Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Table of Contents
General 2
SQL Database 3
Administration 6
Virtual Desktop Agent (VDA) 13
Power Management 16
XenServer 17
Hyper-V 17
VMWare ESX / vSphere 18
Single Sign-On 18
HDX 3D 18
Machine Creation Services (MCS) 18
Remote Access 20
High Availability using NetScaler 20
Troubleshooting 21
References 22
General
Does Quick Deploy have any limitations?
Quick Deploy is designed to rapidly create a new virtual desktop infrastructure using Machine
Creation Services. For that reason, it is not intended to make use of existing virtual,
provisioned, or physical desktops. Also, Quick Deploy assumes all components are installed
on the same server.
Policy settings are not being applied properly. How can I determine what is
causing the problem?
If you experience issues when using the Active Directory Group Policy Management Console
to create and configure Citrix policies, refer to CTX127461 – [entryID]CTX127461[/entryID]
I would like to install Cloud Gateway Express - is this supported with XenDesktop
5
Cloud Gateway Express (Receiver Storefront 1.0) supports XenDesktop 5 and 5.5.
In Desktop Director User/Machine details page, I see that the status of the VDA is
displayed as Non-Brokered. What does that mean?
The VDA is either logged into using Remote Desktop Connection or through the
console. XenDesktop Controller did not broker the connection.
SQL Database
What happens if the database is unavailable?
The new brokers in XenDesktop 5 are intended to be completely stateless whenever possible.
For this reason, almost everything is database-driven and the SQL database that holds all
state information and data becomes extremely important. A XenDesktop 5 farm can only be
highly available if the SQL database is highly available. Citrix recommends and supports
mirroring and clustering as with other products and versions of XenApp and XenDesktop. The
SQL database can also be made somewhat highly available by virtualizing it and leveraging
built-in hypervisor High Availability (HA) functionality. But the database is very important and a
XenDesktop 5 farm/site is essentially unavailable or “down” if the database is down. This is
very different from the IMA architecture where the data store could be unavailable but the farm
is still operational because of local host cache.
Citrix XenServer and Marathon everRun can also be leveraged to support a highly
available Microsoft SQL server. Please refer to CTX129501 - [entryID] CTX129501
[/entryID]
How can I change the default SQL port?
Desktop Studio uses the default SQL server port (1433) to connect to and create the database
schema on your SQL Server 2008 database server. Prior to installing XenDesktop 5 on a
server, the SQL Server Client Network Utility can be used to create a database connection
alias that points to a specific SQL port. Refer to CTX128253 – [entryID]CTX128253[/entryID]
With the new database structure, can I query the database directly?
It is strongly recommended to use the PowerShell cmdlets to obtain data about the
XenDesktop 5 site. Querying the database directly might result in locking and contention
issues.
Which permissions are needed for each operation on the SQL database?
A detailed explanation of the SQL Server database access and permission model used by
XenDesktop 5 is available in CTX127998 – [entryID]CTX127998[/entryID]. See also, Which
tasks require administrative access to the Data Store?
How does the Controller communicate with the database? Does XenDesktop 5
still use IMA?
No, XenDesktop 5 no longer uses the IMA data store as the central database in which to store
configuration information. Instead, a Microsoft SQL Server database is used as the data store
for both configuration and session information. For more information about XenDesktop 5 key
differences, refer to Key Differences in XenDesktop 5.
With the previous XenDesktop versions, we were able to specify the connection
account (to the DB) with the IMA service. Is this functionality still relevant now
that IMA is no longer used?
The routine operation of a XenDesktop 5 site, including use of Desktop Studio/Director, does
not require an administrative account, nor does XenDesktop 5 record any information about a
preferred administrative account for future use.
If you use Desktop Studio to configure the database initially then you need access to the
server using an account with administrative permissions. You also need an account with
administrative access to add or remove controllers to and from the site; however, any
administrative account will do, and it does not need to be the same one that was used to
originally configure the site. So, it is possible to disable or remove the initially used account
from Active Directory, without impacting operation or future maintenance of the site.
