FsLogix - Unclean logoff causing locked files until server reboot

Much R 101

Problem is described by M4deman under unclean-logoff-causing-locked-files-until-server-reboot

It seems to have something to do with the 2009 version.
The latest version of FSLogix is installed whats-new

Description

After a user logoff, the "System" Process (PID 4) locks the following folders:

C:\Users\local_username\AppData\Local\Microsoft\Credentials
C:\Users\local_username\AppData\Roaming\Microsoft\Credentials

The user is completely logged of, according to Task Manager.

In the FSLogix Profile Log file I can see the following:

[07:53:55.601][tid:00000c90.0000ce44][ERROR:00000020] Delete profile failed for sid S-1-5-21-3364776539-3721753400-1968955100-1179, Cleaning up manually. (Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.)
The last sentence means that the process cannot access the file, because another process already uses it.

Also the whole "local_username" folder cannot be deleted:

[08:23:15.479][tid:00000c90.0000bcc4][WARN: 00000005] Failed to delete C:\Users\local_usename (Access is denied)
Access Denied

Does someone have any info on this behaviour?

Karlie Weng 18,276 Reputation points Microsoft Vendor

2021-01-14T03:03:58.32+00:00

Hello @Much R

Did you check affected user has full control and Owner over their FSLogix Folder and the VHDX files ?

Thanks
Karlie
Much R 101 Reputation points

2021-02-02T08:02:21.997+00:00

Hello,

Where is my answer from yesterday?
Why was this deleted?

How can I open a ticket at Microsoft now?

Thank you
Karlie Weng 18,276 Reputation points Microsoft Vendor

2021-02-02T08:16:39.607+00:00

Hello @Much R

sorry I was going to delete my comment as it wasn't helpful, and your comment is below mine, so it seems they were deleted together. I want to restore but it doesn't has this option.

FSLogix is supported for use with versions of Windows and Office that are still included in the Microsoft Support Lifecycle.

How to open a FSLogix Support Request
https://social.msdn.microsoft.com/Forums/en-US/14ea5f6f-760b-4ad2-83cf-23c3cbc1bcc4/how-to-open-a-fslogix-support-request?forum=FSLogix

Best regards
Karlie
Germain 11 Reputation points

2021-02-19T11:44:10.117+00:00

We are currently experiencing the same issue. The user VHDX is locked by system and can only be unlocked by rebooting the server.
Has Microsoft acknowledged this issue?

Currently using: 2.9.7654.46150
Bracko Ewald 26 Reputation points

2021-02-19T12:10:09.137+00:00

Did you activate the registry value HKEY_LOCAL_MACHINE\SOFTWARE\FSLogix\Apps\CleanupInvalidSessions (REG_DWORD, 0x1)?
Do you use Cloud Cache or not?

Also, maybe you can check with the frx command line tool if there are still some redirects pointing to the use VHDX file. You can then use that tool to delete them manually and detach the VHDX files afterwards using diskpart.
Marius Neuhaus 1 Reputation point

2021-03-09T10:31:38.737+00:00

Hello,

we have the same problem.
We use on-premise terminalserver.:
Windows Server 2019
Citrix 1912 CU2 LTSR
FSLogix 2.9.7621.30127

I've tried the CleanupInvalidSessions RegKey, but it doesn't effect.
We don't use Cloud Cache.
FSLogix Configuration only local and not per gpo.
The frx command line tool dont show redirects pointing to the use VHDX file.
Permission are set correct. Users work correctly with the containers.
Luckily the problem occurs only randomly and not at every logoff.

In the FSLogix Configuration we include the group domain-users and exclude the domain-administrators.
Could it be a Problem?

Best Regards,
Marius
itsupport 1 Reputation point

2021-05-26T12:40:37.147+00:00

When this happens are you left with multiple <USERNAME>.original folders? I've seen it go as high as <USERNAME>.original11 before I just manually delete all the folders.
Guido Racamato 26 Reputation points

2021-09-28T17:39:34.337+00:00

Hello Everyone, For the Group Policy Access Denied, once you get an affected user, could you please modify the following registry? There's no reboot required.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileService\References\<SID affected user>
REG_BINARY: RefCount
Value: 0
Jon McLeod 1 Reputation point

2021-11-19T14:56:08.267+00:00

This is the answer. Thank you.
Farooq 5 Reputation points

2024-02-14T12:02:36.9533333+00:00

We are having the same issue. We have an RDS environment and time to time users get logged in with Temporary profile, when I check the FSlogix logs I am seeing the following error - Failed to open virtual disk: \server\Profiles\S-1-5-21-26711-2174_user\Profile_user.vhd (The process cannot access the file because it is being used by another process.)
What we done to try resolve this or at least try find the cause and reduce downtime is, we have removed AV from all RDS host, we have created a script which logs out all users at midnight but issue is still occurring. We have a case opened with Microsoft but unfortunately there has been no resolution. Another issue we had is where users could not sign into their Outlook, teams, Office profile on the host. Has anyone else experiencing this issue and has anyone managed to resolve this? Any help or suggestion would be much appreciated.

106 answers

Steve Turnbull 21 Reputation points

2022-03-19T07:49:14.987+00:00

Hi

We also have the same issues with the following environment

Windows server 2019 + latest updates
Citrix 1912cu3 vda
Fslogix 2105
Ivanti environment manager for policies

We see the local_username folders left behind.which cannot be removed and see entries in logs for either folder not empty or access denied when it’s trying to do a cleanup.

We are also using cloud cache and sometimes profile containers appear to be having some corruption as we will see some failures at logon where drive mappings etc won’t work and ivanti policy fails to load for the user session. This is intermittent and you can log on and off multiple times and not see it but suddenly it will happen for a user.

