fslogix (user's registry hive was missing) Renaming corrupt user profile disk on login
System information:
Windows Server 2016
fslogix version 2.9.7979.62170
user count about 180.
affected users: about 5-10 so far.
My team recently moved to using fslogix to handle all our profiles so we could more easily move our cloud clients that we host in our DC to various systems by storing their profiles on a file server. Since we have implemented this, randomly we are getting reports of users having problems running our software. When they load our software a registry key has to modified and if it can't it'll throw an error. This stops them from logging in. In each case where this happens we check the fslogix logs and see the following.
[11:46:22.890][tid:00000e70.0003db70][INFO] VHD(x) Mounted: \Files-DC01-01\Profiles\user02_S-1-5-21-982881632-1095161353-1905309208-34876\Profile_user02.VHDX, VolumeName: \?\Volume{ee1dc6fc-688f-4891-9fec-042ed5f06422}\
[11:46:23.010][tid:00000e70.0003db70][INFO] Detached vhd(x)
[11:46:23.010][tid:00000e70.0003db70][INFO] VHD(x) Detach request returning after 109 milliseconds
[11:46:23.015][tid:00000e70.0003db70][ERROR:00000002] Creating new user profile disk (user's registry hive was missing) (The system cannot find the file specified.)
[11:46:23.015][tid:00000e70.0003db70][INFO] Renaming corrupt user profile disk. From: \Files-DC01-01\Profiles\user02_S-1-5-21-982881632-1095161353-1905309208-34876\Profile_user02.VHDX To: \Files-DC01-01\Profiles\user02_S-1-5-21-982881632-1095161353-1905309208-34876\CORRUPT_324fa421-9f60-4d36-9ae3-2fd4ea44b82b_Profile_user02.VHDX
[11:46:23.015][tid:00000e70.0003db70][INFO] Session configuration wrote (REG_SZ): SOFTWARE\FSLogix\Profiles\Sessions\S-1-5-21-982881632-1095161353-1905309208-34876\CorruptDiskFilename = 'CORRUPT_324fa421-9f60-4d36-9ae3-2fd4ea44b82b_Profile_user02.VHDX'
[11:46:23.025][tid:00000e70.0003db70][INFO] Rename was successful
The user is logged in but everything on there desktop is gone except the items we put there for every user through a separate GPO and our software doesn't work.
To resolve the problem of opening our software we delete the user from the domain and readd them and that resolves the problem. This user though has had this happen to them twice in about a week.
The only thing I have noticed that may or may not be related is a logoff about 4 seconds before the logon in this last case. We suspect because of lost of connection to the RDS
but are not sure.
Googling around for this we attempted to add the ADMX in our GPO of "prevent login with temp profile" and "prevent login with failure" but that did not prevent login or stop the error. I found the cleanupinvalidsessions just now and implemented it after fixing the users account, but reading some other threads it doesn't seem to work or fix their specific problems. I'll report back if this fixes the problem.
Ultimately if the logging provided any clue as to why the VHDX are getting corrupt in the logging we might be able to fix this.
Here is a link to the full logout and login for the user.
Note the user had logged in and out several times during the same day with out issue until this attempt.
https://drive.google.com/file/d/1Z6je5rN0EgPtSVRpe7q26_58lGAJicKI/view?usp=sharing