Tell us about your PDF experience.

FSLogix documentation
Virtual desktops and published remote applications are a critical, and growing part for
many businesses. These environments thrive when able to provide a consistent and
efficient user experience. FSLogix enhances the user experience, and simplifies the
management of these environments.

About FSLogix

ｅ OVERVIEW

What is FSLogix

FSLogix release notes

Common FSLogix terminology

More information

ｉ REFERENCE

Configuration settings reference

Services, drivers, and components

Get started with FSLogix

ｇ TUTORIAL

Configure profile containers

Configure ODFC containers

Configure Cloud Cache containers

Create and implement Application Rule Sets

Create and implement redirections.xml

ｂ GET STARTED

FSLogix prerequisites
FSLogix applications

Types of containers

Container storage options

Configuration examples

ｃ HOW-TO GUIDE

Install FSLogix

Use Group Policy templates

Configure storage Permissions

High availability and disaster recovery

Ｙ ARCHITECTURE

What is Cloud Cache?

Container high availability

Business continuity and disaster recovery

Troubleshooting and Support

ｄ TRAINING

FSLogix product support

Issues with old, temporary, or local profiles

Issues with long or failed sign-ins

Issues with container attach or detach

Issues with AppX, MSIX or Microsoft store applications

What is FSLogix?
Article • 03/31/2023

FSLogix enhances and enables a consistent experience for Windows user profiles in
virtual desktop computing environments. FSLogix isn't limited to virtual desktop
environments, but could be used on physical desktops where a more portable user
experience is desired.

Here are a few things that FSLogix provides:

Roam user data between remote computing session hosts.

Minimize sign in times for virtual desktop environments.
Optimize file I/O between host/client and remote profile store.
Provide a local profile experience, eliminating the need for roaming profiles.
Simplify the management of applications and 'Gold Images'.

FSLogix provides customers with both ease of configuration and various levels of
flexibility. This can lead to limitless configuration options of which, can have unintended
consequences. FSLogix can be a complex solution with various dependencies on other
systems and infrastructure. We recommend that you engage with resources who have
the following skill set or have these skills inherently:

Identity and Authentication

Storage design and architecture
Active Directory, Azure Active Directory, or Azure Active Directory Domain Services
Windows Deployment (Server or Desktop)
Application Compatibility

７ Note

FSLogix provides unique integration and advantages when used in an Azure Virtual
Desktop environment.

Key capabilities
Redirect user profiles to a storage provider. Mounting and using the profile from a
storage provider eliminates delays often associated with solutions that copy
profiles to and from a network location.
Redirect only the portion of the profile that contains Office1 data by using an
ODFC container. The ODFC container allows an organization already using an
 alternate profile solution2 to enable Microsoft 365 applications in multi-session
desktop environments.
Applications use the user's profile as if it were on the local disk. FSLogix uses a
filter driver to virtualize and redirect the profile at the file system level. Applications
are unaware the profile is on the network. Obscuring the redirection is important
because many applications can't work properly with a profile stored remotely.
Profile containers used with Cloud Cache to provide high availability and disaster
recovery profile solutions.
Application Rule Sets manage access to an application, font, printer, or other items.
Access can be controlled using users, groups, IP Addresses, and other criteria.
Application Rule Sets significantly decrease the complexity of managing large
numbers of gold images.

1 Office data includes, but is not limited to Microsoft 365 applications, OneDrive, Teams, SharePoint, and OneNote.

2 Under most circumstances, ODFC containers are not used with Profile containers simultaneously.

Next steps
FSLogix Prerequisites

FSLogix Release Notes

Prerequisites
Article • 03/31/2023

７ Note

We recommend customers upgrade to the latest version of FSLogix as quickly as

their deployment process can allow. FSLogix will provide hotfix releases which
address current and potential bugs that impact customer deployments.
Additionally, it is the first requirement when opening any support request.

FSLogix may be used in any public / private data center or cloud, as long as the user is
properly licensed. FSLogix operates on all Microsoft supported operating systems that
include, but isn't limited to:

Windows 10 and Windows 11

Windows Server 2012 R2, 2016, 2019, 2022, 2025

Eligibility
You're eligible to use FSLogix if you have one of the following licenses:

Microsoft 365 E3/E5

Microsoft 365 A3/A5/ Student Use Benefits
Microsoft 365 F1/F3
Microsoft 365 Business
Windows 10 Enterprise E3/E5
Windows 10 Education A3/A5
Windows 10 VDA per user
Remote Desktop Services (RDS) Client Access License (CAL)
Remote Desktop Services (RDS) Subscriber Access License (SAL)
Azure Virtual Desktop per-user access license

Identity and Authentication considerations

Understanding your organization identity and authentication framework is a critical
component in a successful FSLogix solution. FSLogix and your users are dependent on
the underlying identity configuration to ensure they're able to access the storage
provider, applications and process rule sets.
Identity next steps
＂ Entra ID Integration Methods
＂ Device identity and desktop virtualization

Storage considerations
Before implementing FSLogix, it's important to properly design and configure your
storage infrastructure based on your workload, user, and business requirements. FSLogix
doesn't provide storage architecture or design guidance. The following next steps are
provided as guides in your solution design process.

Storage next steps

＂ Types of Containers
＂ Configuration Examples
＂ Container Storage Options
＂ Configure Storage Permissions

Network considerations
Network configuration also plays an important aspect when designing your profile
management solution using FSLogix. FSLogix is unique in that the standard
configuration relies on mounting a container from a remote storage provider.
Regardless of the configuration, network latency, bandwidth and proximity to the
storage provider is pivotal to the user's experience.

Configure Antivirus file and folder exclusions

Antivirus products are known to conflict with FSLogix containers and requires that
specific files and folders are excluded from any type of scanning or heuristics.

File / folder exclusions

%TEMP%\*\*.VHD

%TEMP%\*\*.VHDX

%Windir%\TEMP\*\*.VHD
 %Windir%\TEMP\*\*.VHDX

\\server-name\share-name\*\*.VHD

\\server-name\share-name\*\*.VHD.lock

\\server-name\share-name\*\*.VHD.meta

\\server-name\share-name\*\*.VHD.metadata

\\server-name\share-name\*\*.VHDX

\\server-name\share-name\*\*.VHDX.lock

\\server-name\share-name\*\*.VHDX.meta

\\server-name\share-name\*\*.VHDX.metadata

Cloud Cache specific exclusions

%ProgramData%\FSLogix\Cache\* (folder and files)

%ProgramData%\FSLogix\Proxy\* (folder and files)

７ Note

If you change the default location of the cache or proxy folder, adjust the
exclusions accordingly.

Next steps
FSLogix Release Notes

Download and install FSLogix

Feedback
Was this page helpful?  Yes  No

Provide product feedback

FSLogix Release Notes
Article • 05/14/2024

FSLogix has two (2) types of releases, feature and hotfix. A feature release has new or
changing functionality to the product, whereas a hotfix release is focused on specific
issues. Depending on the type of issue, we may have multiple hotfixes before a feature
release. Regardless of the of release type, customers are required to install and use the
latest version . For more information, see FSLogix product support.

＂ How to: Download and install FSLogix

FSLogix 2210 hotfix 4 (2.9.8884.27471)

Summary
This is a hotfix release to address known issues and other identified bugs. In addition,
this release brings back the capability to roam a user's Group Policy state which provides
asynchronous policy processing.

） Important

This version provides a comprehensive set of changes to support new Microsoft

Teams in virtual desktop environments.

What's new
2210 hotfix 4 includes the following updates:

Group Policy processing can now occur asynchronously for users during sign-in.
MSIX folders under %LocalAppData%\Packages\<package-name>\ will automatically
get created when an ODFC container is created (new or reset container).
Teams data located in
%LocalAppData%\Publishers\8wekyb3d8bbwe\TeamsSharedConfig will now roam with

the ODFC container.

Fixed issues
2210 hotfix 4 includes the following fixed issues:
 Windows Server 2019 would sometimes fail to query the provisioned AppX
applications for the user during sign-out.
MSIX folders that should not be backed up, would be removed during sign-out
instead of only removing the contents of those folders.
New Microsoft Teams crashes or fails to start in Windows Server 2019.
New Microsoft Teams would display an error during launch with The parameter is
incorrect .

New Microsoft Teams would display an error during launch with Invalid function .
New Microsoft Teams would not on-demand register during sign-in when using
the ODFC container.
New Microsoft Teams would not on-demand register during profile creation and
would not register during future sign-ins, despite being installed.
User-based Group Policy settings would persist in the user's profile after the policy
setting was removed or set to disabled.

File information
Download the following package and follow the installation instructions

Download FSLogix 2210 hotfix 4 (2.9.8884.27471)

FSLogix 2210 hotfix 3 (2.9.8784.63912)

Summary
This is a hotfix release with limited support for various versions of Windows and was
provided to unblock customers running the latest versions of Windows 11 with New
Teams in virtual desktop environments. All customers are urged to replace any
installations of this version with FSLogix 2210 hotfix 4, which provides a complete set of
changes and updates for New Teams.

） Important

Do not use this version, instead download and install 2210 hotfix 4
(2.9.8884.27471).

Changes
 Update: When new Teams is detected, the AppX package is registered for the user
during sign-in using the family name.
Update: During user sign-out, Teams user data/cache located in
%LocalAppData%\Packages\MSTeams_8wekyb3d8bbwe\LocalCache will be saved in the

container.
Fix: Resolved an issue where a virtual machine would reboot unexpectedly as a
result of bug check (various stop codes) when a user's redirects were removed
before sign-out.

FSLogix 2210 hotfix 2 (2.9.8612.60056)

Summary
This is a hotfix release to address known issues and other identified bugs.

Changes
Fix: Resolved an issue where a virtual machine would reboot unexpectedly as a
result of bug check (various stop codes).
Fix: Cloud Cache no longer creates a race condition when multiple threads try
accessing the same tracking file.
Fix: Cloud Cache thread timing has been adjusted to ensure proper file handling
and sanitization.
Fix: Cloud Cache now writes an event log message when a storage provider is
offline when the user signs in.
Fix: Cloud Cache no longer causes a user session to hang while processing I/O.
Fix: Resolved an issue which failed to detach an ODFC container.
Update: Group Policy templates have been updated and re-organized. Read about
the changes in the Group Policy how-to article.

File information
Download the following package and follow the installation instructions

Download FSLogix 2210 hotfix 2 (2.9.8612.60056)

FSLogix 2210 hotfix 1 (2.9.8440.42104)

Summary
This is a hotfix release to address known issues and other identified bugs.

Changes
Setting: Added new configuration setting (RoamIdentity). Allows legacy roaming
for credentials and tokens created by the Web Account Manager (WAM) system.
Fix: Resolved an issue where frxsvc.exe would crash when processing
AppXPackages.
Fix: Resolved issues in handling FileIds associated with OneDrive.
Fix: Resolved an issue with orphaned meta files on Cloud Cache SMB providers.
Fix: Resolved an issue where a pending rename operation would fail because the
target filename was invalid.
Fix: Resolved an issue where user sessions were cleaned up before a proper sign
out.
Fix: Resolved an issue where ODFC incorrectly handled multiple VHDLocations.
Fix: Resolved an issue in how settings are applied for ObjectSpecific configurations.
Fix: Resolved an issue where an ODFC container wouldn't correctly detach during
sign out.
Fix: Resolved an issue where VHD Disk Compaction would fail to cancel correctly
when using Cloud Cache.
Fix: Resolved an issue where ODFC VHD Disk Compaction would fail when
RoamSearch was enabled.
Fix: Resolved an issue where users would be stuck at a black screen as a result of
attempting to empty the Recycle Bin prior to roaming.
Update: Added policy for new RoamIdentity setting.

FSLogix 2210 (2.9.8361.52326)

Summary
This release is focused on three (3) core features, six (6) major bug fixes, and two (2)
updates.

Changes
Feature: Added the ability to compact the user's container during the sign out
phase. For more information, see VHD Disk Compaction.

Feature: Added a new process during the sign out phase, which creates an AppX
package manifest for the user. This manifest is used at sign-in to re-register the
 AppX applications for an improved user experience. This work is on-going as AppX
packages and applications continue to evolve. The focus for this work has been on
the built-in Windows apps (inbox apps).

Feature: FSLogix now roams the users Recycle Bin within the user's container.

） Important

All three (3) of our new features are enabled by default, but have the option
to be disabled.

Fix: Added recursive checks as part of search clean-up activities.

Fix: Registers all provisioned packages when AppxManifest.xml doesn't exist.

Fix: When OneDrive data is stored outside the user's profile, FSLogix correctly
impersonates OneDrive for setting permissions.

Fix: Resolved junction point compatibility issues with App-V.

Fix: RW differencing disks correctly handle disk expansion when SizeInMBs is

increased from a smaller value.

Fix: Cloud Cache now properly honors lock retry count and intervals.

Update: Group Policy templates have new names that align with their registry
settings. New help information indicates where in the registry Group Policy makes
the change. Added version history for newly added settings.

Update: Ensure Azure Storage Account Blob container names correctly adhere to
Azure naming requirements.

FSLogix 2201 hotfix 2 (2.9.8228.50276)

Summary
This update for FSLogix 2201 includes fixes to multi-session VHD mounting, Cloud
Cache meta tracking files, and registry cleanup operations.

Changes
 Resolved an issue that would cause a system crash while reading from meta
tracking files in a Cloud Cache configuration.
Resolved an issue where a sign in would succeed even if when the disk failed to
attach. Most commonly occurs in multi-session environments.
Resolved an issue during profile cleanup where user registry hives would be
removed regardless of the FSLogix local group exclusions.

FSLogix 2201 hotfix 1 (2.9.8171.14983)

Summary
This update for FSLogix 2201 includes fixes to Cloud Cache and container redirection
processes. No new features are included with this update.

Changes
Resolved an issue with Cloud Cache where disk read / write blocking could
potentially create a deadlock to the disk and cause the Virtual Machine to become
unresponsive.
Resolved an issue that would cause a Virtual Machine to crash while removing
profile redirections during the sign out process.

FSLogix 2201 (2.9.8111.53415)

Summary
This update for FSLogix is the latest full featured release. In this version there are, over
30 accessibility related updates, new support for Windows Search in specific versions of
Windows, better handling and tracking of locked VHD(x) containers, and resolved
various issues.

Changes
Fixed issue where the FSLogix Profile Service would crash if it was unable to
communicate with the FSLogix Cloud Cache Service.
The OfficeFileCache folder located at
%LOCALAPPDATA%\Microsoft\Office\16.0\OfficeFileCache is now machine specific
and encrypted so we exclude it from FSLogix containers. Office files located
outside this folder aren't impacted in this update.
Windows Server 2019 version 1809, and newer versions of Windows Server,
natively support per-user search indexes and we recommend you use that native
search index capability. FSLogix Search Indexing is no longer available on those
versions of Windows Server.
Windows 10 Enterprise Multi-session and Windows 11 Enterprise Multi-session
natively support per-user search indexes and FSLogix Search Indexing is no longer
available on those operating systems.
FSLogix now correctly handles cases where the Windows Profile Service refCount
registry value is set to an unexpected value.
Over 30 accessibility related updates have been made to the FSLogix installer and
App Rules Editor.
A Windows event now records when a machine locks a container disk with a
message that looks like "This machine '[HOSTNAME]' is using [USERNAME]'s (SID=
[USER SID]) profile disk. VHD(x): [FILENAME]. This event is generated from the
METADATA file created in the user's profile directory. This file can be ignored, but
not deleted."
Resolved an issue where the DeleteLocalProfileWhenVHDShouldApply registry
setting was ignored in some cases.
Fixed an issue where active user session settings weren't retained if the FSLogix
service was restarted. This was causing some logoffs to fail.
Fixed an issue where FSLogix didn't properly handle sign out events if Profile or
ODFC containers were disabled during the session or per-user/per-group filters
were applied mid-session that excluded the user from the feature. Now FSLogix
sign out related events always occurs based off the FSLogix settings applied at sign
in.
FSLogix no longer attempts to reattach a container disk when the user session is
locked.
Fixed an issue that caused the FSLogix service to crash when reattaching container
disks.
Fixed a Cloud Cache issue that caused IO failures if the session host's storage block
size was smaller than a cloud provider's block size. For optimal performance, we
recommend the session host disk hosting the CCD proxy directory has a physical
block size greater than or equal to the CCD storage provider with the largest block
size.
Fixed a Cloud Cache issue where a timed out read request (network outage,
storage outage, etc.) wasn't handled properly and would eventually fail.
Reduced the chance for a Cloud Cache container disk corruption if a provider is
experiencing connection issues.
Resolved an issue where temporary rule files weren't deleted if rule compilation
failed.
 Previously, the Application masking folder was only created for the user who ran
the installer. With this update, the rules folder is created when the Rules editor is
launched.
Resolved an interoperability issue with large OneDrive file downloads that was
causing some operations to fail.
Fixed an issue where per-user and per-group settings didn't apply if the Profile or
ODFC container wasn't enabled for all users.
Resolved an issue where the Office container session configuration wasn't cleaned
up if a profile fails to load.
Fixed an issue where HKCU App Masking rules using wildcards would fail to apply.
Fixed an issue that caused some sessions configured with an ODFC container to fail
to sign in.
Resolved an issue where the App Rules editor would crash if no assignments were
configured.

Next steps
Download and install FSLogix

Configuration examples

Configure profile containers

FSLogix FAQ
FAQ

The FSLogix FAQ provides information related to the installation, configuration,

operation and supportability of FSLogix in virtual desktop infrastructure (VDI).

Installation
Is FSLogix integrated into all Windows operating
systems?
FSLogix isn't a Windows feature and must be installed separately. FSLogix can be found
in the Azure Marketplace for Windows 10 and Windows 11 multi-session images. While
we aim for this version of FSLogix to be 'up-to-date', customers should verify which
version is installed. If necessary, upgrade to the latest version.

Does FSLogix update automatically or use

Windows Update?
No, FSLogix must be updated manually or through your existing image creation process.
Subscribe and follow the FSLogix Blog to keep updated on when new versions are
released.

Does FSLogix provide incremental updates?

No, FSLogix releases are full versions of the product.

Do I need to uninstall FSLogix before installing a

new version?
Depends. If you need to go to a previous version, you should uninstall FSLogix, reboot,
then install the previous version. Updated versions can be installed on top of the older
version and requires a reboot.

What versions of FSLogix are supported?

Microsoft only supports the latest version of FSLogix. See our product support page.
Containers
Does the size of the FSLogix container affect the
sign in performance?
No, container size doesn't affect sign in times or performance. Other factors are much
more important when troubleshooting long sign in times.

What is the behavior when an FSLogix container

reaches or exceeds the `SizeInMBs` value?
Users may start to experience strange behavior with applications or accessing files due
to the lack of storage in the container. Increasing the SizeInMBs setting will
automatically increase the size of the container at the next sign in when using dynamic
disks. To prevent these situations, you should plan for at least 30% free space. Monitor
the event logs or log files for warning events at less than 2 GB and less than 500-MB
free space.

Do I need to use the ODFC container when using

Microsoft 365 applications?
No, The ODFC container is primarily used in VDI solutions where another roaming
profile product is used. Always use a single profile container unless your business or
workload requirements need the separation. Check out the Types of Containers article
for more information.

How do I configure OneDrive with FSLogix?

FSLogix handles all the complexity (filesystem redirection) behind the scenes. When a
user signs in to OneDrive and must choose a location, they should select the default
location ( C:\Users\%username%\ ). FSLogix uses this location and all the data is saved to
the user's container. Review the following OneDrive documentation:

Use the sync app on virtual desktops

Silently configure user accounts
Redirect and move Windows known folders to OneDrive
Use OneDrive policies to control sync settings
Do OneDrive policies monitor the FSLogix VHD
size or the local disk size?
When using FSLogix for profiles or profile and ODFC containers are in use, the OneDrive
disk space policies check the FSLogix VHD rather than the operating system disk.

Figure 1: OneDrive disk space warning policy object

Figure 2: ODFC VHD Properties
Figure 2: OneDrive Warning - Low Disk Space

Can I migrate user profile data from other

roaming profile solutions to an FSLogix
container?
FSLogix doesn't provide a direct migration path from other roaming profile solutions.
Implementing OneDrive with known folder move or similar cloud or network storage
solutions provides users with a location to save their data outside of their profile. For
smaller use cases, our frx command-line utility can help copy local profiles into a new
VHD(x).
Can I convert from a single profile container to a
profile and ODFC container configuration?
Yes. When the ODFC container is created, FSLogix copies the data from the profile
container though the original data isn't removed. The original data must be removed
manually.

Example ODFC log file entries:

Console

[18:09:59.554][tid:00000f94.000040cc][INFO] Mirroring
C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive to \\?
\Volume{7f7bafd1-fb6a-4f15-878d-3c2acf351e2e}\OneDrive\UserMeta
[18:09:59.554][tid:00000f94.000040cc][INFO] CopyFolderToVolume:
Source: C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive
Destination: OneDrive\UserMeta Volume: \\?\Volume{7f7bafd1-fb6a-4f15-878d-
3c2acf351e2e}\
[18:09:59.554][tid:00000f94.000040cc][INFO] Creating mount point:
C:\Windows\TEMP\FrxMount{5512FFFF-42DD-40B9-AE76-76B3CA567E4A} -> \\?
\Volume{7f7bafd1-fb6a-4f15-878d-3c2acf351e2e}\
[18:09:59.554][tid:00000f94.000040cc][INFO] Success creating
mount point. Mirroring files...
[18:09:59.569][tid:00000f94.000040cc][INFO] Copying directory:
Source: C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive
Destination: C:\Windows\TEMP\FrxMount{5512FFFF-42DD-40B9-AE76-
76B3CA567E4A}\OneDrive\UserMeta
[18:09:59.569][tid:00000f94.000040cc][INFO] Copying directory:
C:\Windows\system32\robocopy.exe
"C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive"
"C:\Windows\TEMP\FrxMount{5512FFFF-42DD-40B9-AE76-
76B3CA567E4A}\OneDrive\UserMeta" /MT /R:5 /W:1 /XJD /COPYALL /IT /B
/DCOPY:DAT /MIR
[18:09:59.569][tid:00000f94.000040cc][INFO] CreateProcess
successful
[18:09:59.569][tid:00000f94.000040cc][INFO] Enabling cloud files
pass-through
[18:09:59.569][tid:00000f94.000040cc][INFO] Waiting for process
to end
[18:10:00.460][tid:00000f94.000040cc][INFO] Robocopy exit code: 1
(Success)
[18:10:00.616][tid:00000f94.000040cc][INFO] Success mirroring
files
[18:10:00.616][tid:00000f94.000040cc][INFO] Volume mount point
removed
[18:10:00.616][tid:00000f94.000040cc][INFO] Mirror complete

Microsoft Entra ID
Can I use FSLogix containers with Microsoft
Entra ID and cloud-only identities?
Yes...BUT, it requires understanding of the risks. There are two (2) ways we've identified
how to configure FSLogix for Microsoft Entra ID and cloud-only identities. Check out the
FSLogix profile containers for Microsoft Entra ID cloud only identities blog article.

Can I use FSLogix application rule sets with

Microsoft Entra ID and cloud-only identities?
No. Application rule sets only work with traditional Active Directory SID(s). Hybrid
(sync'd) identities work as long as the virtual machine has line of sight to a Domain
Controller.

Can I use object specific settings with Microsoft

Entra ID cloud-only identities or Microsoft Entra
joined virtual machines and hybrid identities?
No. Object specific settings only work with traditional Active Directory SID(s). Hybrid
(sync'd) identities work as long as the virtual machine is hybrid Entra joined.

Can I use the same Profile container when

switching from hybrid Entra joined to Entra
joined Session Hosts or virtual machines using
hybrid identities?
No. The user's SID changes to their 'cloud-based' SID when signing into a computer that
is Entra joined which prevents the profile from loading correctly.

Redirects or redirections.xml
What are the recommended values for the
redirections.xml file?
FSLogix doesn't provide recommended values for the redirections.xml file. The
redirections.xml file is a powerful tool to help you manage the user's profile AND may
cause problems if not used correctly. We rely on application owners to document what
data can or can't be excluded from users profile container.

For example:

Classic Teams: Classic Teams for Virtualized Desktop Infrastructure

New Teams: Upgrade to new Teams for Virtualized Desktop Infrastructure (VDI)

 Tip

Don't exclude user profile data for applications unless the application owner has
documented the data can be excluded.

I don't see the redirections.xml events in the log

file.
If you don't see any entries in the log file as described in the tutorial, it's most common
to be one of three things:

The RedirXMLSourceFolder contains the full filename path.

The user doesn't have read access to the file share location.
The path to the file share can't be found (network, DNS or bad name).

I've removed the RedirXMLSourceFolder setting,

but the redirections still exist.
The XML file is copied from the location in RedirXMLSourceFolder to %AppData%\FSLogix ,
which is inside the user's container. Removing the setting doesn't remove the file from
the container. To properly remove or stop using the redirections, delete the contents of
the existing XML file. Alternatively, use a script or other process to delete the file from
the user's container.

The include statement isn't working as expected.

The include statement is used to keep sub directories of excluded folders in the user's
profile. The include statement only works if the data or folder exists in the profile
BEFORE creating the include statement. It's common for applications to create these
folders at their initial launch. This can cause problems if the user gets a new profile and
the data doesn't exist until the application is launched.
  Tip

Don't include this type of data in your XML file.

What is the limit of exclude and include

statements for the redirections.xml file?
There isn't a technical limitation. Less is more. Adding redirections for small folders,
doesn't benefit the user's experience. Having numerous exclude or include statements
causes a performance issue because each file system request must be checked against
the list of redirections. These file system operations add up and decrease the virtual
machine's overall performance.

After I implemented redirections.xml, the user's

container stayed the same size or grew larger.
Implementing the redirections.xml file to exclude content for existing FSLogix profiles
doesn't remove or delete the exclusion from the user's profile. You need to delete the
profile container or create a script to run after sign in or part of the sign in process to
delete the content from the container.

VHD disk compaction

Why is VHD disk compaction not running or not
recovering the space I expect?
1. Check the profile or ODFC log files for errors or warnings.
2. If you're NOT using ProfileType = 0 or VHDAccessMode = 0 , then this is an
expected and known issue.
3. Review the concept article for VHD disk compaction.

How do I adjust the disk compaction threshold?

The threshold isn't configurable.

Can the message during sign out be customized?

No, the message during sign out is a built-in Windows process that can't be changed.
What happens if a user disconnects during the
sign out and tries to reconnect?
The disconnected session continues the sign out process, including compaction. If the
compaction process isn't complete by the time the user tries to reconnect, the disk is in
use. The user experience depends on your other configuration settings. Under default
conditions, the user is signed in with a temporary profile.

How does disk compaction work with Cloud

Cache?
During the sign out phase, all content in the disk is brought down from one of the
providers to the local VHD(x) disk. Then the disk is evaluated for compaction. If or when
compaction completes, the local VHD(x) is uploaded to the Cloud Cache provider(s).
This process causes the sign out process to take longer in this type of configuration,
which could lead to a poor user experience.

Cloud Cache
Do I need to use Cloud Cache for high
availability?
No. It can be an acceptable solution to use standard containers (VHDLocations) with a
highly available storage provider. Azure Files provides high availability through zone-
redundant storage (ZRS) and is a recommended storage provider.

Why does it take so long for users to sign out?

Cloud Cache performs lazy asynchronous updates to the remote storage providers
during a users session. These operations aren't real-time and are subject to the latency
and throughput of the network and storage providers. At sign out, Cloud Cache
attempts to merge all the data from the local cache to ALL storage providers listed.
Storage providers which are under performing or have high latency will take longer to
merge. FSLogix holds the users sign out until the operation is complete.

Recommendations
Review your network topology and latency to all configured storage providers
Upgrade your storage provider to a higher performing tier
 Disable VHDCompactDisk
Don't use ProfileType = 3 or VHDAccessMode = 1, 2, or 3
Don't use CcdMaxCacheSizeInMBs

Feedback
Was this page helpful?  Yes  No

Provide product feedback

Tutorial: Configure profile containers
Article • 03/31/2023

 Tip

Using the profile container in a single container configuration is highly recommended.

FSLogix profile containers are a complete roaming profile solution for virtual environments.
The profile container (single container), redirects the entire Windows user profile into a VHD
stored on a storage provider. The most common storage provider is an SMB file share.

The profile container is inclusive of all the benefits and uses found in the ODFC container.

Learn how to
＂ Enable the product for profiles
＂ Specify the location for the containers
＂ Verify the container has been attached and working

Prerequisites
Successful deployment of a virtual desktop or Azure Virtual Desktop environment.
SMB file share with NTFS and share-level permissions correctly configured.
Download and install the latest version of FSLogix.
Review configuration options.

７ Note

This tutorial doesn't cover how to convert to / from single or dual containers.

Profile container configuration

７ Note

Includes all Microsoft 365 application data. No need for an ODFC container.

＂ Configuration example: Standard

1. Verify FSLogix installation and version.

2. Sign in to the virtual machine as a local Administrator or an account with administrative
privileges.

3. Select Start and Type Registry Editor directly into the Start Menu.

4. Select Registry Editor from the Start Menu.

Figure 1: Registry Editor in Start Menu

5. Go to: HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles .

6. Add these settings:

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

 Key Name Data Value Description
Type

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType5 REG_SZ VHDX Recommended

1 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

2 Provides and easier way to browse the container directories.

3 Decreases the retry timing to enable a faster fail scenario.

4 Single connections reduce complexity and increase performance.

5 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

Figure 2: Registry for profiles configuration

Verify your profile container configuration

1. Sign in as a standard user.

2. Select Start and Type command prompt directly into the Start Menu.

3. Select Command Prompt from the Start Menu.

 Figure 3: Command prompt

4. Change directory to C:\Program Files\FSLogix\Apps .

5. Type frx list-redirects .

Figure 4: frx list-redirects output

6. Select Start.

7. Select File Explorer.

8. Type the full path from VHDLocations in the previous section.

 9. Double-click the folder for the standard user.

%username%-%sid%

10. Locate the newly created VHDX container.

Figure 5: Profile container in configured VHDLocations

Tutorial: Configure ODFC containers
Article • 02/13/2024

） Important

Using the ODFC container in a single container configuration is recommended

with third party roaming profile solutions.
Using the ODFC container in a dual container configuration isn't necessary or
recommended.

FSLogix ODFC containers are a subset to the profile container and are used to redirect
specific Microsoft 365 app data into a VHD stored on a storage provider. The most
common storage provider is an SMB file share.

All benefits of the ODFC Container are automatic when using profile containers in a single
container configuration. There's no need or benefit to using the ODFC container when
profile containers are your primary profile management solution. ODFC containers can
optionally be used in with profile containers in a dual container configuration, to place
Microsoft 365 app data in a different VHD from the rest of the profile data.

When pairing the ODFC container with third party roaming profile solutions, ensure to
exclude the paths in the profile managed by the ODFC container. The paths to exclude
depend on the ODFC configuration settings.

Learn how to
＂ Enable the product for ODFC
＂ Specify the location for the containers
＂ Verify the container has been attached and working

Prerequisites
Successful deployment of a virtual desktop or Azure Virtual Desktop environment.
SMB file share with NTFS and share-level permissions correctly configured.
Download and install the latest version of FSLogix.
Review configuration options.
Completed profile container configuration tutorial.

７ Note
 This tutorial doesn't cover how to convert to / from single or dual containers.

ODFC container configuration

1. Verify FSLogix installation and version.

2. Sign in to the virtual machine as a local Administrator or an account with

administrative privileges.

3. Type Registry Editor into the Search box.

4. Select Registry Editor from the Start Menu.

Figure 1: Registry Editor

5. Go to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix\ODFC .

6. Add these settings:

 ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

FlipFlopProfileDirectoryName1 DWORD 1 Recommended

IncludeTeams2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType4 REG_SZ VHDX Recommended

1 Provides and easier way to browse the container directories.

2 Ensures Microsoft Teams data is kept in the container for optimal performance.

3 Decreases the retry timing to enable a faster fail scenario.

4 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

Figure 2: Registry settings for ODFC

Verify your ODFC container configuration
1. Sign in as a standard user.

2. Select Start and Type command prompt directly into the Start Menu.

3. Select Command Prompt from the Start Menu.

Figure 3: Command prompt

4. Change directory to C:\Program Files\FSLogix\Apps .

5. Type frx list-redirects .

 

Figure 4: frx list-redirects output

6. Select Start.

7. Select File Explorer.

8. Type the full path from VHDLocations in the previous section.

9. Double-click the folder for the standard user.

%username%-%sid%

10. Locate the newly created Profile and ODFC VHDX containers.

Figure 5: ODFC file share

Exclusions for third party roaming profiles

When pairing the ODFC container with a third party roaming profile solution, the folders
managed by the ODFC container should NOT be roamed by the third party provider. The
folders to exclude depend on which settings are enabled.

ﾉ Expand table
ODFC configuration setting Exclusion path Type

IncludeOfficeActivation %userprofile%\AppData\Local\Microsoft\Office\16.0\Licensing Default

IncludeOneDrive %userprofile%\AppData\Local\Microsoft\OneDrive Default

IncludeOneNote %userprofile%\Documents\OneNote Notebooks Optional

%userprofile%\AppData\Local\Microsoft\OneNote

IncludeOneNote_UWP %userprofile%\Microsoft Optional

IncludeOutlook %userprofile%\AppData\Local\Microsoft\Outlook Default

IncludeOutlookPersonalization %userprofile%\AppData\Roaming\Microsoft\Outlook Default

IncludeSharepoint Default

IncludeSkype %userprofile%\AppData\Local\Microsoft\Office\15.0\Lync Default

\AppData\Local\Microsoft\Office\16.0\Lync

IncludeTeams classic Teams Optional

%userprofile%\AppData\Local\Microsoft\Teams
%userprofile%\AppData\Roaming\Microsoft\Teams

new Teams
%LocalAppData%\Packages\MSTeams_8wekyb3d8bbwe\LocalCache
Tutorial: Configure profile containers with Cloud
Cache
Article • 12/05/2023

 Tip

Cloud Cache uses CCDLocations instead of VHDLocations . Don't use both settings.

Cloud Cache is an optional type of configuration to profile or ODFC containers. The primary function of
Cloud Cache is to mitigate short-term or intermittent connectivity problems with the remote storage
providers. Before following this tutorial, be sure to review the Cloud Cache overview along with the
various configuration settings.

This tutorial depicts a Cloud Cache configuration for a profile container only. Cloud Cache with an ODFC
container is supported and is configured similarly as in the ODFC tutorial, but replace VHDLocations with
CCDLocations.

Learn how to
＂ Enable the product for profiles
＂ Specify the Cloud Cache locations for the containers
＂ Verify the container has been attached and working

Prerequisites
Successful deployment of a virtual desktop or Azure Virtual Desktop environment.
SMB file share with NTFS and share-level permissions correctly configured.
Create Azure page blob storage account.
Download and install the latest version of FSLogix.
Review configuration options.
Azure page blob connection string stored in credential manager using frx command-line utility.

Profile container configuration with Cloud Cache

７ Note

Includes all Microsoft 365 application data. No need for an ODFC container.

1. Verify FSLogix installation and version.

2. Sign in to the virtual machine as a local Administrator or an account with administrative privileges.

3. Select Start.

4. Type registry editor directly into Start Menu.

5. Select Registry Editor from Start Menu.

Figure 1: Registry Editor in Start Menu

6. Go to: HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles .

7. Add these settings:

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="WINDOWS SMB Example

or PROVIDER",connectionString=\\<server-
REG_SZ name>\<share-name>;type=azure,name="AZURE
PROVIDER",connectionString="|fslogix/<key-
name>|"

ClearCacheOnLogoff1 DWORD 1 Recommended

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

 Key Name Data Value Description
Type

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

1 Recommended to save disk space on the local disk and risk of data loss when using pooled desktops.

2 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

3 Provides and easier way to browse the container directories.

4 Prevents users from creating a local cache if at least 1 provider isn't healthy.

5 Decreases the retry timing to enable a faster fail scenario.

6 Single connections reduce complexity and increase performance.

7 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

Figure 2: Cloud Cache Registry Entries

Verify your Cloud Cache profile container configuration

Cloud Cache creates and mounts a local container (local cache) for the user's profile. Verifying your Cloud
Cache configuration requires reviewing the Windows Event Viewer, File Explorer or the FSLogix profile
logs. The steps in this outline show Windows Event Viewer and File Explorer.

1. Select Start.

2. Type event viewer directly into the Start Menu.

3. Select Event Viewer from Start Menu.

 

Figure 3: Event Viewer in Start Menu

4. Expand Applications and Services Logs .

5. Expand Microsoft .

6. Expand FSLogix .

7. Expand CloudCache .

8. Select Operational .
 

Figure 4:* Windows Event Viewer

9. Look for Event ID 56 that shows which providers are online.

 

Figure 5: Event ID 56 - Providers online

10. Look for Event ID 5 that shows the lock on the proxy file.
 

Figure 6: Event ID 5 - Proxy lock

11. Select Start.

12. Select File Explorer.

13. Go to: C:\ProgramData\FSLogix\Cache\%username%_%sid% .

Figure 7: File Explorer - local cache

Tutorial: Create and Implement Rule
Sets (Application Masking)
Article • 03/31/2023

This tutorial provides step-by-step instructions for creating and implementing an

application hiding Rule Set, which "hides" the Google Chrome browser for specific users.

Learn how to
＂ Create your first Rule Set
＂ Test your hiding rules
＂ Create assignments for your Rule Set
＂ Deploy your Rule Set

Prerequisites
Download and install:
FSLogix Apps (Core Product)
FSLogix Apps Rule Editor
Install Google Chrome

Create your first Rule Set

1. Open the FSlogix Rules Editor.

 Tip

If you plan to test this Rule Set in the next section, open the FSLogix Rules
Editor as Administrator.
 Figure 1: Create new Rule Set

2. Select File -> New to create a new Rule Set.

3. Enter the name, Google_Chrome.

4. Select Enter file name to create the Rule Set and open the rule wizard dialog.
 Figure 2: New Rule Set

5. Select Choose from installed programs:.

6. select Google Chrome.

7. Select Scan.

Figure 3: Rule Set Wizard

７ Note

This will scan the system for all relevant items for the application and include
them as hiding rules.

8. When complete, the Scan button changes. Select OK to display the automatic
hiding rules.
 Figure 4: Application scan complete

9. The Rule Editor now displays all the items to be hidden that are related to Google
Chrome and you've created your first Rule Set.

Figure 5: Rule Set rules

The Rule Editor automatically saves the Rule Set file once the rules have been added.
Test your hiding rules
Testing your hiding rules on the system where the rules were created is one way to
validate the rules work as intended. Check out the Configuring FSLogix Apps Rule Sets
page for an in-depth guide.

To test the hiding rules:

1. Be sure the Google_Chrome Rule Set is selected in the left pane.

2. From the action bar, select Apply Rules to System.

This action immediately applies these rules and you should no longer be able
to see or open Google Chrome.

Figure 6: Rule Set Rules

3. When complete, select Apply Rules to System again and the rules no longer apply.

Google Chrome should reappear and can be opened.

Create assignments for your Rule Set

Rule Set Assignments specify how and to whom the Rules in the Rule Set apply.

