User Profile Disk (UPD) Allows you to store the profile of each Remote Desktop Services user (%USERPROFILE%) separately vhdx (virtual disk) file. Such a profile disk is connected when the user logs on to Windows and will be disconnected (with changes to the profile saved) when the user logs out. You can store user profile disks on an external file share so that users can access their individual environments (profiles) when they log into a server in an RDS farm. UPD is an alternative to roaming profile or folder redirection technologies in RDS terminal solutions.
In this article, we’ll describe how to configure and manage user profile disks on a host with the Remote Desktop Services role running on Windows Server 2022, 2019, 2016, or 2012R2.
Enable User Profile Disks on Windows Server RDS
Create a shared network folder to store the UPD profile files. This folder must be located on a file server outside the RDS farm. To ensure high availability of UPD profiles, we recommend that you place the network folder on the cluster. The path to such a directory looks like this in our example: \\fs01\RDSProfiles ,
Create a security group in AD and add all the hosts in your RDS collection to it. You can create a group by using the ADUC graphical console or by using the following cmdlets from Active Directory for Windows PowerShell Modules:
New-ADGroup munRDSHCollection1 -path "OU=Groups,OU=MUN,DC=woshub,DC=loc" -GroupScope Domain -PassThru –Verbose
Add-AdGroupMember -Identity munRDSHCollection1 -Members munrds1$, munrds2$, munrds3$
grant now full control Permissions on the \\fs01\RDSProfiles folder for the munRDSHCollection1 group.
You can enable User Profile Drive in the Remote Desktop Storage setting when you create it. If the archive already exists, find and select it in the Server Manager console Work, edit properties in the upper right corner.
User Profile Disk Mode can be enabled and configured in the Storage settings of Remote Desktop Services. This mode can be enabled when creating a new collection, or you can turn it back on later.
Then go to the User Profile Disk tab. check option Enable User Profile Disk, Specify the path to the previously created shared folder (\\fs01\RDSProfiles), and set the maximum profile disk size (let it be 7 GB). save Changes.
Unable to enable user disks on rVHDShare. Could not create template VHD. Error Message: The network location "\\woshub.com\namespace\UserProfileDisk" is not available.
You can check if UPD is enabled for RDS storage and get the path to the directory where the profiles are stored with the PowerShell command:
Get-RDSessionCollectionConfiguration -CollectionName munCorpApp1 –UserProfileDisk
tip. In a single RDS store, only one VHDX profile file can exist for one user. If a user connects to resources from two different storages, a separate profile disk will be created for each of them.
By default, the User Profile disk contains all user profile content. You can exclude certain folders from the list of synchronized directories or specify that only certain folders should be saved. Thus, any changes made to folders in the list of excluded directories during the user’s terminal session will not be saved to the VHDX disk in the shared folder. Two options are available:
- User profiles store all user settings and data on disk
- Store only the following folders in the user profile disk
New-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy” -Type DWord -Path -Name DeleteUserAppContainersOnLogoff -Value 1
User Profile Disc in VHDX files on RDS
After you change the archive settings and enable UPD, there is a file called uvhd-template.vhdx Target will be created in UPD folder.
This file is a template for the user’s profile disc. When a user logs on to the RDS server for the first time, this template is copied and renamed as a VHDX file with the user’s SID in the name. For each user, a separate VHDX file is created.
prompt, For detailed logs about using UPD to log on to the server, go to Event Viewer -> Application ( User Profile Service Source) and Application and Services Logs -> -Microsoft -> Windows -> User Profile Service -> Operational.
You can match the UPD file name with the owning user. For example, you can manually convert the SID to a user account name by using the Get-ADUser cmdlet:
Get-ADUser -Identity S-1-5-21-32549751-3956249758-2943215497-23733695
or use show UPDFolderDetails.ps1 Script, which displays the names of UPD files in specified folders and their owners:
$UPDShare = "\\fs01\RDSProfiles"
$UserProfiles = @()
$fc = new-object -com scripting.filesystemobject
$folder = $fc.getfolder($UPDShare)
"Username,SiD" >> export.csv
foreach ($i in $folder.files)
{
$sid = $i.Name
$sid = $sid.Substring(5,$sid.Length-10)
if ($sid -ne "template")
{
$securityidentifier = new-object security.principal.securityidentifier $sid
$user = ( $securityidentifier.translate( [security.principal.ntaccount] ) )
$UserProfile = New-Object PSObject -Property @{
UserName = $user
UPDFile=$i.Name
}
$UserProfiles += $UserProfile
}
}
$UserProfiles| select UserName, UPDFile
Since UPD Profile is a regular virtual disk file in VHDX format, you can mount it and view its contents from any Windows host. Right-click the file and choose Mountain,
As you can see, a VHDX disk contains a set of folders and files for a standard user profile.
On the RD Session Host, the user profile is mounted in a VHDX file C:\Users\ <उपयोगकर्ता नाम> And it looks like this:
The UPD profile is mounted in exclusive mode. This means that if a user profile is currently associated with the user’s RDS session or has been manually mounted, you will not be able to open it with an error: The file could not be mounted because it is in use .
User profile disks from RDS servers cannot be migrated between versions of Windows Server.
Data is written to the VHDX file in real time. This means that when data is copied to user profiles on the RDS server, the size of the VHDX file on the shared storage increases immediately.
If a user profile folder already exists in Windows, the old profile folder is renamed. <यूजरनेम>-Backup- <नंबर>,
The VHDX disk is mounted when a user logs on to the VDI or RDS host. Each UPD profile is mounted in the C:\Users directory. A list of mounted VHDX disks and mount points for user profiles appears in Disk Management.
