Troubleshoot Unable to Sign In to Session Host VMs as Local Administrator
After installing Nerdio Manager and deploying dynamic host pools, you may see an FSLogix related error while attempting to sign in as a local admin on session host VMs.
This is because FSLogix is enabled by default on every new session host VM and is configured to map the profile to a network file share, which is not accessible by local admins. There is a setting that tells FSLogix to pop-up this error in case it cannot mount the profile, rather than allow a session without a network profile.
The following options are available to enable local admins to sign in to session host VMs:
(Recommended) Create local security groups on the desktop image to exclude local admins from FSLogix. See this Microsoft article to find the specific names of the group.
Allow session host sign in even if the computer cannot connect to a network profile. This can be done by following these steps:
At the Account level, navigate to Settings > Integrations.
In the FSLogix Profiles storage tile, select the default profile.
Remove the following lines:
In both cases, the changes do not take effect until you re-image your existing session hosts.
In order to temporarily remove the 'PreventLoginWithFailure' or 'PreventLoginWithTempProfile' registry values on an individual session host, without re-imaging, you can remove these keys in the Azure portal using Run Command and executing the following commands:
Remove-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "PreventLoginWithFailure"
Remove-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name PreventLoginWithTempProfile"
To restore these registry values, after adding exclusions to local groups or after the addressing the issue causing the FSLogix error message, run the following commands to recreate the registry values:
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "PreventLoginWithFailure" -PropertyType DWORD -Value 1
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "PreventLoginWithTempProfile" -PropertyType DWORD -Value 1