Presentation on theme: "Ramon Scott – Lead Escalation Engineer"— Presentation transcript:
1Ramon Scott – Lead Escalation Engineer Citrix Support SecretsWebinar SeriesConfiguring & Troubleshooting XenDesktop SitesRamon Scott – Lead Escalation EngineerAugust 29, 2013Good afternoon my name is Ramon Scott and I am a Lead Escalation Engineer on the Citrix Escalation Team Today my presentation be on Configuring and Troubleshooting XenDesktop Sites.
2Presenter Bio: Ramon Scott Over 17 Years of Experience in IT Joined Citrix in April 2010 Started directly into the Escalation Team – primary focus on XenApp Assigned as the Dedicated Engineer for a Major Strategic Account from Q Moved to XenDesktop team in July 2011Additional detailsBachelor’s Degree in Information Technology with a specialization in Network AdministrationCertifications: CCA, CCNA, CCDA, MCSE and MCITP-EARamon Scott joined the Citrix Escalation team in 2010 and has over seventeen years of experience in technology. He has hundreds of hours of experience in the project management, consultancy and implementation of computing, virtualization, security, and networking solutions. Ramon has a Bachelor’s Degree in Information Technology with a specialization in Network Administration and holds multiple industry standard certifications including CCA, CCNA, CCDA, MCSE and MCITP-EA.
3Presentation Goals Provide an Understanding of the Architecture Instruct on How to ConfigureProvide Proven Troubleshooting Methodologies and ResourcesI'd like to start by providing the goals of my presentationThe first goal is to provide an understanding of the architecture, then instruct on how to configure core components and lastly, provide Proven Troubleshooting Methodologies and ResourcesThis course is based on the XenDesktop 5.x architecture however most of the troubleshooting methodology can be applied to XD 7
4High-Level XenDesktop Database And Services Architecture let's begin by looking at the high level XenDesktop database and services architecture
6XenDesktop 5 Database Overview Supported Databases:SQL Server 2008 SP1 / 2008R2 (including Express)Database SchemaFull Relational SchemaTables, Views, Stored ProceduresSingle Database (for core product)Multiple SQL ‘Schemas’ in Database‘Schemas’ map onto Windows services running on BrokerBrokerDatabaseBrokerXenDesktop supported databases are:SQL 2008 SP1, R2 and higher including express editions.The database schema has a full relational schema; complete with tables views and stored proceduresthere is a single database for the core productandthere are multiple schemas inside the databaseschemas map to windows services running on the broker
7Setup Process XD Console Single Admin Broker Database XD Admin 1. SchemaDatabase2. SchemaXD Admin3. VerifyXD Admin credentials usedSeparate AdminsXD ConsoleBroker1. SchemaDatabase3. SchemaXD Admin4. VerifySQL Server ConsoleSQL Admin2. Schema“Export”(SQL script)SQL Admin credentials usedthe setup process will depend on the environmentWhat does this mean ?If there is a single administrator account used for SQL and XenDesktopthen this admin will generate the schema from the consoleand the console in turn will connect to the SQL database and execute the script to create the database .<.>Once this script has successfully executed the broker will connect to the database and verify that it is operationalIn case where their are separate XenDesktop and SQL admin account. the XenDesktop admin will generate the schema from the console, this schema will be exported to a SQL script that should be provided to the SQL admin.Next, the SQL admin will connect to the SQL server console and execute the script to create the database . Once this script has successfully executed the broker will connect to the database and verify that it is operational
