We recently hosted our second Ask the Cloud Experts (ACE) meetup, a monthly series focused on giving you an additional channel to connect with Citrix experts and get answers to your Citrix Cloud questions. This meetup, on May 14, covered Citrix Profile Management (also known as UPM).

As promised, we have gathered all the questions and answers from our session, in case you missed the event or a specific answer. There were a lot of questions, so we’re posting half of the Q&A today and half tomorrow.

This event was also made available on-demand at the bottom of the ACE meetup registration page. To view the meetup, click the arrow under On-Demand Title at the bottom of the page and choose May ACE.

For the Q&A from our first meetup in April on Cloud Connectors, check out part 1 and part 2.

Our next ACE meetup is scheduled for Wednesday, June 19. Register today!


What are some of the best diagnostic tools available as far as profiles are concerned?
Our Citrix Profile Management logs are stored in the following path on each VDA: C:\Windows\System32\LogFiles\UserProfileManager (unless you specify otherwise via Policy, whether it is via GPMC or Studio). This log is a plain text file and you can easily read it. If you Ctrl+F (or Find) the username you’re trying to follow, you can see the times in minutes and seconds for how long it’s taking to work. Or if you’re troubleshooting a login issue, timing issue, or even if you suspect the issue is the size of the profile, the UPM logs will give you more useful information.

You can also leverage the UPMConfigCheck Powershell script, which can be found on this Knowledge Center article. It examines the existing configurations for Profile Management, which is especially helpful to spot certain issues because Profile Management can be configured on several different locations. With this tool, you can identify if you have conflicting policies or values and see what the effective policy setting is to help troubleshoot your profile paths and other settings.

Please note, configuring, maintaining, and even troubleshooting several sources adds unnecessary complexity to your environment. As a best practice, use only one method to configure Profile Management.

Other than this, we mirror Microsoft’s recommendation for troubleshooting, in terms of tools you can leverage. If you’ve narrowed the issue down to sizing you can use Procmon. Perfmon can be used to identify the loading order/sequential order of the Operating System. TreeSize can be leveraged or you can just manually look at the profile files to see what’s taking up the space and so on.

With the roaming profile option, how can we improve login speed?
To better answer this, the first question we need to ask is “Why are my logins slow?” To find out, we recommend opening Citrix Director to see which portion of the logon is slow. This will help us pinpoint and then troubleshoot that specific issue. For instance:

  • If you identify that it is a Group Policy issue, this wouldn’t be a profile issue in and of itself. You should look into it separately.
  • If it is a profile issue, you can troubleshoot the issue and take advantage of the tools that are at your disposal. For instance, for a sizing issue you can use a tool such as TreeSize or WinDirStat to take a look at why the profile is the size it is. In such a scenario, once you have identified the culprit, you can perform changes to a couple of test user profiles and remove this data (delete it manually or write a PoSH script to delete it). Then have the users log in and see if they lose any settings or notice any changes in the overall experience. This way you can decide if you should remove that data from the profile, create an exclusion for that, and use the Logon Exclusion check to see if you want to delete or ignore that data as part of the profile.

What is the recommended method for preserving registration of inbox Windows 10 Store apps (e.g. Calculator, Sticky Notes, etc.) across logins on non-persistent VDI?
There is a setting that must be added to the folder mirroring for the Tile data layer, which contains the file that specifies what the start menu layout looks like. We have a Knowledge Center article that covers how to make sure that the layout is persistent across multiple desktops. This applies to Windows 10 machines. If this does not work, reach out to your Citrix representative for further assistance.

What is the recommended size for a Citrix profile for optimal session initiation?
Citrix Profile Management uses the default user profile to create the initial profile (which is found in the default installation of the Windows Operating system). The standard size of the default profile is about 2.5MB. If you exceed this value and have a profile that is, for instance, 200-300MB and increasing, you will see a hit on logon times. The standard profile size should be as small as you can possibly make it. There is no recommended size because profiles are not a one-size-fits-all solution, unless you elect to use template profiles. However if you keep it reasonable while also employing folder redirection and configurations of this nature, you will significantly reduce your logon times all around.

Should I configure profile management in Studio, Group Policy, or Workspace Environment Management?
This is a multi-part answer, depending on what you’re looking for you might want to choose a different solution:

    • Speed (“Which solution is the fastest?”): WEM is a multi-threaded process as opposed to Citrix Profile Management from Studio or GPMC. WEM is therefore faster.
    • Simplicity (“Who will configure and manage the environment?”): Overall, WEM is more complicated to implement and manage and there are fewer people in the general population who know how WEM works. From a simplicity perspective, Group Policy may be easiest, followed by Citrix Studio, followed by WEM Service in Citrix Cloud, followed by WEM On-Premises.
    • Administrator Rights to Active Directory (“How is the AD environment managed?”): If admins do not have rights to Group Policy configuration, Studio will be easier to leverage and configure the policies. For the WEM Service, there is only one policy that needs to be configured in GPMC if using it, which is the one used to specify your Cloud Connectors. The rest of the policies would be configured in the WEM Cloud Console.

