A small retailer using Citrix Access Essentials, the small business version of XenApp, had a lot of problems as far as profiles. Occasionally a user would call, unable to work, and we’d get them limping along again somehow, but almost every user who logged in was generating event viewer errors relating to roaming profiles and folder redirection.

When the Small Business Server  – where all the roaming profiles and redirected folders are stored – ran out of space and led to a crash of Access Essentials, and ended up causing us to have to rebuild the Citrix server from scratch, the latent profile issues came out of the woodwork.

One particular user had once called in about “Chinese characters” in a message popping up, and claimed she couldn’t run anything and couldn’t work. We had just given her a new AD test account, getting around her old profile and all the redirected folders as well, when just a new roaming profile wasn’t fixing it, and she kept working like that for a couple of months.

Now several users were calling about the Chinese characters. I went in through GoToAssist to see for myself. Apparently when using Microsoft Outlook 2003, then closing it, they were getting a message about the “normal.dot” from word being unavailable, and depending on the sequence of “OK” or “cancel” that the user would follow from here, sure enough, Chinese characters would pop up. I took a screenshot of the anomaly. At first I thought it was one user who had taken a laptop to a Chinese website, but now it was a systematic problem that had to be solved just to get people to be able to work again.

 a

then….

 b

The original GPO design was convoluted, with different shares for each redirected folder, and rights a random jumble of owners. The terminal services roaming profile was \servertsprofiles.

The desktop was redirected to \servertsfolders%username%Desktop

The MyDocuments folder was redirected to \serverusers%username%MyDocuments

The application data was redirected to \servertsfolders%username%application data

Errors daily about folder redirection were mostly about folder redirection and ownership. Many were not owners of their various directories, and everyone had a different combination of problems. Many were working with bits and pieces of various profiles from their past, and many folder redirection directories had been abandoned from various numbers of months ago.

Also, after the Citrix Access Essentials rebuild, there were a few frantic calls about RFMS settings – RFMS is the main application that was being used on Citrix besides Office 2003. Apparently it takes an hour to setup all your preferences in RFMS, and now users were calling in saying their preferences were not “sticking”; that they would have to set them each day.

The break in the case came when one user called in and said he had called RFMS, they had looked into it, and it was about where the settings were being redirected. They said they had an example of someone who had it right. The thing was this user who they wanted to be like, had a bunch of errors saying she had no ownership of several of her redirected folders, and had ended up with a local profile on the Citrix server instead.

So it turns out every time we “fixed” a user’s profile, setting the proper permissions and getting rid of the errors in Event Viewer on login, we were “breaking” it from the point of view of the user, who just wanted their settings in the locally cached roaming profile, not redirected. A lot of applications have this issue, and it turns out RFMS is one of them. Redirecting application data can be asking for trouble, if not tested thoroughly over time with all applications.

I modified the Group Policy, as we had discussed at CNS before and I had also discussed with a couple of people at Citrix, who all agreed that app data redirection was a problem and should be avoided, regardless of official Best Practice, which says redirect everything you can so that the profile stays tiny. I removed only the app data redirection setting, leaving my docs and desktop – which tended to be full of people’s important stuff – redirected.

I logged in with a test account, made a few RFMS settings changes, and went to see where the settings were being stored now, hoping they would go back to the roaming profile. Surprisingly, anomalously, they did not. They were now going to the redirected “my docs” directory, under “windows, system”.

So I built an alternate GPO, side-by-side with production, and only applied it to my test user. The alternate GPO did a roaming profile, and otherwise mirrored the production GPO, but did NO folder redirection of anything. That was what it took, to get my RFMS application settings back into app data in the roaming profile, which would then get cached locally on the Citrix server, for my test account.

 c

I began adding each user who called in about Chinese characters or RFMS settings to the alternate GPO, and then renaming the profile, letting a new one be created as the user logged in and then back out. After the new solid roaming profile had been created with no folder redirection, I would drag over their My Documents and their Desktop and Favorites over to the new profile. I’d call back the user 5 minutes later and they were happy, more happy than I’d have expected. We’ve had no calls about issues for over a week now at this client, and if any more show up, we have this procedure to apply. The current risk is that this handful of happy users who get to keep their settings and have perfect access to all the things they thought they had lost over the recent weeks, have a lot of documents, and though login is still fast for them, it could eventually begin to drag. The solution will be to simply add them back to the main production GPO, and have them redirect their “My documents” and “Desktop”, but never again their application data.