Skip to content

Carl Stalhood
Filling gaps in EUC vendor documentation
 Citrix Virtual Apps and Desktopsexpand child menu
 Citrix Profile Management 1906
 Citrix Provisioning 1906
 Citrix App Layering 1908
 Citrix StoreFrontexpand child menu
 Citrix ADC / NetScalerexpand child menu
 Citrix Workspace app 1907
 VMware Horizonexpand child menu
 EUC Weekly Digests
 About Carl Stalhood

Search
Search for:
RECENT POSTS

 Self-Service Password Reset (SSPR) – Citrix ADC

 EUC Weekly Digest – August 31, 2019

 EUC Weekly Digest – August 24, 2019
 EUC Weekly Digest – August 17, 2019
 EUC Weekly Digest – August 10, 2019
CATEGORIES

Categories
TOP POSTS & PAGES

 Welcome! - and Change Log

 Citrix Profile Management 1906

 VMware Unified Access Gateway 3.6
 Citrix Workspace app 1907
 Virtual Delivery Agent (VDA) 7.15.4000 LTSR
FOLLOW ME ON TWITTER

SUBSCRIBE TO BLOG VIA EMAIL

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Email Address

SUBSCRIBE
RSS FEEDS

 RSS - Posts

 RSS - Comments

Citrix Profile Management 1906

Last Modified: Aug 30, 2019 @ 9:26 am
830 Comments

Navigation
This article applies to all versions of Profile Management: 1906, 1903, LTSR 7.15, 5.8, 5.7, etc.
  Change Log

 Planning:

o Versions
o Configuration Options
o Multiple datacenters
o DFS Namespace
 Create User Store (File Share)
 GPO ADMX Policy Template

 Group Policy Settings

o Basic Settings
o Exclusions, Synchronization, Mirroring, and Profile Container
o Log Settings
o Profile Streaming
 Mandatory Profile – Citrix Method
 Redirected Profile Folders (Folder Redirection)
 Verify Profile Management
 Troubleshooting
� = Recently Updated

Change Log
 2019 Jun 22 – File sync and Mirroring – added info from Citrix’s Start Menu Roaming documentation
 2019 Jun 21 – Updated ADMX section for version 1906
 2019 May 3 – Profile Container – added link to CTX247569 Citrix Profile Management: Troubleshooting
Profile Containers
 2019 Apr 27 – Registry Exclusions – added Office registry key from Nick Panaccio in the comments.
 2019 Apr 24 – Outlook Search Roaming – added link to Profile Management 1903 Hotfix 1
 2019 Apr 23 – updated Versions section with 7.15.4000 (Cumulative Update 4)
 2019 Apr 7 – Folders to Mirror – added info from CTX235698 Issues to synchronize bookmarks of Google
Chrome using Citrix UPM on latest LTSR version (7.15 CU2)
 2019 Mar 31 – new Profile Container section for version 1903
 2019 Mar 28 – Updated ADMX section for version 1903
 2019 Jan 8 – Exclusion List – Directories – added IEDownloadHistory from IE11 Download Manager Not
Working with Citrix Profile Management at Citrix Discussions
 2018 Dec 18 – Outlook Search Roaming – Profile Management Path to User Store must be all lower case or
else the VHDX files will not unmount at logoff (source = eastwood357 at Outlook OST and Search vhdx not
unmounting after log off at Citrix Discussions)
 2018 Dec 16 – Outlook Search Roaming – new template VHDX file
 2018 Dec 15 – Updated ADMX section for version 1811
 2018 Oct 30 – updated Versions section with 7.15.3000 (Cumulative Update 3)
 2018 Sep 28 – Folders to Mirror – added info from CTX238525 Google Chrome extensions are getting
corrupted when using using UPM
o Folders to Mirror – added info from CTX232587 Citrix UPM + WEM – Google Chrome does not
remember user login data
o Exclusions – added info from Exclusions for Google Chrome at Citrix Discussions
 2018 Sep 26 – Folders to Mirror – added info from CTX238419 UPM 7.15.2000: With Profile Management
Enabled, Blank Icons Might Appear In The Start Menu In The Published Desktops
 2018 Sep 2 – Updated ADMX section for version 1808
 2018 July 13 – Folders to Mirror – for Win10 1709, add Signatures and Chrome settings to Folders to
Mirror (source = Citrix Discussions)

Planning

Profile Management Versions

Profile Management is included with the installation of Virtual Delivery Agent. For VDAs, to upgrade Profile Management, simply upgrade your VDA software. Here are the currently
supported versions of VDA:

 VDA Current Release 1906

 VDA Long Term Service Release (LTSR) 7.15.4000
  VDA Long Term Service Release (LTSR) 7.6.8000

Or you can download the individual Profile Management component and install/upgrade it separate from the VDA. You can even install it on non-VDA machines (e.g. PCs accessed by
licensed Citrix users).

The latest Current Release of Citrix Profile Management is version 1906, which can be downloaded from Citrix Virtual Apps and Desktops 7 1906. To find it, click Components that
are on the product ISO but also packaged separately.

 Hotfix 1 for Profile Management 1903 fixes an issue with Outlook Search roaming. This hotfix applies to
VDA 1903, but is not needed in VDA 1906.

The latest Long Term Service Release (LTSR) of Citrix Profile Management is Version 7.15.4000, which can be downloaded from XenApp/XenDesktop 7.15.4000. To find it,
click Components that are on the product ISO but also packaged separately. Note: the versioning jumped from 5.8 to 7.15.

Profile Management Configuration Options

Profile Management consists of a Service (installed on the VDAs), a file share, and configuration settings.

There are four methods of delivering configuration settings to the Citrix Profile Management service:

 Microsoft group policy

o Profile Management GPO settings are provided by an ADMX file

  Citrix Policies

o Either in Citrix Studio > Policies node

o Or in a Group Policy Object Editor > Citrix Policy (assuming Citrix Group Policy Management Plug-
in is installed)
 Citrix Workspace Environment Management (WEM)
 UPMPolicyDefaults.ini file
If a UPM setting is not configured in GPO, Citrix Policy, or WEM, then the default setting in the UPMPolicyDefaults.ini file takes effect. The .ini file is located in C:\Program
Files\Citrix\User Profile Manager on every machine that has Profile Management service installed.
Microsoft Group Policy (ADMX file) is probably the most reliable method of delivering configuration settings to the Profile Management services. This method uses the familiar Group
Policy registry framework. Just copy the Profile Management ADMX files to PolicyDefinitions and start configuring. The configuration instructions in this article use the GPO ADMX
method.
The Citrix Policies configuration method requires Citrix Studio, or Citrix Group Policy Management Plug-in. On the Profile Management service side, only VDAs can read the Citrix
Policies settings.

 Citrix Policies has settings for Folder Redirection. If you use Citrix Policy to configure Folder Redirection,
then the Folder Redirection settings only apply to VDAs that can read Citrix Policies. To apply to Folder
Redirection to more than just VDAs, configure Folder Redirection using normal Microsoft Group Policy as
detailed below.

 If you’re going to use Microsoft Group Policy to configure Folder Redirection, then you might as well use
Microsoft Group Policy to also configure Citrix Profile Management.

Citrix Workspace Environment Management can also deliver configuration settings to the Profile Management services. This option requires the WEM Agent to pull down the settings
from the WEM Brokers and apply them to Profile Management. It can sometimes be challenging to troubleshoot why WEM is not applying the settings.

Try not to mix configuration options. If you use both WEM and GPO, which one wins?

Multiple Datacenters

For optimum performance, users connecting to Citrix in a particular datacenter should retrieve their roaming profiles from a file server in the same datacenter. If you have Citrix in
multiple datacenters, then you will need file servers in each datacenter.

