Deploying FSLogix Office 365 Containers

Have an issue you can't solve? I offer consulting engagements and can be reached here: consulting[а𝐭]amorales[․]org

Updated 2020-04-27

This search portion of this guide does not apply to Server 2019 since it should roam the Windows search out of the box. However, you can still configure FSLogix to store Office 365 data. 

In my experience it is best to avoid mixing FSLogix and UPDs. My recommendation is to go with FSLogix Profiles and FSLogix ODFC.

If you have dealt with User Profile Disks and Office 365 then you might know about the issues with search indexing. Every time a user signs out of the RDS their index is cleared and it has to be rebuilt the next time they sign in. The index will never fully rebuild once you have 5+ users on the server since it throttles itself.

Recently I discovered FSLogix which resolves this issue with minimal configuration. FSLogix creates its own UPD that it uses to store Outlook, OneDrive, and search index data. It then tricks Windows into thinking that it is stored on the local machine rather than on a UPD. The result is the index working immediately for all users.
This solution also works even if you do not have UPDs. For instance, let's say that you have roaming profiles which is causing a spike in disk usage since the OSTs need to be stored on all of your RDS servers.
With FSLogix you can reduce your disk usage by only having to store the data in one place.

Deployment

All Users/New Deployment

If you are deploying FSLogix for all users at once (new RDS deployment) then you do not need to complete any additional steps. Just follow the items under Installation.

Staged

Skip this if you are deploying a new RDS farm

FSLogix allows you to activate the application for select users. This is useful when converting an existing client to FSLogix. 
  1. In AD Create a group called APP_FSLogix ODFC_Enable
  2. add the appropriate users to that group
  3. Follow the instructions under the Installation section of this guide
  4. Edit the FSlogix GPO
    1. Computer Configuration/Policies/Windows Settings/Security Settings/Restricted Groups
      1. Add Group
      2. FSLogix ODFC Include List (do not click browse)
      3. Members of this group: Click browse and select APP_FSLogix ODFC_Enable
  5. Once all users have been moved over to FSLogix change the members of the group to "Everyone"
    1. This will ensure that all users who log into the RDS get an FSLogix Container

Installation 

  1. Install the Search role on the RDS server
    1. Add-WindowsFeature Search-Service
    2. Make sure the service is set to start automatically 
  2. Run an Online or full repair of Office (do this after enabling the windows search even if things are running fine)
  3. Create a Share for the containers
    1. Create a new drive on the server that will host the containers. (100-150GB is a good starting point)
    2. Create a VMware SCSI controller just for the new drive
    3. If possible use ReFS as the file system with 64k block size
    4. Create a folder called "FSLogix"
    5. Assign it the permissions found here
    6. Share out the Folder
    7. Add the share to DFS (if available)
    8. Disable Share caching
    9. Make sure the Access Based Enumeration is disabled
  4. Download FSlogix
    1. https://aka.ms/fslogix_download
  5. Copy the ADM files to the central store
    1. the ZIP should have two files: FSLogix.admx and FSLogix.adml
    2. Copy those into C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions on a domain controller
    3. Restart the Group Policy Management Console if it was already open
  6. Create a GPO called FSLogix ODFC
    1. See GPO Settings below
  7. Make sure that the RDS servers have received the GPO before continuing to the next step
  8. Set the UPD exclusions
    1. See UPD Exclusions below
  9. Install FSlogix Office 365 Containers (FSlogixAppsSetup.exe) on all of the RDS servers
  10. Log in as a user and test to make sure everything is working

UPD Exclusions

I don't recommend running FSLogix and UPDs together. FSLogix profiles will work much better. However follow the steps below if you need to use UPDs.