The XenDesktop 5 services access the database using their computer account logins
(domain\machine$, or ‘NT AUTHORITY\NETWORK SERVICE’ for a controller on the same
machine as the database server). These logins are created as needed when controllers are
added to the site and are mapped to users within the XenDesktop database. These users are
members of roles that carry the minimal permission set required to allow the services to run.
Are there any built-in failover mechanisms when using mirrored databases?
CTX127359 details how to configure mirroring. Would failover be automatic once
configured this way?
Running mirroring in synchronous mode with a witness server allows for automatic failover,
see http://technet.microsoft.com/en-us/library/ms189852.aspx.
If SQL Mirroring has been configured for asynchronous mode, what kind of
state/functionality can we expect to lose if we failover to our replicated
database?
Asynchronous mirroring does not support automatic failover (that is not a restriction of
XenDesktop but of SQL Server itself); however, there would not be any loss of functionality as
such in XenDesktop. The issue is that of how far behind the primary server the mirror may lag
if the system is under load; if a failover occurs in asynchronous mode the database will appear
to step back in time by this period. Typically this is not expected to cause significant issues
because the dynamic state of the system should be recovered fairly quickly; however,
configuration changes would be lost. The larger the lag the greater the possibility of
configuration changes being lost in this way. It is important to note that all stress and scalability
testing using mirroring has been done in synchronous mode and the overhead observed was
minimal.
How can I control or minimize the size of the SQL Transaction Log?
The transaction log recovery model is set to Simple by default and does not require any
additional action to control the size of the transaction log. When using database mirroring
which requires the Full Recovery Model, backups of the transaction log should be taken
frequently to avoid consuming excessive space. The data and log files should also be set to a
reasonable size in SQL and not utilize the Auto-Grow option which consumes additional
resources. For more details on the transaction log in XenDesktop 5, refer to CTX126916 –
[entryID]CTX126916[/entryID]
Administration
How can I administer multiple sites?
You can add multiple copies of the Desktop Studio snap-in to the MMC and select a different
site for each one. If you are starting Desktop Studio from the shortcut on the start menu (or
equivalent), it always talks to the site to which the local machine is a part. If you add the snap-
in yourself, it asks you.
The Latency Graph within Desktop Director has a maximum value of 100
Milliseconds. How can I change that?
You can change the maximum value for latency as follows:
1. Open IIS Manager on the server.
2. Browse to Sites > Default Web Site > DesktopDirector.
3. Double-click the Application Settings icon.
4. Edit the UI.GraphMaxLatency value.
5. These steps are equivalent to editing the web.config file directly in
c:\inetpub\wwwroot\DesktopDirector.
Why does the XenDesktop Setup Wizard not seem to work with XenDesktop 5?
The XenDesktop Setup Wizard has not yet been modified to work with XenDesktop 5.0. But
there in an unsupported workaround:
1. Install Provisioning Services 5.6 Service Pack 1 (the previous version is supposed to work
fine) and DDC 4.0 as usual.
2. Install DDC 5.0.
3. Prepare the Master Image with Virtual Desktop Agent 5.0 which is registered to DDC 5.0.
4. Run the Imaging Wizard to set up a standard virtual disk.
5. Run the XenDesktop Setup Wizard as usual, create a Desktop Group on DDC 4.0.
6. Once completed, create Streamed Catalogues on DDC 5.0.
7. Create an Assignment for desired users.
In short, the trick is to install DDC 4.0 to let the Wizard run successfully to create virtual
machines, Active Directory computer accounts, and Provisioning Services target devices; then
go back to XenDesktop 5 to create the Streamed Catalogue and Assignment for desired users.
