Navigation
This article applies to all versions of Profile Management: 2411, 2402 LTSR, 2203 LTSR, 1912 LTSR, etc.
- Change Log
- Planning:
- Create User Store (File Share)
- GPO ADMX Policy Template
- Group Policy Settings
- Mandatory Profile – Citrix Method
- Redirected Profile Folders (Folder Redirection)
- Verify Profile Management
- Troubleshooting
💡 = Recently Updated
Change Log
- 2025 Feb 8 – Updated Versions section for version 2402 LTSR CU2
- 2024 Dec 7 – App Access Control updated for 2411
- 2024 Dec 4 – Updated Versions section for version 2411
- 2024 Aug 4 – New features listed in Profile Container section
- 2024 April 18 – added link to Citrix Tech Zone Deployment Guide: Citrix Profile Management – OneDrive Container
- 2024 April 17 – Updated Versions section for version 2402 LTSR
- Added link to Enable roaming for the new Microsoft Teams at Citrix Docs
 
- 2023 Dec 23 – Profile Container – updated screenshots for 2311
- 2023 Dec 18 – added info from CTX585013 Microsoft Teams 2.1 supported for VDI/DaaS.
- 2023 Sept 14 – Profile Container auto-expansion
- 2024 April 30 – Updated Versions section for version 1912 LTSR CU9
- 2023 June 2 – added Enable and configure user-level policy settings at Citrix Docs
- 2023 Apr 4 – App Access Control – added GUI Rule Generate from WEM Cloud
- 2023 Apr 1 – App Access Control
- 2023 Mar 21 – added info from CTX489573 Office 365 – Account Error: Sorry, we can’t get to your account right now
Planning
Profile Management Versions
Profile Management is included with the installation of Virtual Delivery Agent. To upgrade Profile Management, simply upgrade your VDA software. Here are the currently supported versions of VDA:
- VDA Current Release 2411
- VDA Long Term Service Release (LTSR) 2402 CU2
- VDA Long Term Service Release (LTSR) 2203 Cumulative Update 5 (CU6)
- VDA Long Term Service Release (LTSR) 1912 Cumulative Update 9 (CU9)
Or you can download the individual Profile Management component and install/upgrade it separately from the VDA software. You can even install it on non-VDA machines (e.g., PCs accessed by licensed Citrix users).
For LTSR VDAs, for LTSR support compliance, only install the Profile Management version that is included with your VDA installer. Don’t upgrade to a newer Current Release version.
The latest release of Citrix Profile Management is version 2411, which can be downloaded from Citrix Virtual Apps and Desktops 2411. To find it, click Components that are on the product ISO but also packaged separately.


Profile Management Configuration Options
Profile Management consists of a Service (installed on the VDAs), a file share, and configuration settings.
There are four methods of delivering configuration settings to the Citrix Profile Management service:
- Microsoft group policy
- Profile Management GPO settings are provided by an ADMX file
 
- Citrix Policies
- Either in Citrix Studio > Policies node
- Or in a Group Policy Object Editor > Citrix Policy (assuming Citrix Group Policy Management Plug-in is installed)
 
- Citrix Workspace Environment Management (WEM)
- UPMPolicyDefaults.ini file
If a UPM setting is not configured in GPO, Citrix Policy, or WEM, then the default setting in the UPMPolicyDefaults.ini file takes effect. The .ini file is located in C:\Program Files\Citrix\User Profile Manager on every machine that has Profile Management service installed.
Microsoft Group Policy (ADMX file) is probably the most reliable method of delivering configuration settings to the Profile Management services. This method uses the familiar Group Policy registry framework. Just copy the Profile Management ADMX files to PolicyDefinitions and start configuring. The configuration instructions in this article use the GPO ADMX method.
The Citrix Policies configuration method requires Citrix Studio, or Citrix Group Policy Management Plug-in. On the Profile Management service side, only VDAs can read the Citrix Policies settings.
- Citrix Policies has settings for Folder Redirection. If you use Citrix Policy to configure Folder Redirection, then the Folder Redirection settings only apply to VDAs that can read Citrix Policies. To apply to Folder Redirection to more than just VDAs, configure Folder Redirection using normal Microsoft Group Policy as detailed below.
- If you’re going to use Microsoft Group Policy to configure Folder Redirection, then you might as well use Microsoft Group Policy to also configure Citrix Profile Management.
Citrix Workspace Environment Management can also deliver configuration settings to the Profile Management services. This option requires the WEM Agent to pull down the settings from the WEM Brokers and apply them to Profile Management. It can sometimes be challenging to troubleshoot why WEM is not applying the settings.
Try not to mix configuration options. If you use both WEM and GPO, which one wins?
Multiple Datacenters
For optimum performance, users connecting to Citrix in a particular datacenter should retrieve their roaming profiles from a file server in the same datacenter. If you have Citrix in multiple datacenters, then you will need file servers in each datacenter.
DFS active/active replication of roaming profiles is not supported. This limitation complicates multi-datacenter designs.
For active/active datacenters, split the users such that different users have different home datacenters. Whenever a particular user connects, that user always connects to the same datacenter, and in that datacenter is a file server containing the user’s roaming profile. StoreFront uses Active Directory group membership to determine a user’s home datacenter.
For users that connect to Citrix in multiple datacenters, there are a couple options:
- The user’s roaming profile is located in only one datacenter – If the user connects to a remote datacenter, then the roaming profile must be transmitted across the WAN. To optimize performance, disable Active Write Back, and make sure Profile Streaming is enabled.
- The user has separate profiles for each datacenter – There is no replication of profiles between datacenters. This scenario is best for deployments where different applications are hosted in different datacenters.
Disaster Recovery – For disaster recovery scenarios, the user’s roaming profile data (and home directories) must be recovered in a different datacenter. Here are some considerations:
- Use DFS One-way replication. After the disaster, edit the DFS Namespace folder target to point to the file server in the DR datacenter. You must avoid multi-master DFS replication/namespace.
- Use VMware SRM or similar to recover the entire file server in the DR datacenter.
- A datacenter failover might result in multiple file servers accessed from a single VDA, especially if you have users split across datacenters. Use DFS Namespaces as detailed below.
DFS Namespace
DFS Namespace for central user store – The Citrix Profile Management user store path is a computer-level setting, meaning there can only be one path for every user that logs into a particular VDA. If you have different users with roaming profiles on different file servers, then you must use Active Directory user attributes and DFS namespaces to locate the user’s file server. Here is an overview of the configuration:
- Create a domain-based DFS namespace with folder targets on different file servers. See Scenario 1 – Basic setup of geographically adjacent user stores and failover clusters at Citrix Docs for more information.
- Do not enable two-way DFS Replication for the roaming profile shares. But you can do One-way DFS replication. See Scenario 2 – Multiple folder targets and replication at Citrix Docs for more information.
- Edit each user in Active Directory with a location (l) attribute that matches the DFS folder name.
- Set the Profile Management user store path to \\corp.local\CtxProfiles\#l#\#SAMAccountName#\!CTX_OSNAME!!CTX_PROFILEVER!. This pulls the user’s l attribute from Active Directory and appends that to the DFS share. The folder that matches the attribute value is linked to a file server. For example, if the user’s l attribute is set to Omaha, then the user’s profile will be located at \\corp.local\CtxProfiles\Omaha\user01\Win2016v6. The Omaha folder is linked to a file server in the Omaha datacenter.
Create User Store
This procedure could also be used to create a file share for redirected profile folders.
Create and Share the Folder
- Make sure file and printer sharing is enabled.
  
- On the file server that will host the file share, create a new folder and name it CtxProfiles or similar.
  
  
- Right-click the folder, expand Give Access to (Windows Server 2019) or expand Share with (Windows Server 2016) and select Specific people.
  
  
- Give Everyone (or some other group that contains all Citrix Users) Full Control (Read/Write). Click Share, and then click Done.
  
- Go to the Properties of the folder.
  
- On the Sharing tab, click Advanced Sharing.
  
- Click Caching.
  
- Select No files or programs. Click OK, and then click Close.
  
Folder NTFS Permissions
- Open the properties of the new shared folder.
- On the Security tab, click Edit.
  
- For the Everyone entry, remove Full Control and Modify. Make sure Write is enabled so users can create new folders.
  
- Add CREATOR OWNER and give it Full Control. This grants users Full Control of the folders they create. Click OK.
  
- Now click Advanced.
  
- Highlight the Everyone permission entry, and click Edit.
  
- Change the Applies to selection to This folder only. Click OK three times. This prevents the Everyone permission from flowing down to newly created profile folders.
  
  
Access Based Enumeration
With this setting enabled, users can only see folders to which they have access:
- In Server Manager, on the left, click File and Storage Services.
- If you don’t see Shares then you probably need to close Server Manager and reopen it. Or perform a refresh.
- Right-click the new share and click Properties.
  
- On the Settings page, check the box next to Enable access-based enumeration.
  
GPO ADMX Policy Template
- You can find the GPO ADMX templates on the main Citrix Virtual Apps and Desktops 2411 ISO in the \x64\ProfileManagement\ADM_Templates\en folder.
   - Or they are included in the standalone Profile Management download in the \Group Policy Templates\en folder.
 
- Copy the file ctxprofile.admx to the clipboard.
  
- If your domain has PolicyDefinitions copied to SYSVOL, paste the file there.
   - If you don’t have SysVol PolicyDefinitions, then go to C:\Windows\PolicyDefinitions and paste the file.
  
 
- If you don’t have SysVol PolicyDefinitions, then go to C:\Windows\PolicyDefinitions and paste the file.
- If you have an older version of the ctxprofile.admx file in either location, delete it. Note: replacing the .admx file does not affect your existing Profile Management configuration. The template only defines the available settings, not the configured settings.
  
- Go back to the Citrix Profile Management Group Policy Template files.
- Copy ctxprofile.adml to the clipboard.
  
- If your domain has a PolicyDefinitions central store in SYSVOL, copy it to the en-us folder in SYSVOL. This is a subfolder of the PolicyDefinitions folder.
   - If you don’t have SysVol PolicyDefinitions,, then go to C:\Windows\PolicyDefinitions\en-US and paste the file. This is a subfolder of the PolicyDefinitions folder.
  
 
- If you don’t have SysVol PolicyDefinitions,, then go to C:\Windows\PolicyDefinitions\en-US and paste the file. This is a subfolder of the PolicyDefinitions folder.
- If you have an older version of the ctxprofile.adml file in the en-US folder in either location, delete it.
  
CitrixBase:
- Go up a folder and then open the CitrixBase folder.
  
- In the CitrixBase folder, copy the file CitrixBase.admx to the clipboard.
  
- If your domain has PolicyDefinitions copied to SYSVOL, paste the file there.
   - If you don’t have SysVol PolicyDefinitions, then go to C:\Windows\PolicyDefinitions and paste the file.
  
 
- If you don’t have SysVol PolicyDefinitions, then go to C:\Windows\PolicyDefinitions and paste the file.
- Go back to the Citrix Profile Management Group Policy Templates and copy CitrixBase.adml to the clipboard.
  
