Troubleshoot Common FSLogix Issues

Troubleshoot Common FSLogix Issues

FSLogix has been challenging for many people, especially in the early days of AVD. We strongly recommend reviewing this article for a general overview of FSLogix.

The following article is a brief overview of FSLogix in Nerdio Manager, a few things that can commonly go wrong, and how to troubleshoot those issues.

How FSLogix Works

The understanding of the orchestration of FSLogix with profiles makes logical sense when you look at the pieces and parts that FSLogix puts together.

  • FSLogix services are part of every deployment done with Nerdio Manager.

  • Standard Configurations:

    • Users profiles are stored at a UNC path of your choosing or in Azure Files.

    • Additional FSLogix configurations are at your discretion.

Common FSLogix Issues

There are a number of situations that can cause the FSLogix profile redirection to fail. Here is a list of the most common ones. See Resolve FSLogix Issues for problem resolutions.

Error

Cause

Solution

ERROR:00000005

ERROR:00000428

/ Access is denied

The user does not have permissions to access the file share.

If using Azure Files, please check the RBAC/IAM Access Control in Azure and ensure the users are given Storage File Data SMB Share Contributor. Also check the SMB/NTFS permissions on the shared folder itself, and ensure that the user has access to the share. "Authenticated Users" contains users that have the SMB Share contributor role. "Administrators" has the SMB Share Elevated Contributor role.

ERROR:00000020

/ The process cannot access the file because it is being used by another process

The VHDx or VHD profile file has a Read/Write lock, or file handle, already placed on it. Most likely another session is accessing the profile from another computer.

Find the computer responsible and either manually log out the user session or restart the VM.

If the user session is not active on any session host, closing the lock file handles from the storage account may be required.

ERROR:0000048f

/ The device is not connected

The file share's size limit/quota may have been reached.

Increase the size quota for the file share.

ERROR:00000020

/ The user name or password is incorrect

If this is a new Azure File Share, it is likely that the Storage Account hasn't fully synced/joined with Active Directory yet. The process can take up to 24 hrs in the worst cases.

Wait for a few hours (can take up to 24 hours), then try again. If this is not a new Azure Files storage account, and it has been more than 24-48 hours since it has been joined to AD, you may need to contact Azure Support.

ERROR:00000423 ERROR:00000043

/ The network name cannot be found

The FSLogix file path is misspelled/incorrect, or the session host cannot find it on the network using the file path (DNS failure or firewall blocks).

Check your environment and Nerdio Manager settings.

  • Check to make sure the FSLogix Profiles Path (VHDLocations) setting is correct. Host PoolsAction MenuProperties FSLogix.

  • Try accessing the file share while connected to a VM on the same virtual network as the session host to verify network connectivity.

  • Check the storage account settings. Access may be set to disallow access from "All Networks." Special consideration and configuration must be implemented if this setting is changed to "Selected Networks."

ERROR:0x00000013

The FSLogix profile fails to attach due to the "Deny write access to fixed drives not protected by BitLocker" policy. This policy, enforced through Microsoft Intune, Microsoft Defender, or Group Policy Objects (GPOs), requires encryption on disks, and causes "The media is write protected" error.

This issue can be resolved in different ways depending on whether the policy was enforced through Microsoft Intune, Microsoft Defender, or Group Policy Objects (GPOs). For details, see How can I resolve the FSLogix "Media is write protected" issue?.

0x000004F1

The system cannot contact a domain controller to service the authentication request.

While this could be an issue with the Session Host not being able to contact an Active Directory (or Entra Domain Services) Domain Controller, it is also possible to get the error from Entra ID joined environments.

Domain Services: Check to make sure the Domain Controller is online and the VNet is configured to point to them in the DNS Settings.

Entra ID: Review the Use Azure Files with Entra ID article How to Use Azure Files with Entra ID Joined Method for AVD and verify you have the following settings in place:

  • "AADJWindowsCredentialManager" Scripted Action in the VM is Created section of the VM Deployment tab of the Host Pool Properties.

  • The "Configure session hosts registry for Microsoft Entra Joined storage" box is selected in the FSLogix Profile for the host pool.

  • The "AccessNetworkAsComputerObject" FSLogix Registry option is set to 1.

Note: If you needed to change any of these settings, it is recommended to re-image or redeploy your session hosts.

Unknown status: 4294967295

This happens when a user logs in with a local profile and then tries to log in with an FSLogix profile.

Ensure that the DeleteLocalProfileWhenVHDShouldApply setting is enabled in the FSLogix properties. See the Microsoft article Configuration Setting Reference for details.

Troubleshoot FSLogix Issues

  • There is no “local_%username%” folder in C:\users when the user is signed in. This means FSLogix isn’t working.

  • The date/time on the VHD file in the user profile location is not current. This means FSLogix is not mapping properly and changes are not being saved.

  • The Event Viewer FSLogix Operations log shows errors. Each error has a code and if you search the FSLogix codes you are able to identify the root cause.

  • Additional information is available in the logs. Find these in the pool host that serviced the users login attempt. For example:

    \\Pool-A00000N\c$\ProgramData\FSLogix\Logs\Profile\

  • Sign in to FS01 and check the permissions on the user's VHD file in User Profile Location\%Username%\Profile_%Username%.vhdx. Right click to check the security permissions.

  • For Nerdio Manager, see Troubleshoot FSLogix Profile Mount Errors for details.

Resolve FSLogix Issues

  • This is a permissions issue and the permissions should be set back to the default.

  • Update the registry entries on the pool template to point to \\FS01.nerdio.int (or whatever the Nerdio AD FQDN is). There are two registry entries to change. Set the template as image and update existing hosts.

  • Remove the local profiles from the session host and/or template VM. Alternatively, implement the “delete local profile when it exists” registry entry on the template so FSLogix does that automatically.

  • Find the other session on another host and sign out. It is important to do this rather than just killing the file handle because there may be a RW VHD file that needs to be merged with the main profile. If the file handle is closed without signing out, then the RW file is discarded and some changes that user made may be lost.

  • Change the configuration on the global AVDSH00 template to not exclude Domain Admins from mapping FSLogix.

  • The issue caused by the "Deny write access to fixed drives not protected by BitLocker" policy can be resolved in different ways depending on whether the policy was enforced through Microsoft Intune, Microsoft Defender, or Group Policy Objects (GPOs). For details, see How can I resolve the FSLogix "Media is write protected" issue?.

Recreate a User Profile

There are times where it may be necessary to recreate a user's profile. Assuming the default folder redirections are in place, recreating the profile does not delete the user's Desktop, Documents, or Favorites folders.

Warning: Any files saved elsewhere in the profile, and any profile customizations, are lost.

To recreate the user profile:

  1. Ensure the user signed out and the container unmounted.

  2. On FS01, navigate to E:\Profiles.

  3. Locate the user profile you want to recreate.

    Note: The full path to the profile container is E:\Profiles\%Username%\GUID_username\Profile_%Username%.vhdx.

  4. Delete the user profile. Alternatively, if deleting the user profile might pose a risk of data loss, move it to another location.

  5. Have the user sign in their desktop. A new profile container is created.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.