Here is how I was able to resolve the issue. There are some EXTREMELY DANGEROUS and DATA DESTRUCTIVE steps here. If you DO NOT have Roaming Profiles & Folder Redirection of the User Accounts than you seriously should call Microsoft Support as this is NOT the way to fix your issue as it will remove files!!!!! ANY USE OF THESE INSTRUCTIONS IS AT YOUR OWN RISK!!!!!
- Set the server to not allow new logons in RD Session Host Configuration (User logon mode)
- Logged users off the server (gracefully where possible)
- Recreated missing profilelist registry keys (See MS Article):
- Recreated HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ keys (REG_EXPAND_SZ)
Default > %SystemDrive%\Users\Default
ProfilesDirectory > %SystemDrive%\Users
ProgramData > %SystemDrive%\ProgramData
Public > %SystemDrive%\Users\Public
- Used Sysinternals Junction to review "C:\Users\Default User" and recreate "C:\Users\Default User" to symbolically link to "C:\Users\Default"
Security - Advanced - Change Permissions...
Uncheck "Include inheritable permissions..."
Add "Everyone" > Apply to "This folder only" > Deny "List folder / read data"
Add "Everyone" > Apply to "This folder only" > Allow "Traverse folder / execute file" + "List folder / read data" + "Read Attributes" + "Read extended attributes" + "Read permissions"
Add "SYSTEM" > Apply to "This folder only" > Allow "Full Control"
Add "Administrators (%COMPUTERNAME%\Administrators)" > Apply to "This folder only" > Allow "Full Control"
- Set NTFS Privileges to "C:\Users\Default User" to match identically another RDSH server (from a different farm so I would know what the defaults are)
- Renamed "C:\Users\Public\Public Desktop" to "C:\Users\Public\Desktop"
- Restarted the server
- After a restart Windows recognized that Windows was activated and services were running properly (Windows Defender had been bombed out before).
- System Properties > Advanced > User Profiles > Was not showing any of the previous RDSH users.
- We use Roaming Profiles and Folder Redirection GPOs so the Users not showing up in the Profiles was not a total loss. Just had to clean up ProfileList registry keys of the previous RDSH users in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Profilelist\ (Do not delete the local machine administrator %SID% & S-1-5-18, S-1-5-19, S-1-5-20 keys!!!!!)
- Had to clean up C:\Users\ of the user folders where the ProfileList keys were removed.
Don't do this if you do not have roaming profiles and folder redirection setup where the user files are not stored only on this server!!!
Select All Files & Folders Except the following:
Delete permanently the selected folders that are for Profiles that no longer exist in the ProfileList section of the registry (SHIFT+DELETE).
- Restart again and verify everything is functioning.
- Once you are happy with the server, allow new logons again in RD Session Host Configuration.
NOTE: If you are running virtual RDSH servers, you may want to restore your RDSH servers from backups if you have a properly working backup system if you want to avoid this craziness.