I encountered an issue with Citrix Profile Management recently.  The session was constantly creating a temporary profile.  This profiles had been working previous to this, so I knew that the NTFS and SHARE permissions were correct.  I decided to fault find the issue using the CPM log files, as mentioned previous to this post, but there was nothing obvious.

The Citrix Profile Management service is hosted on each Hosting server, but this service is installed on the master image by the Virtual Desktop Agent.  I uninstalled the VDA & Patch from the Master image, rebooted and then reinstalled them again.  After that, I decided to remove the VM images that were currently published within the console, and create them again. 

The Profiles worked fine after this

I discovered an unusual problem when accessing the Citrix Policy node in the Studio console.  It should be noted that nothing had changed on the policy side, and the policies were viewable, earlier on in the day.  There were no conflicting Group Policy settings being applied and no powershell scripts had been run.

 

 

1 ) From studio console, click on Powershell button
2)  Type in  add-pssnapin citrix.* (not usually required)
3)  Type in

new-psdrive "Mysite" -psprovider CitrixGroupPolicy -Root \ -controller *nameofyourcontroller*

4)  Type cd mysite: 5)  Type dir, and find the location of your policy.
6)  Type Cd user. check, then dir.  Check the policy names and priority
7)  Type Cd..
8)  Type CD Computer, check the policy names and priority

You may find that there are duplicate policy names in each container, both with different policy priorities. I found this, and decided to remove all of the policies except the unfiltered policy, and start again:

9)  To locate name of the policy and remove:

For example, the name of my policy was Citrix Profile Management.    To remove it, I type Rd "CITRIX PROFILE MANAGEMENT"
.
10)  Go back to the Studio, click Policy > Refresh.

The Active Directory Computer object password is usually changed automatically within, I think 30 days. There are Group Policy or Registry settings that can be applied to disable the machine account password (I will post these details at a later date)

You may find yourself in a scenario where you are unable to login to your master image.  This could be because you have restored to a VM snapshot, at a point in time when the computer account password was different.  Your Citrix Master image is now showing this error when you login:

"The trust relationship between this workstation and the 

primary domain failed"

You attempt to rejoin this computer to the domain but find that you can't login as a local Administrator either, so what can be done here?  I patched together this solution from several online sources, referenced at the end of this posting.

1)   Boot the  VM with your Microsoft Windows Server 2008/2012 DVD
2)  From the Windows Setup menu, click “Next”.
3)  Select “Repair your computer”
4)  Under Choose and option, click on “Troubleshoot”.
5)  Under Advanced options, click “Command Prompt”.
6)  At the command prompt, run the following commands:
            

             D:

             cd windows\system32            
             ren Utilman.exe Utilman.exe.old             
             copy cmd.exe Utilman.exe

7)  Close the command prompt and then click “Continue”.

8)  The server should now boot and present the logon screen. Here click Windows Key + U. Or Click on 

9)  At the prompt you can now change the password, by typing the following command:

              Powershell

              Reset-ComputerMachinePassword -Server "yourdc" -Credential "yourdomain\yourusername"

This will reset the machine account name on the domain and workstation.  Allowing you to login once more

10)  Restart your server and once again, boot from the Microsoft Windows Server 2008/2012 DVD

11)  From the Windows Setup menu, click “Next”.
12)  Select “Repair your computer”
13)  Under Choose and option, click on “Troubleshoot”.
14)  Under Advanced options, click “Command Prompt”.
15)  At the command prompt, run the following commands:
           

             d:
             cd windows\system32
             ren utilman.exe utilman.exe.new
             copy utilman.exe.old utilman.exe

16)  Close the command prompt and then click “Continue”.

17) Reboot, and login.  

18) Makes changed to your master image, to disable the local machine password changes

SOURCES:

http://www.kieranlane.com/2013/09/18/resetting-administrator-password-windows-2012/

http://blog.blksthl.com/2013/03/18/fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/