Submit a request

Nerdio Help Center

Unable to log in to session host VMs as local administrator

Avatar Amol Dalvi
Follow

Applies to: Nerdio Manager for MSP (NMM)

After installing Nerdio Manager and deploying Dynamic Host Pools, you may see a FSLogix related error while attempting to log on as local admin on host VMs:

blobid0.png

This is happening because FSLogix is enabled by default on every new session host and is configured to map the profile to a network file share, which is not accessible by local admins. There is also a setting that tells FSLogix to pop-up this error in case it cannot mount the profile (rather than allow a session without a network profile), which is what you see.
There are two options to enable local admins to log into session hosts:
  1.  (Recommended) Create local security groups on the Desktop Image to exclude local admins from FSLogix.  You can find the specific names of the group here: https://docs.microsoft.com/en-us/fslogix/configure-profile-container-tutorial.
  2. Allow session host logon even if the computer cannot connect to a network profile.  This can be done by removing the following two FSLogix registry settings from SETTINGS > Integrations > FSLogix Profiles storage in Nerdio Manager. 
    "PreventLoginWithFailure"=dword:00000001
    "PreventLoginWithTempProfile"=dword:00000001
In both cases, the changes will not take effect until you re-image your existing session hosts.
 

Troubleshooting Notes

In order to temporarily remove the 'PreventLoginWithFailure' or 'PreventLoginWithTempProfile' registry values on an individual session host (without re-imaging), you can remove these keys in Azure Portal using Run Command by executing the following commands:
Remove-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "PreventLoginWithFailure"
Remove-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "PreventLoginWithTempProfile"

To restore these registry values (after adding exclusions to local groups, or after the addressing the issue causing the FSLogix error message) the following commands will re-create the registry values:

New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "PreventLoginWithFailure" -PropertyType DWORD -Value 1
New-ItemProperty -Path "HKLM:\SOFTWARE\FSLogix\Profiles" -Name "PreventLoginWithTempProfile" -PropertyType DWORD -Value 1

 

Was this article helpful?
0 out of 0 found this helpful

Comments

Article is closed for comments.