Windows VDA + Roaming Profile + OTP program

Hi everyone!

You use roaming profile, a VDA’s system with machine hosted in a cloud and you use a mobile OTP’s program like CA ArcoID OTP inside the desktop? Does it bug and keep locking your key for your users, what to do !!?

Well, look no further, I have the solution.

The problem is actually the OTP program that add a master key locally and in the user profile when you add the device. The problem arise when the user log into another computer, the roaming profile bring back the device configuration from the HCU registry’s hive but the masterkey.dat locally is not the same. If one of those key change, the system will generate random number like usual without any warning, but they will not work. (As the key differ).

– First be sure all users got a home folder.

– Now we start, install the OTP’s app in the golden image. (

– Navigate there; c:\Users\Public\CA.

– Copy the ArcotLow’s folder content. It should contain an empty keys.dat and masterkey.dat.

– Copy those file on the user share

– Rename the ArcotLow’s folder.

– After open a command prompt in c:\Users\Public\CA

– Run mklink /d ArcotLow x:\ (where x:\ is the home folder)

– Close the golden image, it’s now finish !

Now you can enjoy the OTP’s program that will list the same number than the OTP’s program on your phone in example 🙂





Windows VDA – KMS’s problem – Resetting rearm count

Hi everyone !

Today I will talk about a problem I seen often if you manage a big streamed virtual desktop’s group. The loss of the KMS’s activation, not due to a Windows’s problem, but a problem with the streaming software that does not generate unique KMS’s key.

An example of bad health on the KMS’s host; …


Open the Provisioning Services Console


Mount a vdisk in maintenance’s mode


Use regedit, click HKLM->Load Hive, and open in the new attached partition the SYSTEM’s file. 

10-19-2016 11-10-31 AM.png

Give it a temporary name

10-19-2016 11-11-31 AM.png

Naviguate to HKLM\WPA, and erase that folder completely.


Now unmounts the vdisk.


After load the virtual machine up.

Issue that command; slmgr /rearm, and close the VM.

Now watch your KMs’s host event log, unique ID should be displayed 🙂

Now it’s finished 🙂




Thanks !