question

yangStone-1877 avatar image
0 Votes"
yangStone-1877 asked yangStone-1877 edited

RDS remote desktop server, FSLogix, configuration file migration, policy is applied, the modification does not take effect

We are testing the deployment of WINDOWS SERVER 2019 remote desktop server, using domain control to manage users, and user configuration files using FSLogix to roam. Now we encounter a problem that has not been resolved.

After testing,

Use FSLogix to configure user file roaming successfully, generate VHDX virtual disk,

I made some user policies on the DC, and these policies are applied to the OU of RDS users,

When FSlogix roaming accounts, after applying these policies, they can take effect normally.

But when I want to change some policy items, or cancel the activation of the policy, these policies will no longer take effect.

For example, I made a policy of IE to remove the connection page in the policy, and I saw that it was already in effect. If I want to cancel this, let the client log in again, and then display the connection page, but it won’t take effect.

Use gpresult /v to check the GPO application status, it is normal, but I don’t know why it doesn’t take effect.

Now I am at

FSLogix registry key:
DWORD GroupPolicyState = 0 under HKLM\SOFTWARE\FSLogix\Profiles\

Computer Policy GPO:
Computer Configuration | Administrative Templates | System | Group Policy | Enable Group Policy Cache for the server

Join these, but the situation is not resolved,

windows-server-fslogix
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HI yangStone-1877,

"If I want to cancel this, let the client log in again, and then display the connection page, but it won’t take effect."
1.If you run below command and reboot the problematical server, will the same issue happen?
gpupdate /force

2."For example, I made a policy of IE to remove the connection page in the policy, and I saw that it was already in effect. If I want to cancel this, let the client log in again, and then display the connection page, but it won’t take effect."
Could you please share a detail information or link about how did you do that so that we can simulate your issue?


3.Please open GPSVC log on issue server and try to find where the issue is.

A Treatise on Group Policy Troubleshooting–now with GPSVC Log Analysis!
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/a-treatise-on-group-policy-troubleshooting-8211-now-with-gpsvc/ba-p/400304

0 Votes 0 ·

HI JiaYou-MSFT

Is there any progress on this question?

0 Votes 0 ·

1 Answer

yangStone-1877 avatar image
0 Votes"
yangStone-1877 answered yangStone-1877 edited

HI JiaYou-MSFT
I did the following test,
1: On the same RDS server, there are only accounts with FSLogix Profile Include List. This problem will occur. After GPUPDTAE /FORCE is used, the situation is the same. If you use gpresult /v to view the policy application, I see the policy application There is no problem, but the policy that has been in effect but closed by me has not taken effect.
2: If the account is listed in the FSLogix Profile Exclude List, log out and log in again, all the policies will take effect immediately.
3: But if the account is listed in the FSLogix Profile Include List again, the situation is still the same, and the changed part of the applied policy will not take effect again.
4: My test environment is,
A domain control server (2019server),
A remote desktop server (server 2019), install FSLogix_Apps_2.9.7654.46150 (FSLogixAppsSetup and FSLogixAppsRuleEditorSetup)
In the domain control server, add fslogix.adml, fslogix.admx, and use computer policy to apply to RDS SERVER.,,
FSLOGIX VHDLocations is the third file server of smb (server 2019)



The picture below is my test
The test results of TEST1 and test2 are the same.The difference is to use FSLOGIX and not to use FSLOGIX

1: rds server fslogix registry key

106710-002.jpg

2:DC SERVER GPO
106811-001.jpg


3:106268-3.jpg

4:IE does not display the connection page
106322-4.jpg

5:Now start to install the account and move it to the FSLogix Profile Exclude List group,
106302-4-1.jpg


6:Now it is the TEST02 account. In the FSLogix Profile Exclude List group, log in to RDS SERVER
106260-5-1.jpg

7: IE's connection page appeared

106331-5.jpg


In the end, I got the conclusion that the domain control account using FSLOGIX can only apply group policy unilaterally.


Thank you



4.jpg (56.5 KiB)
4-1.jpg (177.1 KiB)
5-1.jpg (106.4 KiB)
5.jpg (66.0 KiB)
001.jpg (499.3 KiB)
3.jpg (102.3 KiB)
1.png (188.5 KiB)
002.jpg (328.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.