8Database Access Database Security Access Model SQL Login per Broker Network Service Account“NT AUTHORITY\NETWORK SERVICE”Computer Account“DOMAIN\MACHINE$”SQL Login per BrokerRestricted permission setBrokers do not have rights to change schemaControllerDatabaseBroker ServiceControllerDatabaseBroker ServiceDatabase accessThe runtime access performed by the XenDesktop DDCs on the database uses the following security model:In the environment where the controller and the SQL database are housed on the same Serverthe broker will connect to the database using its local network service accounts . NT AUTHORITY /NETWORK SERVICEOn the other hand If the broker and SQL database are on separate servers, the broker will connect to using its computer accounts : “DOMAIN\MACHINE$”there is one SQL login for each brokerThis account login has a restricted permissionthat means the broken does not have rights to change the schemaThe XD database contains a set of pre-configured DB roles which have detailed execute/select permissions hung off them. Each DDC has a dedicated user within the XD database that is a member of the above roles. Each DDC accesses the DB server through its AD machine account which requires it to have a login created for it, and for that login to be mapped to the associated user in the XD DB. The login does not need to be a member of any server-level roles.´The XenDesktop 5 services access the database using their computer account logins (domain\machine$, or „NT AUTHORITY\NETWORK SERVICE‟ if database is located on a controller ( i.e. SQL Express)
9Database High-Availability Broker is critically dependant on DatabaseExisting connections not impactedCreating new connections and reconnecting to desktops impactedDatabase Failure = Broker FailureSupported Database H/A Options: (expected popularity order)SQL MirrorVirtual Machine H/ASQL ClusterNow discuss our high availability optionsthe Booker is critically dependent on the database howeverif there is a database failure existing connections will not be impactedbut creating new connections and reconnecting to desktops willthat means a database failure equals a broker failurethe supported high availability options are SQL mirroring ,virtual machine high availability and SQL clusteringCitrix Confidential - Do Not Distribute
10Database Schema Roles and Permissions XenDesktop ServiceDatabase RoleAD Identity Service (Acct)ADIdentitySchema_ROLEBroker Service (Broker)chr_Brokerchr_ControllerCentral Configuration Service (Config)ConfigurationSchema_ROLEMachine Creation Service (PvsVM)DesktopUpdateManagerSchema_ROLEHosting Management Service (Hyp)HostingUnitServiceSchema_ROLEMachine Identity Service (Prov)MachinePersonalitySchema_ROLEHere is a table that Maps the XenDesktop services to the available database schemas
11Health Checks: XDDBDiag Provided consistency data check on the dataProvides connectivity verificationIt also provides the following:Virtual Desktop Agent InformationHypervisor Connections InformationPolicy InformationController InformationDesktop Groups InformationSQL InformationCurrent Connections / Connection LogXDDBDIAGto perform basic health check on a XD site you can use the XDDBDiag tool
12ServicesWe will now transition and review the services architecture
13XenDesktop 5 Services Architecture Desktop StudioWCFPowerShellDesktop DirectorWCFPowerShellVirtual Desktop Agent (VDA)WinRM 2.0[5985/5986]ControllerMachine CreationServiceHost ServiceAD Identity ServiceMachine Identity ServiceBroker ServiceConfigurationServiceMachine CreationServicesBrokerServiceInfrastructureServicesWindows Communication Foundation (WCF)SQL ServerThe Machine creation service is responsible for the creation and provisioning activities for VMs and master ImagesMachine Identity Service, this service is responsible for the management of the Disks attached to the VMsAD Identity service, this service is responsible for the maintenance and creation of the AD computer accountsThe services combine to make-up the Machine Creation ServicesBroker service, this service is responsible for VDA registration, Power Management, license enforcement and resource allocationhost service , this service manages the hypervisor connections and resourcesConfiguration Service, this service provides directory services metadata storage and securityThese two services make up the Infrastructure ServicesAll six services maintaining their own separate connection to the backend SQL databaseSo what does this mean for you?Well, when there is an issue with Expanding catalogs , the personality of machines computer accounts lockouts, the troubleshooting efforts will be focused on the Machine creation servicesIf your issue is related to the hypervisor connection storage or its resources, Site configuration or errors in service communication your focus should be directed at the Infrastructure ServicesAnd for issues with