- If your domain has a PolicyDefinitions central store in SYSVOL, copy it to the en-us folder in SYSVOL. This is a subfolder of the PolicyDefinitions folder.
   - If you don’t have SysVol PolicyDefinitions,, then go to C:\Windows\PolicyDefinitions\en-US and paste the file. This is a subfolder of the PolicyDefinitions folder.
  
 
- If you don’t have SysVol PolicyDefinitions,, then go to C:\Windows\PolicyDefinitions\en-US and paste the file. This is a subfolder of the PolicyDefinitions folder.
Group Policy Settings
- Edit a GPO that applies to all machines (VDAs) that have the Profile Management service installed.
  
- Go to Computer Configuration | Policies | Administrative Templates | Citrix Components | Profile Management.
- Note: if you did not install the CitrixBase.admx file, then you can find Profile Management directly under the Administrative Templates node instead of under Citrix Components.
 
- Enable the setting Enable Profile management. Profile Management will not function until this setting is enabled.
  
- If desired, enable the setting Process logons of local administrators.
  
- Enable Path to user store.
  
- Specify the UNC path to the folder share. An example path = \\server\share\#SAMAccountName#\!CTX_OSNAME!!CTX_PROFILEVER!
   - Profile Versions– Different OS versions have different profile versions. Each profile version only works on specific OS versions. For example, you cannot use a Windows 7 profile (v2) on Windows 10 1607 (v6). The variables in the path above ensure that every unique profile version is stored in a unique folder. If users connect to multiple operating system versions, then users will have multiple profiles.
- Windows 10 Profile Versions – Windows 10 has two different profile versions. Windows 10 build 1511 and older use v5 profiles. Windows 10 build 1607 and newer use v6 profiles. v5 and v6 profile versions are incompatible so they should be separated.
- Resolved variables – With the example user store path shown above, if the user logs into Windows 2012 R2 RDSH, the profile folder will be \\server\share\user01\Win2012R2v4. If the user logs into 64-bit Windows 10 build 1607, the profile folder will be \\server\share\user01\Win10RS1v6.
- Windows 10 v6 vs Windows 2016 v6 – Both Windows 10 (1607 and newer) and Windows Server 2016 use v6 profiles. Do you want to use the same profile for both platforms? If so, remove !CTX_OSNAME! from the Path. Note: Windows 10 supports Store apps while Windows 2016 does not. If you’re allowing Store apps, then it’s probably best to use different profiles for both OS platforms.
- Windows 2012 R2 warning: in older versions of Citrix Profile Management, !CTX_PROFILEVER! recognizes Windows 2012 R2 as v2, which isn’t correct. v2 is Windows Server 2008 R2, while Windows Server 2012 R2 is v4. The profile version bug was fixed in Profile Management 5.4 and newer. If you have existing Windows 2012 R2 profiles based on the !CTX_PROFILEVER! variable set to v2, after upgrading to 5.4 or newer, then your profiles might stop working . See http://discussions.citrix.com/topic/374111-psa-upm-54-ctx-osname-server-2012-value-change/ for more details.
 
- Windows 10 and !CTX_OSNAME!: Profile Management sets !CTX_OSNAME! to different strings for different Windows operating system versions, especially different versions of Windows 10: (RS = Redstone, which is a Microsoft codeword)
- Windows Server 2019 sets !CTX_OSNAME! to Win2019v6.
- Windows Server 2016 sets !CTX_OSNAME! to Win2016v6.
- Windows 10 version 1903 and 1909 set !CTX_OSNAME! to Win10RS6.
- Windows 10 version 1809 sets !CTX_OSNAME! to Win10RS5.
- Windows 10 version 1803 sets !CTX_OSNAME! to Win10RS4.
- Windows 10 version 1709 sets !CTX_OSNAME! to Win10RS3.
- Windows 10 version 1703 sets !CTX_OSNAME! to Win10RS2.
- Windows 10 version 1607 sets !CTX_OSNAME! to Win10RS1.
 
- If you use !CTX_OSNAME! in your profile store path, then different CTX_OSNAMEs will have different profiles, which means users will lose their profile settings whenever you upgrade Windows 10.
- Profile Management 1909 and newer have a setting called Automatic migration of existing application profiles under Profile Handling that can alleviate this problem.
  
 
- Profile Management 1909 and newer have a setting called Automatic migration of existing application profiles under Profile Handling that can alleviate this problem.
- Multiple Domains – If you have multiple domains, in the user profile store path, change #SAMAccountName# to %username%.%userdomain% (e.g. \\server\share\%username%.%userdomain%\!CTX_OSNAME!!CTX_PROFILEVER!). That way you can have the same account name in multiple domains and each account will have a different profile.
- Hard Code Store Path – Instead of using variables, you can specify a hard coded path. However, the profile incompatibility restrictions listed above still apply. To avoid applying a single profile across multiple operating system versions, place VDAs with different OS versions in different OUs, and then use different Profile Management GPOs on those OUs to specify different Profile Management user store paths.
- Migrate User Store – Profile Management 1909 and newer can move profiles from an old profile path to a new profile path.
  
  
- User-level overrides – Profile Management 2305 and newer support user-level overrides. First, configure Enable user-level policy settings under Advanced Settings. Then add registry keys for user group SIDs with override settings. See Enable and configure user-level policy settings at Citrix Docs.
  
  
 
- Profile Versions– Different OS versions have different profile versions. Each profile version only works on specific OS versions. For example, you cannot use a Windows 7 profile (v2) on Windows 10 1607 (v6). The variables in the path above ensure that every unique profile version is stored in a unique folder. If users connect to multiple operating system versions, then users will have multiple profiles.
- Disable Active write back. This feature places additional load on the file server and is only needed if users login to multiple machines concurrently and need mid-session changes to be saved, or if users never log off from their sessions. Note: if you don’t disable this, then it is enabled by default.
   - Profile Management 2303 and newer have an option to only perform Active write back on session lock and disconnection.
  
 
- Profile Management 2303 and newer have an option to only perform Active write back on session lock and disconnection.
- On the left, go to the Advanced settings node.
- If Microsoft Teams 2.1 or newer, and if Teams is installed per machine, then simply make sure Profile Management is version 2402 or newer. See Enable roaming for the new Microsoft Teams at Citrix Docs.
- If Teams 2.1 is installed per-user, then enable UWP app roaming, which requires Profile Management 2308 or newer. See CTX585013 Microsoft Teams 2.1 supported for VDI/DaaS.
  
- Profile Management 2411 and newer have the setting named Enable AppX package load acceleration. It requires a file share to store the VHDX files.
  
  
 
- If Teams 2.1 is installed per-user, then enable UWP app roaming, which requires Profile Management 2308 or newer. See CTX585013 Microsoft Teams 2.1 supported for VDI/DaaS.
- Enable the setting Process Internet cookie files on logoff. This is probably only for Internet Explorer.
  
- The Replicate user stores setting replicates to multiple file shares. Note: this slows down logoffs. Profile Management 2209 and newer supports replicating profile containers, which seems to use robocopy.exe.
   - In Profile Management 2407 and newer, for the container-based profile solution, the Enable in-session policy container failover among user stores policy is automatically enabled to ensure profile redundancy for the entire session.
  
 
- In Profile Management 2407 and newer, for the container-based profile solution, the Enable in-session policy container failover among user stores policy is automatically enabled to ensure profile redundancy for the entire session.
- Customer Experience Improvement Program (CEIP) is enabled by default. It can be disabled here.
- See https://www.carlstalhood.com/delivery-controller-cr-and-licensing/#ceip for additional places where CEIP is enabled.
  
- Profile Management 2206 adds Enable asynchronous processing for user Group Policy on logon. This might speed up logons. This feature requires you to disable Always wait for the network at computer startup and logon and enable Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services. More details at Citrix Docs.
  
- Profile Management 2311 and newer support Enable OneDrive container. It works the same way as search index roaming as detailed next. See Citrix Tech Zone Deployment Guide: Citrix Profile Management – OneDrive Container.
  
- Profile Management 7.18 and newer have Enable search index roaming for Outlook.
  
Notes on Outlook OST and Search roaming:
- Microsoft FSLogix is another Outlook search index roaming product that is now free. For details, see the FSLogix section in the computer group policy article.
  
- Profile Management 1906 and newer support 64-bit Outlook 2016 and Office 2019.
- VDA 1906 or newer are recommended for the bug fixes for this feature. You can upgrade the VDA without upgrading your Delivery Controllers.
- After the first user logon, Profile Management 1811 and newer creates a template VHDX file in a folder named UpmVhd at the root of the user store. The template file is copied to new users, thus speeding up VHDX creation.
  
  
- In the user’s profile location, a new folder called VHD is created.
   - You can override the VHDX path by configuring Customize storage path for VHDX files as detailed at Citrix Docs.
  
 
- You can override the VHDX path by configuring Customize storage path for VHDX files as detailed at Citrix Docs.
- Inside the \VHD\Win2016 folder are two new thin provisioned .vhdx files – one for OST, one for Search. The per-user .vhdx files are copied from the parent template.
  
- UPM grants Domain Computers Full Control of the VHDX files. Users must have Full Control to the Profile Share, and UPM Folder to be able to grant this permission. Modify permissions are not sufficient. (Source = Robert Steeghs The Citrix Profile management could not mount virtual disk)
  
- When the user logs into a Citrix session, the two VHDXs are mounted to %localappdata%\Microsoft\Outlook and %appdata%\Citrix\Search. This means that OST files and Search Indexes are stored in the VHDX instead of in the user’s profile.
  
  
  
- eastwood357 at Outlook OST and Search vhdx not unmounting after log off at Citrix Discussions says that the Profile Management Path to User Store must be all lower case or else the VHDX files will not unmount at logoff.
  
- Only enable this feature for users with new Outlook profiles. If the user already has an .ost file, then you’ll see an error about missing .ost when Outlook is launched.
  
- The Search roaming feature is only supported with specific versions of Windows Search service. Event Log will tell you if your Windows patches are too new.
  
- Profile Management 2206 and newer have an option for Enable concurrent session support for Outlook search data roaming.
   - In older Profile Management, VHDX files can only be mounted on one machine at a time. If you login to two VDAs, and if both try to mount the same VHDX files, then you’ll see errors in Event Viewer.
  
 
- In older Profile Management, VHDX files can only be mounted on one machine at a time. If you login to two VDAs, and if both try to mount the same VHDX files, then you’ll see errors in Event Viewer.
- Search Index Backup – Profile Management 1909 and newer have a GPO setting named Outlook search index database – backup and restore that can provide automatic recovery of the search index if it becomes corrupted. The backup consumes more of the available storage space of the VHDX files.
  
- For a detailed explanation of how the per-user Search Index works, see CTX235347 Citrix Profile Management: VHDX-based Outlook cache and Outlook search index on a user basis.
- Profile Management 2109 and newer can Automatically reattach detached VHDX disks. In Profile Management 2203 and newer, it’s available as a group policy setting under the Profile Management | Advanced Settings node.
  