DFS active/active replication of roaming profiles is not supported. This limitation complicates multi-datacenter designs.
For active/active datacenters, split the users such that different users have different home datacenters. Whenever a particular user connects, that user always connects to the same
datacenter, and in that datacenter is a file server containing the user’s roaming profile. StoreFront uses Active Directory group membership to determine a user’s home datacenter.
For users that connect to Citrix in multiple datacenters, there are a couple options:

 The user’s roaming profile is located in only one datacenter – If the user connects to a remote datacenter, then
the roaming profile must be transmitted across the WAN. To optimize performance, disable Active Write
Back, and make sure Profile Streaming is enabled.

 The user has separate profiles for each datacenter – There is no replication of profiles between datacenters.
This scenario is best for deployments where different applications are hosted in different datacenters.
Disaster Recovery – For disaster recovery scenarios, the user’s roaming profile data (and home directories) must be recovered in a different datacenter. Here are some considerations:

 Use DFS One-way replication. After the disaster, edit the DFS Namespace folder target to point to the file
server in the DR datacenter. You must avoid multi-master DFS replication/namespace.

 Use VMware SRM or similar to recover the file server in the DR datacenter.

 A datacenter failover might result in multiple file servers accessed from a single VDA, especially if you have
users split across datacenters. Use DFS Namespaces as detailed below.

DFS Namespace

DFS Namespace for central user store – The Citrix Profile Management user store path is a computer-level setting, meaning there can only be one path for every user that logs into a
particular VDA. If you have different users with roaming profiles on different file servers, then you must use Active Directory user attributes and DFS namespaces to locate the user’s file
server. Here is an overview of the configuration:
 Create a domain-based DFS namespace with folder targets on different file servers. See Scenario 1 – Basic
setup of geographically adjacent user stores and failover clusters at Citrix Docs for more information.
 Do not enable two-way DFS Replication for the roaming profile shares. But you can do One-way DFS
replication. See Scenario 2 – Multiple folder targets and replication at Citrix Docs for more information.

 Edit each user in Active Directory with a location (l) attribute that matches the DFS folder name.

 Set the Profile Management user store path

to \\corp.local\CtxProfiles\#l#\#SAMAccountName#\!CTX_OSNAME!!CTX_PROFILEV
ER!. This pulls the user’s l attribute from Active Directory and appends that to the DFS share. The folder that
matches the attribute value is linked to a file server. For example, if the user’s l attribute is set to Omaha, then
the user’s profile will be located at \\corp.local\CtxProfiles\Omaha\user01\Win2016v6. The Omaha folder is
linked to a file server in the Omaha datacenter.
Create User Store
This procedure could also be used to create a file share for redirected profile folders.

If you intend to place Citrix Profile Management roaming profiles in the user’s home directory, then there is no need to follow the procedure in this section. Only use this section if you are
creating a new file share for storage of the Citrix roaming profiles.

Create and Share the Folder

1. Make sure file and printer sharing is enabled.

2. On the file server that will host the file share, create a new folder and name it CtxProfiles or similar.
3. Share the folder.

4. Give Everyone (or some other group that contains all Citrix Users) Full Control (Read/Write). Click Share,
and then click Done.
5. Go to the Properties of the folder.

6. On the Sharing tab, click Advanced Sharing.

 7. Click Caching.

8. Select No files or programs. Click OK, and then click Close.

Folder (NTFS) Permissions

1. Open the properties of the new shared folder.
2. On the Security tab, click Edit.
3. For the Everyone entry, remove Full Control and Modify. Make sure Write is enabled so users can create
new folders.

4. Add CREATOR OWNER and give it Full Control. This grants users Full Control of the folders they create.
Click OK.
5. Now click Advanced.

6. Highlight the Everyone permission entry, and click Edit.

7. Change the Applies to selection to This folder only. Click OK three times. This prevents
the Everyone permission from flowing down to newly created profile folders.
Access Based Enumeration

With this setting enabled, users can only see folders to which they have access:

1. In Server Manager, on the left, click File and Storage Services.

2. If you don’t see Shares then you probably need to close Server Manager and reopen it. Or perform a refresh.
3. Right-click the new share and click Properties.
 4. On the Settings page, check the box next to Enable access-based enumeration.

GPO ADMX Policy Template

1. You can find the GPO ADMX templates on the main Citrix Virtual Apps and Desktops 1906 ISO in
the \x64\ProfileManagement\ADM_Templates\en folder.
 Or, they are included in the separate Profile Management download in the \Group Policy
Templates\en folder.
2. Copy the file ctxprofile.admx (or ctxprofile7.15.4000.admx) to the clipboard.
3. If your domain has PolicyDefinitions copied to SYSVOL, paste the file there.

 If you don’t have SysVol PolicyDefinitions, then go to C:\Windows\PolicyDefinitions and paste the
file.

4. If you have an older version of the ctxprofile.admx file in either location, delete it. Note: replacing the .admx
file does not affect your existing Profile Management configuration. The template only defines
 the available settings, not the actual settings.

5. Go back to the Citrix Profile Management Group Policy Template files.

6. Copy ctxprofile.adml (or ctxprofile7.15.4000.adml) to the clipboard.
7. If your domain has a PolicyDefinitions central store in SYSVOL, copy it to the en-us folder in
SYSVOL. This is a subfolder of the PolicyDefinitions folder.
 If you don’t have SysVol PolicyDefinitions,, then go to C:\Windows\PolicyDefinitions\en-US and
paste the file. This is a subfolder of the PolicyDefinitions folder.
8. If you have an older version of the ctxprofile.adml file in the en-US folder in either location, delete it.

9. Go up a folder, and then open the CitrixBase folder.

10. In the CitrixBase folder, copy the file CitrixBase.admx to the clipboard.

11. If your domain has PolicyDefinitions copied to SYSVOL, paste the file there.
  If you don’t have SysVol PolicyDefinitions, then go to C:\Windows\PolicyDefinitions and paste the
file.

12. Go back to the Citrix Profile Management Group Policy Templates, and copy CitrixBase.adml to the
clipboard.
13. If your domain has a PolicyDefinitions central store in SYSVOL, copy it to the en-us folder in
SYSVOL. This is a subfolder of the PolicyDefinitions folder.
  If you don’t have SysVol PolicyDefinitions,, then go to C:\Windows\PolicyDefinitions\en-US and
paste the file. This is a subfolder of the PolicyDefinitions folder.

Group Policy Settings

1. Edit a GPO that applies to all machines (VDAs) that have the Profile Management service installed.
2. Go to Computer Configuration | Policies | Administrative Templates | Citrix Components | Profile
Management.
 Note: if you did not install the CitrixBase.admx file, then you can find Profile Management directly
under the Administrative Templates node instead of under Citrix Components.
3. Enable the setting Enable Profile management. Profile Management will not function until this setting is
enabled.

4. If desired, enable the setting Process logons of local administrators.

5. Enable Path to user store.

6. Specify the UNC path to the folder share. An example path

= \\server\share\#SAMAccountName#\!CTX_OSNAME!!CTX_PROFILEVER!

