Best Practices for Deploying User Profile Disks

Have an issue you can't solve? I offer consulting engagements and can be reached here: consulting[а𝐭]amorales[․]org

Last Updated 2020-01-03

After months of testing I recommend deploying FSLogix Profile Containers instead of User Profile Disks. You can find my guide here. Some of the items below apply to FSL Profile Containers. 

User Profile Disks (UPDs) are great for load balanced RDS farms since it allows users to seamlessly roam from server to server. The goal of this article will be to configure the RDS and file servers in a way that maximizes performance and reduces the likelihood of UPD disconnects.

I'll keep this updated any time I find new improvements.

Use FSLogix
Before you even consider deploying UPDs you need to be aware of this limitation. On Server 2012 and 2016 (Server 2019 does not have this issue, but it doesn't support Office) the Windows Search index is machine wide. This means that when a UPD is disconnected the user's index data is deleted. The result is that the next time the user logs into the RDS and opens Outlook their search index will need to rebuild. This will become a major issue when you have 5+ users on a server and the index throttles itself. You could disable the index back off, but it will lead to performance issues and it won't actually fix the issue.

The solution is to configure FSLogix Office 365 containers. What they have done is create their own "UPD" that stores all the user's Outlook and index data. The next time the user signs into the server their index will load instantly.

Location of Servers
In order to reduce latency and the likelihood of a UPD disconnect; the server hosting the UPD share should be on the same VMware host as the RDS servers. This might not always be possible based on your configuration, but it is ideal since it keeps all the network traffic within VMware.

Use ReFS for the UPD drive
Using ReFS as the file system of the drive that will host the UPDs will improve VHDX performance. This will be evident when creating UPDs(first login) and when they need to expand. More info here.

Set all your servers to High Performance
Make sure that all your servers are set to a High Performance power plan. This will make sure that none of the power settings lead to disconnections.

Compact your UPDs
UPDs are dynamic VHDX files that can expand up to 20GB by default. The UPD automatically expands any time the user adds data to it, but it never compacts once data is removed. As a result, you may end up with a ton of blank used space.

The script below can be configured as a scheduled task on your file server. It will go through your UPD share and compact any VHDX files that are not in use.

Compact-UPDs.ps1

Disable Share Caching
Disabling share caching can prevent some rare situations where the UPD fails to dismount from the RDS server. It also has no negative effects since there is no need to cache the UPD files.

Go to the Caching Settings of the profile disk share and select "No files or programs from the shared folder are available offline"


Restart your RDS servers after the File Server
If you have scheduled restarts, make sure that the RDS servers restart after the File Server. If a user left their session open on the RDS and the file server restarts their session will get stuck. Restarting the RDS servers after the file server ensures that all sessions are cleared.

Delete Inactive Printer Ports
Don't do this on 2019 servers! It will break redirection.
There is an issue where printer redirection ports don't get cleared out when users log out. This can result in long login times. This article says that it only affects 2008 R2, but I have seen 2012 and 2016 servers with thousands of unused ports. Thankfully there is an application that can delete them. 
  1. Download InactiveTSPort from the archive https://archive.codeplex.com/?p=inactivetsport
  2. go to the releases/1 folder and rename the file "46d7de43-82ec-4984-b550-6580a82ee735" to "DeleteInactivePortSilently.exe"
  3. Create a scheduled task that runs the exe every few days
Delete bad folders under the Users Folder
Have you ever looked at your C:\Users folder and seen a ton of .BACKUP-0 folders? I have a possible cause of the issue on the next point. These .BACKUP-## folders can lead to some issues like Outlook not being able to find the OST of a user when launched.

Set the script below as a scheduled task that runs every morning. The script uses DelProf2 to delete all the folders under the C:\Users directory. This will only delete profiles of users that are not logged in. I exclude the UvhdCleanupBin folder since its purpose seems to be a bit of a mystery.

Create scheduled Task Remove-UPDOldProfilesScheduledTask.ps1

Remove-LocalUPDProfiles.ps1



Log users out of the Server before restarting it
This is a bit of speculation, but I believe that the .BACKUP-## folder issue is caused by restarting the server while UPDs are attached. If you restart servers on a schedule, then it might be worth creating a script that logs all users out of the RDS before it is restarted.