How to extend/shrink user profile disk with PowerShell?
You resize-virtualdisk PowerShell cmdlet from the Hyper-V module (Hyper-V Management Tools must be installed on the computer): Enable-WindowsOptionalFeature -Online –FeatureName Microsoft-Hyper-V-Management-Clients,
Net use U: \\fs01\RDSProfiles
Resize-VHD -Path u:\UVHD-<SID>.vhdx -SizeBytes 40GB
Net use U: /delete
Now you need to increase the volume size from Disk Management Console GUI (Action -> Attach VHD -> Extend Volume).
Or use the following PowerShell script to automatically expand the VHDX file to the maximum available size:
<#
.Synopsis
This script extend size of VHDX file and resize the disk partition to Max
#>
Param(
[Parameter(Mandatory=$true,ValueFromPipeline=$true)][alias("Path")][string]$vhdxFile,
[Parameter(Mandatory=$true,ValueFromPipeline=$true)][alias("Size")][int64]$vhdxNewSize
)
begin{
try {
Mount-VHD -Path $vhdxFile -ErrorAction Stop
}
catch {
Write-Error "File $vhdxFile is busy"
Break
}
$vhdx = Get-VHD -Path $vhdxFile
if ($vhdx.Size -ge $vhdxNewSize){
Write-Warning "File $vhdxFile already have this size!"
$vhdx | Dismount-VHD
Break
}
}
process{
Dismount-VHD -Path $vhdxFile
Resize-VHD -Path $vhdxFile -SizeBytes $vhdxNewSize
$vhdxxpart = Mount-VHD -Path $vhdxFile -NoDriveLetter -Passthru | Get-Disk | Get-Partition
$partsize = $vhdxxpart | Get-PartitionSupportedSize
$vhdxxpart | Resize-Partition -Size $partsize.SizeMax
}
end{
Dismount-VHD -Path $vhdxFile
}
Note that you cannot extend the UPD disk of a user with an active RDS session.
To reduce the size of the UPD file (assuming that you have deleted the user data inside the vhdx file and the size of the data on disk is less than the size specified for it), you can use the command:
Resize-VHD \\fs01\RDSProfiles\UVHD-<SID>.vhdx –ToMinimumSize
and then optimize the allocation of space in the file:
Optimize-vhd -path \\fs01\RDSProfiles\UVHD-<SID>.vhdx -mode full
Temporary profile problem when using User Profile Disk on RDS
Temporary user profiles are one of the most common problems you may encounter when using roaming profiles or user profile disks on RDS:
We can’t sign in to your account. You’ve have been signed in with a temporary profile. You can’t access your files, and files created in this profile will be deleted when you sign out. To fix this, sigh out and try signing later.
A temporary profile is created for the user in this case: Event ID 1511 Source: User Profile Service
A temporary profile is created for the user because Windows cannot find the local profile. Changes you make to this profile will be lost when you log off.
Most often, this is because the user’s VHDX file was not closed in the previous session. Use the following PowerShell to locate the RDSH host on which the user’s VHDX drive is mounted (run the script on the host with the RD Connection Broker role):
$UserToFind = "a.smith"
$User = $env:USERDOMAIN + '\' + $UserToFind
$RDCollection = Get-RDSessionCollection | where {$_.ResourceType -eq 'Remote Desktop'}
$RDHosts = Get-RDSessionHost -CollectionName $RDCollection.CollectionName | select SessionHost
$Array = Invoke-Command -ComputerName $RDHosts.SessionHost -ScriptBlock { Get-Disk | select Location,DiskNumber | where {$_.Location -notmatch "Integrated"} }
foreach ($VHD in $Array){
$DiskID = (Get-Item $VHD.Location).Name.Substring(5).Split(".")[0]$objSID = New-Object System.Security.Principal.SecurityIdentifier ($DiskID)
$objUser = $objSID.Translate( [System.Security.Principal.NTAccount])
if ($objUser.Value -eq $User){
$result = "$($objUser.Value) disk number $($VHD.DiskNumber) on $($VHD.PSComputername)"
}else{
$result = "$($User) - no active RSH sessions were found."
}
}
$result
You can unmount the UPD virtual drive remotely with the command:
Invoke-Command -ComputerName $VHD.PSComputername -ScriptBlock { Dismount-VHD -DiskNumber $VHD.DiskNumber }
To reduce problems with temporary profiles on RDS, it is a good idea to configure timeouts for RDS user sessions. Set inactive/disconnected sessions to expire after 2 to 4 hours. You can also enable a GPO setting that prevents temporary profiles from being created: Computer Configuration -> Administrative Templates -> System -> User Profiles, enable the option Do not log on users with temporary profiles,
This policy setting can cause intermittent “The User Profile Service failed the sign-in, user profile cannot be loadedIf the user profile folder is missing.
Administrators must manually delete temporary user profiles on the RDS host after issuing VHDX disks:
- Delete the subkeys under the following registry key with User SID
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList, In this example, there are two subkeys, one of which ends with .bak (delete both);
- Remove the user’s TEMP profile folder from the C:\Users directory.
So, we have seen how to configure User Profile Disk in RDS/VDI environment on Windows Server. Configuring UPDs is much easier than configuring roaming profiles or redirected folders. User profile disks are bound to an RDS store and cannot be corrupted when a user profile is shared between multiple terminal servers (unlike standard user profile folders). User profile disks can be stored on an SMB share, CSV, SOFS, SAN, or local disk.
Leave a Comment