Configuring & Troubleshooting XenDesktop Sites

SUM408
May 2013 Ramon Scott Lead Escalation Engineer

Presentation Goals
Provide an Understanding of the
Architecture

Instruct on How to Configure

Provide Proven Troubleshooting Methodologies and Resources
2

High-Level XenDesktop Database And Services Architecture

Database

XenDesktop 5 Database Overview

Supported Databases:
Broker Database

SQL Server 2008 SP1 / 2008R2

(including Express)

Database Schema
Full Relational Schema Tables, Views, Stored Procedures Single Database (for core product) Multiple SQL Schemas in Database Schemas map onto Windows services running
on Broker

Broker

Setup Process
Single Admin Separate Admins XD Admin XD Console XD Admin
1. Schema

Broker
3. Verify

XD Console
2. Schema

1. Schema

Broker
4. Verify

Export (SQL script)

XD Admin credentials used

Database

SQL Server Console SQL Admin

3. Schema

Database

SQL Admin credentials used

Database Access
Security Access Model
Network Service Account NT AUTHORITY\NETWORK SERVICE Computer Account DOMAIN\MACHINE$ Controller Controller
Broker Broker Service Service

SQL Login per Broker Restricted permission set

Controller

Database

Database

Brokers do not have rights to change schema

Database High-Availability
Broker is critically dependant on Database
Existing connections not impacted Creating new connections and reconnecting to desktops impacted

Database Failure = Broker Failure

Supported Database H/A Options: (expected popularity
order)

1.SQL Mirror 2.Virtual Machine H/A 3.SQL Cluster

Citrix Confidential - Do Not Distribute

Database Schema Roles and Permissions

XenDesktop Service Database Role

AD Identity Service (Acct) Broker Service (Broker)

ADIdentitySchema_ROLE chr_Broker
chr_Controller

Central Configuration Service (Config) Machine Creation Service (PvsVM) Hosting Management Service (Hyp) Machine Identity Service (Prov)

ConfigurationSchema_ROLE DesktopUpdateManagerSchema_ROLE HostingUnitServiceSchema_ROLE MachinePersonalitySchema_ROLE

Health Checks: XDDBDiag

Provided consistency data check on the data Provides connectivity verification

It also provides the following:

Virtual Desktop Agent Information Hypervisor Connections Information Policy Information Controller Information Desktop Groups Information SQL Information Current Connections / Connection Log

Services

XenDesktop 5 Services Architecture

Desktop Studio
WCF [80] Machine Creation Service AD Identity Service Machine Identity Service PowerShell PowerShell Desktop Director WCF [80] WinRM 2.0
[5985/5986]

Controller
Host Service Virtual Desktop Agent (VDA)

Broker Service
Broker Service

Configuration Service
Infrastructure Services

Machine Creation Services

Windows Communication Foundation (WCF)

12

SQL Server

Service Status
XenDesktop Service AD Identity Service (Acct) Broker Service (Broker) Central Configuration Service (Config) Machine Creation Service (Prov) Hosting Management Service(Hyp) Machine Identity Service (PvsVM) PowerShell Cmdlet Get-AcctServiceStatus Get-BrokerServiceStatus Get-ConfigServiceStatus Use Get-ProvServiceStatus Get-HypServiceStatus Get-PvsvmServiceStatus

Machine Creation

Desktop Catalog models

Existing Dedicated
App App Profile PvD PvD
Profile Profile

Image Base Image with Apps

Pooled
Pooled with personal vDisk

App App Profile PvD PvD

Profile Profile

Streamed Image Streamed Base Image Base Image Base Image withImage Apps Base with Apps
Image

Streamed
Streamed with personal vDisk

App App Profile PvD PvD

Profile Profile

*Image Streamed from *Image created with *Image created outside of Citrix Provisioning Server Machine Creation Services XenDesktop (PVS) (MCS)

Desktop Catalog models

MCS
Pooled Pooled with PvD*

PVS
Dedicated
PreAssigned First Use

Streamed
Virtual Physical

Streamed with PvD Virtual Only

Random Static
* Behaves like pooled-static

MCS ID Disk, Difference Disk, Base VM

Windows 7 Master VHD Chain This is what the user sees as Drive C:\ This is hidden from the users view

Diff Disk
VHD Chain Diff Disk VHD Chain Diff Disk

ID Disk

Virtual Desktop 1

ID Disk

Virtual Desktop 2

ID Disk

Virtual Desktop x

Storage Subsystem

MCS with PvD ID Disk, Diff Disk, Base VM, PVDisk

Windows 7 Master VHD Chain

Diff Disk
This part is hidden from user Merged with the Diff Disk Seen by user as Drive C:\ E.g. Installed apps

ID Disk

Virtual Desktop 1 Seen by the user as Drive P:\ USERDATA e.g. My Documents Free space is the split allocation

Personal vDisk

PVDisk auto-created during catalog creation by copying PvD template from Base VM 10GB by default with 50 / 50 split for App Data / User Data

PVS Streamed vDisk, Cache, Base VM

Windows 7 Master PVS Stream This is what the user sees as Drive C:\ Visible file on another disk, typically D:\