If you are using UPM, folder redirection, exclusion files, synchronizing files, and folder, should you also enable profile streaming?
There’s no right answer for this as it depends on each use case. However, for the most part we do recommend enabling this policy because profile streaming can indeed make a difference in terms of performance, especially during logon.

If using this feature, files and folders are fetched from a user store to the local computer when accessed by the users once they have logged on, which can speed up the logon process and reduce the total amount of data downloaded because files are only fully copied when they are actually used. Registry entries are cached immediately, but files and folders are only cached when accessed by users.

How would you handle profile size that gets larger day by day due to browser surfing and results in huge caches?
A way to deal with this would be to configure Group Policies to delete cookies. With Citrix Profile Management, there is a feature that allows for great improvement in this regard thanks to a setting called “Process Internet Cookie Files on Logoff,” which deletes cookies that are created during browsing. This will help prevent the profile from growing as described.

If you find large folders or files that are not needed, you can also enable the setting called “Logon exclusion check” and set it to “Delete excluded files or folders” to keep your profile clean. Unnecessary data won’t be synchronized to the VDA because this setting configures what Profile Management does if a profile in the user store contains excluded files or folders.

We have profile streaming enabled. Will profile size have any impact on user logon?
When profile streaming is enabled, files, folders, and items contained in the profile are fetched from the user store from the local machine usually only when accessed by the users after they’ve logged on. It is similar to how buffering on video players work in a “give me what I need now, I’ll request the next when I need it” manner; however, files that exist in the Pending folder and the Registry entries are fetched pretty much immediately.

So assuming we are using non-persistent machines in this question, which will delete the changes in the master on each subsequent reboot and clear the profiles, the logons to the VDA or machine itself will re-download the profile on each logon. Without user profile streaming and also if the profile is not configured to redirect most of its content, users will see an increase in logon duration in comparison to when these two features are enabled and configured accordingly.

With the Microsoft acquisition of FSLogix, what does that mean for my profile strategy?
This is a quickly developing topic. This acquisition will make the FSLogix fleet available (profile containers, O365 containers, application masking and so on). Most customers will likely be entitled to this functionality, whether it is because they have a specific entitlement already for Office 365 or Windows VDAs or even CAL but for more information on this, we recommend that you consult the official Microsoft documentation.

Now, when it comes to Citrix Profile Management, there is a lot of overlap in the features in comparison to FSLogix. CPM is fully featured (including a profile container feature, as part of 1903 release). The Citrix VDA software has been tried and tested for features and compatibility with Citrix Profile Management, so this has been developed knowing how our products interact with each other. So our recommendation to administrators is to test and go with what suits you best.

Is OneDrive for Business supported?
OneDrive for Business requires access to a web browser. It’s not really a profile solution, so it isn’t supported at the moment. Although OneDrive for Business lets users update and share files from anywhere, Microsoft’s sync agent itself is not supported on a terminal services-based implementation, which is why we don’t support it at this time. You will run into issues if you try to set this up. The recommendation is to use browser-based OneDrive instead of the client.

Do we need migration of existing profiles (local and roaming)? If yes, what is the benefit for 7.15 CU4?
If we have a use case where we’re using a local or a roaming profile that’s written down to the VDA, we may want to move that profile over to our profile management solution, specifically if we have it saved to the VDA machine. This is a case in which we would want to enable the migration of that profile into the VDA. In most cases we don’t perform this type of migration because this can add a lot of complexity and also risk profile integrity or cause corruption.

We are testing Azure file sync and DFS to sync the profile between sites and to the cloud. Do you have any experience with this solution and do you have any recommendations?
We definitely have some customers that utilize DFS to synchronize profiles between sites and the cloud. A lot of this depends on factors such as whether you have an ExpressRoute in place or VPN or how your network connectivity is configured. We do have compatibility issues with Azure Files and NTFS and integrating with Roaming Profile shares. But in terms of DFS for file synchronization, this is certainly possible. DFS should be done with consideration for which are the active targets and how you have VDAs accessing those targets. For instance, from a Microsoft perspective, Active-Active DFS is not supported as you might run into a situation in which you have a VDA logging against one profile share and then logging off and then hitting the other one before the files are synchronized appropriately so profile corruption could occur. So make sure that the VDAs are directed at the targets within Azure and ensure that the targets aren’t moving in an active-active fashion.

