Jump to content
Welcome to our new Citrix community!
  • 0

temporary profiles with fslogix in XenApp 7 2203


Question

Hey community, we got a strange issue since few weeks.

First our environment:

 

2 x Citrix Delivery Controller with Citrix VAad 7 2203 LTSR running on Windows Server 2019

2 x StoreFront Server with current release 2203 LTSR running on Windows Server 2019

 

20 x Terminal Servers running on Windows Server 2019 with VDA Version 2203

 

As profile management we use FSLOGIX Version 2.9.8111.53415. The .vhdx profiles are redirected on a Windows File Server, also running server 2019. The folder path is excluded from Real time protection of Windows Defender J

 

Now the issue:

The first logon is always working. Now the employee docks his notebook off without disconnecting or signing off the session. So the session should remain. The notebook automatically connects with internal WiFi.

 

After re-login the employee gets a temporary profile. There is a log entry on the Server:

 

“Failed to evaluate resultant set of user’s policies. Disconnecting the session for security reasons. The following error occurred: 5.“

 

But the profile disk is still “stuck” in the server, so that the user will be logged in with a temporary profile.

Does anyone else have this issue? Is there a solution?

Link to comment

14 answers to this question

Recommended Posts

  • 0
On 6/14/2022 at 10:46 AM, Sjoerd Van den Nieuwenhof said:

Hi,

 

Just found someone else also having this issue, they fixed it with the following registry keys:

 

Local machine - software - Citrixcreated a new folder called "reconnect"

added dword key "DisableGPCalculation" with 1

added dword key "FastReconnect" with a 0

 

Let me know if this helps

 

Unfortunately the reg keys do not work either.

We still have the problems ?

 

Additionally there are side effects, so we dicided to delete the keys.

 

Any further ideas?

I will open a support case at citrix support.

Link to comment
  • 0

Hello. 

Citrix developers introduced a new security feature in Citrix Virtual Apps and Desktops version 2112.  

The security feature is designed to prevent un-authorized access to resources if there is an error in processing group policy.  
The feature affects both multi-session VDA and single-session VDA.  The feature is included in Citrix VDA versions 2112, 2203 2206 and version 1912 CU5.
In the current releases where the feature is present, there is no flag to disable the feature. 
In future releases, a feature flag is provided to disable the feature for troubleshooting.

You may be able to get a private fix to add a feature flag to disable the new feature by opening a technical support case and mentioning CVADHELP-20129.  

 

I'm in the process of updating the Citrix documentation, especially What's New and Known Issues. 

In the meantime, you can look at this support article: https://support.citrix.com/article/CTX461472/system-rpm-event-id-17-failed-to-evaluate-resultant-set-of-users-policies

Link to comment
  • 0
On 7/14/2022 at 5:17 PM, Sandra Burke said:

Hello. 

Citrix developers introduced a new security feature in Citrix Virtual Apps and Desktops version 2112.  

The security feature is designed to prevent un-authorized access to resources if there is an error in processing group policy.  
The feature affects both multi-session VDA and single-session VDA.  The feature is included in Citrix VDA versions 2112, 2203 2206 and version 1912 CU5.
In the current releases where the feature is present, there is no flag to disable the feature. 
In future releases, a feature flag is provided to disable the feature for troubleshooting.

You may be able to get a private fix to add a feature flag to disable the new feature by opening a technical support case and mentioning CVADHELP-20129.  

 

I'm in the process of updating the Citrix documentation, especially What's New and Known Issues. 

In the meantime, you can look at this support article: https://support.citrix.com/article/CTX461472/system-rpm-event-id-17-failed-to-evaluate-resultant-set-of-users-policies

 

Thank you very much, i opened a case yesterday.

This new "feature" is very annoying, especially when it is not documentated and you can not turn it off.

I hope i will get the private fix as soon as possible.

Link to comment
  • 0

We have the same issue. Opened a Citrix support ticket.

 

Built a brand new Server 2019 environment with VDA LTSR 2203 CU1, disconnected sessions don't always reconnect and the session is lost in Director.


I checked the server logs for the lost session and saw a rpm error "Failed to evaluate resultant set of user’s policies. Disconnecting the session for security reasons. The following error occurred: 5."

 

Started discussing it in this thread: https://discussions.citrix.com/topic/416254-2203-ltsr-issues

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...