1. Profile Versions– Different OS versions have different profile versions. Each profile version only
works on specific OS versions. For example, you cannot use a Windows 7 profile (v2) on Windows 10
1607 (v6). The variables in the path above ensure that every unique profile version is stored in a unique
folder. If users connect to multiple operating system versions, then users will have multiple profiles.
i. Windows 10 Profile Versions – Windows 10 has two different profile versions. Windows 10
build 1511 and older use v5 profiles. Windows 10 build 1607 and newer use v6 profiles. v5 and
v6 profile versions are incompatible so they should be separated.
ii. Resolved variables – With the example user store path shown above, if the user logs into
Windows 2012 R2 RDSH, the profile folder will be \\server\share\user01\Win2012R2v4. If
the user logs into 64-bit Windows 10 build 1607, the profile folder will
be \\server\share\user01\Win10RS1v6.
 iii. Windows 10 v6 vs Windows 2016 v6 – Both Windows 10 (1607 and newer) and Windows
Server 2016 use v6 profiles. Do you want to use the same profile for both platforms? If so,
remove !CTX_OSNAME! from the Path. Note: Windows 10 supports Store apps while
Windows 2016 does not. If you’re allowing Store apps, then it’s probably best to use different
profiles for both OS platforms.
iv. Windows 2012 R2 warning: in older versions of Citrix Profile
Management, !CTX_PROFILEVER! recognizes Windows 2012 R2 as v2, which isn’t correct.
v2 is Windows Server 2008 R2, while Windows Server 2012 R2 is v4. The profile version bug
was fixed in Profile Management 5.4 and newer. If you have existing Windows 2012 R2 profiles
based on the !CTX_PROFILEVER! variable set to v2, after upgrading to 5.4 or newer,
then your profiles might stop working . See http://discussions.citrix.com/topic/374111-psa-upm-
54-ctx-osname-server-2012-value-change/ for more details.
2. Windows 10 and !CTX_OSNAME!: Profile Management on Windows 10 1607
sets !CTX_OSNAME! to Win10RS1. On Windows 10 1703, !CTX_OSNAME! is set
to Win10RS2. On Windows 10 1709, !CTX_OSNAME! is set to Win10RS2 (a bug?). RS = Redstone
(Microsoft codeword). If you use !CTX_OSNAME! in your profile store path, then Windows 10 1709,
Windows 10 1703, and Windows 10 1607 will have separate profiles. The profiles from these OS
versions are probably compatible so it might be OK to use the same profile across all three Windows
10 versions. Otherwise, with !CTX_OSNAME! in the path, whenever you upgrade the Windows 10
version (feature upgrade), users will lose their profile settings.
3. Multiple Domains – If you have multiple domains, in the user profile store path, change
#SAMAccountName#
to %username%.%userdomain% (e.g. \\server\share\%username%.%userdomain%\!C
TX_OSNAME!!CTX_PROFILEVER!). That way you can have the same account name in multiple
domains and each account will have a different profile.
4. Hard Code Store Path – Instead of using variables, you can specify a hard coded path. However, the
profile incompatibility restrictions listed above still apply. To avoid applying a single profile across
multiple operating system versions, place VDAs with different OS versions in different OUs, and then
use different Profile Management GPOs on those OUs to specify different Profile Management user
store paths.
7. Disable Active write back. This feature places additional load on the file server and is only needed if users
login to multiple machines concurrently and need mid-session changes to be saved, or if users never log off
from their sessions. Note: if you don’t disable this, then it is enabled by default.

8. On the left, go to the Advanced settings node.

 9. Enable the setting Process Internet cookie files on logoff.

10. In 5.6 and newer, Customer Experience Improvement Program (CEIP) is enabled by default. It can be
disabled here.
11. See https://www.carlstalhood.com/delivery-controller-1903-and-licensing/#ceip for additional places where
CEIP is enabled.

12. Profile Management 7.18 adds Enable search index roaming for Outlook.

Notes on Outlook OST and Search roaming:

1. Microsoft FSLogix is a superior product that is now free. For details, see the FSLogix section in the VDA
articles. �

2. Citrix’s feature is only supported with Office 2016 on Windows 10 1709, Windows 10 1803, and Windows
Server 2016.
3. Windows Server 2019, Windows 10 1809, and Office 2019 are not supported as of Profile Management
1906.
4. Profile Management 1906 adds support for 64-bit Outlook 2016.
5. VDA 1906 is recommended for the bug fixes for this feature. You can upgrade the VDA without upgrading
your Delivery Controllers.

 Hotfix 1 for Profile Management 1903 fixes an issue with Outlook Search roaming in VDA 1903. This
hotfix is only for VDA 1903 and is not needed in VDA 1906.

6. Concurrent sessions on multiple machines are not supported.

7. After the first user logon, Profile Management 1811 and newer creates a template VHDX file in a folder
named UpmVhd at the root of the user store. The template file is copied to new users, thus speeding up
VHDX creation.
8. In the user’s profile location, a new folder called VHD is created.

9. Inside the \VHD\Win2016 folder are two new thin provisioned .vhdx files – one for OST, one for Search.
The per-user .vhdx files are copied from the parent template.

10. UPM grants Domain Computers Full Control of the VHDX files. Users must have Full Control to the Profile
Share, and UPM Folder to be able to grant this permission. Modify permissions are not sufficient. (Source
 = Robert Steeghs The Citrix Profile management could not mount virtual disk)

11. When the user logs into a Citrix session, the two VHDXs are mounted
to %localappdata%\Microsoft\Outlook and %appdata%\Citrix\Search. This means that OST files and
Search Indexes are stored in the VHDX instead of in the user’s profile.
12. eastwood357 at Outlook OST and Search vhdx not unmounting after log off at Citrix Discussions says that
the Profile Management Path to User Store must be all lower case or else the VHDX files will not unmount at
logoff.

13. Only enable this feature for users with new Outlook profiles. If the user already has an .ost file, then you’ll
see an error about missing .ost when Outlook is launched.
14. The Search roaming feature is only supported with specific versions of Windows Search service. Event Log
will tell you if your Windows patches are too new.

15. VHDX files can only be mounted on one machine at a time. If you login to two VDAs, and if both try to
mount the same VHDX files, then you’ll see errors in Event Viewer.

16. For a detailed explanation of how the per-user Search Index works, see CTX235347 Citrix Profile
Management: VHDX-based Outlook cache and Outlook search index on a user basis.
Exclusions, Synchronization, and Mirroring – 5.5 and newer
The Exclusions process in 5.5 and newer is dramatically simplified. If you haven’t yet deployed 5.5 or newer, and it’s corresponding ADMX file, then skip to the older Exclusions process.
1. Under the File system node in the Group Policy Editor, enable the setting Enable Default Exclusion List –
directories.
2. You can use checkboxes to not exclude some folders.

3. Then edit Exclusion list – directories.

4. Enable the setting, and click Show.

5. Add the following to the list.

6. AppData\Local\Microsoft\Windows\INetCache

7. AppData\local\Microsoft\Windows\IEDownloadHistory
8. AppData\Local\Microsoft\Internet Explorer\DOMStore
9. AppData\Local\Google\Software Reporter Tool
AppData\Local\Google\Chrome\User Data\Default\Media Cache
 Note: if you see errors in Office programs (e.g. ―Word could not create the work file‖), then you might
have to use Group Policy Preferences to
recreate %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache at logon.
Source = Olav Lillebo Errors when starting published Microsoft Office applications.

 Additional Chrome Exclusions are listed at Exclusions for Google Chrome at Citrix Discussions.
 Also see CTP Matthias Schlimm Google Chrome – Citrix UPM Configuration with Mirroring
10. Newer versions of Office Click-to-run let you roam the shared computer activation licensing token.
See Overview of shared computer activation for Office 365 ProPlus and search for ―roam‖. The licensing
tokens also last 30 days instead of 2-3 days. Source = Rick Smith in the comments. Ideally you should have
ADFS integration so users can seamlessly re-activate Office.
11. James Rankin has a much longer list of exclusions and synchronizations at Everything you wanted to know
about virtualizing, optimizing and managing Windows 10…but were afraid to ask – part #6: ROAMING.

12. Nick Panaccio at IE11 Enterprise Mode and UPM at Citrix Discussions has a list of exclusions for IE in
Enterprise Mode.
13. appdata\local\microsoft\internet explorer\emieuserlist

14. appdata\local\microsoft\internet explorer\emiesitelist

appdata\local\microsoft\internet explorer\emiebrowsermodelist

15. Then click OK twice to return to the Group Policy Editor.

16. You might need to exclude usrclass.dat* from roaming. Some articles say exclude it, others say include it
(for file type association or Start Menu pinned applications). The UPMPolicyDefaults_all.ini file has it listed
as an exclusion, but Citrix’s Start Menu Roaming documentation says to include it (don’t exclude it). �
1. Instead of roaming usrclass.dat, you can
export/import HKCU\SOFTWARE\Classes\Applications as described by Christoph Kolbicz at User
File Type Association Roaming on Server 2016 with Citrix User Profile Manager.
2. Edit the setting Exclusion list – files.

