10 Tips Every XenDesktop Admin Should Know

23,125 views
22,762 views

Published on

The recording of this webinar can be found here:
https://www1.gotomeeting.com/register/549106393

PoSH scripts used in webinar
https://citrix.sharefile.com/d/s6f2aa129f424c43b

As a XenDesktop administrator, it’s your responsibility to make sure your XenDesktop infrastructure is running smoothly and your users are working efficiently. In this webinar our very own XenDesktop master, Michael Glover will guide you in utilizing our award winning solution for virtual desktop delivery, XenDesktop, with some really key tips and time savers to help you make the very most of your investment. Michael has been involved in XenDesktop from day one and has gathered a huge amount of knowledge which he would love to share with you.

During this webinar you will:
• Learn to carry out advanced administration tasks using the public PoSH SDK
• Troubleshoot and resolve serious Site issues
• Learn how to carry out real-time infrastructure testing to validate site functionality
• Learn how to use key Tools to Troubleshoot XD issues
• Gain greater in-dept knowledge of the internal workings of XenDesktop

Published in: Technology
2 Comments
13 Likes
Statistics
Notes
No Downloads
Views
Total views
23,125
On SlideShare
0
From Embeds
0
Number of Embeds
10
Actions
Shares
0
Downloads
1,429
Comments
2
Likes
13
Embeds 0
No embeds

