Environment
We are currently creating a windows 10 (1703) image and are testing the workings of all the features and applications. The environment uses local profiles and VMWare UEM version (9.2.0.701) and we use the Advance UEM GPO setting to remove the profile after logoff.
Problem
Part of Windows 10 are the apps from the Store which are visible in the start menu. We are now seeing that after the user has logged on twice on the same machine all the apps disappear from the start menu and will not return. The problem persists for the user on that machine unless two things happen:
- the user profile is deleted via advanced system settings in Windows;
- Machine is reinstalled.
Troubleshooting
To test we setup VMware UEM without any configuration (no shortcuts no Config file, no conditionsets, nothing.) and have only applied our GPO settings(see GPO settings below). When UEM is turned off (no config set) the problem does not occur. When we turned on the test config the problem would occur after two logons.
The first suspect was the local profile deletion so we turned this feature off and tried again and as expected the problem did not occur anymore.
Our guess of the cause?
We are unable to find a solution for this issue at it seems it might be a timing issue or maybe 1703 changes the way it stores user app information and the way UEM does the deletetion creates some sort of lock on this new method.
Does anyone have a similar issue or is there a solution out there for this problem.
----------------------------------------------------
GPO Settings
----------------------------------------------------
DirectFlex – advanced settings Enabled
------------------------------------------------------
Only export at logoff Disabled
------------------------------------------------------
Show DirectFlex notifications Enabled
Notification delay in seconds: 5
------------------------------------------------------
Hide DirectFlex exit notification Enabled
------------------------------------------------------
Flex config files Enabled
Central location of Flex config files: \\xxxxx\xxxxx$\
------------------------------------------------------
Process folder recursively Enabled
------------------------------------------------------
FlexEngine logging Enabled
Path and name of log file: \\xxxxxx\Flexprofiles.log
Log level: Info
Maximum log file size in kB: 1024
------------------------------------------------------
Log total size of profile archive and profile archive backups folders Enabled
------------------------------------------------------
Paths unavailable at logon Enabled
If Flex config files path is not available: Skip import
Optional message to display: xxxxxxx
Timeout after which to dismiss message: 10
If profile archive path is not available: Apply user environment settings
Optional message to display: xxxxxxxxx
Timeout after which to dismiss message: 10
------------------------------------------------------
Profile archive backups Enabled
Location for storing user profile archive backups: \\xxxxxx\Backups
Hide backup folder Disabled
Number of backups per profile archive: 2
------------------------------------------------------
Create single backup per day Enabled
------------------------------------------------------
Profile archives Enabled
Location for storing user profile archives: \\xxxxxx\xxxx
------------------------------------------------------
Hide profile archive folder Disabled
------------------------------------------------------
Compress profile archives Enabled
------------------------------------------------------
Retain file modification dates Enabled
------------------------------------------------------
Run FlexEngine as Group Policy Extension Enabled
------------------------------------------------------
Advanced settings
------------------------------------------------------
Remove local profile at logoff Enabled
------------------------------------------------------
Do not apply to members of the local administrators group Disabled
Regards,
Erik
This is a know issue with Windows 10 and the 'remove local profile at logoff' option. Windows leaves user SID information behind at this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore
When you manually remove the user SID key there, the issue is gone. We are trying to fix this in the future.
Why are you using this 'remove local profile at logoff' feature in the first place? Why not use Linked Clones or Instant Clones that refresh at logoff?
This is a know issue with Windows 10 and the 'remove local profile at logoff' option. Windows leaves user SID information behind at this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore
When you manually remove the user SID key there, the issue is gone. We are trying to fix this in the future.
Why are you using this 'remove local profile at logoff' feature in the first place? Why not use Linked Clones or Instant Clones that refresh at logoff?
Pim,
Thanks for the reply
For now we might have to make a script that cleans the SID from the registry, does the future(fix) have an ETA (weeks, months, year?).
Regards,
Erik
Thanks for your reply.
Are the physical workstations not personal or used by only 1 or maybe a handful of people? Because in that case the local profile can stay on the machine and does not need to be deleted. This will also improve the logon time for the second and next logons.
I don't have details on dates for a possible fix.
The machines are used by multiple users in most cases, and with the current Win7 environment we had some issues when we retained the profiles locally. So deleting the profiles is unfortunatly the way to go for us.
I'm currently in the process of building some sort of script that deletes the SID after logoff of the user with a system user, it won't be pretty but it should work.
Consider to re-evaluate the decision to remove the local profiles. With Windows 10, it saves a ton of time at logon if the local profile is already present at the computer.
Maybe the issues you had with Windows 7 are no longer relevant on Windows 10.
Doesn't hurt to test and will save you a lot of manual scripting, etc. and gives your users faster logon times also.
Just in case someone finds this old thread: UEM 9.4 contains a fix for this problem.