registration, licensing, power management your efforts will be focused on the Broker ServiceDesktop studio is the management console used to configure the site and it leverages PowerShell and WCF typically on port 80Desktop director is a web based portal that can be used to the support and helpdesk teams to monitor and troubleshooting system issues before they become system-critical while at the same timeQuickly and seamlessly perform crucial support tasks for their end users including view Performance statistics via WinRMWindows Communication Foundation (or WCF), previously known as "Indigo", is a runtime and a set of APIs (application programming interface) in the .NET Framework for building connected, service-oriented applicationsSOA: Service-oriented architectureRef:Each service instance reads and writes to the SQL database periodically using connectionless ADO.net.PoSH – PowerShellWCF – Windows Communication FoundationWinRM – Windows Remote Management
14Service Status XenDesktop Service PowerShell Cmdlet AD Identity Service (Acct)Get-AcctServiceStatusBroker Service (Broker)Get-BrokerServiceStatusCentral Configuration Service (Config)Get-ConfigServiceStatusMachine Creation Service (Prov)Use Get-ProvServiceStatusHosting Management Service(Hyp)Get-HypServiceStatusMachine Identity Service (PvsVM)Get-PvsvmServiceStatusYou can also receive the current status of any of the core services from the XenDesktop PowerShell prompt by running the the respective command from this list as you can see the syntax is quite intuitiveLet’s look at the example in the first row‘to get the status of the AD identity service , you simply execute the get ‘dash’ acct service status
15Machine CreationWe can now review the concept of Machine Creation
16Desktop Catalog models AppProfileProfileAppPvDPvDImageExistingDedicatedPooledPooled with personal vDiskStreamedStreamed with personal vDiskProfileProfileBase Imagewith AppsAppAppImageProfileProfilePvDPvDStreamedBase Imagewith AppsStreamedBase ImageBase ImageProfileBase Imagewith AppsProfileImageAppAppProfileProfilePvDPvDProfileProfile*Image created outside of XenDesktop*Image Streamed from Citrix Provisioning Server (PVS)*Image created with Machine Creation Services (MCS)In XenDesktop 5.6 and higher support , Seven virtual desktop models are supported we have existing which leverages virtual machines created outside of XenDesktop . These next three are created by desktop through MCS For a dedicated catalog , the image is cloned and provided to multiple user that will have the ability to persist their changes going forward we then have pooled that create a cloned image that is then referenced as a single base image ; The virtual machines then saves any changes from the base image to a volatile diff disk that is discarded on reboot Then there is pooled with personal vdisk , this allows pooled machines the facility to save change to a separate disk that will persist with them on reboot Next there is streamed, this catalog leverages Citrix PVS server to stream a non-persistent image to the VM and all changes the image are lost on reboot and lastly we have streamed with Pvds , the steamed images the facility to save change to a separate disk that will persist with them on reboot
17Desktop Catalog models MCSPooledRandomStaticPooled with PvD*DedicatedPreAssignedFirst UsePVSStreamedVirtualPhysicalStreamed with PvDVirtual Onlyunder the MCS options, A pooled catalog can be either Randomly assigned or statically Assigned and then with Dedicated catalogs you can have Pre-Assigned or assigned to a user on first usePooled with PVD operated like a static pool as the same machine is proved to the users in addition to there unique PVD The dedicated model can be pre-assigned to a user or assigned on first use and they will retain the assignment going forward And Now For The two PVS options , You can either steam to a virtual to physical desktopWhere as steamed with PVD, allows you to only steam to Virtual Machines Ref:Random in that a user gets a new pooled image or the static option in which the same images is provided to the users after reboots.* Behaves like pooled-static
