Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 69

Configuring & Troubleshooting XenDesktop Sites

May 2013 Ramon Scott Lead Escalation Engineer

Presentation Goals
Provide an Understanding of the

Instruct on How to Configure

Provide Proven Troubleshooting Methodologies and Resources

High-Level XenDesktop Database And Services Architecture


XenDesktop 5 Database Overview

Supported Databases:
Broker Database

SQL Server 2008 SP1 / 2008R2

(including Express)

Database Schema
Full Relational Schema Tables, Views, Stored Procedures Single Database (for core product) Multiple SQL Schemas in Database Schemas map onto Windows services running
on Broker


Setup Process
Single Admin Separate Admins XD Admin XD Console XD Admin
1. Schema

3. Verify

XD Console
2. Schema

1. Schema

4. Verify

Export (SQL script)

XD Admin credentials used


SQL Server Console SQL Admin

3. Schema


SQL Admin credentials used

Database Access
Security Access Model
Network Service Account NT AUTHORITY\NETWORK SERVICE Computer Account DOMAIN\MACHINE$ Controller Controller
Broker Broker Service Service

SQL Login per Broker Restricted permission set




Brokers do not have rights to change schema

Database High-Availability
Broker is critically dependant on Database
Existing connections not impacted Creating new connections and reconnecting to desktops impacted

Database Failure = Broker Failure

Supported Database H/A Options: (expected popularity

1.SQL Mirror 2.Virtual Machine H/A 3.SQL Cluster

Citrix Confidential - Do Not Distribute

Database Schema Roles and Permissions

XenDesktop Service Database Role

AD Identity Service (Acct) Broker Service (Broker)

ADIdentitySchema_ROLE chr_Broker

Central Configuration Service (Config) Machine Creation Service (PvsVM) Hosting Management Service (Hyp) Machine Identity Service (Prov)

ConfigurationSchema_ROLE DesktopUpdateManagerSchema_ROLE HostingUnitServiceSchema_ROLE MachinePersonalitySchema_ROLE

Health Checks: XDDBDiag

Provided consistency data check on the data Provides connectivity verification

It also provides the following:

Virtual Desktop Agent Information Hypervisor Connections Information Policy Information Controller Information Desktop Groups Information SQL Information Current Connections / Connection Log


XenDesktop 5 Services Architecture

Desktop Studio
WCF [80] Machine Creation Service AD Identity Service Machine Identity Service PowerShell PowerShell Desktop Director WCF [80] WinRM 2.0

Host Service Virtual Desktop Agent (VDA)

Broker Service
Broker Service

Configuration Service
Infrastructure Services

Machine Creation Services

Windows Communication Foundation (WCF)


SQL Server

Service Status
XenDesktop Service AD Identity Service (Acct) Broker Service (Broker) Central Configuration Service (Config) Machine Creation Service (Prov) Hosting Management Service(Hyp) Machine Identity Service (PvsVM) PowerShell Cmdlet Get-AcctServiceStatus Get-BrokerServiceStatus Get-ConfigServiceStatus Use Get-ProvServiceStatus Get-HypServiceStatus Get-PvsvmServiceStatus

Machine Creation

Desktop Catalog models

Existing Dedicated
App App Profile PvD PvD
Profile Profile

Image Base Image with Apps

Pooled with personal vDisk

App App Profile PvD PvD

Profile Profile

Streamed Image Streamed Base Image Base Image Base Image withImage Apps Base with Apps

Streamed with personal vDisk

App App Profile PvD PvD

Profile Profile

*Image Streamed from *Image created with *Image created outside of Citrix Provisioning Server Machine Creation Services XenDesktop (PVS) (MCS)

Desktop Catalog models

Pooled Pooled with PvD*

PreAssigned First Use

Virtual Physical

Streamed with PvD Virtual Only

Random Static
* Behaves like pooled-static

MCS ID Disk, Difference Disk, Base VM

Windows 7 Master VHD Chain This is what the user sees as Drive C:\ This is hidden from the users view

Diff Disk
VHD Chain Diff Disk VHD Chain Diff Disk

ID Disk

Virtual Desktop 1

ID Disk

Virtual Desktop 2

ID Disk

Virtual Desktop x

Storage Subsystem

MCS with PvD ID Disk, Diff Disk, Base VM, PVDisk

Windows 7 Master VHD Chain

Diff Disk
This part is hidden from user Merged with the Diff Disk Seen by user as Drive C:\ E.g. Installed apps

ID Disk

Virtual Desktop 1 Seen by the user as Drive P:\ USERDATA e.g. My Documents Free space is the split allocation

Personal vDisk

PVDisk auto-created during catalog creation by copying PvD template from Base VM 10GB by default with 50 / 50 split for App Data / User Data

PVS Streamed vDisk, Cache, Base VM

Windows 7 Master PVS Stream This is what the user sees as Drive C:\ Visible file on another disk, typically D:\