What is the difference between “Folders to Synchronize” and “Folders to Mirror” UPM policy? How do they differ in terms of operations (i.e. download/upload from network share, etc.).
Folders to synchronize is more or less just a copy-paste with no logic included. However “mirror” brings over the logic of the files themselves. The cookies folder of Internet Explorer is a great example. Because there’s that DB file or an index.dat file that has a job of querying and indexing certain aspects that belong in that folder, that logic cannot be just “copy-pasted.” It has to be dropped in a specific order, and it has to be mirrored.

Mirrors will require a lot more time than just a copy sync, to make sure that they are dropped into the profile properly. We do not recommend using them unless they are necessary, note event for “just in case” scenarios. Things that you would sync would be your bookmarks for your browser since these are just icons or links. The index.dat, DB or EDDB files that have to load in a specific order, specific Java operations or similar will need to be mirrored instead.

Are there plans to expand the profile container functionality to store the full profile?
At this time, 1903 release’s profile container functionality allows you to specify a folder with large files within it (like Java cache for example) to be redirected as a VHDX. We cannot reveal any further details concerning future features at the present time.

Active write back seems to be causing issues and inconsistency when enabled in SBC Server OS VDA scenarios. Is this recommended by Citrix or not? In which scenarios is Active write back recommended?
Active write back definitely adds extra load to your file server. So if you have two sessions connected using the same profile, when you log out of the first session, it will write that profile back up. However the second time you log out, it will write back and overwrite some of the data written out from the first profile.

What Active write back does is that it merges those two into a single profile so that you don’t lose settings from the first session that logged out. Citrix does not have an official recommendation as to whether you should use it since it depends on each specific environment. For instance, if you have a published desktop for 99 percent of the environment operations but you have one or two applications published out of a silo that’s using the same OS version, it will use the same profile. If you need something to be retained when the user logs out of that Silo published application, you might want to configure it. However if these Silo apps and the published desktops run on different operating systems, we won’t benefit from Active Write back so it’d be best to just disable it.

What is the recommendation on migrating UPM Profiles when moving from Windows 10, version to version? For example from 1709 to 1809.
Specifically with those two versions, Microsoft changed quite a lot, particularly the start menu. This has been a pain point for roaming profiles solutions in general, due to the decision made with the tile data layer. In 1709 the Start Menu was originally derived of a folder called the TileDatalayer which is now known as the CloudStore (in 1809). When Microsoft updates that technology it’s seen in subsequent versions of the profile. When you’re migrating you want to make sure that your Path to Profile Store variable is separating those versions. There’s a specific path to profile that you want to make sure is in there so that your subsequent logons are specific directly to the version of Windows that you’re logging in to. Value: \\server\profiles$\%USERNAME%.%USERDOMAIN%\!CTX_OSNAME!!CTX_OSBITNESS! might expand to \\server\profiles$\JohnSmith.Finance\Win8x64!

We believe that redirecting everything that you possibly can is the best solution to move forward with this. So if you can redirect your Documents, Pictures, and similar folders that might fall into this category, then changing and updating the Profile to path store to reflect the OS version will guarantee that those subsequent versions of Windows that are used are dropping in different profile sets. This way when you’re done transitioning between versions you can go and remove older versions of the profiles if you wanted to.

If you use Azure Active Directory Services, what is the recommendation if you want to use something like a DFS?
DFS replication requires access to physical or virtualized domain controllers that don’t communicate directly with Azure AD or Azure AD Domain Services. A full AD is required for DFS. For more information on this, please visit the official documentation available on Microsoft’s website.

If users are using OneDrive on their office clients, what profile management solution should be used on the Citrix side?
OneDrive is not supported for terminal services. There isn’t a profile solution that does support it right now. The recommendation for OneDrive is to use the web as opposed to the client version, which will allow users to access the files without trying to synchronize anything up or down, which is problematic for users logging in.

What would be considered as an acceptable login time out in the field?
On the support side of Citrix, it is usually profiles that take more than a minute that come in for troubleshooting. Sizing will vary how long it will take as well as policy configuration. If you’re using template profiles your time should be matched, assuming that the bandwidth to download everything is adequate. Or if you’re setting XML settings for it, then it will all be group policy delivery timers through the notifier of GP clients. Outside of that, if you are in the field and your network is 100 percent stable (good latency, good bandwidth and so on), you should see login times that are below one minute in total. If your profile size is very large, where you’re including an OST file that is 20-30G, mileage may vary. It really depends on so many variables that there’s no simple answer to this question. The smaller your profiles, the better your solution will be. That is the reason why we recommend using folder redirection and redirect as much as you can outside of your initial profile.


Please remember that as part of your Cloud subscription, you will be assigned a dedicated Customer Success Manager so make sure to leverage them if you need any additional information, want to join a tech-preview or have specific or follow up questions. Be sure to join us on June 19th for the next ACE Meetup on Networking. You can register here.

Thanks for reading, and check out Part 2 of our Q&A tomorrow!