Streamed vDisk Streamed vDisk Streamed vDisk

Write Cache Write Cache Write Cache

Virtual Desktop 1

PVS Stream

Virtual Desktop 2

PVS Stream

Virtual Desktop x

Storage Subsystem

PVS with PvDStreamed vDisk, Cache, Base VM, PvDisk

Windows 7 Master PVS Stream

Streamed vDisk

Write Cache

Virtual Desktop 1 Seen by the user as Drive P:\ USERDATA e.g. My Documents Free space is the split allocation

This part is hidden from user Seen by user as Drive C:\ E.g. Installed apps

Personal vDisk

PvDisk auto-created during catalog creation by copying PvD template from Base VM 10GB by default with 50 / 50 split for App Data / User Data

Where are some of the common Issue ?

Hypervisor communication Domain permissions Previously failed attempts still present in database Host Connection configured with incorrect storage Naming convention on the host

What logs do we need for this issue ?

Desktop Studio WCF [80]

PoSH

Machine Creation Service AD Identity Service

Machine Identity Service

Broker
Host Service

Broker Service
Broker Service

Configuration Service
Infrastructure Services

Machine Creation Services

SQL Server

Troubleshooting Methodology
Understand issue history Verify configuration, error logs and alerts Gather and review log data of issues Compare data to working environment

23

Enabling Log from the Command Line

Citrix.MachineCreation.SdkWcfEndpoint.exe -Logfile c:\xdlogs\MCS-PVSvm.log

Citrix.ADIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\AD.log

Service LogFile <Location>

Citrix.MachineIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\mi.log

Case Study 1
Machine Creation Services

Case Study 1: MCS Fails after wizard

Case Study Walk Through

Background:
New Deployment Latest Hotfixes

Full Administrator account used

Worked before they rebuilt environment

Log Analysis: Desktop Studio Logs

Case Study 1: Machine Creation Service fail after wizard

24/04/13 02:37:10.7603 : DesktopStudio: [6] Script SetActionMetaData(402): [RES] Value:Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.
Search Terms: [Time of Issue] Fail | Error | Exception | Denied

Log Analysis: Machine Creation Service Logs

Case Study 1: Machine Creation Service fail after wizard

Failed to copy disk. Reason : SR_HAS_NO_PBDS ManagedMachineException: Failed to copy disk. Reason : SR_HAS_NO_PBDS Concluding job d5ea54c6-b7f1-4d45-ac08-2e2abae39e48 with state DiskConsolidationFailed. WorkflowAddMetadata(, Citrix_DesktopStudio_ExtraWarnings, Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.)
Search Terms: [Time of Issue] Fail | Error | Exception | Denied

Root Cause analysis: Misconfiguration

Failed to copy disk Reason : SR_HAS_NO_PBDS Hypervisor Connections did not include correct storage for the Master Image Target device disk could not be copied due to this Hypervisor Storage misconfiguration
*Definitions: SR - Storage Repositories PBD - Physical Block Devices
29

VDA Startup and Registration

VDA Registration
Registered VDA
Desktop

WCF

Controller
Broker Service

Service

Database DDC

VDA

LDAP

Active Directory Controller

Troubleshooting VDA Startup and Registration

XDPing Log Basic Checks Logs: Workstation Agent Logs Broker Logs Network Trace
VDA
Desktop
1011011010 SSL 1011011010 SSL 101101

Controller
Broker Service

Service

XDPING
Can be run on both the DDC and VDA Used to collect data related to basic components Will verify if the components are working correctly
Verify Domain Membership Network Interfaces WCF Endpoints Services DNS lookup Time difference between machine and Domain Controller

Basic Checks
Check the Network: Ping , Telnet and NetStat, Firewall Ensure Services started without errors Listening on the correct port Check time Check configured list of DDCs in registry

Case Study 2
Startup and Registration

Case Study 2: New Catalog Fail to Register

Case Study Walk Through

Background: Locked down environment Special configuration needed to manually enable needed services Worked in the Proof of Conference Lab but failed in production

Log Analysis: Workstation Agent Service Logs

Case Study 2: New Catalog Fail to Register

Failed to register with http://FTLRSCOTT2RHONE.lab.net:80/Citrix/CdsController/IRegistrar.

WCF Fault with detail CallbackCommunicationError, message 'Fail worker callback using SPN host/RS2-SynPool01.lab.net and IP address 10.19.196.945'
Register FAILURE: HighAvailabilityActive = False, InHighAvailabilityMode = False, _firstRegistrationAttemptTime = 05/18/2013 13:54:31, HighAvailabilityRegistrationTimout = 00:05:00 Message following Error pattern
37

Search Terms: [Time of Issue] Fail | Error | Exception | Denied

Could not register with any controllers. Waiting to try again in 9407 ms

Log Analysis: Broker Service Logs

Case Study 2: New Catalog Fail to Register

Broker:TestWorkerComms failed for worker S-1-5-21-1123877020-465626563-

3648135752-1267 caught exception:

System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
Search Terms: [Time of Issue] Fail | Error | Exception | Denied