Streamed vDisk Streamed vDisk Streamed vDisk

Write Cache Write Cache Write Cache

Virtual Desktop 1

PVS Stream

Virtual Desktop 2

PVS Stream

Virtual Desktop x

Storage Subsystem

PVS with PvDStreamed vDisk, Cache, Base VM, PvDisk

Windows 7 Master PVS Stream

Streamed vDisk

Write Cache

Virtual Desktop 1 Seen by the user as Drive P:\ USERDATA e.g. My Documents Free space is the split allocation

This part is hidden from user Seen by user as Drive C:\ E.g. Installed apps

Personal vDisk

PvDisk auto-created during catalog creation by copying PvD template from Base VM 10GB by default with 50 / 50 split for App Data / User Data

Where are some of the common Issue ?

Hypervisor communication Domain permissions Previously failed attempts still present in database Host Connection configured with incorrect storage Naming convention on the host

What logs do we need for this issue ?

Desktop Studio WCF [80]


Machine Creation Service AD Identity Service

Machine Identity Service

Host Service

Broker Service
Broker Service

Configuration Service
Infrastructure Services

Machine Creation Services

SQL Server

Troubleshooting Methodology
Understand issue history Verify configuration, error logs and alerts Gather and review log data of issues Compare data to working environment


Enabling Log from the Command Line

Citrix.MachineCreation.SdkWcfEndpoint.exe -Logfile c:\xdlogs\MCS-PVSvm.log

Citrix.ADIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\AD.log

Service LogFile <Location>

Citrix.MachineIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\mi.log

Case Study 1
Machine Creation Services

Case Study 1: MCS Fails after wizard

Case Study Walk Through

New Deployment Latest Hotfixes

Full Administrator account used

Worked before they rebuilt environment

Log Analysis: Desktop Studio Logs

Case Study 1: Machine Creation Service fail after wizard

24/04/13 02:37:10.7603 : DesktopStudio: [6] Script SetActionMetaData(402): [RES] Value:Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.
Search Terms: [Time of Issue] Fail | Error | Exception | Denied

Log Analysis: Machine Creation Service Logs

Case Study 1: Machine Creation Service fail after wizard

Failed to copy disk. Reason : SR_HAS_NO_PBDS ManagedMachineException: Failed to copy disk. Reason : SR_HAS_NO_PBDS Concluding job d5ea54c6-b7f1-4d45-ac08-2e2abae39e48 with state DiskConsolidationFailed. WorkflowAddMetadata(, Citrix_DesktopStudio_ExtraWarnings, Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.)
Search Terms: [Time of Issue] Fail | Error | Exception | Denied

Root Cause analysis: Misconfiguration

Failed to copy disk Reason : SR_HAS_NO_PBDS Hypervisor Connections did not include correct storage for the Master Image Target device disk could not be copied due to this Hypervisor Storage misconfiguration
*Definitions: SR - Storage Repositories PBD - Physical Block Devices

VDA Startup and Registration

VDA Registration
Registered VDA


Broker Service


Database DDC



Active Directory Controller

Troubleshooting VDA Startup and Registration

XDPing Log Basic Checks Logs: Workstation Agent Logs Broker Logs Network Trace
1011011010 SSL 1011011010 SSL 101101

Broker Service


Can be run on both the DDC and VDA Used to collect data related to basic components Will verify if the components are working correctly
Verify Domain Membership Network Interfaces WCF Endpoints Services DNS lookup Time difference between machine and Domain Controller

Basic Checks
Check the Network: Ping , Telnet and NetStat, Firewall Ensure Services started without errors Listening on the correct port Check time Check configured list of DDCs in registry

Case Study 2
Startup and Registration

Case Study 2: New Catalog Fail to Register

Case Study Walk Through

Background: Locked down environment Special configuration needed to manually enable needed services Worked in the Proof of Conference Lab but failed in production

Log Analysis: Workstation Agent Service Logs

Case Study 2: New Catalog Fail to Register

Failed to register with

WCF Fault with detail CallbackCommunicationError, message 'Fail worker callback using SPN host/ and IP address'
Register FAILURE: HighAvailabilityActive = False, InHighAvailabilityMode = False, _firstRegistrationAttemptTime = 05/18/2013 13:54:31, HighAvailabilityRegistrationTimout = 00:05:00 Message following Error pattern

Search Terms: [Time of Issue] Fail | Error | Exception | Denied

Could not register with any controllers. Waiting to try again in 9407 ms

Log Analysis: Broker Service Logs

Case Study 2: New Catalog Fail to Register

Broker:TestWorkerComms failed for worker S-1-5-21-1123877020-465626563-

3648135752-1267 caught exception:

System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
Search Terms: [Time of Issue] Fail | Error | Exception | Denied