  1. Open the Collection properties in server Manager
  2. Go to User profile Disks
  3. Set the mode to "store only the following folders on the user profile disk"
    1. Failure to set the UPDs to this mode can result in some unexpected behaviors.
    2. In my testing, OneDrive only worked when the UPD was set to this mode.
  4. Include any additional folders/files that you want to always roam.
    1.  I don't recommend including high level folders like "AppData/Local" since they can cause conflicts with FSLogix.
  5. Click OK to exit. 
  6. Users will need to log out and log back in for changes to take effect.
If it is not possible to explicitly include folders/files in your deployment/scenario then you might be stuck using "Store all user settings and data on the user profile disk". In that case, follow the steps below but keep in mind that you might run into issues with Outlook
  1. Under "Exclude the following folders" set the following exclusions exactly as they appear below
    • AppData\Roaming\Microsoft\Outlook
    • AppData\Local\Microsoft\Office\16.0\Licensing
    • AppData\Local\Microsoft\Teams
    • AppData\Local\Microsoft\Outlook
    • AppData\Local\Microsoft\Office\16.0\OfficeFileCache
    • AppData\Local\Microsoft\Office\16.0\Lync
    • AppData\Roaming\FSLogix\WSearch
    • AppData\Local\Microsoft\OneDrive
  1. Click OK to exit 
  2. Users will need to log out and log back in for changes to take effect.

AV Exclusions

Make sure to exclude VHDX files from your AV, and make sure that they actually show up on the client's exclude list. In my case simply excluding *.vhdx files from ESET did not do the trick. I had to create the exclusions below.
  • \\SERVER\*.vhdx (File Server)
  • \\EXAMPLE.COM\*.VHDX (DFS namespace)
  • L:\*.vhdx (Local drive on the file server)
  • C:\Windows\TEMP\*.vhdx
  • C:\Program Files\FSLogix\*

GPO Settings

Computer Configuration/Administrative Templates/FSLogix/Days to keep log files
Enabled
7

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Locked VHD retry count
Enabled
12

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Dynamic VHD(X) allocation
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Enabled
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Include Office activation data in container
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Include OneDrive data in container
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Include Outlook data in container
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Include Teams data in container
Enabled

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Size in MBs
Enabled
55000

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Sync OST to VHD
Enabled
Move OST to VHD
*The OST is only moved on the machine where the ODFC is created. OSTs on other servers will not be moved over

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/VHD location
Enabled
%PATH(DFS preferred)%

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Virtual disk type
Enabled
VHDX

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Container and Directory Naming/Swap directory name components
Enabled

Computer Configuration/Preferences/Windows Settings/Registry
HKEY_LOCAL_MACHINE
SOFTWARE\Microsoft\Windows Search
CoreCount
1

Do not apply any of the settings below if you are deploying Server 2019. 2019 will roam the windows search out of the box.

Computer Configuration/Administrative Templates/FSLogix/Enable search roaming
Enabled
Multi-user search

Computer Configuration/Administrative Templates/FSLogix/Office 365 Containers/Store search database in Office 365 container
Enabled
Multi-user search

Computer Configuration/Policies/Windows Settings/Security Settings/System Services/Windows Search
Define this policy
Automatic

Computer Configuration/Preferences/Control Panel Settings/Services
New Service
Startup: Automatic
WSearch
Start Service
Recovery: set all to restart

Computer Configuration/Windows Components/Search/Prevent adding UNC locations to index from Control Panel
Enabled

Computer Configuration/Windows Components/Search/Prevent adding user-specified locations to the All Locations menu
Enabled

Computer Configuration/Windows Components/Search/Prevent automatically adding shared folders to the Windows Search index
Enabled

Computer Configuration/Windows Components/Search/Prevent indexing certain paths
Enabled
file:///C:\Users\*
file:///C:\*

Computer Configuration/Preferences/Windows Settings/Registry
SYSTEM\CurrentControlSet\Services\WSearch
DependOnService
REG_MULTI_SZ
RPCSS

frxsvc

References

https://support.fslogix.com/index.php/component/fss/?view=kb&catid=12&kbartid=182
http://pablolegorreta.com/antivirus-best-practices-for-fslogix-profiles/

Comments

  1. Dear Author,

    First i wold like to thank you your great article.
    I have a problem, I could not start outlook. Outlook says Outlook Window could not ooen. Fslogix vhdx is creating and mounting fine, but outlook only working disabled cache.
    Do. you have some tips?

    Best Regards Drag

    ReplyDelete
    Replies
    1. Have you tried re-creating the FSLogix disk?