To create the assignments:

1. Be sure the Google_Chrome Rule Set is selected in the left pane.

2. From the action bar, select Manage Assignments.

Figure 7: Manage Assignments

3. Select Add.

4. Select Group.

Figure 8: Add Assignments

5. The Select Group dialog box appears.

6. Select the 'Person' icon to the right of the Group textbox.

Figure 9: Select Assignments

7. Type 'Domain Users' and select OK.

Figure 10: AD Group

8. The Assignments window now shows:

'Everyone', Applies 'No'

 'CONTOSO\Domain Users', Applies 'Yes'

Figure 11: Assignments

9. Select OK and you've successfully created an assignment for your Rule Set.

Deploy Rule Sets

FSLogix Rule Sets are saved as two (2) separate files:

Assignment file (.fxa)

Rule File (.fxr)

Rule Set files should be copied to the virtual machine. Copy the files to C:\Program
Files\FSLogix\Apps\Rules . Once the files are copied to this location, the FSLogix Apps

Services uses them immediately.

Tutorial: Create and implement
redirections.xml
Article • 12/05/2023

 Tip

Using third party redirections.xml files can exclude items which can affect proper
operation of the OS or applications in your environment. Exclude and include
statements should be used sparingly.

FSLogix redirections.xml provides functionality that allows some parts of a user's profile
to be excluded from a user's container. This tutorial provides you with the steps to
create your own XML file to exclude the recommended Microsoft Teams folders.

Learn how to
＂ Exclude recommended Microsoft Teams folders for VDI
＂ Verify the XML file has been copied from the source folder
＂ Verify the folders have been excluded

Prerequisites
Review: Classic Teams for Virtualized Desktop Infrastructure
Review: Upgrade to new Teams for Virtualized Desktop Infrastructure (VDI)

Create the redirections.xml file

1. Select Start

2. Type notepad directly into the Start Menu.

3. Select Notepad from the Start Menu.

 Figure 1: Notepad in Start Menu

4. Copy the XML outline to Notepad.

Information on ExcludeCommonFolder can be found in the Custom profile

redirections.xml article.

XML

<?xml version="1.0" encoding="UTF-8"?>

<FrxProfileFolderRedirection ExcludeCommonFolders="0">
<Excludes>
<Exclude Copy="0">AppData\Roaming\Microsoft\Teams\media-stack</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Teams\meeting-
addin\Cache</Exclude>
<Exclude
Copy="0">AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Micros
oft\MSTeams\Logs</Exclude>
<Exclude
Copy="0">AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Micros
oft\MSTeams\PerfLogs</Exclude>
<Exclude
Copy="0">AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Micros
 oft\MSTeams\EBWebView\WV2Profile_tfw\WebStorage</Exclude>
</Excludes>
<Includes>
</Includes>
</FrxProfileFolderRedirection>

5. Select File -> Save As...

6. Go to the file share where the XML file source are saved.

7. Type redirections.xml1 for the file name.

8. Select All Files (*.*) for the Save as type.

9. Select Save.

７ Note

Users require Read access to the file share where the XML file is stored. Users
without Read access will not be able to copy the XML file during sign in.

Configure redirections.xml on the virtual

machine
1. Sign in to the virtual machine as the local Administrator account or an account
that is a member of the local Administrators group.

2. Type registry editor in the Search box.

3. Select Registry Editor from the Start Menu.

 Figure 2: Notepad in Start Menu

4. Go to: HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles

5. Add this setting:

Value Name: RedirXMLSourceFolder

Value Type: REG_SZ
Value: \\<server-name>\<share-name> 2
 Figure 3: Notepad in Start Menu

Verify redirections.xml is copied and excluding

folders
1. Go to: C:\ProgramData\FSLogix\Logs\Profile

2. Open Profile-%date%.log

3. Find the section starting with: [INFO] ===== Begin Session: StartShell

4. If the redirections.xml file was successful, the log should be similar to the logs
shown:

text

[23:36:31.364][tid:00000f10.00003bdc][INFO] Configuration
Read (REG_SZ): SOFTWARE\FSLogix\Profiles\RedirXMLSourceFolder. Data:
\\<stg-acct>.file.core.windows.net\containers
[23:36:31.364][tid:00000f10.00003bdc][INFO] Attempting to
copy: "\\<stg-acct>.file.core.windows.net\containers\Redirections.xml"
to: "C:\Users\%username%\AppData\Local\FSLogix\Redirections.xml"
[23:36:31.396][tid:00000f10.00003bdc][INFO]
Redirections.xml copy success
[23:36:31.396][tid:00000f10.00003bdc][INFO] Reading profile
folder redirections
[23:36:31.411][tid:00000f10.00003bdc][INFO] Creating base
folders for profile folder redirections
[23:36:31.411][tid:00000f10.00003bdc][INFO] Creating base
folder 'AppData\Roaming\Microsoft\Teams\media-stack\'
[23:36:31.427][tid:00000f10.00003bdc][INFO] Creating base
folder 'AppData\Local\Microsoft\Teams\meeting-addin\Cache\'
[23:36:31.427][tid:00000f10.00003bdc][INFO] Creating base
folder
'AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTe
ams\Logs\'
[23:36:31.427][tid:00000f10.00003bdc][INFO] Creating base
folder
'AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTe
ams\PerfLogs'
[23:36:31.427][tid:00000f10.00003bdc][INFO] Creating base
folder
'AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTe
ams\EBWebView\WV2Profile_tfw\WebStorage'
[23:36:32.099][tid:00000f10.00003bdc][INFO] Adding exclude
rule for folder 'AppData\Roaming\Microsoft\Teams\media-stack\'
[23:36:32.099][tid:00000f10.00003bdc][INFO] Added
redirection C:\Users\%username%\AppData\Roaming\Microsoft\Teams\media-
stack ->
C:\Users\local_%username%\AppData\Roaming\Microsoft\Teams\media-stack
[23:36:32.099][tid:00000f10.00003bdc][INFO] Adding exclude
rule for folder 'AppData\Local\Microsoft\Teams\meeting-addin\Cache\'
[23:36:32.099][tid:00000f10.00003bdc][INFO] Added
redirection C:\Users\%username%\AppData\Local\Microsoft\Teams\meeting-
addin\Cache ->
C:\Users\local_%username%\AppData\Local\Microsoft\Teams\meeting-
addin\Cache
[23:36:32.099][tid:00000f10.00003bdc][INFO] Adding exclude
rule for folder
'AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTe
ams\Logs\'
[23:36:32.099][tid:00000f10.00003bdc][INFO] Added
redirection
C:\Users\%username%\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalC
ache\Microsoft\MSTeams\Logs ->
C:\Users\local_%username%\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\
LocalCache\Microsoft\MSTeams\Logs
[23:36:32.099][tid:00000f10.00003bdc][INFO] Adding exclude
rule for folder
'AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTe
ams\PerfLogs\'
[23:36:32.099][tid:00000f10.00003bdc][INFO] Added
redirection
C:\Users\%username%\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalC
ache\Microsoft\MSTeams\PerfLogs ->
C:\Users\local_%username%\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\
LocalCache\Microsoft\MSTeams\PerfLogs
[23:36:32.099][tid:00000f10.00003bdc][INFO] Adding exclude
rule for folder
'AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTe
ams\EBWebView\WV2Profile_tfw\WebStorage\'
[23:36:32.099][tid:00000f10.00003bdc][INFO] Added
redirection
C:\Users\%username%\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalC
ache\Microsoft\MSTeams\EBWebView\WV2Profile_tfw\WebStorage ->
C:\Users\local_%username%\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\
LocalCache\Microsoft\MSTeams\EBWebView\WV2Profile_tfw\WebStorage
1 The filename is not case-sensitive.

2 Do not include the file name. The path could also be a local path if the XML file is part of a gold image.

Next steps
Custom profile redirections.xml
About FSLogix applications
Article • 03/31/2023

FSLogix is a product that is made up of three (3) distinct applications. The core
application known as FSLogix Apps is the primary component that enables user profile
virtualization in virtual desktop environments. FSLogix also provide two (2) supplemental
applications for rule editing.

FSLogix Apps (Core Product)

FSLogix Apps installs two (2) Windows services and three mini-filter drivers that enable
all FSLogix components. The install guide provides a step-by-step process for both
manual and unattended installations. Once installed, review the FSLogix configuration
guides for profile and ODFC containers.

FSLogix Apps services

Attaching / detaching Profile or Office containers
File system redirects between the user's profile and the appropriate container
Processing rule files
Processing redirections.xml
Reads registry configuration data
Interacts with Windows Credential Manager
Interacts with SMB Storage locations

FSLogix Cloud Caching service

Dependent on FSLogix Apps Services
Interacts with SMB and Azure Storage locations
Responsible for Cache and Proxy file locations

Next steps
FSLogix Apps RuleEditor and Rule Sets
FSLogix Apps RuleEditor and Rule Sets
Article • 08/22/2023

The FSLogix Apps RuleEditor is a standalone application that creates FSLogix Rule Set
files. FSLogix Apps Services ( frxsvc ) processes Rule Set files and can perform various
actions that manage the end-user experience in virtual desktop environments. Rule Set
files are a collection of rules that show, hide, redirect, or customize specific aspects of
the registry, file system, applications or printers. A single Rule Set file can support any
number of rules of varying types. In most cases, keeping the Rule Set files contained to a
specific type of customization makes them easier to maintain and troubleshoot.

Types of rules
You can create four types of rules:

Hiding rule
Redirection rule
App container (VHD) rule
Specify value rule

Ｕ Caution

Hiding and redirection rules manipulate the file system at very fundamental level.
These types of rules can be very powerful, and creating or changing them can have
unexpected consequences. Always test and validate Rule Sets before deploying
them in a production environment.

Hiding rule
A hiding rule hides specific items from a user or group of users. Hiding rules can apply
to files, folders, registry keys, registry values, printers, or fonts.

Redirection rule
Redirection rules allow IT administrators to redirect non-profile or other specific data
into the user profile container so it's available on subsequent sign-ins regardless of
which virtual machine they sign into.
App container (VHD) rule

７ Note

App container rules have been deprecated as of August 22, 2023. Please review the
feature deprecation page for additional information.

You can contain applications with a large amount of read-only data (for example, Clip
Art galleries, Java applications, and so on) within a VHD and mount them to a virtual
machine. App container rules let you automate this process by automatically mounting
these VHDs for specific users at sign-in.

Specify value rule

The specify value rule will, at sign-in, set a registry value for a specific user or group of
users. This rule is most commonly used when users need HKLM-based registry key
values to change based on which users are signing in.

Rule Assignments

） Important

FSLogix Apps Rule Set assignments don't support Microsoft Entra ID cloud-only
accounts. To use the assignment functionality, you must sync the users and groups
from an Active Directory domain controller. Additionally, the virtual machines must
have line-of-sight to a domain controller to resolve SIDs.

Application Rule Sets are assigned to users, groups, and other entities using the
RuleEditor. Newly created rules automatically have the Everyone group assigned with
the Applies setting configured to No.

Assignment order
The ordering of assignments affects how the Rule Set is applied. When the assignment
file is processed, the Rule Set is applied from top to bottom. Assignment ordering is
managed using the Move Up and Move Down buttons.
Figure 1: Everyone group processed at top

Result: Rule Set applies to CONTOSO\Domain Users only.

Figure 2: Everyone group processed at bottom

Result: Rule Set does not apply to any user or group.

Assignment types
You can assign Rule Sets to the following entities:

User
Group
Process
Network Location (IP Address)
Computer
Directory container (distinguished name)
Environment variable

７ Note

Any environment variable present at user sign in can be used as part of an

assignment.

Assignment template
You can save the assignments and assignment order as a template for later use. This
template becomes the default assignment configuration for any new Rule Sets you
create on the same machine.

Figure 3: Save as Template warning dialog

Active Directory (AD) Reporting

７ Note

Active Directory reporting has been deprecated as of August 22, 2023. Please
review the feature deprecation page for additional information.

Administrators use the AD Reporting feature to validate whether the Rule Set file applies
to the expected user or users. The report only shows user accounts affected by the
assignment and doesn't display groups.

Figure 4: AD Reporting window

Next steps
Install FSLogix Apps RuleEditor

Create and implement Application Rule Sets

FSLogix Apps Java RuleEditor
Article • 08/22/2023

７ Note

Internet Explorer 11 desktop application ended support for certain

operating systems. The Java RuleEditor relies on Internet Explorer 11.
Java Rule Editor has been deprecated as of August 22, 2023. Please review the
feature deprecation page for additional information.

The Java Rule Editor is a standalone tool and allows specific URLs or applications to be
assigned to a specific installed version of Java.

Java RuleEditor guides

Install FSLogix Apps Java RuleEditor
Configure FSLogix Apps Java Rules
Cloud Cache Overview
Article • 05/19/2023

Cloud Cache is a feature that works with Profile and ODFC containers to provide
resiliency and high availability. Cloud Cache uses the locally mounted container to
provide periodic updates to the remote storage providers. Cloud Cache is designed to
insulate users from short-term or intermittent local (inner-region, close proximity)
storage issues. Based on the configuration, it can also be used as part of a Business
Continuity or Disaster Recovery (BCDR) plan when using remote storage providers in
different regions. Using Cloud Cache puts a performance and storage requirement on
the virtual machine to accommodate the extra I/O operations and storage required by
the local cache.

Cloud Cache considerations:

Cloud Cache uses storage providers based on the order of entries in CCDLocations .
Storage providers should be listed in order of proximity, then preference.
Only one (1) provider is used when data is hydrated from the storage provider.
Data is written to all storage providers regardless of which provider is used during
data hydration.
Performance (latency, utilization, bottlenecks) of a storage provider affects its sync
status with the local copy.
Having one (1) or more provider that is behind in updates from local cache could
be an indicator of an under performing storage provider.
Ping or Test-NetConnection command results are not the same as transactional

I/O and are bad indicators of how a storage provider will or can perform.


Figure 1: Detailed diagram showing Cloud Cache components

Cloud Cache Components

Local Cache
Cloud Cache is able to insulate a user from connectivity issues to the remote storage
providers because the container used for the user's profile is created and stored local to
the virtual machine (local cache). During a first-time sign-in, FSLogix creates the
container for the user in C:\ProgramData\FSLogix\Cache and mounts the container to the
virtual machine. Next, FSLogix sets up all the necessary redirections for the user's profile.
Then the User Profile Service creates the user's profile into the local cache. All data
written to the user's profile is temporarily stored as block-level cache objects in the
same directory. Those block-level cache objects are then committed to the local cache.
Before the block-level cache objects are created, the writes into the user's profile are
processed in memory through a proxy file.

During a 2nd or Nth sign-in, FSLogix attempts to find and mount any previous local
cache VHD(s) stored on the virtual machine. Looking for a local cache is the default
configuration setting and may not be desired as it may lead to low disk space events.
Review the Cloud Cache settings reference page for more settings.

Figure 2: Cloud Cache Local Cache

Remote Storage Providers (hydrate, flush, clone)

Cloud Cache operates the user's profile from the local cache during the user's session
and must be configured with one or more remote storage providers as specified in
CCDLocations . These remote storage providers store copies of the local cache and are

used during the current session and for subsequent sign ins. If all providers become
unhealthy during the user's session, the local cache continues to operate and grow1
until one or more provider returns to a healthy state.

1 The local cache will only grow up to the maximum size of the container as specified in the SizeInMBs setting.

Hydrate

When the local cache doesn't contain the data requested by the file system, Cloud
Cache hydrates (reads and copies) the data from 1 of the remote storage providers to
the local cache. This operation is also part of the sign in process when populating the
local cache for the user's profile.

Flush

The flush operation commonly occurs in three ways.

1. On a lazy asynchronous operation, Cloud Cache flushes the changes to all storage
providers simultaneously as each provider is flushed on its own thread. FSLogix
doesn't throttle this operation and utilizes as much throughput as the system will
allow.
2. During sign out when one or more providers don't contain all the updates, the
user's sign out is delayed2 until all providers are at the same sequence.
3. During a user's session when the connection to any storage provider becomes
unhealthy, FSLogix queues up all the changes and then flushes them to the
providers when they return to a healthy state.

2 A user's sign out is delayed based on how Cloud Cache is configured using the

HealthyProvidersRequiredForUnregister value.

Clone

A full VHD(x) clone is performed when Cloud Cache determines, at sign in, that a
storage provider isn't at the same sequence. During this operation, all pending writes
are kept in the local cache until all storage providers are at the same sequence. Once
complete, the flush operation begins sending new data to the storage providers.

Indexing (timed write cache)

Cloud Caches makes use of indexing within the local cache. Timed write cache, are files
that represent writes that have yet to be committed to the local cache. These files are
notated using a numerical extension. Once the index has been committed to the local
cache, it's converted to a cache object.

Index files must be considered anytime a virtual machine is unexpected shutdown or

reboot. These files would represent data that hasn't been committed to the local cache
and could lead to loss of data; at worst a corrupted container. In non-persistent or
multi-session environments, once a virtual machine recovers from the unexpected event,
the user typically doesn't connect to the same virtual machine. In these cases, the data
that wasn't properly committed and flushed to the storage providers could be lost and
lead to an issue with the users profile container.

Proxy File
Cloud Cache uses the concept of a proxy file, represented as Profile_%username%.vhd
though it isn't a true VHD file. The proxy file is used as a means to collect and process all
I/O writes destined for the local cache. The I/O writes are buffered in memory and
tracked via the proxy file before they're written out as block-level cache objects in the
cache directory. While the proxy file has the same size as the local cache file, the actual
size on disk is zero, as no data is written to this file.
Figure 3: Cloud Cache Proxy File

Auxiliary Files
Cloud Cache makes use of two (2) auxiliary files in order to maintain control and
sequence of the local cache.

７ Note

These auxiliary files are used by FSLogix and are not meant to be opened or used
outside of the product. Any relevant information in those files will be made
available through our log files or event log entries.

Lock File
The lock file is what its name might imply, a file use to determine which virtual machine
has an I/O lock on the container. Cloud Cache uses this information to determine
ownership of the container for a given provider. The lock file mechanism is critical when
using Cloud Cache with ProfileType set to '3' (Multiple or concurrent sessions).

Meta File

The meta file is a multi-purpose file where we track the state of the container. Inside the
meta file, Cloud Cache uses a sequence numbering system to determine which provider
has the most recent data.

Storage Providers
FSLogix isn't a storage provider, rather we rely on underlying architecture of the storage
provider(s). For more information on the storage providers FSLogix supports, review our
Container Storage Options.

Next steps
High Availability or Container Resiliency Options using Cloud Cache
High availability options for FSLogix
Article • 03/31/2023

A high availability design isn't solely focused on a single element rather ensuring all the
elements of a given solution have a level of redundancy. The FSLogix design goal
applies high availability so that the underlying storage provider has replicas of your
data. This goal doesn't take into account the availability of the virtual machine, network
or any other dependent resource needed to access the storage provider. Implementing
a high availability solution for user profiles is aimed at insulating users from momentary
or short-lived storage issues or outages.

７ Note

High availability in these contexts are specifically focused on protecting the user's
profile container within the same region or data center.

High availability with Cloud Cache containers

(preferred)
＂ Review: Cloud Cache overview

 Tip

The storage examples in the diagrams could be swapped with Azure page blobs in
lieu of Azure Files. Configuring both Azure Files and page blobs are not unique
enough to provide a sufficient level of isolation in the event of an outage.

Cloud Cache containers are user profile VHD(x) files used with storage providers listed in
the CCDLocations configuration setting. Cloud Cache allows for multiple storage
providers, which are kept up-to-date from the local cache of the virtual machine. Using
multiple storage providers, both on-premises and Azure based solutions may be able to
separate the storage providers in order to mitigate any one (1) outage from affecting
both storage providers. Most commonly high availability is achieved through using
unique storage providers within the same region or data center.

Azure Files is configured for ZRS and Azure NetApp Files isn't configured with any
redundancy. This design limits the exposure of an outage or issue affecting one of these
storage platforms, which provides more resiliency than creating two (2) Azure Files
(shares), two (2) Azure NetApp Files (capacity pools or volumes), or two (2) Azure page
blob accounts.

Figure 1: FSLogix High Availability with Cloud Cache

Session Hosts in Azure Virtual Desktop (AVD) are configured with CCDLocations . The
diagram is based on a common AVD deployment scenario. While this design doesn't
represent every customer environment, the goal is to demonstrate a multi-provider
configuration within a single region or data center for high availability purposes. Cloud
Cache is configured in such a way that the local cache is stored on the same disk as the
operating system. Alternatively, the virtual machine could be configured with another
disk, in Azure this disk could be a Managed Disk (data disk) or a Temporary disk1.

1 Temporary disks have many caveats and should reviewed before implemented in a production environment.

High availability with standard containers

Standard containers are user profile VHD(x) files used with storage providers, which are
listed in the VHDLocations configuration setting. Customers using FSLogix in an on-
premises environment may have limited options in designing their storage resiliency in
comparison to Azure based storage providers. This design requires significant
investment in storage architecture, which is locally redundant and redundant across
other failure domains. As outlined, Azure provides native capabilities in these scenarios.

２ Warning

FSLogix in this configuration is not providing any resiliency and is fully reliant
on the storage provider.
This section will focus on Azure based storage providers which have native
high availability options.

Azure Files
＂ Review: Azure Files documentation
＂ Review: Azure Storage redundancy

It's highly recommended to use zone-redundant storage (ZRS) when configuring an

Azure Files share. This ensures the data is replicated across the three (3) availability
zones for the given region2. While this data is replicated across the availability zones,
this configuration (standard containers), the container is mounted to the virtual machine
over the network using the SMB protocol.

2 Not all Azure regions support availability zones, see Azure regions with availability zone support.

２ Warning

Any network, connection, configuration change or issues with other dependent

resource need to access the Azure File share will result in the user's session
becoming unstable or unresponsive and could lead to a session disconnect.
Azure NetApp Files
＂ Review: Use availability zones for high availability in Azure NetApp Files

Currently, the only option for high availability using Azure NetApp Files is to use their
availability zone placement feature. The availability zone placement feature only let's
you deploy volumes in availability zones of your choice, which should be in alignment
with Azure compute and other services in the same zone.

Ｕ Caution

This storage provider does not provide enough redundancy for FSLogix high
availability using standard containers.

Next steps
Business Continuity and Disaster Recovery using FSLogix
Business continuity and disaster
recovery options for FSLogix
Article • 12/05/2023

７ Note

All diagrams are examples based on Azure Virtual Desktop and are applicable to
other virtual desktop platforms.

An effective business continuity and disaster recovery (BCDR) plan focuses on the
processes and resources necessary for an organization to operate if a catastrophe or
other significant outage. Roaming user profiles aren't commonly described as a business
or mission-critical component of a BCDR strategy. In a virtual desktop environment, a
user is unaware they have a roaming profile. The profile is roamed to provide users with
a consistent experience regardless of the virtual machine. Business or mission-critical
data shouldn't be stored in a user's profile if at all possible. Using OneDrive, SharePoint
or other solutions are an effective means for protecting data during a BCDR event while
not relying on the data roaming with the user as part of their profile. This process is best
outlined in a recovery-time objective (RTO) and recovery-point objective (RPO) exercise
where the cost benefit and risk analysis can be weighed base on organizational and
business goals.

Option 1: No profile recovery

＂ Example: Standard + Disaster Recovery (no profile recovery)

While this option doesn't seem like a BCDR design, it's focused on ensuring business
and mission-critical data isn't in the user's profile. During a disaster, users would create
new profiles in either a new location or on a new storage provider (both can be true).
This option is the most cost effective in terms of infrastructure cost though has a penalty
due to the effect it may have on the user experience.
Figure 1: No Profile Recovery | FSLogix standard containers (VHDLocations)

In the diagram, is a multi-region Host Pool using Azure Virtual Desktop. Both the
primary and failover regions have a dedicated Azure Files share using zone-redundant
storage (ZRS) which provides high availability within the region. The failover region has
Session Hosts, which are stopped or deallocated. In a disaster, the failover region
becomes the primary region and users will sign-in to those Session Hosts and create
new profiles on the Azure Files share in that region.

Option 2: Cloud Cache (primary / failover)

＂ Review: Cloud Cache Overview
＂ Example: Advanced + Disaster Recovery (primary / failover)

A failover design is a common strategy to ensure the availability and reliability of your
infrastructure in case of a disaster or a failure. Cloud Cache enables you to use FSLogix
using this type of failover design. With Cloud Cache, you can configure your devices to
use two (2) storage providers that store your profile data in different locations. Cloud
Cache synchronizes your profile data to each of the two storage providers
asynchronously, so you always have the latest version of your data. Some of your
devices are in the primary location and the other devices are in the failover location.
Cloud Cache prioritizes the first storage provider (closest to your device), and uses the
other storage provider as a backup. For example, if your primary device is in West US
and your failover device is in East US, you can configure Cloud Cache as follows:

The primary device uses a storage provider in West US as the first option and a
storage provider in East US as the second option.
The failover device uses a storage provider in East US as the first option and a
storage provider in West US as the second option.
If the primary device or the closest storage provider fails, you can switch to the
failover device or the backup storage provider and continue your work without
losing your profile data.

However, there are some drawbacks of using a failover design with Cloud Cache. First,
you have to pay extra for storing your profile data in two (2) locations. Second, you have
to manually initiate the failover process, which may require the approval of the business
stakeholders. Third, you may experience some latency or inconsistency in your profile
data due to the asynchronous synchronization to the two storage providers.

 Tip

Before allowing users to fail back to profiles in the primary location, be sure all
users have signed out successfully from the failover location to ensure the
primary location has an up to date replica of the user's profile data.
Cloud Cache is an I/O intensive system and can easily cause network and/or
storage bottlenecks to the restored location.
Figure 2: Cloud Cache (primary / failover) | FSLogix Cloud Cache (CCDLocations)

In the diagram, we have a multi-region Host Pool utilizing Azure Virtual Desktop. Both
the primary and failover regions are part of this setup. They each have a dedicated
Azure Files share using zone-redundant storage (ZRS), ensuring high availability within
the region. The failover region contains Session Hosts, which are either stopped or
deallocated. In the event of a disaster, the failover region becomes the primary region.
Users will sign in to these Session Hosts and load their replicated profile from the
failover region.

However, it’s essential to consider the following:

BCDR (Business Continuity and Disaster Recovery) events are rarely graceful.
Depending on the circumstances, user profile data may not be guaranteed to be
intact.
Users signing in to Session Hosts in the failover region could experience data loss
or, in worse cases, container corruption.

Given this situation, it’s crucial to use storage platforms like OneDrive or SharePoint for
critical data. These platforms provide additional redundancy and protection against data
loss. Remember, planning for disaster recovery is essential, and having the right storage
strategy can mitigate risks and ensure business continuity.
Option 3: Cloud Cache (active / active)
＂ Review: Cloud Cache Overview
＂ Example: Advanced + Disaster Recovery (primary / failover)

When discussing infrastructure, it is common to use active/active designs, which can

also be applied to an FSLogix profile solution. With this option, Cloud Cache is set up
with two storage providers that are updated asynchronously to reflect all changes made
to the local cache. The storage provider closest to the active location is listed first, while
the furthest provider is listed second. In the other location, the order is reversed. This
option incurs additional costs for storing provider data in two locations and requires a
manual decision by business stakeholders before initiating a failover.

 Tip

When the failed region is operational, it may take significant time for the
profile data to fully replicate.
Cloud Cache is an I/O intensive system and can easily cause network and/or
storage bottlenecks to the restored location.
Figure 3: Cloud Cache (active / active) | FSLogix Cloud Cache (CCDLocations)

In the diagram, are two (2) AVD Host Pools and Session Hosts residing in specific Azure
regions. Users assigned to the West US region, access those virtual machines. Users in
the East US region only access and are assigned to those virtual machines. During a
disaster, the surviving region must have enough capacity to support all the users.
Additionally, users from the failed region need access granted to the virtual machines in
the surviving region.

BCDR events are never graceful and depending on the circumstances of the event, user
profile data isn't guaranteed to be intact. Users who sign-in to Session Hosts in the
surviving region could experience data loss or at worse container corruption. This
situation amplifies the need to use storage platforms like OneDrive or SharePoint for
critical user data.
Local include and exclude groups
Article • 03/31/2023

FSLogix provides four (4) local groups to granularly control which users or groups are
processed by the FSLogix service. Each type of container has a respective include and
exclude group. The exclude groups have no members by default. The include groups
automatically include the Everyone group.

Use cases:

You don't want your administrator accounts to use FSLogix.

You only want FSLogix to apply to a specific group of users.
You want to prevent a specific group of users from using FSLogix.
Used for pilot or 'proof-of-concept' programs.

Figure 1: Computer Management Local Groups

Default include group members

 Tip
 Checking the include and exclude group members is a good start when
troubleshooting a user's container fails to attach or signs in with a temp or local
profile.

Figure 2: Default group memberships

Types of containers
Article • 03/31/2023

FSLogix has two (2) primary container types, which can be implemented as part of your
profile management solution. As outlined in our terminology page, FSLogix containers
are the virtual hard disk (VHD(x)) files, which hold all of the data for the given container
type.

７ Note

Cloud Cache isn't a type of container, but it is an optional configuration for profile
and ODFC container types. For more information, see Cloud Cache overview.

Profile container
A profile container is the most common container used in an FSLogix solution. A profile
container is all the data related to a user's profile, which is directly stored in the VHD(x).
A Windows user profile is typically stored in C:\Users\%username% . Nearly all the files and
folders found under this location would be included in an FSLogix profile container.
Some data in a users profile shouldn't or can't be roamed which can be found in the
exclusion list.

For users familiar with managing profiles, the function of the profile container may be
compared to Microsoft User Profile Disk (UPD), Microsoft roaming profiles, or Citrix User
Profile Management (UPM). Although the function is similar, the underlying method and
technology is different, resulting in key FSLogix capabilities.

７ Note

Unless otherwise configured, the profile container will hold all profile and ODFC
content in the same VHD(x) file. This is the recommended configuration.

Profile excluded content

There's profile content that can't be roamed between virtual machines. To prevent issues
with applications or processes that need access to this data, FSLogix creates a redirect
from the native profile path to a new folder in the C:\Users path. This folder is prefixed
with local_ and combined with the user's SAM account name (for example,
C:\Users\local_%username% ). During sign out, the C:\Users\local_%username% folder is

deleted.

Default exclusions

FSLogix automatically excludes the following paths:

%userprofile%\AppData\Roaming\Microsoft\Protect

%userprofile%\AppData\Roaming\Microsoft\Credentials
%userprofile%\AppData\Local\Microsoft\Credentials

%userprofile%\AppData\Local\Microsoft\Office\16.0\OfficeFileCache

ODFC container
An ODFC container is a container type, which is focused on storing profile content that
is unique to Microsoft Office applications1. The ODFC container is most commonly
implemented in conjunction other roaming profile solutions2.

1 Office data includes, but is not limited to Office apps, OneDrive, Teams, SharePoint, and OneNote.

2 Traditional roaming profiles, Citrix User Profile Management, VMware Dynamic Environment Manager, or similar.

） Important

When using ODFC containers with other profile roaming solutions, be sure the
other solutions are configured to exclude the ODFC data.

A default ODFC container configuration includes the following data:

Office Activation
Outlook
Outlook personalization
SharePoint
OneDrive
Skype for Business (legacy support)

Most data contained in the ODFC container is sourced from other remote systems and is
easily replaced should the ODFC container become corrupted or deleted. For example,
Outlook data files are generated from remote e-mail servers (for example, Microsoft
365). The list of applications that can be included are found in the ODFC reference
article.
 ７ Note

ODFC containers are an optional configuration.

When to use Profile and ODFC containers

Profile and ODFC containers should be used together when:

Discretion is wanted in the storage location for Office data vs. other profile data.
Provides isolation from data loss or corruption in one of the containers3.
Used as a mechanism to specify which Office components have their data included
in the container4.
Allows organizations to have different container sizes to accommodate specific
workloads or data synced from OneDrive5.

3 ODFC container is not backed up or replicated to alternate locations since the data is recoverable from the source.

4 Not available when using a single container configuration.

5 Configure 10 GB profile container with a 50 GB ODFC container.

Container storage options
Article • 08/22/2024

Storage options for FSLogix containers can vary widely depending on many factors. The
first factor(s) when choosing storage are the platform (that is, Azure, on-premises, etc.)
and location (that is, geographical region or datacenter) of your virtual infrastructure.
This document outlines the various options and considerations when choosing and
designing your container storage.

Storage requirements
Storage requirements can vary widely depending on the user, applications, and activity
on each profile. The following table gives an example of how many IOPS an FSLogix
profile needs to support each user.

ﾉ Expand table

Resource Requirement

Steady state IOPS 10

Sign in/sign out IOPS 50

The example in this table is of a single user, but can be used to estimate requirements
for the total number of users in your environment. For example, you'd need around
1,000 IOPS for 100 users, and around 5,000 IOPS when signing in and signing out.

Storage types
Regardless of your container configuration, all FSLogix containers can be stored on file
shares that support the SMB protocol. If you decided to use Cloud Cache as part of your
configuration, you can choose to store your containers in an Azure Storage Account
Blob.

SMB file shares

Used in:

＂ VHDLocations for profile and ODFC containers

＂ CCDLocations (Cloud Cache) for profile and ODFC containers
SMB is a network file and resource sharing protocol that uses a client-server model. SMB
clients such as, Windows PCs on a network, connect to SMB storage providers to access
resources such as files and directories. FSLogix doesn't implement a private SMB client
or protocol. FSLogix uses the built-in SMB client from the virtual machines operating
system and isn't bound by SMB protocol version. Additionally, if the SMB storage
provider and the Windows client are able to negotiate for SMB multi-channel then
FSLogix gains this benefit.

Azure page blob storage accounts

Used in:

＂ CCDLocations (Cloud Cache) for profile and ODFC containers ONLY

FSLogix communicates with the Azure Storage Account using the Storage Account
Connection String. As outlined in this article, the connection string contains protected
security information. Knowledge of this information exposes a security risk that must be
considered and mitigated before using this type of storage provider. To correctly
implement this type of storage provider, the connection string or Storage Account name
and Account Key must be stored in the virtual machines credential manager .

Azure Virtual Desktop (AVD) or Azure based

virtual desktop environments
Azure provides multiple storage solutions that can be used to store your FSLogix
containers. This section compares Azure storage providers for AVD and other Azure
based virtual desktop environments (for example, VMware, Citrix , RDS, etc.).

ﾉ Expand table

Azure Files Azure NetApp Azure Page Storage Spaces

1
Files Blob Direct

Use case General purpose Ultra performance General Cross-platform

or migration from purpose
NetApp on-
premises

Platform Yes, Azure-native Yes, Azure-native Yes, Azure- No, self-managed

service solution solution native solution

Regional All regions Select regions All regions All regions

availability
 Azure Files Azure NetApp Azure Page Storage Spaces
Files Blob1 Direct

Redundancy LRS, ZRS, GRS, Locally redundant, Varies Varies

GZRS Cross-region
replication

Tiers and Premium, Ultra, Premium, or Tiers: Varies, Ultra, Premium

performance Transaction Standard Performance: SSD v2, Premium
Optimized, Hot, or Varies SSD, Standard
Cool SSD, Standard
HDD

Capacity 100 TiB per share, 100 TiB per Up to 8 TiB 32 TiB - 65 TiB
Up to 5 PiB per volume, 25 TiB per Disk
general purpose default quota per
account Subscription

Limitations 10,000 handles 1,000 IP(s) per Varies Varies based on

per file share subnet up to VM number of nodes
limits and disks

1 Azure page blobs are only used in Cloud Cache containers

On-premises or other workload platforms

When FSLogix is implemented in non-Azure environments, the storage options become
limitless. As described in the storage type section, FSLogix requires the storage provider
to support SMB and work with the built-in Windows SMB client. The most important
factor when selecting a storage platform for FSLogix containers, is the proximity
(latency) to the virtual desktop infrastructure and the performance of the system in
relation to your user workloads.

Next steps
As outlined, FSLogix can be used with various storage options. Use the next step articles
to create the right storage location for your environment:

Azure Files
Create an SMB Azure file share
Overview - on-premises Active Directory Domain Services authentication over SMB
for Azure file shares
Enable Azure Active Directory Domain Services authentication on Azure Files
 Enable Azure Active Directory Kerberos authentication for hybrid identities on
Azure Files

Azure NetApp Files

Create an SMB volume for Azure NetApp Files also apply when you use an FSLogix
profile container instead of a user profile disk

Storage permissions
Configure SMB Storage Permissions
Configuration options
Article • 03/31/2023

FSLogix operates based on specific registry settings that define how it operates. These
registry settings are applied on a per-machine level. The configuration settings reference
page provides detailed information on each registry setting and the expected behavior.

There are several ways to apply registry settings depending on the scenario and scale of
your environment:

Manual Registry Entries: The manual method implies adding registry entries
directly through one of these types of processes:
Registry Editor
Registration Files
Console Registry Tool for Windows
PowerShell
Desired State Configuration

７ Note

Using a manual method is perfect for single machines in a test or

development environment. However, with the right expertise this method
could scale and work within an automated orchestration framework (for
example, Azure DevOps, Jenkins, Chef, Puppet)

Local Group Policy (ADMX): The Local Group Policy editor can be used to
configure FSLogix through the ADMX files when stored locally on the virtual
machine. Unlike the manual methods, this method doesn't scale and is only used
as part of a test or development environment.

Group Policy Objects (ADMX): Group Policy Objects are an ideal method for large
scale configuration, especially where there isn't any existing automation.

Intune (ADMX Setting Import): Coming Soon

Next steps
Configuration examples
Configuration examples
Article • 12/05/2023

The example configurations outlined in this article are a progression of complexity based
on configuration choices. Each example has an associated configuration focused on
redundancy or disaster recovery. We recommend customers select the simplest
configuration for their environment. Adding unnecessary complexity leads to incorrect
configurations and support cases.

７ Note

Use these examples as a starting point of your FSLogix configuration. The ideas and
concepts in these examples should inform your unique organizational requirements.

EXAMPLE 1: Standard
The Standard configuration example is the simplest configuration in which most customers
should consider.

Prerequisites (Standard)
＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ SMB File Share.
＂ Validated share and NTFS permissions.

Configuration Items (Standard)

ﾉ Expand table

Items Description

Single VHD location The VHDLocations setting contains a single UNC path to an SMB file share.

Single container A single Profile container is created for the user. The ODFC container isn't
configured.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can
connections only be mounted within a single connection.

No custom profile No use of redirections.xml file.

redirections
Registry Settings (Standard)

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType5 REG_SZ VHDX Recommended

1 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

2 Provides and easier way to browse the container directories.

3 Decreases the retry timing to enable a faster fail scenario.

4 Single connections reduce complexity and increase performance.

5 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 2: Standard + High Availability (Cloud

Cache)
The Standard + High Availability configuration enhances the basic Standard example by
incorporating Cloud Cache to ensure regional availability for the profile container. This
configuration is designed to provide robustness and redundancy, allowing the profile
container to be accessible even in the event of failures or outages in a specific region.
Cloud Cache acts as a resiliency and availability layer, periodically writing profile data
upstream to multiple storage providers. By replicating data across unique storage
providers, it ensures that the profile container remains available even if one storage
provider is unavailable. This approach enhances reliability and minimizes downtime for
end-users.

Key Points

Redundant and robust: Allows the profile container to be accessible even in the event
of failures or outages, minimizing downtime for end-users
Resiliency: Cloud Cache acts as an availability layer, periodically writing profile data
upstream to multiple storage providers.
Storage design expertise: Cloud Cache functionality is dependent on the
performance of your storage providers.