3. Enable the setting, and click Show.

4. Add the following. Then click OK twice.

5. !ctx_localappdata!\Microsoft\Windows\UsrClass.dat*

17. Clean up excluded folders – If you add to the exclusions list after profiles have already been created, Profile
Management 5.8 has a feature that can delete the excluded folders at next logon. See To enable logon
exclusion check at Citrix Docs. In Profile Management 7.15 and newer, Logon Exclusion Check is
configurable in group policy under the File System node.
 0. In Profile Management 5.8, Logon Exclusion Check is only configurable in the .ini file.

1. Also see Muralidhar Maram’s post at Citrix Discussions for a tool that will clean up the existing
profiles.
2. Also see Jeremy Sprite Clean Citrix UPM Profiles.

Directories to Synchronize

1. Under the File System\Synchronization node in the Group Policy Editor you can configure which profile
folders should be synchronized that have otherwise been excluded.
2. Edit the setting Directories to synchronize.
3. Enable the setting, and click Show.

4. Profile Management 7.16 Fixed Issues says that AppData\Local\Microsoft\Windows\Caches should be

synchronized. Also see CTX234144 Start Menu Shows Blank Icons on VDA 7.15 LTSR CU1/7.16/7.17 with
UPM Enabled.
5. To configure Profile Management to sync Saved Passwords in Internet Explorer, add the following directories
as detailed by gtess80 at Internet Explorer 11 Saved Passwords Not Retaining Between Sessions at Citrix
Discussions. However, if Microsoft Credentials Roaming is enabled, then you should instead exclude these
folders from roaming as detailed at CTX124948 How to Configure Citrix Profile Manager when Microsoft
Credentials Roaming is Used in the Environment.
6. AppData\Local\Microsoft\Windows\Caches
7. AppData\Local\Microsoft\Credentials
8. Appdata\Roaming\Microsoft\Credentials
9. Appdata\Roaming\Microsoft\Crypto
10. Appdata\Roaming\Microsoft\Protect
Appdata\Roaming\Microsoft\SystemCertificates

11. Start Menu and File Type Associations:

1. If Windows 10 1703 or newer, see James Rankin Roaming profiles and Start Tiles (TileDataLayer) in
the Windows 10 1703 Creators Update for information on the new location for Tile data. Citrix Profile
Management 5.8 and newer should handle this automatically.
2. See David Ott’s list of UPM exclusions for Windows 10. This blog post also details how to roam the
Windows 10 Start Menu and prevent file share locks.
3. To roam Start Menu and/or File Type Associations in Windows 10 or Windows Server 2016, see
CTX214754 Error ―An app default was reset‖ after signout and Logon in Citrix UPM for info on why
this is difficult.
4. Instead of roaming usrclass.dat, you can
export/import HKCU\SOFTWARE\Classes\Applications as described by Christoph Kolbicz at User
File Type Association Roaming on Server 2016 with Citrix User Profile Manager.
5. Daniel Feller at Sync the Windows 10 Start Menu in VDI says that
configuring SettlementPeriodBeforeAutoShutdown might improve reliability of Start Menu
roaming, assuming users log out of the virtual desktop instead of rebooting the virtual desktop. On a
Delivery Controller, open PowerShell, and run the following:
6. asnp citrix.*

Set-BrokerDesktopGroup -Name "NAME_OF_DESKTOP_GROUP" -

SettlementPeriodBeforeAutoShutdown 00:00:15

7. With VDA 7.15 Update 1, the icons on the Start Menu of Windows 2012 R2 and Windows 2016 are
sometimes blank.
 This is fixed in Profile Management 7.18 (VDA 7.18).
 To work around this issue, use Group Policy Preferences to set the following registry value at
every logon: (source = Windows 2016 Start menu blank icons with 7.15 CU1 at Citrix
Discussions, and CTX234144 Start Menu Shows Blank Icons on VDA 7.15 LTSR
CU1/7.16/7.17 with UPM Enabled)

o HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\StateStore\

 ResetCache (DWORD) = 1
  Another option is to
exclude HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Advanced\StartMenuInit from roaming, or delete it at logoff. See Serge Bouwens at Citrix
Discussions.
12. Click OK twice.

Files to Synchronize

1. Edit Files to synchronize.

2. Enable the setting, and click Show

3. Add the following three entries so Java settings are saved to the roaming profile:
4. AppData\LocalLow\Sun\Java\Deployment\security\exception.sites

5. AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs

6. AppData\LocalLow\Sun\Java\Deployment\deployment.properties
 7. Bob Bair at Citrix Discussions recommends these additional files for Chrome:
8. AppData\Local\Google\Chrome\User Data\First Run

9. AppData\Local\Google\Chrome\User Data\Local State

10. AppData\Local\Google\Chrome\User Data\Default\Bookmarks

11. AppData\Local\Google\Chrome\User Data\Default\Favicons

12. AppData\Local\Google\Chrome\User Data\Default\History

AppData\Local\Google\Chrome\User Data\Default\Preferences

13. Citrix’s Start Menu Roaming documentation says

that Appdata\Local\Microsoft\Windows\UsrClass.dat* should be added to the list. �
14. Then click OK twice to return to the Group Policy Editor.

Folders to mirror

1. In the Synchronization node, enable the setting Folders to mirror.

2. Enable the setting, and click Show.

 Settings required for Internet Explorer 10 and later versions for browser compatibility at Citrix Docs
indicate that the first three folders shown below must be mirrored in order for the Windows 10 Start
Menu to function correctly.
 CTX222433 Start Menu Layout Roaming on Windows 10 indicates that TileDataLayer should be
mirrored
 CTX238419 UPM 7.15.2000: With Profile Management Enabled, Blank Icons Might Appear In The
Start Menu In The Published Desktops says that AppData\Local\Microsoft\Windows\Caches should
be mirrored.
 To prevent Chrome Extension corruption, add AppData\Local\Google\Chrome\User
Data\Default\Extensions to Folders to Mirror (source = CTX238525 Google Chrome extensions are
getting corrupted when using using UPM)
 For Chrome login data, add AppData\Local\Google\Chrome\User Data\Default\Login
Data and AppData\Local\Google\Chrome\User Data\Default\Last Session to Folders to Mirror
(source = CTX232587 Citrix UPM + WEM – Google Chrome does not remember user login data)
 For Chrome Bookmarks, add AppData\Local\Google\Chrome\User Data\Default to Folders to
Mirror (source = CTX235698 Issues to synchronize bookmarks of Google Chrome using Citrix UPM
on latest LTSR version (7.15 CU2))
3. Add the following:
4. AppData\Roaming\Microsoft\Windows\Cookies

5. AppData\Local\Microsoft\Windows\INetCookies

6. AppData\Local\Microsoft\Windows\WebCache

7. AppData\Local\TileDataLayer
8. AppData\Local\Microsoft\Vault
9. AppData\Local\Microsoft\Windows\Caches
AppData\Local\Google\Chrome\User Data\Default

 These three are only needed if you didn’t include the entire Chrome User Data Default folder.

 AppData\Local\Google\Chrome\User Data\Default\Extensions
 AppData\Local\Google\Chrome\User Data\Default\Login Data
AppData\Local\Google\Chrome\User Data\Default\Last Session
10. Citrix’s Start Menu Roaming documentation says that Appdata\Local\Packages should be added to the
mirror list. �
11. For Windows 10 1709 and newer, you might have to add Outlook Signatures and Chrome to the Folders to
Mirror setting. Leave these folders in Folders to Synchronize, but also add them to Folders to Mirror.
(source = Citrix Discussions)
12. AppData\Roaming\Microsoft\Signatures

13. AppData\Local\Google\Chrome\User Data\First Run

14. AppData\Local\Google\Chrome\User Data\Local State

15. AppData\Local\Google\Chrome\User Data\Default\Bookmarks

16. AppData\Local\Google\Chrome\User Data\Default\Favicons

17. AppData\Local\Google\Chrome\User Data\Default\History

AppData\Local\Google\Chrome\User Data\Default\Preferences

18. Click OK.

19. According to CTX213190 Configure UPM to save password in Internet Explorer, you’ll also need a User
Configuration > Preferences > Windows Settings > Folders item to create
the %localappdata%\Microsoft\Vault folder.
Profile Container

1. Profile Management 1903 and newer have a Profile container setting:

2. Click the Show button to specify profile paths that should be placed in the mounted file share profile disk
(VHDX file) instead of copied back and forth at logon and logoff. This setting is for large cache files (e.g.
 Citrix Files cache), and is not intended for the entire profile. See Profile container at Citrix Docs.