18MCS – ID Disk, Difference Disk, Base VM This is what the user sees as Drive C:\This is hidden from the users viewWindows 7 MasterVirtual Desktop 1Diff DiskID DiskVHD ChainVirtual Desktop 2Diff DiskID DiskVHD ChainVirtual Desktop xDiff DiskID DiskVHD ChainMachine creation service catalogs comprise of three disks, the Master base disk shared among all VMs in the catalog, and for each Virtual desktop, a diff disk and an identity diskThe Diff, This is what the user sees as Drive C:\And the identity disk this is hidden from the users view and maintains the machines personality configuration.This scheme is replicated for each disk that is created.Storage Subsystem
19MCS with PvD – ID Disk, Diff Disk, Base VM, PVDisk Windows 7 MasterVHD ChainDiff DiskID DiskVirtual Desktop 1Personal vDiskThis part is hidden from userMerged with the Diff DiskSeen by user as Drive C:\E.g. Installed appsSeen by the user as Drive P:\USERDATA e.g. My DocumentsFree space is the split allocationPVDisk auto-created during catalog creation by copying PvD template from Base VM10GB by default with 50 / 50 split for App Data / User DataFor Machine creation with Personal Vdisk , we have the base, and VM dif and id disk, however there is an addition personal vdisk auto-created by copying the pvd template from the base VM. This disk is 10 GB by default and has a 50/50 split for application data and user dataThis part is hidden from user and Merged with the Diff Disk and the users accesses its information as drive C:\ eg application data
20PVS – Streamed vDisk, Cache, Base VM This is what the user sees as Drive C:\Visible file on another disk, typically D:\Windows 7 MasterVirtual Desktop 1StreamedvDiskWrite CachePVS StreamVirtual Desktop 2StreamedvDiskWrite CachePVS StreamVirtual Desktop xStreamedvDiskWrite CachePVS StreamPVD stream catalogs have the Streams vdisk, the write cache and the Base VM.The Streamed vDisk is what the user sees as Drive C:\And the Write Cache is visible file on another disk, typically D:\Storage Subsystem
21PVS with PvD–Streamed vDisk, Cache, Base VM, PvDisk Windows 7 MasterPVS StreamStreamed vDiskWrite CacheVirtual Desktop 1Personal vDiskThis part is hidden from userSeen by user as Drive C:\E.g. Installed appsSeen by the user as Drive P:\USERDATA e.g. My DocumentsFree space is the split allocationPvDisk auto-created during catalog creation by copying PvD template from Base VM10GB by default with 50 / 50 split for App Data / User DataStreamed with PVD has the base image and for each Virtual desktop there is a streamed vdisk and write cache however it also has the personal vdisk attached . The PVD is the same as in the MCS configuration, I.e.., defaults to 10 GB, there’s a 50/50 split , the application data is hidden and the User data is seen as the as P:\
22Where are some of the common Issue ? Hypervisor communicationDomain permissionsPreviously failed attempts still present in databaseHost Connection configured with incorrect storageNaming convention on the hostYou may be interested in also learning what are some of the common issuesThey are:Hypervisor communicationDomain permissionsPreviously failed attempts still present in databaseThe Host Connection configured with incorrect storage repositorythe host configured with and unsupported Naming convention
23What logs do we need for this issue ? Desktop StudioPoSHWCFBrokerMachine CreationServiceHost ServiceAD Identity ServiceMachine Identity ServiceBroker ServiceConfigurationServiceMachine CreationServicesBrokerServiceInfrastructureServicesSQL ServerSo What happened when after you just sold your business unit on the concept of moving to XenDesktop and they request 500 new desktops for tomorrow morningandthe wizard Fails ?What logs do we need ?well as previously mentioned for issue with machine creation you need the machine creation services logs from the three servicesYou may also collect the logs from the desktop studio to see what command were run and what errors we actually returnedAt this point all other logs can be ignored
24Troubleshooting Methodology Understand issue historyVerify configuration, error logs and alertsGather and review log data of issuesCompare data to working environmentWhen troubleshooting an issue I recommend the following MethodologyUnderstand issue historyWhat changed?When did is StartAny specific images it happens more frequently with?Verify configuration, error logs and alertsGather and review service log data of issuesCompare collected data to a working environment