Summary

The Standard + High Availability configuration combines the benefits of the Standard setup
with additional measures to maintain availability across regions, making it suitable for
critical applications that require continuous access to profile data.


Figure 1: FSLogix High Availability using Cloud Cache

Prerequisites (Standard + High Availability)

＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Multiple storage providers in the same region or zone-redundant storage.
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Standard + High Availability)

ﾉ Expand table

Items Description

Container The CCDLocations contains at least 2 storage providers of varying kinds. The
redundancy storage providers are in the SAME region as the virtual machines.

Single container A single Profile container is created for the user. The ODFC container isn't
configured.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can only
connections be mounted within a single connection.

No custom profile No use of redirections.xml file.

redirections

Registry Settings (Standard + High Availability)

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB Example

or PROVIDER",connectionString=\\
REG_SZ <storage-account-name-
1>.file.core.windows.net\
<share-
name>;type=smb,name="ANF SMB
PROVIDER",connectionString=\\
<azure-netapp-files-fqdn>\
<volume-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

 Key Name Data Value Description
Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

1 Recommended to save disk space on the local disk and risk of data loss when using pooled desktops.

2 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

3 Provides and easier way to browse the container directories.

4 Prevents users from creating a local cache if at least 1 provider isn't healthy.

5 Decreases the retry timing to enable a faster fail scenario.

6 Single connections reduce complexity and increase performance.

7 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 3: Standard + Disaster Recovery (no

profile recovery)
The Standard + Disaster Recovery is an extension of the basic Standard. In this setup,
duplicate infrastructure exists in another region, but it remains powered down until
needed. Unlike other recovery scenarios, there is no profile recovery in this approach.
Instead, users create new profiles in the alternate location. While this is the least complex
recovery scenario, it comes with a significant drawback: end-user experience and training
become critical components for success.

Key Points
 Duplicate Infrastructure: The disaster recovery region mirrors the primary
infrastructure but remains inactive until required.
No Profile Recovery: Instead of restoring existing profiles, users create new ones in
the alternate location.
Simplicity: This approach minimizes complexity but relies heavily on user familiarity
and training.
End-User Experience: Ensuring a smooth transition and user understanding is crucial.

Summary

The Standard + Disaster Recovery configuration balances simplicity with the need for user
education and adaptation.

Figure 2: No Profile Recovery | FSLogix standard containers (VHDLocations)

Prerequisites (Standard + Disaster Recovery)

＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Duplicate storage and compute infrastructure in another region.
＂ Validated NTFS and share-level permissions (SMB only).

Configuration Items (Standard + Disaster Recovery)

ﾉ Expand table
 Items Description

Single VHD location The VHDLocations setting contains a single UNC path to an SMB file share.

Single container A single Profile container is created for the user. The ODFC container isn't
configured.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can
connections only be mounted within a single connection.

No custom profile No use of redirections.xml file.

redirections

Registry Settings (Standard + Disaster Recovery)

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType5 REG_SZ VHDX Recommended

1 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

2 Provides and easier way to browse the container directories.

3 Decreases the retry timing to enable a faster fail scenario.

4 Single connections reduce complexity and increase performance.

5 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.
EXAMPLE 4: Advanced
The Advanced configuration example builds upon the Standard example by introducing
additional features to enhance flexibility and customization.

Key Points
Multiple VHDLocations or object-specific settings: You can specify multiple locations
for storing user profiles (VHDLocations). Alternatively, you can define object-specific
settings to tailor profile behavior for specific users or groups. This flexibility allows
you to optimize profile management based on your organization’s needs.
Minimal entries in custom profile redirections: Unlike the Standard setup, where the
redirections.xml file isn't used, the Advanced configuration minimizes the number of
redirections.xml entries. Each entry in the redirections.xml configuration adds
complexity and can cause unknown application behaviors. Minimizing these entries
may provide an overall better user experience.

Summary
The Advanced configuration provides granular control over profile storage and redirection,
making it suitable for organizations with diverse requirements.

Prerequisites (Advanced)
＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Multiple SMB File Share(s).
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Advanced)

ﾉ Expand table

Items Description

Multiple VHD The VHDLocations setting contains a single or multiple UNC paths
locations (separated by semi-colon) to SMB file shares.

Object-specific Allows unique settings based on a user or group SID.

settings

Single container A single profile container is created for the user. The ODFC container isn't
configured.
Items Description

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can
connections only be mounted within a single connection.

Minimal XML file contains minimal entries with minor complexity.

redirections.xml

 Tip

Review the Custom profile redirections.xml page for additional information.

The Tutorial: Create and implement redirections.xml page demonstrates how to
implement this feature for Microsoft Teams.

Registry Settings (Advanced)

Multiple VHDLocations

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

RedirXMLSourceFolder REG_SZ \\<server-name>\<share- Example

name>

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account-name- Example

or 1>.file.core.windows.net\
REG_SZ <share-name>;\\<storage-
 Key Name Data Value Description
Type

account-name-
2>.file.core.windows.net\
<share-name>

VolumeType5 REG_SZ VHDX Recommended

Object-Specific VHDLocations

The default VHDLocations is used for any user or group not matched by the object-specific
configuration.

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

RedirXMLSourceFolder REG_SZ \\<server-name>\<share- Example

name>

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType5 REG_SZ VHDX Recommended

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-0-0-00-000000000-

0000000000-000000000-1234\
 ﾉ Expand table

Key Name Data Type Value Description

VHDLocations MULTI_SZ or REG_SZ \\<server-name>\<share-name> Example

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-0-0-00-000000000-

0000000000-000000000-4321\

ﾉ Expand table

Key Name Data Type Value Description

VHDLocations MULTI_SZ or \\<azure-netapp-files-computer- Example

REG_SZ account>.contoso.com\<share-name>

２ Warning

Multiple entries in VHDLocations doesn't provide container resiliency. When multiple

entries exist, a user will try to create or locate their container from the list of locations
in order. The first location which the user has access to or is available will be where the
container is created or attached from. If using multiple entries, users should only have
access to a single location. Consider using the object-specific configuration settings in
lieu of multiple VHDLocations.

1 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

2 Provides and easier way to browse the container directories.

3 Decreases the retry timing to enable a faster fail scenario.

4 Single connections reduce complexity and increase performance.

5 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 5: Advanced + Disaster Recovery

(primary / failover)
The Advanced + Disaster Recovery configuration example adds complexity through a
failover design. This is a common strategy to ensure the availability and reliability of your
infrastructure in case of a disaster or a failure. With Cloud Cache, you can configure your
devices to use two (2) storage providers that store your profile data in different locations.
Cloud Cache synchronizes your profile data to each of the two storage providers
asynchronously, so you always have the latest version of your data. Some of your devices
are in the primary location and the other devices are in the failover location. Cloud Cache
prioritizes the first storage provider (closest to your device), and uses the other storage
provider as a backup. For example, if your primary device is in West US and your failover
device is in East US, you can configure Cloud Cache as follows:

The primary device uses a storage provider in West US as the first option and a
storage provider in East US as the second option.
The failover device uses a storage provider in East US as the first option and a storage
provider in West US as the second option.
If the primary device or the closest storage provider fails, you can switch to the
failover device or the backup storage provider and continue your work without losing
your profile data.

Key Points

Failover design: This design ensures the availability and reliability of your
infrastructure in case of a disaster or a failure.
Profile storage: Cloud Cache enables your to store your profile data in different
locations.
Additional storage cost: Multiple storage locations will increase the overall cost.
Operational excellence: Manual failover process, which may require the approval of
the business stakeholders and process validation.
End-user experience: You may experience some latency or inconsistency in your
profile data due to the asynchronous synchronization to the two storage providers.

Summary

The Advanced + Disaster Recovery configuration shows how a failover design with Cloud
Cache can enhance the reliability and availability of your infrastructure by using two
storage providers in different locations. It also highlights the drawbacks of this approach,
including additional costs, the need for manual failover initiation, and potential latency or
inconsistency in profile data.
 

Figure 3: Cloud Cache (primary / failover) | FSLogix Cloud Cache (CCDLocations)

Prerequisites (Advanced + Disaster Recovery)

＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Two storage providers in at least two regions.
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Advanced + Disaster Recovery)

ﾉ Expand table

Items Description

Container The CCDLocations contains two (2) storage providers1. The primary site is
redundancy configured with the closest storage provider listed first and failover storage
provider provided listed last. The failover site has the reverse configuration. The
closest storage provider first, followed by the primary site storage providers listed
last.

Single A single profile container is created for the user. The ODFC container isn't
container configured.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can only be
connections mounted within a single connection.

No custom No use of redirections.xml file.

profile
 Items Description

redirections

1 The storage providers must be in different regions or locations.

 Tip

Review the Custom profile redirections page for our recommended exclusions.

Registry Settings (Advanced + Disaster Recovery)

Primary site

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB Example

or PRIMARY",connectionString=\\
REG_SZ <storage-account-name-
primary>.file.core.windows.net\
<share-
name>;type=smb,name="FILES SMB
PROVIDER
FAILOVER",connectionString=\\
<storage-account-name-
failover>.file.core.windows.net\
<share-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

 Key Name Data Value Description
Type

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

Failover site

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB Example

or FAILOVER",connectionString=\\
REG_SZ <storage-account-name-
failover>.file.core.windows.net\
<share-
name>;type=smb,name="FILES SMB
PROVIDER
PRIMARY",connectionString=\\
<storage-account-name-
primary>.file.core.windows.net\
<share-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

1 Recommended to save disk space on the local disk and risk of data loss when using pooled desktops.

2 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

3 Provides and easier way to browse the container directories.

4 Prevents users from creating a local cache if at least 1 provider isn't healthy.

5 Decreases the retry timing to enable a faster fail scenario.

6 Single connections reduce complexity and increase performance.

7 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 6: Complex
The Complex configuration example builds upon the Advanced example by introducing
multiple connections. In this setup, user profiles can handle multiple connections, allowing
a single user to have active sessions across different devices simultaneously. Despite the
increased complexity, the goal remains to provide a seamless experience for end-users.
Properly configured multiple connections enhance productivity and flexibility, making this
configuration suitable for organizations with diverse needs and high demands.

７ Note

Azure Virtual Desktop does not support multiple connections within the same Host
Pool.

Summary

The Complex configuration balances sophistication with user-centric design, making it ideal
for large organizations requiring scalability and robust profile management.
 

Figure 4: Complex example with multiple connections | FSLogix standard containers (VHDLocations)

Prerequisites (Complex)
＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Separate pools of virtual machines.
＂ Multiple SMB file share(s) (not for high availability).
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Complex)

ﾉ Expand table

Items Description

Multiple VHD location The VHDLocations setting contains a single or multiple UNC paths
(separated by semi-colon) to SMB file shares.

Object-specific settings Allows unique settings based on a user or group SID.

Single container A single profile container is created for the user. The ODFC container isn't
configured.

Concurrent ProfileType is set to 3. Users can have multiple sign-ins, but only one (1)
connection(s) session allows writes to the base VHD disk.
Items Description

[OPTIONAL] XML file contains various entries with added complexity.

redirections.xml

 Tip

Review the Custom profile redirections.xml page for additional information.

The Tutorial: Create and implement redirections.xml page demonstrates how to
implement this feature for Microsoft Teams.

Registry Settings (Complex)

Multiple VHDLocations

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

RedirXMLSourceFolder REG_SZ \\<server-name>\<share- Example

name>

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account-name- Example

or 1>.file.core.windows.net\
REG_SZ <share-name>;\\<storage-
account-name-
2>.file.core.windows.net\
<share-name>
 Key Name Data Value Description
Type

VolumeType5 REG_SZ VHDX Recommended

Object-Specific VHDLocations
The default VHDLocations is used for any user or group not matched by the object-specific
configuration.

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

RedirXMLSourceFolder REG_SZ \\<server-name>\<share- Example

name>

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType5 REG_SZ VHDX Recommended

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-0-0-00-000000000-

0000000000-000000000-1234\

ﾉ Expand table
 Key Name Data Type Value Description

VHDLocations MULTI_SZ or REG_SZ \\<server-name>\<share-name> Example

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-0-0-00-000000000-

0000000000-000000000-4321\

ﾉ Expand table

Key Name Data Type Value Description

VHDLocations MULTI_SZ or \\<azure-netapp-files-computer- Example

REG_SZ account>.contoso.com\<share-name>

２ Warning

Multiple entries in VHDLocations doesn't provide container resiliency. When multiple

entries exist, a user will try to create or locate their container from the list of locations
in order. The first location which the user has access to or is available will be where the
container is created or attached from. If using multiple entries, users should only have
access to a single location. Consider using the object-specific configuration settings in
lieu of multiple VHDLocations.

1 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

2 Provides and easier way to browse the container directories.

3 Decreases the retry timing to enable a faster fail scenario.

4 Single connections reduce complexity and increase performance.

5 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 7: Complex + Disaster Recovery (active

/ active)
The Complex + Disaster Recovery configuration builds upon the Advanced + Disaster
Recovery configuration by implementing an active/active design. Instead of load balancing
between the two sites, this configuration relies on users having access to only one location.
In the event of a drill or BCDR, users from a failed region are granted access to virtual
machines in the functioning region.

Key Points
 Failover capability: In the event of a disaster, the surviving regions must have capacity
to support all users.
Profile storage: Cloud Cache enables your to store your profile data in different
locations.
Additional storage cost: Multiple storage locations will increase the overall cost.
Operational excellence: Manual failover process, which may require the approval of
the business stakeholders, process validation and proper user assignments.
End-user experience: You may experience some latency or inconsistency in your
profile data due to the asynchronous synchronization to the two storage providers.

Summary

The Complex + Disaster Recovery configuration with Cloud Cache provides redundancy
and flexibility, but business decisions play a crucial role in initiating failover.

Figure 5: Cloud Cache (active / active) | FSLogix Cloud Cache (CCDLocations)

Prerequisites (Complex + Disaster Recovery)

＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Separate pools of virtual machines in each location.
＂ Users only have access to a single region at a time.
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Complex + Disaster Recovery)

 ﾉ Expand table

Items Description

Container The CCDLocations contains two (2) storage providers1. The primary site is
redundancy configured with the closest storage provider listed first and failover storage
provider provided listed last. The failover site has the reverse configuration. The
closest storage provider first, followed by the primary site storage providers
listed last.

Single container A Profile and ODFC container exists or is created for each user.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can only be
connections mounted within a single connection.

[OPTIONAL] XML file contains various entries with added complexity.

redirections.xml

 Tip

Review the Custom profile redirections.xml page for additional information.

The Tutorial: Create and implement redirections.xml page demonstrates how to
implement this feature for Microsoft Teams.

Registry Settings (Complex + Disaster Recovery)

Site A (West US)

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB WEST Example

or US",connectionString=\\<storage-
REG_SZ account-name-
primary>.file.core.windows.net\
<share-
name>;type=smb,name="FILES SMB
PROVIDER EAST
US",connectionString=\\<storage-
account-name-
failover>.file.core.windows.net\
<share-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

 Key Name Data Value Description
Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

Site B (East US)

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB EAST Example

or US",connectionString=\\<storage-
REG_SZ account-name-
failover>.file.core.windows.net\
<share-
name>;type=smb,name="FILES SMB
PROVIDER WEST
US",connectionString=\\<storage-
account-name-
primary>.file.core.windows.net\
<share-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

 Key Name Data Value Description
Type

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

1 Recommended to save disk space on the local disk and risk of data loss when using pooled desktops.

2 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

3 Provides and easier way to browse the container directories.

4 Prevents users from creating a local cache if at least 1 provider isn't healthy.

5 Decreases the retry timing to enable a faster fail scenario.

6 Single connections reduce complexity and increase performance.

7 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

Appendix: Multiple VHDLocations logic diagram

When using multiple values in the VHDLocations setting, it's important to understand how
FSLogix determines the location to use.

２ Warning

Users who have access to multiple locations may create a new profile in another
location if the location for their actual profile is not available.
 

Figure 5: VHDLocations Logic Diagram

Next steps
How to use Group Policy Templates
Custom profile redirections.xml
Article • 03/31/2023

＂ Tutorial: Create and implement redirections.xml

＂ FAQ: Redirects or redirections.xml

Custom profile redirections are configured using an XML file (redirections.xml) located
within the user's profile container. FSLogix doesn't create the redirections.xml file. The
redirections.xml file is copied to the user's profile container from a source location. In
most cases, the source location is a remote file share where the users have access to
copy from and into their profile container. This document provides details on the
redirection.xml file and how best to implement it for your specific use case.

When to use redirections.xml

Data in the user's profile isn't designed to be removed or excluded. Unless you have
intimate knowledge of the data in the profile or the application, don't exclude it from
the container.
Include and Exclude files and folders within a Profile container

To include / exclude files and / or folders within a users profile container, you need to
create a file called redirections.xml. This file defines what to copy or exclude to / from a
user's profile container. The XML file is processed during a users sign in and sign out of
a virtual machine. Any changes made to the XML file while the user is signed into the
virtual machine, doesn't take effect until they sign out and sign-in.

Removing or renaming the XML file at the source location doesn't remove or rename it
for the users. If it's necessary to remove the custom redirections, clear out the XML file
contents and save it to the source location. At the next sign-in, the updated file will be
copied to the user's profile container.

７ Note

redirections.xml is only applicable when used with profile containers and has no
effect when using ODFC containers.

Locations for redirections.xml

The XML file has two (2) locations. The source location, typically a remote file share, and
the location in the user's profile container.

Source File Location

The XML file can be centrally located for easy distribution. The RedirXMLSourceFolder
setting specifies a location where the client checks at sign in to see if there's a
redirections.xml file. If one is found and it's different than the existing one, it's copied to
the user's profile container. Then the contents are processed.

When stored in a central location (for example, root or subdirectory where user profile
containers are stored), be sure users only have read permissions to the XML file.

７ Note

Only specify the path to the redirections.xml file, don't specify the file name.

User's Profile Location

The redirections.xml file resides in the following location when copied from the source
location:

%userprofile%\AppData\Local\FSLogix\redirections.xml (inside the user's profile

container)

） Important

If any entry or entries in the redirections.xml are removed, the contents or folders
remain in the VHD(x). Anything added in the redirections.xml is put in the
local_ %username% folder, but what already exists in the VHD(x) is not removed from
the VHD(x).

XML File Contents

The redirections.xml file is composed of the XML declaration, three (3) elements and two
(2) attributes. The XML declaration is standard and shouldn't be changed.

Elements and Attributes

FrxProfileFolderRedirection: This is the first element in the XML file and should be
used only once.

ExcludeCommonFolders: This attribute defines which (if any) well known folders
should be redirected out of the user's profile container. This attribute takes a
bitmask value that tells FSLogix which combination of folders to exclude. Add
up the values for all the folders to be excluded. For example, a value of 7
excludes the Contacts, Desktop, and Documents folders.
1: Contacts folder
2: Desktop folder
4: Documents folder
8: Downloads folder
16: Links folder
32: Music folders
64: Pictures and Videos folders
128: Folders involved in Low Integrity Level processes like AppData\LocalLow

Excludes: This element is used for a collection of nested Exclude elements.

Exclude: This element describes a single location to exclude from the user's
container. The path used in these elements must exist in the user's profile
path ( %userprofile% ). The path must NOT include the C:\Users\%username%
part of the path.
Copy: This attribute defines how FSLogix handles the files and folders
during the redirection. The attribute can be omitted from the element that
is the same as using a value of 0.
0: Creates an empty folder in the local_%username% directory. No files
are copied during the operation. Copy 0 is the most common value
used to decrease contents of a user's profile. Any data that is already in
the container at the location isn't removed. Only future data is created
in the local_%username% folder during the user’s session and removed
at sign out.
1: Creates the folder in the local_%username% directory AND copies the
files FROM the specified location. Data in the container is copied to the
local_%username% folder and any new data is also written to that path.

At user sign out the local_%username% is removed and any new data is
lost. Nth sign ins always copies data from the container to the
local_%username% folder.

2: Creates the folder in the local_%username% directory AND copies the

files TO the specified location. A new (empty) folder is created in
local_%username% . During the user's session, data is written to that
 path. At sign out, the data is copied into the container. Don't use this
value unless directed by a Microsoft support engineer.
3: Creates the folder in the local_%username% directory AND copies the
files FROM and TO the specified location. This value combines the
effects from 1 and 2. Existing data is copied out of the container and
into the local_%username% folder. New data is written to the
local_%username% path and at sign out, all data is copied back into the

container.

Includes: This element is used for a collection of nested Include elements.

Include: This element is used to ensure a subdirectory of an exclude path is
kept in the container. The COPY value isn't used in these elements. The path
used in these elements must exist in the user's profile path ( %userprofile% ).
The path must NOT include the C:\Users\%username% part of the path.

７ Note
The folder or data must exist in the profile to be included back into the
container. For example, new profiles using FSLogix with an include
statement may not have all the folder structures created for a specific
path because the user has never used the application within the context
of their FSLogix profile container.
The parent folder of an included folder path MUST exist in the container
for the include to work correctly.
The XML file will accept any number of Include and Exclude elements.

Example redirections.xml

） Important

This example shows how the elements can be used. Follow the Create and
implement redirections.xml tutorial for a real-world XML implementation. Exclues
and includes can have unexpected consequences and must be created with care.

1. Exclude the well-known folders (Contacts, Links, and Music)

2. Exclude the Contoso Sales App, copying any data from the container to the
local_%username% folder and back into the container at sign out. The exclude

statement with copy moves the I/O of the data to the local disk instead of the
container1.
 3. Exclude the Microsoft Edge folder with no copy operation (all data is removed at
sign out).
4. Include back the User Data folder inside the excluded Microsoft Edge folder.

1 I/O is still required to copy the data.

XML

<?xml version="1.0" encoding="UTF-8"?>

<FrxProfileFolderRedirection ExcludeCommonFolders="49">
<Excludes>
<Exclude Copy="3">AppData\Roaming\Contoso\ContosoSalesApp</Exclude>
<Exclude Copy="0">AppData\Local\Microsoft\Edge</Exclude>
</Excludes>
<Includes>
<Include>AppData\Local\Microsoft\Edge\User Data</Include>
</Includes>
</FrxProfileFolderRedirection>

７ Note

On Windows 8 and later, folders involved in Low Integrity Level processes are
ALWAYS redirected to the local_%username% directory.
If the same folder is specified in both Exclude and Include elements, the
Exclude will take precedence.

To list the redirections put in place by FSLogix, use the frx command-line
utility.

Next steps
redirections.xml FAQ
Concurrent or multiple connections to a
single container
Article • 03/31/2023

Users connect to Virtual and Remote Desktops or Remote Applications in different ways
depending on how those environments are configured. The following outlines some
terminology used when users connect to these remote systems:

Standard connections
User creates a single remote session on a Windows computer through a full
desktop or remote application experience.
Concurrent connections
User creates a remote session on a Windows computer through a full desktop
or remote application. The same user creates a second remote session on the
same Windows computer through a full desktop or remote application.
Multiple connections
User creates a remote session on a Windows computer through a full desktop
or remote application. The same user creates a new remote session on a
different Windows computer through a full desktop or remote application.

７ Note

When working with concurrent or multiple connection types, the configuration is

different between Profile and ODFC containers. Profile containers use a
configuration called ProfileType and the ODFC container uses a configuration
called VHDAccessMode . Each configuration operates differently.

２ Warning

OneDrive doesn't support concurrent or multiple connections using the same

container, under any circumstance. Please see the OneDrive documentation on this
topic.

Prerequisites
Before configuring for concurrent or multiple connections, install and configure profile
containers.
Concurrent connections
Concurrent connections are used when a user needs to have more than one (1) session
on a single computer using the same Profile or ODFC container. Concurrent connections
require other registry entries to allow these types of connections. This scenario supports
the use of both VHD(x) base disk and VHD(x) differencing disks.

２ Warning

Concurrent connections are NOT supported by Session Hosts running in an Azure

Virtual Desktop Host Pool.

Required Settings
Registry Key: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

Value Name Value Type Value

fDenyTSConnections DWORD 0

fSingleSessionPerUser DWORD 0

Multiple connections
Multiple connections are used when a user needs to have more than one (1) session,
each on a different computer, using the same Profile or ODFC container. This scenario is
only supported using VHD(x) differencing disks. Unlike concurrent connections, no other
configuration is required beyond the differencing disks.

Profile container VHD(x) differencing disks

Concurrent and Multiple connections require specific configuration for the Profile
container in order to make use of VHD(x) differencing disks.

To use Concurrent\Multiple Connections, the ProfileType must be set to 3 .

Computer attempts Read/Write lock, revert to Read Only:

Sign on:
Client checks to see if a RW.VHD(x) file exists. If it doesn't, the client takes the
RW role and performs the same steps as ProfileType = 1. If the RW.VHD(x) file
 does exist, the client takes the RO role and does the same steps as ProfileType
= 2.

７ Note

RO difference disks are stored in the local temp directory and are named
%usersid%_RO.VHD(x) .

The RW difference disk is stored on the network next to the parent VHD(x) file
and is named RW.VHD(x) .
The merge operation can be safely interrupted and continued. (e.g. If one
client begins the merge operation and is interrupted or powered off, another
client can safely continue and complete the merge). This is why both RW and
RO clients attempt a merge operation.
Merge operations on an ReFS file system, where the difference disk and the
parent are on the same ReFS volume, are nearly instantaneous regardless the
size of the difference disk.
Merge operations can only be done if there are no open handles to either the
difference disk or the parent VHD(x). The RO client also attempts to merge the
RW VHD(x) as it may be the last session to disconnect.

ODFC container VHD(x) differencing disks

Concurrent and Multiple connections require specific configuration for the ODFC
container in order to make use of VHD(x) differencing disks.

To use Concurrent\Multiple Connections, the VHDAccessMode Type need to be 3:

Session-based local VHD(x)

Sign On
Client searches for a session-based VHD(x) that isn't currently in use
If found, it's directly attached and used
If not found, one is created
If a new VHD is created, resulting in session-based VHD(x) files greater than the
number specified to keep in the setting, NumSessionVHDsToKeep , the VHD(x) is
marked for deletion on sign out.
Sign out
Client detaches the VHD(x)
If the VHD(x) is marked for deletion, it's deleted
７ Note

Local difference disks are stored in the local temp directory and are named
%usersid%_ODFC.VHD(x) .

Difference disks stored on the network are located next to the parent VHD(x)
file and are named %computername%_ODFC.VHD(x) .
The merge operation can be safely interrupted and continued. (e.g. If one
client begins the merge operation and is interrupted or powered off, another
client can safely continue and complete the merge).
Merge operations on an ReFS file system, where the difference disk and the
parent are on the same ReFS volume, are nearly instantaneous regardless the
size of the difference disk.
Merge operations can only be done if there are no open handles to either the
difference disk or the parent VHD(x). Therefore, only the last session can
successfully merge its difference disk.
Session-based VHD(x) files are named ODFC-%username%-SESSION-
<SessionNumber>.VHD(x) where <SessionNumber> is an integer from 0 - 9.

The maximum number of session-based VHD(x) files is 10.

Configuration examples
Article • 12/05/2023

The example configurations outlined in this article are a progression of complexity based
on configuration choices. Each example has an associated configuration focused on
redundancy or disaster recovery. We recommend customers select the simplest
configuration for their environment. Adding unnecessary complexity leads to incorrect
configurations and support cases.

７ Note

Use these examples as a starting point of your FSLogix configuration. The ideas and
concepts in these examples should inform your unique organizational requirements.

EXAMPLE 1: Standard
The Standard configuration example is the simplest configuration in which most customers
should consider.

Prerequisites (Standard)
＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ SMB File Share.
＂ Validated share and NTFS permissions.

Configuration Items (Standard)

ﾉ Expand table

Items Description

Single VHD location The VHDLocations setting contains a single UNC path to an SMB file share.

Single container A single Profile container is created for the user. The ODFC container isn't
configured.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can
connections only be mounted within a single connection.

No custom profile No use of redirections.xml file.

redirections
Registry Settings (Standard)

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType5 REG_SZ VHDX Recommended

1 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

2 Provides and easier way to browse the container directories.

3 Decreases the retry timing to enable a faster fail scenario.

4 Single connections reduce complexity and increase performance.

5 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 2: Standard + High Availability (Cloud

Cache)
The Standard + High Availability configuration enhances the basic Standard example by
incorporating Cloud Cache to ensure regional availability for the profile container. This
configuration is designed to provide robustness and redundancy, allowing the profile
container to be accessible even in the event of failures or outages in a specific region.
Cloud Cache acts as a resiliency and availability layer, periodically writing profile data
upstream to multiple storage providers. By replicating data across unique storage
providers, it ensures that the profile container remains available even if one storage
provider is unavailable. This approach enhances reliability and minimizes downtime for
end-users.

Key Points

Redundant and robust: Allows the profile container to be accessible even in the event
of failures or outages, minimizing downtime for end-users
Resiliency: Cloud Cache acts as an availability layer, periodically writing profile data
upstream to multiple storage providers.
Storage design expertise: Cloud Cache functionality is dependent on the
performance of your storage providers.

Summary

The Standard + High Availability configuration combines the benefits of the Standard setup
with additional measures to maintain availability across regions, making it suitable for
critical applications that require continuous access to profile data.


Figure 1: FSLogix High Availability using Cloud Cache

Prerequisites (Standard + High Availability)

＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Multiple storage providers in the same region or zone-redundant storage.
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Standard + High Availability)

ﾉ Expand table

Items Description

Container The CCDLocations contains at least 2 storage providers of varying kinds. The
redundancy storage providers are in the SAME region as the virtual machines.

Single container A single Profile container is created for the user. The ODFC container isn't
configured.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can only
connections be mounted within a single connection.

No custom profile No use of redirections.xml file.

redirections

Registry Settings (Standard + High Availability)

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB Example

or PROVIDER",connectionString=\\
REG_SZ <storage-account-name-
1>.file.core.windows.net\
<share-
name>;type=smb,name="ANF SMB
PROVIDER",connectionString=\\
<azure-netapp-files-fqdn>\
<volume-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

 Key Name Data Value Description
Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

1 Recommended to save disk space on the local disk and risk of data loss when using pooled desktops.

2 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

3 Provides and easier way to browse the container directories.

4 Prevents users from creating a local cache if at least 1 provider isn't healthy.

5 Decreases the retry timing to enable a faster fail scenario.

6 Single connections reduce complexity and increase performance.

7 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 3: Standard + Disaster Recovery (no

profile recovery)
The Standard + Disaster Recovery is an extension of the basic Standard. In this setup,
duplicate infrastructure exists in another region, but it remains powered down until
needed. Unlike other recovery scenarios, there is no profile recovery in this approach.
Instead, users create new profiles in the alternate location. While this is the least complex
recovery scenario, it comes with a significant drawback: end-user experience and training
become critical components for success.

Key Points
 Duplicate Infrastructure: The disaster recovery region mirrors the primary
infrastructure but remains inactive until required.
No Profile Recovery: Instead of restoring existing profiles, users create new ones in
the alternate location.
Simplicity: This approach minimizes complexity but relies heavily on user familiarity
and training.
End-User Experience: Ensuring a smooth transition and user understanding is crucial.

Summary

The Standard + Disaster Recovery configuration balances simplicity with the need for user
education and adaptation.

Figure 2: No Profile Recovery | FSLogix standard containers (VHDLocations)

Prerequisites (Standard + Disaster Recovery)

＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Duplicate storage and compute infrastructure in another region.
＂ Validated NTFS and share-level permissions (SMB only).

Configuration Items (Standard + Disaster Recovery)

ﾉ Expand table
 Items Description

Single VHD location The VHDLocations setting contains a single UNC path to an SMB file share.

Single container A single Profile container is created for the user. The ODFC container isn't
configured.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can
connections only be mounted within a single connection.

No custom profile No use of redirections.xml file.

redirections

Registry Settings (Standard + Disaster Recovery)

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType5 REG_SZ VHDX Recommended

1 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

2 Provides and easier way to browse the container directories.

3 Decreases the retry timing to enable a faster fail scenario.

4 Single connections reduce complexity and increase performance.

5 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.
EXAMPLE 4: Advanced
The Advanced configuration example builds upon the Standard example by introducing
additional features to enhance flexibility and customization.

Key Points
Multiple VHDLocations or object-specific settings: You can specify multiple locations
for storing user profiles (VHDLocations). Alternatively, you can define object-specific
settings to tailor profile behavior for specific users or groups. This flexibility allows
you to optimize profile management based on your organization’s needs.
Minimal entries in custom profile redirections: Unlike the Standard setup, where the
redirections.xml file isn't used, the Advanced configuration minimizes the number of
redirections.xml entries. Each entry in the redirections.xml configuration adds
complexity and can cause unknown application behaviors. Minimizing these entries
may provide an overall better user experience.

Summary
The Advanced configuration provides granular control over profile storage and redirection,
making it suitable for organizations with diverse requirements.

Prerequisites (Advanced)
＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Multiple SMB File Share(s).
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Advanced)

ﾉ Expand table

Items Description

Multiple VHD The VHDLocations setting contains a single or multiple UNC paths
locations (separated by semi-colon) to SMB file shares.

Object-specific Allows unique settings based on a user or group SID.

settings

Single container A single profile container is created for the user. The ODFC container isn't
configured.
Items Description

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can
connections only be mounted within a single connection.

Minimal XML file contains minimal entries with minor complexity.

redirections.xml

 Tip

Review the Custom profile redirections.xml page for additional information.

The Tutorial: Create and implement redirections.xml page demonstrates how to
implement this feature for Microsoft Teams.

Registry Settings (Advanced)

Multiple VHDLocations

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

RedirXMLSourceFolder REG_SZ \\<server-name>\<share- Example

name>

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account-name- Example

or 1>.file.core.windows.net\
REG_SZ <share-name>;\\<storage-
 Key Name Data Value Description
Type

account-name-
2>.file.core.windows.net\
<share-name>

VolumeType5 REG_SZ VHDX Recommended

Object-Specific VHDLocations

The default VHDLocations is used for any user or group not matched by the object-specific
configuration.

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

RedirXMLSourceFolder REG_SZ \\<server-name>\<share- Example

name>

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType5 REG_SZ VHDX Recommended

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-0-0-00-000000000-

0000000000-000000000-1234\
 ﾉ Expand table

Key Name Data Type Value Description

VHDLocations MULTI_SZ or REG_SZ \\<server-name>\<share-name> Example

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-0-0-00-000000000-

0000000000-000000000-4321\

ﾉ Expand table

Key Name Data Type Value Description

VHDLocations MULTI_SZ or \\<azure-netapp-files-computer- Example

REG_SZ account>.contoso.com\<share-name>

２ Warning

Multiple entries in VHDLocations doesn't provide container resiliency. When multiple

entries exist, a user will try to create or locate their container from the list of locations
in order. The first location which the user has access to or is available will be where the
container is created or attached from. If using multiple entries, users should only have
access to a single location. Consider using the object-specific configuration settings in
lieu of multiple VHDLocations.

1 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

2 Provides and easier way to browse the container directories.

3 Decreases the retry timing to enable a faster fail scenario.

4 Single connections reduce complexity and increase performance.

5 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 5: Advanced + Disaster Recovery

(primary / failover)
The Advanced + Disaster Recovery configuration example adds complexity through a
failover design. This is a common strategy to ensure the availability and reliability of your
infrastructure in case of a disaster or a failure. With Cloud Cache, you can configure your
devices to use two (2) storage providers that store your profile data in different locations.
Cloud Cache synchronizes your profile data to each of the two storage providers
asynchronously, so you always have the latest version of your data. Some of your devices
are in the primary location and the other devices are in the failover location. Cloud Cache
prioritizes the first storage provider (closest to your device), and uses the other storage
provider as a backup. For example, if your primary device is in West US and your failover
device is in East US, you can configure Cloud Cache as follows:

The primary device uses a storage provider in West US as the first option and a
storage provider in East US as the second option.
The failover device uses a storage provider in East US as the first option and a storage
provider in West US as the second option.
If the primary device or the closest storage provider fails, you can switch to the
failover device or the backup storage provider and continue your work without losing
your profile data.

Key Points

Failover design: This design ensures the availability and reliability of your
infrastructure in case of a disaster or a failure.
Profile storage: Cloud Cache enables your to store your profile data in different
locations.
Additional storage cost: Multiple storage locations will increase the overall cost.
Operational excellence: Manual failover process, which may require the approval of
the business stakeholders and process validation.
End-user experience: You may experience some latency or inconsistency in your
profile data due to the asynchronous synchronization to the two storage providers.

Summary

The Advanced + Disaster Recovery configuration shows how a failover design with Cloud
Cache can enhance the reliability and availability of your infrastructure by using two
storage providers in different locations. It also highlights the drawbacks of this approach,
including additional costs, the need for manual failover initiation, and potential latency or
inconsistency in profile data.
 

Figure 3: Cloud Cache (primary / failover) | FSLogix Cloud Cache (CCDLocations)

Prerequisites (Advanced + Disaster Recovery)

＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Two storage providers in at least two regions.
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Advanced + Disaster Recovery)

ﾉ Expand table

Items Description

Container The CCDLocations contains two (2) storage providers1. The primary site is
redundancy configured with the closest storage provider listed first and failover storage
provider provided listed last. The failover site has the reverse configuration. The
closest storage provider first, followed by the primary site storage providers listed
last.

Single A single profile container is created for the user. The ODFC container isn't
container configured.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can only be
connections mounted within a single connection.

No custom No use of redirections.xml file.

profile
 Items Description

redirections

1 The storage providers must be in different regions or locations.

 Tip

Review the Custom profile redirections page for our recommended exclusions.

Registry Settings (Advanced + Disaster Recovery)

Primary site

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB Example

or PRIMARY",connectionString=\\
REG_SZ <storage-account-name-
primary>.file.core.windows.net\
<share-
name>;type=smb,name="FILES SMB
PROVIDER
FAILOVER",connectionString=\\
<storage-account-name-
failover>.file.core.windows.net\
<share-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

 Key Name Data Value Description
Type

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

Failover site

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB Example

or FAILOVER",connectionString=\\
REG_SZ <storage-account-name-
failover>.file.core.windows.net\
<share-
name>;type=smb,name="FILES SMB
PROVIDER
PRIMARY",connectionString=\\
<storage-account-name-
primary>.file.core.windows.net\
<share-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

1 Recommended to save disk space on the local disk and risk of data loss when using pooled desktops.

2 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

3 Provides and easier way to browse the container directories.

4 Prevents users from creating a local cache if at least 1 provider isn't healthy.

5 Decreases the retry timing to enable a faster fail scenario.

6 Single connections reduce complexity and increase performance.

7 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 6: Complex
The Complex configuration example builds upon the Advanced example by introducing
multiple connections. In this setup, user profiles can handle multiple connections, allowing
a single user to have active sessions across different devices simultaneously. Despite the
increased complexity, the goal remains to provide a seamless experience for end-users.
Properly configured multiple connections enhance productivity and flexibility, making this
configuration suitable for organizations with diverse needs and high demands.

７ Note

Azure Virtual Desktop does not support multiple connections within the same Host
Pool.

Summary

The Complex configuration balances sophistication with user-centric design, making it ideal
for large organizations requiring scalability and robust profile management.
 

