FsLogix - Unclean logoff causing locked files until server reboot

Much R 66 Reputation points
2021-01-13T16:29:50.18+00:00

Problem is described by M4deman under unclean-logoff-causing-locked-files-until-server-reboot

It seems to have something to do with the 2009 version.
The latest version of FSLogix is installed whats-new

Description

After a user logoff, the "System" Process (PID 4) locks the following folders:

C:\Users\local_username\AppData\Local\Microsoft\Credentials
C:\Users\local_username\AppData\Roaming\Microsoft\Credentials

The user is completely logged of, according to Task Manager.

In the FSLogix Profile Log file I can see the following:

[07:53:55.601][tid:00000c90.0000ce44][ERROR:00000020] Delete profile failed for sid S-1-5-21-3364776539-3721753400-1968955100-1179, Cleaning up manually. (Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.)
The last sentence means that the process cannot access the file, because another process already uses it.

Also the whole "local_username" folder cannot be deleted:

[08:23:15.479][tid:00000c90.0000bcc4][WARN: 00000005] Failed to delete C:\Users\local_usename (Access is denied)
Access Denied

Does someone have any info on this behaviour?

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,189 questions
FSLogix
FSLogix
A set of solutions that enhance, enable, and simplify non-persistent Windows computing environments and may also be used to create more portable computing sessions when using physical devices.
460 questions
{count} votes

103 answers

Sort by: Most helpful
  1. Much R 66 Reputation points
    2021-01-26T10:23:03.213+00:00

    I noticed the following, but I'm not sure.

    We have a GPO active so that disconnected sessions are automatically logged off after 3 hours. I have currently disabled this setting.
    There seems to be a difference whether the user logs out himself or whether this is done by the system.

    Does anyone else have this setting active?

    Instead of logging off the users whit GPO, we restart the RDS server every day. So far I haven't found any local_username folders


  2. Stefanos Evangelou 106 Reputation points
    2021-01-30T20:43:54.123+00:00

    Hello,

    I am having the exact same issue in a production environment running Citrix Virtual Apps and Desktops LTSR 1912 CU1 on Windows Server 2019 Standard Session Machines with latest OS updates and Office365 updates. Citrix Profile Management components are disabled and not used in the environment. Only FsLogix latest stable release is being used for user profile management.

    We have tried to apply the following workarounds, to no avail: https://stefanos.cloud/blog/kb/how-to-resolve-error-group-policy-client-service-failed-the-logon-access-denied-in-citrix-and-fslogix-environments/.

    The root cause of the issue seems to be that the local_username profiles created by FsLogix are not released properly at logoff (see attached screenshot). The file handles are kept open by the lsass.exe process. This is reflected in the FsLogix profile container logs (cannot delete C:\users\username folder. Access denied). We tried to manually close these handles with the SYSTEM user but afterwards the FsLogix service would not startup in the session machine.
    62107-citrix-fslogix-handle64-lasassexe.png
    We have opened a technical case with Microsoft which is being escalated. We really hope that Microsoft provides a release soon including a fix for this issue.


  3. Much R 66 Reputation points
    2021-02-01T16:11:42.237+00:00

    Hello,

    My workaround:

    1. Deactivate all automatisms with which the users are automatically logged off (Tasks, Scripts, GPO,....).
    2. Schedule a daily restart of the RDS server.

    That seems to be going better.

    Additive:
    I had a case that did not affect the local_Username folder, but the Username folder. See the attachment.
    62580-2.jpg

    I will also try to open a ticket with Microsoft. But that doesn't seem so easy...
    Microsoft doesn't want anyone to report a problem...
    Microsoft doesn't read here in the forum either...


  4. Stefanos Evangelou 106 Reputation points
    2021-02-04T11:02:01.567+00:00

    I have engaged Microsoft Support on this. We checked a few things:

    1) Double check that all antivirus exclusions are set up properly, as per Microsoft recommendations: https://learn.microsoft.com/en-us/azure/architecture/example-scenario/wvd/windows-virtual-desktop-fslogix (antivirus exclusions section).
    2) Experiment with changing a few registry key values affecting the FsLogix profile operations, as per: https://learn.microsoft.com/en-us/fslogix/profile-container-configuration-reference.
    3) Took procmon and etl traces in a working and non-working scenario, since this is occurring to some of the users. First analysis of procmon did not show any permissions violations, all CloseFile events by the FsLogix service (run with NT Authority\SYSTEM credentials) seems to be clean (SUCCESS). Now waiting on analysis of the procmon and etl logs from another round of testing by Microsoft Support.
    4) Stop and disable the "Connected User Experiences and Telemetry" Windows service, as this has been seen to cause issues with profile release operations in Microsoft RDS/UPD environments. Nothing changed, issue persists.
    5) Check FsLogix redirections.xml file configuration. This testing is in progress and more details are included in the following post: https://stefanos.cloud/blog/kb/how-to-resolve-error-group-policy-client-service-failed-the-logon-access-denied-in-citrix-and-fslogix-environments/.

    0 comments No comments

  5. Dlo 91 Reputation points
    2021-02-04T11:57:10.957+00:00

    We have been having this issue for months and it randomly gets worse at times then we have to reboot our Citrix Session hosts running windows 10 multisession version in azure.
    We have a case open with Microsoft as well and we also get users not able to log into their sessions as well like you guys get with the Group Policy issues and other random issues.
    They have no clue what's going on yet and I asked for my case to be escalated as well.

    We also have random files being deleted off our C:\ Root even one or two whole folders like the other user had in another thread on here. Trying to see if that is tied to FSLogix as well so far its seems to be.

    I am wondering if its a load thing cause we have 4/5 Delivery groups in Citrix and it happens more to the ones that have more users. Way less to the ones that have less users.
    We have been having this issue with the last 2/3 Versions of FSLogix as well. We upgraded hoping to resolve the issue.

    0 comments No comments