No notes for slide
  • Tip 10: Creating a customized XD PoSH $profilerun Test-Path $Profilerun New-Item -Type File $Profile (-Force optional / overwrite existing object)type Notepad $profile 7 hit returnadd the following lines:asnpcitrix*Import-Module -name Citrix.XenDesktop.Admin (New XD High Level Administration Module)Close PoSH and re-openTest-Path $Profile = return value = TrueRun Get-BrokerSiteRun Get-XD & Tab......To delete PoSH profile --> Remove-Item $PROFILESource:http://technet.microsoft.com/en-us/library/ff461033.aspxhttp://blogs.technet.com/b/heyscriptingguy/archive/2012/05/21/understanding-the-six-powershell-profiles.aspxhttp://technet.microsoft.com/en-us/library/bb613488%28v=vs.85%29.aspxhttp://technet.microsoft.com/en-us/magazine/2008.10.windowspowershell.aspx
  • Notes:It’s location and name are what separate it from a regular .ps1 fileQuerying the $profile will return the full path to the default profile locationDefault PoSH Profile:%UserProfile%\My Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
  • Test-path $profile (Expected return value = False) / No Existing PoSH profileTo remove an existing PoSH profile use the following: Remove-Item -force $profile
  • Notes:asnp citrix* will load all Citrix XD snap-ins i.e all XD cmdletsImport-Module -name Citrix.XenDesktop.Admin will import the new XD Administration module and its associated cmdlets. For more information see http://blogs.citrix.com/2013/09/19/xd-tipster-introducing-the-new-xd7-xendesktop-posh-module/
  • -Force [<SwitchParameter>] Allows the cmdlet to create an item that writes over an existing read-only item. Implementation varies from pro vider to provider. For more information, see about_Providers. Even using the Force parameter, the cmdlet cannot override security restrictions.
  • After the PoSH Profile has been configured correctly, you can close the PoSH window, even log-out of the machine and the next time you launch an instance of PoSH – the configured profile will load and customize your env.
  • Tip 9: Service MGMT (Checking The state of FMA services through PoSH)Run Script - statuserror.ps1Run Help Get-BrokerServiceStatus –Full to view details about DBMissingOptionalFeature return value
  • Just because the Controller FMA services appear to be running fine through the windows services applet, this does not mean that they are in a healthy state internally. The exact status can and should be queried through PoSH.
  • Run Help Get-BrokerServiceStatus –Full to view full list of return values for the Broker service for example…
  • Run Help Get-BrokerServiceStatus –Full to view full list of return values for the Broker service for example…
  • Run Help Get-BrokerServiceStatus –Full to view full list of return values for the Broker service for example…
  • Ref: http://support.citrix.com/static/kc/CTX127254/help/Get-BrokerServiceStatus.html
  • Ref: http://support.citrix.com/static/kc/CTX127254/help/Get-BrokerServiceStatus.html
  • " ""Current Status of Controller Services"" "" "" "write-host –NoNewLine "Broker Service" -BackgroundColor "RED" -ForegroundColor "Black"Get-BrokerServiceStatus | select ser* | format-listwrite-host –NoNewLine "Configuration Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-ConfigServiceStatus | select ser* | format-listwrite-host –NoNewLine "Host Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-HypServiceStatus | select ser* | format-listwrite-host –NoNewLine "Machine Creation Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-ProvServiceStatus | select ser* | format-listwrite-host –NoNewLine "AD Identity Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-AcctServiceStatus | select ser* | format-listwrite-host –NoNewLine "Monitor Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-MonitorServiceStatus | select ser* | format-listwrite-host –NoNewLine "Configuration Service LOgging" -BackgroundColor "Green" -ForegroundColor "Black"Get-LogServiceStatus | select ser* | format-listwrite-host –NoNewLine "Environment Test Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-EnvTestServiceStatus | select ser* | format-listwrite-host –NoNewLine "StoreFront Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-SFServiceStatus | select ser* | format-listwrite-host –NoNewLine "Delegated Administration Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-AdminServiceStatus | select ser* | format-list
  • Tip 8: Checking & Updating DB Schema versions manually through PoSHRun Get-BrokerInstalledDBVersion - Return value = 7.0.0.0 (Reason for error)Run Get-BrokerInstalledDBVersionRun Get-BrokerInstalledDBVersion - upgradeUpdate Schema manually by creating update script and applying to DB:$upgrade = Get-BrokerDBVersionChangeScript -DatabaseName CitrixTraining -TargetVersion 7.1.0.0$upgrade.Script > update_71.sql (Already exists on SQLServer)Stop Broker service on DC1 or run reset.ps1 (Note usage of -Force switch) to unconfigure all servicesExecute update_71.sql on SQLServerRun Script - statusfixed.ps1 again: return value for Broker Service = OK
