Jump to content
Welcome to our new Citrix community!
  • 0

permissions in ntuser.dat are getting lost


Andreas Roth1709151878

Question

Hi forum,

Sometimes when user is logging on to terminalserver the user is getting the errormessage "access denied" from group policy client. The UPM log shows that it's not possible to access the user's registry.
e.g.: RegOpenKeyEx of value <Personal> failed with: The system cannot find the file specified."

when checking the ntuser.dat in UPM folder the ntfs permissions are fine, but permissions "in" HKCU registry hive are damaged. Find screenshot at http://dl.dropbox.com/u/2685981/upm1/hc_574.png
The screenshot is showing registry (not ntfs!) permissions when the ntuser.dat hive is loaded as HKLM\xxxx .
The "long sid" is NT SERVICE\ctxProfile group, S-1-3-4 is Group \OWNER RIGHTS

Any hint why inner registry permissions are damaged? Using UPM 3.2.0..

Best Regards,

Andreas

hc_574.png

Link to comment

13 answers to this question

Recommended Posts

  • 0

Hello,

I have the same type of issue. Some users cannot log on Citrix, they load a temporary profile.
The log file says:
ERROR;DOMAIN;ACCOUNT;4;10996;GetRegStringData: Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-X-X-XX-XXXXXXXX-XXXXXXXXX-XXXXXXXXXX-XXXXX, RegOpenKeyEx failed with: The system cannot find the file specified.
ERROR;DOMAIN;ACCOUNT_1006;4;10996;ProcessLogoff: Profile directory could not be read from registry for user with SID because: The system cannot find the file specified.

We use UPM 3.2.0. It seems to be a random problem.

Thanks by advanve for any help.

Link to comment
  • 0

I'm seeing something similar only with a handful of users. However, the effect is only specific to the HKU\CurrentUserGuid\Classes structure under their profile. The permissions are getting adjusted from the default and essentially prevent the user from writing to the location which causes Java (in our case) to stop working correctly.
I've been addressing them individually (only 5 or so are seeing this), but it is getting frustrating. I've not been able to reproduce the problem for myself, but have with some other accounts. The default user permissions are correct in the hive, so I'm not sure what might be causing this.

If you did open a case, might be curious if there is any information you can shed on this for the community.

XenDesktop, PVS 5.6, UPM 3.2, XP Sp3.
Folder redirection is being used and UPM is used to address what FR doesn't.

Link to comment
  • 0

Hi all,


We are experiencing the same issue on a new catalog with Xenapp 1811 & newer with Profile Managment & MCS.

OS Server 2016 Shared Desktop & Published applications

Does anybody have an idea how to resolve this issue.

This is a big issue for our environment.  We have made a support ticket for Citrix but after checking every UPM log file they are asking us to make a support ticket for Microsoft but no luck with them to...


Any ideas?


Thanks

Link to comment
  • 0
On 2/14/2020 at 1:21 PM, David Buyl said:

Hi all,


We are experiencing the same issue on a new catalog with Xenapp 1811 & newer with Profile Managment & MCS.

OS Server 2016 Shared Desktop & Published applications

Does anybody have an idea how to resolve this issue.

This is a big issue for our environment.  We have made a support ticket for Citrix but after checking every UPM log file they are asking us to make a support ticket for Microsoft but no luck with them to...


Any ideas?


Thanks

 

have you solved your problem? since we started to face with the same problem. we are running windows 2016, but citrix\etc are latest (1912).

Link to comment
  • 0

Hi we also have a problem like this.

Any news ?

 

Something is messing with the inner permissions on the NTUSER.dat on the root key of the users registry. After that it is missing the users name and its permissions on the main keys ACL.

Due to that change, the group policy service throws an error on next logon: Permission Denied.

I tried to find the process messing with the permissions but i can not find it. I got several procmon captures from the logon of the user but the problem is allready existing on this point.
So i can not find the exact time when the registry is getting changed its permissions.

 

Things that came to my mind first i saw the issue. Maybe you can relate?
- Outlook Search Indexing

- Outlook Search Index Roaming (VHDX file throws error from time to time: allready has disk with same ID)

- Anti Virus Software messing with permissions or preventing others from reading or changing reg hives

- Manage Engine (Desktop Central Agent) Messing with the permissions (had several problems in the past with the agent preventing registry from being closed because it had a key in use)

- Windows Update - KB4580346 which clearly made changes to the group policy service. wich would fit from the time it was released and installed on my problem and maybe also on the problem of @Thomas Jung1709156226

 

 

Deleting the NTUSER.dat and the NTUSERDAT LASTGOODKNOWN fixes the problem so the user can logon to the system. But it guarantes no permanent fix as i had users getting the permissions changed a few days after i deleted the NTUSER.dat

 

by the way i run:

DDC, SF 1912 LTSR Cu1 

VDA 1912 LTSR Cu1

VDA Win S 2016 1607 14393.4046


I hope we can get some more information on this together or with the help of Citrix.

Thank you so much for all of your help and information.

 

best regards from germany

Edited by jgagel691
added windows update as possible reason
Link to comment
  • 0

Hi guys,

 

Here we solved the issue after days and days of personnals researches.

 

jgagel691, we have the the same environnement excepting for vda, we have also 2012 R2 servers.

 

First question, do you use UPM ? If Yes, I suppose that you have a policy which delete user profil when he's disconnected?

What is the delay taht you have setted-up ?

 

For us, the policy (managed by GPO) was originaly configured to delete the profil after 10 seconds.

We decided to change it to an higher delay, the problem was the same.
Then, we decided to change the value to 0 and miracle, the issue disappeared. 

 

Hope it will help you, let me know about the result ! 

 

Regards,

Link to comment
  • 0

Hi @Sebastien MARGUERITE,

 

thank you so much for your reply.


Yes we have UPMs in use.

They get deleted after logoff. 
 

I have been messing arround with this setting quite for a while now.

It has also been set to 10 seconds which i edited to more and less time. Also with 0 seconds, or disabled. The option 0 seconds was set yesterday. But if the problem occurs on logoff i may have some NTUSER.dat´s left that are allready corrupt. I got the problem today while a user was logged on. due to that i was thinking my last changes did not made it work again.

 

but i will have an eye on that.

 

by the way i think i will also refere to a quite similar discussion here: https://discussions.citrix.com/topic/407739-upm-failed-to-copy-ntuserpol-to-the-userstore/page/2/#comment-2073686

 

Thank you so much for your help

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...