- Profile Management 2303 and newer have a Profile Container GPO setting to Enable VHD disk compaction on user logoff. See Citrix Docs.
   - Additional disk compaction settings can be found under Advanced Settings.
  
 
- Additional disk compaction settings can be found under Advanced Settings.
Exclusions, Synchronization, and Mirroring
- Profile Management 2209 and newer have File Deduplication > Files to include in the shared store for deduplication. You must specify which files to delete from each user’s profile and instead store in a shared location. See Citrix Docs. Profile Management 2311 support Files deduplication of profile containers.
  
- Under the File system node in the Group Policy Editor, enable the setting Enable Default Exclusion List – directories.
  
- You can use checkboxes to not exclude some folders.
  
- Then edit Exclusion list – directories.
  
- Enable the setting, and click Show.
  
 
- For Edge Chromium, see Avanite Roaming Edge Chromium.
  
- For Chrome, use the same list as Edge but change \Microsoft\Edge to \Google\Chrome.
- Add the following to the list.
AppData\Local\Microsoft\Windows\INetCache AppData\local\Microsoft\Windows\IEDownloadHistory AppData\Local\Microsoft\Internet Explorer\DOMStore AppData\Local\Google\Software Reporter Tool AppData\Roaming\Microsoft\Teams\media-stack AppData\Roaming\Microsoft\Teams\Logs AppData\Roaming\Microsoft\Teams\Service Worker\CacheStorage AppData\Roaming\Microsoft\Teams\Application Cache AppData\Roaming\Microsoft\Teams\Cache AppData\Roaming\Microsoft\Teams\GPUCache AppData\Roaming\Microsoft\Teams\meeting-addin\Cache - Note: if you see errors in Office programs (e.g. “Word could not create the work file”), then you might have to use Group Policy Preferences to recreate %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCacheat logon. Source = Olav Lillebo Errors when starting published Microsoft Office applications.
  
- Also see CTP Matthias Schlimm Google Chrome – Citrix UPM Configuration with Mirroring
 
- Note: if you see errors in Office programs (e.g. “Word could not create the work file”), then you might have to use Group Policy Preferences to recreate 
- Newer versions of Office Click-to-run let you roam the shared computer activation licensing token. See Overview of shared computer activation for Office 365 ProPlus and search for “roam”. The licensing tokens also last 30 days instead of 2-3 days. Source = Rick Smith in the comments. Ideally you should have ADFS integration so users can seamlessly re-activate Office.
  
- James Rankin has a much longer list of exclusions and synchronizations at Everything you wanted to know about virtualizing, optimizing and managing Windows 10…but were afraid to ask – part #6: ROAMING.
  
- Nick Panaccio at IE11 Enterprise Mode and UPM at Citrix Discussions has a list of exclusions for IE in Enterprise Mode.
appdata\local\microsoft\internet explorer\emieuserlist appdata\local\microsoft\internet explorer\emiesitelist appdata\local\microsoft\internet explorer\emiebrowsermodelist 
- Then click OK twice to return to the Group Policy Editor.
- usrclass.dat*.
- Profile Management 1909 and newer automatically include usrclass.dat* in the Files to Synchronize. UPM 2103 and newer add it for Windows 10 but not for RDSH. If added to the exclusion list, then Profile Management 1909 and newer automatically removes it from the exclusion list. See Start menu roaming at Citrix Docs.
  
- usrclass.dat* contains file type associations. For roaming file type associations, you can export/import HKCU\SOFTWARE\Classes\Applications as described by Christoph Kolbicz at User File Type Association Roaming on Server 2016 with Citrix User Profile Manager.
 
- Profile Management 1909 and newer automatically include usrclass.dat* in the Files to Synchronize. UPM 2103 and newer add it for Windows 10 but not for RDSH. If added to the exclusion list, then Profile Management 1909 and newer automatically removes it from the exclusion list. See Start menu roaming at Citrix Docs.
- Clean up excluded folders –  If you add to the exclusions list after profiles have already been created, Profile Management 5.8 has a feature that can delete the excluded folders at next logon. See To enable logon exclusion check at Citrix Docs. In Profile Management 7.15 and newer, Logon Exclusion Check is configurable in group policy under the File System node.
  
   - Also see Muralidhar Maram’s post at Citrix Discussions for a tool that will clean up the existing profiles.
- Also see Jeremy Sprite Clean Citrix UPM Profiles.
 
Directories to Synchronize
- Under the File System\Synchronization node in the Group Policy Editor you can configure which profile folders should be synchronized that have otherwise been excluded.
- Edit the setting Directories to synchronize.
  
- Enable the setting, and click Show.
  
- Profile Management 7.16 Fixed Issues says that AppData\Local\Microsoft\Windows\Caches should be synchronized. Also see CTX234144 Start Menu Shows Blank Icons on VDA 7.15 LTSR CU1/7.16/7.17 with UPM Enabled.
- CTX489573Office 365 – Account Error: Sorry, we can’t get to your account right now says that Appdata\local\microsoft\identitycache should be synchronized.
- To configure Profile Management to sync Saved Passwords in Internet Explorer, add the following directories as detailed by gtess80 at Internet Explorer 11 Saved Passwords Not Retaining Between Sessions at Citrix Discussions. However, if Microsoft Credentials Roaming is enabled, then you should instead exclude these folders from roaming as detailed at CTX124948 How to Configure Citrix Profile Manager when Microsoft Credentials Roaming is Used in the Environment.
AppData\Local\Microsoft\Windows\Caches AppData\Local\Microsoft\Credentials Appdata\local\Microsoft\identitycache Appdata\Roaming\Microsoft\Credentials Appdata\Roaming\Microsoft\Crypto Appdata\Roaming\Microsoft\Protect Appdata\Roaming\Microsoft\SystemCertificates  
- Click OK twice.
Files to Synchronize
- Edit Files to synchronize.
  
- Enable the setting, and click Show
  
 
- Add the following three entries so Java settings are saved to the roaming profile:
AppData\LocalLow\Sun\Java\Deployment\security\exception.sites AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs AppData\LocalLow\Sun\Java\Deployment\deployment.properties 
- Bob Bair at Citrix Discussions recommends these additional files for Chrome:
AppData\Local\Google\Chrome\User Data\First Run AppData\Local\Google\Chrome\User Data\Local State AppData\Local\Google\Chrome\User Data\Default\Bookmarks AppData\Local\Google\Chrome\User Data\Default\Favicons AppData\Local\Google\Chrome\User Data\Default\History AppData\Local\Google\Chrome\User Data\Default\Preferences 
- Citrix’s Start Menu Roaming documentation says that Appdata\Local\Microsoft\Windows\UsrClass.dat* should be added to the list. Profile Management 1909 and newer automatically add Appdata\Local\Microsoft\Windows\UsrClass.dat* to the Files to Synchronize list.
   - You can disable the automatic inclusion of these folders by enable the setting Disable automatic configuration located under Advanced Settings.
  
 
- You can disable the automatic inclusion of these folders by enable the setting Disable automatic configuration located under Advanced Settings.
- Then click OK twice to return to the Group Policy Editor.
  
Folders to mirror
- Under File System, in the Synchronization node, enable the setting Folders to mirror.
  
- Enable the setting, and click Show.
   - Settings required for Internet Explorer 10 and later versions for browser compatibility at Citrix Docs indicate that the first three folders shown below must be mirrored in order for the Windows 10 Start Menu to function correctly.
- CTX222433 Start Menu Layout Roaming on Windows 10 indicates that TileDataLayer should be mirrored.
- CTX238419 UPM 7.15.2000: With Profile Management Enabled, Blank Icons Might Appear In The Start Menu In The Published Desktops says that AppData\Local\Microsoft\Windows\Caches should be mirrored.
- Citrix’s Start Menu Roaming documentation says that Appdata\Local\Packages should be added to the mirror list but only for Windows 10. In UPM 2103 and newer, RDSH does not need this folder mirrored. If you leave automatic configuration enabled then UPM should automatically decide if it should be mirrored or not.
- Profile Management 1909 and newer automatically add AppData\Local\Packages and AppData\Local\Microsoft\Windows\Caches to the Folders to Mirror list. In UPM 2103 and newer, Packages is added for Windows 10 but not for RDSH.
   - You can disable the automatic inclusion of these folders by enable the setting Disable automatic configuration located under Advanced Settings.
  
 
- You can disable the automatic inclusion of these folders by enable the setting Disable automatic configuration located under Advanced Settings.
- To prevent Chrome Extension corruption, add AppData\Local\Google\Chrome\User Data\Default\Extensions to Folders to Mirror (source = CTX238525 Google Chrome extensions are getting corrupted when using using UPM)
- For Chrome login data, add AppData\Local\Google\Chrome\User Data\Default\Login Data and AppData\Local\Google\Chrome\User Data\Default\Last Session to Folders to Mirror (source = CTX232587 Citrix UPM + WEM – Google Chrome does not remember user login data)
- For Chrome Bookmarks, add AppData\Local\Google\Chrome\User Data\Default to Folders to Mirror (source = CTX235698 Issues to synchronize bookmarks of Google Chrome using Citrix UPM on latest LTSR version (7.15 CU2))
 
- Add the following:
AppData\Roaming\Microsoft\Windows\Cookies AppData\Local\Microsoft\Windows\INetCookies AppData\Local\Microsoft\Windows\WebCache AppData\Local\TileDataLayer AppData\Local\Microsoft\Vault AppData\Local\Microsoft\Windows\Caches AppData\Local\Packages AppData\Local\Google\Chrome\User Data\Default - These three are only needed if you didn’t include the entire Chrome User Data Default folder.
AppData\Local\Google\Chrome\User Data\Default\Extensions AppData\Local\Google\Chrome\User Data\Default\Login Data AppData\Local\Google\Chrome\User Data\Default\Last Session 
 
- These three are only needed if you didn’t include the entire Chrome User Data Default folder.
- Click OK.
  
- Profile Management 2106 and newer have a setting called Accelerate folder mirroring that stores the mirrored folders in a VHDX file instead of copying back and forth at login and logoff.
   - UPM creates a folder named MirrorFolders in the user’s UPM path and creates a couple thin-provisioned VHDX files in that path.
  
- Disk Management shows that the mounted Diff disk has a 50 GB capacity limit.
  
- Logging into multiple sessions concurrently results in multiple Diff disks.
  
- If the file server is unavailable then unpredictable behavior occurs. After the file server is back up, the session continues to misbehave and won’t recover until users log off and log back on. Plan for file server high availability that can handle always-open VHDX files. DFS won’t help you.
- Profile Management 2109 and newer can Automatically reattach detached VHDX disks.
 
- UPM creates a folder named MirrorFolders in the user’s UPM path and creates a couple thin-provisioned VHDX files in that path.
- According to CTX213190 Configure UPM to save password in Internet Explorer, you’ll also need a User Configuration > Preferences > Windows Settings > Folders item to create the %localappdata%\Microsoft\Vault folder.
  