25Enabling Log from the Command Line Service –LogFile <Location>Citrix.MachineCreation.SdkWcfEndpoint.exe -Logfile “c:\xdlogs\MCS-PVSvm.log”Citrix.ADIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\AD.logCitrix.MachineIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\mi.logCitrix provides many methods to enable and collect logs; and I wanted to provide one that was a little less knownYou can enable the service logs by locating the service executable and launching with the parameter dash logfile and then the valid location for the log fileHere we go and enable the machine creation service logsNext theAD identify service logs and lastly the Machine identity serviceReference for log enablingC:\Program Files\Citrix\MachineCreation\Service>Citrix.MachineCreation.SdkWcfEndpoint.exe -logfile c:\xdlogs\MCS-PVSvm.logC:\Program Files\Citrix\ADIdentity\Service>Citrix.ADIdentity.SdkWcfEndpoint.exe -logfile c:\xdlogs\AD.logC:\Program Files\Citrix\Host\Service>Citrix.Host.SdkWcfEndpoint.exe -logfile c:\xdlogs\host.logC:\Program Files\Citrix\MachineCreation\Service>Citrix.MachineCreation.SdkWcfEndpoint.exe -logfile c:\xdlogs\MC.logC:\Program Files\Citrix\MachineIdentity\Service>Citrix.MachineIdentity.SdkWcfEndpoint.exe -logfile c:\xdlogs\mi.log
26Case Study 1 Machine Creation Services great, We have done quite a lot so far, now lets see how it applies with a case study
27Case Study 1: MCS Fails after wizard Background:New DeploymentLatest HotfixesFull Administrator account usedWorked before they rebuilt environmentCase StudyWalk ThroughThis case study is actually something seen in my lab when rebuilding my lab for a new case.This is a New Deployment with the Latest Hotfixes , I utilized account with Full Administrative access to the domain and hypervisor . This environment worked before it was rebuilt
28Log Analysis: Desktop Studio Logs Case Study 1: Machine Creation Service fail after wizard24/04/13 02:37: : DesktopStudio:  Script SetActionMetaData(402): [RES] Value:Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.Search Terms: [Time of Issue]Fail | Error | Exception | DeniedSo I started by reviewing the Desktop Studio logsThe search terms I users were the [Time of Issue].* Fail | Error | Exception | DeniedIt quickly returned the error seen in the console “Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.”Ok It tell me I failed however I need to dig further
29Log Analysis: Machine Creation Service Logs Case Study 1: Machine Creation Service fail after wizardFailed to copy disk. Reason : SR_HAS_NO_PBDSManagedMachineException: Failed to copy disk. Reason : SR_HAS_NO_PBDSConcluding job d5ea54c6-b7f1-4d45-ac08-2e2abae39e48 with state DiskConsolidationFailed.WorkflowAddMetadata(, Citrix_DesktopStudio_ExtraWarnings, Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.)Search Terms: [Time of Issue]Fail | Error | Exception | DeniedSo I then review the Machine Creation Service logI used the same search terms [Time of Issue].* Fail | Error | Exception | DeniedIt returned with a from interesting errorsFirst it reported : Failed to copy disk. Reason : SR_HAS_NO_PBDSThen it how and Managed exception with the same errorNext it indicated the job I created was concluding with a disk consolidation failed errorAnd finally it reported the error seen in the console and Desktop studio logsSo what do you do next, that have a detailed error, we can use it and conduct some research via forums , search engines etc.
30Root Cause analysis: Misconfiguration Failed to copy disk Reason : SR_HAS_NO_PBDSHypervisor Connection’s did not include correct storage for the Master ImageTarget device disk could not be copied due to this Hypervisor - Storage misconfiguration*Definitions:SR - Storage RepositoriesPBD - Physical Block DevicesSo the issue was a misconfigurationThe main clue is that messageFailed to copy disk Reason : SR_HAS_NO_PBDSSo research shows that SRs are Storage Repositories and PBD are Physical Block Devices implies that the sr does not have access to the disk, so we check and found thatHypervisor Connection’s did not include correct storage for the Master ImageThe Broker could not communicate with the correct storage location and therefore we were not able to create the base master image . When creating the hypervisor connection we followed the defaults of the wizard and did not specify the location that we utilized from images.