3. See CTX247569 Citrix Profile Management: Troubleshooting Profile Containers.

Registry Exclusions

1. On the left, under Profile Management, click Registry.

2. On the right, open Enable Default Exclusion List.

3. Enable the setting. You can use the checkboxes to control which registry keys you don’t want to exclude.
4. According to Citrix CTX221380 Occasionally, File Type Association (FTA) Fails to Roam with Profile
Management 5.7 on Windows 10 and Windows Server 2016, Software\Microsoft\Speech_OneCore should
be unchecked. Click OK.
5. The setting Exclusion List under Registry lets you exclude registry keys from the roaming profile.

6. Nick Panaccio in the comments says that if Office with ADFS constantly prompts for login, then you should
exclude the following:
Software\Microsoft\Office\16.0\Common\Identity

7. Nick Panaccio at IE11 Enterprise Mode and UPM at Citrix Discussions has a list of registry exclusions for IE
in Enterprise Mode.
8. Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\EmieUserList

Software\Microsoft\Windows\CurrentVersion\Internet
Settings\5.0\Cache\Extensible Cache\EmieSiteList

9. Click OK when done.

 10. In 5.5 and newer is the NTUSER.DAT backup setting, which is disabled by default. You can enable it to
provide some resiliency against profile corruption.

11. Skip to the Log Settings section.

Exclusions – 5.4.1 and older

This section is for UPM 5.4.1 and older. For 5.5 scroll up to Exclusions – 5.5 and newer. Or if you’ve already configured the exclusions, then Skip to the Log Settings section.
The UPMPolicyDefaults.ini file includes a default list of exclusions. If you intend to add to the default list, you must first copy the exclusions from the .ini file to the GPO. Then you can
add exclusions to your GPO.
Note: this file was updated for Profile Management 5.4 and Windows 10 so if you are upgrading make sure you copy the new exclusions to the GPO. For
example, !ctx_localappdata!\TileDataLayer seems to have been added in 5.4.
1. Browse to a VDA, go to C:\Program Files\Citrix\User Profile Manager and open the
file UPMPolicyDefaults_all.ini using Notepad.

2. Under the File system node in the Group Policy Editor you can configure which profile folders should be
excluded from synchronization. Edit Exclusion list – directories.
3. Enable the setting and click Show
4. In the .ini file, scroll down to the SyncExclusionListDir section. Copy each of these lines to the GPO. Do not
include the equals sign on the end.

5. Add the following to the list. This is the new path for Temporary Internet Files in Windows 8 and later.
AppData\Local\Microsoft\Windows\INetCache

 Note: if you see errors in Office programs (e.g. ―Word could not create the work file‖), then you might
have to use Group Policy Preferences to recreate this folder at logon. Source = Olav Lillebo Errors
 when starting published Microsoft Office applications.

6. If running Office 365 with Shared Computer Activation, then you might need to
exclude !ctx_localappdata!\Microsoft\Office\15.0\Licensing and/or !ctx_localap
pdata!\Microsoft\Office\16.0\Licensing. Ideally you should have ADFS integration so users
can seamlessly re-activate Office at every launch.
 Note: newer versions of Office Click-to-run let you roam the licensing token. See Overview of shared
computer activation for Office 365 ProPlus and search for ―roam‖. Source = Rick Smith in
the comments.
7. James Rankin has a much longer list of exclusions and synchronizations at Everything you wanted to know
about virtualizing, optimizing and managing Windows 10…but were afraid to ask – part #6: ROAMING.
8. Then click OK twice to return to the Group Policy Editor.

9. To roam Start Menu and/or File Type Associations in Windows 10/2016, see CTX214754 Error ―An app
default was reset‖ after signout and Logon in Citrix UPM for details on the difficulty of roaming
FTAs. Instead of roaming usrclass.dat, you can
export/import HKCU\SOFTWARE\Classes\Applications as described by Christoph Kolbicz at User File
Type Association Roaming on Server 2016 with Citrix User Profile Manager.
10. You might need to exclude usrclass.dat*.
1. Edit the setting Exclusion list – files.
 2. Enable the setting and click Show.

3. Add the following. Then click OK twice. This is detailed as a Known Issue for Profile Management
5.4.
4. !ctx_localappdata!\Microsoft\Windows\UsrClass.dat*

11. Note: If you add to the exclusions list after profiles have already been created, then see Muralidhar Maram’s
post at discussions.citrix.com for a tool that will clean up the existing profiles. Also see Jeremy Sprite Clean
Citrix UPM Profiles.
12. Under the File System\Synchronization node in the Group Policy Editor you can configure which profile
folders should be synchronized that have otherwise been excluded.
13. Edit the setting Directories to synchronize.

14. Enable the setting and click Show.

15. To configure Profile Management to sync Saved Passwords in Internet Explorer, add the following directories
as detailed by gtess80 at Internet Explorer 11 Saved Passwords Not Retaining Between Sessions at Citrix
Discussions. However, if Microsoft Credentials Roaming is enabled, then you should instead exclude these
folders from roaming as detailed at CTX124948 How to Configure Citrix Profile Manager when Microsoft
Credentials Roaming is Used in the Environment.
16. AppData\Local\Microsoft\Credentials

17. Appdata\Roaming\Microsoft\Credentials

18. Appdata\Roaming\Microsoft\Crypto

19. Appdata\Roaming\Microsoft\Protect

Appdata\Roaming\Microsoft\SystemCertificates
20. Also see David Ott’s list of UPM exclusions for Windows 10. This blog post also details how to roam the
Windows 10 Start Menu and prevent file share locks.
21. Click OK twice.
22. Edit Files to synchronize
23. Enable the setting and click Show

24. Add the following three entries so Java settings are saved to the roaming profile:
25. AppData\LocalLow\Sun\Java\Deployment\security\exception.sites

26. AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs

27. AppData\LocalLow\Sun\Java\Deployment\deployment.properties

28. Bob Bair at Citrix Discussions recommends these additional files for Chrome:
29. AppData\Local\Google\Chrome\User Data\First Run

30. AppData\Local\Google\Chrome\User Data\Local State

31. AppData\Local\Google\Chrome\User Data\Default\Bookmarks

32. AppData\Local\Google\Chrome\User Data\Default\Favicons

33. AppData\Local\Google\Chrome\User Data\Default\History

AppData\Local\Google\Chrome\User Data\Default\Preferences

34. Then click OK twice to return to the Group Policy Editor.

35. To enable handling of Cookies, in the Synchronization node, enable the setting Folders to mirror.

36. Enable the setting and click Show.

37. Add the following and click OK

38. AppData\Roaming\Microsoft\Windows\Cookies

39. AppData\Local\Microsoft\Windows\INetCookies

40. AppData\Local\Microsoft\Windows\WebCache

AppData\Local\Microsoft\Vault
41. Note: according to CTX213190 Configure UPM to save password in Internet Explorer, you’ll also need a
User Config > Preferences > Windows Settings > Folders item to create
the %localappdata%\Microsoft\Vault folder.

42. On the left, under Profile Management, click Registry.

43. On the right, open Exclusion List.

44. Enable the setting and then click Show.

 45. Back in the UPMPolicyDefaults.ini file, look for the ExclusionListRegistry section. Copy the two items
from there without the equals sign to the GPO setting.

46. Click OK twice.

Log Settings
1. In the Log Settings node, enable the Enable logging setting. This will make it easy to troubleshoot problems
with Profile Management. The logfile is located in C:\Windows\System32\LogFiles\UserProfileManager.
2. Edit the Log settings setting.

3. Enable the setting and check the boxes next to Logon and Logoff. Click OK.

4. If your VDA is a Provisioning Services Target Device and/or non-persistent, consider moving the log file to
the local persistent disk (e.g. D:\Logs), or to a central share. If a central share, the VDA computer accounts
(e.g. Domain Computers) will need Modify permission to the log file path. To change the log file path, edit
the Path to log file setting.
5. CTX123005 Citrix UPM Log Parser

6. CTX200674 How To: Review Profile Management Log Files using Microsoft Excel
Profile Streaming
1. For shared persistent VDAs (e.g. RDSH), go to the Profile handling node under Profile Management.
2. Enable the setting Delete locally cached profiles at logoff. Note: this might cause problems in Windows 10.

Helge Klein has a tool to delete locally cached profiles on a session host. http://helgeklein.com/free-
tools/delprof2-user-profile-deletion-tool/. This tool should only be needed if profiles are not deleting properly.
3. For Windows 10/2016 machines, CTX216097 Unable to Delete NTUSER.DAT* Files When a User Logs
off recommends setting Delay before deleting cached profiles to 40 seconds.
4. Enable the setting Migration of existing profiles, and set it to Local and Roaming. Citrix
CTX221564 UPM doesn’t migrate local user profile since version 5.4.1.
5. Enable the setting Local profile conflict handling, and set it to Delete local profile. Note: this might cause
problems on Windows 10.
6. Under Profile Management > Streamed user profiles is Profile streaming. Enable this setting to speed up
logons.

7. Profile Management 7.16 introduces the XenApp Optimization (aka Citrix Virtual Apps Optimization)
feature, which uses Microsoft UE-V templates to define specific settings that should be saved and restored at
logoff and logon. See George Spiers XenApp Optimization (new in CPM 7.16+) for details.
 8. After modifying the GPO, use Group Policy Management Console to update the VDAs.

9. Or run gpupdate /force on the VDAs, or wait 90 minutes.

Mandatory Profile – Citrix Method

Profile Management 5.0 and newer has a mandatory profile feature. Alternatively, use the Microsoft method. Also see James Rankin How to create mandatory profiles in Windows 10
Creators Update (1703).
1. Create a file share (e.g. \\fs01\profile). Give Read permission to Users and Full Control to Administrators.
2. Login to the VDA machine as a template account. Do any desired customizations. Logoff.
3. Make sure you are viewing hidden files and system files.

4. Copy C:\Users\%username% to your fileshare. Name the folder Mandatory or something like that. Citrix
Profile Management does not need .v2 or .v4 or .v6 on the end.
 1. You can copy C:\Users\Default instead of copying a template user. If so, remove the Hidden attribute.
If you use Default as your mandatory, be aware that Active Setup will run every time a user logs in.

5. Open the AppData folder and delete the Local and LocalLow folders.

6. Java settings are stored in LocalLow so you might want to leave them in the mandatory profile. The only Java
files you need are the deployment.properties file, the exception.sites file, and
 the security/trusted.certs file. Delete the Java cache, tmp and logs.

7. Open regedit.exe.
8. Click HKEY_LOCAL_MACHINE to highlight it.

9. Open the File menu and click Load Hive.

10. Browse to the mandatory profile and open NTUSER.DAT. Note: Citrix Profile Management does not use
NTUSER.MAN and instead the file must be NTUSER.DAT.

11. Name it a or similar.

12. Go to HKLM\a, right-click it, and click Permissions.

13. Add Authenticated Users and give it Full Control. Click OK.

14. With the hive still loaded, you can do some cleanup in the registry keys. See http://www.robinhobo.com/how-
to-create-a-mandatory-profile-with-folder-redirections/ and http://appsensebigot.blogspot.ru/2014/10/create-
windows-mandatory-profiles-in.html?m=1 for some suggestions.
15. Citrix CTX212784 Slow User Logon When Using Mandatory Profiles –
set HKCU\a\Software\Citrix\WFSHELL\SpecialFoldersIntialized (DWORD) = 1
16. Highlight HKLM\a.
17. Open the File menu, and click Unload Hive.

18. Go back to the file share and delete the NTUSER.DAT log files.

19. Create/Edit a GPO that appplies to the VDAs. Make sure the Citrix Profile Management policy template is
loaded.
 20. Go to Computer Configuration > Policies > Administrative Templates > Citrix Components > Profile
Management > Profile handling. Edit the setting Template profile.

21. Enable the setting and enter the path to the Mandatory profile.
22. Check all three boxes. Then click OK.

Redirected Profile Folders

1. Make sure loopback processing is enabled on your VDAs.
2. Edit a GPO that applies to all VDA users, including Administrators.

3. Go to User Configuration\Policies\Windows Settings\Folder Redirection. Right-click Documents, and

click Properties.

4. In the Setting drop down, select Basic.

5. In the Target folder location drop down, select Redirect to the user’s home directory.
6. Switch to the Settings tab.

7. On the Settings tab, uncheck the box next to Grant the user exclusive rights. Click OK. Note: Move the
contents to the new location might cause issues in some deployments.

8. Click Yes to acknowledge this message.

9. Right-click Desktop and click Properties.

10. Change the Setting drop-down to Basic.

11. Change the Target folder location to Redirect to the following location.
12. In the Root Path box, enter %HOMESHARE%%HOMEPATH%\Desktop. It is critical that this is a UNC
path and not a mapped drive. Also, since we’re using home directory variables, all users must have home
directories defined in Active Directory.
13. Switch to the Settings tab.
 14. Uncheck the box next to Grant the user exclusive rights to Desktop and click OK.

15. Click Yes when prompted that the target is not a UNC path. You get this error because of the variable. It
doesn’t affect operations.

16. Repeat for the following folders:

 Documents = Redirect to the User’s Home Directory

 Desktop = %HOMESHARE%%HOMEPATH%\Desktop

 Favorites = %HOMESHARE%%HOMEPATH%\Windows\Favorites

 Downloads = %HOMESHARE%%HOMEPATH%\Downloads
17. Redirect the following folders but set them to Follow the Documents folder.

 Pictures

 Music

 Videos

Folders not redirected will be synchronized by Citrix Profile Management.

Verify Profile Management

 1. Once Profile Management is configured, login to a Virtual Delivery Agent and run gpupdate /force.

2. Logoff and log back in.

3. Go to C:\Windows\System32\LogFiles\UserProfileManager and open the pm.log file. Look in the log for
logon and logoff events.

Profile Management Troubleshooting

UPM Troubleshooter
Citrix Blog Post – UPM Troubleshooter: UPM Troubleshooter is a Windows-based standalone application that examines the live User Profile Management-enabled system in a single
click, gives Profile Management Configurations, information on the Citrix products installed, facility to collect and send the logs along with system utilities dashboard to analyze the issue
in an effective, simplified, quick and easier manner. See the blog post for more details.

Profile Management Configuration Check Tool

UPMConfigCheck is a PowerShell script that examines a live Profile management system and determines whether it is optimally configured. UPMConfigCheck is designed to verify that
Profile management has been configured optimally for the environment in which it is being run, taking into account:
 Hypervisor Detection– The presence or absence of supported hypervisors (for example, Citrix XenServer,
VMware vSphere, or Microsoft Hyper-V)
 Provisioning Detection– The presence or absence of a supported machine-provisioning solution (for
example, Machine Creation Services or Provisioning Services)
 XenApp or XenDesktop– Whether it is running in a XenApp or a XenDesktop environment
 User Store – Determines that the expanded Path to User Store exists.
 WinLogon Hooking Test – Verifies that Profile management is correctly hooked into WinLogon processing.
This test is for Windows Vista, Windows 7, Windows Server 2008, Windows Server 2008 R2 and requires
the user running the Configuration Check Tool to have permission to access the relevant registry keys, or an
error may be returned.
 Verify Personal vDisk enabled / disabled – Whether the Personal vDisk feature of XenDesktop is enabled
 Miscellaneous – Other factors that it is able to determine through registry or WMI queries, such as whether
the computer running Profile management is a laptop
Profile Size

Sacha Thomet at Monitor you Profile directories has a script that displays the size of profiles in a profile share.