Profile Container
Profile Management 2407 and newer have new Container features, including:
- In-session profile container failover among multiple user stores – Citrix Docs
- Registry exclusion and inclusion support extended to container-based profile solution – Citrix Docs
- Reset container-based profiles without the risk of losing user data – Citrix Docs
- Collects statistical data on VHD compaction actions and provides it to Workspace Environment Management (WEM) for reporting
To configure profile container:
- Profile Management 1903 and newer have a Profile container setting.
- In Profile Management 2009 and newer, the Profile container setting moved to its own node.
  
- In older versions of Profile Management, Profile Container is located under File System | Synchronization.
  
 
- In Profile Management 2009 and newer, the Profile container setting moved to its own node.
- Click the Show button to specify profile paths that should be placed in the mounted file share profile disk (VHDX file) instead of copied back and forth at logon and logoff.
- In Profile Management 2009 and newer, you can specify * to put the entire profile in the Container. Then use the other two settings to exclude folders from the Container. See Profile Container at Citrix Docs.
  
  
- In Profile Management older than version 2009, this setting is for large cache files (e.g. Citrix Files cache) and is not intended for the entire profile.
 
- In Profile Management 2009 and newer, you can specify * to put the entire profile in the Container. Then use the other two settings to exclude folders from the Container. See Profile Container at Citrix Docs.
- Profile Management 2103 and newer have a setting to Enable local caching for profile containers. Combine this with Profile Streaming for faster logons. The entire profile should be stored in the profile container.
  
- Profile Management 2311 and newer can Log off users when profile container is not available during logon.
  
- On the left, under Advanced Settings, Profile Management 2103 and newer have a setting to Enable multi-session write-back for profile containers. This setting applies to both UPM Profile Container and Microsoft FSLogix Profile Container. If the same user launches multiple sessions on different machines, changes made in each session are synchronized and saved to the user’s profile container disk.
  
- Profile Management 2109 and newer can Automatically reattach detached VHDX disks.
- Citrix recommends using Profile Container for Microsoft Teams.
- See CTX247569 Citrix Profile Management: Troubleshooting Profile Containers.
  
- Profile Management 2209 and newer can replicate the profile container to multiple shares. 
   - In Profile Management 2407 and newer, for the container-based profile solution, the Enable in-session policy container failover among user stores policy is automatically enabled to ensure profile redundancy for the entire session.
  
 
- In Profile Management 2407 and newer, for the container-based profile solution, the Enable in-session policy container failover among user stores policy is automatically enabled to ensure profile redundancy for the entire session.
- Profile Management 2308 and newer can auto-expansion the container.
   - Advanced settings node has additional auto-expansion settings.
  
 
- Advanced settings node has additional auto-expansion settings.
- On the CVAD 2311 and newer ISO, at \x64\ProfileManagement\Tools is a script that can migrate profiles from FSLogix to Citrix Profile Container. Prior to CVAD 2311 the Tools folder is not on the CVAD ISO but is instead included with the separately downloaded Profile Management. See Migrate user profiles at Citrix Docs.
  
  
Registry Exclusions
- On the left, under Profile Management, click Registry.
- On the right, open Enable Default Exclusion List.
  
- Enable the setting. You can use the checkboxes to control which registry keys you don’t want to exclude.
- According to Citrix CTX221380 Occasionally, File Type Association (FTA) Fails to Roam with Profile Management 5.7 on Windows 10 and Windows Server 2016, Software\Microsoft\Speech_OneCore should be unchecked. Click OK.
  
- The setting Exclusion List under Registry lets you exclude registry keys from the roaming profile.
  
- Nick Panaccio in the comments says that if Office with ADFS constantly prompts for login, then you should exclude the following:
Software\Microsoft\Office\16.0\Common\Identity 
- Nick Panaccio at IE11 Enterprise Mode and UPM at Citrix Discussions has a list of registry exclusions for IE in Enterprise Mode.
Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\EmieUserList Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\EmieSiteList 
- Click OK when done.
  
- For the NTUSER.DAT backup setting, which is disabled by default, you can enable it to provide some resiliency against profile corruption.
  
Log Settings
- In the Log Settings node, enable the Enable logging setting. This will make it easy to troubleshoot problems with Profile Management. The logfile is located in C:\Windows\System32\LogFiles\UserProfileManager.
  
- Edit the Log settings setting.
  
- Enable the setting and check the boxes next to Logon and Logoff. Click OK.
  
- If your VDA is a Provisioning Services Target Device and/or non-persistent, consider moving the log file to the local persistent disk (e.g. D:\Logs), or to a central share. If a central share, the VDA computer accounts (e.g. Domain Computers) will need Modify permission to the log file path. To change the log file path, edit the Path to log file setting.
  
  
  
- CTX123005 Citrix UPM Log Parser
  
- CTX200674 How To: Review Profile Management Log Files using Microsoft Excel 
  
Profile Streaming
- Go to the Profile handling node under Profile Management.
- Profile Management 1909 and newer have a setting called Automatic migration of existing application profiles under Profile Handling that can migrate existing profiles when you upgrade the version of Windows 10. This setting requires the !CTX_OSNAME! variable in your profile store path.
  
- Enable the setting Delete locally cached profiles at logoff. Note: this might cause problems in Windows 10.
  Helge Klein has a tool to delete locally cached profiles on a session host. http://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/. This tool should only be needed if profiles are not deleting properly. Helge Klein has a tool to delete locally cached profiles on a session host. http://helgeklein.com/free-tools/delprof2-user-profile-deletion-tool/. This tool should only be needed if profiles are not deleting properly.
- For Windows 10/2016 machines, CTX216097 Unable to Delete NTUSER.DAT* Files When a User Logs off recommends setting Delay before deleting cached profiles to 40 seconds.
  
  
- Enable the setting Migration of existing profiles and set it to Local and Roaming.  Citrix CTX221564 UPM doesn’t migrate local user profile since version 5.4.1.
  
  
- Enable the setting Local profile conflict handling, and set it to Delete local profile. Note: this might cause problems on Windows 10.
  
  
- For fastest logons, Citrix recommends Profile streaming + Enable profile streaming for folders + Accelerate folder mirroring all enabled, or only enable Profile Container for the entire user profile. More details at CTX463658 Reduce logon time with Profile Management.
- Under Profile Management > Streamed user profiles is Profile streaming. Enable this setting to speed up logons.
  
- Profile Management 2103 and newer have a setting to Enable profile streaming for folders, which should speed up logons. In Profile Management 2402 and newer, profile streaming for folders is enabled by default.
  
- Profile Management 2106 and newer have a setting under File System > Synchronization called Accelerate folder mirroring that stores the mirrored folders in a VHDX file instead of copying back and forth at login and logoff.
  
- Profile Management 2206 adds Enable profile streaming for pending area. Enable this setting if users run multiple Citrix sessions concurrently and you have Active Write Back enabled.
  
 
- Under Profile Management > Streamed user profiles is Profile streaming. Enable this setting to speed up logons.
- Profile Management 7.16 and newer have XenApp Optimization (aka Citrix Virtual Apps Optimization) feature, which uses Microsoft UE-V templates to define specific settings that should be saved and restored at logoff and logon. See George Spiers XenApp Optimization (new in CPM 7.16+) for details.
  
  
- After modifying the GPO, use Group Policy Management Console to update the VDAs.
  
- Or run gpupdate /force on the VDAs, or wait 90 minutes.
App Access Control
Profile Management 2303 and newer support app access control. This is similar to FSLogix App Masking.
Citrix WEM Tool Hub has a GUI-based Rule Generator.
- In Workspace Environment Management Web Console, various places in the console have a link to download the WEM Tool Hub. For example, in a Configuration Set > Printers, click Add from print server.
  
- Extract the WEM Tool Hub and run Citrix.WEM.AdminToolHub.exe.
  
- Click Rule Generator for App Access Control.
  
- Click Create app rule. WEM 2411 adds Redirect as an option. Otherwise choose Hide.
  
- Redirect lets you redirect Files, Folders, Registry keys or Registry values.
  
- If Hide:
- Click Scan to select an app installed on the local machine.
  
- The tool scans the selected app and automatically adds rules for the app. Click Add when done.
  
- Give the app a name and click Next.
  
- Assign the rule to users, computers, or processes. 2411 and newer let you specify Exclusions. Click Done.
  
 
- Click Scan to select an app installed on the local machine.
- Select the app rules and click Generate raw data.
  
- Click Save to file.
  
- Use WEM or Group Policy to push the string to the VDAs. App Access Control is currently a preview feature. Enable it in Citrix Cloud > Workspace Environment Management > Manage > Web Console > Home page > Preview features.
  
  
- Then edit a Configuration Set. Go to Profiles > Profile Management Settings and find App access control. Browse to the .rule file saved earlier.
  
If you don’t have access to WEM Cloud, then the PowerShell Rule Generator is on the CVAD 2311 or newer ISO under \x64\ProfileManagement\Tools. Prior to CVAD 2311, the Tools folder is in the downloaded standalone Profile Management.
- The CPM_App_Access_Control_Config.ps1 PowerShell script is in the Tools folder.
  
- The Rule Generator script lists all locally installed apps and asks you choose one.
  
- The tool auto-generates some rules for the app and asks you to edit the rules or go to the next step to manage assignments.
  
- You can assign groups that can view the app. When done, press 4 to generate the rules for deployment.
  
- The script can push the rules to a GPO. Or you can press 3 to generate the string that you then must configure yourself in the GPO.
   
- The GPO setting is at Computer Configuration | Policies | Administrative Templates | Citrix Components | Profile Management | App Access Control. Enable the setting named App access control and paste the string that the Rule Generator provided. 
   
Also see CTP James Rankin QuickPost – Citrix UPM App Access Control
Mandatory Profile – Citrix Method
Profile Management 5.0 and newer has a mandatory profile feature. Alternatively, use the Microsoft method. Also see CTP James Rankin How to create mandatory profiles in Windows 10 Creators Update (1703).
- Create a file share (e.g. \\fs01\profile). Give Read permission to Users and Full Control to Administrators.
- Login to the VDA machine as a template account. Do any desired customizations. Logoff.
- Make sure you are viewing hidden files and system files.
  
- Copy C:\Users\%username% to your fileshare. Name the folder Mandatory or something like that. Citrix Profile Management does not need .v2 or .v4 or .v6 on the end.
   - You can copy C:\Users\Default instead of copying a template user. If so, remove the Hidden attribute. If you use Default as your mandatory, be aware that Active Setup will run every time a user logs in.
  
 
- You can copy C:\Users\Default instead of copying a template user. If so, remove the Hidden attribute. If you use Default as your mandatory, be aware that Active Setup will run every time a user logs in.
- Open the AppData folder and delete the Local and LocalLow folders.
  
- Java settings are stored in LocalLow so you might want to leave them in the mandatory profile. The only Java files you need are the deployment.properties file, the exception.sites file, and the security/trusted.certs file. Delete the Java cache, tmp and logs.
  
- Open regedit.exe.
- Click HKEY_LOCAL_MACHINE to highlight it.
  