32VDA Registration Database VDA DDC ListofDDC Registered VDA Controller WCFDesktop ServiceBroker ServiceDatabaseVDADDCLDAPActive DirectoryControllerListofDDCDesktop Service is startedLooks up list of DDC from local registry or from personality.ini fileLooks up the computer accounts in Active DirectorySelects one DDC from the DDCs list at random and then initiates a connection through WCFDDC receives or rejects connectionIf DDC rejects or does not respond, service wait for the timeout then selects another DDC at randomIf DDC receives connection, it looks up the VDA computer accountChecks that computer account (SID) is in published assignmentInitiates WCF Test connection to VDAQueries the VDA stateSets configuration and policiesVDA is marked as registeredReturns success for registrationVDA starts heartbeat ping to DDC
33Troubleshooting VDA Startup and Registration XDPing LogBasic ChecksLogs:Workstation Agent LogsBroker LogsNetwork TraceVDAControllerDesktop ServiceSSL SSLBroker Service
34XDPING XDPING Can be run on both the DDC and VDA Used to collect data related to basic componentsWill verify if the components are working correctlyVerify Domain MembershipNetwork InterfacesWCF EndpointsServicesDNS lookupTime difference between machine and Domain ControllerXDPINGCTX123278Xd Ping report networking information of the machinePerforms time checks against the domainRetrieve the current Users informationRef Info:Information and status of Network Interfaces and Network settings. (Console Only)Performs DNS lookup and reverse lookup on the IP address of the device.Information on Time synchronization and time check for Kerberos Authentication (Console Only)User information for login User (Console Only) Including User details, Authentication type used, Group Membership.Machine information (Console Only) Environment information (Computer Name, operating system version, Domain) Domain membership verification (Membership = Verified, SID:S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXX [OK])Information on XenDesktop Services (Windows Communication Foundation Endpoints) installed and confirms if each installed service is responsive. (Console Only)Displays information on the Windows Firewall installed on the VDA and checks if the important ports are configured correctly.Queries the local event log to check for known events that are related to XenDekstop.Provides client bandwidth and response time information from the VDA to the client.
35Basic Checks Check the Network: Ping , Telnet and NetStat, Firewall Ensure Services started without errorsListening on the correct portCheck timeCheck configured list of DDCs in registryBidirectional network tests, verifying that telnet is possible bidirectional, verify that the services are started and are the listening on the correct portThen disable any firewallsWe then check the time against the Doman and between the ddc and VDAnext we verify the registry entry for the list of ddcsIf after these check we still haven’t found the root cause , then we enable service logging on the Vda and broker
36Case Study 2 Startup and Registration Its now time to review the second Case Study.
37Case Study 2: New Catalog Fail to Register Background:Locked down environmentSpecial configuration needed to manually enable needed servicesWorked in the Proof of Conference Lab but failed in productionCase StudyWalk Through
38Log Analysis: Workstation Agent Service Logs Case Study 2: New Catalog Fail to RegisterFailed to register withWCF Fault with detail CallbackCommunicationError, message 'Fail worker callback using SPN host/RS2-SynPool01.lab.net and IP address 'Register FAILURE: HighAvailabilityActive = False, InHighAvailabilityMode = False, _firstRegistrationAttemptTime = 05/18/ :54:31, HighAvailabilityRegistrationTimout = 00:05:00Message following Error patternCould not register with any controllers. Waiting to try again in 9407 msSearch Terms: [Time of Issue]Fail | Error | Exception | Denied
39Log Analysis: Broker Service Logs Case Study 2: New Catalog Fail to RegisterBroker:TestWorkerComms failed for worker S caught exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.Search Terms: [Time of Issue]Fail | Error | Exception | Denied
40Root Cause analysis: Misconfiguration The DDC was not authorized the initiate a connection to the VDA“Access To Computer From The Network” Computer Policy did not have an entry for the Controlled and the default everyone was removed in production.Resolution: Customer added explicit entry to a Group that included all the Brokers as membersDDc not AutorizedPolicy found that was needed but not enabledResolution to explicitly enable access