When will a new version of the XenDesktop Setup Wizard be available for
XenDesktop 5?
new XenDesktop Setup Wizard for XenDesktop 5 is has been built into Provisioning Services
6.0 console. For customers not yet ready to upgrade their Provisioning Services deployment to
6.0, Hotfix CPVS56SP1E029 is available which will add the new wizard to the Provisioning
Services 5.6 SP1 console.
In Desktop Director, can I allow Help Desk administrators the ability to view the
Dashboard and Desktop List pages?
Help Desk administrator can access the User Details page and search for users but by
default cannot view the Dashboard and Desktop List pages. By adding Read-only
permissions, they can. Refer to CTX130942 – Desktop Director Help Desk Admin
Dashboard/Desktop List Page Access
These UI options are located under Application settings for Desktop Director as follow:
Because all XenDesktop 5 services are dynamically allocated to each DDC, how
should I configure Web Interface for XML connections?
It is recommended to configure Web Interface with XML load balancing enabled.
Are there any new features for virtual machine-hosted applications with
XenDesktop 5?
The most notable new features for virtual machine-hosted applications for XenDesktop 5 are:
Launch a hosted application when content is opened on the
Content Redirection
client.
Rich Application Provides support for defining all application settings. No
Publishing additional configuration is needed.
Provides the capability to launch multiple applications in a
Session Sharing
single session.
Is there a list of registry settings that apply to the XenDesktop 5 Broker service?
A complete list of registry settings used by the Broker service can be found in CTX126704 –
[entryID]CTX126704[/entryID]
Virtual Desktop Agent (VDA)
How does the VDA discover its XenDesktop site andcontroller?
There are three ways of configuring discovery. Important: If the Virtual Desktop Agent is
running on a 64-bit operating system, then you must replace HKLM\Software\Citrix with
HKLM\Software\Wow6432Node\Citrix in the registry settings mentioned below.
Registry based discovery (DEFAULT): The Virtual Desktop Agent checks the following
registry keys for a list of brokers:
(Configured during installation)
HKLM\Software\Citrix\VirtualDesktopAgent\ListOfDDCs
OU based discovery: The Virtual Desktop Agent checks the following registry keys for the
GUID of the XenDesktop OU:
(Configured during installation)
HKLM\software\citrix\VirtualDesktopAgent\FarmGUID
Then it discovers the actual controllers using the XenDesktop Service Connection Point
(SCP) and the Controllers Group.
Quick deploy discovery: Quick Deploy is a new farm discovery mechanism meant for
demonstration environments and some other uses. In Quick Deploy, MCS creates the file
C:\Personality.ini on the Virtual Desktop Agent and places the List of DDCs that the Virtual
Desktop Agent is to register with. If neither the registry-based nor OU-based discovery
mechanism is defined, then the Workstation Agent reads the List of DDCs from the
personality INI file and registers with one of the listed DDCs.
What does the Virtual Desktop Agent do during a registration attempt?
The Virtual Desktop Agent performs five steps during registration:
1. Instructs the Policy subsystem to update policies from the Domain Controller.
2. If ListOfDDCs is defined, then the Virtual Desktop Agent attempts to register with one of the
DDCs listed.
3. If ListOfDDCs is NOT defined and the OU is defined, then the Virtual Desktop Agent
attempts to register with one of the DDCs obtained from the Active Directory OU.
4. If the ListOfDDCs and OU are NOT defined and the C:\personality.ini file exists and
contains a ListOfDDCs, then the Virtual Desktop Agent attempts to register with one of the
DDCs obtained from this list.
5. If a list of DDCs is not defined as mentioned above or registration fails, the Virtual Desktop
Agent waits for a certain period and retries the process. The minimum wait time starts with
a random time selected between seven and ten seconds. Each registration failure results in
the wait time being doubled, up to a maximum of two minutes. Recovery from a network
failure results in a reset to the timeout value to the minimum value with the expectation of a
quicker registration.
Is there any communication between a Virtual Desktop Agent and a Broker after
the registration is complete?