- Open the File menu and click Load Hive.
  
- Browse to the mandatory profile and open NTUSER.DAT. Note: Citrix Profile Management does not use NTUSER.MAN and instead the file must be NTUSER.DAT.
  
- Name it a or similar.
  
- Go to HKLM\a, right-click it, and click Permissions.
  
- Add Authenticated Users and give it Full Control. Click OK.
  
- With the hive still loaded, you can do some cleanup in the registry keys. See http://www.robinhobo.com/how-to-create-a-mandatory-profile-with-folder-redirections/ and http://appsensebigot.blogspot.ru/2014/10/create-windows-mandatory-profiles-in.html?m=1 for some suggestions.
- Citrix CTX212784 Slow User Logon When Using Mandatory Profiles – set HKCU\a\Software\Citrix\WFSHELL\SpecialFoldersIntialized (DWORD) = 1
- Highlight HKLM\a.
  
- Open the File menu, and click Unload Hive.
  
- Go back to the file share and delete the NTUSER.DAT log files.
  
- Create/Edit a GPO that appplies to the VDAs. Make sure the Citrix Profile Management policy template is loaded.
- Go to Computer Configuration > Policies > Administrative Templates > Citrix Components > Profile Management > Profile handling. Edit the setting Template profile.
  
- Enable the setting and enter the path to the Mandatory profile.
- Check all three boxes. Then click OK.
  
Redirected Profile Folders
- Make sure loopback processing is enabled on your VDAs.
- Edit a GPO that applies to all VDA users, including Administrators.
  
- Go to User Configuration\Policies\Windows Settings\Folder Redirection. Right-click Documents, and click Properties.
  
- In the Setting drop down, select Basic.
- In the Target folder location drop down, select Redirect to the user’s home directory.
- Switch to the Settings tab.
  
- On the Settings tab, uncheck the box next to Grant the user exclusive rights. Click OK. Note: Move the contents to the new location might cause issues in some deployments.
  
- Click Yes to acknowledge this message.
  
- Right-click Desktop and click Properties.
  
- Change the Setting drop-down to Basic.
- Change the Target folder location to Redirect to the following location.
- In the Root Path box, enter %HOMESHARE%%HOMEPATH%\Desktop. It is critical that this is a UNC path and not a mapped drive. Also, since we’re using home directory variables, all users must have home directories defined in Active Directory.
- Switch to the Settings tab.
  
- Uncheck the box next to Grant the user exclusive rights to Desktop and click OK.
  
- Click Yes when prompted that the target is not a UNC path. You get this error because of the variable. It doesn’t affect operations.
  
- Repeat for the following folders:
- Documents = Redirect to the User’s Home Directory
- Desktop = %HOMESHARE%%HOMEPATH%\Desktop
- Favorites = %HOMESHARE%%HOMEPATH%\Windows\Favorites
- Downloads = %HOMESHARE%%HOMEPATH%\Downloads
 
- Redirect the following folders but set them to Follow the Documents folder.
- Pictures
- Music
- Videos
 
Folders not redirected will be synchronized by Citrix Profile Management.
Verify Profile Management
- Once Profile Management is configured, login to a Virtual Delivery Agent and run gpupdate /force.
  
- Logoff and log back in.
- Go to C:\Windows\System32\LogFiles\UserProfileManager and open the pm.log file. Look in the log for logon and logoff events.
  
Profile Management Troubleshooting
UPM Troubleshooter
Citrix Blog Post – UPM Troubleshooter: UPM Troubleshooter is a Windows-based standalone application that examines the live User Profile Management-enabled system in a single click, gives Profile Management Configurations, information on the Citrix products installed, facility to collect and send the logs along with system utilities dashboard to analyze the issue in an effective, simplified, quick and easier manner. See the blog post for more details.

Profile Management Configuration Check Tool
UPMConfigCheck is a PowerShell script that examines a live Profile management system and determines whether it is optimally configured. UPMConfigCheck is designed to verify that Profile management has been configured optimally for the environment in which it is being run, taking into account:
- Hypervisor Detection– The presence or absence of supported hypervisors (for example, Citrix XenServer, VMware vSphere, or Microsoft Hyper-V)
- Provisioning Detection– The presence or absence of a supported machine-provisioning solution (for example, Machine Creation Services or Provisioning Services)
- XenApp or XenDesktop– Whether it is running in a XenApp or a XenDesktop environment
- User Store – Determines that the expanded Path to User Store exists.
- WinLogon Hooking Test – Verifies that Profile management is correctly hooked into WinLogon processing. This test is for Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 and requires the user running the Configuration Check Tool to have permission to access the relevant registry keys, or an error may be returned.
- Verify Personal vDisk enabled / disabled – Whether the Personal vDisk feature of XenDesktop is enabled
- Miscellaneous – Other factors that it is able to determine through registry or WMI queries, such as whether the computer running Profile management is a laptop
Profile Size
Sacha Thomet at Monitor you Profile directories has a script that displays the size of profiles in a profile share.
Log Parser
CTX123005 Citrix UPM Log Parser

View Log Files using Excel
CTX200674 How To: Review Profile Management Log Files using Microsoft Excel 


 
 