41Troubleshooting and Support PVD maintains logs in the base of the volume attached to the VM(alongside the VHD containing the PVD user-installed applications)These logs contain a wealth of information that should be captured and provided to support/engineering if you experience problemsMost frequently seen PVD support cases …Failure of PVD to start virtualization (PVD can’t locate volume/VHD, etc.. …)Customers trying to install unsupported appsCustomers trying to move PVDs between VMs
42Troubleshooting and Support (cont’d) Desktop Director has helpdesk-facing PVD metrics and support% of application area in use / total size% of user profile area in use / total sizePVD resetPVD reset allows the helpdesk to reset the application area while leaving the user’s data intactAka “revert to factory default”Useful to reset PVDs that become wedged due to users installing broken applications
44VDA Launch Idle SQL WI Preparing New Session Desktop ServiceController #1BrokerServiceDDCSQLWCFPolicySettingsICA ServiceBroker signals worker to Prepare for a SessionLaunch RequestXML broker queries DB for a ready workerUser Clicks to launch sessionWI
45VDA Launch (cont’d) Connected Active SQL WI Request to Validate Ticket Desktop ServiceController #1BrokerServiceDDCSQLWCFPolicySettingsICA ServiceRequest to Validate Ticketsent ControllerValidates TicketValidates LicensePoliciesTicket is ValidAuthNTicketPortica gets LicenseICA file is sent to EndpointWork State: ConnectedWork State: ActiveWI
46What Happened ?When troubleshooting Vda Issues the best place to start is asking the simple questions what happenedWhat did the user see ?was it just a generic error ? Did the error indicate the actual causeDid the receiver start and disappear without and errorOr did the receiver launch and then return and error
47Troubleshooting VDA Launch Event Logs (Web Interface, Controller, Storefront)Desktop StudioBroker LogsWorkstation AgentPortica LogsNetwork Packet tracingWhen trouble shooing a launch issue should start by reviewing the event logs
48Case Study 3VDA Launchgreat, We have done quite a lot so far, now lets see how it applies with a case study
49Case Study 3: Launch Failure 1030 Background:They recently converted all images to a Citrix PVS imageThe original image workedAll streamed images including the golden image failed to launchCase StudyWalk Through
52Troubleshooting :VDA Launch Search Strings:Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnectBad launchAdd fail|exception|error to search strings
53Root Cause analysis: MFAphook Module Failed to Load Conversion via provisioning server had changes the long name format of the drivemfaphook failed to load and this is needed for interaction with the OS.Resolution: Add back short name to system see CTX for more informationDDC not AuthorizedPolicy found that was needed but not enabledResolution to explicitly enable access
58Citrix Scout / XD Collector (CTX130147) Push button easy data collection systemMakes data collection and upload push button easyIntegrates data collected by Scout with the Citrix Tools as a Service (TaaS) backendSimplifies data collection & analysisCitrix Scout used to collect environment information and CDF tracesXenDesktop Collector the replacement for Scout with the next Feature Pack release of XenDesktop
59CDF Control: CTX111961Tip:Use this tool to remotely enable and collect CDF traces when system are non persistent
60Site Checker Tool: CTX133767 Enumerate Environment Checks Services StatusChecks service instances registration statusReset Controllers Services instances into Database
61Desktop Director Web Based Unified view of apps and desktops End-user details empower the help deskIncludes HDX MonitorAccess to personal vDisk tasksDesktop Director is a tool that will utilize role-based permission sets to support the daily usage of Citrix products.It enables support teams to perform basic maintenance tasks and to monitor and troubleshoot system issues.Desktop Director 1.0 was introduced with XenDesktop 5 and Desktop Director 2.0 supports troubleshooting XenApp sessions.Role-based access control – assign appropriate permissions to specific roles to perform certain operation. Full administrator can view all and make changes. Read-only administrator can view all but cannot perform tasks. Help desk administrator can perform day-to-day monitoring and maintenance tasks (restarting desktops or logoff sessions).