  • Based on the description of the DBMissingOptionalFeature return value when checking the status of the Broker Service through PoSH:“The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable.”It appears the DB schema for the Broker service is out of date or out of sync with the Broker Service binary version. Run Get-BrokerInstalledDbVersion to check the
  • After confirming the DB schema version for the broker service in the previous slide i.e. 7.0.0.0, running Get-BrokerController will give a good indication if the schema is out of date i.e. Broker Schema should be 7.1.0.0 to match major and minor versions above.
  • C:\>$upgrade = Get-BrokerDBVersionChangeScript -DatabaseName CitrixTraining -TargetVersion 7.1.0.0C:\>$upgrade.Script > update_71.sql (Already exists on SQLServer)
  • Note: In fact, Only the Broker service has to be un-configured to place a Controller in an off state.
  • Note: if you stopped the Broker service in step 4 then just start the service again. If you disconnected all services from the DB using a script or manually using PoSH then reset each service to point to the DB again.
  • Script:" ""Current Status of Controller Services"" "" "" "write-host –NoNewLine "Broker Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-BrokerServiceStatus | select ser* | format-listwrite-host –NoNewLine "Configuration Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-ConfigServiceStatus | select ser* | format-listwrite-host –NoNewLine "Host Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-HypServiceStatus | select ser* | format-listwrite-host –NoNewLine "Machine Creation Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-ProvServiceStatus | select ser* | format-listwrite-host –NoNewLine "AD Identity Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-AcctServiceStatus | select ser* | format-listwrite-host –NoNewLine "Monitor Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-MonitorServiceStatus | select ser* | format-listwrite-host –NoNewLine "Configuration Service LOgging" -BackgroundColor "Green" -ForegroundColor "Black"Get-LogServiceStatus | select ser* | format-listwrite-host –NoNewLine "Environment Test Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-EnvTestServiceStatus | select ser* | format-listwrite-host –NoNewLine "StoreFront Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-SFServiceStatus | select ser* | format-listwrite-host –NoNewLine "Delegated Administration Service" -BackgroundColor "Green" -ForegroundColor "Black"Get-AdminServiceStatus | select ser* | format-list
  • Tip 7: Machine TaggingSet Some tags through Citrix Studio - W7dedicated1.training.lab = TrainingRun Get-BrokerMachine | select machinename, tags | format-table through PoSHExtra steps If needed: (time permitting) run Get-BrokerDesktop | select machinen*, uid | format-table + Take note of Desktop UId of Training\W7dedicated2 machine = 4run New-BrokerTag -Name <Finance> to create new Tagrun $desktop = Get-BrokerDesktop -uid 4Add-BrokerTag -Name finance -desktop $desktop
  • Once Machines have been logical grouped, HDX policies can be applied to the specific tag (subset of machines).
  • With tags, you can deliver a HDX policy for example to a subset of machines across Delivery Groups/Delivery Group types and OUs (the three well known machine filters)…-Tags can be added and edited with Citrix Studio.-Multiple tags can be assigned -Tags can overlap machines of course
  • Note: Tags support the asterisk (*) wildcardAlso see: http://blogs.citrix.com/2013/08/29/xd-tipster-machine-tagging-and-hdx-policies/Note: you will need to know the Uid of the desktop you want to apply the tag against – see next slide…
  • run Get-BrokerDesktop | select machinen*, uid | format-table + Take note of Desktop UId of Training\W7dedicated2 machine = 4run New-BrokerTag -Name <Finance> to create new Tagrun $desktop = Get-BrokerDesktop -uid 4Add-BrokerTag -Name finance -desktop $desktop
  • Get-BrokerDesktop | select machinen*, uid | format-table
  • Using the Select command to only return information from specific tables is optimal. You can also format the returned output as you see fit using the various format options:Format-TableFormat-List…
  • Quite often, the tag filter is ignored or mis-understood. Filtering policies by Machine tags can be very useful.
  • Tip 7: Machine TaggingSet Some tags through Citrix Studio - W7dedicated1.training.lab = TrainingRun Get-BrokerMachine | select machinename, tags | format-table through PoSHExtra steps If needed: (time permitting) run Get-BrokerDesktop | select machinen*, uid | format-table + Take note of Desktop UId of Training\W7dedicated2 machine = 4run New-BrokerTag -Name <Finance> to create new Tagrun $desktop = Get-BrokerDesktop -uid 4Add-BrokerTag -Name finance -desktop $desktop
  • Each MCS based catalog is associated with an identity pool of the same name which manages computer a/c’s for all machines generated from the parent catalog.Based on the screenshot above, The next machine to be created from the Windows 7 SP1 x86 – 1GB catalog (The IdentityPoolName value is inherited from the catalog name) would be W7PoolRandom4… see next slide.