Is there any way to Change UPM Default policy without Configuring AD GPO ?
Like we configured AD GPO for redirecting Documents, favorites and Desktop folder of VDI users but observing Download folder storing downloaded contents in UPM Profile path by Default UPM Policy and it causing unexpected profile volume.
Is there any way of Changing/disabling Default UPM Policy for stopping Download folder redirection to UPM Profile path, if we are not interested to configure another Folder redirection in AD GPO for VDI users Download folder?
Do you want to delete Downloads at logoff? If so, then add Downloads to Folders to Exclude.
Or do you want to redirect Downloads? UPM has a setting for Folder Redirection. Or you can use Citrix Policy to configure the redirection.
I want’s to delete at logoff, how I do it in UPM policy, without using AD GPO?
Where do you configure your UPM Folder Exclusions? You can do it in GPO, in a Citrix Policy, or in the UPMPolicyDefaults.ini file.
Hi Carl, do note that the ‘lower case UPM’ filepath/store required for Outlook caching, extends to DFS-N published paths as well! You CANNOT use DFS (namespaces) for the UPM store if you want to use Outlook caching.
Sometimes (not always I noticed) the VHDX files are mounted with the ‘real’ underlying fileserver as the share, and these servernames are in uppercase!
If you set the UPM path to a lowercase version and directly to a server, no issues anymore.
I posted this here: https://discussions.citrix.com/topic/400258-outlook-ost-and-search-vhdx-not-unmounting-after-log-off/page/2/#comment-2063114
If you go to Disk Management and Detach the VDHX you can see the path it’s mounted from. You don’t have to click OK after Detach ofcourse. 🙂
Example from my MCS servers:
On one VAD server I see: “\\FILESERVER01.DOMAIN.NL\PRO\XenApp\username\VHD\Win2019\OutlookOST.vhdx”
^ This one goes wrong / it won’t log off.
On the other VAD server I see: “\\dfs.domain.nl\dfs\PRO\XenApp\username\VHD\Win2019\OutlookOST.vhdx”
^ This one works like a charm.
Why the difference? I don’t know.
When I set the policy to only user the direct servername and make it all lowercase, it works 100% of the time.
I hope this helps people!
Hi Carl,
I have upgraded my servers and one client from 7.15 LTSR to 1012 LTSR – now if I logon to a client the UPM cannot find the NTUSER.at even it is there –
in the logs I can see NTUSER.DAT not found in userstore, try to load NTUSER.DAT.LASTGOODLOAD.
here the log part from old 7.15 which works:
2020-05-21;15:01:26.039;INFORMATION;WKK;x10test03;1;9928;GetUserStorePath: User Store: Path In: \\fileserver1a\Profile$\#SAMAccountName#\!CTX_OSNAME!!CTX_PROFILEVER!
2020-05-21;15:01:26.039;INFORMATION;WKK;x10test03;1;9928;CADUser::Init: Determined user and DNS domain name: ,
2020-05-21;15:01:26.054;INFORMATION;WKK;x10test03;1;9928;CADUser::Init: Determined the ADsPath of user: :
2020-05-21;15:01:26.054;INFORMATION;WKK;x10test03;1;9928;GetUserStorePath: User Store: Path Out: \\fileserver1a\profile$\x10test03\Win10RS4v6
2020-05-21;15:01:26.054;INFORMATION;WKK;x10test03;1;9928;ImpersonateClientStop: Successfully stopped client impersonation.
2020-05-21;15:01:26.054;INFORMATION;WKK;x10test03;1;9928;SessionCount:RealTimeCount – Detected a Client OS, not using WTS calls
2020-05-21;15:01:26.054;INFORMATION;WKK;x10test03;1;9928;SessionCount::RealTimeCount – User: x10test03, Domain: WKK, Session Count: 0.
2020-05-21;15:01:26.054;INFORMATION;WKK;x10test03;1;9928;ImpersonateClientStart: Successfully impersonated a client.
2020-05-21;15:01:26.085;INFORMATION;WKK;x10test03;1;9928;ProcessLogon: Found a profile in the user store: .
and here the new 1912:
2020-05-21;14:57:05.907;INFORMATION;WKK;x10test04;1;6132;GetUserStorePath: User Store: Path In: \\fileserver1a\Profile$\#SAMAccountName#\!CTX_OSNAME!!CTX_PROFILEVER!
2020-05-21;14:57:05.907;INFORMATION;WKK;x10test04;1;6132;CADUser::Init: Determined user and DNS domain name: ,
2020-05-21;14:57:05.923;INFORMATION;WKK;x10test04;1;6132;CADUser::Init: Determined the ADsPath of user: :
2020-05-21;14:57:05.923;INFORMATION;WKK;x10test04;1;6132;GetUserStorePath: User Store: Path Out: \\fileserver1a\profile$\x10test04\Win10RS4v6
2020-05-21;14:57:05.923;INFORMATION;WKK;x10test04;1;6132;ImpersonateClientStop: Successfully stopped client impersonation.
2020-05-21;14:57:05.923;INFORMATION;WKK;x10test04;1;6132;XenApp Optimization, enabled: 0, definition path:
2020-05-21;14:57:05.923;INFORMATION;WKK;x10test04;1;6132;SessionCount:RealTimeCount – Detected a Client OS, not using WTS calls
2020-05-21;14:57:05.923;INFORMATION;WKK;x10test04;1;6132;SessionCount::RealTimeCount – User: x10test04, Domain: WKK, Session Count: 0.
2020-05-21;14:57:05.923;INFORMATION;WKK;x10test04;1;6132;ImpersonateClientStart: Successfully impersonated a client.
2020-05-21;14:57:05.938;INFORMATION;WKK;x10test04;1;6132;NTUSER.DAT not found in userstore, try to load NTUSER.DAT.LASTGOODLOAD.
I don’ t know why the new version cannot find the NTUSER.DAT because it is there under \\fileserver1a\profile$\x10test04\Win10RS4v6\UPM_Profile
Any ideas?
robert
Hi Carl
Great article !
You know why th service Citrix Profile Management is down after reboot VDA server ? We have this version 7.1912
Many thanks.
Anyone have an idea why Windows Explorer settings would not stick for users? Specfically “Hide extensions for known file types”. I do have AppData\Local\Microsoft\Windows\UsrClass.* in the list of files to Synchronize.
Do you have a Group Policy Preferences Folder Options item?
Hi Carl,
In profile management is it possible to include a key in HKEY_LOCAL_MACHINE hive? I’ve tried this but it will only take keys from HKCU. Is there another way to do this? Bloomberg seem to have changed from HKCU to HKLM to store the user serial number for their terminals grrrrrr
You’d have to ensure that the user has write permissions to the key. Then create logoff script to save it and logon script to restore it.
Or you can use Citrix User Personalization Layer to save HKLM changes.
Hello, my minimal configuration for chrome
Directory exclusion
AppData\Local\Google
Folder mirror
AppData\Local\Google\Chrome\User Data\Default\Extensions
AppData\Local\Google\Chrome\User Data\Default\Login Data
AppData\Local\Google\Chrome\User Data\Default\Last Session
File synchronisation
AppData\Local\Google\Chrome\User Data\First Run
AppData\Local\Google\Chrome\User Data\Local State
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Google\Chrome\User Data\Default\Favicons
AppData\Local\Google\Chrome\User Data\Default\History
AppData\Local\Google\Chrome\User Data\Default\Preferences
Hi Carl,
1. One share point URL is not working in Internet explorer with in Citrix VDI. It working fine in Chrome and edge.
2. If I stops the Citrix Profile management service and then check Its working fine. It means something wrong in UPM policy that is blocking that
3. I checked the UPM group policy and below are UPM setting applied, I don’t know which policy can restrict the IE sharepoint URL accessibility. Please help me and suggest.
Citrix Components/Profile Management
Citrix Components/Profile Management/Advanced settings
Citrix Components/Profile Management/Log settings
Citrix Components/Profile Management/Profile handling
Citrix Components/Profile Management/Registry
Citrix Components/Profile Management/Streamed user profiles
Does it work if a user gets a new profile? And then it fails after the user logs off and logs back in?
If you have a working version and a non-working version, do a procmon trace for both and compare them.
is it possible to use “Profile management can migrate existing profiles “on the fly”” so that there will be a copy of the 1803 in a new Folder like Win10RS7v6?
in the doc there are noted: You must specify the short name of the OS by including the variable “!CTX_OSNAME!” in the user store path. Doing so lets Profile Management locate the existing application profiles
UPM should make this automatically?
robert
Hello, we want to migrate our Master Images from W10 1803 to 1909 – we use UPM with this path \\fileserver1a\Profile$\#SAMAccountName#\!CTX_OSNAME!!CTX_PROFILEVER!
can we use the same path for the new 1909 Version or do we have to migrate the profile?
if yes how can UPM help to migrate the profiles to a new folder?
robert
The 1803 profiles should work fine on 1909 but you might want to test. If the path is RS6 or something like that, then check the 1909 machine to make it’s still RS6 and hasn’t changed to RS7.
Hello Carl, you need to update this page.
On order to save IE pwd, you need (really really) to create this subdirectories :
AppData\Local\Microsoft\vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28
AppData\Local\Microsoft\vault\UserProfileRoaming
I want save time to all 🙂
Tested! Finally that’s the only one solution.
https://discussions.citrix.com/topic/361602-ie11-on-2012r2-vda-user-registry-hive-not-saved/page/5/
Hi Carl, I’ve found your documentation immensely useful. Related to application of citrix\windows group policies I’m having an interesting issue. Users are connecting to desktops via hybrid cloud, they get their various policies correctly which include some required mapped drives. However, from the cloud desktop session users connect to a separate on premise farm\storefront. The policies there are not being applied to the cloud user. If someone using a direct workstation connects to the on-prem farm it correctly applies policies inclusive of the network shares.
What tool are you using to map the drives? Group Policy Preferences? If so, what are the Item Level Targeting conditions for the drives?
Hi Carl,
drives are mapped using gpo, no item level targeting applied – maps are based essentially on the users various group memberships.
user wrkstA connects to cloud desktop, citrix gpo polices redirects local fixed drive of wrkstA to cloud desktopB, windows gpo creates additional network share drive maps on desktopB. This works perfectly.
desktopB session connects to separate onprem storefronts and published apps.
premise store applications see wrkstA fixed drives (????) but do not see previously created connected network drives of desktopB.
citrix policies in premise store allow connected client drives etc…
You want Double-hop client drive mapping? Try https://support.citrix.com/article/CTX127968 and https://support.citrix.com/article/CTX239029
Hi Carl, the second like to article 23029 seems to have done the trick. Thanks so much
Carl, my profiles are showing up on my VDA’s as Local profiles. They are not deleting when a user logs off. Can you point me a direction to troubleshoot ?
Check the pm log, which defaults to C:\Windows\System32\LogFiles\User Profile Manager\pm.log.
Thanks Carl. i have been staring at it. any suggestions on keywords to explore ?
What logging settings do you have configured? I usually enable logon and logoff in addition to the default ones.
yes, i have logon and logoff enabled as well
Hi, I am having issues with Google Chrome, sync functionality not working ever since updating to 7.15CU3 and now VDA 1909.
Servers are 2016 R2 running VDA 1909 using Citrix UPM on select servers, and other servers running FSlogixs.
Both environment showing the same problem.
Google support were no help either.
Is there something that can be done, other than rebuild the server from scratch and test to confirm this fixes the problem?
The Google Chrome profile has been test with no policies applied and also roaming the Users Data into folder redirected location, both did not work.
Using Google Chrome latest version outside of Citrix works perfectly fine. I do not know what I am looking for or how to resolve this issue. Even rolling back to 78 did not fix the issue and it was working previously.
Are you asking about syncing to the Internet? Or do you mean saving your Chrome settings in the roaming profile and restoring them at next login? For UPM, you might have to add Chrome folders to the “Folders to Mirror” policy setting. https://eucweb.com/blog/1397
Hi Carl, I’m referring to when you login to Chrome using gmail, it syncs the bookmarks from your gmail account. It worked and all of sudden stopped working. Is there any steps other then folder mirroring for Chrome is Citrix. Might need to try Chrome User Data redirection.
I have a 2016 Session desktop and have noticed that the “Send to” menu is missing the Compressed (Zipped) folder. I do see the menu option when I open up the master image. We are redirecting the Appdata folder.
If I copy the the C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) folder to the the users redirected AppData\Roaming\Microsoft\windows\SendTo directory then menu item shows up.
I am guessing its a policy issue somewhere but not sure which policy to check.
Anyone have any ideas or seen this before?
I would prefer not to have to manually or even script something to copy the file into every users profile if it can be prevented.
Where are you configuring folder redirection? If Microsoft group policy, did you leave the box checked to move the contents of the folder to the new location?
The “Move the contents of Appdata(Roaming) to the new location” is not checked.
I will test with this enabled and see if this was the cause.
Enabling The “Move the contents of Appdata(Roaming) to the new location” did the trick. The only catch was I to delete my profile for it to start working.
Thanks so much for the assistance!
Is it recommended to separate redirected folders based on OS?
For example
Win10 appdata –redirected to \\server1\appdata
Server2016 appdata — redirected to \\server2\appdata
For Appdata, probably. I don’t normally redirect appdata due to performance problems I’ve seen.
Other redirected folders (e.g. Documents) can be shared. Desktop is questionable depending on what shortcuts are on the user’s desktops.
Under 10.) you basically quote CTX
Starting with Profile Management 1909, you can have an improved experience with the Start menu on Windows 10 (version 1607 and later) and Windows Server 2016 and later. This is achieved through automatic configuration of the following policies:
• Add “Appdata\Local\Microsoft\Windows\Caches” and “Appdata\Local\Packages” to “Folders to Mirror”
• Add “Appdata\Local\Microsoft\Windows\UsrClass.Dat*” to “Files to synchronize”