We are using the cleanupinvalidsession key and I read in an old article this was not supported with cloudcache. What is the reason not to use it with cloudcache and is there any impact using it?

We don’t seem to have many issues with logoff or container locks but we have had issues with logons which required a server reboot to fix.

Has anyone had any success with the recent preview build of 2201? to resolve any of these issues.

Thanks
Please sign in to rate this answer.
Micheal Thompson 1 Reputation point

2022-03-20T22:19:20.893+00:00

Are you having issues with users signing in such as hanging? I'm also encountering this issue.

I found that it is related to the LogonUI.exe process hanging on something I've had Microsoft review logs / troubleshoot they can't find anything. I've also had Citrix troubleshoot and sent CDF logs and still nothing they can see.

I've written a script that terminates the LogonUI.exe process and it has fixed our problem but it's definitely a "hack" fix until we figure out what is actually happening...

Cheers.

Steve Turnbull 21 Reputation points

2022-03-21T22:57:35.067+00:00

We are not really having issues with logins hanging but we are having issues with local_username staying on disk under c:\ and also under %programdata%\fslogix\cache

All of these locations at log off should be clear. This happens on random servers too, some days servers have no issue and other days a few end up with lots of these folders left. We also have some issue around profile containers corruption although not that much so far. We do have intermittent issues around ivanti environment manager user virtualisation also not running for a user at logon, usually a logoff and re-logon resolves that one so it could be a timing issue.

We are looking at nightly checks now as some have commented on here and rebooting any servers that have local_username folders left when there are no sessions.

Felixo8974 1 Reputation point

2022-08-17T19:25:02.133+00:00

@ MichealThompson-2636 - Are you terminating LogonUI.exe during the logon process or logout? VDI or Shared Environment?

Micheal Thompson 1 Reputation point

2022-08-17T23:23:46.617+00:00

Hi Felixo,

Yes during both Logon & Logoff stages it would hang and that task would be the cause.

This has since been determined to be an issue with Citrix and was resolved in version 2203 LTSR.

Thanks
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Martijn Kools 151 Reputation points

2022-10-17T14:23:47.733+00:00

This is still not fixed. Just did a new Citrix install, 2203 LTSR on W2019 with latest Fslogix version (FSLogix 2201 hotfix 2 (2.9.8228.50276).

Credentials folders are still not deleted on logoff.
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
TheAppGuru 1 Reputation point

2022-11-19T03:13:58.133+00:00

We have the same issue with LTSR 2203 CU1, Server 2019, and latest version of FSLogix. Opened a ticket with support and they blamed the Citrix DLLs, specifically the special redirection DLL SfrHook

https://support.citrix.com/article/CTX324248/how-to-disable-sfrhooksfrhook64-for-all-applications-on-a-vda

I just ended up closing the ticket rather than going down that rabbit hole.

Right now, I keep removing exclusions from our Redirections.xml. All the folders that it's complained about so far have mostly been empty. Every week it's a new folder so we'll see if I ever find the center of the lollipop.
Please sign in to rate this answer.
Martijn Kools 151 Reputation points

2022-11-19T08:48:26.27+00:00

Not gonna help. I have a customer with an almost empty redir file. Only Teams and Edge are in it and still same issue. It's always the credentials folder being locked by lsass.exe.

Steve Turnbull 21 Reputation points

2022-11-19T08:53:08.58+00:00

It’s not a Citrix problem either. We recently did a poc of avd+nerdio and had the same problems with folders left behind at logoff on a few machines intermittently

TheAppGuru 1 Reputation point

2022-11-30T03:44:48.557+00:00

That's a real shame.

After removing a handful of exclusions, now it's getting stuck at AppData\Local\Microsoft\Office\16.0\OfficeFileCache in my environment, which ironically was excluded in FSLogix 2201 (2.9.8111.53415)

The OfficeFileCache folder located at %LOCALAPPDATA%\Microsoft\Office\16.0\OfficeFileCache is now machine specific and encrypted so we exclude it from FSLogix containers. Office files located outside this folder are not impacted by this update.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Martijn Kools 151 Reputation points

2022-12-13T10:10:19.323+00:00

Not sure if it helps anyone, but for two customers I have excluded the c:\windows\system32\lsass.exe process from Microsoft Defender (process exclusion in Defender GPO). This is the process keeping the credentials folder locked.

And it seems like the issue is gone. 9 days already without issues and every single profile is being deleted at logoff. No local_ directories that are left behind. No more black screens on login or stuck VHDX files. One environment is rebooted only one time each week and showed no more issues at all so I'm a happy camper for now, until the next issue.

This may not help everyone as I am sure there's more than one issue.
Please sign in to rate this answer.
Wesley Tuya 6 Reputation points

2023-01-11T01:57:13.347+00:00

@Martijn Kools did you have to include the complete path to lsass.exe in your Defender exclusions? Do you have a screenshot of what your exclusion looks like? Would like to try this out on our environment.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Martijn Kools 151 Reputation points

2022-12-14T09:29:57.25+00:00

New verison is out - 2210!

https://aka.ms/fslogix-latest
Please sign in to rate this answer.
Marius Neuhaus 1 Reputation point

2022-12-14T10:01:23.307+00:00

In the release notes unfortunately no information about our error.
But the defender is a good idea. i'll try it.

My best workaround since 1 year is to reboot the terminalserver every night.
Hope we can disable this sometime.

Kevin Vlasselaer 1 Reputation point

2023-05-17T14:14:51.8666667+00:00

Same problem with the latest version 2210
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

FsLogix - Unclean logoff causing locked files until server reboot

106 answers

Your answer