Delete old firewall rules at logoff
Every time a user logs into an RDS server several Firewall rules are created. These rules are never deleted and over time you will have thousands of unnecessary rules on all your servers. These rules can lead to performance issues and crashing. Also, the rules will show up even if you have the firewall disabled.

Install KB4467684 and create a GPO that creates the following reg key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
DeleteUserAppContainersOnLogoff (DWORD)
Value: 1

The next time a user logs in and back out of a server the rules will be cleared. More info here.

Redirect Common User Folders
Use folder redirection to store common user folders (Documents, Desktop, Downloads, etc.). This will allow you minimize the size of UPDs and it will make management easier. For instance, if you upgrade from Server 2012 to 2016 you will only need to worry about user settings and not their documents. 

AV Exclusions
Make sure to exclude VHDX files from your AV, and make sure that they actually show up on the client's exclude list. In my case simply excluding *.vhdx files from ESET did not do the trick. I had to create the exclusions below.

\\SERVER\*.vhdx (File Server)
\\EXAMPLE.COM\*.VHDX (DFS namespace) (you only need this if you're deploying FSLogix)
L:\*.vhdx (Local drive on the file server)

Storing data on the UPD
The RDS session properties give you two choices on how to store data. "Store all user settings and data on the user profile disk" and "store only the following folders on the user profile disk". I opt for "Store all user settings and data on the user profile disk" this ensures that none of the user's data is lost.

If i need to exude something I use the exclude list.

Start Menu not working?
Excluding the paths below and creating the reg key might help with the issue. See thread with more info here and here.

Exclude:
AppData\Local\Packages (Folder)
AppData\Local\Microsoft\Windows\Usrclass.dat (File) (This is supposed to cause users to lose their default Apps, but I have not seen that occur[see here for other things that might be lost])

After some testing I have confirmed that the notification area icon settings will not persist across sessions if Usrclass.dat is excluded. All non system icons will be hidden again the next time a user signs in.  


Reg key:
HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\StateStore\ResetCache
DWORD
1


Have any ideas or improvements? Share them in the comments. Also, let me know if you think I got anything wrong.

Comments

  1. Great article, lots of informative information that anyone deploying a Farm can use. I wanted to send an update that O365 ProPlus is officially supported on 2019 RDSSH now.

    ReplyDelete
  2. Hello,

    As mentioned above, great article! Have a couple questions. When using UPD, is it best to set the "End a disconnected session" to "never" (in the collection properties)?

    Second question - If we use Outlook in "online mode", will we still see the indexing issue?

    Thanks!
    Manny

    ReplyDelete
    Replies
    1. I've also applied these settings. https://www.peters.com/blog/tuning-search-service-remote-desktop-services-server/

      Delete
    2. Session limits depend on what your organization prefers. However, you should try to keep those numbers as low as possible.

      If you use Outlook in online mode you will not have the indexing issue, but Office 365 will be super slow and you will see performance issues. This should not be an issue if you are on Exchange.

      Delete
    3. Thanks for the reply. Yes, in our previous deployment of terminal services (2008R2) we used Outlook in online mode to avoid issues. I think we will keep it that way for RDS 2016. It is a little slow, but seems to be the safer option. Our users have local PCs so they can run Outlook local with cache/indexing as well.

      Delete
  3. Hi Andy,

    If we use ReFS as the file system for UPDs, will we be unable to compact the VHDX files? I did a little googling and found a few saying that VHDX cannot be compacted when residing on ReFS. Do you know if this is possible?

    Thanks,
    Manny

    ReplyDelete
    Replies
    1. Just tested and I was able to compact without any issues: https://i.imgur.com/tg3zHyl.png

      Using this script: https://github.com/andy2002a/PowerShell/blob/master/RDS/Compact-UPDs.ps1

      Delete
    2. Hi Andy, thanks for the great guide!
      Have you ever experienced users getting temp profiles after running the compression script? I had success when running it on my own user, but then two others I tested can't load up their profiles anymore.
      Thanks!

      Delete
    3. Are the files still locked on the server that houses the VHDX files?