BUT the File C:\program\files\citrix\user profile manager\UPMPolicyDefaults_all.ini included in the standard installation, still has an Exclude Folder “Appdata\Local\Packages” entry. Therefore the resulting “Appdata\Local\Packages” folder is still empty.
Check pm.log (C:\Windows\System32\LogFiles\User Profile Manager) after a logon. Some versions of UPM are forcing the inclusion of folders even if you configured exclusions. You can disable that functionality by disabling UPM automatic configuration.
Carl, maybe I was unclear in my comment!
I built an new environment and installed VDA 1912 (including UPM) out of the box. Then I just enabled UPM via Studio Policy and gave UPM a path\share to store data.
I checked then the resulting stored profile and found Appdata\Local\Packages to be empty.
Checking the pm.log file shows that there is an informational line that “Appdata\Local\Microsoft\Windows\Caches” and “Appdata\Local\Packages” are added to “Folders to Mirror”.
There is proof, because I see the both entries in the UPMSettings.ini (in the profile directory).
BUT there is also an entry in UPMSettings.ini to Exclude the Folder “Appdata\Local\Packages” and this information is inherited from C:\program\files\citrix\user profile manager\UPMPolicyDefaults_all.ini
So I just say Citrix is not consistent here, and the *default* result is not what one will desire.
Can I use profile manager 7.15 cu4 on a VDA 1912?
You can.
VDA 1912 comes with UPM 1912. I haven’t tried excluding UPM from the VDA 1912 installation and then installing an older version of UPM. I suspect it won’t be supported.
Thanks for you quick response. Would it be better if I upgrade admx to 1912 and apply group policy with new template while my management server stays 7.15 cu 4 with only vda updated to 1912 or it’ll be better to apply DG policy for profile management?
Sure. That should work.
Hi Carl,
I need your help to exclude a sub-folder from redirected folders.
Environment details:
HSD –> Windows Server 2008 R2
VDA –> 7.15.3000
UPM Ad Template –> 7.15.3000
UPM profile gets created at \\NASShare\UPMProfile
All other folders are redirected to Y: Drive (\\NASShare\RedirectedFolders\, Mapped as Y Drive in user session, and contains folders such as AppData\Roaming, Desktop, Download, Videos, Etc…)
We are facing a lot of issue with Microsoft Teams over HSD. We found a workaround for the same that is delete entire teams folder from Y:\AppData\Microsoft\Teams. We have to do it very frequently for multiple users to run ‘Teams’ smoothly.
Hence, I thought to exclude the folder at user login (Y:\AppData\Roaming\Microsoft\Teams) via UPM.
I tired many syntax such as entire UNC path, mapped netowk drive path, !ctx_roamingappdata!\Micorsoft\Team, but no luck.
I’m wondering if is there any way to exclude a folder from redirected folders with the help of Citrix UPM?
Looking forward for your help.
Hi,
Users at one of our clients just started experiencing getting Temp profiles when logging to the VDAs. It is kind of hit and miss and the issue is not consistent. The workaround so far is let the users log off then back on and in most cases they get their proper profile on another VDA. The whole Citrix infrastructure is hosted at Azure. Any thoughts?
Check the UPM logs, which default to C:\Windows\System32\LogFiles\User Profile Manager\pm.log
Hi all,
We are experiencing many problems with Citrix Profile Management & a new catalog created by MCS (OS Server 2016 Shared Desktop & Published applications)
Many users are logging on and are getting the errormessage “access denied” from group policy client.
When checking the ntuser.dat in UPM folder the ntfs permissions are fine, but permissions “in” registry hive are damaged.
The user itself has disappeared. Only solution is to add the user and configure the correct permissions in the registry hive or to delete the Citrix profile.
We started with UPM 1811 but newer versions have the same problem.
This is a big issue for our environment. We have made a support ticket for Citrix but after checking every UPM log file they are asking us to make a support ticket for Microsoft but no luck with them to…
Any suggestions?
Thanks!
Kind regards
Dimitri
Are you doing Template Profile or did you modify the Default Profile?
No Template Profile. We use the default profile.
Image is Server 2016 with uptodate security patches.
Modifcations are:
We have applied the Citrix Optimizer scripts & the WS2016 Optimisations powershell script by George Spiers on the image.
Does anybody have an idea? GPO’s…?
Thanks
Hi Team,
FYI
Citrix UPM 1912 having issue (Citrix Bug) with office365 shared computer activation,working fine with 1909 UPM (VDA 1909).
Regards,
MA
Hi Muhammad,
what issues are you exactly experiencing. I´m also trying to use office365 shared computer activation with UPM 1912 and I´m unable to get it working.
Regards
Dennis
Solved it by myself. Did everything mentioned here: https://support.citrix.com/article/CTX227286 and changed the Tokenfile location to a different path, outside of AppData\Local.
That fixed it!
that’s nice, how you solve the problem and also let me know are you redirecting complete profile or specific folder redirection. I am still facing issue with complete profile redirection “path to user store”
Hi Carl. I need to exclude directories with wildcards in their name. Synatx is %COMPUTERNAME%_%USERNAME%.lock in %Appdata%. I tried the UPM-policy “Exclusion list – directories” with the entry above and with %COMPUTERNAME%_#SAMACCOUNTNAME# and with *.lock. But nothings helps. Is it possible to exclude directories with wildcards in the name?
Here’s the documentation – https://docs.citrix.com/en-us/profile-management/current-release/configure/include-and-exclude-items/using-wildcards.html
It says that variables aren’t supported. And it looks like wildcards only apply to files, not folders.
PVS cache disks coming up not initialized. Is this a known issue or am I missing something? Uninstall VDA resinstall 7.15 LTSR cache disks are back.
Hi Carl ,
We have updated to 1909, the start menu can no longer be opened by some users. We have a PVS environment with 15 servers 2016 machines. In the event log I have ShellExperienceHost and SearchUI Errors. I have no idea where the error should be .. Microsoft, Citrix UPM ?? Do you have an approach?
I have seen bugs with App Readiness service and AppxAllUserStore registry key. https://support.citrix.com/article/CTX237192
Hi Carl, For Outlook OST and Search roaming, can we define the VHDX file size. When i do it automatically takes it as 50GB. Any hints?
Hello,
Anyone have issues with the enterprise site mode list with Edge. In Internet Explorer our sitemode list is updating without an issue but Edge on !803 soon to be 1903 not updating.
Hi Carl,
We are using WEM as a service with Citrix cloud and all server VDAs are in AWS. Outlook profile is not getting saved on the citrix session. Gets cleared after a reboot. I have tried with different wem agent version , but no luck. Chrome book mars also not saved on that session. But Windows tile pinned icons are getting saved with out any issues. Please could you advise whats going wrong?
Thanks
What do you see the UPM Log, which default location is C:\Windows\System32\LogFiles\User Profile Manager\pm.log? If you used WEM to configure UPM, then I’m guessing the UPM settings are not getting delivered to the VDAs. I usually use group policy to deliver UPM settings.
Anyone know why does not Citrix UPM support ReFS as filesystem?
https://support.citrix.com/article/CTX222893
Hi Carl. Have you tested the combination of fslogix for Outlook OST and Citrix profile container for Onedrive cache ? We are using Windows 10 1903 with 1909 VDA, but I can’t seem to get UPM to create a vhdx file for Onedrive. I enabled the profile container setting and added “Onedrive – Our tenant name” to the UPM GPO. UPM log shows the GPO being applied and the ProfileContainer folder created in the userprofile but it is empty. The UpmVhd folder is also empty. Thoughts ?
https://www.citrix.com/blogs/2019/05/29/cloud-guidepost-ace-profile-management-qa-part-1/ suggests that OneDrive doesn’t work.
Thanks. I was hoping using the per machine Onedrive installer would work (similar to Citrix Files cached files) Ill use fslogix for Onedrive cache, though I wanted a Citrix 1st solution. On another note, is there any documentation as to what can be included in the Citrix profile container, seems that documentation is lacking. I want to eliminate the possibility that something is broken in my setup.
I assume OneDrive cache can be stored in the FSLogix Office 365 container. You can combine FSLogix Office 365 container with Citrix Profile Management.
Since Windows, Office, and FSLogix are all Microsoft, Microsoft should probably be the 1st solution unless Citrix enhances it in some way.
Yes, I tested onedrive cache in fslogix and it works. The issue is during a Citrix profile reset via Director (help desk call), the fslogix vhdx is left behind. This shouldn’t be an issue, but upon the new UPM profile creation, there seems to be some “corruption” with the Onedrive folder redirection settings when using an existing fslogix container. I was looking to address the issue by including onedrive cache in the UPM profile I will have to work on a profile reset workaround for this scenario.
Hi Carl, thanks for your informations
I have a problem that I imagine is due to the synchronization of the registry keys.
We have two VDA servers in PVS, with user profiles in a share.
After a few days of use the “HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider” key
it becomes very large, around 700MB causing slowdowns in the printing phases. The printers are mapped as citrix session printers.
Is it possible to exclude this key from synchronization?
I don’t see why not but you’d have to test it.
Hi Carl,
Wondering if you can help, we currently have an issue whereby our citrix roaming profiles are not being created/saved to our user store, which is a shared folder on our file server?
Thanks
Leon
What do you see in the log file, which defaults to C:\Windows\System32\LogFiles\User Profile Manager\pm.log?
how do I exclude the download folder on the UPM?
Add any folder you want to exclude to the GPO setting Exclusion list – directories.
Hello Carl,
The office 2019 not syncing the onedrive credentials to the next session.
Running VDA 1906 on server 2019 with office 2019 and profiles configured with UPM.
It was working with server 2016 VDA with office 2016.
Is this a know behavior or not supported yet.
Dear Carl
What is the recommended settings for redirected folders for Microsoft for “Move contents to a new location” – to remain checked or unchecked? I read that this option is turned off at certain guides, and it is not well documented. However, if it’s turned off i realised that new users do not have redirected folders yet will not move the content to my redirected UNC path.
Also, as for UPM exclusions is it recommended to exclude already redirected folders in the list? and what is the best way of migrating existing redirected folders location without losing the data? I’m currently on W2k8 R2 that needs to migrate to 2016 server.
I usually leave it checked.
UPM will detect that the folder is redirected and automatically exclude it.
You can use robocopy to copy the folder structure and NTFS permissions to the new location. Then edit your GPOs to point to the new location.
Hi Carl,
I am running into a issue where I am not able to show up the Google Chrome Bookmarks on the Chrome as a published application on their next login. The bookmarks are saving fine on the local user profile on the VDA and it is syncing to the shared folder (it is a AWS S3 bucket) on the session logoff, and the bookmarks file is again transferred to the user’s session on the next login. However the users couldn’t see them on the Chrome browser PubApp. Have you seen this happening, or do you know of this. I am not sure what I am missing but I am working on this with different possibilities for a week now. Any help would be great.
Environment details :
We use liquidware Profileunity for managing the users profile.
Citrix Cloud for management.
VDA’s are windows 2016 hosted in AWS EC2 instances.
Thanks in advance !
can i install this on windows 10 enterprise physical machines?
I want to replace the windows roaming profiles for accounts on physical machines.
I tried downloading UPM 1903 and i installed it. I also configured a gpo with some settings but nothing happens.
Technically it should work fine. You can look in HKLM\Software\Policies\Citrix to make sure your GPO applied. Also check C:\Windows\System32\LogFiles\User Profile Manager.
Licensing requires the primary user of the physical machine to have a Citrix Virtual Apps and Desktops (CVAD) license.
It’s doable yes. You will need to install the upm exe on the PC . However I am not sure how Citrix would support this. Fslogix does support this though.
Hi Carl,
We have Citrix Cloud and WEM as a service setup and we have Server 2016 desktop published as a session host to the users. Users pinned task bar and start menu icons are not roaming with the user, I can see those icons are exists at central profile store, but it is not roaming with the user and disappearing once the user is logged off. I have followed the below link foUPM configuration in WEM, but no luck. Any idea what is going wrong on this.
https://xenappblog.com/2016/customize-windows-10-start-screen/
Thanks
Carl,
Question about 1909 profile management, It is possible to migrate from existing profiles from old user store to new location. (Can you point the old store to say a windows 2008 V2 Roaming profile path and migrate profiles to new Profile (UPM).
Are your Profile Management machines also 2008 R2? If so, UPM will convert Microsoft profiles to Citrix format. Just make sure your users and/or GPO are configured with the Microsoft roaming profile path. If the this is a UPM profile store, then just point your UPM config to the share.
If you are upgrading the OS, then the old UPM profile can’t be used (not supported) with the new OS version. Most places write scripts to copy settings from the old profiles to the new profiles.
Some third party profile products handle profiles differently so that they can be used on multiple operating system versions.
Has anyone successfully used UPM to roam Themes?