Figure 4: Complex example with multiple connections | FSLogix standard containers (VHDLocations)

Prerequisites (Complex)
＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Separate pools of virtual machines.
＂ Multiple SMB file share(s) (not for high availability).
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Complex)

ﾉ Expand table

Items Description

Multiple VHD location The VHDLocations setting contains a single or multiple UNC paths
(separated by semi-colon) to SMB file shares.

Object-specific settings Allows unique settings based on a user or group SID.

Single container A single profile container is created for the user. The ODFC container isn't
configured.

Concurrent ProfileType is set to 3. Users can have multiple sign-ins, but only one (1)
connection(s) session allows writes to the base VHD disk.
Items Description

[OPTIONAL] XML file contains various entries with added complexity.

redirections.xml

 Tip

Review the Custom profile redirections.xml page for additional information.

The Tutorial: Create and implement redirections.xml page demonstrates how to
implement this feature for Microsoft Teams.

Registry Settings (Complex)

Multiple VHDLocations

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

RedirXMLSourceFolder REG_SZ \\<server-name>\<share- Example

name>

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account-name- Example

or 1>.file.core.windows.net\
REG_SZ <share-name>;\\<storage-
account-name-
2>.file.core.windows.net\
<share-name>
 Key Name Data Value Description
Type

VolumeType5 REG_SZ VHDX Recommended

Object-Specific VHDLocations
The default VHDLocations is used for any user or group not matched by the object-specific
configuration.

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\

ﾉ Expand table

Key Name Data Value Description

Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply1 DWORD 1 Recommended

FlipFlopProfileDirectoryName2 DWORD 1 Recommended

LockedRetryCount3 DWORD 3 Recommended

LockedRetryInterval3 DWORD 15 Recommended

ProfileType4 DWORD 0 Default

ReAttachIntervalSeconds3 DWORD 15 Recommended

ReAttachRetryCount3 DWORD 3 Recommended

RedirXMLSourceFolder REG_SZ \\<server-name>\<share- Example

name>

SizeInMBs DWORD 30000 Default

VHDLocations MULTI_SZ \\<storage-account- Example

or name>.file.core.windows.net\
REG_SZ <share-name>

VolumeType5 REG_SZ VHDX Recommended

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-0-0-00-000000000-

0000000000-000000000-1234\

ﾉ Expand table
 Key Name Data Type Value Description

VHDLocations MULTI_SZ or REG_SZ \\<server-name>\<share-name> Example

Registry Path: HKLM:\SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-0-0-00-000000000-

0000000000-000000000-4321\

ﾉ Expand table

Key Name Data Type Value Description

VHDLocations MULTI_SZ or \\<azure-netapp-files-computer- Example

REG_SZ account>.contoso.com\<share-name>

２ Warning

Multiple entries in VHDLocations doesn't provide container resiliency. When multiple

entries exist, a user will try to create or locate their container from the list of locations
in order. The first location which the user has access to or is available will be where the
container is created or attached from. If using multiple entries, users should only have
access to a single location. Consider using the object-specific configuration settings in
lieu of multiple VHDLocations.

1 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

2 Provides and easier way to browse the container directories.

3 Decreases the retry timing to enable a faster fail scenario.

4 Single connections reduce complexity and increase performance.

5 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

EXAMPLE 7: Complex + Disaster Recovery (active

/ active)
The Complex + Disaster Recovery configuration builds upon the Advanced + Disaster
Recovery configuration by implementing an active/active design. Instead of load balancing
between the two sites, this configuration relies on users having access to only one location.
In the event of a drill or BCDR, users from a failed region are granted access to virtual
machines in the functioning region.

Key Points
 Failover capability: In the event of a disaster, the surviving regions must have capacity
to support all users.
Profile storage: Cloud Cache enables your to store your profile data in different
locations.
Additional storage cost: Multiple storage locations will increase the overall cost.
Operational excellence: Manual failover process, which may require the approval of
the business stakeholders, process validation and proper user assignments.
End-user experience: You may experience some latency or inconsistency in your
profile data due to the asynchronous synchronization to the two storage providers.

Summary

The Complex + Disaster Recovery configuration with Cloud Cache provides redundancy
and flexibility, but business decisions play a crucial role in initiating failover.

Figure 5: Cloud Cache (active / active) | FSLogix Cloud Cache (CCDLocations)

Prerequisites (Complex + Disaster Recovery)

＂ FSLogix prerequisites including antivirus exclusions
＂ Azure Virtual Desktop or equivalent Virtual Desktop infrastructure.
＂ Separate pools of virtual machines in each location.
＂ Users only have access to a single region at a time.
＂ Validated share and NTFS permissions (SMB only).

Configuration Items (Complex + Disaster Recovery)

 ﾉ Expand table

Items Description

Container The CCDLocations contains two (2) storage providers1. The primary site is
redundancy configured with the closest storage provider listed first and failover storage
provider provided listed last. The failover site has the reverse configuration. The
closest storage provider first, followed by the primary site storage providers
listed last.

Single container A Profile and ODFC container exists or is created for each user.

No concurrent The ProfileType setting is set to 0 or not configured. A user's profile can only be
connections mounted within a single connection.

[OPTIONAL] XML file contains various entries with added complexity.

redirections.xml

 Tip

Review the Custom profile redirections.xml page for additional information.

The Tutorial: Create and implement redirections.xml page demonstrates how to
implement this feature for Microsoft Teams.

Registry Settings (Complex + Disaster Recovery)

Site A (West US)

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB WEST Example

or US",connectionString=\\<storage-
REG_SZ account-name-
primary>.file.core.windows.net\
<share-
name>;type=smb,name="FILES SMB
PROVIDER EAST
US",connectionString=\\<storage-
account-name-
failover>.file.core.windows.net\
<share-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

 Key Name Data Value Description
Type

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

Site B (East US)

ﾉ Expand table

Key Name Data Value Description

Type

CCDLocations MULTI_SZ type=smb,name="FILES SMB EAST Example

or US",connectionString=\\<storage-
REG_SZ account-name-
failover>.file.core.windows.net\
<share-
name>;type=smb,name="FILES SMB
PROVIDER WEST
US",connectionString=\\<storage-
account-name-
primary>.file.core.windows.net\
<share-name>

ClearCacheOnLogoff1 DWORD 1 Recommended

Enabled DWORD 1 REQUIRED

DeleteLocalProfileWhenVHDShouldApply2 DWORD 1 Recommended

FlipFlopProfileDirectoryName3 DWORD 1 Recommended

 Key Name Data Value Description
Type

HealthyProvidersRequiredForRegister4 DWORD 1 Recommended

LockedRetryCount5 DWORD 3 Recommended

LockedRetryInterval5 DWORD 15 Recommended

ProfileType6 DWORD 0 Default

ReAttachIntervalSeconds5 DWORD 15 Recommended

ReAttachRetryCount5 DWORD 3 Recommended

SizeInMBs DWORD 30000 Default

VolumeType7 REG_SZ VHDX Recommended

1 Recommended to save disk space on the local disk and risk of data loss when using pooled desktops.

2 Recommended to ensure user's don't use local profiles and lose data unexpectedly.

3 Provides and easier way to browse the container directories.

4 Prevents users from creating a local cache if at least 1 provider isn't healthy.

5 Decreases the retry timing to enable a faster fail scenario.

6 Single connections reduce complexity and increase performance.

7 VHDX is preferred over VHD due to its supported size and reduced corruption scenarios.

Appendix: Multiple VHDLocations logic diagram

When using multiple values in the VHDLocations setting, it's important to understand how
FSLogix determines the location to use.

２ Warning

Users who have access to multiple locations may create a new profile in another
location if the location for their actual profile is not available.
 

Figure 5: VHDLocations Logic Diagram

Next steps
How to use Group Policy Templates
Redirect and move Windows known
folders to OneDrive
Article • 03/14/2024

This article is for IT admins managing the OneDrive sync app.

There are two primary advantages of moving or redirecting Windows known folders
(Desktop, Documents, Pictures, Screenshots, and Camera Roll) to Microsoft OneDrive for
the users in your domain:

Your users can continue using the folders they're familiar with. They don't have to
change their daily work habits to save files to OneDrive.

Saving files to OneDrive backs up your users' data in the cloud and gives them
access to their files from any device.

For these reasons, we recommend moving (redirecting) known folders to OneDrive if

you're an enterprise or large organization. See all our recommendations for configuring
the sync app. Small or medium businesses may also find this useful, but keep in mind
you'll need some experience configuring policies. For info about the end-user
experience, see Protect your files by saving them to OneDrive .

Prepare to move known folders on existing

devices
We recommend that you upgrade to the latest available build before you deploy.

For information on issues that can prevent folders from being moved, see Fix problems
with folder protection . Known Folder Move doesn't work for users syncing OneDrive
files in SharePoint Server.

） Important

If your organization is large and your users have a lot of files in their known folders,
make sure you roll out the configuration slowly to minimize the network impact of
uploading files. For users who have a lot of files in their known folders, consider
using the policy Limit the sync app upload rate to a percentage of throughput
temporarily to minimize the network impact and then disable the policy once
uploads are complete.
Folders redirected to other organizations
If a user's Documents, Pictures, or Desktop folders are currently redirected to OneDrive
in a different organization, redirecting to your organization’s OneDrive will create new
Documents, Pictures, or Desktop folders and the user will see an empty desktop. The
user has to manually migrate files from the other organization’s OneDrive to OneDrive
in your organization. We recommend that you disable the redirect to the other
organization before redirecting to your organization if possible.

About the Known Folder Move policies

OneDrive policies can be set using Group Policy, Intune Windows 10 Administrative
Templates, or by configuring registry settings. For a full reference of available policies
and their registry settings, see Use OneDrive policies to control sync settings.

The following policies control the Known Folder Move feature:

Prompt users to move Windows known folders to OneDrive

Use this setting to give the users a call to action to move their Windows known
folders.
If users dismiss the prompt, a reminder notification appears in the activity center
until they move all known folders or an error occurs with the move, in which case
the reminder notification will be dismissed.
 ） Important

We recommend deploying the prompt policy for existing devices only, and
limiting the deployment to 5,000 devices a day and not exceeding 20,000
devices a week between macOS and Windows.

Silently move Windows known folders to OneDrive

Use this setting to redirect and move known folders to OneDrive without any user
interaction. Move all the folders or select the desired individual folders. After a
folder is moved, the policy won't affect the folder again, even if the selection for
the folder changes.

You can choose to display a notification to users after their folders have been
redirected.

We also recommend using this setting together with Prompt users to move
Windows known folders to OneDrive.. If moving the known folders silently doesn't
succeed, users are prompted to correct the error and continue.

） Important
 We recommend deploying the silent policy for existing devices and new
devices while limiting the deployment of existing devices to 1,000 devices a
day and not exceeding 4,000 devices a week between macOS and Windows.

Prevent users from turning off Known Folder Move

Use this setting to require users to keep their known folders directed to OneDrive.

７ Note

Users can direct their known folders by opening OneDrive sync app settings,
clicking the Backup tab, and then clicking Manage backup.

Prevent users from moving their Windows known folders to OneDrive

Use this setting to prevent users from moving their known folders to any OneDrive
account.

For info about using the OneDrive policies, see Use Group Policy to control OneDrive
sync app settings.

Transition from the Windows Folder

Redirection Group Policy objects
The OneDrive Known Folder Move Group Policy objects won't work if you previously
used Windows Folder Redirection Group Policy objects to redirect the Documents,
Pictures, or Desktop folders to a location other than OneDrive. The OneDrive Group
Policy objects won't affect the Music and Videos folders, so you can keep them
redirected with the Windows Group Policy objects. Follow these steps to switch to using
the Known Folder Move Group Policy objects.

７ Note

Extending the scope of folders that are synced by One Drive using Windows Folder
Redirection Group Policy is not supported.

If folders have been redirected to OneDrive using Windows Folder Redirection

Group Policy:

1. Disable the Window Folder Redirection Group Policy and make sure to leave
the folder and contents on OneDrive.
 2. Enable Known Folder Move Group Policy. Known folders remain in OneDrive.

If folders have been redirected to a location on a local PC:

1. Disable the Window Folder Redirection Group Policy and make sure to leave
the folder and contents at the redirected location.
2. Enable Known Folder Move Group Policy. Known folders move to OneDrive.

If folders have been redirected to a network file share:

1. Use Migration Manager to copy contents in the network file share location to
a user's OneDrive, making sure that all contents go into the existing
Documents, Pictures, or Desktop folders.

７ Note

If Migration Manager will create the Documents, Pictures, or Desktop

folders, ensure that Preserve file share permissions is not selected when
performing the migration.

2. Disable the Window Folder Redirection Group Policy and make sure to leave
the folder and contents on the network file share.

3. Enable Known Folder Move Group Policy. Known folders move to OneDrive
and will merge with the existing Desktop, Documents, and Pictures folders,
which contain all the file share content that you moved in the first step.

Feedback
Was this page helpful?  Yes  No

Provide product feedback

VHD Disk Compaction
Article • 03/31/2023

VHD Disk Compaction is a process that runs every time a user signs out. The
compaction process is designed to automatically decrease the amount of storage a
user's container, depending on a predefined threshold. During the sign out phase,
FSLogix evaluates the disk to determine if disk compaction should run.

７ Note

VHD Disk Compaction affects Profile and ODFC containers (including Cloud Cache
configurations)

VHD Disk Compaction is Enabled by default. If you want to disable it, see Disable VHD
Disk Compaction.

The compaction process relies on the Optimize Drives service (defragsvc). This service
determines the minimum supported size by querying the MSFT_Partition API, using the
SizeMin parameter from the GetSupportedSize method. This operation takes into account
the location of immovable files (that is, files that can't be moved). For more information,
see GetSupportedSize method of the MSFT_Partition class.

） Important

If the StartupType of the Optimize Drives service (defragsvc) is set to Disabled,

VHD Disk Compaction will fail to query the minimum supported size and the
process will not run. The service StartupType must be set to Manual or
Automatic regardless of whether the service status is Running or Stopped.

You must use dynamically expanding virtual hard disks; fixed size virtual hard
disks cannot be compacted.

Determining when VHD Disk Compaction runs

FSLogix determines whether to run the compaction process each time a user signs out.
If the following criteria are met, VHD Disk Compaction runs:

Size of the container must be greater than 1 GB (size on disk).

 Difference(C) between the consumed size on disk(A) and the queried minimum
size(B). The difference must be greater than or equal to 20% of the consumed size
within the container(A).

The difference is calculated as follows:

A-B=C
If C ≥ (A x 0.2), compaction runs.
If C < (A x 0.2), compaction doesn't run.

Example scenarios
Here are a couple of examples:

Example 1: The consumed size of a container is 6GB. When we call

GetSupportedSize, the resulting minimum size is 2.5GB:
6 - 2.5 = 3.5 GB
20% of 6 GB = 1.2 GB
3.5 GB is greater than 1.2 GB, compaction runs.

Example 2: The consumed size of a container is 12GB. When we call

GetSupportedSize, the resulting minimum size is 10GB:
12 - 10 = 2 GB
20% of 12 GB = 2.4 GB
2 GB is less than 2.4 GB, compaction doesn't run.

Example table:

Container Fixed/Dynamic Configured Consumed Supported Will

Size Size Size Compact?

profile_ <username> .vhdx Dynamic 30 GB 6 GB 2.5 GB Yes

profile_ <username> .vhdx Dynamic 30 GB 12 GB 10 GB No

profile_ <username> .vhdx Fixed 30 GB 30 GB N/A No

User experience
When compaction runs, users see the message Waiting for FSLogix Apps Services for
some time. Depending on the space to recover, the compaction process should take an
average of 20 – 30 seconds. The first compact operation is the longest and is based on
recoverable space and other compute resource factors.
Each subsequent sign out should be quicker as the amount of data to compact should
decrease. VHD Disk Compaction can run for a maximum of 5 minutes. If this maximum is
reached, the operation ends, and the sign out continues. During the next sign out, the
operation will resume from the previous state.

Winlogon events
VHD Disk Compaction operates at user sign out, which is part of the Winlogon process.
The Winlogon process creates a warning event anytime a process causes the sign out
time to exceed 60 seconds. These warnings are normal and expected. The compaction
process could exceed 60 seconds depending on the size of the VHD(x) and the space to
be recovered. The Winlogon threshold is a fixed value and can't be changed.

See Winlogon (sign out) Delay Warnings for a Log Analytics query to show the number
of operations that exceed the 60-second threshold and their durations.

Next steps
Troubleshooting VHD Disk Compaction

Understand VHD Disk Compaction usage and performance

FSLogix Terminology
Article • 05/19/2023

Terms and acronyms used in FSLogix may not always be easy to understand or decipher.
The terminology page helps clarify terms and / or acronyms used within our
documentation and product.

Term Definition Other Names

Back port The process of taking new product changes or bug fixes and
integrating into previous versions. FSLogix doesn't back port any
changes or fixes to previous versions. All changes are only
available in future releases.

BCDR Business continuity and disaster recovery are concepts that aim to DR
ensure a particular service or resource is continually available
during disaster.

BSOD Refers to a Windows fatal error or system crash. The term stands Crash, System
for "blue screen of death" due to the error screen during these Crash
fatal errors was blue and required a full system restart.

Base disk Refers to the backing VHD used when ProfileType = 3 or

VHDAccessMode = 1, 2, or 3 . Differencing disks are merged into
base disks.

CCD Refers to the FSLogix Cloud Cache feature. Cloud Cache

Container The virtual hard disk (VHD / VHDX) file, which contains all the Disk
data for the given type of container.

Differencing Refers to the intermediate VHD used to track changes to the base
disk disk. Differencing disks are merged into base disks.

HA High availability is a concept that aims to ensure a particular

service or resource is available during an unplanned outage.

Healthy Indicates a fully working state of a remote storage provider when

using Cloud Cache.

ODFC A type of container that holds only data and settings for Office
Microsoft 365 products. ODFC data includes, but isn't limited to
Outlook, Teams, OneDrive (Personal or Business), and Sharepoint.

Profile A type of container that holds the data and settings for users
signed into a Windows based system.
Term Definition Other Names

Redirection Redirection is a technical concept where a known location (file Redirect

system or registry) can be pointed to another. The redirection,
either to a local disk (mounted or fixed) or network location, will
operate / act as if the location exists on the local drive. A known
location like, C:\Users\%username% , and all its contents are
pointed to the mounted container. Any data in the container is
saved for use on other sign-ins.

SMB Stands for "Server Message Block." SMB is a network protocol CIFS
used by Windows-based computers that allows systems within
the same network to share files. An SMB file share is written
using \\<server-name>.contoso.com\<share-name> .

Storage The service or resource providing container storage. Includes VHDLocations,

provider legacy physical storage and Azure based storage. Storage CCDLocations
providers are limited by the types of storage FSLogix supports.

UNC Stands for "Universal Naming Convention". UNC is a way to

identify a share location on a server without knowing the exact
storage device it is on. Windows uses the following UNC
format: \\<server-name>.contoso.com\<share-name>

Unhealthy Indicates a non-working (connectivity, permissions, etc.) state of a

remote storage provider when using Cloud Cache.

VHD(x) A virtual hard disk that provides a 'disk-in-a-file' abstraction.

Store FSLogix profile containers on
Azure NetApp Files
Article • 12/04/2024

FSLogix profile containers store a complete user profile in a single container and are
designed to roam profiles in non-persistent remote computing environments like Azure
Virtual Desktop. When you sign in, the container dynamically attaches to the computing
environment using a locally supported virtual hard disk (VHD) and Hyper-V virtual hard
disk (VHDX). These advanced filter-driver technologies allow the user profile to be
immediately available and appear in the system exactly like a local user profile. To learn
more about FSLogix profile containers, see User profile management with FSLogix
profile containers.

You can create FSLogix profile containers using Azure NetApp Files , an easy-to-use
Azure native platform service that helps customers quickly and reliably provision
enterprise-grade SMB volumes for their Azure Virtual Desktop environments. To learn
more about Azure NetApp Files, see What is Azure NetApp Files?.

７ Note

This article doesn't cover best practices for securing access to the Azure NetApp
Files share.

７ Note

If you're looking for comparison material about the different FSLogix Profile
Container storage options on Azure, see Storage options for FSLogix profile
containers.

Considerations
To optimize performance and scalability, the number of concurrent users accessing
FSLogix profile containers stored on a single Azure NetApp Files regular volume
should be limited to 3,000. Having more than 3,000 concurrent users on a single
volume causes significant increased latency on the volume. If your scenario
requires more than 3,000 concurrent users, divide users across multiple regular
volumes or use a large volume. A single large volume can store FSLogix profiles for
 up to 50,000 concurrent users. For more information on large volumes, see
Requirements and considerations for large volumes.
FSLogix profile containers on Azure NetApp Files can only be accessed by users
authenticating from Active Directory Domain Services (AD DS) or Microsoft Entra
Domain Services. Azure NetApp files does not support Entra joined, Entra hybrid
joined devices or Entra and Entra hybrid identities.
To protect your FSLogix profile containers, consider using Azure NetApp Files
snapshots and Azure NetApp Files backup.

Prerequisites
Before you can configure an FSLogix profile container with Azure NetApp Files, you
must have:

An Azure account with contributor or administrator permissions.

Set up your Azure NetApp Files account

To get started, you need to create and set up an Azure NetApp Files account.

1. To create a NetApp account, see Create a NetApp account.

2. You need to create a new capacity pool. See Create a capacity pool for Azure
NetApp Files.

3. You then need to join an Active Directory connection. See Create and manage
Active Directory connections for Azure NetApp Files.

4. Create a new SMB volume. Follow the steps in Create an SMB volume for Azure
NetApp Files.

７ Note

It's recommended that you enable Continuous Availability on the SMB volume
for use with FSLogix profile containers, so select Enable Continuous
Availability. For more information, see Enable Continuous Availability on
existing SMB volumes.

Configure permissions
When configuring the directory and file-level permissions, review the recommended list
of permissions for FSLogix profiles at Configure the storage permissions for profile
containers.

Without proper directory-level permissions in place, a user can delete the user profile or
access the personal information of a different user. It's important to make sure users
have proper permissions to prevent accidental deletion from happening.

Configure FSLogix on your local Windows

device
To configure FSLogix on your local Windows device:

1. Follow the steps in Install FSLogix Applications. If configuring FSLogix in a host

pool, download the file while you're still remoted in the session host VM.

2. To configure your profile container, see Configure profile containers.

７ Note

When adding the VHDLocations registry key, set the data type to Multi-
String and set its data value to the URI for the Azure NetApp Files share.
Be careful when creating the DeleteLocalProfileWhenVHDShouldApply
value. When the FSLogix Profiles system determines a user should have
an FSLogix profile, but a local profile already exists, Profile Container will
permanently delete the local profile. The user will then be signed in with
the new FSLogix profile.

Make sure users can access the Azure NetApp

Files share
1. Sign in to the Azure portal with an administrative account.

2. Open Azure NetApp Files, select your Azure NetApp Files account, and then select
Volumes. Once the Volumes menu opens, select the corresponding volume.

3. Go to the Overview tab and confirm that the FSLogix profile container is using
space.
 4. Open the File Explorer, then navigate to the Mount path. Within this folder, there
should be a profile VHD (or VHDX).

Feedback
Was this page helpful?  Yes  No

Provide product feedback

Store FSLogix profile containers on
Azure Files and Microsoft Entra ID
Article • 10/18/2024

In this article, you'll learn how to create and configure an Azure Files share for Microsoft
Entra Kerberos authentication. This configuration allows you to store FSLogix profiles
that can be accessed by hybrid user identities from Microsoft Entra joined or Microsoft
Entra hybrid joined session hosts without requiring network line-of-sight to domain
controllers. Microsoft Entra Kerberos enables Microsoft Entra ID to issue the necessary
Kerberos tickets to access the file share with the industry-standard SMB protocol.

This feature is supported in the Azure cloud, Azure for US Government, and Azure
operated by 21Vianet.

Prerequisites
Before deploying this solution, verify that your environment meets the requirements to
configure Azure Files with Microsoft Entra Kerberos authentication.

When used for FSLogix profiles in Azure Virtual Desktop, the session hosts don't need to
have network line-of-sight to the domain controller (DC). However, a system with
network line-of-sight to the DC is required to configure the permissions on the Azure
Files share.

Configure your Azure storage account and file

share
To store your FSLogix profiles on an Azure file share:

1. Create an Azure Storage account if you don't already have one.

７ Note

Your Azure Storage account can't authenticate with both Microsoft Entra ID
and a second method like Active Directory Domain Services (AD DS) or
Microsoft Entra Domain Services. You can only use one authentication
method.
 2. Create an Azure Files share under your storage account to store your FSLogix
profiles if you haven't already.

3. Enable Microsoft Entra Kerberos authentication on Azure Files to enable access

from Microsoft Entra joined VMs.

When configuring the directory and file-level permissions, review the

recommended list of permissions for FSLogix profiles at Configure the
storage permissions for profile containers.
Without proper directory-level permissions in place, a user can delete the
user profile or access the personal information of a different user. It's
important to make sure users have proper permissions to prevent accidental
deletion from happening.

Configure your local Windows device

To access Azure file shares from a Microsoft Entra joined VM for FSLogix profiles, you
must configure the local Windows device your FSLogix profiles are being loaded onto.
To configure your device:

1. Enable the Microsoft Entra Kerberos functionality using one of the following
methods.

Configure this Intune Policy CSP and apply it to the session host:
Kerberos/CloudKerberosTicketRetrievalEnabled.

７ Note

Windows multi-session client operating systems don't support Policy CSP as

they only support the settings catalog, so you'll need to use one of the other
methods. Learn more at Using Azure Virtual Desktop multi-session with
Intune.

Enable this Group policy on your device. The path will be one of the
following, depending on the version of Windows you use:

Administrative Templates\System\Kerberos\Allow retrieving the cloud

kerberos ticket during the logon

Administrative Templates\System\Kerberos\Allow retrieving the Azure AD

Kerberos Ticket Granting Ticket during logon

 Create the following registry value on your device: reg add
HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters /v

CloudKerberosTicketRetrievalEnabled /t REG_DWORD /d 1

2. When you use Microsoft Entra ID with a roaming profile solution like FSLogix, the
credential keys in Credential Manager must belong to the profile that's currently
loading. This lets you load your profile on many different VMs instead of being
limited to just one. To enable this setting, create a new registry value by running
the following command:

reg add HKLM\Software\Policies\Microsoft\AzureADAccount /v

LoadCredKeyFromProfile /t REG_DWORD /d 1

７ Note

The session hosts don't need network line-of-sight to the domain controller.

Configure FSLogix on your local Windows device

This section shows you how to configure your local Windows device with FSLogix. You'll
need to follow these instructions every time you configure a device. There are several
options available that ensure the registry keys are set on all session hosts. You can set
these options in an image or configure a group policy.

To configure FSLogix:

1. Update or install FSLogix on your device, if needed.

７ Note

If you're configuring a session host created using the Azure Virtual Desktop
service, FSLogix should already be pre-installed.

2. Follow the instructions in Configure profile container registry settings to create the
Enabled and VHDLocations registry values. Set the value of VHDLocations to \\
<Storage-account-name>.file.core.windows.net\<file-share-name> .

Test your deployment

Once you've installed and configured FSLogix, you can test your deployment by signing
in with a user account that's been assigned to an application group on the host pool.
The user account you sign in with must have permission to use the file share.

If the user has signed in before, they'll have an existing local profile that the service will
use during this session. To avoid creating a local profile, either create a new user
account to use for tests or use the configuration methods described in Tutorial:
Configure profile container to redirect user profiles to enable the
DeleteLocalProfileWhenVHDShouldApply setting.

Finally, verify the profile created in Azure Files after the user has successfully signed in:

1. Open the Azure portal and sign in with an administrative account.

2. From the sidebar, select Storage accounts.

3. Select the storage account you configured for your session host pool.

4. From the sidebar, select File shares.

5. Select the file share you configured to store the profiles.

6. If everything's set up correctly, you should see a directory with a name that's
formatted like this: <user SID>_<username> .

Next steps
To troubleshoot FSLogix, see this troubleshooting guide.

Feedback
Was this page helpful?  Yes  No

Provide product feedback

Store FSLogix profile containers on
Azure Files and Active Directory Domain
Services or Microsoft Entra Domain
Services
Article • 10/18/2024

This article shows you how to set up a FSLogix profile container with Azure Files when
your session host virtual machines (VMs) are joined to an Active Directory Domain
Services (AD DS) domain or Microsoft Entra Domain Services managed domain.

Prerequisites
To configure a profile container, you need the following:

A host pool where the session hosts are joined to an AD DS domain or Microsoft
Entra Domain Services managed domain and users are assigned.
A security group in your domain that contains the users who will use the profile
container. If you're using AD DS, this must be synchronized to Microsoft Entra ID.
Permission on your Azure subscription to create a storage account and add role
assignments.
A domain account to join computers to the domain and open an elevated
PowerShell prompt.
The subscription ID of your Azure subscription where your storage account will be.
A computer joined to your domain for installing and running PowerShell modules
that will join a storage account to your domain. This device needs to be running a
Supported version of Windows. Alternatively, you can use a session host.

） Important

If users have previously signed in to the session hosts you want to use, local
profiles will have been created for them and must be deleted first by an
administrator for their profile to be stored in a profile container.

Set up a storage account for a profile container

To set up a storage account:
 1. Create an Azure Storage account if you don't already have one.

 Tip

Your organization may have requirements to change these defaults:

Whether you should select Premium depends on your IOPS and latency
requirements. For more information, see Container storage options.
On the Advanced tab, Enable storage account key access must be left
enabled.
For more information on the remaining configuration options, see Plan
for an Azure Files deployment.

2. Create an Azure Files share under your storage account to store your FSLogix
profiles if you haven't already.

Join your storage account to Active Directory

To use Active Directory accounts for the share permissions of your file share, you need
to enable AD DS or Microsoft Entra Domain Services as a source. This process joins your
storage account to a domain, representing it as a computer account. Select the relevant
tab below for your scenario and follow the steps.

AD DS

1. Sign in to a computer that is joined to your AD DS domain. Alternatively, sign

in to one of your session hosts.

2. Download and extract the latest version of AzFilesHybrid from the Azure
Files samples GitHub repo. Make a note of the folder you extract the files to.

3. Open an elevated PowerShell prompt and change to the directory where you
extracted the files.

4. Run the following command to add the AzFilesHybrid module to your user's
PowerShell modules directory:

PowerShell

.\CopyToPSPath.ps1
5. Import the AzFilesHybrid module by running the following command:

PowerShell

Import-Module -Name AzFilesHybrid

） Important

This module requires the PowerShell Gallery and Azure PowerShell. You
may be prompted to install these if they are not already installed or they
need updating. If you are prompted for these, install them, then close all
instances of PowerShell. Re-open an elevated PowerShell prompt and
import the AzFilesHybrid module again before continuing.

6. Sign in to Azure by running the command below. You'll need to use an

account that has one of the following role-based access control (RBAC) roles:

Storage account owner

Owner
Contributor

PowerShell

Connect-AzAccount

 Tip

If your Azure account has access to multiple tenants and/or subscriptions,

you will need to select the correct subscription by setting your context.
For more information, see Azure PowerShell context objects

7. Join the storage account to your domain by running the commands below,
replacing the values for $subscriptionId , $resourceGroupName , and
$storageAccountName with your values. You can also add the parameter -

OrganizationalUnitDistinguishedName to specify an Organizational Unit (OU) in

which to place the computer account.

PowerShell

$subscriptionId = "subscription-id"
$resourceGroupName = "resource-group-name"
 $storageAccountName = "storage-account-name"

Join-AzStorageAccount `
-ResourceGroupName $ResourceGroupName `
-StorageAccountName $StorageAccountName `
-DomainAccountType "ComputerAccount"

8. To verify the storage account is joined to your domain, run the commands
below and review the output, replacing the values for $resourceGroupName and
$storageAccountName with your values:

PowerShell

$resourceGroupName = "resource-group-name"
$storageAccountName = "storage-account-name"

(Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name

$storageAccountName).AzureFilesIdentityBasedAuth.DirectoryServiceOp
tions; (Get-AzStorageAccount -ResourceGroupName $resourceGroupName
-Name
$storageAccountName).AzureFilesIdentityBasedAuth.ActiveDirectoryPro
perties

） Important

If your domain enforces password expiration, you must update the password
before it expires to prevent authentication failures when accessing Azure file
shares. For more information, see Update the password of your storage
account identity in AD DS for details.

Assign RBAC role to users

Users needing to store profiles in your file share need permission to access it. To do this,
you need to assign each user the Storage File Data SMB Share Contributor role.

To assign users the role:

1. From the Azure portal, browse to the storage account, then to the file share you
created previously.

2. Select Access control (IAM).

3. Select + Add, then select Add role assignment from the drop-down menu.
 4. Select the role Storage File Data SMB Share Contributor and select Next.

5. On the Members tab, select User, group, or service principal, then select +Select
members. In the search bar, search for and select the security group that contains
the users who will use the profile container.

6. Select Review + assign to complete the assignment.

Set NTFS permissions

Next, you'll need to set NTFS permissions on the folder, which requires you to get the
access key for your Storage account.

To get the Storage account access key:

1. From the Azure portal, search for and select storage account in the search bar.

2. From the list of storage accounts, select the account that you enabled Active
Directory Domain Services or Microsoft Entra Domain Services as the identity
source and assigned the RBAC role for in the previous sections.

3. Under Security + networking, select Access keys, then show and copy the key
from key1.

To set the correct NTFS permissions on the folder:

1. Sign in to a session host that is part of your host pool.

2. Open an elevated PowerShell prompt and run the command below to map the
storage account as a drive on your session host. The mapped drive won't show in
File Explorer, but can be viewed with the net use command. This is so you can set
permissions on the share.

Windows Command Prompt

net use <desired-drive-letter>: \\<storage-account-

name>.file.core.windows.net\<share-name> <storage-account-key>
/user:Azure\<storage-account-name>

Replace <desired-drive-letter> with a drive letter of your choice (for

example, y: ).
Replace both instances of <storage-account-name> with the name of the
storage account you specified earlier.
Replace <share-name> with the name of the share you created earlier.
 Replace <storage-account-key> with the storage account key from Azure.

For example:

Windows Command Prompt

net use y: \\fsprofile.file.core.windows.net\share

HDZQRoFP2BBmoYQ(truncated)== /user:Azure\fsprofile

3. Run the following commands to set permissions on the share that allow your
Azure Virtual Desktop users to create their own profile while blocking access to the
profiles of other users. You should use an Active Directory security group that
contains the users you want to use the profile container. In the commands below,
replace <mounted-drive-letter> with the letter of the drive you used to map the
drive and <DOMAIN\GroupName> with the domain and sAMAccountName of the
Active Directory group that will require access to the share. You can also specify
the user principal name (UPN) of a user.

Windows Command Prompt

icacls <mounted-drive-letter>: /grant "<DOMAIN\GroupName>:(M)"

icacls <mounted-drive-letter>: /grant "Creator Owner:(OI)(CI)(IO)(M)"
icacls <mounted-drive-letter>: /remove "Authenticated Users"
icacls <mounted-drive-letter>: /remove "Builtin\Users"

For example:

Windows Command Prompt

icacls y: /grant "CONTOSO\AVDUsers:(M)"

icacls y: /grant "Creator Owner:(OI)(CI)(IO)(M)"
icacls y: /remove "Authenticated Users"
icacls y: /remove "Builtin\Users"

Configure your local Windows device to use

profile containers
In order to use profile containers, you'll need to make sure FSLogix Apps is installed on
your device. If you're configuring Azure Virtual Desktop, FSLogix Apps is preinstalled in
Windows 10 Enterprise multi-session and Windows 11 Enterprise multi-session
operating systems, but you should still follow the steps below as it might not have the
latest version installed. If you're using a custom image, you can install FSLogix Apps in
your image.

To configure profile containers, we recommend you use Group Policy Preferences to set
registry keys and values at scale across all your session hosts. You can also set these in
your custom image.

To configure your local Windows device:

1. If you need to install or update FSLogix Apps, download the latest version of
FSLogix and install it by running FSLogixAppsSetup.exe , then following the
instructions in the setup wizard. For more details about the installation process,
including customizations and unattended installation, see Download and Install
FSLogix.

2. Open an elevated PowerShell prompt and run the following commands, replacing
\\<storage-account-name>.file.core.windows.net\<share-name> with the UNC path

to your storage account you created earlier. These commands enable the profile
container and configure the location of the share.

PowerShell

$regPath = "HKLM:\SOFTWARE\FSLogix\profiles"
New-ItemProperty -Path $regPath -Name Enabled -PropertyType DWORD -
Value 1 -Force
New-ItemProperty -Path $regPath -Name VHDLocations -PropertyType
MultiString -Value \\<storage-account-name>.file.core.windows.net\
<share-name> -Force

3. Restart your device. You'll need to repeat these steps for any remaining devices.

You have now finished the setting up your profile container. If you're installing the
profile container in your custom image, you'll need to finish creating the custom image.
For more information, follow the steps in Create a custom image in Azure from the
section Take the final snapshot onwards.

Validate profile creation

Once you've installed and configured the profile container, you can test your
deployment by signing in with a user account that's been assigned an application group
or desktop on the host pool.

If the user has signed in before, they'll have an existing local profile that they'll use
during this session. Either delete the local profile first, or create a new user account to
use for tests.

Users can check that the profile container is set up by following the steps below:

1. Sign in to Azure Virtual Desktop as the test user.

2. When the user signs in, the message "Please wait for the FSLogix Apps Services"
should appear as part of the sign-in process, before reaching the desktop.

Administrators can check the profile folder has been created by following the steps
below:

1. Open the Azure portal.

2. Open the storage account you created in previously.

3. Go to Data storage in your storage account, then select File shares.

4. Open your file share and make sure the user profile folder you've created is in
there.

Feedback
Was this page helpful?  Yes  No

Provide product feedback

Install FSLogix Applications
Article • 03/31/2023

This article describes how to download and install FSLogix Apps (Core Product), Rule
Editor, and Java Rule Editor.

７ Note

All FSLogix installations use the same steps regardless if it's a new or upgrade
install.

Prerequisites
＂ Review: FSLogix prerequisites.
＂ Review: Installation FAQ.
＂ Review: Release Notes.

Download FSLogix

７ Note

We recommend customers upgrade to the latest version of FSLogix as quickly as

their deployment process can allow. FSLogix will provide hotfix releases which
address current and potential bugs that impact customer deployments.
Additionally, it is the first requirement when opening any support case.

FSLogix can be downloaded via direct download or through the Microsoft Download
Center.

Direct download
For customers who integrate the download and installation of FSLogix as part of an
automated build routine, the latest version of FSLogix can be obtained here .

Microsoft Download Center

The download center allows customers to search and find previous versions1 of FSLogix.
1 Microsoft download center only provides the last 2 feature and associated hotfix releases.

Install FSLogix Apps (Core Product)

1. Extract the downloaded zip file.

2. Navigate to the directory where the files were extracted.

3. Double-click on Win32 (32-bit) or x64 (64-bit), based on your environment.

4. Double-click on Release.

5. Double-click on FSLogixAppsSetup.exe.

6. Agree to the licensing terms, select Install.

７ Note

You can install to an alternate location, but it isn't recommended.

7. FSLogix Apps installation progress.

 8. Reboot.

Install FSLogix Apps Rule Editor and Java Rule

Editor

７ Note

The RuleEditor and Java RuleEditor are intended for administrator

workstations.
Both the RuleEditor and Java RuleEditor installation dialogs are identical to
the screenshots and are not provided.
You can install to an alternate location, but it isn't recommended.