      Delete
    4. The script has been pretty solid so far and I haven't been able to trace any issues back to it. Are you running it on off hours when users are logged out?

      Delete
  4. I'm getting "The arguments specified for this command are not valid.
    For more information on the command type: HELP SELECT VDISK" when attempting to run it on a local directory on my server.

    ReplyDelete
    Replies
    1. Got it, it was the path being too long I think.

      Delete
  5. The Search limitation referred to in the first item is mitigated with Outlook 2016. You *could* see some performance decreases if the indexer needs to go back to the local system cache, but in a Session Host environment, the chances of this happened are quite low. Microsoft's recommendation for Office 365 hosted mailboxes being accessed from an RDS Server (Remember, proplus is now supported on 2019 now) is to use a Local Cached Exchange OST with Outlook 2016 or newer. Online mode is not recommended with Office 365. The other Workaround to this is to use Outlook Online Mode. Not ideal but it'll work.

    Long and short, Outlook 2016 and newer does what FSLogix does for the Search index (https://docs.microsoft.com/en-us/deployoffice/rds-office-vdi-rdsh#outlook-2016)

    You should be able to mitigate the performance losses with an REFS drive + Cached Exchange Mode + Latest version of Outlook (Office 365)

    If using an RDS VDI Deployment, these problems could manifest more quickly and with more severity, but you'd be setting up FSLogix at this point.

    ReplyDelete
  6. You're getting the backup files because it already thinks the user is logged in.
    You can either remove the old Profiles from the Advanced System Setting and remove the profile or
    if they are not there, use regedit to remove any remnants from the registry as below

    (Get the Users SID using the following command)

    wmic useraccount get name,sid

    HKLM\SOFTWARE\Microsoft\Windows NT\Current Version\ProfileList
    HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ProfileGuid



    ReplyDelete
  7. Hi Andy!
    thanks for lifehacks.
    Do you use "Install Application on Remote Desktop Server " Shortcut for software deployment in RDHS-nodes ??

    ReplyDelete
  8. Hi.
    I had to add 2 new Session Host servers to the deployment and there's a folder redirection GPO.
    AppData (Roaming) is being redirected but users are complaining about not having their chrome favorites in place when connecting to any of the RDSH servers.
    When I looked I found out AppData\Local folder is not being redirected so I'd like to know if I enable UPD will save me. Actually, I'd like to know if UPD will copy all the user information over to the VHDX disk or should I disable folder redirection first?

    ReplyDelete
  9. Yes you can save the Roaming User Profile Date - Edit your In your Session Collection Properties

    ReplyDelete
  10. What is the purpose of AV exclusions - if these arent in place, will we expect to see certain specific problems be it logon/off delays, poor performance etc. Just concerned by the potential risk of implementing such an action

    ReplyDelete
  11. Hello Andy, I am running into an issue where this particular application fasterlaw gets installed on a per user basis. The install files go into the %username%/appdata/local/fasterlaw folder. I can install the program and it runs fine. However when the user logs out, the application folder fasterlaw gets deleted. Any thoughts on how I can save the install folder for the users.

    ReplyDelete
    Replies
    1. Look at the "Storing data on the UPD" section. Make sure that the folder is not excluded, or included depending on what setting you choose.

      Delete
  12. Add the Folder in the RDS Collection - User Profile Disks so it is saved

    ReplyDelete
  13. I am using Fslogix and not using Profile Disks. Profile Disks were a pain in my previous implementation. Fslogix works beautifully. I am not sure why a big company like Microsoft could not figure this out themselves. They have struggled with roaming profiles implementation for so long.

    ReplyDelete
  14. The user profile disk is not a good solution for all companies, we have been using this solution for over a year, 5 rdsh servers, 1 broker which also shares user profiles.

    too much trouble closing disk user profiles, not enough Microsoft support

    force to close the force profiles, after reconnection
    black screen indefinitely sometimes, restarting the server can take 30 minutes, and first logon 15 minutes server 2016 update

    we have managed to solve some problems, this solution farms rdsh + broker + upd requires too much maintenance!

    ReplyDelete

Post a Comment

Popular posts from this blog

FSLogix Troubleshooting guide

Removing Application UAC Requirements with Shims