I am using FSLogix with Citrix 1906. Everything works great in the Citrix Desktop, but if I launch Outlook from the Workspace App the Outlook folders do not update. Have you seen this issue before? I have spoken with FSLogix and they think it is a Citrix issue.
We followed these steps, but after a few logins/logoffs, IE settings are getting corrupted and we are having to reset profiles to fix. Data from one tab doesn’t carry over to a new one or new window.
Did I miss something?
Carl – is there a way to specify mandatory Citrix profiles for some users and non-mandatory for others?
I think it’s a computer setting, which means it applies to all users on that computer. You could build different computers for different users.
Hi Carl….Is there way to clean up Desktop and download folders every month from a non persistent desktop using profile manager or policy>
I don’t think UPM has anything built it but you can certainly write a script and schedule it. Maybe something like https://stealthpuppy.com/profile-clean-up-script/
Thanks for the information and the link
Would Citrix profile management create the UPM folder if it doesn’t exist? The goal for me is to store the users Profile Store in their Home directory that is set in their account under the profile section. We designated the H: drive for that. Do not want to create another share that has thousands of folders in it for just Xenapp delivered applications. Is this a supported configuration also?
Yes, UPM will auto-create it.
Profiles need to be local to the VDA but Home Directories are not always local. Profiles are also somewhat disposable.
Interesting. I set it to store in the users home folder and wondered if it would create the folder. It did not. On each master , I set a variable to be used by each linked-clone. For example : \upm\%app%. Each master has that variable that is equaled to the app code of the specific app suite installed. I was hoping it would create the folder structure on login as \upm\app1 for example. But it’s not.
Does the home folder need additional permissions or would it not use the users identity to create the folder(s)?
Check the log file (default location is C:\Windows\System32\Log Files\User Profile Manager\pm.log). It will show you the full path to the user’s profile.
I did that and the log shows the correct path.
Does the log show an error when creating the folder?
Carl,
Thank you for all the time and effort you put forth towards this blog. You’ve helped me out many times and didnt even know it.
Would you know why a CPM MS group policy with redirected folders configured would change the path to \\server\userfolders$\
username\My Documents from just \\server\userfolders$\username\Documents? It’s not desktop.ini doing its funky business, it is literally the file path. I did just specify the root of the userfolder hidden share for all folders I wanted redirected. I had picutres, music, and videos follow documents path at first, but changed that thinking that might help, but it didnt. Thanks in advance!
Did you create the policy from Windows XP or on a Windows 2003 Domain Controller?
Carl, I used a Windows 2016 server with AD Management windows features installed to create the policy using the Group Policy management console. Thanks
Hi We have recently upgraded to 7.15 CU4 on Windows 2008 R2 Sp1 servers and I found that there seems to be an Interim delay before the Citrix Profile Manager is processed at login .I have checked the UPM logs and there is nothing showing which might be causing the delay.I used ControlUP Script Based Actions Analyse Logon Duration to troubleshoot the issue and found the interim delay .Any idea what could be the cause of this delay ?
I would probably do a procmon trace at logon to determine what’s happening before UPM processing.
Have you opened a support case?
Hi Carl,
How to limit the UPM Profile size.
Your best option is to exclude folders and files that are consuming the space.
Otherwise, there isn’t much you can do without impacting user experience.
I recommend periodically running TreeSize or similar to see where disk space is being consumed. Newer Director also shows profile size.
is there any settings that we can restrict UPM profile size to 300MB like that and also notification has to be popup to the user , if they reached 90% ??
Users don’t know what a profile is and don’t know how to reduce its size.
Microsoft has a GPO setting for profile quota but I don’t recommend it.
Hi Carl,Yes i have opened a support call so we will see what we can find and I will add my findings
Hi Carl, AppData\Roaming\Citrix\SelfService\Icons folder is increasing daily , so shall we add to into exception list and what’s the impact after adding it ?
If you delete the local folder, does it break the app? If not, then it’s probably OK to add to Exclusions list.
Is “Delete locally cached profiles at logoff” required for profile streaming, even when in a pooled environment?
No. If your machines are non-persistent, then the local profile will be deleted when the machine reboots.
Hi Carl
We are getting issues with WEM UPM profiling not bringing through start menu icons 90% of the time for our users. Citrix must be aware of the problem as the first thing they suggested was to restart the windows explorer service on a users VDI session to see if Explorer was the issue. When explorer was restarted, all of the start menu items then re-appeared. Seems to be a bug somewhere and was wondering if anyone has come across this before or has a fix
Thanks
Have you implemented the ResetCache registry value?
We are having an issue where the Outlook OST files are stored in our CtxProfiles, these have inflated exponentially and is causing logon times of 100+ seconds some are in the 300’s. Should we keep ost files in the CtxProfile? How would you recommend we resolve this issue?
Simple answer – FSLogix, especially once Microsoft releases it later this year.
Is there anything I can do between now and July 1st when Microsoft releases it?
Is there a tool to clean up file’s in the CtxProfiles?
There’s a policy setting called Logon Exclusion Check where if you add a file or folder to the Exclusions Lists then UPM deletes the file/folder from the user’s profile.
Some FSLogix/Microsoft reps are providing temporary license keys.
UPM has its own Outlook OST handling but I’d hate to implement that if your plan is to go to FSLogix anyways.
Carl,
We are having an issue with UPM where the profile is randomly not pulled from the user profile store. so the user is logged in with a temporary profile. If they log off and back on sometimes they get their correct UPM profile. Users are stating this started about a month or two ago. Seems to have picked up some and starting to get more and more support calls.
We thought it was profile corruption and created new profiles, but after a while it all starts again.
We are running 7.15 LSTR CU1 and using Citrix Policies for UPM.
What do you see in the UPM log, which is stored by default in C:\Windows\System32\Log Files\User Profile Manager\pm.log?
2019-05-30;08:13:18.620;INFORMATION;;;6;5716;DispatchLogonLogoff: ———- Starting logon processing…
2019-05-30;08:13:18.620;INFORMATION;;;6;5716;IsRunningInTerminalServerSession: Terminal services installed.
2019-05-30;08:13:18.620;INFORMATION;;;6;5716;IsRunningInTerminalServerSession: ICA session.
2019-05-30;08:13:18.620;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: UserSID = S-1-5-21-988288818-951991497-1777090905-1349
2019-05-30;08:13:19.759;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: Triggered policy evaluation for
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CheckUserExistsInGroup: No Entries Found In ExcludedGroups
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CheckUserExistsInGroup: No Entries Found In ProcessedGroups
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CheckIfUserNeedsToBeProcessed: Logon/logoff will be processed.
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;GetUserStorePath: User Store: Path In: \\\shares\CitrixProfiles\!ctx_osname!\%username%
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CADUser::Init: Determined user and DNS domain name: ,
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CADUser::Init: Determined the ADsPath of user: :
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;GetUserStorePath: User Store: Path Out: \\\shares\citrixprofiles\Win2008\shannon
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;SessionCount::RealTimeCount – User: shannon, Domain: DOMAIN, Session Count: 0.
2019-05-30;08:13:19.790;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:13:19.790;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: ———- Finished logon processing successfully in [s]: .
2019-05-30;08:17:32.708;INFORMATION;;;6;6380;DispatchLogonLogoff: ———- Starting logoff processing…
2019-05-30;08:17:32.708;INFORMATION;;;6;6380;IsRunningInTerminalServerSession: Terminal services installed.
2019-05-30;08:17:32.708;INFORMATION;;;6;6380;IsRunningInTerminalServerSession: Console session.
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;DispatchLogonLogoff: UserSID = S-1-5-21-988288818-951991497-1777090905-1349
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;CheckUserExistsInGroup: No Entries Found In ExcludedGroups
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;CheckUserExistsInGroup: No Entries Found In ProcessedGroups
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;CheckIfUserNeedsToBeProcessed: Logon/logoff will be processed.
2019-05-30;08:17:32.708;ERROR;DOMAIN;shannon;6;6380;SessionCount:RealTimeCount – Could not query session information for user name, because: Unspecified error
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;ProcessLogoff: Local profile is not a UPM profile. Aborting.
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;DispatchLogonLogoff: ———- Finished logoff processing successfully in [s]: .
This seems to be missing some data so I can’t see the actual problem during logon. But the User Store path has extra backslashes at the beginning.
Carl,
I removed the server name from the log. I will get another log and send it.
Carl,
Its odd. Here you can see that Nandhini’s is not working but Nicoles is.
2019-05-30;08:02:49.973;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: UserSID = S-1-5-21-988288818-951991497-1777090905-8051
2019-05-30;08:02:51.143;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: Triggered policy evaluation for
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CheckUserExistsInGroup: No Entries Found In ExcludedGroups
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CheckUserExistsInGroup: No Entries Found In ProcessedGroups
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CheckIfUserNeedsToBeProcessed: Logon/logoff will be processed.
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;GetUserStorePath: User Store: Path In: \\co.calumet.wi.us\shares\CitrixProfiles\!ctx_osname!\%username%
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CADUser::Init: Determined user and DNS domain name: ,
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CADUser::Init: Determined the ADsPath of user: :
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;GetUserStorePath: User Store: Path Out: \\co.calumet.wi.us\shares\citrixprofiles\Win2008\nandhini
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;SessionCount::RealTimeCount – User: nandhini, Domain: CTYWIDE, Session Count: 0.
2019-05-30;08:02:51.174;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:02:51.174;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: ———- Finished logon processing successfully in [s]: .
2019-05-30;08:03:53.434;INFORMATION;;;4;5532;DispatchLogonLogoff: ———- Starting logon processing…
2019-05-30;08:03:53.434;INFORMATION;;;4;5532;IsRunningInTerminalServerSession: Terminal services installed.
2019-05-30;08:03:53.434;INFORMATION;;;4;5532;IsRunningInTerminalServerSession: ICA session.
2019-05-30;08:03:53.434;INFORMATION;CTYWIDE;nicoles;4;5532;DispatchLogonLogoff: UserSID = S-1-5-21-988288818-951991497-1777090905-293585
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;DispatchLogonLogoff: Triggered policy evaluation for
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;CheckUserExistsInGroup: No Entries Found In ExcludedGroups
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;CheckUserExistsInGroup: No Entries Found In ProcessedGroups
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;CheckIfUserNeedsToBeProcessed: Logon/logoff will be processed.
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;GetUserStorePath: User Store: Path In: \\co.calumet.wi.us\shares\CitrixProfiles\!ctx_osname!\%username%
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;CADUser::Init: Determined user and DNS domain name: ,
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;CADUser::Init: Determined the ADsPath of user: :
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;GetUserStorePath: User Store: Path Out: \\co.calumet.wi.us\shares\citrixprofiles\Win2008\nicoles
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;SessionCount::RealTimeCount – User: nicoles, Domain: CTYWIDE, Session Count: 0.
2019-05-30;08:03:54.744;INFORMATION;CTYWIDE;nicoles;4;5532;ProcessLogon: Found a profile in the user store: .
2019-05-30;08:03:54.744;INFORMATION;CTYWIDE;nicoles;4;5532;QueryLocalProfile: No profile directory found.
2019-05-30;08:03:54.744;INFORMATION;CTYWIDE;nicoles;4;5532;QueryLocalProfile: Determined the name of a new profile directory: .
2019-05-30;08:03:54.760;INFORMATION;CTYWIDE;nicoles;4;5532;CreateLocalProfile: Profile directory initialized: .
2019-05-30;08:03:54.791;INFORMATION;CTYWIDE;nicoles;4;5532;CopyFileWithRetries: Copied a file from: to .
2019-05-30;08:03:54.791;INFORMATION;CTYWIDE;nicoles;4;5532;ProcessLogon: Starting to restore directories and files.
I would start by upgrading the VDA to 7.15 CU4 (7.15.4000) and see if that fixes it. If not, then you might have to call Citrix Support.
Is there a y way to get onedrive profile sync across all datacenters?
Are you asking about the OneDrive cache? Microsoft FSLogix can store the OneDrive cache in a VHDX file. For multiple datacenters, I’m guessing you’d want separate VHDX files for each datacenter.
The hyperlink to James Rankin article under 7. is wrong
New link: https://www.htguk.com/everything-you-wanted-to-know-about_23/
Thanks for pointing that out. I just updated the link.