1. Extract the downloaded zip file.

2. Navigate to the directory where the files were extracted.
3. Double-click on Win32 (32-bit) or x64 (64-bit), based on your environment.
4. Double-click on Release.
5. Double-click on FSLogixAppsRuleEditorSetup.exe or
FSLogixAppsJavaRuleEditorSetup.exe.
6. Agree to the licensing terms, select Install.

Unattended installation options

Each of the FSLogix installers supports unattended and silent installation for automated
use cases. Installation commands and descriptions are described in the following table.

Command Switch Description

/install Default product installation

/repair Repairs a previous product installation

/uninstall Uninstalls a previous product installation

/layout Creates a local copy of the install bundle

/passive Displays minimal UI and No prompts

/quiet Displays No UI and No prompts

/norestart Suppresses any attempts to restart. By default the UI prompts before restart

/log log.txt Logs installation to a specific path and file. Default log is in %TEMP%.

Verify product installation and version

You manually installed FSLogix.
It was installed as part of your golden image.
It was preinstalled as part of the Windows 10 / 11 Azure Marketplace image.

It doesn't matter how FSLogix was installed, verifying the install and version is a valuable
step before configuration.

 Tip

The most recent release can be found on our release notes page.

Installed Apps
1. Sign in to the virtual machine as a local Administrator or an account with
administrative privileges.

2. Right-click the Start icon.

3. Select Installed Apps.

4. Locate Microsoft FSLogix Apps.
Command-line
1. Sign in to the virtual machine as a local Administrator or an account with
administrative privileges.

2. Select Start and Type command prompt directly into the Start Menu.

3. Select Command Prompt from the Start Menu.

 4. Change directory to C:\Program Files\FSLogix\Apps .

5. Type frx version .

Next steps
Configuration options

Configuration examples

Configure profile containers

Using FSLogix Group Policy Template
Files
Article • 08/22/2023

FSLogix provides Group Policy administrative template files in the form of .admx and
language-specific .adml files. These files can be used within the Local Group Policy
Editor and the Group Policy Management Editor. The Local Group Policy Editor is used
to edit Local Group Policy Objects (LGPOs). The Group Policy Management Editor, which
is available from within the Group Policy Management Console (GPMC), can be used to
edit domain-based policy objects.

Prerequisites
＂ Download FSLogix.
＂ Extract the compressed archive.
＂ Explore the extracted contents.

Figure 1: FSLogix package content

Locate the two files (fslogix.admx and fslogix.adml) and copy them to a location based
on a local or central store configuration.

Group Policy template updates in 2210 hotfix 2

(2.9.8612.60056)
Prior to the updates in FSLogix 2210 hotfix 2, the Group Policy template files had some
unique behaviors and it was difficult to find the correct policy name based on our list of
configuration settings for Profiles, ODFC and Cloud Cache.

The following is a list of major changes in the template files:

Simplifying the folder structure of the policy settings.

Renaming the policies to align with the corresponding registry value name.
 Provide better descriptions including the registry path, value name, and value(s).
Removing the additional checkbox for boolean-based policies.
Updated the framework to support Intune Settings Catalog.

Template hierarchy changes

Figure 2: Hierarchy changes in Group Policy

1. Updated the folders, removed references to Office 365 and advanced settings.
2. Policy names match the corresponding registry value name.
3. Explanation text provides more detail.

Template policy changes

Figure 3: Policy changes

1. Boolean type policies no longer require an extra setting using a checkbox.

2. 'Supported on' statement updated to friendly version names.
3. Explanation text provides the registry path, value name, and value(s).

Local Group Policy Editor

Follow these steps to configure FSLogix using the Local Group Policy Editor.

1. Copy the template files based on the table:

ﾉ Expand table

File Type File Location

ADMX language %systemroot%\policyDefinitions

neutral
 File Type File Location

(fslogix.admx)

ADML language %systemroot%\policyDefinitions[MUIculture] (for example, the United

specific States English ADMX language-specific file is stored in
(fslogix.adml) %systemroot%\policyDefinitions\en-us )

2. Run the Local Group Policy Editor tool (GPEDIT.MSC).

3. Browse to Computer Configuration then Administrative Templates then FSLogix.

4. Review and enable desired settings, then save the policy object.

Figure 4: Local Policy settings

７ Note

These settings are applied only on the local machine and will not be applied
to other Virtual Machines.

Group Policy Management Console

Utilizing domain-based GPO(s) allows you to distribute settings to any number of virtual
machines within your Active Directory domain. Domain-based GPO(s) rely on a central
store in the SYSVOL folder on every Domain Controller in the domain.
Domain File Locations
Copy the template files based on the table:

ﾉ Expand table

File Type Domain Controller File Location(s)

ADMX %systemroot%\sysvol\domain\policies\PolicyDefinitions
language
neutral
(fslogix.admx)

ADML %systemroot%\sysvol\domain\policies\PolicyDefinitions[MUIculture] (for

language example, the United States English ADMX language-specific file is stored in
specific %systemroot%\sysvol\domain\policies\PolicyDefinitions\en-us )
(fslogix.adml)

７ Note

The Domain Controller file locations for the table assume you are logged onto one
of the Domain Controllers for your domain.

For more information, see How to create and manage the Central Store for Group Policy
Administrative Templates in Windows.

Group Policy Management Editor

７ Note

You must have the appropriate permissions to be able to perform these actions.

1. Sign into a computer or virtual machine that is part of your Active Directory
domain.

2. If using a Windows client OS, add the Group Policy Management Tools:

Open the Settings app > System > Optional features > Add feature (if on a
version older than Windows 10 22H2, navigate to Settings > Apps > Apps &
features > Optional features > Add feature instead).

Select RSAT: Group Policy Management Tools > Add.

 Wait for Windows to add the feature.

3. Open the Group Policy Management app.

4. Locate your Organizational Unit (OU) where the computer accounts are located,
then from the context menu select Create a GPO in this domain, and Link it
here....

5. Fill in a name for the new GPO and select OK.

6. Right-click on the new created policy and select Edit.

Figure 5: Domain edit of GPO policy

7. Expand Computer configuration > Policies > Administrative Templates > FSLogix
and enable the desired settings for your configuration.

７ Note

Under parent FSLogix folder, there are dedicated sections for Cloud Cache,
Office 365 Container, and Profile Container.

8. For each setting, double-click on it, enable and eventually fill in required values
and select OK to save and exit the dialog:
 Figure 6: Enable GPO setting for FSLogix

9. At next GPO refresh cycle, the virtual machines will receive these new policy
settings, and will apply to the local machine registry configuration.

10. You can connect locally to the machine and execute the following command to
force the policy refresh: GPUPDATE /Target:Computer /force .

） Important

Group Policy settings stored under HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix are

considered preferences and NOT policies. This means that if a Group Policy is
either removed or the setting is changed to Not Configured, the registry setting will
remain on the virtual machine. This primarily affects settings related to Apps,
Logging and Profiles. ODFC settings are located under
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix\ODFC and will correctly reset

themselves under the above circumstances.

Configure SMB Storage Permissions
Article • 03/31/2023

FSLogix works with SMB storage systems to store Profile or ODFC containers. SMB
storage is used in standard configurations where VHDLocations holds the UNC path to
the storage locations. SMB storage providers can also be used in Cloud Cache
configurations where CCDLocations is used instead of VHDLocations.

SMB storage permissions rely on traditional NTFS Access Control Lists (ACL) applied at
file or folder levels to ensure the proper security of the data that is stored. When used
with Azure Files, you must enable an Active Directory (AD) source, then assign share-
level permissions to the resource. There are two ways you can assign share-level
permissions. You can assign them to specific Entra ID users/groups, and you can assign
them to all authenticated identities as a default share-level permission.

Before you begin

Before configuring SMB storage permissions, you must first have the SMB storage
provider created and properly associated with the correct identity authority for your
organization and type of storage provider.

） Important

You must understand the processes required to use Azure Files or Azure NetApp
Files for SMB storage in your environment.

Azure Files
The outline provides the initial concepts necessary when using Azure Files as your SMB
Storage provider. Regardless of the Active Directory configuration selected, it's
recommended to configure the default share-level permission using Storage File Data
SMB Share Contributor, which is assigned to all authenticated identities. To be able to
set the Windows ACL(s), ensure you assign share-level permissions for specific Entra ID
users or groups with the Storage File Data SMB Share Elevated Contributor role and
reviewed Configure directory and file-level permissions over SMB.

1. Create an SMB Azure file share.

Enable AD DS authentication for Azure file shares

Enable Azure Active Directory Domain Services authentication on Azure Files
 Enable Azure Active Directory Kerberos authentication for hybrid identities on
Azure Files

Azure NetApp Files

Azure NetApp Files relies solely on Windows ACL(s).

1. Create a NetApp account.

2. Understand guidelines for Active Directory Domain Services site design and
planning for Azure NetApp Files.
3. Create a capacity pool for Azure NetApp Files.
4. Create an SMB volume for Azure NetApp Files.

Configure Windows ACL(s)

Windows ACL(s) are important to configure correctly so that only the user (CREATOR
OWNER) has access to their profile directory or VHD(x) file. Additionally, you need to
ensure any other administrative groups have 'Full Control' from an operational
perspective. This concept is known as user-based access and is the recommended
configuration.

Any SMB file share has a default set of ACL(s). These examples are the three (3) most
common types of SMB file shares and their default ACL(s).

ﾉ Expand table

 


File Server ACL(s) Azure Files Share ACL(s) Azure NetApp Files ACL(s)

） Important

Applying ACL(s) to Azure File Shares may require one (1) of two (2) methods:

1. Provide a user or group with Storage File Data SMB Share Elevated
Contributor role at the Storage Account or File Share Access Control (IAM).
2. Mount the file share using the Storage Account key.
 Because there are access checks at two levels (the share level and the file/directory
level), applying ACL(s) is restricted. Only users who have the Storage File Data SMB
Share Elevated Contributor role can assign permissions on the file share root or
other files or directories without using the storage account key. All other
file/directory permission assignment requires connecting to the share using the
storage account key first.

Recommended ACL(s)
The table outlines the recommended ACL(s) to be configured.

ﾉ Expand table

Principal Access Applies to Description

CREATOR OWNER Modify Subfolders and Ensures the profile directory created by
(Read / files only the user has the correct permissions only
Write) for that user.

CONTOSO\Domain Full This folder, Replace with your organizations group

Admins Control subfolders and used for administrative purposes.
files

CONTOSO\Domain Modify This folder only Enables authorized users to create their
Users (Read / profile directory. Replace with
Write) organizational users who need access to
create profiles.

Apply Windows ACL(s) using icacls

Use the following Windows command to set up the recommended permissions to all
directories and files under the file share, including the root directory.

７ Note

Remember to replace the placeholder values in the example with your own values.

Console

icacls \\contosoanf-1408.contoso.com\fsl-profiles /inheritance:r

icacls \\contosoanf-1408.contoso.com\fsl-profiles /grant:r "CREATOR OWNER":
(OI)(CI)(IO)(M)
icacls \\contosoanf-1408.contoso.com\fsl-profiles /grant:r "CONTOSO\Domain
Admins":(OI)(CI)(F)
 icacls \\contosoanf-1408.contoso.com\fsl-profiles /grant:r "CONTOSO\Domain
Users":(M)

For more information on how to use icacls to set Windows ACL(s) and on the different
types of supported permissions, see the command-line reference for icacls.

Apply Windows ACL(s) using Windows Explorer

Use Windows File Explorer to apply the recommended permissions to all directories and
files under the file share, including the root directory.

1. Open Windows File Explorer to the root of the file share.

2. Right-click in the open area on the right pane and select Properties.

3. Select the Security tab.

4. Select Advanced.

5. Select Disable inheritance.

７ Note

If prompted, removed inherited permissions instead of copying

6. Select Add.

7. Select 'Select a principal'.

8. Type "CREATOR OWNER" and Select Check Name, then OK.

9. For 'Applies to:', Select 'Subfolders and files only'.

10. For 'Basic permissions:', Select 'Modify'.

11. Select OK.

12. Repeat steps 6 - 11 based on the recommended ACL(s).

13. Select OK and OK again to finish applying the permissions.

Apply Windows ACL(s) using SIDDirSDDL configuration
Alternatively, FSLogix provides a configuration setting that sets the Windows ACL(s) on
the directory during the creation process. The SIDDirSDDL configuration setting accepts
an SDDL string that defines the ACL(s) to apply to the directory upon its creation.

Create your SDDL string

1. Create a 'Test' folder on the SMB file share.
2. Modify the permissions to match your organization.

3. Open a PowerShell Terminal.

4. Type Get-Acl -Path \\contosoanf-1408.contoso.com\fsl-profiles\Test | Select-

Object Sddl .

5. Copy the output to Notepad.

6. Replace O:BAG with O:%sid% (Sets the user's SID as the folder owner).

7. Replace (A;OICIIO;0x1301bf;;;CO) with (A;OICIIO;0x1301bf;;;%sid%) (Gives the

user's SID modify rights to all items).

8. In your FSLogix configuration, apply the SIDDirSDDL setting.

Value Name: SIDDirSDDL

Value Type: REG_SZ
 Value: O:%sid%G:DUD:PAI(A;OICIIO;0x1301bf;;;%sid%)(A;OICI;FA;;;SY)
(A;OICI;FA;;;S-1-5-21-3260294598-3507968424-1365985680-2602)

9. When user's sign-in for the first time, their directory is created with these
permissions.
Protect Azure page blob connection
string
Article • 03/31/2023

Azure page blobs are used in a Cloud Cache configuration for profile or ODFC
containers. Cloud Cache connects to the blob using the HTTPS protocol over REST API.
This connection requires the storage accounts access key formatted into a connection
string. With this connection string, the entire storage account can be accessed.
Knowledge of this information exposes a security risk that must be considered.

FSLogix protects this information by adding it to the virtual machines Credential

Manager store using the frx command-line utility.

Prerequisites
＂ Create an Azure page blob storage account.
＂ Install and import Azure PowerShell modules.
＂ Download and install the latest version of FSLogix.
＂ Review: frx command-line utility reference

Find Azure page blob storage account

connection string
1. Select Start.

2. Type powershell directly into the Start Menu.

3. Select Run as administrator from the Start Menu.

4. Sign in to Azure.

Azure PowerShell

Connect-AzAccount

5. Change to your Azure context to your subscription containing the storage account.

Azure PowerShell

Set-AzContext -Subscription <subscription name or id>

6. Get the connection string for your storage account.

Azure PowerShell

$ResourceGroupName = "<resource-group-name>"
$StorageAccountName = "<storage-account-name>"
$StorageAccount = Get-AzStorageAccount -ResourceGroupName
 $ResourceGroupName -Name $StorageAccountName
$ConnectionString = $StorageAccount.Context.ConnectionString

Add Azure page blob connection string to

Credential Manager
1. Use the same PowerShell session from Find Azure page blob storage account
connection string.

2. Use the frx command add-secure-key to add the connection string to Credential
Manager.

PowerShell

& "C:\Program Files\FSLogix\Apps\frx.exe" add-secure-key -key <custom-

key-name> -value $ConnectionString

3. Use the frx command list-secure-key to validate it was added successfully.

PowerShell

& "C:\Program Files\FSLogix\Apps\frx.exe" list-secure-key

Use the secure key in CCDLocations

Cloud Cache uses the CCDLocations to retrieve the list of storage providers. The string
used to specify the Azure page blob must follow a specific format.

type=azure,name=<optional-name>,connectionString="|fslogix/<key-name>|"

The key stored in Credential Manager must be reference using |fslogix/<key-name>|

where any part of the connection string could be replaced with a secure key created
using the frx command-line utility.

Delete Azure page blob connection string from

Credential Manager
1. Use the same PowerShell session from Find Azure page blob storage account
connection string.

2. Use the frx command del-secure-key to delete the secure key from Credential
Manager.

PowerShell

& "C:\Program Files\FSLogix\Apps\frx.exe" del-secure-key -key <custom-

key-name>

3. Use the frx command list-secure-key to validate it was removed successfully.

PowerShell

& "C:\Program Files\FSLogix\Apps\frx.exe" list-secure-key

Configure object specific container
settings
Article • 12/05/2023

Configuration settings for profile containers and ODFC containers are applied at the
computer or virtual machine level. These system-wide settings can be overridden using
the object specific settings that apply to individual users or groups. Using object specific
settings allows an organization to have a baseline configuration while providing a more
unique or granular setting for a specific user or group.

Setting prioritization:

1. Object specific (user)

2. Object specific (group)
3. System-wide settings (default)

７ Note

Object specific settings can't be configured using Group Policy template files.
Object specific settings don't support Microsoft Entra ID (cloud-only
identities).

Use PowerShell to translate user or group

names to security identifiers (SID)
From any Active Directory (AD) domain joined computer, you can use PowerShell to
translate a given domain and user or group name to the SID value.

1. Sign in to an AD joined computer or virtual machine.

2. Select Start.

3. Type notepad directly into the Start Menu.

4. Select Notepad from the Start Menu.

5. Copy the PowerShell code to Notepad.

PowerShell

$DomainName = "%domainname%"
$Username = "%username%"
$UserObject = New-Object
System.Security.Principal.NTAccount($DomainName,$Username)

$UserObject.Translate([System.Security.Principal.SecurityIdentifier]).V
alue
 6. Replace the values for $DomainName and $Username with your own values.

7. Select Start.

8. Type powershell directly into the Start Menu.

9. Select Windows PowerShell from the Start Menu.

10. Copy the edited syntax into the PowerShell window.

 If there's a warning dialog when pasting into Windows PowerShell, Select
Paste anyway .

11. Press Enter to see the SID for the user or group.

Create an object specific setting for

VHDLocations

７ Note

This is one example for an object specific configuration. Any of the settings for
profiles or ODFC can be created under an object specific configuration.

Using an object specific VHDLocations setting allows specific users or groups to create
and mount their profiles from various SMB file shares.
1. Sign in to the virtual machine as the local Administrator account or an account
that is a member of the local Administrators group.

2. Type registry editor in the Search box.

3. Select Registry Editor from the Start Menu.

4. Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles (profile container)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix\ODFC (ODFC container)

 5. Select Edit -> New -> Key.

6. Type ObjectSpecific and press Enter.

7. Select Edit -> New -> Key again.

8. Type or paste the SID from step 11 in Use PowerShell to translate user or group
names to security identifiers (SID).

9. Select the new Key with the SID value.

10. Create a new REG_SZ Value Name for VHDLocations .

You can verify that the setting is taking effect by examining the log files. Search the log
file for the ObjectSpecific key word and locate the entry showing the configuration was
read successfully.

Example:

Configuration Read (REG_SZ): SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-1-5-21-

0000000000-0000000000-0000000000-1234\VHDLocations. Data: \\<server-name>\<share-

name>
Configure Rule Set per-device licensing
Article • 03/31/2023

Per-device licensing helps administrators manage their Rule Sets to be compliant with
product license agreements.

７ Note

Designed for software products that are licensed on a per-device basis.

With per-device licensing you can:

＂ Set a time-frame during which an assigned license can't be unassigned.

＂ Record a time stamp of when a license was assigned to a device.
＂ Record a time stamp of when a license was unassigned to a device.
＂ Generate a report showing license usage over a specified time.
＂ Warn the administrator when they attempt to unassign a license that hasn't been
assigned for the minimum time.

Prerequisites
Review: FSLogix Prerequisites.
Install: FSLogix Apps and Apps RuleEditor.

Changing Licensing Parameters

The first step in using per-device licensing is to set a minimum number of days for a
license to be assigned. This setting can be changed in the RuleEditor by clicking File
then Change Licensing Parameters and entering a value. This value is stored with the
rule assignment file and is specific to each rule set.

Figure 1: Licensing parameters

The per-device licensing features are effective only after this step is complete.
Editing Rule Assignments for Devices
Per-device licensing is built with a more generic function that allows rules to be created
based on environment variables. Rules can be created based on any environment
variable at sign in. Devices are identified using the environment variable CLIENTNAME that
is set when a user signs in.

７ Note

FSLogix does not create or manage environment variables and relies on other
systems or processes.

Add per-device rule

1. Open FSLogix Apps RuleEditor.

2. Open an existing Rule Set file.

3. Select Add .

Figure 2: Add Environment Variable

4. Select Environment Variable in the rule assignment dialog.

5. Type CLIENTNAME for the variable.

 6. Type The <client-name> in the value box.

Figure 1: Define the Environment Variable

The wildcards, ? and * , may be used in the value field.

Optionally, you can select the From File button and select a text file containing a list of
device names, one item per line. A rule assignment is created for each device name from
the file.

Making the rule assignment sets Applies = No by default, indicates that a license has
been assigned.

７ Note

The logical on/off for a license being assigned is reversed from the logic of the
application rule set. Applies = No indicates the rule doesn't apply to that device,
the software is visible to the user, and a license is assigned.

If you attempt to set the assignment to Applies = Yes or to delete the assignment, and if
it has been set to Applies=No for less than the minimum number of days for license
assignment, then a warning dialog box appears. You can still delete the rule assignment,
but the warning indicates that you may be doing something that violates your license
agreements.

Licensing Reports
A report can be generated to show the historical license assignments by selecting File
then Licensing Report.
FSLogix product support
Article • 08/22/2023

This page covers FSLogix support eligibility, support boundaries, and the three (3)
methods for engaging with Microsoft Support.

Prerequisites
＂ Review: FSLogix feature deprecation

Support eligibility
FSLogix is part of the Microsoft modern lifecycle policy. FSLogix is continuously updated
and requires customers to remain up to date on the latest release to be under support.
Customers who have issues with previous versions of FSLogix are required to upgrade.
FSLogix doesn't provide updates or changes to previous versions (back porting). Issues
discovered through support cases or other means will be addressed in future feature or
hotfix releases.

Support for FSLogix and its products is limited to customers who meet the product
eligibility requirements. Additionally, FSLogix is only supported on the following versions
of Windows and is also subject to the products extended end date of supportability.

Operating system bit architecture

７ Note

32-bit architecture has been deprecated as of August 22, 2023. Please review the
feature deprecation page for additional information.

32-bit
64-bit

Client operating systems

Windows 10
Windows 11
 ） Important

Includes Multi-session SKU(s) found in the Azure Marketplace

Server operating systems

７ Note

Support for Windows Server 2012 R2 has been deprecated as of August 22, 2023.
Please review the feature deprecation page for additional information.

Windows Server 2012 R2

Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server 2025

Support boundaries
If the source of an issue can't be identified in the logs captured by the FSLogix
Support Tool, from a memory dump, or the trace ETL files, then Microsoft support
requires instructions to reproduce the issue from a clean installation of Windows.

In cases where a virtual machine crashes, deadlocks (with or without a BSOD), or

the FSLogix App service crashes, Microsoft support troubleshoots from a memory
dump even if the issue can't be reproduced.

Due to the quantity of environmental variables and the various configurations,

Microsoft support asks that the issue is reproduced from a clean installation of
Windows. This includes all programs and settings configured in Windows, FSLogix,
and third-party applications.

FSLogix tracks emerging issues with third-party products that are suspected to
cause compatibility issues and until the issues can be reproduced, these issues
won't be resolved from product updates.

FSLogix technical support assists with break fix issues and will provide deployment
and configuration advice as 'best effort'.

） Important
 Microsoft Consulting Services or Microsoft Partner assistance should be
considered under these conditions:
Project management
Large-scale deployments
Profile migrations
Complex configurations

Open a support request

These next sections outline the three (3) primary methods in creating a support request.

Azure portal
Customers who use FSLogix in the context of Azure (for example, Azure Virtual Desktop,
Infrastructure as a Service, etc.) can create a support request via the portal under the
Help + Support section.

Create Support Request

When prompted, ensure you've selected the correct items from the drop-down lists:

Issue Type: Technical

Service: Azure Virtual Desktop
Problem Type: FSLogix

Services Hub
Customers who use FSLogix in an on-premises scenario can open their support request
using Services Hub. Depending on your support agreement with Microsoft (for example,
Premier or Unified Support), there are two (2) options:

Unified Support
Services Hub for Unified Support

Microsoft support (Pay-per-incident)

Services Hub for Business
 

Phone support
Global Customer Service phone numbers

Feedback
Was this page helpful?  Yes  No

Provide product feedback

Configure Windows Search database
roaming
Article • 03/31/2023

FSLogix search roaming functionality is no longer necessary in newer versions of

Windows1. Now, the default Windows Search service is able to roam all Windows Search
index data on a per-user basis. FSLogix detects the new per-user Windows Search and
automatically disable any FSLogix functionality. If you're using FSLogix on these
operating systems, you should disable the FSLogix settings that enable search roaming.
You should also enable the Windows Search service on these operating systems to allow
per-user search indexes to be created and stored in the user's container.

1 Windows Server 2019 version 1809 and later, Windows 10 and 11 multi-session

７ Note

There are no override settings to enable the FSLogix search roaming when it's
automatically disabled through Windows version detection.

Prerequisites
To use FSLogix search roaming functionality, you must be using one of the following
versions of Windows:

Windows Server 2012 R2

Windows Server 2016
Windows 10 (prior to 1809)

Configure single user search roaming

７ Note

Applies to Windows 10 (prior to 1809) only.

1. Sign in to the virtual machine as a local Administrator or an account with

administrative privileges.

2. Select Start.
 3. Type registry editor directly into the Start Menu.

4. Select Registry Editor from the Start Menu.

5. Choose one of the following options, but not both.

OPTION 1: Enable Windows per-user catalogs.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Search:

"EnablePerUserCatalog"=dword:00000001

OPTION 2: Enable FSLogix Roam Search capability.

Profile container:
HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles:

"RoamSearch"=dword:00000001

ODFC container:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix\ODFC:

"RoamSearch"=dword:00000001

２ Warning

If both the profile container and ODFC container are configured, the
search database will be placed in the profile container.
Don't configure RoamSearch in both profile and ODFC containers.

Configure single or multi-user search roaming

７ Note

Applies to Windows Server only.

1. Sign in to the virtual machine as a local Administrator or an account with

administrative privileges.

2. Select Start.

3. Type server manager directly into the Start Menu.

4. Select Server Manager from the Start Menu.

 5. Select Manage.

6. Select Add Roles and Features.

7. Select Next from the 'Before you begin' window.

8. Select Next from the 'Select installation type' window.

9. Select Next from the 'Select destination server' window.

10. Select Next from the 'Select server roles' window.

11. From the 'Select features' window, scroll the feature list and Select Windows Search
Service.

12. Select Next, then Install.

If the Windows Search Service is installed after Microsoft 365 applications,

you must repair the Microsoft 365 applications from Add/Remove Programs.

13. Add one of the following setting(s):

Profile container:

HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles:

"RoamSearch"=dword:00000002

HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Apps: "RoamSearch"=dword:00000002

ODFC container:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix\ODFC:
"RoamSearch"=dword:00000002

HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Apps: "RoamSearch"=dword:00000002

２ Warning

If both the profile container and ODFC container are enabled, the search
database will be placed in the profile container.
Don't configure RoamSearch in both profile and ODFC containers.

14. Reboot the virtual machine.

Create Java Rule Sets (deprecated)
Article • 08/22/2023

） Important

Java Rule sets have been deprecated as of August 22, 2023. Please review the
feature deprecation page for additional information.

Java Version Control allows specific websites and URLs to be assigned to a specific
installed version of Java. You can create Rule Sets to configure an application or URL to
use a specific version of Java. Rules are deployed using the same process as the FSLogix
Apps Rule Editor.

Prerequisites
Download and install:
FSLogix Apps (Core Product).
FSLogix Apps Java Rule Editor.
Internet Explorer (IE) 8 and later is supported.
Applications must run in Internet Explorer (IE) 7 or later.
Java 1.6.0_10 or later is supported.
Java 1.4.2 and later is supported for redirection.
Microsoft Edge or Chromium-based browsers aren't supported.

） Important

FSLogix will only support Java Version Control on supported versions of Internet
Explorer (IE).

７ Note

If rules are changed, restart the Internet Explorer instances for the modified to
rules.

Issue: ActiveX blocking feature of IE may cause applets to stop responding when
using Java Version Control. Add the domain containing the applet URL to the
Trusted Sites list in Internet Explorer as a workaround.
Create a new Application Rule Set
1. Open the Java Rule Editor.

Figure 1: Java RuleEditor

2. In the Java Rule Editor, select Edit, then Add.

3. Select Application as the Type.

4. Specify the location of the executable.

Figure 2: Java RuleEditor - New Application

5. Select File, then Save the Java Project File.

 6. Select File, then Generate to generate the Java Rule Files.

7. Two (2) files are created, one (1) Rule Set file (.fxr) and one (1) Assignment file
(.fxa).

8. Deploy the files, see Deploying Rule Sets and Assignment Files.

Create a new URL Rule Set

1. Open the Java Rule Editor.

Figure 3: Java RuleEditor

2. In the Java Rule Editor, select Edit, then Add.

3. Select URL as the Type.

4. Specify the URL (absolute or using wildcards).

Protocol may be http , https , or *. * matches http or https. As an example

*://contoso.com matches http://contoso.com and https://contoso.com .

Sub-Domains may be specified as *. . As an example https://*.contoso.com

matches www.contoso.com , test.contoso.com and contoso.com .
 Path * matches full URL under where * is specified. As an example,
https://contoso.com/* matches the entire domain and

https://contoso.com/app/* matches everything in the path under app.

5. Specify the version of Java to use from the drop-down (for example, 1.6.0_45).

Figure 4: Java RuleEditor - New URL

6. Select File, then Save the Java Project File.

7. Select File, then Generate to generate the Java Rule Files.

8. An XML file is created.

9. Deploy the file, see Deploying Rule Sets and Assignment Files.

７ Note

If the latest version of Java is selected in the Java Version Field, The Java
Version control and associated features are effectively disabled for the given
URL.
The selected Java version must be installed on the client computer or the rule
will not work. Multiple versions of Java can be installed side-by-side. Major
Java versions will not conflict with each other, as each installs to a unique
directory. However, Java versions that are the same major version but
different minor versions install into the same directory by default. You can
simply change the path during the installation to avoid this problem.
In almost all cases the 32-bit versions of Java should be used. Typically only if
there are specific instructions to use 64-bit Java should it be tested before the
32-bit versions.
Application Rule Set Issues
Article • 03/31/2023

） Important

Application Rule Sets require extensive knowledge of applications, file system, and
registry hives. FSLogix attempts to scan or discover an application and its
dependencies. Deep knowledge about where applications are installed and how
they're presented as part of Windows is required.

Application rule set isn't applying

Cause 1: Missing rule (.frx) and assignment (.fxa) files

When you create a rule, two files are created: rule (.frx) and assignment (.fxa) files. After
you're done with the desired settings, you need to copy the rules to every virtual
machine where you want it applied.

Solution 1: Deploy rule sets

７ Note

Rule and assignment files placed in %PROGRAMFILES%\FSLogix\Apps\Rules should be

compiled immediately. If not, check if the FSLogix Apps Service is enabled and
running.

1. Use any method to copy rule and assignment files to the rules directory
( %PROGRAMFILES%\FSLogix\Apps\Rules ).
2. Confirm the folder %PROGRAMFILES%\FSLogix\Apps\CompiledRules contains the
compiled rule (.fxc) and assignment (.fxac) files.

Cause 2: Incorrect assignments

New rule sets have a default assignment. The assignment is for the built-in Everyone
group and is set for Rule Set does not apply to user/group. Unless otherwise specified,
the rule set doesn't apply to any user.
Solution 2: Manage rule set assignments
For more information, see Rule Assignments in the FSLogix Apps RuleEditor and Rule
Sets how-to guide.

Cause 3: Incorrect assignment order

Assignments are evaluated and applied from top to bottom. Consider the following
scenarios:

Scenario 1: The rules only apply to the members of CONTOSO\TestUsers

Figure 1: Assignment order with group on bottom

Scenario 2: The rules apply to Everyone , including CONTOSO\TestUsers .

 Figure 2: Assignment order with group on top

Solution 3: Manage rule set assignments

For more information, see Rule Assignments in the FSLogix Apps RuleEditor and Rule
Sets how-to guide.

Cause 4: Missing or conflicting group memberships

A common cause for when a rule set isn't applying, is due to the user's group
memberships. Users can be members of many groups and understanding that groups
the rule set is applying to and the order they're applied affects the desired result.

Solution 4: Verify and correct group memberships

1. As the signed in user, right-click Start.

2. Select Run, Type cmd and Select OK.

3. From the command prompt window, Type whoami /groups .

4. Verify the group used for the assignment is listed in the output.
 

Figure 3: Command prompt showing whoami /groups output

Troubleshooting issues with AppX, MSIX
or Microsoft store applications
Article • 05/14/2024

Windows inbox applications (AppX) are missing

or do not work correctly
Many of the Windows inbox applications have been converted to AppX packages. AppX
packages have a dependency on the AppReadiness service which works on behalf of the
user to register these types of applications during the sign in process. Since a VDI user's
sign in is technically a new sign in each time, the AppReadiness service doesn't have all
the necessary information to properly setup the inbox applications, especially when
those applications are upgraded between image or feature updates.

Install or upgrade FSLogix to the latest version

How To Guide: Install FSLogix applications

FSLogix 2210 (2.9.8361.52326) and later versions provide new functionality to provide
better compatibility with Windows inbox applications. Inbox applications refer to
applications that are built in and ship preinstalled to Windows. Custom, 3rd party, or
Microsoft store applications are not considered inbox applications.

７ Note

FSLogix doesn't support or guarantee compatibility for custom, 3rd party, or

Microsoft store applications.

Use PowerShell to register AppX applications

1. Sign in to the computer or virtual machine as local Administrator or a user with
administrative rights.

2. Select Start and Type powershell directly into the Start Menu.

3. Select Run as Administrator under Windows PowerShell from the right-side Start
Menu.
 Figure 1: PowerShell run as administrator from Start Menu

4. Copy the PowerShell code and Paste it into the PowerShell window.

Review the list of applications in the $AllUserInboxAppsKey and

$AllUserAppsKey registry locations.

PowerShell

$AllUserInboxAppsKey =
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserS
tore\InboxApplications"
$AllUserApps = Get-ChildItem -Path $AllUserInboxAppsKey
ForEach($Key in $AllUserApps) {
Add-AppxPackage -DisableDevelopmentMode -Register (Get-
ItemProperty -Path $Key.PsPath).Path
}

$AllUserAppsKey =
"HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserS
tore\Applications"
$AllUserApps = Get-ChildItem -Path $AllUserAppsKey
 ForEach($Key in $AllUserApps) {
Add-AppxPackage -DisableDevelopmentMode -Register (Get-
ItemProperty -Path $Key.PsPath).Path
}

If there's a warning dialog when pasting into Windows PowerShell, Select

Paste anyway

Figure 2: PowerShell paste warning

When using or switching to the new Microsoft

Teams, users report the application is missing
or has long load times
New Microsoft Teams is an MSIX application that must be properly installed for all users.
Users who have the ability to switch to new Microsoft Teams could install the application
under their user context and not for all users. MSIX applications installed this way will
not be preserved for the user when signing into different virtual machines and the
applications may appear to be missing. Additionally, FSLogix cleans up the folders which
are not meant for roaming during sign out.

Install new Microsoft Teams for all users or 'system-wide'

Before allowing users to switch their Teams experience, review the Upgrade to new
Teams for Virtualized Desktop Infrastructure (VDI) article.

Install or upgrade to FSLogix 2210 hotfix 4

(2.9.8884.27471)
FSLogix 2210 hotfix 4 (2.9.8884.27471) or later provides special handling for new Teams
in virtual desktops.

７ Note

While registering new Teams by family name, the application is processed

outside the AppxManifest.xml file used by FSLogix and will add additional
time to the user sign-in.
[19:29:03.845][tid:000008d0.00001c64][INFO] Installed MSTeams in 907ms

My application data doesn't roam or is missing

when signing into a new session
MSIX applications store user data in %LocalAppData%\Packages\<package-name>\ . As part
of the 2210 (2.9.8361.52326) release, we introduced the InstallAppXPackages feature.
Based on the UWP Reference API, there are a number of folders in the users profile that
are not designed for roaming. In collaboration with the UWP team, FSLogix discards the
contents of these folders during the user's sign-out.

Non-roamable folders (not backed up)

AppData\Local\Packages\*\AC

AppData\Local\Packages\*\SystemAppData

AppData\Local\Packages\*\LocalCache
AppData\Local\Packages\*\TempState

AppData\Local\Packages\*\AppData

） Important

The contents of these folders are deleted at sign-out regardless of any

redirections.xml configuration.
I have disabled InstallAppXPackages , but some
AppX applications are still installed or available
to the user
The InstallAppXPackages setting is not a global configuration for AppX application
behavior in Windows. This setting ONLY affects how FSLogix attempts to preserve the
user experience for these applications. AppX applications are managed by Windows and
the AppReadiness service. FSLogix doesn't provide complete AppX application
management capability.
Troubleshooting issues with container
attach or detach
Article • 03/31/2023

Storage permissions
Permissions to the storage provider are common issues. Verify the user can has read and
write access to the SMB file share configured in VHDLocations through browsing to the
location and trying to create a folder or file. If the user CAN access the path in
VHDLocations , but can't read or write to the SMB file share then review our how to guide

for configuring storage permissions. If the user can't access the path in VHDLocations ,
then it could a network or DNS related issue.

Container size
In some cases, the user's container has reached the maximum size and without enough
free space, the container fails to attach.

７ Note

Increasing the SizeInMBs value will affect all users with dynamic disks where
configured.

Verify the container size on disk

1. Check the SizeInMBs setting on the virtual machine.
2. Locate the user's container on the SMB file share.
3. Right-click the VHD(x) file and Select Properties.
4. Compare the Size on disk value with the value from SizeInMBs from the
configuration settings.
5. The container must have more than 200 MB to attach successfully.

Increase the container size

FSLogix automatically increase the size of the container when a larger value is used in
the SizeInMBs value. Once the disk as been expanded, you can manually mount the
container during off-hours and investigate what is consuming the most space. Deleting
content from the user's container allows it to compact during sign out (2210
(2.9.8361.52326) or later versions).

２ Warning

Deleting the wrong data from the user's container may lead to data loss or profile
corruption.

3rd Party Firewall or Intrusion Prevention

Systems (IPS)
FSLogix is a file system virtualization product with two (2) Windows services and three
(3) file system drivers. If there are 3rd party firewall or IPS applications installed on the
same virtual machine as FSLogix, disabling those applications and reproducing the issue
confirm if they're causing issues.

FSLogix under most configurations relies on using SMB as the primary protocol for
communicating with storage providers. In a Cloud Cache configuration, FSLogix can use
HTTPS when connecting to Azure page blobs.

Additionally, review our recommended list of exclusions to ensure there are no conflicts.

Network or DNS issues

FSLogix has a critical dependency many resources like network and DNS resolution.
Users may encounter errors attaching their containers when the virtual machine is
unable to communicate or resolve the name of the UNC path.

Test access to the storage provider from a different virtual machine.