The Virtual Desktop Agent maintains a heartbeat to the registered DDC; this is essentially a
ping to make sure the connection with the DDC is still alive. Should the heartbeat fail, the
Virtual Desktop Agent de-registers with the DDC (this usually fails as the DDC connection is
gone) and restarts the registration process.
Are there any recommendations for deploying the XenDesktop 5 Virtual Desktop
Agent using Active Directory group policy?
For instructions on how to deploy or upgrade the Virtual Device Agent msi package using
Microsoft Active Directory Group Policy (GPO), refer to CTX127301 –
[entryID]CTX127301[/entryID]
In Desktop Director, I am getting permission errors for activity charts and HDX
data?
VDA installation, when Real Time Monitoring is selected, will configure Windows
Remote Management service but user permissions will have to be set after installation.
Refer to: http://support.citrix.com/proddocs/topic/director-200/director-cfg-machine-
permission.html(See ConfigRemoteMgmt.exe tool section).
Threads can be increased for WinRM. To do this, on the VDA, run the following the
command on an elevated command prompt:
winrm set winrm/config/Service @{MaxConcurrentOperationsPerUser="400"}
Power Management
What is a buffer and how does it work?
A buffer is an extra, standby set of unallocated machines that are turned on, ready for users to
connect. For shared desktop groups and unallocated machines in private desktop groups,
desktops in the buffer are turned on when the number of machines in the pool drops below the
threshold set by the buffer size. This is a percentage of the desktop group size (default is ten
percent). For large desktop groups, a significant number of machines may therefore be turned
on when the threshold is exceeded, so plan your desktop group sizes accordingly or adjust the
default buffer size using the SDK.
The buffer can be configured using the following command:
Set-BrokerDesktopGroup <Your Desktop Group> -PeakBufferSizePercent <Percent of
desktops for buffer>
Example: Set-BrokerDesktopGroup TB_Group -PeakBufferSizePercent 10
The default buffer is 10 percent (As for the 100 desktops example, the buffer would be 10
desktops). Two buffer values exist: PeakBufferSizePercent and OffPeakBufferSizePercent
The buffer setting is very similar to the old Idle Desktop setting of XenDesktop 4. So, when set
to 10 desktops, XenDesktop always tries to keep 10 virtual machines running idle and shuts
down and powers on virtual machines accordingly.
The total number of desktops powered on at a certain time depends on the load. For example:
100 virtual machines in a desktop group
Power Management set to 20 virtual machines + Buffer set to 10 percent. This means 20
virtual machines are running when no users are connected.
When 5 users log in, still 20 virtual machines are running, because the available buffer is
still above the threshold of 10 percent
When 10 users log in, still 20 virtual machines are running, because the available buffer is
equal the threshold of 10 percent
When 15 users log in, 25 virtual machines are running, because the buffer dropped below
10 percent and it had to start an additional 5 virtual machines to restore the 10 percent
buffer
XenServer
Why does catalog creation fail when using the “Other install media” template?
If you have created a virtual machine with the “Other Install media” template, go the Storage
tab for the virtual machine in XenCenter and ensure that the disk is in “device position” 0. By
default, the template creates it in position 1. Citrix recommend all users upgrade to XenServer
5.6SP2 or later.
Hyper-V
What can I do if I do not see any storage locations in SCVMM?
If you are using XenDesktop to create your virtual machines, rather than selecting an existing
catalog, configure your Hyper-V deployment as follows:
For a single Hyper-V host deployment, create a Windows network share that is writeable by
the System Center Virtual Machine Manager (SCVMM) administrator account on the
Hyper-V server.
For a multiple Hyper-V host deployment, ensure your Hyper-V hosts are set up in a Hyper-
V Failover Cluster with Cluster Shared Volume storage. On one of your Hyper-V servers,
create a Windows network share that is writeable by the SCVMM administrator account for
the Cluster Shared Volume mount point, typically C:\ClusterStorage. For more information
about setting up a Hyper-V Failover Cluster with Cluster Shared Volume storage, see your
Microsoft documentation.