Root Cause analysis: Misconfiguration

The DDC was not authorized the initiate a connection to the VDA Access To Compute From The Network Computer Policy did not have an entry for the Controlled and the default everyone was removed in production. Resolution: Customer added explicit entry to a Group that included all the Brokers as members


PVD maintains logs in the base of the volume attached to the VM (alongside the VHD containing the PVD user-installed applications) These logs contain a wealth of information that should be captured and provided to support/engineering if you experience problems Most frequently seen PVD support cases Failure of PVD to start virtualization (PVD cant locate volume/VHD, etc.. ) Customers trying to install unsupported apps Customers trying to move PVDs between VMs

Desktop Director has helpdesk-facing PVD metrics and support % of application area in use / total size % of user profile area in use / total size PVD reset

PVD reset allows the helpdesk to reset the application area while leaving the users data intact Aka revert to factory default Useful to reset PVDs that become wedged due to users installing broken applications


VDA Launch

VDA Launch
Desktop Service
ICA Service


Preparing New Session


Controller #1
Broker Service




Broker signals worker to Prepare Launch Request for a Session User Clicks to launch session

XML broker queries DB for a ready worker


VDA Launch
Active Connected
Desktop Service
ICA Service WCF

Controller #1
Broker Service




Request to Validate Ticket Ticket is ICA filegets is sent to Portica sent Controller ValidAuthNTicket Endpoint License

1. Validates Ticket 2. Validates License Work State: 3. Policies Work State: Active Connected


Troubleshooting VDA Launch

Event Logs (Web Interface, Controller, Storefront) Desktop Studio Broker Logs Workstation Agent Portica Logs Network Packet tracing

Case Study 3
VDA Launch

Case Study 3: Launch Failure 1030

Case Study Walk Through

Background: They recently converted all images to a Citrix PVS image

The original image worked

All streamed images including the golden image failed to launch

Search: Prepare

Troubleshooting :VDA Launch

Search Strings:

Troubleshooting :VDA Launch

Search Strings:

Root Cause analysis: MFAphook Module Failed to Load

Conversion via provisioning server had changes the long name format of the drive mfaphook failed to load and this is needed for interaction with the OS. Resolution: Add back short name to system see CTX133773 for more information


XD Tools
HDX Monitor CDF Control Citrix Scout Site Checker Desktop Director

HDX Monitor
Thinwire (Graphics) Direct 3D (Graphics) Media Stream (aka RAVE) Flash Audio

USB Devices

HDX Monitor
Mapped Client Drives (CDM) Branch Repeater Printer Client Smart Card


Citrix Scout / XD Collector (CTX130147)

Push button easy data collection system

Makes data collection and upload push button easy

Integrates data collected by Scout with the Citrix Tools as a Service

(TaaS) backend

Simplifies data collection & analysis


CDF Control: CTX111961

Tip: Use this tool to remotely enable and collect CDF traces when system are non persistent

Site Checker Tool: CTX133767

Enumerate Environment Checks Services Status Checks service instances registration status Reset Controllers Services instances into Database

Desktop Director
Web Based Unified view of apps and desktops End-user details empower the help desk

Includes HDX Monitor

Access to personal vDisk tasks


Resources discussed

Optimal deployment recommendations

CTX124087 - XenDesktop Modular Reference Architecture
CTX127939 - XenDesktop 5 Database Sizing and Mirroring Best Practices CTX123244 - High Availability for Desktop Virtualization - Reference Architecture CTX120760 - XenDesktop - Design Handbook

CTX128700 - XenDesktop Planning Guide - XenDesktop Scalability

Whitepaper - Benchmarking Citrix XenDesktop using Login Consultants VSI


For More Information

CTX132536 - Worker Unregisters at Session Launch
CTX130147 - Citrix Scout CTX111961 - CDFControl CTX127492 - How to enable Controller Service Logging in XenDesktop 5 CTX128075 - XDDBDiag: XenDesktop 5 Database Diagnostics CTX128909 - XenDesktop 5 Logon Process and Communication Flow


For More Information

Vmware Using VMware with XenDesktop
SCVMM Using Microsoft SCVMM 2008 with XenDesktop CTX127538: How to Reconfigure a XenDesktop Site to Use a Mirrored Database CTX127998 : Database Access and Permission Model for XenDesktop 5 CTX133160 - LSQuery - License Server Data Collection Tool CTX127314 - How to Collect Data for Troubleshooting Licensing Issues



Presentation Goals Recap

Provide an understanding of the architecture Instruct On How To Configure Provide Troubleshooting Resources


Before you leave

Conference surveys are available online at starting Friday, May 24 at 9:00 a.m. PT
Provide your feedback by 4:00 p.m. PT that day and youll receive a $30 gift card via email

Download presentations starting Monday, June 3, from your My Conference Planning tool located within the My Account section


Work better. Live better.

You might also like