Use Test-NetConnection to verify name resolution and protocol access:

1. Select Start and Type powershell directly into the Start Menu.

2. Select Windows PowerShell from the Start Menu.

 Figure 1: PowerShell in Start Menu

3. In the PowerShell window, Type:

Test-NetConnection -ComputerName <server-fully-qualified-domain-name>

-CommonTCPPort SMB

Figure 2: PowerShell Test-NetConnection output

Storage provider space issues

FSLogix relies on remote storage providers to store user containers. It's important to
closely monitor your storage provider(s) for both performance and overall storage
capacity. If the storage provider has reached it max size, users may encounter one or
more issues:

Users can't create new containers and end up with a temporary or local profile.
Current user session becomes hung or unresponsive.
Users fail to mount or correctly detach containers during sign in or sign out.

Solution
Increase the capacity of the remote storage provider.

Container in use or locked in another session

The default configuration of FSLogix prohibits a user from using their container in more
than a single connection. When this situation is paired with the
PreventLogonWithFailure setting, users can't sign in and receive an error from the

FSLogix shell ( frxshell.exe ). FSLogix maintains an exclusive lock on the user's container
while they're connected to a virtual machine and concurrent connections is disabled.
Concurrent access is supported and you should review the concept article, here.

Recommendation

Review: Troubleshooting issues with container locked or in use

Troubleshooting issues with container
corruption or missing data
Article • 03/31/2023

Properly configure Anti-virus products with

excluded files and folders
Anti-virus products are one of the most common occurrences of container corruption. If
an Anti-virus product is scanning or processing data into or out of the container, it can
lead to corruption.

Recommendations
Review: Configure Antivirus file and folder exclusions

Exercise caution when excluding directories

using redirections.xml
It can be tempting to exclude data from a profile or ODFC container in order to
conserve capacity on the remote storage provider. The folders that make up a user's
profile aren't random and should be treated with care. Limiting or exercising restraint
when choosing which folders to exclude from a user's profile prevents unexpected
results from a misconfigured redirections.xml file.

Recommendations
Review: Custom profile redirections.xml
Tutorial: Create and implement redirections.xml
Keep your redirections.xml file simple.
Troubleshooting issues with container
locked or in use
Article • 03/31/2023

Clean up invalid sessions

In some configurations, user sessions are signed out and a process or application
prevents a proper sign out operation. This can leave artifacts on the file system or
registry. During a sign in operation, these artifacts prevent the container from detaching
and new sign ins are blocked. This can also occur if the session is terminated abruptly.

Recommendations
There could be an operational issue in the environment. Prioritize any
environmental or system issues that help solve the root cause versus the symptom.
Setting: Enable CleanupInvalidSessions

Concurrent or multiple connections to a single

container
The default configuration of FSLogix prohibits a user from using their container in more
than a single connection. When this situation is paired with the
PreventLogonWithFailure setting, users can't sign in and receive an error from the

FSLogix shell ( frxshell.exe ). FSLogix maintains an exclusive lock on the user's container
while they're connected to a virtual machine and concurrent connections is disabled.
Concurrent or multiple connections are supported in some configurations.

Recommendation
Review: Concurrent or multiple connections to a single container
Troubleshooting issues with container
size or low disk space
Article • 12/05/2023

Use the VHD disk compaction feature to shrink

the container
In 2210 (2.9.8361.52623) and later versions of FSLogix, VHD disk compaction is enabled
by default. Upgrading to the latest version of FSLogix adds the VHD disk compaction
operation to the sign out process and reduces the storage inside the user's containers.

Recommendation
Review: VHD Disk Compaction

Increase SizeInMBs to larger value

In some cases, the user's container is warning of low disk space or has reached the
maximum size.

７ Note

Increasing the SizeInMBs value will affect all users with dynamic disks where
configured.

Verify the container size on disk

1. Check the SizeInMBs setting on the virtual machine.
2. Locate the user's container on the SMB file share.
3. Right-click the VHD(x) file and Select Properties.
4. Compare the Size on disk value with the value from SizeInMBs from the
configuration settings.

Increase the container size

FSLogix automatically increases the size of the container when a larger value is used in
the SizeInMBs value. Once the disk as been expanded, you can manually mount the
container during off-hours and investigate what is consuming the most space. Deleting
content from the user's container allows it to compact1 during sign out.

1 VHD disk compaction requires version 2210 (2.9.8361.52623) or later.

２ Warning

Deleting the wrong data from the user's container could lead to data loss or profile
corruption.

Delete local profiles on the virtual machine

Implementing FSLogix profile containers on virtual machines with existing local profiles
doesn't automatically remove the local profiles.

Recommendation

Enable the DeleteLocalProfileWhenVHDShouldApply setting.

２ Warning

Before enabling the DeleteLocalProfileWhenVHDShouldApply setting, users with local

profiles must ensure all their data is saved external to their profile to ensure they
don't lose the data when it is deleted.

Using redirections.xml exclusions doesn't

remove existing profile data
Implementing the redirections.xml file to exclude content for existing FSLogix profiles
doesn't remove or delete the exclusion from the user's profile.

Recommendations

Delete the user's profile container.

Create a script to run after sign in or part of the sign in process to delete the
content from the container.
 ７ Note

FSLogix doesn't have tools or features to remove this data from the container.

Ｕ Caution

Deleting a profile or content from a container may lead to unexpected data loss.

Use OneDrive policies to control sync settings

Review: Use OneDrive policies to control sync settings
Review: Use OneDrive Files On-Demand
Troubleshooting issues with FSLogix
services (frxsvc or frxccds)
Article • 03/31/2023

Service crash
Having the frxsvc or frxccds service crash can cause issues for users during sign in and
during their sessions. FSLogix hotfix updates are the primary way we release fixes and
changes that affect issues related to service crashes.

Recommendations

Always upgrade to the latest version of FSLogix and review the release notes.
Open a support request to report the issue and have the crash analyzed.

Properly configure Anti-virus products with

excluded files and folders
Anti-virus products are one of the most common occurrences of container corruption. If
an Anti-virus product is scanning or processing data into or out of the container, it can
lead to corruption.

Recommendations
Review: Configure Antivirus file and folder exclusions
Troubleshooting issues with Group
Policy processing
Article • 03/31/2023

The Group Policy Client service failed the sign-

in. Access is denied
This error and message is a known issue in previous versions of FSLogix.

Solution

Upgrade to the latest version of FSLogix and review the release notes.

Group Policies are not applied to virtual

machines as expected
Group Policy requires the virtual machine has line of sight and can communicate with an
Active Directory (AD) domain controller. There are various reason for a virtual machine
to lose communication with a domain controller. This article doesn't provide the steps to
solve these communications issues. Once communication is restored, the virtual
machine should process the Group Policy settings as expected.

Solution
Resolve communication issues between the virtual machine and the AD domain
controller(s).

Remote Desktop Services settings are not

available in Group Policy Management
Remote Desktop Services policies in Group Policy Management require specific ADMX
and ADML files exist in the central store. The files should exist in the central store to
configure policies for Remote Desktop Services.

C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\TerminalServer.admx
C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\terminalserver-
server.admx

C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\
[MUICulture]\TerminalServer.adml

C:\Windows\SYSVOL\domain\Policies\PolicyDefinitions\

[MUICulture]\terminalserver-server.adml
Troubleshooting issues with hung
sessions
Article • 03/31/2023

Network or DNS issues

FSLogix has a critical dependency many resources like network and DNS resolution. A
user's session can appear hung or unresponsive when the virtual machine is unable to
communicate or resolve the name of the UNC path for their container. If communication
is restored during the user's session, then their session returns to normal operations.

Test access to the storage provider from a different virtual machine.

Use Test-NetConnection to verify name resolution and protocol access:

1. Select Start and Type powershell directly into the Start Menu.

2. Select Windows PowerShell from the Start Menu.

Figure 1: PowerShell in Start Menu

3. In the PowerShell window, Type:
Test-NetConnection -ComputerName <server-fully-qualified-domain-name>

-CommonTCPPort SMB

Figure 1: PowerShell Test-NetConnection output

FSLogix FAQ
FAQ

The FSLogix FAQ provides information related to the installation, configuration,

operation and supportability of FSLogix in virtual desktop infrastructure (VDI).

Installation
Is FSLogix integrated into all Windows operating
systems?
FSLogix isn't a Windows feature and must be installed separately. FSLogix can be found
in the Azure Marketplace for Windows 10 and Windows 11 multi-session images. While
we aim for this version of FSLogix to be 'up-to-date', customers should verify which
version is installed. If necessary, upgrade to the latest version.

Does FSLogix update automatically or use

Windows Update?
No, FSLogix must be updated manually or through your existing image creation process.
Subscribe and follow the FSLogix Blog to keep updated on when new versions are
released.

Does FSLogix provide incremental updates?

No, FSLogix releases are full versions of the product.

Do I need to uninstall FSLogix before installing a

new version?
Depends. If you need to go to a previous version, you should uninstall FSLogix, reboot,
then install the previous version. Updated versions can be installed on top of the older
version and requires a reboot.

What versions of FSLogix are supported?

Microsoft only supports the latest version of FSLogix. See our product support page.
Containers
Does the size of the FSLogix container affect the
sign in performance?
No, container size doesn't affect sign in times or performance. Other factors are much
more important when troubleshooting long sign in times.

What is the behavior when an FSLogix container

reaches or exceeds the `SizeInMBs` value?
Users may start to experience strange behavior with applications or accessing files due
to the lack of storage in the container. Increasing the SizeInMBs setting will
automatically increase the size of the container at the next sign in when using dynamic
disks. To prevent these situations, you should plan for at least 30% free space. Monitor
the event logs or log files for warning events at less than 2 GB and less than 500-MB
free space.

Do I need to use the ODFC container when using

Microsoft 365 applications?
No, The ODFC container is primarily used in VDI solutions where another roaming
profile product is used. Always use a single profile container unless your business or
workload requirements need the separation. Check out the Types of Containers article
for more information.

How do I configure OneDrive with FSLogix?

FSLogix handles all the complexity (filesystem redirection) behind the scenes. When a
user signs in to OneDrive and must choose a location, they should select the default
location ( C:\Users\%username%\ ). FSLogix uses this location and all the data is saved to
the user's container. Review the following OneDrive documentation:

Use the sync app on virtual desktops

Silently configure user accounts
Redirect and move Windows known folders to OneDrive
Use OneDrive policies to control sync settings
Do OneDrive policies monitor the FSLogix VHD
size or the local disk size?
When using FSLogix for profiles or profile and ODFC containers are in use, the OneDrive
disk space policies check the FSLogix VHD rather than the operating system disk.

Figure 1: OneDrive disk space warning policy object

Figure 2: ODFC VHD Properties
Figure 2: OneDrive Warning - Low Disk Space

Can I migrate user profile data from other

roaming profile solutions to an FSLogix
container?
FSLogix doesn't provide a direct migration path from other roaming profile solutions.
Implementing OneDrive with known folder move or similar cloud or network storage
solutions provides users with a location to save their data outside of their profile. For
smaller use cases, our frx command-line utility can help copy local profiles into a new
VHD(x).
Can I convert from a single profile container to a
profile and ODFC container configuration?
Yes. When the ODFC container is created, FSLogix copies the data from the profile
container though the original data isn't removed. The original data must be removed
manually.

Example ODFC log file entries:

Console

[18:09:59.554][tid:00000f94.000040cc][INFO] Mirroring
C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive to \\?
\Volume{7f7bafd1-fb6a-4f15-878d-3c2acf351e2e}\OneDrive\UserMeta
[18:09:59.554][tid:00000f94.000040cc][INFO] CopyFolderToVolume:
Source: C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive
Destination: OneDrive\UserMeta Volume: \\?\Volume{7f7bafd1-fb6a-4f15-878d-
3c2acf351e2e}\
[18:09:59.554][tid:00000f94.000040cc][INFO] Creating mount point:
C:\Windows\TEMP\FrxMount{5512FFFF-42DD-40B9-AE76-76B3CA567E4A} -> \\?
\Volume{7f7bafd1-fb6a-4f15-878d-3c2acf351e2e}\
[18:09:59.554][tid:00000f94.000040cc][INFO] Success creating
mount point. Mirroring files...
[18:09:59.569][tid:00000f94.000040cc][INFO] Copying directory:
Source: C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive
Destination: C:\Windows\TEMP\FrxMount{5512FFFF-42DD-40B9-AE76-
76B3CA567E4A}\OneDrive\UserMeta
[18:09:59.569][tid:00000f94.000040cc][INFO] Copying directory:
C:\Windows\system32\robocopy.exe
"C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive"
"C:\Windows\TEMP\FrxMount{5512FFFF-42DD-40B9-AE76-
76B3CA567E4A}\OneDrive\UserMeta" /MT /R:5 /W:1 /XJD /COPYALL /IT /B
/DCOPY:DAT /MIR
[18:09:59.569][tid:00000f94.000040cc][INFO] CreateProcess
successful
[18:09:59.569][tid:00000f94.000040cc][INFO] Enabling cloud files
pass-through
[18:09:59.569][tid:00000f94.000040cc][INFO] Waiting for process
to end
[18:10:00.460][tid:00000f94.000040cc][INFO] Robocopy exit code: 1
(Success)
[18:10:00.616][tid:00000f94.000040cc][INFO] Success mirroring
files
[18:10:00.616][tid:00000f94.000040cc][INFO] Volume mount point
removed
[18:10:00.616][tid:00000f94.000040cc][INFO] Mirror complete

Microsoft Entra ID
Can I use FSLogix containers with Microsoft
Entra ID and cloud-only identities?
Yes...BUT, it requires understanding of the risks. There are two (2) ways we've identified
how to configure FSLogix for Microsoft Entra ID and cloud-only identities. Check out the
FSLogix profile containers for Microsoft Entra ID cloud only identities blog article.

Can I use FSLogix application rule sets with

Microsoft Entra ID and cloud-only identities?
No. Application rule sets only work with traditional Active Directory SID(s). Hybrid
(sync'd) identities work as long as the virtual machine has line of sight to a Domain
Controller.

Can I use object specific settings with Microsoft

Entra ID cloud-only identities or Microsoft Entra
joined virtual machines and hybrid identities?
No. Object specific settings only work with traditional Active Directory SID(s). Hybrid
(sync'd) identities work as long as the virtual machine is hybrid Entra joined.

Can I use the same Profile container when

switching from hybrid Entra joined to Entra
joined Session Hosts or virtual machines using
hybrid identities?
No. The user's SID changes to their 'cloud-based' SID when signing into a computer that
is Entra joined which prevents the profile from loading correctly.

Redirects or redirections.xml
What are the recommended values for the
redirections.xml file?
FSLogix doesn't provide recommended values for the redirections.xml file. The
redirections.xml file is a powerful tool to help you manage the user's profile AND may
cause problems if not used correctly. We rely on application owners to document what
data can or can't be excluded from users profile container.

For example:

Classic Teams: Classic Teams for Virtualized Desktop Infrastructure

New Teams: Upgrade to new Teams for Virtualized Desktop Infrastructure (VDI)

 Tip

Don't exclude user profile data for applications unless the application owner has
documented the data can be excluded.

I don't see the redirections.xml events in the log

file.
If you don't see any entries in the log file as described in the tutorial, it's most common
to be one of three things:

The RedirXMLSourceFolder contains the full filename path.

The user doesn't have read access to the file share location.
The path to the file share can't be found (network, DNS or bad name).

I've removed the RedirXMLSourceFolder setting,

but the redirections still exist.
The XML file is copied from the location in RedirXMLSourceFolder to %AppData%\FSLogix ,
which is inside the user's container. Removing the setting doesn't remove the file from
the container. To properly remove or stop using the redirections, delete the contents of
the existing XML file. Alternatively, use a script or other process to delete the file from
the user's container.

The include statement isn't working as expected.

The include statement is used to keep sub directories of excluded folders in the user's
profile. The include statement only works if the data or folder exists in the profile
BEFORE creating the include statement. It's common for applications to create these
folders at their initial launch. This can cause problems if the user gets a new profile and
the data doesn't exist until the application is launched.
  Tip

Don't include this type of data in your XML file.

What is the limit of exclude and include

statements for the redirections.xml file?
There isn't a technical limitation. Less is more. Adding redirections for small folders,
doesn't benefit the user's experience. Having numerous exclude or include statements
causes a performance issue because each file system request must be checked against
the list of redirections. These file system operations add up and decrease the virtual
machine's overall performance.

After I implemented redirections.xml, the user's

container stayed the same size or grew larger.
Implementing the redirections.xml file to exclude content for existing FSLogix profiles
doesn't remove or delete the exclusion from the user's profile. You need to delete the
profile container or create a script to run after sign in or part of the sign in process to
delete the content from the container.

VHD disk compaction

Why is VHD disk compaction not running or not
recovering the space I expect?
1. Check the profile or ODFC log files for errors or warnings.
2. If you're NOT using ProfileType = 0 or VHDAccessMode = 0 , then this is an
expected and known issue.
3. Review the concept article for VHD disk compaction.

How do I adjust the disk compaction threshold?

The threshold isn't configurable.

Can the message during sign out be customized?

No, the message during sign out is a built-in Windows process that can't be changed.
What happens if a user disconnects during the
sign out and tries to reconnect?
The disconnected session continues the sign out process, including compaction. If the
compaction process isn't complete by the time the user tries to reconnect, the disk is in
use. The user experience depends on your other configuration settings. Under default
conditions, the user is signed in with a temporary profile.

How does disk compaction work with Cloud

Cache?
During the sign out phase, all content in the disk is brought down from one of the
providers to the local VHD(x) disk. Then the disk is evaluated for compaction. If or when
compaction completes, the local VHD(x) is uploaded to the Cloud Cache provider(s).
This process causes the sign out process to take longer in this type of configuration,
which could lead to a poor user experience.

Cloud Cache
Do I need to use Cloud Cache for high
availability?
No. It can be an acceptable solution to use standard containers (VHDLocations) with a
highly available storage provider. Azure Files provides high availability through zone-
redundant storage (ZRS) and is a recommended storage provider.

Why does it take so long for users to sign out?

Cloud Cache performs lazy asynchronous updates to the remote storage providers
during a users session. These operations aren't real-time and are subject to the latency
and throughput of the network and storage providers. At sign out, Cloud Cache
attempts to merge all the data from the local cache to ALL storage providers listed.
Storage providers which are under performing or have high latency will take longer to
merge. FSLogix holds the users sign out until the operation is complete.

Recommendations
Review your network topology and latency to all configured storage providers
Upgrade your storage provider to a higher performing tier
 Disable VHDCompactDisk
Don't use ProfileType = 3 or VHDAccessMode = 1, 2, or 3
Don't use CcdMaxCacheSizeInMBs

Feedback
Was this page helpful?  Yes  No

Provide product feedback

Troubleshooting issues with long or
failed sign-ins
Article • 03/31/2023

Virtual machine has too many users or is too

small for the workload
Virtual desktop environments allow multiple user sessions per machine, which provides
a good cost benefit ratio. It's important to know the size (vCPU and Memory) and the
OS disk performance characteristics as they're critical factors when deciding how many
simultaneous users are on a single virtual machine. FSLogix does require network and
performance of the virtual machine to operate. If your users are complaining about long
sign ins, reviewing the virtual machines performance is a great place to start.

） Important

Cloud Cache places an even greater performance load on the virtual machine. Size
your virtual machines appropriately, starting with a 2:1 ratio (vCPU to user).

Recommendations

Review and understand the user density and workload placed on your virtual
machines.
Reduce the number of simultaneous sessions per virtual machine.
Increase the virtual machine family or size based on user workloads.

Container size
In some cases, the user's container has reached the maximum size and without enough
free space, the container fails to attach.

７ Note

Increasing the SizeInMBs value will affect all users with dynamic disks where
configured.
Verify the container size on disk
1. Check the SizeInMBs setting on the virtual machine.
2. Locate the user's container on the SMB file share.
3. Right-click the VHD(x) file and Select Properties.
4. Compare the Size on disk value with the value from SizeInMBs from the
configuration settings.
5. The container must have more than 200 MB to attach successfully.

Increase the container size

FSLogix automatically increases the size of the container when a larger value is used in
the SizeInMBs value. Once the disk as been expanded, you can manually mount the
container during off-hours and investigate what is consuming the most space. Deleting
content from the user's container allows it to compact1 during sign out.

1 VHD disk compaction requires version 2210 (2.9.8361.52623) or later.

２ Warning

Deleting the wrong data from the user's container could lead to data loss or profile
corruption.

3rd Party Firewall or Intrusion Prevention

Systems (IPS)
FSLogix is a file system virtualization product with two (2) Windows services and three
(3) file system drivers. If there are 3rd party firewall or IPS applications installed on the
same virtual machine as FSLogix, disabling those applications and reproducing the issue
confirm if they're causing issues.

FSLogix under most configurations relies on using SMB as the primary protocol for
communicating with storage providers. In a Cloud Cache configuration, FSLogix can use
HTTPS when connecting to Azure page blobs.

Additionally, review our recommended list of exclusions to ensure there are no conflicts.

Network or DNS issues

FSLogix has a critical dependency many resources like network and DNS resolution.
Users may encounter errors attaching their containers when the virtual machine is
unable to communicate or resolve the name of the UNC path.

Test access to the storage provider from a different virtual machine.

Use Test-NetConnection to verify name resolution and protocol access:

1. Select Start and Type powershell directly into the Start Menu.

2. Select Windows PowerShell from the Start Menu.

Figure 1: PowerShell in Start Menu

3. In the PowerShell window, Type:

Test-NetConnection -ComputerName <server-fully-qualified-domain-name>

-CommonTCPPort SMB
 

Figure 2: PowerShell Test-NetConnection output

Storage provider space issues

FSLogix relies on remote storage providers to store user containers. It's important to
closely monitor your storage provider(s) for both performance and overall storage
capacity. If the storage provider has reached it max size, users may encounter one or
more issues:

Users can't create new containers and end up with a temporary or local profile.
Current user session becomes hung or unresponsive.
Users fail to mount or correctly detach containers during sign in or sign out.

Solution

Increase the capacity of the remote storage provider.

Configure object specific container
settings
Article • 12/05/2023

Configuration settings for profile containers and ODFC containers are applied at the
computer or virtual machine level. These system-wide settings can be overridden using
the object specific settings that apply to individual users or groups. Using object specific
settings allows an organization to have a baseline configuration while providing a more
unique or granular setting for a specific user or group.

Setting prioritization:

1. Object specific (user)

2. Object specific (group)
3. System-wide settings (default)

７ Note

Object specific settings can't be configured using Group Policy template files.
Object specific settings don't support Microsoft Entra ID (cloud-only
identities).

Use PowerShell to translate user or group

names to security identifiers (SID)
From any Active Directory (AD) domain joined computer, you can use PowerShell to
translate a given domain and user or group name to the SID value.

1. Sign in to an AD joined computer or virtual machine.

2. Select Start.

3. Type notepad directly into the Start Menu.

4. Select Notepad from the Start Menu.

5. Copy the PowerShell code to Notepad.

PowerShell

$DomainName = "%domainname%"
$Username = "%username%"
$UserObject = New-Object
System.Security.Principal.NTAccount($DomainName,$Username)

$UserObject.Translate([System.Security.Principal.SecurityIdentifier]).V
alue
 6. Replace the values for $DomainName and $Username with your own values.

7. Select Start.

8. Type powershell directly into the Start Menu.

9. Select Windows PowerShell from the Start Menu.

10. Copy the edited syntax into the PowerShell window.

 If there's a warning dialog when pasting into Windows PowerShell, Select
Paste anyway .

11. Press Enter to see the SID for the user or group.

Create an object specific setting for

VHDLocations

７ Note

This is one example for an object specific configuration. Any of the settings for
profiles or ODFC can be created under an object specific configuration.

Using an object specific VHDLocations setting allows specific users or groups to create
and mount their profiles from various SMB file shares.
1. Sign in to the virtual machine as the local Administrator account or an account
that is a member of the local Administrators group.

2. Type registry editor in the Search box.

3. Select Registry Editor from the Start Menu.

4. Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles (profile container)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix\ODFC (ODFC container)

 5. Select Edit -> New -> Key.

6. Type ObjectSpecific and press Enter.

7. Select Edit -> New -> Key again.

8. Type or paste the SID from step 11 in Use PowerShell to translate user or group
names to security identifiers (SID).

9. Select the new Key with the SID value.

10. Create a new REG_SZ Value Name for VHDLocations .

You can verify that the setting is taking effect by examining the log files. Search the log
file for the ObjectSpecific key word and locate the entry showing the configuration was
read successfully.

Example:

Configuration Read (REG_SZ): SOFTWARE\FSLogix\Profiles\ObjectSpecific\S-1-5-21-

0000000000-0000000000-0000000000-1234\VHDLocations. Data: \\<server-name>\<share-

name>
Troubleshooting issues with SMB file
share open handles
Article • 03/31/2023

FSLogix doesn't allow concurrent or multiple connections to a user's container in a

default configuration. When a user is abruptly disconnected from their session or the
session didn't sing out correctly, the SMB connection to the user's container may not be
removed correctly.

Azure files open handles

Verify the user has successfully signed out from all sessions configured to use the
user's container.
Use qwinsta from Windows Terminal or Command Prompt.
Use Task Manager, then go to the Users tab.
Review: Orphaned file handles or leases - Azure Files

Windows file share open handles

Verify the user has successfully signed out from all sessions configured to use the
user's container.
Use qwinsta from Windows Terminal or Command Prompt
Use Task Manager, then go to the Users tab.
Open Computer Management on the Windows server.
Expand Shared Folders.
Select Open Files.
Find the open file to the user's container.
Right-click and Close Open File.

Azure NetApp Files open handles

Review: Can I manage SMB Shares, Sessions, and Open Files through Microsoft
Management Console (MMC)?
Troubleshooting issues with old,
temporary, or local profiles
Article • 03/31/2023

In general, the root cause of a user's issue isn't with FSLogix when they experience
issues with old, temporary, or local profiles. In most cases, these issues can be resolved
without the need to create a support request. We've outlined the most common causes
and solutions to these issues.

FSLogix product isn't enabled

After you install FSLogix, none of the features or configuration settings are enabled.
Depending on the configuration, the Profiles and / or ODFC container feature must be
enabled.

Solution
Review the articles that cover how to enable and configure FSLogix profile or ODFC
containers.

Tutorial: Configure profile containers

Tutorial: Configure ODFC containers
How-To: Use Group Policy templates

Incorrect settings in VHDLocations or

CCDLocations
VHDLocations are used with standard containers while CCDLocations are used with
Cloud Cache containers. In either configuration, the values for these settings (registry or
Group Policy) must be populated correctly. Additionally, the virtual machines with
FSLogix installed and enabled, must be able to access the locations.

Solution
1. On the virtual machine, open the registry editor.
2. Find the following key(s) for your configuration:

HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Profiles
 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix\ODFC

3. Validate the value and type for VHDLocations or CCDLocations is present with either
type REG_SZ (preferred) or type REG_MULTI_SZ.
4. The REG_SZ value for VHDLocations with multiple entries, requires semi-colon
delimiting.

７ Note

Access to the locations should be validated by a test user before use in a

production environment.

Users don't have access to the storage provider

(permissions)
Configuring permissions to a storage provider is one of the most common
misconfigured settings for an FSLogix solution. Depending on the storage provider,
there are NTFS access control lists (ACLs), share-level permissions, or Azure role-based
access control (RBAC) permissions. Depending on the configuration, a user might be
prevented from signing into a virtual machine.

Figure 1: Profile failed to attach - access denied

Profile log errors

 Console

[ERROR:00000005] Attach vhd(x) failed, file is locked. Retrying 3 time(s)

at 15 second intervals (Access is denied.)
[ERROR:00000005] Failed to attach VHD. (Access is denied.)
[ERROR:00000005] Failed to attach virtual disk: \\<server-name>\<share-
name>\%username%-%sid%\Profile_%username%.vhdx (Access is denied.)
[ERROR:00000005] LoadProfile failed. Version: 2.9.8440.42104 User:
%username%. SID: %sid%. SessionId: 10. FrxStatus: 31 (Access is denied.)

Solution
Review the article that covers configuring storage permissions.

How-To: Configure SMB Storage Permissions

Profile is in use on another computer

In a default configuration, FSLogix allows single user sessions to the same profile
container and allows temporary profiles. If a user attempts to connect to a different
virtual machine that is configured to use the same profile container and they don't sign
out from the original session, they get a temporary profile. Enabling the
PreventLoginWithTempProfile setting effectively prevents the user from signing into the

virtual machine while their profile container is in use.

Figure 2: Profile failed to attach - profile in use

Profile log errors

Console

[ERROR:000000a7] Operation 'AcquireExclusiveLock' failed. Retrying %x

time(s) at %y second intervals (Unable to lock a region of a file.)
[INFO] Status set to 1: Cannot load user's profile
[INFO] ErrorCode set to 33 - Message: The process cannot access
the file because another process has locked a portion of the file.
[ERROR:00000021] LoadProfile failed. Version: 2.9.8430.30244 User:
%username%. SID: %sid%. SessionId: 2. FrxStatus: 33 (The process cannot
access the file because another process has locked a portion of the file.)

Solution

Each organization needs to evaluate what is the correct course of action for these types
of situations. In some cases, allowing a user to sign in with a temporary profile and
allowing them to work could be better than denying the sign-in attempt. In other
situations, educating the users so they learn to sign out of their sessions before starting
a new connection. The last option is to enable multiple or concurrent connections while
using FSLogix.

Local profile exists

When FSLogix is install on a virtual machine where existing profiles exist, the default
behavior is to honor the local profile instead of creating or looking for an FSLogix
profile. This issue would present itself when a user signs into a virtual machine where
they don't have a local profile and FSLogix is enabled. The user would get an FSLogix
profile and it would appear like a new profile.

Solution
Enabling the DeleteLocalProfileWhenVHDShouldApply setting will, at sign-in, delete the
local profile and create or attach the FSLogix profile container.

２ Warning

It is recommended to use caution and review which local profiles exist before
enabling the DeleteLocalProfileWhenVHDShouldApply setting to limit the exposure of
data loss.
Temp or local profile when
PreventLoginWithFailure or
PreventLoginWithTempProfile is enabled
FSLogix uses frxshell.exe to replace the standard Windows shell.exe when
configured to prevent a user's sign-in when their profile fails to attach or a temporary
Windows profile. User's who use a remote application versus a full desktop experience
won't be blocked from signing in. Remote applications don't call the standard Windows
shell.exe and FSLogix is unable to hook to the direct application during sign-in.

Profile error logs

７ Note

The error could vary based on why the profile failed to load. For example, 'Access
denied'

Console

[09:33:09.168][tid:00000c58.0000140c][INFO] Configuration Read

(DWORD): SOFTWARE\FSLogix\Profiles\PreventLoginWithFailure. Data: 1
[09:33:09.168][tid:00000c58.0000140c][INFO] Configuration Read
(DWORD): SOFTWARE\FSLogix\Profiles\PreventLoginWithTempProfile. Data: 1
...
[09:33:09.543][tid:00000c58.0000140c][ERROR:0000052e] FindFile failed for
path: \\<server-name>\<share-name>\%sid%_%username%\Profile*.VHDX (The user
name or password is incorrect.)
[09:33:09.543][tid:00000c58.0000140c][INFO] Status set to 27:
Cannot find virtual disk at the provided location
[09:33:09.543][tid:00000c58.0000140c][INFO] ErrorCode set to
1326 - Message: The user name or password is incorrect.
...
[09:33:09.543][tid:00000c58.0000140c][ERROR:0000052e] LoadProfile failed.
Version: 2.9.8440.42104 User: %username%. SID: %sid%. SessionId: 2.
FrxStatus: 31 (The user name or password is incorrect.)
[09:33:09.543][tid:00000c58.0000140c][INFO] loadProfile time:
391 milliseconds
...
[09:33:17.215][tid:00000c58.0000140c][INFO] ===== Begin Session:
StartShell
[09:33:17.215][tid:00000c58.0000140c][INFO] User: %sid%
(%username%)
...
[09:33:17.246][tid:00000c58.0000140c][INFO] No FSLogix user
session info found for user %sid%. This is not a profile we should handle
[09:33:17.246][tid:00000c58.0000140c][INFO] Session configuration
 read (DWORD): SOFTWARE\FSLogix\Profiles\Sessions\%sid%\LogonStage =
'5'(Logon_Complete)

Solution
This is a known issue with no current workaround. Under most circumstances, user's
failed to load their profile due to storage permissions. Review our how-to article on
Configuring SMB storage permissions.

Storage provider space issues

FSLogix relies on remote storage providers to store user containers. It's important to
closely monitor your storage provider(s) for both performance and overall storage
capacity. If the storage provider has reached it max size, users may encounter one or
more issues:

Users can't create new containers and end up with a temporary or local profile.
Current user session becomes hung or unresponsive.
Users fail to mount or correctly detach containers during sign in or sign out.

Solution
Increase the capacity of the remote storage provider.
FSLogix FAQ
FAQ

The FSLogix FAQ provides information related to the installation, configuration,

operation and supportability of FSLogix in virtual desktop infrastructure (VDI).

Installation
Is FSLogix integrated into all Windows operating
systems?
FSLogix isn't a Windows feature and must be installed separately. FSLogix can be found
in the Azure Marketplace for Windows 10 and Windows 11 multi-session images. While
we aim for this version of FSLogix to be 'up-to-date', customers should verify which
version is installed. If necessary, upgrade to the latest version.

Does FSLogix update automatically or use

Windows Update?
No, FSLogix must be updated manually or through your existing image creation process.
Subscribe and follow the FSLogix Blog to keep updated on when new versions are
released.

Does FSLogix provide incremental updates?

No, FSLogix releases are full versions of the product.

Do I need to uninstall FSLogix before installing a

new version?
Depends. If you need to go to a previous version, you should uninstall FSLogix, reboot,
then install the previous version. Updated versions can be installed on top of the older
version and requires a reboot.

What versions of FSLogix are supported?

Microsoft only supports the latest version of FSLogix. See our product support page.
Containers
Does the size of the FSLogix container affect the
sign in performance?
No, container size doesn't affect sign in times or performance. Other factors are much
more important when troubleshooting long sign in times.

What is the behavior when an FSLogix container

reaches or exceeds the `SizeInMBs` value?
Users may start to experience strange behavior with applications or accessing files due
to the lack of storage in the container. Increasing the SizeInMBs setting will
automatically increase the size of the container at the next sign in when using dynamic
disks. To prevent these situations, you should plan for at least 30% free space. Monitor
the event logs or log files for warning events at less than 2 GB and less than 500-MB
free space.

Do I need to use the ODFC container when using

Microsoft 365 applications?
No, The ODFC container is primarily used in VDI solutions where another roaming
profile product is used. Always use a single profile container unless your business or
workload requirements need the separation. Check out the Types of Containers article
for more information.

How do I configure OneDrive with FSLogix?

FSLogix handles all the complexity (filesystem redirection) behind the scenes. When a
user signs in to OneDrive and must choose a location, they should select the default
location ( C:\Users\%username%\ ). FSLogix uses this location and all the data is saved to
the user's container. Review the following OneDrive documentation:

Use the sync app on virtual desktops

Silently configure user accounts
Redirect and move Windows known folders to OneDrive
Use OneDrive policies to control sync settings
Do OneDrive policies monitor the FSLogix VHD
size or the local disk size?
When using FSLogix for profiles or profile and ODFC containers are in use, the OneDrive
disk space policies check the FSLogix VHD rather than the operating system disk.

Figure 1: OneDrive disk space warning policy object

Figure 2: ODFC VHD Properties
Figure 2: OneDrive Warning - Low Disk Space

Can I migrate user profile data from other

roaming profile solutions to an FSLogix
container?
FSLogix doesn't provide a direct migration path from other roaming profile solutions.
Implementing OneDrive with known folder move or similar cloud or network storage
solutions provides users with a location to save their data outside of their profile. For
smaller use cases, our frx command-line utility can help copy local profiles into a new
VHD(x).
Can I convert from a single profile container to a
profile and ODFC container configuration?
Yes. When the ODFC container is created, FSLogix copies the data from the profile
container though the original data isn't removed. The original data must be removed
manually.

Example ODFC log file entries:

Console

[18:09:59.554][tid:00000f94.000040cc][INFO] Mirroring
C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive to \\?
\Volume{7f7bafd1-fb6a-4f15-878d-3c2acf351e2e}\OneDrive\UserMeta
[18:09:59.554][tid:00000f94.000040cc][INFO] CopyFolderToVolume:
Source: C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive
Destination: OneDrive\UserMeta Volume: \\?\Volume{7f7bafd1-fb6a-4f15-878d-
3c2acf351e2e}\
[18:09:59.554][tid:00000f94.000040cc][INFO] Creating mount point:
C:\Windows\TEMP\FrxMount{5512FFFF-42DD-40B9-AE76-76B3CA567E4A} -> \\?
\Volume{7f7bafd1-fb6a-4f15-878d-3c2acf351e2e}\
[18:09:59.554][tid:00000f94.000040cc][INFO] Success creating
mount point. Mirroring files...
[18:09:59.569][tid:00000f94.000040cc][INFO] Copying directory:
Source: C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive
Destination: C:\Windows\TEMP\FrxMount{5512FFFF-42DD-40B9-AE76-
76B3CA567E4A}\OneDrive\UserMeta
[18:09:59.569][tid:00000f94.000040cc][INFO] Copying directory:
C:\Windows\system32\robocopy.exe
"C:\Users\%username%.FSL0\AppData\Local\Microsoft\OneDrive"
"C:\Windows\TEMP\FrxMount{5512FFFF-42DD-40B9-AE76-
76B3CA567E4A}\OneDrive\UserMeta" /MT /R:5 /W:1 /XJD /COPYALL /IT /B
/DCOPY:DAT /MIR
[18:09:59.569][tid:00000f94.000040cc][INFO] CreateProcess
successful
[18:09:59.569][tid:00000f94.000040cc][INFO] Enabling cloud files
pass-through
[18:09:59.569][tid:00000f94.000040cc][INFO] Waiting for process
to end
[18:10:00.460][tid:00000f94.000040cc][INFO] Robocopy exit code: 1
(Success)
[18:10:00.616][tid:00000f94.000040cc][INFO] Success mirroring
files
[18:10:00.616][tid:00000f94.000040cc][INFO] Volume mount point
removed
[18:10:00.616][tid:00000f94.000040cc][INFO] Mirror complete

Microsoft Entra ID
Can I use FSLogix containers with Microsoft
Entra ID and cloud-only identities?
Yes...BUT, it requires understanding of the risks. There are two (2) ways we've identified
how to configure FSLogix for Microsoft Entra ID and cloud-only identities. Check out the
FSLogix profile containers for Microsoft Entra ID cloud only identities blog article.

Can I use FSLogix application rule sets with

Microsoft Entra ID and cloud-only identities?
No. Application rule sets only work with traditional Active Directory SID(s). Hybrid
(sync'd) identities work as long as the virtual machine has line of sight to a Domain
Controller.

Can I use object specific settings with Microsoft

Entra ID cloud-only identities or Microsoft Entra
joined virtual machines and hybrid identities?
No. Object specific settings only work with traditional Active Directory SID(s). Hybrid
(sync'd) identities work as long as the virtual machine is hybrid Entra joined.

Can I use the same Profile container when

switching from hybrid Entra joined to Entra
joined Session Hosts or virtual machines using
hybrid identities?
No. The user's SID changes to their 'cloud-based' SID when signing into a computer that
is Entra joined which prevents the profile from loading correctly.

Redirects or redirections.xml
What are the recommended values for the
redirections.xml file?
FSLogix doesn't provide recommended values for the redirections.xml file. The
redirections.xml file is a powerful tool to help you manage the user's profile AND may
cause problems if not used correctly. We rely on application owners to document what
data can or can't be excluded from users profile container.

