I encountered a problem when configuring Xendesktop 7.1 Citrix Profile Manager.
Environment:
1) Citrix Access, Control & Resource severs were installed on Server 2008 R2 virtual machines.
2) Machine Creation Services was used to provision a Server 2008 R2 image for App/Desktop hosting (Resource layer)
3) A windows 2008 R2 file server was used to contain the Citrix Profile store
4) Group policy and Active directory access was locked down to my user account so Citrix Site policies were used to apply the Citrix Profile Management configuration.
I had just finished implementing the same setup for a different client, with no issues, but for some reason the Citrix Profile for this new client wasn't being created on the profile store location. At first, I thought this may be down to some policy at the AD Site, Domain, or OU level overwriting the settings in Citrix Studio Policies, but that wasn't the case. It took some time to work out what was going on, but it became clear by enabling the settings within the CPM .ini file:
On the App/Desktop hosting server, navigate to "\Program Files\Citrix\User Profile Manager\"
Look for the .ini file (UPMPolicyDefaults_All.ini)
If you want to test what would happen if you apply the CPM settings via this ini file rather than the Citrix policy or GPO, then fill in the following sections as required:
One of the most useful features within the INI file would be the ability to turn on logging.
You can enable the CPM settings or the log settings by placing the number 1 after the equals sign. Any other number will disable it. I enabled the log settings to fault find the CPM issues. The log is created within the same folder as the ini file, unless you state a log file path in the ini file. You'll need to restart the CPM service on the Host server before you test again, or run GPUPDATE / Force
When the CPM can't connect to the Profile store, well that's when you'll start to see temporary profiles being created when you logon to the server desktop. I set the ini file to log the user off if this happened, rather than login with a temp profile, and sure enough, the next time I logged in my account was logged off. This confirmed to me that this was an issue with connectivity to the store or permissions on the store folders.
I discovered that the CPM Store folder needed to be setup in a certain way. It would not create the CPM profiles if I used one folder with NTFS and shared permissions applied, so I had to create something like the following:
Root Folder Permissions:
In Advanced Security – Tick Include inheritable permissions from this object parent
Subfolder Permissions:
ADD CREATOR OWNER –
In Advanced security: Apply to – Subfolders and Files only
Allow Full control
Citrix user group
In Advanced security: Apply to – This folder only
The last thing to do would be to restart the Citrix profile Management Service on the host, as the changes are not made within the .ini file until that is done. You can also use Gpupdate /force, but I prefer to start the service.
Everything worked after that, so I disabled all the .INI settings that I'd configured and tested the Citrix Studio Policy again. All good! :)
That being said, the above permissions may need to be tweaked. I just managed to get this working with these settings but you can fine tune it.