      We had an issue where we could not start Outlook when we upgraded some servers from 2.9.6 to 2.9.7. We ended up reverting the servers to the earlier build to get Outlook working.

      Delete
    2. Yes itrying. And i make a brend new rds host but i have same error.

      Delete
    3. I would reach out to their support and have them take a look https://social.msdn.microsoft.com/Forums/en-US/14ea5f6f-760b-4ad2-83cf-23c3cbc1bcc4/how-to-open-an-fslogix-support-request?forum=FSLogix

      Delete
    4. Did you get this resolved? Having the same issue with 2009 Build 13231.20262.

      Delete
  2. Great article!

    Concerning the AV exclusions: what is the reason for excluding c:\windows\temp\*.vhdx?

    ReplyDelete
    Replies
    1. I got those exclusions from the old FSlogix knowledge base that I think have been removed.

      Delete
  3. How can I download old version of fslogix?

    ReplyDelete
  4. I have an existing environment with to RDSH hosts and native UDP and of course I have Office 365 and search indexing issues for end users. Can I just install FSlogix and keep the existing profiles?

    ReplyDelete
    Replies
    1. Yes, but I have had some issues with UPDs and FSLogix recently. Give it a shot but keep in mind that you might run into issues even with the exclusions set.

      Delete
    2. Hello, we have FSlogix now installed on RDS the office 365 caching works perfectly. However we now have the problem that users that use FSlogix now have to deal with a login time of almost 1,5 minuts. Where as if i where to disable the fslogixs for a user (to test) the login time is almost non existing (5 or 6 seconds) Do you know this issue if so what to do about it?

      Delete
  5. hello Andy, thank you for this article. Have you been Source Fslogix 2.8 please? Thank you

    ReplyDelete
    Replies
    1. Sorry, I don't have any of the old installers. Try opening a ticket with FSL and they might be able to provide you with it.

      Delete
  6. Just wanted to thank you for making this article, we were struggling with the error "There was an error locating one of the items needed to complete this operation. It might have been deleted." and by downgrading the version of FSLogix this resolved our issue (we also had to reinstall Office).

    ReplyDelete
  7. Not sure if this is still being actively watched but I'm curious how the group restricts who will get FSLogix rolled out. Restricted Groups just creates that group on all domain machines right? Do you also scope the GPO to only that group? From what I can see if I follow these instructions word for word I will end up deploying it to everyone and adding a group to all domain machines. Am I missing something?

    ReplyDelete
    Replies
    1. Figured it out! When you install FSLogix it uses those groups to decide who it gets applied to

      Delete
    2. Just to add to this , when the Application gets installed it created 4 Local groups on the TS

      FSLogix ODFC Exclude List
      FSLogix ODFC Include List
      FSLogix Profile Exclude List
      FSLogix Profile Include List

      The GPO above will update FSLogix ODFC Include List ( which by default has everyone in ) to APP_FSLogix ODFC_Enable , so make sure you do a GPUpdate after installing to update this and reboot , or you can change it manually

      Delete
    3. This comment has been removed by the author.

      Delete
  8. Hi and thank you for the article. I don't understand the part "2. Install FSlogix Office 365 Containers (FSlogixAppsSetup.exe) on all of the RDS servers". I have several VMs in my RDS deployment: RDS role VM, Connection Broker VMs, RDSH VMs, etc ... I have to install FSLogix on all servers or just on RDSH? Thank you !

    ReplyDelete
  9. Hello,

    Thank you for taking the time to put this guide together, its fantastic.

    Quick question - We aren't using UDPs and have everything else set up and can see that new profile logons generated the VHDX on the store server but found that profile content does not roam between RD Hosts?

    Has anyone discovered this?

    Thanks! Dan

    ReplyDelete
    Replies
    1. You need something to roam the actual user profile (FSLogix, UPD, Roaming Profiles(haven't tested this with ODFC)).

      Delete

Post a Comment

Popular posts from this blog

FSLogix Troubleshooting guide

Best Practices for Deploying User Profile Disks

Removing Application UAC Requirements with Shims