See also, CTX127578 – [entryID]CTX127578[/entryID]
What must I consider when using XenDesktop 5 and Hyper-V within a multi
domain environment?
A single domain is the simplest and fastest way to integrate XenDesktop5 into a proof-of-
concept, however if a Multi-Domain environment is required there are few things to consider
before getting started.
First, a two-way trust must be enabled. If the hosts running Windows 2008 R2 with the Hyper-
V role enabled are on Domain A and the virtual machines running SCVMM, XenDesktop, and
other infrastructure services are on Domain B, then local administrative group permissions
must be granted to the SCVMM administrator account that resides on domain B for the
Windows 2008 R2 servers that reside on Domain A. This is required because when using
Quick Deploy, specific calls are made to enumerate the file share that resides on the Windows
2008 R2 host. Without the appropriate level of permissions for the SCVMM account, which is
querying the host to see the file share, the file share does not appear and you cannot continue.
How can I configure my XenDesktop 5 Virtual Desktop Agent s for VLAN Tagging
in Hyper-V?
Refer to: CTX127596 – [entryID]CTX127596[/entryID]
VMWare ESX / vSphere
I am having trouble creating a connection to a vSphere installation. What should
I consider when creating these connections?
The most common reason for a failure to create a connection to a vSphere installation is that
Windows has not been set up correctly to trust the SSL certificate used by vSphere.
Instructions for configuring Windows to trust the SSL certificate supplied with vSphere can be
found in the product documentation.
It is strongly recommended that you use HTTPS to access a vSphere installation. If this is not
possible, it is possible to modify the vSphere configuration to allow HTTP access using the
article listed below. If you do this, consider using IPSec or an equivalent mechanism to protect
HTTP communication.
CTX125578 – [entryID]CTX125578[/entryID] (See, the section beginning with Modify the Web
proxy service on vCenter Server to support HTTP.)
How can I create a VMware user account with minimum permission to manage
Machine Creation Services on XenDesktop 5.0?
Refer to: CTX127546 – [entryID]CTX127546[/entryID]
Single Sign-On
Are there any special considerations for using Single Sign-on with
XenDesktop 5?
For information on installing and configuring Single Sign-on (formerly Citrix Password
Manager) with XenDesktop 5, refer to CTX127811 – [entryID]CTX127811[/entryID]
HDX 3D
Does HDX 3D work with XenDesktop 5?
No. The HDX 3D Pro Graphics 1.1 software, which must be installed on top of an XenDesktop
4 Virtual Desktop Agent, also requires a XenDesktop 4 DDC.
I have run into a problem with Active Directory accounts being locked when I
terminated MCS while it was creating virtual machines. How can I unlock these
accounts and repair the site?
When creating virtual machines through Machine Creation Services, the Active Directory
computer accounts are put into a locked state to stop the accounts being used more than
once. When the virtual machine creation process finishes, these accounts are unlocked.
However, if the creation process is forcibly terminated, the unlocking of the accounts might not
happen. Refer to CTX127429 – [entryID]CTX127429[/entryID]
Something has gone wrong while MCS was creating virtual machines. Is there
anywhere I can look for more information?
If the action which failed was a background action in Desktop Studio, more information may be
available using PowerShell. Start a PowerShell prompt from the Powershell tab in Desktop
Studio and run the Get-ProvTask cmdlet. If there are any failed tasks, these might contain
further information. If the failed task is of type "NewVirtualMachine", further information might
be available by executing the following command:
Remote Access
How can I make Access Gateway Smart Access work with XenDesktop 5?
As with XenApp or earlier XenDesktop versions, it is necessary to trust XML requests. Within
XenDesktop 5 this must be done using the following PowerShell command:
Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $true
Are there any guidelines for using Netscaler with Desktop Director?
Director Director can be load-balanced just like other web apps using Netscaler. Some
considerations: