Deploying FSLogix Office 365 Containers

Updated 2019-09-26

If you have dealt with User Profile Disks and Office 365 then you might know about the issues with search indexing. Every time a user signs out of the RDS their index is cleared and it has to be rebuilt the next time they sign in. The index will never fully rebuild once you have 5+ users on the server since it throttles itself.

Recently I discovered FSLogix which resolves this issue with minimal configuration. FSLogix creates its own UPD that it uses to store Outlook, OneDrive, and search index data. It then tricks Windows into thinking that it is stored on the local machine rather than on a UPD. The result is the index working immediately for all users.
This solution also works even if you do not have UPDs. For instance, let's say that you have roaming profiles which is causing a spike in disk usage since the OSTs need to be stored on all of your RDS servers.
With FSLogix you can reduce your disk usage by only having to store the data in one place.

Deployment

All Users/New Deployment

If you are deploying FSLogix for all users at once (new RDS deployment) then you do not need to complete any additional steps. Just follow the items under Installation.

Staged

FSLogix allows you to activate the application for select users. This is useful when converting an existing client to FSLogix. 
  1. In AD Create a group called APP_FSLogix ODFC_Enable
  2. add the appropriate users to that group
  3. Follow the instructions under the Installation section of this guide
  4. Edit the FSlogix GPO
    1. Computer Configuration/Policies/Windows Settings/Security Settings/Restricted Groups
      1. Add Group
      2. FSLogix ODFC Include List (do not click browse)
      3. Members of this group: Click browse and select APP_FSLogix ODFC_Enable
  5. Once all users have been moved over to FSLogix change the members of the group to "Everyone"
    1. This will ensure that all users who log into the RDS get an FSLogix Container

Installation 

  1. Install the Search role on the RDS server
    1. Add-WindowsFeature Search-Service
    2. Make sure the service is set to start automatically 
  2. Run an Online or full repair of Office (do this after enabling the windows search even if things are running fine)
  3. Create a Share for the containers
    1. Create a new drive on the server that will host the containers. (50GB is a good starting point)
    2. If possible use ReFS as the file system
    3. Create a folder called "FSLogix"
    4. Assign it the permissions found here
    5. Share out the Folder
    6. Add the share to DFS (if available)
    7. Disable Share caching
    8. Make sure the Access Based Enumeration is disabled
  4. Download FSlogix
    1. https://support.fslogix.com/index.php/forum-main/announcements
    2. We want the latest LTSR install
  5. Copy the ADM files to the central store
    1. the ZIP should have two files: FSLogix.admx and FSLogix.adml
    2. Copy those into C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions on a domain controller
    3. Restart the Group Policy Management Console if it was already open
  6. Create a GPO that will configure the appropriate settings
    1. See GPO Settings below
  7. Make sure that the RDS servers have received the GPO before continuing to the next step
  8. Set the UPD exclusions
    1. See UPD Exclusions below
  9. Install FSlogix Office 365 Containers (FSlogixAppsSetup.exe) on all of the RDS servers
  10. Log in as a user and test to make sure everything is working

UPD Exclusions

  1. Open the Collection properties in server Manager
  2. Go to User profile Disks
  3. Set the mode to "store only the following folders on the user profile disk"
    1. Failure to set the UPDs to this mode can result in some unexpected behaviors.
    2. In my testing, OneDrive only worked when the UPD was set to this mode.
  4. Include any additional folders/files that you want to always roam. It's a good idea to add "AppData\Local"
  5. Click OK to exit. 
  6. Users will need to log out and log back in for changes to take effect.
If it is not possible to explicitly include folders/files in your deployment/scenario then you might be stuck using "Store all user settings and data on the user profile disk". In that case, follow the steps below but keep in mind that you might run into some issues. 
  1. Under "Exclude the following folders" set the following exclusions exactly as they appear below
    • AppData\Roaming\Microsoft\Outlook
    • AppData\Local\Microsoft\Office\16.0\Licensing
    • AppData\Local\Microsoft\Teams
    • AppData\Local\Microsoft\Outlook
    • AppData\Local\Microsoft\Office\16.0\OfficeFileCache
    • AppData\Local\Microsoft\Office\16.0\Lync
    • AppData\Roaming\FSLogix\WSearch
    • AppData\Local\Microsoft\OneDrive
  1. Click OK to exit 
  2. Users will need to log out and log back in for changes to take effect.

AV Exclusions

Make sure to exclude VHDX files from your AV, and make sure that they actually show up on the client's exclude list. In my case simply excluding *.vhdx files from ESET did not do the trick. I had to create the exclusions below.
  • \\SERVER\*.vhdx (File Server)
  • \\EXAMPLE.COM\*.VHDX (DFS namespace)
  • L:\*.vhdx (Local drive on the file server)
  • C:\Windows\TEMP\*.vhdx
  • C:\Program Files\FSLogix\*

GPO Settings

Computer Configuration/Policies/Windows Settings/Security Settings/System Services/Windows Search
Define this policy
Automatic

Computer Configuration/Preferences/Control Panel Settings/Services
New Service
Startup: Automatic
WSearch
Start Service
Recovery: set all to restart

Computer Configuration/Windows Components/Search/Prevent adding UNC locations to index from Control Panel
Enabled

Computer Configuration/Windows Components/Search/Prevent adding user-specified locations to the All Locations menu
Enabled

Computer Configuration/Windows Components/Search/Prevent automatically adding shared folders to the Windows Search index
Enabled

Computer Configuration/Windows Components/Search/Prevent indexing certain paths
Enabled
file:///C:\Users\*
file:///C:\*

Computer Configuration/Administrative Templates/FSLogix/Enable search roaming
Enabled
Multi-user search

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Locked VHD retry count
Enabled
12

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Dynamic VHD(X) allocation
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Enabled
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Include Office activation data in container
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Include OneDrive data in container
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Include Outlook data in container
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Include Teams data in container
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Size in MBs
Enabled
30720

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Store search database in Office 365 container
Enabled
Multi-user search

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Sync OST to VHD
Enabled
Move OST to VHD
*The OST is only moved on the machine where the ODFC is created. OSTs on other servers will not be moved over

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/VHD location
Enabled
%PATH(DFS preferred)%

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Virtual disk type
Enabled
VHDX

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Container and Directory Naming/Swap directory name components
Enabled

Computer Configuration/Preferences/Windows Settings/Registry
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows Search
CoreCount
1

Computer Configuration/Preferences/Windows Settings/Registry
SYSTEM\CurrentControlSet\Services\WSearch
DependOnService
REG_MULTI_SZ
RPCSS
frxsvc

References

https://support.fslogix.com/index.php/component/fss/?view=kb&catid=12&kbartid=182
http://pablolegorreta.com/antivirus-best-practices-for-fslogix-profiles/

Comments

  1. Dear Author,

    First i wold like to thank you your great article.
    I have a problem, I could not start outlook. Outlook says Outlook Window could not ooen. Fslogix vhdx is creating and mounting fine, but outlook only working disabled cache.
    Do. you have some tips?

    Best Regards Drag

    ReplyDelete
    Replies
    1. Have you tried re-creating the FSLogix disk?

      We had an issue where we could not start Outlook when we upgraded some servers from 2.9.6 to 2.9.7. We ended up reverting the servers to the earlier build to get Outlook working.

      Delete
    2. Yes itrying. And i make a brend new rds host but i have same error.

      Delete
    3. I would reach out to their support and have them take a look https://social.msdn.microsoft.com/Forums/en-US/14ea5f6f-760b-4ad2-83cf-23c3cbc1bcc4/how-to-open-an-fslogix-support-request?forum=FSLogix

      Delete
  2. Great article!

    Concerning the AV exclusions: what is the reason for excluding c:\windows\temp\*.vhdx?

    ReplyDelete

Post a Comment

Popular posts from this blog

Best Practices for Deploying User Profile Disks

Enabling Webcam on RDS