38

Root Cause analysis: Misconfiguration

The DDC was not authorized the initiate a connection to the VDA Access To Compute From The Network Computer Policy did not have an entry for the Controlled and the default everyone was removed in production. Resolution: Customer added explicit entry to a Group that included all the Brokers as members

39

 PVD maintains logs in the base of the volume attached to the VM (alongside the VHD containing the PVD user-installed applications) These logs contain a wealth of information that should be captured and provided to support/engineering if you experience problems Most frequently seen PVD support cases Failure of PVD to start virtualization (PVD cant locate volume/VHD, etc.. ) Customers trying to install unsupported apps Customers trying to move PVDs between VMs

 Desktop Director has helpdesk-facing PVD metrics and support % of application area in use / total size % of user profile area in use / total size PVD reset

PVD reset allows the helpdesk to reset the application area while leaving the users data intact Aka revert to factory default Useful to reset PVDs that become wedged due to users installing broken applications

41

VDA Launch

VDA Launch
VDA
Desktop Service
ICA Service

Idle

Preparing New Session

WCF

Controller #1
Broker Service

VDA

DDC

SQL

Broker signals worker to Prepare Launch Request for a Session User Clicks to launch session

XML broker queries DB for a ready worker

WI

VDA Launch
Active Connected
VDA
Desktop Service
ICA Service WCF

Controller #1
Broker Service

VDA

DDC

SQL

Request to Validate Ticket Ticket is ICA filegets is sent to Portica sent Controller ValidAuthNTicket Endpoint License

1. Validates Ticket 2. Validates License Work State: 3. Policies Work State: Active Connected

WI

Troubleshooting VDA Launch

Event Logs (Web Interface, Controller, Storefront) Desktop Studio Broker Logs Workstation Agent Portica Logs Network Packet tracing

Case Study 3
VDA Launch

Case Study 3: Launch Failure 1030

Case Study Walk Through

Background: They recently converted all images to a Citrix PVS image

The original image worked

All streamed images including the golden image failed to launch

Search: Prepare

Troubleshooting :VDA Launch

Search Strings:
Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect

Troubleshooting :VDA Launch

Search Strings:
Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect

Root Cause analysis: MFAphook Module Failed to Load

Conversion via provisioning server had changes the long name format of the drive mfaphook failed to load and this is needed for interaction with the OS. Resolution: Add back short name to system see CTX133773 for more information
53

Tools

XD Tools
HDX Monitor CDF Control Citrix Scout Site Checker Desktop Director

HDX Monitor
Thinwire (Graphics) Direct 3D (Graphics) Media Stream (aka RAVE) Flash Audio

USB Devices

HDX Monitor
Mapped Client Drives (CDM) Branch Repeater Printer Client Smart Card

Scanner
System

Citrix Scout / XD Collector (CTX130147)

Push button easy data collection system

Makes data collection and upload push button easy

Integrates data collected by Scout with the Citrix Tools as a Service

(TaaS) backend

Simplifies data collection & analysis

58

CDF Control: CTX111961

Tip: Use this tool to remotely enable and collect CDF traces when system are non persistent
#CitrixSummit
59

Site Checker Tool: CTX133767

Enumerate Environment Checks Services Status Checks service instances registration status Reset Controllers Services instances into Database

Desktop Director
Web Based Unified view of apps and desktops End-user details empower the help desk

Includes HDX Monitor

Access to personal vDisk tasks

61

Resources discussed

Optimal deployment recommendations

CTX124087 - XenDesktop Modular Reference Architecture
CTX127939 - XenDesktop 5 Database Sizing and Mirroring Best Practices CTX123244 - High Availability for Desktop Virtualization - Reference Architecture CTX120760 - XenDesktop - Design Handbook

CTX128700 - XenDesktop Planning Guide - XenDesktop Scalability

Whitepaper - Benchmarking Citrix XenDesktop using Login Consultants VSI

64

For More Information

CTX132536 - Worker Unregisters at Session Launch
CTX130147 - Citrix Scout CTX111961 - CDFControl CTX127492 - How to enable Controller Service Logging in XenDesktop 5 CTX128075 - XDDBDiag: XenDesktop 5 Database Diagnostics CTX128909 - XenDesktop 5 Logon Process and Communication Flow

65

For More Information

Vmware Using VMware with XenDesktop
SCVMM Using Microsoft SCVMM 2008 with XenDesktop CTX127538: How to Reconfigure a XenDesktop Site to Use a Mirrored Database CTX127998 : Database Access and Permission Model for XenDesktop 5 CTX133160 - LSQuery - License Server Data Collection Tool CTX127314 - How to Collect Data for Troubleshooting Licensing Issues

66

Takeaways

Presentation Goals Recap

Provide an understanding of the architecture Instruct On How To Configure Provide Troubleshooting Resources
68

Q&A

Before you leave

Conference surveys are available online at www.citrixsynergy.com starting Friday, May 24 at 9:00 a.m. PT
Provide your feedback by 4:00 p.m. PT that day and youll receive a $30 Amazon.com gift card via email

Download presentations starting Monday, June 3, from your My Conference Planning tool located within the My Account section

70

Work better. Live better.