I’m experiencing an issue with Microsoft Edge sync on a Windows 10 22H2 system. When users log in to their Citrix VDI personal desktop, Edge fails to sync despite being signed in with their personal M365 account. The edge://sync-internals/ and edge://signin-internals/ pages appear normal.
The problem occurs when we create a new image based on Windows 10 22H2 and copy the old profile from 22H1 using Citrix UPM. Edge tries to sync but never reaches a synced state.
If we delete the AppData Edge user data folder and sign in manually, everything works fine. However, this is not a viable solution for our 100+ users.
I suspect the issue is related to an incorrect authentication token (PRT?), which prevents Edge from accessing the server environment and obtaining the necessary access tokens for synchronization.
I’ve faced a similar issue with Microsoft Edge sync after profile migration. Based on your description, it sounds like the problem is indeed related to authentication tokens. Here’s a step-by-step solution to help you resolve the issue:
Step 1: Understand the Root Cause
The issue is likely due to the incorrect migration of the Profile Reconciliation Token (PRT) when copying the old profile from 22H1 to 22H2 using Citrix UPM. The PRT is used for silent authentication in Microsoft Edge, and if it’s not migrated correctly, Edge can’t access the server environment to obtain the necessary access tokens for synchronization.
Step 2: Verify the PRT Migration
Check the registry entries for the PRT in both the old (22H1) and new (22H2) profiles. You can do this by:
Opening the Registry Editor (Regedit.exe) as an administrator.
Navigating to HKCU\Software\Microsoft\IdentityCRL_unsigned\.getBytes in both profiles.
Comparing the Prt and PrtEx values. If they’re different, it might indicate an incorrect PRT migration.
Step 3: Manually Update the PRT
If the PRT values are different, you can try manually updating the PRT in the new profile. To do this:
Sign out of the M365 account in Microsoft Edge.
Delete the AppData\Local\Microsoft\Edge\User Data folder to remove any existing PRT.
Sign back in to the M365 account in Microsoft Edge. This should generate a new PRT.
Verify the new PRT values in the registry to ensure they match the original values.
Step 4: Test Syncing
After updating the PRT, try syncing Microsoft Edge again. If it still doesn’t work, you might need to investigate further or reach out to Microsoft Support for assistance.
Alternative Solution: Scripted PRT Update
If the above steps are too manual, you can consider creating a script to update the PRT for all users. This would involve using PowerShell to update the registry entries and delete the Edge user data folder. You can then run this script as part of your Citrix VDI image creation process.
I hope this helps you resolve the Microsoft Edge sync issue after profile migration. Let me know if you have any further questions or need additional assistance.