Problem:
ProfileUnity hangs during startup - Trust Providers
Symptoms:
When a user logs in, the screen freezes right before ProfileUnity or just after the splash screen shows up on the screen. In two observed cases, the startup hung on 'LWL_userapp_trigger.exe' processes.
You can also check for the following entry in elevation logs:
Trust verification failed on path: C:\Program Files\ProfileUnity\client.exe Error: The revocation process could not continue - the certificate(s) could not be checked.
Possible Resolution(s):
ProfileUnity validates the executables via Certificate Revocation List checks to make sure they have not been compromised. This is a safeguard in place since the client tools pass user-context commands, elevating them in the process. It is a Cryptographic Message Syntax (CMS) security consideration when creating .NET assemblies.
The 'State' value of the following registry key can be modified to bypass the checking of certificates by Microsoft's Authenticode utility when running programs.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
Option 1:
Create a GPO as shown below, defining a registry preference rule under 'User Configuration Details' that sets the 'State' registry value from '146432' (enabled) to '146944' (disabled)
Option 2:
Edit the 'State' registry value for the default profile on the base image if utilizing VDI by running the commands below in an elevated command prompt, creating a new snapshot, and recomposing/rebuilding desktops.
reg load "HKU\Temp" "C:\Users\Default\NTUSER.DAT"
reg add "HKU\Temp\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing" /v State /t REG_DWORD /d 146944 /f
reg unload "HKU\Temp"
Product: ProfileUnity-FlexApp
Product Version: 6.0+