with Edge (and other things too). We've tried various combinations of local/roaming/mandatory profiles (with and without UEV) to replicate our current Windows 7 environment. We have yet to come up with anything which works and provides acceptable log in times for our roaming user base. (Our Network Manager has even started looking at third party profile solutions, which will probably be unaffordable.)

I attended a MS Event last week entitled "Windows 10 in the Enterprise". It focussed almost entirely on how to build/upgrade machines, Azure AD and work-at-home users. There is far more to running Windows 10 in an Enterprise than being able to build a machine, and in my view Microsoft are not properly addressing "real world scenarios" - they seem to be focussing their coding and testing efforts on 1-2-1 device scenarios. Sadly, in its current state, Windows 10 appears to be unusable in environments with a roaming user base.

Regards

Richard

Wednesday, January 20, 2016 6:57 AM
• No thats not it. We did not use the free upgrade. Are all clean installed newly paid versions.
Wednesday, January 20, 2016 8:25 AM
• I would like to add my voice to this thread. Is Microsoft really serious about Windows 10 in the Enterprise?

If you haven't already, and don't mind losing Edge and Cortana, I'd suggest looking into the Long Term branch. It doesn't address all the issues, but we think it's a more feasible way forward for large environments with a need for roaming user support. It's not perfect, and it's not as good as 7, but we think it's workable.

Microsoft seem to have lost sight of environments where, to a first approximation, a user never uses the same PC twice; needs their settings to move with them; but also needs reasonably fast login. Roaming profiles combined with redirected folders handle that pretty well, and I'm not aware of anything else that does.

Wednesday, January 20, 2016 12:38 PM
•    Just to chime in here, same problems. We upgraded our DC servers from 2008 R2 to 2012 R2 and updated the policies but this made no difference either. With roaming profiles enabled edge (news and other apps) won't run. The only thing that temporarily fixes for ex. Edge is removing edge, deletingt the app package and reinstalling it. This makes it work until the user logs out and back in again. Nothing changes in the edge package files nor the user's profile edge files. It's definitely a registry/permission handling issue while the user profile is in roaming mode, something is broken here.

Someone said it was because this happens with the "free non corporate versions" well this is not the case here, we have a MAPs subscription and used this build then upgraded with standard windows update to the latest build on freshly built VMs and non VMs. Any updated Windows 10 machine joined to a domain with a roaming profile is affected by this problem.

Wednesday, January 20, 2016 2:03 PM
• Mike - I agree entirely with what you are saying. Thanks for your suggestion regarding Long-Term Service Branch. Sadly, it is not an option for schools, as it is not available if you licence Windows 10 Education Edition. See matrix:

http://wincom.blob.core.windows.net/documents/Win10CompareTable_v2_EN+GB.pdf

If Windows 10 is not as good as Windows 7 in supporting user roaming, then I don't see a case for migrating at this point in time (although our Network Manager thinks that Windows 10 will be required before too long to support newest chipset features).

Richard

Wednesday, January 20, 2016 7:23 PM
• Hi

I solved the Edge crash  setting the perrmissions in that registry key:

HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe

to Full control on ALL APPLICATION PACKAGES  principal.

Yes this is definitely a quick fix and is persistent after the user logs off and back on again with roaming profile on the same machine. No need to propagate the permissions either, it's sufficient to set Full control to the All application packages principal. Kudos.

--- Luca Forattini

Thursday, January 21, 2016 1:43 PM
• Stefan

The free upgrade is "allowed" for Home and Pro SKUs, the latter of which can join a domain and/or use WSUS/SCCM. As explained in the blog you cite, it is not currently OFFERED to those machines by GWX, but MS has provided ample documentation (and encouragement) for administrators to apply the free upgrade.

Windows Enterprise edition IS ineligible for the free upgrade, except for licenses covered by SA. Can't speak for all, but my systems are running Pro and are thus fully eligible for the upgrade.

Sunday, January 24, 2016 3:47 AM
• Another new Cumulative Update for Windows 10 build 1511 today, KB3124262, that changes the OS Build to 10586.71.   It doesn't appear to have fixed anything regarding the broken roaming profiles.  I created a new roaming profile, logged out and back in, and Edge, Cortana, etc.. are broken just as before  :(
Wednesday, January 27, 2016 10:50 PM