Log Parser

CTX123005 Citrix UPM Log Parser

View Log Files using Excel

CTX200674 How To: Review Profile Management Log Files using Microsoft Excel

Posted onAugust 30, 2019AuthorCarl StalhoodCategoriesProfile Management

830 thoughts on “Citrix Profile Management 1906”

COMMENT NAVIGATION
OLDER COMMENTS

1. prasantsays:
August 27, 2019 at 2:50 pm

Hi Carl….Is there way to clean up Desktop and download folders every month from a non persistent desktop using profile manager or policy>
REPLY

1. Carl Stalhoodsays:
August 27, 2019 at 3:53 pm

I don’t think UPM has anything built it but you can certainly write a script and schedule it. Maybe something like https://stealthpuppy.com/profile-clean-up-script/
REPLY

2. Gdlg3says:
July 30, 2019 at 1:21 pm

Would Citrix profile management create the UPM folder if it doesn’t exist? The goal for me is to store the users Profile Store in their Home directory that is set in their account under the
profile section. We designated the H: drive for that. Do not want to create another share that has thousands of folders in it for just Xenapp delivered applications. Is this a supported
configuration also?
REPLY

1. Carl Stalhoodsays:
July 30, 2019 at 1:55 pm

Yes, UPM will auto-create it.

Profiles need to be local to the VDA but Home Directories are not always local. Profiles are also somewhat disposable.
REPLY
 1. Gdlg3says:
July 30, 2019 at 5:43 pm

Interesting. I set it to store in the users home folder and wondered if it would create the folder. It did not. On each master , I set a variable to be used by each linked-clone. For example :
\upm\%app%. Each master has that variable that is equaled to the app code of the specific app suite installed. I was hoping it would create the folder structure on login as \upm\app1 for
example. But it’s not.
Does the home folder need additional permissions or would it not use the users identity to create the folder(s)?
REPLY

1. Carl Stalhoodsays:
July 30, 2019 at 5:53 pm

Check the log file (default location is C:\Windows\System32\Log Files\User Profile Manager\pm.log). It will show you the full path to the user’s profile.
REPLY

1. Gdlg3says:
July 30, 2019 at 6:28 pm

I did that and the log shows the correct path.

2. Carl Stalhoodsays:
July 30, 2019 at 7:27 pm

Does the log show an error when creating the folder?

3. Nate Jonessays:
July 15, 2019 at 6:26 pm

Carl,
Thank you for all the time and effort you put forth towards this blog. You’ve helped me out many times and didnt even know it.

Would you know why a CPM MS group policy with redirected folders configured would change the path to \\server\userfolders$\
username\My Documents from just \\server\userfolders$\username\Documents? It’s not desktop.ini doing its funky business, it is literally the file path. I did just specify the root of the
userfolder hidden share for all folders I wanted redirected. I had picutres, music, and videos follow documents path at first, but changed that thinking that might help, but it didnt. Thanks
in advance!
REPLY

1. Carl Stalhoodsays:
July 16, 2019 at 6:18 am

Did you create the policy from Windows XP or on a Windows 2003 Domain Controller?
REPLY

1. Nate Jonessays:
July 17, 2019 at 4:47 pm

Carl, I used a Windows 2016 server with AD Management windows features installed to create the policy using the Group Policy management console. Thanks
REPLY

4. Lukassays:
June 19, 2019 at 10:19 am

Hi We have recently upgraded to 7.15 CU4 on Windows 2008 R2 Sp1 servers and I found that there seems to be an Interim delay before the Citrix Profile Manager is processed at login .I
have checked the UPM logs and there is nothing showing which might be causing the delay.I used ControlUP Script Based Actions Analyse Logon Duration to troubleshoot the issue and
found the interim delay .Any idea what could be the cause of this delay ?
REPLY

1. Carl Stalhoodsays:
June 19, 2019 at 7:53 pm

I would probably do a procmon trace at logon to determine what’s happening before UPM processing.

Have you opened a support case?

REPLY

1. alamnaidusays:
June 26, 2019 at 7:01 am

Hi Carl,

How to limit the UPM Profile size.

REPLY

1. Carl Stalhoodsays:
June 26, 2019 at 7:08 am

Your best option is to exclude folders and files that are consuming the space.

Otherwise, there isn’t much you can do without impacting user experience.

I recommend periodically running TreeSize or similar to see where disk space is being consumed. Newer Director also shows profile size.
REPLY

1. alamnaidusays:
June 26, 2019 at 7:32 am

is there any settings that we can restrict UPM profile size to 300MB like that and also notification has to be popup to the user , if they reached 90% ??

2. Carl Stalhoodsays:
June 26, 2019 at 7:50 am

Users don’t know what a profile is and don’t know how to reduce its size.

Microsoft has a GPO setting for profile quota but I don’t recommend it.

2. Lukassays:
June 26, 2019 at 8:31 am

Hi Carl,Yes i have opened a support call so we will see what we can find and I will add my findings
REPLY
 5. Alam Naidusays:
June 14, 2019 at 7:34 am

Hi Carl, AppData\Roaming\Citrix\SelfService\Icons folder is increasing daily , so shall we add to into exception list and what’s the impact after adding it ?
REPLY

1. Carl Stalhoodsays:
June 14, 2019 at 7:45 am

If you delete the local folder, does it break the app? If not, then it’s probably OK to add to Exclusions list.
REPLY

6. Matt Wolfgangsays:
June 13, 2019 at 12:27 pm

Is ―Delete locally cached profiles at logoff‖ required for profile streaming, even when in a pooled environment?
REPLY

1. Carl Stalhoodsays:
June 13, 2019 at 4:27 pm

No. If your machines are non-persistent, then the local profile will be deleted when the machine reboots.
REPLY

7. Alan Colemansays:
June 12, 2019 at 7:55 am

Hi Carl

We are getting issues with WEM UPM profiling not bringing through start menu icons 90% of the time for our users. Citrix must be aware of the problem as the first thing they suggested
was to restart the windows explorer service on a users VDI session to see if Explorer was the issue. When explorer was restarted, all of the start menu items then re-appeared. Seems to be
a bug somewhere and was wondering if anyone has come across this before or has a fix

Thanks
REPLY

1. Carl Stalhoodsays:
June 12, 2019 at 7:58 am

Have you implemented the ResetCache registry value?

REPLY

8. Levi Gunlocksays:
June 6, 2019 at 10:11 am

We are having an issue where the Outlook OST files are stored in our CtxProfiles, these have inflated exponentially and is causing logon times of 100+ seconds some are in the 300’s.
Should we keep ost files in the CtxProfile? How would you recommend we resolve this issue?
REPLY
 1. Carl Stalhoodsays:
June 6, 2019 at 10:17 am

Simple answer – FSLogix, especially once Microsoft releases it later this year.
REPLY

1. Levi Gunlocksays:
June 6, 2019 at 10:20 am

Is there anything I can do between now and July 1st when Microsoft releases it?
Is there a tool to clean up file’s in the CtxProfiles?
REPLY

1. Carl Stalhoodsays:
June 6, 2019 at 11:04 am

There’s a policy setting called Logon Exclusion Check where if you add a file or folder to the Exclusions Lists then UPM deletes the file/folder from the user’s profile.

Some FSLogix/Microsoft reps are providing temporary license keys.

UPM has its own Outlook OST handling but I’d hate to implement that if your plan is to go to FSLogix anyways.
REPLY

9. John Andersonsays:
May 30, 2019 at 9:07 am

Carl,

We are having an issue with UPM where the profile is randomly not pulled from the user profile store. so the user is logged in with a temporary profile. If they log off and back on
sometimes they get their correct UPM profile. Users are stating this started about a month or two ago. Seems to have picked up some and starting to get more and more support calls.

We thought it was profile corruption and created new profiles, but after a while it all starts again.