63Optimal deployment recommendations CTX XenDesktop Modular Reference ArchitectureCTX XenDesktop 5 Database Sizing and Mirroring Best PracticesCTX High Availability for Desktop Virtualization - Reference ArchitectureCTX XenDesktop - Design HandbookCTX XenDesktop Planning Guide - XenDesktop ScalabilityWhitepaper - Benchmarking Citrix XenDesktop using Login Consultants VSI
64For More Information CTX132536 - Worker Unregisters at Session Launch CTX Citrix ScoutCTX CDFControlCTX How to enable Controller Service Logging in XenDesktop 5CTX XDDBDiag: XenDesktop 5 Database DiagnosticsCTX XenDesktop 5 Logon Process and Communication Flow
65For More Information Vmware – Using VMware with XenDesktop SCVMM Using Microsoft SCVMM 2008 with XenDesktopCTX127538: How to Reconfigure a XenDesktop Site to Use a Mirrored DatabaseCTX : Database Access and Permission Model for XenDesktop 5CTX LSQuery - License Server Data Collection ToolCTX How to Collect Data for Troubleshooting Licensing Issues
67Presentation Goals Recap Provide an understanding of the architectureInstruct On How To ConfigureProvide Troubleshooting ResourcesUSB redirection is a standard feature requirement for Organization and my goal for this session is to review the feature and provide the necessary tools needed to implement and support this technology in your environment• Learn about HDX USB redirection and how it works• How to configure HDX USB redirection correctly for your environment• How to troubleshoot issues with HDX USB redirection
68About Citrix Services Citrix Services make sure you succeed with your Educate | Guide | Support | SucceedCitrix Services make sureyou succeed with yourvirtualization programs.How we can helpCitrix Education – The fastest, most efficient way toget your team the virtualization skills they need. Online,on-site or in class.citrix.com/trainingCitrix Consulting – Intensive engagements forcomplex, critical or just plain massive projects. citrix.com/consultingCitrix Support – Always-on support services thatleverage everything we know about best-practicedeployment and maintenance.citrix.com/supportAt Citrix Services - we’re Citrix consultants, teachers and support engineers and we’re all about one thing: making sure you succeed.With our help, you’ll deploy high-performance, robust virtualization and networking projects, faster – with dramatically lower risk and higher return.The best Citrix architects and administrators are the ones who never stop learning – and Citrix Education is here to help you learn those skills.Citrix Consulting gives you direct access to our most experienced virtualization and networking experts.When it’s complex; when it’s mission-critical; when it’s big; That’s when Citrix consultants can really help.On your virtualization journey, you’ll want always-on support from people who really care about your success.There’s no better insurance for your Citrix investment than with Citrix Support.
69Secrets of the Citrix Support Ninjas 40 insider troubleshooting tipsCovering XenDesktop, XenServer, XenApp and NetScalerCitrix Support top engineersFREE eBookCitrix Auto SupportNow available!Secrets of the Citrix Support Ninjas is a FREE eBook available next week.The eBook contains 40 insider troubleshooting tips for administrators.So the purpose of the eBook is to help administrators like you keep your Citrix deployments on track.We’ve collected some of their best tips and tricks for running robust Citrix environments and packaged them up into a free eBook.In it, you’ll discover some of the little-known tricks that our own support people use every day to tune, tweak, troubleshoot and test Citrix solutions.You may know a few of these tips. But you probably don’t know them all.And – you never know – you might discover just one that will change your life as an administrator.Let me give you a sneak peak now.
71Next Webinar: September Title: Troubleshooting a XenDesktop environment using the PowerShell SDKDescription: The Citrix XenDesktop PowerShell SDK is the foundation for all interactions with a XenDesktop database and is the same SDK used by Desktop Studio.This deep dive session will include a behind-the-scenes look at several tools used by Citrix Technical Support that utilize the PowerShell SDK, including common configuration cmdlets and scripts.When: Sept 26thRegistration Now!