For example:

Classic Teams: Classic Teams for Virtualized Desktop Infrastructure

New Teams: Upgrade to new Teams for Virtualized Desktop Infrastructure (VDI)

 Tip

Don't exclude user profile data for applications unless the application owner has
documented the data can be excluded.

I don't see the redirections.xml events in the log

file.
If you don't see any entries in the log file as described in the tutorial, it's most common
to be one of three things:

The RedirXMLSourceFolder contains the full filename path.

The user doesn't have read access to the file share location.
The path to the file share can't be found (network, DNS or bad name).

I've removed the RedirXMLSourceFolder setting,

but the redirections still exist.
The XML file is copied from the location in RedirXMLSourceFolder to %AppData%\FSLogix ,
which is inside the user's container. Removing the setting doesn't remove the file from
the container. To properly remove or stop using the redirections, delete the contents of
the existing XML file. Alternatively, use a script or other process to delete the file from
the user's container.

The include statement isn't working as expected.

The include statement is used to keep sub directories of excluded folders in the user's
profile. The include statement only works if the data or folder exists in the profile
BEFORE creating the include statement. It's common for applications to create these
folders at their initial launch. This can cause problems if the user gets a new profile and
the data doesn't exist until the application is launched.
  Tip

Don't include this type of data in your XML file.

What is the limit of exclude and include

statements for the redirections.xml file?
There isn't a technical limitation. Less is more. Adding redirections for small folders,
doesn't benefit the user's experience. Having numerous exclude or include statements
causes a performance issue because each file system request must be checked against
the list of redirections. These file system operations add up and decrease the virtual
machine's overall performance.

After I implemented redirections.xml, the user's

container stayed the same size or grew larger.
Implementing the redirections.xml file to exclude content for existing FSLogix profiles
doesn't remove or delete the exclusion from the user's profile. You need to delete the
profile container or create a script to run after sign in or part of the sign in process to
delete the content from the container.

VHD disk compaction

Why is VHD disk compaction not running or not
recovering the space I expect?
1. Check the profile or ODFC log files for errors or warnings.
2. If you're NOT using ProfileType = 0 or VHDAccessMode = 0 , then this is an
expected and known issue.
3. Review the concept article for VHD disk compaction.

How do I adjust the disk compaction threshold?

The threshold isn't configurable.

Can the message during sign out be customized?

No, the message during sign out is a built-in Windows process that can't be changed.
What happens if a user disconnects during the
sign out and tries to reconnect?
The disconnected session continues the sign out process, including compaction. If the
compaction process isn't complete by the time the user tries to reconnect, the disk is in
use. The user experience depends on your other configuration settings. Under default
conditions, the user is signed in with a temporary profile.

How does disk compaction work with Cloud

Cache?
During the sign out phase, all content in the disk is brought down from one of the
providers to the local VHD(x) disk. Then the disk is evaluated for compaction. If or when
compaction completes, the local VHD(x) is uploaded to the Cloud Cache provider(s).
This process causes the sign out process to take longer in this type of configuration,
which could lead to a poor user experience.

Cloud Cache
Do I need to use Cloud Cache for high
availability?
No. It can be an acceptable solution to use standard containers (VHDLocations) with a
highly available storage provider. Azure Files provides high availability through zone-
redundant storage (ZRS) and is a recommended storage provider.

Why does it take so long for users to sign out?

Cloud Cache performs lazy asynchronous updates to the remote storage providers
during a users session. These operations aren't real-time and are subject to the latency
and throughput of the network and storage providers. At sign out, Cloud Cache
attempts to merge all the data from the local cache to ALL storage providers listed.
Storage providers which are under performing or have high latency will take longer to
merge. FSLogix holds the users sign out until the operation is complete.

Recommendations
Review your network topology and latency to all configured storage providers
Upgrade your storage provider to a higher performing tier
 Disable VHDCompactDisk
Don't use ProfileType = 3 or VHDAccessMode = 1, 2, or 3
Don't use CcdMaxCacheSizeInMBs

Feedback
Was this page helpful?  Yes  No

Provide product feedback

Troubleshooting issues with system
resources
Article • 03/31/2023

Virtual machine size (user density)

In multi-session environment where multiple users can connect to the same virtual
machine, sizing and optimal user density are important factors for a good user
experience.

Recommendations

Reduce the number of concurrent users per virtual machine

Increase the size of the virtual machine
vCPU only
Memory only
vCPU and Memory
If using a Cloud Cache configuration, start with a 2:1 user to vCPU ratio.

Virtual machines shows high CPU usages for

svchost.exe
In some situations, high CPU usage for svchost.exe can be caused by Distributed
Component Object Model (DCOM) permissions. DCOM in Windows allows remote
communication between applications. Resetting the DCOM permission stack allows the
components to reset their correct permissions and may resolve the application
instability and high CPU usage.

Recommendation

２ Warning

Serious problems might occur if you modify the registry incorrectly by using
Registry Editor or by using another method. These problems might require that you
reinstall the operating system. Microsoft cannot guarantee that these problems can
be solved. Modify the registry at your own risk.
Reset DCOM permissions by removing the following entries from the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole:"DefaultAccessPermission"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole:"DefaultLaunchPermission"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole:"MachineAccessRestriction"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole:"MachineLaunchRestriction"
Troubleshooting VHD Disk Compaction
Article • 12/05/2023

） Important

The VHD Disk Compaction feature is available in FSLogix 2210 (2.9.8361.52326) or

later.

Use this article to troubleshoot issues you're having with the VHD Disk Compaction
feature.

Unexpected VHD disk compaction results

Affected version(s): 2210 (2.9.8361.52326) and later (ongoing)

Using ProfileType = 3 or VHDAccessMode = 1,2, or 3 , creates differencing disks. This

affects the VHD disk compaction process because the size of the differencing disk is
used to evaluate the thresholds. Most often these differencing disks are small and never
meet the thresholds.

Resolution
We plan to address this issue in a future release.

ERROR:00000422 The defragsvc is disabled OR

ERROR:00000102 Failed to query minimum
supported size
The VHD Disk Compaction feature relies on the Optimize Drives (defragsvc) and
Microsoft Storage Spaces SMP (smphost) services. If the service StartupType is set to
Disabled, VHD Disk Compaction can't run. The service StartupType must be set to
Manual or Automatic, regardless if the service state is Running or Stopped.

Resolution: Configure service start-up behavior

Use one of these methods for configuring the service startup behavior.
Services tool
1. Select Start, point to Administrative Tools, and then select Services.
2. Right-click Optimize Drives service, and then select Properties.
3. From the General tab, select the drop-down next to Startup Type, and then select
Manual or Automatic.
4. Right-click Microsoft Storage Spaces SMP service, and then select Properties.
5. From the General tab, select the drop-down next to Startup Type, and then select
Manual or Automatic.
6. Select OK, and then close the Services tool.

PowerShell

1. Open PowerShell as an Administrator.

2. Run the following command:

PowerShell

Set-Service defragsvc -StartupType Manual

Set-Service smphost -StartupType Manual

Data collection
The VHD Disk Compaction feature provides information through log files and event
logs.

Log files
The path for the log files is C:\ProgramData\FSLogix\Logs\Profile\Profile-yyyyMMdd.log .
During the sign out phase, the log file has entries toward the end of the sign out
process for the disk compaction events.

 Tip

When reviewing FSLogix logs, press Ctrl+F to search the file, and then type
[ERROR: . This will find any errors including those related to VHD Disk Compaction.

Sample log file entries:

WasCompacted: true
 [14:46:46.854][tid:00001084.0000105c][INFO] Disk size results: WasCompacted:
true, MaxSupportedSize: 31456214528, MinSupportedSize: 1643998720, SizeOnDisk

(Before: 3704442880 - After: 1855410176), Space Saved: 1849032704, Compaction

took: 24687

WasCompacted: false

[18:35:31.300][tid:00000ec4.00000d3c][INFO] Disk size results: WasCompacted:

false, MaxSupportedSize: 15727574528, MinSupportedSize: 2194816512, SizeOnDisk

(Before: 1816133632 - After: 1816133632), Space Saved: 0, Compaction took:

1547 [18:35:31.300][tid:00000ec4.00000d3c][INFO] Disk was not compacted,

Reason: Not enough recoverable space for compaction.

Event Logs
The table lists the events that can be logged for VHD Disk Compaction:

Log name: Microsoft-FSLogix-Apps

ﾉ Expand table

Log Event Message

ID

Operational 57 Disk was compacted: <true-or-false> . Sign out time increased by xx

milliseconds. Disk size reduced by xx MB. (VHDPath: <path-to-vhd> )

Operational 58 Volume optimization failed, Path: <path> , Message: <message> ,

ExtendedMessage <extended-message>

Admin 60 The VHDCompactDisk configuration setting is dependent on the defragsvc

service. The service start type is set to disabled. Make sure the service
start type is set to Manual or Automatic.

Operational 61 This vhd(x) can't be compacted because it has a fixed size. VHD(x) Path:
<path-to-vhd>

Admin 62 Unable to compact the disk, Message: <message> , Path: <path> ,

ExtendedMessage: <extended-message>

Admin 63 Failed during disk compaction, ErrorCode: <error code> , VHD(x) Path:
<path>

Next steps
Understand VHD Disk Compaction usage and performance
FSLogix product support
Article • 08/22/2023

This page covers FSLogix support eligibility, support boundaries, and the three (3)
methods for engaging with Microsoft Support.

Prerequisites
＂ Review: FSLogix feature deprecation

Support eligibility
FSLogix is part of the Microsoft modern lifecycle policy. FSLogix is continuously updated
and requires customers to remain up to date on the latest release to be under support.
Customers who have issues with previous versions of FSLogix are required to upgrade.
FSLogix doesn't provide updates or changes to previous versions (back porting). Issues
discovered through support cases or other means will be addressed in future feature or
hotfix releases.

Support for FSLogix and its products is limited to customers who meet the product
eligibility requirements. Additionally, FSLogix is only supported on the following versions
of Windows and is also subject to the products extended end date of supportability.

Operating system bit architecture

７ Note

32-bit architecture has been deprecated as of August 22, 2023. Please review the
feature deprecation page for additional information.

32-bit
64-bit

Client operating systems

Windows 10
Windows 11
 ） Important

Includes Multi-session SKU(s) found in the Azure Marketplace

Server operating systems

７ Note

Support for Windows Server 2012 R2 has been deprecated as of August 22, 2023.
Please review the feature deprecation page for additional information.

Windows Server 2012 R2

Windows Server 2016
Windows Server 2019
Windows Server 2022
Windows Server 2025

Support boundaries
If the source of an issue can't be identified in the logs captured by the FSLogix
Support Tool, from a memory dump, or the trace ETL files, then Microsoft support
requires instructions to reproduce the issue from a clean installation of Windows.

In cases where a virtual machine crashes, deadlocks (with or without a BSOD), or

the FSLogix App service crashes, Microsoft support troubleshoots from a memory
dump even if the issue can't be reproduced.

Due to the quantity of environmental variables and the various configurations,

Microsoft support asks that the issue is reproduced from a clean installation of
Windows. This includes all programs and settings configured in Windows, FSLogix,
and third-party applications.

FSLogix tracks emerging issues with third-party products that are suspected to
cause compatibility issues and until the issues can be reproduced, these issues
won't be resolved from product updates.

FSLogix technical support assists with break fix issues and will provide deployment
and configuration advice as 'best effort'.

） Important
 Microsoft Consulting Services or Microsoft Partner assistance should be
considered under these conditions:
Project management
Large-scale deployments
Profile migrations
Complex configurations

Open a support request

These next sections outline the three (3) primary methods in creating a support request.

Azure portal
Customers who use FSLogix in the context of Azure (for example, Azure Virtual Desktop,
Infrastructure as a Service, etc.) can create a support request via the portal under the
Help + Support section.

Create Support Request

When prompted, ensure you've selected the correct items from the drop-down lists:

Issue Type: Technical

Service: Azure Virtual Desktop
Problem Type: FSLogix

Services Hub
Customers who use FSLogix in an on-premises scenario can open their support request
using Services Hub. Depending on your support agreement with Microsoft (for example,
Premier or Unified Support), there are two (2) options:

Unified Support
Services Hub for Unified Support

Microsoft support (Pay-per-incident)

Services Hub for Business
 

Phone support
Global Customer Service phone numbers

Feedback
Was this page helpful?  Yes  No

Provide product feedback

FSLogix feature deprecation
Article • 05/14/2024

The lifecycle of functionality, features, and services are governed by shifting policies,
support timelines, informed data analysis, and collaborative decisions by leadership and
engineering teams. Lifecycle information helps customers chart out their long-term
deployment strategies, transition from outdated to new technology, and help improve
business outcomes. Use the following tables to understand the upcoming and past
changes to certain FSLogix features, services, and functionality.

Deprecation vs retirement
Deprecation: Describes the transitional phase during which a software component
is marked as discouraged for future use but is still functional.
Retirement: Describes the permanent removal of a software component from
active use and support.

Upcoming deprecations and retirements

Use the following table to learn about upcoming deprecations and retirements,
including dates and recommendations.

７ Note

Dates and times are United States Pacific Standard Time, and are subject to change.

ﾉ Expand table

Functionality, feature, or service Change Deprecation Retirement

Date Date

Support for 32-bit operating systems Deprecation August 22, 2023 TBD

Support for Windows Server 2012 R2 Deprecation August 22, 2023 TBD

Java Rule Editor and Java Rules Deprecation August 22, 2023 TBD

App Container Rules Deprecation August 22, 2023 TBD

Application Rule Set reporting Deprecation August 22, 2023 TBD

Internet Explorer browser plug-in Deprecation August 22, 2023 TBD

Functionality, feature, or service Change Deprecation Retirement
Date Date

Profiles Configuration Tool Deprecation August 22, 2023 TBD

FRXTray utility Deprecation August 22, 2023 TBD

Cloud Cache CcdMaxCacheSizeInMBs Deprecation August 22, 2023 TBD

(limited cache)

Next steps
FSLogix product support

FSLogix release notes

Known Issues
Article • 10/30/2024

FSLogix can be used in various solutions and environments. Through customer

feedback, ongoing support cases, or direct testing, there are identified issues which
might affect your environments. This article outlines these items as they're discovered.
Some known issues have workarounds, while others require a code change in the
product.

７ Note

Not all known issues will be addressed through product changes as some cases are
dependant on other products or organizations.

LocalCache and TempState folders aren't

properly cleaned up during sign out

７ Note

Does not affect LocalCache for Microsoft Teams

Updated: October 28, 2024

Affected version(s): 2210 hotfix 4 (2.9.8884.27471)
State: In Progress

As stated in the FAQ, FSLogix deletes the contents of specific UWP folders inside the
user's profile container. We discovered that the LocalCache and TempState folders aren't
deleting and may have an adverse affect when roamed between virtual machines.
Currently Microsoft Teams is affected by this issue due to roaming this data from the
following packages:

%LocalAppData%\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyew

y\TempState
%LocalAppData%\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempSt

ate (Windows 11)

%LocalAppData%\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempStat

e (Windows 10)
Other applications or packages may also be affected and should be considered when
troubleshooting issues.

Workaround
Create or update the redirections.xml to exclude the TempState folder.

XML

<Exclude Copy="0">AppData\Local\Packages\**<insert-package-name-
here>**\TempState</Exclude>

Resolution
We plan to address this issue in a future release.

New Microsoft Teams for virtual desktops on

Windows Server 2019
Updated: May 14, 2024
Affected version(s): 2210 hotfix 3 (2.9.8784.63912) and older
State: Fixed

Users connecting to virtual desktops running on Windows Server 2019 are unable to
launch or use new Microsoft Teams. Reviewing the application event log will display one
or more errors.

1. Failure to instantiate storage folder

C:\Users\%username%\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache

for package MSTeams_8wekyb3d8bbwe with Error Code: -2147024809

2. New Teams application crash:

Console

Faulting application name: ms-teams.exe, version: %msteams_version%,

time stamp: 0x65719f33
Faulting module name: ucrtbase.dll, version: %dll_version%, time stamp:
0x48ac8393
Exception code: 0xc0000409
Fault offset: 0x000000000006e77e
Faulting process id: 0x1fc4
Faulting application start time: 0x01da4d71abbfd06e
 Faulting application path: C:\Program
Files\WindowsApps\MSTeams_%msteams_version%_x64__8wekyb3d8bbwe\ms-
teams.exe
Faulting module path: C:\Windows\System32\ucrtbase.dll
Report Id: d0463b2e-8cc4-4bc6-96d9-f20c719fccd2
Faulting package full name:
MSTeams_%msteams_version%_x64__8wekyb3d8bbwe
Faulting package-relative application ID: MSTeams

Resolution
Install the latest FSLogix version.

Enabled by default policies in the ADMX

template can't be disabled using Group Policy
Updated: February 13, 2024
Affected version(s): 2210 hotfix 2 (2.9.8612.60056) and later
State: In Progress

FSLogix has several settings which are Enabled by default. When the ADMX templates
were updated in the last feature release, a checkbox was removed from all of these
settings to leverage the default Enabled and Disabled boolean from the policy. When
Disabled is selected from the Group Policy template, the setting is removed instead of

setting the registry value to 0 (Disabled) .

List of impacted settings:

Apps
RoamRecycleBin
VHDCompactDisk
Profiles
CleanOutNotifications
InstallAppxPackages
IsDynamic
OutlookCachedMode
ODFC
IncludeOfficeActivation
IncludeOneDrive
IncludeOutlook
IncludeOutlookPersonalization
IncludeSharepoint
 IncludeSkype
IsDynamic
OutlookCachedMode

Workaround
Use a manual configuration option.

Resolution
We plan to address this issue in a future release or we might release an updated ADMX
template out of band of our normal product release.

Unexpected VHD disk compaction results

Updated: March 31, 2023
Affected version(s): 2210 (2.9.8361.52326) and later
State: In Progress

Using ProfileType = 3 or VHDAccessMode = 1,2, or 3 , differencing disks are used. This

affects the VHD disk compaction process because the size of the differencing disk is
used to evaluate the thresholds. Most often these differencing disks are small and never
meet the thresholds.

Resolution
We plan to address this issue in a future release.

Microsoft Entra ID Authentication for

applications
Updated: May 14, 2023
Affected version(s): 2210 (2.9.8361.52326)
State: Fixed

Users might be required to authenticate to their applications (for example, Microsoft

365 apps, Teams (work or school), OneDrive, etc.) at every sign-in. The repeated
authentication prompts are due to the virtual machines Microsoft Entra join device state.
We recommend virtual machines are Microsoft Entra joined or Hybrid Microsoft Entra
joined for the best user experience.
Virtual machines, which are Microsoft Entra joined or Hybrid Microsoft Entra joined
create the user's primary refresh token (PRT) at sign-in. Primary refresh tokens created at
sign-in are used to authenticate to Microsoft Entra ID based applications. Standard
Domain Joined (DJ) virtual machines don't create a PRT at sign-in, instead rely on the
Microsoft Entra ID plugin.

Microsoft Entra ID broker directories and apps

Starting in FSLogix 2210 (2.9.8361.52326) and later versions, all content stored in
following locations is no longer roamed as part of the user profile.

%USERPROFILE%\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
%USERPROFILE%\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5

n1h2txyewy
%USERPROFILE%\AppData\Local\Microsoft\TokenBroker

Resolution
Install the latest FSLogix version. Configure RoamIdentity by setting the registry value to
1 or enabling via Group Policy.

Black screen at sign-in or sihost.exe application

hanging
Updated: March 2, 2023
Affected version(s): 2210 (2.9.8361.52326)
State: Fixed

With the RoamRecycleBin setting enabled (enabled by default) and during the sign-in
process, some users might experience a black screen instead of displaying the desktop.
The black screen occurs when we configure the initial virtualization of the recycle bin.
During the sign-in process, the recycle bin isn't empty on the virtual machine and our
process attempts to empty it for all users.

Resolution
Install the latest FSLogix version.
Service Crash: User receives default or
temporary profile (profile fails to load)
Updated: March 2, 2023
Affected version(s): 2210 (2.9.8361.52326)
Status: Fixed

With the InstallAppxPackages setting enabled (enabled by default) and during the sign-
in process, some users might receive a default or temporary profile as a result of the
user's profile container failing to attach. The container failure occurs as a result of the
frxsvc.exe crashing during sign-in.

２ Warning

Does not cover all scenarios where a user's profile fails to load.

Resolution
Install the latest FSLogix version.

ODFC disk compaction fails with RoamSearch

enabled
Updated: March 2, 2023
Affected version(s): 2210 (2.9.8361.52326)
Status: Fixed

In some cases where RoamSearch and VHDCompactDisk1 are enabled, disk compaction
fails with the following error:

"[ERROR:00000000] Exception thrown during getSupportedSize, exception:

D:\a\_work\1\s\packages\Microsoft.Windows.Wil.Internal.0.2.103\inc\wil\opensource\w

il\result_macros.h(6159 )\frxsvc.exe!00007FF63B53EC53: (caller: 00007FF63B53FB0D)

Exception(2) tid(39c) 800401F0 CoInitialize has not been called."

The result is the frxsvc.exe service crashes and the operation fails to succeed.

1 VHDCompactDisk is enabled by default.

Resolution
Install the latest FSLogix version.

Feedback
Was this page helpful?  Yes  No

Provide product feedback

Troubleshooting with Logging and
Diagnostics
Article • 03/31/2023

The various FSLogix components create comprehensive logs. These logs are found in
the following three (3) log types:

Client event logs

Text-based Log files
Event Trace Logging (ETL)

Reviewing or collecting logs can be a great first step in the support process before
opening a support case. The FSLogix Support Tool was created to help customers collect
all the necessary logs into a single zipped archive.

Client event logs

FSLogix utilizes the Windows Event Log system to provide other data during many of
the operations and tasks. These event logs can be found in the Windows Event Viewer
under Applications and Services Logs -> FSLogix. Most event logs data is written in
either the Admin or Operational logs under Apps. Event log data specific to Cloud
Cache is written to either the Admin or Operational logs under CloudCache.
Figure 7: FSLogix Event Logs

Text-based log files

Text-based log files are the first place to look when troubleshooting FSLogix and
requires the logging settings have been configured.

Log file location: C:\ProgramData\FSLogix\Logs

The most common log file used when troubleshooting an issue is the
Profile_%date%.log found in C:\ProgramData\FSLogix\Logs\Profile .

How to review profile logs

７ Note

Notepad++ is a great text editor as it provides the ability to highlight sets of

keywords or phrases.

1. Open the latest log file from

C:\ProgramData\FSLogix\Logs\Profile\Profile_%date%.log .

2. Take note of the following sections: Computer Name, FSLogix version(s), and
service status.

Figure 1: Profile log file

3. Press Ctrl+F to open the Find dialog and search for the sign in event for a specific
user (for example, jdoe).

Find what: LoadProfile: %samaccountname%

Figure 2: Profile log search dialog

4. Ensure the sign in event is in line with the time of the reported issue or problem.

5. Next, note the process id for this user as this ID is used during the entire sequence
of the event (sign in or sign out).

6. Use the style feature to highlight the following sections within the log file:

Begin Session: Logon

Begin Session: Logoff

Milliseconds

loadProfile time:
unloadProfile time:
 Figure 3: Profile log stylize terms

7. With these keywords stylized, it's easier to locate the sign in and sign out events.

Figure 4: Example 1

Figure 5: Example 2

8. Optionally, after you've stylized all the keywords, you can focus on a specific
process for a user's event by selecting the process id. Notepad++ will highlight all
 occurrences of this process ID so you can follow its sequence as there may be
other processes running for other users at the same time.

Figure 6: Profile log process ID

） Important

Each action in the log file will have a prefix for the type of event. [INFO] for
informational events, [WARN:xxxxxx] indicates Warnings, and [ERROR:xxxxxx] for
Errors. Both Warnings and Error will have a corresponding error code.

Event Trace Logging (ETL)

FSLogix implements trace logging, which creates Event Trace Logs ( ETL ) files. There are
two (2) ETL files, which are created and saved. The ETL files are saved to
C:\ProgramData\FSLogix\Logs\ , and are named trace.etl.001 and trace.etl.002 . The

files are rotated using round-robin, with the oldest file being replaced with a new file
after two files have been created. The ETL files are capped at 100-MB maximum file size.

The FSLogix ETL files are managed by Windows autologger. Trace data is held in a
buffer and written to the ETL files as needed and overwritten at the designated
threshold. Each time the computer is restarted, the ETL files are rotated according to the
configuration.

７ Note
Event Trace Logging is intended for Microsoft Internal Use only.
FSLogix Codes and what they mean
Article • 03/31/2023

The Profile and ODFC container set three values that represent the state of FSLogix for
the user signing in:

Status
Normal
Error
Reason
Error (generated from Windows, not FSLogix)

The three values are stored for each user's session in the local machines registry.
Depending on the container, the user's session information could be stored in one (1) of
two (2) places.

Profile container: HKLM\Software\FSLogix\Profiles\Sessions\%sid%

ODFC container:
HKLM\Software\Policies\FSLogix\ODFC\Sessions\%sid%

HKCU\Software\FSLogix\ODFC\Sessions

Status and Reason codes provide a holistic view of the FSLogix state for any specific
user. The Status code can be one (1) of two (2) types, normal and error. Error codes are
set when an FSLogix operation didn't succeed. These codes are generated from
Windows.

Status Codes (Normal and Error)

Status codes correspond to an FSLogix operation that succeeded or failed.

ﾉ Expand table

Code Type Description Explanation

0 Normal STATUS_SUCCESS Success

1 Error ERROR Can't load user's profile

2 Error ERROR_VIRT_DLL Virtual disk API isn't available on

this platform

3 Error ERROR_GET_USER Can't retrieve user's security

identifier
Code Type Description Explanation

4 Error ERROR_HANDLE_ODFC There was an error setting up the

Office 365 Container

5 Error ERROR_SECURITY Can't retrieve security

information

6 Error ERROR_VHD_PATH Can't retrieve virtual disk location

7 Error ERROR_CREATE_DIR Can't create destination folders

8 Error ERROR_IMPERSONATION Can't impersonate user

9 Error ERROR_CREATE_VHD Can't create virtual disk

10 Error ERROR_CLOSE_HANDLE Can't release virtual disk

11 Error ERROR_OPEN_VHD Can't open virtual disk

12 Error ERROR_ATTACH_VHD Can't attach to virtual disk

13 Error ERROR_GET_PHYSICAL_PATH Can't retrieve virtual disk's

physical information

14 Error ERROR_OPEN_DEVICE Can't open virtual disk's volume

15 Error ERROR_INIT_DISK Can't initialize virtual disk

16 Error ERROR_GET_VOL_GUID Can't retrieve virtual disk

identifier

17 Error ERROR_FORMAT_VOL Error while formatting virtual disk

18 Error ERROR_GET_PROFILE_DIR Can't retrieve profile directory

19 Error ERROR_SET_MOUNT_POINT Can't set up directory mount

point

20 Error ERROR_REG_IMPORT Can't import registry information

21 Error ERROR_CHK_GRP_MEMBERSHIP Can't retrieve user's group

22 Error ERROR_HANDLE_PROFILE Error handling profile

23 Error ERROR_PROFILE_SUBFOLDER_REDIRECTION Can't set up folder redirections

24 Error ERROR_CREATE_EVENT Unable to create event

25 Error ERROR_PER_SESSION_VHD Maximum sessions reached

26 Error ERROR_DETACH_VHD Can't detach virtual disk at the

provided location
 Code Type Description Explanation

27 Error ERROR_FIND_VHD Can't find virtual disk at the

provided location

28 Error ERROR_NO_SESSION_CONFIG No user session config found

100 Normal STATUS_WAITING_FOR_PROFILE_DIR_SET Waiting for the Windows Profile

Service to determine the user's
profile folder

200 Normal STATUS_IN_PROGRESS Setup in progress

300 Normal STATUS_ALREADY_ATTACHED The profile is already attached

(differencing disks only)

EXAMPLE: Status codes in Profile Logs

Console

[07:31:26.900][tid:00000d30.00004c04][INFO] Status set to 28: No

user session config found
[07:38:15.311][tid:00000d30.0000218c][INFO] Status set to 100:
Waiting for the Windows Profile Service to determine the user's profile
folder
[07:42:47.045][tid:00000d30.00004168][INFO] Status set to 200:
Setup in progress
[07:42:48.076][tid:00000d30.00004168][INFO] Status set to 0:
Success

Reason Codes
Reason codes are used to help clarify the normal Status codes as described and aren't
used to with error Status codes.

ﾉ Expand table

Code Description Explanation

0 REASON_PROFILE_ATTACHED The container is attached

1 REASON_NOT_IN_WHITE_LIST User isn't a member of the include group

2 REASON_IN_BLACK_LIST User is a member of the exclude group

3 REASON_LOCAL_PROFILE_EXISTS A local profile for this user exists on this system

 Code Description Explanation

4 REASON_SHORT_SID Not an appropriate user type

5 REASON_UNSET Reason initialized to empty state

6 REASON_COMPONENT_NOT_ENABLED Component isn't enabled in product key

(legacy)

7 REASON_WINDOWS_TEMP_PROFILE Profile is a Windows temporary profile

8 REASON_NOT_WVD_SESSION Session isn't an Azure Virtual Desktop Session

9 REASON_FAILED_TO_LOAD_PROFILE Profile load failed

EXAMPLE: Reason codes in Profile Logs

Console

[07:26:39.015][tid:00000d30.000044b4][INFO] Volume name: \\?

\Volume{c04ba195-522c-40b8-a894-879025d9b386}\
[07:26:39.015][tid:00000d30.000044b4][INFO] Reason set to 0: The
container is attached
[07:26:39.015][tid:00000d30.000044b4][INFO] queryFreeDiskSpace
returning after 0 milliseconds

Error Codes
When an FSLogix operation fails, a Warning or Error code is set. The Warning and Error
Codes come from Windows, where FSLogix made an API call and the operation wasn't
successful. These codes correspond to System Error Codes.

EXAMPLE: Warning codes in profile logs

Console

[07:31:01.428][tid:00000d30.00004c04][WARN: 00000005] Error removing

directory: \\fslfileserver\profiles\jdoe-S-1-2-34-000000000-000000000-
0000000000-00000000-test (Access is denied.)
[11:35:33.734][tid:00000d30.00004f38][WARN: 00000002] Failed to query size
of VHD(x): \\fslfileserver\profiles\jdoe-S-1-2-34-000000000-000000000-
0000000000-00000000\Profile_jdoe.vhdx (The system cannot find the file
specified.)
EXAMPLE: Error codes in profile logs
Console

[07:31:01.429][tid:00000d30.00004c04][ERROR:000000b7] No Create access:

\\fslfileserver\profiles\jdoe-S-1-2-34-000000000-000000000-0000000000-
00000000-test (Cannot create a file when that file already exists.)
[07:31:01.432][tid:00000d30.00004c04][ERROR:000000b7] LoadProfile failed.
Version: 2.9.8308.44092 User: jdoe. SID: S-1-2-34-000000000-000000000-
0000000000-00000000. SessionId: 11. FrxStatus: 31 (Cannot create a file when
that file already exists.)
[11:35:33.734][tid:00000d30.00004f38][ERROR:00000005]
VirtualDiskAPI::CreateFormattedDisk failed to create vhd(x):
\\fslfileserver\profiles\jdoe-S-1-2-34-000000000-000000000-0000000000-
00000000\Profile_jdoe.vhdx (Access is denied.)
[11:35:59.241][tid:00000d30.00004f38][ERROR:80070003] Failed to save
installed AppxPackages (The system cannot find the path specified.)

System Error Code troubleshooting

System Error Codes can be decoded in various ways. The following links describe the
most common methods for investigating these codes and their meaning.

System Error Code Learn Documentation

Windows Error Code Lookup tool
NET HELPMSG
FSLogix Support Tool
Article • 03/31/2023

７ Note

Current version: 2.6 (October 28th, 2020)

Collecting the various logs and data created by FSLogix can be difficult. The FSLogix
Support Tool was created to simplify the process and ensure all the necessary logs were
collected in a single operation. The FSLogix Support Tool collects the following data:

Default items:
Text-based Log Files
Event Logs
Registry settings
Cloud Cache Driver (Frxccd)
Cloud Cache Service (Frxccds)
FSLogix Configuration and Session data (frxReg)
HKEY_CURRENT_USER Office
HKEY_CURRENT_USER Software Policies
HKEY_CURRENT_USER Windows Policies
HKEY_LOCAL_MACHINE Software Policies
HKEY_LOCAL_MACHINE Windows Policies
OneDrive
ProfileList
WindowsSearch
Various system information
Environment Variable (environment)
Filter Drivers (fltmcOutput)
File Share Permissions (folderPermissions)
FSLogix Information (frxinfo)
Group Policy Results (gpresult)
Drives and Volumes (mountvol)
System Information (msinfo)
Apps and Programs (ProgramList)
Log from Support Tool (SupportToolLog)
System Information (systeminfo)
Task Manager (tasklist)
Windows Update (updateHistory)
 HTML reports (logAnalysis)
Error Analysis
Error Breakdown
Optional items:
Rule Set files
Crash or Memory Dump files

７ Note

If the the FSLogix Apps RuleEditor or Java RuleEditor are installed, the Rule Sets
will be collected also.

Download and extract FSLogix Support Tool

Typically, the support tool is used on a specific virtual machine where the issue is
occurring. Download the FSLogix Support Tool on the problem virtual machine or
copy it to the problem virtual machine.

1. Locate the .zip file for the FSLogix Support Tool.

2. Right-click the file and Select Extract All....

Figure 1: Support tool zip file

Gather FSLogix content on a single computer

７ Note

Before collecting logs, be sure that the problem virtual machine is configured with
logging enabled, and the logs exist.

1. Locate the folder where the FSLogix Support Tool was extracted to from the
previous section.

2. Open Support Tool(1).exe to run.

Figure 2: Support tool contents extracted

3. Enter your company name in the box provided.

4. Select Gather Rule Files and Gather Dump Files.

5. Select Gather FSLogix Content.

 Figure 3: FSLogix Support tool

７ Note

Gathering FSLogix content will take some time.

Figure 4: FSLogix Support tool progress bar

6. When complete, the support tool compresses the contents to a file in

C:\ProgramData\FSLogix\Support

Figure 5: FSLogix Support tool complete

 Figure 6: FSLogix Support tool completed zip file

7. The collected data can be used when opening a Microsoft Support Request.

Gather FSLogix content on multiple computers

７ Note

To collect the data from the remote computers, the account running the tool must
have local Administrator rights.

1. Create a file named servers.txt in the same directory where the Support
Tool(1).exe is located.

2. In the servers.txt file, type the NETBIOS or FQDN name for each computer to
collect (each on a separate line).
 Figure 7: Server text file

3. Follow steps 2 - 7 from the single computer directions in the previous section.

4. When complete, the data collected from the remote computers are in the Remote
Servers folder in the compressed collection file.

Figure 3: FSLogix Support tool remote servers

 Tip
When the support tool is complete, review the SupportToolLog.txt file to verify the
remote server information was collected.
frx command-line utility
Article • 03/31/2023

frx is a command-line utility which provides management and configuration of an

FSLogix configuration. The utility manages rules, profiles and containers, search,
credential manager, and other miscellaneous functions.

Commands
ﾉ Expand table

Command Description

help, ? Display this help message

version Display the versions of the loaded components

Rules

ﾉ Expand table

Command Description

add-redirect Add a new folder redirection

add-rule Add the specified rule

create-ruleset Creates a Rule Set

del-redirect Delete an active folder redirection

del-rule Delete the specified rule

list-redirects List currently active folder redirections

list-rules List currently loaded rules

reload-rules Reload rules from cache

Profiles and virtual containers

ﾉ Expand table
Command Description

copy-profile Copy a user's profile into a VHD or VHDX

copyto-vhd Copy a folder and its contents to a VHD or VHDX

create-vhd Create and format a VHD or VHDX

edit-profile Edit profile contents contained in a VHD or VHDX

begin-edit-profile Attaches the specified VHD or VHDX and the registry hive

end-edit-profile Detaches the specified VHD or VHDX and the registry hive

export-profilecfg Export profile configuration settings to file

import-profilecfg Import profile configuration settings from file

migrate-vhd Migrates the contents of an existing VHD to a new one

moveto-vhd Move a folder and its contents to a VHD or VHDX

set-profile-redir Sets the profile's folder redirections configuration

Search component

ﾉ Expand table

Command Description

reset-user-search-db Reindex a user's search index database.

Credential Manager key management

ﾉ Expand table

Command Description

add-secure-key Add a secure key to Credential Manager

del-secure-key Delete a secure key from Credential Manager

list-secure-key list the keys that are contained in Credential Manager

Miscellaneous
 ﾉ Expand table

Command Description

create-junction Creates a junction point to a target volume or folder

enable-shnot Enables shell refresh notification

regfont Registers a font in the system font table

report-assignment Rule Set applicability reporting

show-junction-info Shows information about a junction point

unregfont Removes a font from the system font table

start-agent Starts all drivers and services comprising the agent

stop-agent Stops all drivers and services comprising the agent

frx version
Displays the versions of the loaded components

Examples

Console

frx version

Rules

frx add-redirect
Add a new path redirection for the virtualization driver

Console

frx add-redirect -src <path>

-dest <path>

Required Parameters
-source or -src

Specifies the source path to redirect.

-destination or -dest

Specifies the path to act as redirection target.

Examples

Console

frx add-redirect -src C:\mysource -dest d:\mytest

frx add-redirect -src C:\mysource -dest \\?\VolumeXXXXX\Test

frx add-rule
Add a specific rule.

Console

frx add-rule -hide <params>

-printer <params>
-redirect <params>
-specific-data <params>
-vhd-attach <params>

Examples

Console

frx add-rule -hide -src-parent C:\Windows

frx add-rule -hide -src-parent \Registry\User\*\Software -src MySoftware
frx add-rule -redirect -src-parent C:\Windows -src=test.ini -dest-parent
__USER_PROFILE_PATH__ -dest test.ini
frx add-rule -specific-data -src-parent \Registry\Machine\Software -src
Value -datatype DWORD -data 42000000
frx add-rule -vhd-attach -src-parent C:\MyVolFolder -dest
C:\VHDs\mydisk.vhd

Required Parameters
-src-parent
Parent directory/key or printer to which the rule applies.

Optional Parameters
-src

File or value name

-dest-parent

Destination directory or key (redirection rules only).

-dest

Destination file or value (redirection rules only).

-no-copy

Creates a blank copy of the item upon redirection if it does not exist (default is to copy
the source item).

-volatile

Volatile rule that will not persist across a machine reboot.

-datatype

Type of specific data to return (SZ, DWORD).

-data

Hexadecimal representation of data to return.

Special Variables
Usable in -dest-parent or -dest parameters.

ﾉ Expand table

Variable Description

__USER_SID__ User's SID

__USER_NAME__ User's username

__USER_PROFILE_PATH__ Path to users profile

frx create-ruleset
Creates a Rule Set by scanning the specified install directory.

Console

frx create-ruleset -filename <path>

-install-dir <path>
-ARP-keyname <path>

Examples

Console

frx create-ruleset-name Chrome -install-dir "C:\Program

Files\Google\Chrome\Application" -ARP-keyname
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google
Chrome"

Parameters
-filename

Specifies the name of the file to be created.