We are running 7.15 LSTR CU1 and using Citrix Policies for UPM.
REPLY

1. Carl Stalhoodsays:
May 30, 2019 at 9:08 am

What do you see in the UPM log, which is stored by default in C:\Windows\System32\Log Files\User Profile Manager\pm.log?
REPLY

1. John Andersonsays:
May 30, 2019 at 9:13 am

2019-05-30;08:13:18.620;INFORMATION;;;6;5716;DispatchLogonLogoff: ———- Starting logon processing…

2019-05-30;08:13:18.620;INFORMATION;;;6;5716;IsRunningInTerminalServerSession: Terminal services installed.
2019-05-30;08:13:18.620;INFORMATION;;;6;5716;IsRunningInTerminalServerSession: ICA session.
2019-05-30;08:13:18.620;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: UserSID = S-1-5-21-988288818-951991497-1777090905-1349
2019-05-30;08:13:19.759;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: Triggered policy evaluation for
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CheckUserExistsInGroup: No Entries Found In ExcludedGroups
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CheckUserExistsInGroup: No Entries Found In ProcessedGroups
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CheckIfUserNeedsToBeProcessed: Logon/logoff will be processed.
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;GetUserStorePath: User Store: Path In: \\\shares\CitrixProfiles\!ctx_osname!\%username%
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CADUser::Init: Determined user and DNS domain name: ,
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;CADUser::Init: Determined the ADsPath of user: :
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;GetUserStorePath: User Store: Path Out: \\\shares\citrixprofiles\Win2008\shannon
2019-05-30;08:13:19.774;INFORMATION;DOMAIN;shannon;6;5716;SessionCount::RealTimeCount – User: shannon, Domain: DOMAIN, Session Count: 0.
2019-05-30;08:13:19.790;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:13:19.790;INFORMATION;DOMAIN;shannon;6;5716;DispatchLogonLogoff: ———- Finished logon processing successfully in [s]: .
2019-05-30;08:17:32.708;INFORMATION;;;6;6380;DispatchLogonLogoff: ———- Starting logoff processing…
2019-05-30;08:17:32.708;INFORMATION;;;6;6380;IsRunningInTerminalServerSession: Terminal services installed.
2019-05-30;08:17:32.708;INFORMATION;;;6;6380;IsRunningInTerminalServerSession: Console session.
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;DispatchLogonLogoff: UserSID = S-1-5-21-988288818-951991497-1777090905-1349
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;CheckUserExistsInGroup: No Entries Found In ExcludedGroups
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;CheckUserExistsInGroup: No Entries Found In ProcessedGroups
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;CheckIfUserNeedsToBeProcessed: Logon/logoff will be processed.
2019-05-30;08:17:32.708;ERROR;DOMAIN;shannon;6;6380;SessionCount:RealTimeCount – Could not query session information for user name, because: Unspecified error
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;ProcessLogoff: Local profile is not a UPM profile. Aborting.
2019-05-30;08:17:32.708;INFORMATION;DOMAIN;shannon;6;6380;DispatchLogonLogoff: ———- Finished logoff processing successfully in [s]: .
REPLY

1. Carl Stalhoodsays:
May 30, 2019 at 10:21 am

This seems to be missing some data so I can’t see the actual problem during logon. But the User Store path has extra backslashes at the beginning.
REPLY

1. John Andersonsays:
May 30, 2019 at 10:23 am

Carl,

I removed the server name from the log. I will get another log and send it.

2. John Andersonsays:
May 30, 2019 at 10:38 am

Carl,

Its odd. Here you can see that Nandhini’s is not working but Nicoles is.

2019-05-30;08:02:49.973;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: UserSID = S-1-5-21-988288818-951991497-1777090905-8051

2019-05-30;08:02:51.143;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: Triggered policy evaluation for
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CheckUserExistsInGroup: No Entries Found In ExcludedGroups
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CheckUserExistsInGroup: No Entries Found In ProcessedGroups
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CheckIfUserNeedsToBeProcessed: Logon/logoff will be processed.
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;GetUserStorePath: User Store: Path In: \\co.calumet.wi.us\shares\CitrixProfiles\!ctx_osname!\%username%
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CADUser::Init: Determined user and DNS domain name: ,
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;CADUser::Init: Determined the ADsPath of user: :
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;GetUserStorePath: User Store: Path Out: \\co.calumet.wi.us\shares\citrixprofiles\Win2008\nandhini
2019-05-30;08:02:51.158;INFORMATION;CTYWIDE;nandhini;3;5532;SessionCount::RealTimeCount – User: nandhini, Domain: CTYWIDE, Session Count: 0.
2019-05-30;08:02:51.174;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:02:51.174;INFORMATION;CTYWIDE;nandhini;3;5532;DispatchLogonLogoff: ———- Finished logon processing successfully in [s]: .
2019-05-30;08:03:53.434;INFORMATION;;;4;5532;DispatchLogonLogoff: ———- Starting logon processing…
2019-05-30;08:03:53.434;INFORMATION;;;4;5532;IsRunningInTerminalServerSession: Terminal services installed.
2019-05-30;08:03:53.434;INFORMATION;;;4;5532;IsRunningInTerminalServerSession: ICA session.
2019-05-30;08:03:53.434;INFORMATION;CTYWIDE;nicoles;4;5532;DispatchLogonLogoff: UserSID = S-1-5-21-988288818-951991497-1777090905-293585
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;DispatchLogonLogoff: Triggered policy evaluation for
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;DispatchLogonLogoff: Updated Group Policy Extension history for
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;CheckUserExistsInGroup: No Entries Found In ExcludedGroups
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;CheckUserExistsInGroup: No Entries Found In ProcessedGroups
2019-05-30;08:03:54.697;INFORMATION;CTYWIDE;nicoles;4;5532;CheckIfUserNeedsToBeProcessed: Logon/logoff will be processed.
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;GetUserStorePath: User Store: Path In: \\co.calumet.wi.us\shares\CitrixProfiles\!ctx_osname!\%username%
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;CADUser::Init: Determined user and DNS domain name: ,
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;CADUser::Init: Determined the ADsPath of user: :
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;GetUserStorePath: User Store: Path Out: \\co.calumet.wi.us\shares\citrixprofiles\Win2008\nicoles
2019-05-30;08:03:54.713;INFORMATION;CTYWIDE;nicoles;4;5532;SessionCount::RealTimeCount – User: nicoles, Domain: CTYWIDE, Session Count: 0.
2019-05-30;08:03:54.744;INFORMATION;CTYWIDE;nicoles;4;5532;ProcessLogon: Found a profile in the user store: .
2019-05-30;08:03:54.744;INFORMATION;CTYWIDE;nicoles;4;5532;QueryLocalProfile: No profile directory found.
2019-05-30;08:03:54.744;INFORMATION;CTYWIDE;nicoles;4;5532;QueryLocalProfile: Determined the name of a new profile directory: .
2019-05-30;08:03:54.760;INFORMATION;CTYWIDE;nicoles;4;5532;CreateLocalProfile: Profile directory initialized: .
2019-05-30;08:03:54.791;INFORMATION;CTYWIDE;nicoles;4;5532;CopyFileWithRetries: Copied a file from: to .
2019-05-30;08:03:54.791;INFORMATION;CTYWIDE;nicoles;4;5532;ProcessLogon: Starting to restore directories and files.
 3. Carl Stalhoodsays:
May 30, 2019 at 12:07 pm

I would start by upgrading the VDA to 7.15 CU4 (7.15.4000) and see if that fixes it. If not, then you might have to call Citrix Support.

2. Carlossays:
July 15, 2019 at 8:51 am

Is there a y way to get onedrive profile sync across all datacenters?

REPLY

1. Carl Stalhoodsays:
July 15, 2019 at 9:36 am

Are you asking about the OneDrive cache? Microsoft FSLogix can store the OneDrive cache in a VHDX file. For multiple datacenters, I’m guessing you’d want separate VHDX files for
each datacenter.
REPLY
COMMENT NAVIGATION
OLDER COMMENTS

Leave a Reply
Post navigation
PREVIOUSPrevious post:NetScaler Insight Center
NEXTNext post:Virtual Delivery Agent (VDA) 7.6.0 / 7.6.300