Profile Management 2103

Troubleshoot without logging

If no logging at all is taking place, try the troubleshooting approach used in the following example. It is designed to help you work out which configuration settings are being read, establish where they are being read from (when multiple ADM files are present), and check that the log file correctly tracks changes made to profiles. The strategy creates a small test OU to which a test user logs on, allowing you to create profile modifications that you then track in the log file and Resultant Set of Policies (RSoP) report.

The deployment in this example has Citrix Virtual Apps servers running on Windows Server 2003 with users connecting to their published resources using the Plug-in for Hosted Apps for Windows. The deployment uses OU-based GPOs. INI file-based configuration is not used.

Caution: Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

  1. Remove from the production environment one of the Citrix Virtual Apps servers that hosts the Citrix user profiles. And add it to a new OU containing just this server.
  2. Remove and reinstall Profile Management on the server. When reinstalling, check that short file names (also known as 8.3 file names) are activated. As this example uses Windows Server 2003, you do this as follows:
    • If the following registry entry is set to 1 (DWORD value), set it to 0 and reinstall Profile Management: HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDisable8Dot3NameCreation. This enables support for short file names.
    • If the entry is not set to 1, reinstall Profile Management to a location where each subfolder name is eight characters or less, for example c:\prof-man. For later operating systems, you do not need to adjust this registry entry.
  3. Log on as a domain administrator to the server.
  4. Examine the local policy and remove the ADM file at this level.
  5. Delete any links to GPOs assigned to your new OU.
  6. On the server, delete the key and all subkeys from Registry Editor: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\UserProfileManager\.
  7. Remove any Profile Management .ini file.
  8. Using My Computer > Properties > Advanced, delete all profiles except those profiles that you want to test. Research any errors that appear.
  9. So that you can check the Profile Management log file when logging on as a user, give the Authenticated Users group full control of the file. This is C:\Windows\System32\LogFiles\UserProfileManager\<domainname>#<computername>_pm.log (where <domainname> is the computer’s domain and<computername> is its name). If the domain cannot be determined, the log file is UserProfileManager.log.
  10. Create a GPO that contains only the following settings, and link it to your new OU. Ensure that the GPO is assigned to the Authenticated Users group. Enable these settings:
    1. Enable Profile Management.
    2. Path to user store.
    3. Enable logging.
    4. Log settings. Scroll to select all settings in this section of the ADM file.
    5. Migration of existing profiles. Select Roaming and local profiles.
    6. Local profile conflict handling. Select Rename local profile.
    7. Delete locally cached profiles on logoff. Disable the setting Process logons of local administrators. It helps when troubleshooting because, if Profile Management is misconfigured and prevents user logons, you are still able to log on as an administrator.
  11. Control how the GPO link is applied to the OU by right-clicking the OU and selecting Block Inheritance.
  12. Create a domain test user who has never logged on and who is not a member of any group that is a local administrator on the server.
  13. Publish a full desktop to this user and make sure the user is in the Remote Desktop Users group.
  14. If the domain has multiple domain controllers (DCs), force AD replication between all the DCs in the same site as the server.
  15. Log on to the server as domain Administrator, delete the log file, restart the Citrix Profile Management service, and run gpupdate /force.
  16. Check the registry and make sure the only values in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\UserProfileManager\ are the ones for your new GPO.
  17. Log out as Administrator.
  18. Using the Plug-in for Hosted Apps, log on to the published full desktop as the new domain test user.
  19. Make some setting changes to Internet Explorer, and create a blank test file in your My Docs folder.
  20. Create a shortcut to the Profile Management log file. Open it and examine the entries. Research any items that require attention.
  21. Log out and then back in as domain Administrator.
  22. Generate an RSoP report for the test user and the server.

If the report does not contain what you expect, research any items that require attention.

Troubleshoot without logging