DEM Default Browser Roaming breaks with March Wind...

nzorn · ‎03-18-2024

Summary:
DEM Default Browser Roaming is no longer working in Windows 10 after KB5035845.
KB5035845 also installs Servicing Stack 10.0.19041.4163.
KB5035845 was uninstalled and the problem remained as Servicing Stack 10.0.19041.4163 was still installed and is not able to be uninstalled.
Servicing Stack 10.0.19041.4163 appears to be the culprit.
Same problem with DEM 10.7 and 10.12.

DEM debug log:
2024-03-15 09:29:42.882 [DEBUG] Found 'FlexDebug.txt' - changed log level to DEBUG
2024-03-15 09:29:42.882 [INFO ] Configuring default applications [IFP#7833862f-d74b4>>]
2024-03-15 09:29:42.883 [DEBUG] User: REMOVED, Computer: REMOVED, OS: x64-win10 (Version 21H2, BuildNumber 19044.4170, SuiteMask 100, ProductType 1/7d, Lang 0409, VMware VDM 8.6.0, DEM 10.7.0.1063 (2209E), ProcInfo 1/1/4/4, UTC-05:00D), PTS: 10576/10580/1C
2024-03-15 09:29:42.953 [ERROR] Error 5 deleting sub key for default application file type associations item '.pdf'
2024-03-15 09:29:42.984 [ERROR] Error 5 deleting sub key for default application protocols item 'http'
2024-03-15 09:29:42.988 [ERROR] Error 5 deleting sub key for default application protocols item 'https'
2024-03-15 09:29:42.989 [INFO ] Processed configuration for default applications
2024-03-15 09:29:42.993 [INFO ] Done (111 ms) [<<IFP#7833862f-d74b4]

kev-h · ‎03-18-2024

Been chasing this for a week now. Any thoughts on a fix and/or workaround?

Rdiaz29 · ‎03-19-2024

Having the same issue. Will monitor this post for updates.

ronny78730 · ‎03-20-2024

I have found that if I manually set Adobe Reader as the Default App for PDF in Apps>Default Apps this key was updated, but are not retained with the DEM profile. I tried to export the key and apply, but fails with a permission issue.

For the browser, .htm and .html update in Default Apps and are kept, but .http and https are not kept. Not sure which keys are related to .http and . https.

BTW... this is happening in Windows 11 23H2.3 also. Interestingly, it doesn't happen on Windows laptop (same version). Definitely related to how DEM is storing the file associations. Just need a way to update the keys at user logon.

GTO455 · ‎03-21-2024

Yes, we are seeing this with Windows 11 as well. Setting Chrome as the default app for http/https, and Adobe reader for pdf reverts back to Microsoft Ede after logoff/logon.

We don't force FTA's for any particular browser file type, we allow our users to set file types for their browser manually, because we include Firefox and Chrome in our image (and of course Edge), and we have a 50/50 user preference between the two.

However, we do set a FTA for Adobe Reader because we have both Reader and Acrobat installed, and not everyone is licensed for it. However, the setting is not being honored and defaulting to MS Edge as well.

I turned on Flexdebugging for my login, but I didn't see any errors in the UEM log that would point to any particular issue.

ronny78730 · ‎03-21-2024

I have an open ticket with support. As soon as they give advice, I will share to the thread.

GTO455 · ‎03-21-2024

Thank you! My users are gathering the torches and pitch forks.

GTO455 · ‎03-22-2024

I can confirm it does have something to do with the March 2024 updates.

I rolled back my image to my February snapshot in my test pool and everything is working as it should.

I also compared the FlexProfiles.reg files for the DefaultSettings and FTA's and found that the keys for http and https in [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice] is not populated in the version with the March updates applied.

However, I also checked the permissions on those keys on both snapshots, and they appear to be the same.

jehalbleib · ‎03-22-2024

I am also seeing this issue in our Horizon environment with DEM v2212 and Win11 22h2. The defaults are only broken on the pools that have the March Windows updates applied and my DEM logs show the same error 5 as nzorn. I also submitted a ticket with vmware support today.

N3rdlicht · ‎03-22-2024

Could the issue perhaps not be related to VMware DEM at all, but solely a Windows problem? Since the March update, I have been experiencing an issue where, after a sysprep with CopyProfile, at a user's first login, the taskbar and tray icons take forever to load (about 1 minute instead of 2 seconds), and subsequently, I receive messages that an app has been reset due to issues with the default browser setting. The default browser was then Edge, also for PDF files.

GTO455 · ‎03-22-2024

I opened a call as well. VMware replied that they are aware of various issues after this latest MS update. Most are permissions issues. They are working on fixes for them now.

nzorn · ‎03-26-2024

VMware has acknowledged this issue, but no fix or workaround yet: https://kb.vmware.com/s/article/97169

gambi_man · ‎03-27-2024

I am facing the same issue opened a ticket VMware still waiting for a solution.

The are investigating the problem and we will try to work with Microsoft on a solution internally.

A workaround for now is rolling back to previous snapshot without March Windows update.

Does anyone know if a solution/fix is out yet for this?

N3rdlicht · ‎03-28-2024

So, I was able to solve the problem in our environment. From what I observed, the March cumulative update was not the cause, but rather that I had performed the optimization through the OSOT already in Audit Mode.

I tested running Sysprep in Audit Mode without even starting the OSOT beforehand. After that, I received no message upon the first login of the local administrator that my default browser or similar associations had been reset. I then created a local user for testing purposes, logged in with this account, and also encountered no errors.

Subsequently, I performed the optimizations with the OSOT and tested again: no errors.

So, for me, I was able to solve the problem by the sequence of steps performed.

However, my patch level is still CU February 2024 and not March, because the March update breaks Seamless SSO. For whatever reason.

antonpaloka · ‎04-03-2024

So you haven't solved it, the March update causes the issue and you mentioned you're only at February?

gambi_man · ‎04-03-2024

Workaround for me was creating a GPO for Default Application. Specifically for PDF.

Setting the Default PDF Viewer — Deployment Planning and Configuration (adobe.com)

nzorn · ‎04-08-2024

Workaround (Disable User Choice Protection Driver Service):
Disable-ScheduledTask "UCPD velocity" "\Microsoft\Windows\AppxDeploymentClient\"
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\UCPD" -Name "Start" -Value 4 -Type DWord -Force

Source: https://www.bleepingcomputer.com/news/microsoft/new-windows-driver-blocks-software-from-changing-def...

kev-h · ‎04-08-2024

Can confirm. After making the changes to my test pool, DEM is able to set the default browser and pdf reader again. Here's the article I found explaining it:

New Windows driver blocks software from changing default web browser (bleepingcomputer.com)

GTO455 · ‎04-08-2024

Thanks @nzorn and @kev-h for posting the fix!

blong24 · ‎04-17-2024

This appears to work for me as well. Thanks, @nzorn.

All

DEM Default Browser Roaming breaks with March Windows 10 Updates