-install-dir

Specifies the installation path of the application to be scanned.

-ARP-keyname

Specifies the Add/Remove program registry location.

frx del-redirect
Deletes an active redirect.

Console

frx del-redirect -source <path>

Examples
 Console

frx del-redirect -source C:\MyData\Docs

Parameters
-source

Specifies the source folder to remove redirection from.

frx del-rule
Delete the specified rule.

Console

frx del-rule -src-parent <path>

-src <path>

Examples

Console

frx del-rule -src-parent C:\Windows -src test.ini

frx del-rule -hide -src-parent \Registry\User\*\Software -src MySoftware

Required Parameters
-src-parent

Parent directory or key to which to rule applies.

Optional Parameters
-src

File or value name.

frx list-redirects
Lists the current active folder redirections.
 Console

frx list-redirects

frx list-rules
Lists all rules loaded in the system.

Console

frx list-rules -verbose

Optional Parameters

-verbose

Displays additional information about the rule.

frx reload-rules
Reloads the rules. Can be specific to one file of rules, or apply to all rules.

７ Note

Reloading rules has no affect on volatile rules.

Console

frx reload-rules -filename <path>

Examples

Console

frx reload-rules -filename Rules.fxr

Optional Parameters
-filename
Specifies the rules file to be reloaded.

Profiles and Virtual Containers

frx copy-profile

２ Warning

If the local profile size exceeds 5 GB, you must specify the -size-mbs parameter
with a size greater than 5000.

Copy a user's profile into a VHD or VHDX. If the VHD or VHDX file does not exist, it will
be created.

Console

frx copy-profile -filename <path>

-username <username or domain\username>
-sid <sid>
-size-mbs <int>
-vhdx-sector-size <int>
-dynamic <1 or 0>
-src-parent <path>
-verbose <switch>
-profile-path <path>
-label <string>
-redirections <path>

Examples
Local profile less than 5 GB

Console

frx copy-profile -filename C:\Profile.vhd -username CONTOSO\msmith

Local profile greater than 5 GB

Console

frx copy-profile -filename C:\Profile.vhd -username CONTOSO\msmith -

size-mbs 30000
Required Parameters
-filename

Specifies the path to the VHD(x) file.

-username

Specified as Username or DOMAIN\Username

-sid

Used in place of -username to identify the profile.

Optional Parameters
-size-mbs

Size in number of MBs for new VHD/VHDX

-vhdx-sector-size

VHDX sector size

-dynamic

Set to 1 for dynamic, 0 for fixed disk

-src-parent

Path the the parent VHDX file for differencing disks

-verbose

Enables verbose output

-profile-path

Specify the profile path

-label

Disk volume label (default is Profile)

-redirections

Specify the redirections file to copy to the profile

frx copyto-vhd
Copy a folder and its contents to a VHD or VHDX

Console

frx copyto-vhd -filename <path>

-src <path>
-dest <path>
-size-mbs <int>
-vhdx-sector-size <int>
-dynamic <1 or 0>
-verbose <switch>
-src-parent <path>
-label <string>

Examples

Console

frx copyto-vhd -filename C:\mydisk.vhd -src C:\data

Required Parameters
-filename

Specifies the path to the VHDX file

-src

Specifies the source folder to copy

Optional Parameters
-dest

Specifies the target folder in the VHDX file. Default destination is the VHDX root folder.

-size-mbs

Size in number of MBs for new VHD/VHDX

-vhdx-sector-size

VHDX sector size

-dynamic

Set to 1 for dynamic, 0 for fixed disk

-verbose

Enables verbose output

-label

Disk volume label (default is Profile)

frx create-vhd
Create and format a VHD or VHDX. By default the VHD or VHDX will be 30 GBs and
sized dynamically.

Console

frx create-vhd -filename <path>

-size-mbs <int>
-vhdx-sector-size <int>
-dynamic <1 or 0>
-src-parent <path>
-label <string>

Examples

Console

frx create-vhd -filename C:\Profile.vhd

Required Parameters
-filename

Specifies the path to the VHDX file

Optional Parameters
-size-mbs

Size in number of MBs for new VHD/VHDX

-vhdx-sector-size

VHDX sector size

-dynamic

Set to 1 for dynamic, 0 for fixed disk

-src-parent

Path the the parent VHDX file for differencing disks

-label

Disk volume label (default is Profile)

frx edit-profile
Attaches the specified VHD or VHDX and opens an Explorer Window and Registry editor
so the contents of the profile can be viewed and edited.

Console

frx edit-profile -filename <path>

Examples

Console

frx edit-profile -filename C:\Profile.vhd

Parameters
-filename

Specifies the path to the VHDX file

frx begin-edit-profile
Attaches the specified VHD or VHDX and attaches the registry hive so the contents of
the profile can be viewed and edited.

Console
 frx begin-edit-profile -filename <path>

Examples

Console

frx begin-edit-profile -filename C:\Profile.vhd

Parameters

-filename

Specifies the path to the VHDX file

frx end-edit-profile
Detaches the specified VHD or VHDX and the registry hive

Console

frx end-edit-profile -cookie <string>

-filename <path>

Examples

Console

frx end-edit-profile -cookie 4876 -filename C:\Profile.vhd

Parameters
-cookie

Specifies the cookie printed out from the begin-edit-profile call.

-filename

Specifies the path to the VHDX file

frx export-profilecfg
Exports profile configuration settings and inclusion/exclusion group membership to a
file. The settings can be imported later with the import-profilecfg command.

Console

frx export-profilecfg -filename <path>

Examples

Console

frx export-profilecfg -filename my_configuration.frxconfig

Parameters
-filename

Specifies the file for the configuration data to be stored.

frx import-profilecfg
Imports profile configuration settings and inclusion/exclusion group membership from
file. This file can be generated with the export-profilecfg command.

Console

frx import-profilecfg -filename <path>

Examples

Console

frx import-profilecfg -filename my_configuration.frxconfig

Parameters
-filename
Specifies the file for the configuration data to be stored.

frx migrate-vhd
Creates, formats a VHD or VHDX, and mirrors the contents of the source VHD. By default
the VHD or VHDX will be 30 GBs and sized dynamically.

Console

frx migrate-vhd -src <path>

-dest <path>
-size-mbs <int>
-vhdx-sector-size <int>
-dynamic <0 or 1>

Examples

Console

frx migrate-vhd -src C:\old\Profile.vhd -dest C:\new\Profile.vhd

Required Parameters
-src

Specifies the path to the source VHDX file

-dest

Specifies the new VHDX filename.

Optional Parameters
-size-mbs

Size in number of MBs for new VHD/VHDX

-vhdx-sector-size

VHDX sector size

-dynamic

Set to 1 for dynamic, 0 for fixed disk

frx moveto-vhd
Moves a folder along with all its sub-folders and files to a VHD(X) disk.

Console

frx moveto-vhd -filename <path>

-src <path>
-dest <path>
-size-mbs <int>
-vhdx-sector-size <int>
-dynamic <1 or 0>
-verbose <switch>
-src-parent <path>
-label <string>

Examples

Console

frx moveto-vhd -filename C:\mydisk.vhd -src C:\data

Required Parameters
-filename

Specifies the path to the VHDX file

-src

Specifies the source folder to move

Optional Parameters
-dest

Specifies the target folder in the VHDX file. Default destination is the VHDX root folder.

-size-mbs

Size in number of MBs for new VHD/VHDX

-vhdx-sector-size

VHDX sector size

-dynamic

Set to 1 for dynamic, 0 for fixed disk

-verbose

Enables verbose output

-label

Disk volume label (default is Profile)

frx set-profile-redir
Sets the profile's folder redirections configuration

Console

frx set-profile-redir -filename <path>

-redirections <path>
-no-redirections <switch>

Examples

Console

frx set-profile-redir -filename C:\Profile.vhd -redirections

C:\redir.xml

Required Parameters

-filename

Specifies the path to the VHDX file

Optional Parameters
-redirections

Specify the redirections file to copy to the profile.

-no-redirections

Remove any exiting redirections from the profile.

Search Component

frx reset-user-search-db
Re-index a user's search index database.

Console

frx reset-user-search-db -username <username or domain\username>

-sid <sid>

Examples

Console

frx reset-user-search-db -username DOMAIN\USERNAME

Parameters

-username

Specify username or DOMAIN\username.

-sid

Specify the users SID instead of using -username

Credential Manager Key Management

frx add-secure-key
Add a secure key to Credential Manager.

Console

frx add-secure-key -key <string>

-value <string>

Examples
 Console

frx add-secure-key -key fslogix -value secretStringABC123

Parameters
-key

Specifies the key name for the credential.

-value

Specifies the value for the desired key.

frx del-secure-key
Delete a secure key from Credential Manager

Console

frx del-secure-key -key <string>

Examples

Console

frx del-secure-key -key fslogix

Parameters

-key

Specifies the key name for the credential.

frx list-secure-key
List the keys that are contained in Credential Manager

Console

frx list-secure-key
Miscellaneous

frx create-junction
Creates a junction point to a target volume or folder

Console

frx create-junction -src <path>

-dest <path>
-name <string>

Examples

Console

frx create-junction -src E:\ -dest \\Volume{2dd97d8a-3bab-11e1-b9ff-

080027e238aa}

Required Parameters

-src

Specifies the drive or folder where the junction point will be added.

-dest

Specifies the target folder or volume.

Optional Parameters
-name

Optional display name.

frx enable-shnot
Enables shell refresh notification

Console
 frx enable-shnot -true <switch>
-false <switch>
-force <switch>

Examples

Console

frx enable-shnot -force

Optional Parameters

-true

Enables notifications

-false

Disables notifications

-force

Forces immediate notification if enabled.

frx regfont
Registers a font in the system font table

Console

frx regfont -filename <path>

Examples

Console

frx regfont -filename C:\myfont.ttf

Parameters
-filename

Specifies the path to the font file.

frx report-assignment
Reports on the applicability and non-applicability of a Rule Set by analyzing the
assignment file and Active Directory.

Console

frx report-assignment -filename <path>

-username <LDAP>
-verbose <switch>
-csv <switch>

Examples

Console

frx report-assignment -filename C:\test.fxa -username

"CN=User,DC=domain"

Required Parameters
-filename

Specifies the path to the assignment file.

Optional Parameters
-username

Reports the applicability of the assignment file for the user specified (distinguished
name).

-verbose

Enables verbose output.

-csv

Enables output in comma separated value (CSV) format.

frx show-junction-info
Shows junction point information on the specified folder.

Console

frx show-junction-info -src <path>

Examples

Console

frx show-junction-info -src E:\

Parameters
-src

Specifies from which drive or folder the information is gathered from.

frx unregfont
Removes a font from the system font table

Console

frx unregfont -filename <path>

Examples

Console

frx unregfont -filename C:\myfont.ttf

Parameters
-filename

Specifies the path to the font file.

frx start-agent
Starts all drivers and services comprising the agent

Console

frx start-agent

frx stop-agent
Stops all drivers and services comprising the agent

Console

frx stop-agent
frxcontext command-line utility
Article • 03/31/2023

frxcontext is a command-line utility which adds to the context menu for VHD(x) files.
When installed, a new context menu item will appear for VHD(x) file which mounts the
VHD, loads the registry and opens Windows Explorer.

Console

frxcontext --install <switch>

--uninstall <switch>
--install-per-user <switch>
--uninstall-per-user <switch>

frxcontext <path-to-vhd>

Examples
Console

frxcontext --install
frxcontext \\<server-name>\<share-
name>\%username%_%sid%\Profile_%username%.vhdx
Parameters
--install

Install FSLogix container management to the Windows context menu for vhd(x) files.
Installs for all users.

--uninstall

Uninstall FSLogix container management from the windows context menu. Uninstalls for
all users.

--install-per-user

Install FSLogix container management to the Windows context menu for vhd(x) files.
Install for the current (logged in) user.

--uninstall-per-user

Uninstall FSLogix container management from the windows context menu. Uninstalls for
the current (logged in) user.

７ Note
FSLogix container files are not special files. Windows provides native capability to
mount and explore the container. The frxcontext utility is only provided as an aid.
Configuration Setting Reference
Article • 05/14/2024

This article outlines the various registry settings applicable to FSLogix that includes, but
not limited to:

App Services
Profile containers
ODFC containers
Cloud Cache
Logging

Default settings
After installing FSLogix, the installer will create a base set of registry keys and values
which provides the framework for adding configuration settings. FSLogix doesn't create
ANY configuration setting value names as part of the installation. Any configuration
setting listed on this page which has a 'Default value' doesn't need to be created or
configured as FSLogix will automatically use the default value as listed.

For example, the RoamIdentity setting has a default value as ' 0 '. FSLogix will not roam
identities as a default behavior and doesn't need an Administrator to create or add the
registry value name and value. Only if the desire is to change the default behavior of the
setting would the Administrator create or add the registry value name and value.

Base registry keys and value names

[HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix]

\Apps
"InstallPath"="C:\Program Files\FSLogix\Apps\"

"InstallVersion"="version_number"

\Logging
\Profiles

\SystemInfo
\Telemetry

\UserModeDll

[ HKEY_LOCAL_MACHINE\SOFTWARE\Policies\FSLogix]
\ODFC
Custom environment variables
Some FSLogix settings will accept environment variables. These settings will accept the
list of custom environment variables and any variables available during the user's sign
in.

FSLogix custom variables:

ﾉ Expand table

Variable Description

%username% SAMAcountName for the signed in user.

%userdomain% NETBIOS domain name where the user's account resides.

%sid% Security Identifier

%osmajor% Major version of the operating systems as seen in:

HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\CurrentMajorVersionNumber

%osminor% Minor version of the operating systems as seen in:

HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\CurrentMinorVersionNumber

%osbuild% Build version of the operating systems as seen in:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\CurrentBuildNumber

%osservicepack% Legacy to Windows service packs, no longer used.

%profileversion% Version of profile based on Windows version.

%clientname% The COMPUTERNAME of the client initiating the connection to the host.

App Services Settings

The following settings are applicable to FSLogix and not specific to profile or ODFC
containers or Cloud Cache.

CleanupInvalidSessions
Registry Hive: HKEY_LOCAL_MACHINE

Registry Path: SOFTWARE\FSLogix\Apps

Value Name: CleanupInvalidSessions

Value Type: DWORD

Enabled Value: 1

Disabled Value: 0 (default)

In cases where a user's session terminates abruptly, the VHD(x) mounted for the user's
profile isn't properly detached and the user's next sign in may not successfully attach
their VHD(x) container. Enable this setting and FSLogix attempts to clean up these
invalid sessions and allow a successful sign-in. This setting affects both Profile and ODFC
containers.

RoamRecycleBin
Registry Hive: HKEY_LOCAL_MACHINE

Registry Path: SOFTWARE\FSLogix\Apps

Value Name: RoamRecycleBin

Value Type: DWORD

Enabled Value: 1 (default)

Disabled Value: 0

When enabled, this setting creates a redirection for the user's specific Recycle Bin into
the VHD(x) container. This allows the user to restore items regardless of the machine
from where they were deleted.

VHDCompactDisk
Registry Hive: HKEY_LOCAL_MACHINE

Registry Path: SOFTWARE\FSLogix\Apps

Value Name: VHDCompactDisk

Value Type: DWORD

Enabled Value: 1 (default)

Disabled Value: 0
When enabled, this setting attempts to compact the VHD disk during the sign out
operation and is designed to automatically decrease the Size On Disk of the user's
container depending on a predefined threshold. For more information, see the VHD Disk
Compaction documentation.

FSLogix Settings (Profile, ODFC, Cloud Cache,

Logging)
Profile Settings

Profile container Settings

The following settings are applicable to profile containers and are created in the
following location:

Registry Hive: HKEY_LOCAL_MACHINE

Registry Path: SOFTWARE\FSLogix\Profiles

AccessNetworkAsComputerObject

Type: DWORD

Default Value: 0

Data values and use:

0: default – attach as user.

1: attach as computer - folder must have permissions for computer objects.

Ｕ Caution

Do not use this configuration setting unless your storage provider or

architecture will NOT work with user-level permissions to the VHD(x) container
locations. This setting will allow the virtual machine to access all the VHD(x)
files on the storage provider creating a potential security risk.

AttachVHDSDDL
Type: REG_SZ
Default Value: N/A

Data values and use:

SDDL string representing the ACLs to use when attaching the VHD(x).

CleanOutNotifications
Type: DWORD

Default Value: 1

Data values and use:

0: No action.
1: Cleans out stale notification entries.

This setting cleans out stale entries created by the Windows Push Notification
Platform (WPN) and Windows Notification Facility (WFN) which under some
conditions leads to slow sign-ins.

DeleteLocalProfileWhenVHDShouldApply

Type: DWORD

Default Value: 0

Data values and use:

0: No action.
1: Deletes local profile if exists and matches the profile container.

） Important

When FSLogix determines a user should have an FSLogix profile container, and
a local profile exists, FSLogix will permanently delete the local profile.

DiffDiskParentFolderPath

Type: REG_SZ

Default Value: %TEMP%

Data values and use:

Specifies the path where difference disks are created when ProfileType is
configured to use them. The path supports the use of the FSLogix custom variables
or any environment variables that are available to the user during the sign in
process.

Enabled

(required setting)

Type: DWORD

Default Value: 0

Data values and use:

0: Profile containers disabled.

1: Profile containers enabled.

FlipFlopProfileDirectoryName

Type: DWORD

Default Value: 0

Data values and use:

0: SID folder is created as %sid%_%username%

1: SID folder is created as %username%_%sid%

） Important

Be sure you understand how conflicting settings are applied and prioritized.

This setting will OVERRIDE both SIDDirNameMatch and

SIDDirNamePattern
This setting has NO EFFECT when NoProfileContainingFolder is enabled
NoProfileContainingFolder > FlipFlopProfileDirectoryName >
(SIDDirNameMatch and SIDDirNamePattern)

GroupPolicyState

Type: DWORD
Default Value: 1

Data values and use:

0: Do not roam Group Policy state, provides synchronous policy processing at

sign-in.
1: Roam Group Policy state, provides asynchronous policy processing at sign-
in.

７ Note

This setting can't be set using Group Policy.

IgnoreNonWVD
Type: DWORD

Default Value: 0

Data values and use:

0: FSLogix is enabled for any session.

1: FSLogix is enabled for Azure Virtual Desktop (AVD) sessions only.

７ Note

Windows Virtual Desktop (WVD) is now known as Azure Virtual Desktop (AVD),
though the name of the setting uses the legacy name.

InstallAppxPackages
Type: DWORD

Default Value: 1

Data values and use:

When enabled (1), this setting reads the AppxPackages.xml manifest file from the
user's profile and installs / re-registers the list of applications. The
AppxPackages.xml file can be found at: %LocalAppData%\FSLogix\AppxPackages.xml .
This setting does control the global behavior in Windows for all AppX applications.
This only improves functionality when used with FSLogix.
 ２ Warning

The AppxPackages.xml file is not meant to be edited or modified. Editing this

file may cause unexpected results and the file is overwritten at each sign out.

IsDynamic
Type: DWORD

Default Value: 1

Data values and use:

0: VHD(x) is of a fixed size and the size on disk is fully allocated.

1: VHD(x) is dynamic and only increases the size on disk as necessary.

７ Note

This setting is used with the SizeInMBs setting to manage the size of
profile containers. Setting IsDynamic to 1 causes the Profile container to
use the minimum space on disk, regardless of the allocated SizeInMBs.
As space is consumed, the size on disk grows up to the size specified in
SizeInMBs. SizeInMBs is the maximum size that a user is allowed to use
on disk. If the user's profile container grows beyond what is specified in
SizeInMBs the user experiences errors.
Setting IsDynamic to 1 does NOT allow the Profile container to grow
larger than what is specified in SizeInMBs.

KeepLocalDir
Type: DWORD

Default Value: 0

Data values and use:

0: The local_%username% is deleted during sign out.

1: The local_%username% folder will be left on the system, after sign out. It's
also used again if the same user signs on.
LockedRetryCount
Type: DWORD

Default Value: 12

Data values and use:

Specifies the number of retries attempted when a VHD(x) file is locked (open by
another process or computer).

LockedRetryInterval

Type: DWORD

Default Value: 5

Data values and use:

Specifies the number of seconds to wait between retries (see LockedRetryCount).

NoProfileContainingFolder

Type: DWORD

Default Value: 0

Data values and use:

0: Disabled.
1: Profile container doesn't use or create a SID containing folder for the
VHD(x) file.

This setting is intended for situations where storage provides a location that is
already unique per-user.

） Important

Be sure you understand how conflicting settings are applied and prioritized.

This setting will override ANY OTHER setting related to container folders.
SIDDIRNameMatch has NO EFFECT when used in conjunction with
this setting.
 SIDDIRNamePattern has NO EFFECT when used in conjunction with
this setting.
FlipFlopProfileDirectoryName has NO EFFECT when used in
conjunction with this setting.

OutlookCachedMode

Type: DWORD

Default Value: 1

Data values and use:

0: Prevents FSLogix from doing anything with cached mode.

1: Only when the Profile container is attached, the Outlook setting that
enables cached mode is temporarily set until the container is detached. This
setting ensures cached mode is used only when the container is attached.

） Important

Outlook must be configured for online mode for this feature to work. This
insures if FSLogix gets disabled, that large OST files won't be
downloaded.
Online mode registry entry:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\office\16.0\Outlook\OS

T\NoOST:DWORD = 2 .

FSLogix will override this setting for the current user.

PreventLoginWithFailure
Type: DWORD

Default Value: 0

Data values and use:

When enabled (1) FSLogix loads the FRXShell if there's a failure attaching to, or
using an existing profile VHD(x). The user receives the default prompt to call
support, and the users only option is to sign out.
PreventLoginWithTempProfile
Type: DWORD

Default Value: 0

Data values and use:

When enabled (1) FSLogix loads the FRXShell if it's determined a temp profile has
been created. The user receives the default prompt to call support, and the users
only option is to sign out.

ProfileDirSDDL

Type: REG_SZ

Default Value: N/A

Data values and use:

SDDL string representing the ACLs to use when creating the profile directory.

ProfileType
Type: DWORD

Default Value: 0

Data values and use:

0: Normal profile behavior.

1: Machine should only be the RW profile instance.
2: Machine should only be the RO profile instance.
3: Machine should try to take the RW role and if it can't, it should fall back to a
RO role.

） Important

All sessions trying to use the VHD concurrently must have a matching
ProfileType setting. If the VHD isn't accessed concurrently, ProfileType
should be 0.
OneDrive does not support multiple simultaneous connections / multiple
concurrent connections, using the same profile, under any circumstances.
 For more information, see Use the sync app on virtual desktops.

ReAttachRetryCount
Type: DWORD

Default Value: 60

Data values and use:

Specifies the number of times the system should attempt to reattach the VHD(x)
container if it's disconnected unexpectedly.

ReAttachIntervalSeconds

Type: DWORD

Default Value: 10

Data values and use:

Specifies the number of seconds to wait between retries when attempting to

reattach the VHD(x) container if it's disconnected unexpectedly.

RebootOnUserLogoff
Type: DWORD

Default Value: 0

Data values and use:

0: Disabled.
1: Reboot when any user signs out.
2: Reboot when a FSLogix profile user signs out.

RedirectType
Type: DWORD

Default Value: 2

Data values and use:

 1: Use legacy redirection.
2: Use FSLogix advanced redirection.

RedirXMLSourceFolder

Type: REG_SZ

Default Value: N/A

Data values and use:

Path where FSLogix looks for the redirections.xml file to copy from and into the
user's profile. The path supports the use of the FSLogix custom variables or any
environment variables that are available to the user during the sign in process. For
example, C:\Windows\System32 or \\<server-name>\<share-name>

７ Note

Do not add the file name to the path. This setting is a folder path only.

RemoveOrphanedOSTFilesOnLogoff

Type: DWORD

Default Value: 0

Data values and use:

0: Disabled.
1: Duplicate OST files are deleted during sign out.

７ Note

In rare cases, duplicate OST files are created for a user. This circumstance has
been documented to occur with and without the use of a non-persistent
profile. When the profile is stored in the standard file system, administrators
may remove orphaned or stale OST files by deleting them. When using FSLogix
the OST file is in the container and isn't as visible. Over long periods of time
duplicate OST files may consume incremental disk space. When enabled (1)
FSLogix will delete all OST files in a VHD(x), except the OST with the latest
 modify date. Administrators should be familiar with the use of OST files, and
potential implications, before choosing to enable this setting.

RoamIdentity

Type: DWORD

Default Value: 0

Data values and use:

0: Don't roam credentials and tokens within the container.

1: Enables legacy roaming for credentials and tokens created by the Web
Account Manager (WAM) system.

Under some identity and authentication scenarios, user's may be required to

authenticate to their Microsoft 365 applications at every sign-in. Enabling this
setting is one way to resolve the issue. We recommend working towards true single
sign-on which allows your Windows sign-in to pass it's credential to your Microsoft
365 applications.

） Important

The default setting is to not roam the credentials or tokens which is the
preferred setting. While this may not be the ideal configuration for some
customers, we created this setting to provide customers a way to roam
these items similarly to FSLogix v2201 hotfix 2 (2.9.8228.50276).
Do NOT enable this setting if you use Microsoft Intune to manage your
devices.

RoamSearch
Type: DWORD

Default Value: 0

Data values and use:

0: Disabled.
1: Enable single-user search.
2: Enable multi-user search.
For more information, see Configure Windows Search database roaming.

） Important

FSLogix search roaming functionality is no longer necessary in newer

versions of Windows1
RoamSearch is set prior to GPOs being applied, it is not possible to rely
on GPOs to set RoamSearch in environments where a GoldImage is
applied at boot.

1 Windows Server 2019 version 1809 and later, Windows 10 and 11 multi-session

SetTempToLocalPath
Type: DWORD

Default Value: 3

Data values and use:

0: Disabled.
1: Redirect TEMP and TMP to the local drive.
2: Redirect INetCache to the local drive.
3: Redirect TEMP, TMP, and INetCache to the local drive.

ShutdownOnUserLogoff

Type: DWORD

Default Value: 0

Data values and use:

0: Disabled.
1: Shutdown when any user signs out.
2: Shutdown when a FSLogix user signs out.

SIDDirNameMatch

Type: REG_SZ

Default Value: %sid%_%username%

Data values and use:

Specifies a string pattern used when matching a profile or ODFC container folder.
Use this setting to define how FSLogix attempts to locate a users profile or ODFC
container. FSLogix uses the VHDLocations or CCDLocations as the location where
to search and this setting defines what to search. The path supports the use of the
FSLogix custom variables or any environment variables that are available to the user
during the sign in process.

） Important

Be sure you understand how conflicting settings are applied and prioritized.

When using this configuration setting, be sure the SIDDIRNamePattern

value matches this setting.
This setting has NO EFFECT when FlipFlopProfileDirectoryName is
enabled.
This setting has NO EFFECT when NoProfileContainingFolder is
enabled.
NoProfileContainingFolder > FlipFlopProfileDirectoryName >
SIDDirNameMatch (this setting)

SIDDirNamePattern
Type: REG_SZ

Default Value: %sid%_%username%

Data values and use:

Specifies a string pattern used when creating a profile or ODFC container folder.
Use this setting to define how FSLogix attempts to create a users profile or ODFC
container folder. FSLogix uses the VHDLocations or CCDLocations as the location
where to create and this setting defines what to create. The path supports the use
of the FSLogix custom variables or any environment variables that are available to
the user during the sign in process.

） Important

Be sure you understand how conflicting settings are applied and prioritized.
 When using this configuration setting, be sure the SIDDIRNameMatch
value matches this setting.
This setting has NO EFFECT when FlipFlopProfileDirectoryName is
enabled.
This setting has NO EFFECT when NoProfileContainingFolder is
enabled.
NoProfileContainingFolder > FlipFlopProfileDirectoryName >
SIDDirNamePattern (this setting)

SIDDirSDDL

Type: REG_SZ

Default Value: N/A

Data values and use:

SDDL string representing the ACLs to use when creating the SID container folder.

SizeInMBs

Type: DWORD

Default Value: 30000

Data values and use:

Specifies the maximum size of the user's container in megabytes. Newly created
VHD(x) containers are of this size. Existing containers are extended automatically to
this size during user sign in. You can increase this value at any time, but can't
decrease it. Decreasing this value doesn't cause existing VHD(x) containers to
shrink.

VHDNameMatch

Type: REG_SZ

Default Value: Profile*

Data values and use:

Specifies a string pattern used when matching a users profile container. Use this
setting to define how FSLogix attempts to locate a users profile container (VHD(x)
file). FSLogix uses the VHDLocations or CCDLocations as the location where to
search and this setting defines what to search. The path supports the use of the
FSLogix custom variables or any environment variables that are available to the user
during the sign in process.

） Important

When using this configuration setting, be sure the VHDNamePattern value

matches this setting.

VHDNamePattern

Type: REG_SZ

Default Value: Profile_%username%

Data values and use:

Specifies a string pattern used when creating a users profile container. Use this
setting to define how FSLogix attempts to create a users profile container (VHD(x)
file). FSLogix uses the VHDLocations or CCDLocations as the location where to
search and this setting defines what to create. The path supports the use of the
FSLogix custom variables or any environment variables that are available to the user
during the sign in process.

） Important

When using this configuration setting, be sure the VHDNameMatch value

matches this setting.

VHDLocations
(required setting)

Type: MULTI_SZ or REG_SZ

Default Value: N/A

Data values and use:

A list of SMB locations to search for the user's profile VHD(x) file. If one isn't found,
one is created in the first listed location. If the VHD path doesn't exist, it's created
before it checks if a VHD(x) exists in the path. The path supports the use of the
FSLogix custom variables or any environment variables that are available to the user
during the sign in process. When specified as a REG_SZ value, multiple locations
must be separated with a semi-colon ( ; ).

VHDXSectorSize
Type: DWORD

Default Value: 0

Data values and use:

0: Uses system default.

512: VHD(x) is formatted using 512 byte allocation.
4096: VHD(x) is formatted using 4096 byte allocation.

７ Note

Values are listed in decimal not hex.

VolumeType
Type: REG_SZ

Default Value: vhd

Data values and use:

A value of vhd means that newly created files should be of type VHD. A value of
vhdx means that newly created files should be of type VHDX.

VolumeWaitTimeMS

Type: DWORD

Default Value: 20000

Data values and use:

Specifies the number of milliseconds the system should wait for the volume to
arrive after the VHD(x) has been attached. Default value of 20000 = 20 seconds
Understand VHD Disk Compaction
usage and performance
Article • 03/31/2023

You can use Windows Event Log to understand how often VHD Disk Compaction is
being used, the space saved, and the time taken to run. Here are some sample
PowerShell scripts and Azure Log Analytics queries you can use to help you interpret the
events.

PowerShell

VHD Disk Compaction metrics script

This example uses PowerShell to get the VHD Disk Compaction events from the previous
30 days, formatted into a grid. From an elevated PowerShell prompt, run the following
code block:

PowerShell

# Set startTime to number of days to search the event logs

$startTime = (Get-Date).AddDays(-30)

# Query Event Log using Get-WinEvent filtered to the VHD Disk Compaction
metric events
$diskCompactionEvents = Get-WinEvent -FilterHashtable @{
StartTime = $startTime
ProviderName = 'Microsoft-FSLogix-Apps'
ID = 57
}

# Format event properties

$compactionMetrics = $diskCompactionEvents | Select-Object `
@{l="Timestamp";e={$_.TimeCreated}},`
@{l="ComputerName";e={$_.MachineName}},`
@{l="Path";e={$_.Properties[0].Value}},`
@{l="WasCompacted";e={$_.Properties[1].Value}},`
@{l="TimeSpent(sec)";e={[math]::round($_.Properties[7].Value /
1000,2)}},`
@{l="MaxSize(GB)";e={[math]::round($_.Properties[2].Value / 1024,2)}},`
@{l="MinSize(GB)";e={[math]::round($_.Properties[3].Value / 1024,2)}},`
@{l="InitialSize(GB)";e={[math]::round($_.Properties[4].Value /
1024,2)}},`
@{l="FinalSize(GB)";e={[math]::round($_.Properties[5].Value /
1024,2)}},`
@{l="SavedSpace(GB)";e={[math]::round($_.Properties[6].Value / 1024,2)}}
 # Display metrics in Out-GridView
$compactionMetrics | Out-GridView

Azure Log Analytics Queries

） Important

In order to use the below query, you first must configure your virtual machines to
send their event logs to a Log Analytics workspace. For more information, see
Collect Windows event log data sources with Log Analytics agent. The logs which
are used for VHD Disk Compaction are:

Microsoft-FSLogix-Apps/Operational
Microsoft-FSLogix-Apps/Admin

VHD Disk Compaction metrics query

Time spent during VHD Disk Compact operation

Displays the average, minimum, and maximum time spent during the compact
operation. The data is summarized based on if the disk was able to be compacted.

Kusto

Event
| where EventLog == 'Microsoft-FSLogix-Apps/Operational' and EventID == 57
| parse kind=relaxed EventData with *
"<Data Name=\"Path\">" Path
"</Data><Data Name=\"WasCompacted\">" DiskCompaction
"</Data><Data Name=\"MaxSupportedSizeMB\">" MaxSupportedSizeMB
"</Data><Data Name=\"MinSupportedSizeMB\">" MinSupportedSizeMB
"</Data><Data Name=\"SizeBeforeMB\">" SizeBeforeMB
"</Data><Data Name=\"SizeAfterMB\">" SizeAfterMB
"</Data><Data Name=\"SavedSpaceMB\">" SavedSpaceMB
"</Data><Data Name=\"TimeSpentMillis\">" TimeSpentMillis "</Data>" *
| extend TimeSpent = todecimal(TimeSpentMillis) / 1024
| where DiskCompaction <> ""
| summarize Average=round(avg(TimeSpent),2), Max=round(max(TimeSpent),2),
Min=round(min(TimeSpent),2) by DiskCompaction

Here's an example of the output:

 

Number of container VHD(x) files compacted

Displays how many container VHD(x) files were selected for compaction based on the
threshold values.

Kusto

Event
| where EventLog == 'Microsoft-FSLogix-Apps/Operational' and EventID == 57
| parse kind=relaxed EventData with *
"<Data Name=\"Path\">" Path
"</Data><Data Name=\"WasCompacted\">" DiskCompaction
"</Data><Data Name=\"MaxSupportedSizeMB\">" MaxSupportedSizeMB
"</Data><Data Name=\"MinSupportedSizeMB\">" MinSupportedSizeMB
"</Data><Data Name=\"SizeBeforeMB\">" SizeBeforeMB
"</Data><Data Name=\"SizeAfterMB\">" SizeAfterMB
"</Data><Data Name=\"SavedSpaceMB\">" SavedSpaceMB
"</Data><Data Name=\"TimeSpentMillis\">" TimeSpentMillis "</Data>" *
| where DiskCompaction <> ""
| summarize NumberOfVhdContainers=count() by DiskCompaction

Here's an example of the output:

 

Total storage space saved

Displays the amount of storage in GB reclaimed during the VHD Disk Compaction
operation.

Kusto

Event
| where EventLog == 'Microsoft-FSLogix-Apps/Operational' and EventID == 57
| parse kind=relaxed EventData with *
"<Data Name=\"Path\">" Path
"</Data><Data Name=\"WasCompacted\">" DiskCompaction
"</Data><Data Name=\"MaxSupportedSizeMB\">" MaxSupportedSizeMB
"</Data><Data Name=\"MinSupportedSizeMB\">" MinSupportedSizeMB
"</Data><Data Name=\"SizeBeforeMB\">" SizeBeforeMB
"</Data><Data Name=\"SizeAfterMB\">" SizeAfterMB
"</Data><Data Name=\"SavedSpaceMB\">" SavedSpaceMB
"</Data><Data Name=\"TimeSpentMillis\">" TimeSpentMillis "</Data>" *
| extend Storage = todecimal(SavedSpaceMB)
| summarize StorageSavings = (format_bytes(sum(Storage * 1024 *
1024),2,"GB"))

Winlogon (sign out) delay warnings

Displays any service that caused Winlogon to exceed the 60-second threshold. Shows
the number of occurrences along with the average and maximum time spent.

Kusto
 Event
| where Source == 'Microsoft-Windows-Winlogon' and EventID == 6006
| parse kind=relaxed ParameterXml with "<Param>" ServiceName "</Param>
<Param>" Duration "</Param><Param>" EventType "</Param><Param>-</Param>"
| extend TimeInSeconds = todecimal(Duration)
| where EventType == "Logoff"
| summarize Occurrences=count(),Average=round(avg(TimeInSeconds),2),
Minimum=round(min(TimeInSeconds),2), Maximum=round(max(TimeInSeconds),2) by
ServiceName

Here's an example of the output:

Services, Drivers, and other
Components
Article • 08/22/2023

FSLogix is composed of various components that enable the variety of solutions. At the
core of FSLogix are the two (2) Windows Services, and the three (3) minifilter drivers.
Additionally, FSLogix has command-line utilities, a system tray application, a User Mode
DLL, and legacy browser plugins. All of these components are part of the core product
installation.

Services
Windows Services are the primary methods from which FSLogix operates. These services
are responsible for the commands, operations, and interactions with the various
dependencies (for example, frx.exe and winlogon.exe).

FSLogix Apps Services (frxsvc.exe)

Startup type: Automatic

Log on as: SYSTEM

Attaching / detaching Profile or Office containers

File system redirects between the user's profile and the appropriate container
Processing rule files
Processing redirections.xml
Reads registry configuration data
Interacts with Windows Credential Manager
Interacts with SMB Storage locations

FSLogix Cloud Caching Service (frxccds.exe)

Startup type: Automatic

Log on as: SYSTEM

Dependent on FSLogix Apps Services

Interacts with SMB and Azure Storage locations
Responsible for Cache and Proxy file locations
Minifilter Drivers
Minifilter drivers are file system drivers used to interact with the file system. Windows
systems run any number of minifilter drivers depending on software or applications
installed. These minifilter drivers are installed and allocated at specific altitudes to
ensure they work within the Windows file system and I/O Manager.

Driver Type Description

frxdrv.sys Virtualization Filter Driver Provides virtualization of the file system and registry
components

frxdrvvt.sys Redirection Filter Driver Provides advanced file system redirection

frxccd.sys Virtual Hard Drive Filter Provides advanced interaction with VHD(s) used in
Drivers Cloud Cache

Other Components

FSLogix Profile Status (frxtray.exe)

７ Note

frxtray.exe has been deprecated as of August 22, 2023. Please review the feature
deprecation page for additional information.

This component is accessible from the %ProgramFiles%\FSLogix\Apps directory and

provides status on whether FSLogix is active or inactive for the specific signed in user.
This tool also enables access to the Event Viewer logs and log files using the Advanced
View.

２ Warning

Don't enable this utility for all users. It should only be used as a tool for
troubleshooting issues for specific users. If enabled (in the system tray) for all
signed in users, it will have a negative impact on the overall system performance.

Utilities
frx command-line utility
Lets you manage rule sets and many other features of FSLogix. For details on this utility
and the parameters it supports, review the frx command-line utility article.

frxcontext command-line utility

Allows you to manage FSLogix containers and aid in managing containers by adding a
context menu item to VHD(x) files. For details on this utility and the arguments it
supports, review the frxcontext command-line utility article.

User mode DLL(s)

Microsoft support use only.

２ Warning

User mode DLL(s) should only be used when directed to by a Microsoft support
engineer.