  • The IdentityPoolName value is inherited from the catalog name i.e. ProvisioningSchemeName
  • With the introduction of XD5.x and MCS we introduced some flexibility in relation to AD computer a/c management….If the StartCount value is reset then MCS will create the next machine using the next StartCount value as long a matching computer a/c does not exist in AD. If it does then it will move onto the next available count value…
  • Each MCS based catalog is associated with an identity pool of the same name which manages computer a/c’s for all machines generated from the parent catalog. The StartCount value is not reset if Desktops are deleted.The StartCount value in the above screenshot is 6 as the last AD a/c assigned to a machine was W7PoolRandom5
  • The StartCount value in the above screenshot is 2 as the last AD a/c assigned to a machine was W7PoolRandom1You will also notice that the same machine exists i.e. W7PoolRandom5 as per the previous slide also. We can only create a new machine with a numeric number lower then 5 i.e. 1 after we reset the StartCount back to 1. Note: Regardless of machines being deleted, MCS will continue to increment the numeric or alpha value at the end of the NamingScheme.
  • Set-AcctIdentityPool -IdentityPoolName "Windows 7 SP1 x86 - 1GB" -NamingScheme WebinarTest# -StartCount 1Result: Any new machines created from the catalog will inherit the new NamingScheme
  • Tip 5: Controlling Access To Resources (Example: Using the Broker Entitlement Policy to explicitly exclude a user from accessing desktops with a Delivery Group)1.Login to StoreFront and Show 3 Desktops available for User12.from within PoSH on DC1 change the Entitlement Policy for the Win7 pooled Delivery Group to exclude user1:Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $true -ExcludedUsers training\user13.Refresh or logout/in again to StoreFront and notice that only 2 Desktops are now available for User1 (My Win7 Pooled Desktops button is missing)4.Discuss how to revert exclusions: Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -RemoveExcludedUsers training\user1 -ExcludedUserFilterEnabled $falseorSet-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $false -ExcludedUsers @()
  • The above policies (Entitlement & Assignment) control access to resources and also the conditions (Access Policy) under which resources can be accessed.Assignment policies are useful if you are assigning users on first use at the Delivery Group level. No impact if you exclude the same user that you pre-assign to a desktop as the pre-assignment will override the exclusion.
  • Without any exclusions set, User1 has access to Three delivery Groups and the contained Desktops through association with the Domain Users Group…
  • To set an exclusion use the following command as an example: Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $true -ExcludedUsers training\user1
  • After editing the existing Broker Entitlement Policy for the Training Win7 Delivery Group and excluding user1 refreshing StoreFront will reflect this…Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $true -ExcludedUsers training\user1
  • Tip 4: Exploring Citrix PowerShell Providersshow usage of XDHYP: and LocalGPO: PS-DrivesRun Get-PSProviderchange Dir to XDHYP:cd to Hostingunits dirrun Set-Item -LiteralPath xdhyp:\hostingunits\local -UseLocalStorageCaching $true to enable intellicacheadd new machine to existing catalog or crate new catalog = ERRORrun Set-Item -LiteralPath xdhyp:\hostingunits\local -UseLocalStorageCaching $false to disable intellicachecd into localgpo: driveRun help New-PSDrive -full and create simple HDX policy in Site DBCreating a HDX Policy in Site DB:Create New PSDrive: New-PSDrive Webinar -PSProvider CitrixGroupPolicy -Root \ -Controller DC1drill down to \user\training\settings\ICA>create setting and enable value: Set-ItemProperty ReadonlyClipboard -Name State -Value enabledSet tag through Citrix Studio and launch W7dedicated1 through Storefront as user1 and check to see if policy has been applied
  • Windows includes some default PSProviders to mount and access the registry and File System through PoSH…
  • Other PSDrive Options as per the Help New-PSDrive –Full command:New-PSDrive [-Name] <string> [-PSProvider] <string> [-Root] <string> [-Credential <PSCredential>] [-Description <string>] [-Scope <string>] [-Confirm] [-WhatIf] [-UseTransaction] [<CommonParameters>]New-PSDrive [-Name] <string> [-PSProvider] <CitrixGroupPolicy> [-Root] <string> -DomainGpo <string> [-DomainController <string>] [-Description <string>] [-Scope <string>] [-Confirm] [-WhatIf] [<CommonParameters>]New-PSDrive [-Name] <string> [-PSProvider] <CitrixGroupPolicy> [-Root] <string> -LocalGpo <string> [-Description <string>] [-Scope <string>] [-Confirm] [-WhatIf] [<CommonParameters>]New-PSDrive [-Name] <string> [-PSProvider] <CitrixGroupPolicy> [-Root] <string> -FarmGpo <string> [-Description <string>] [-Scope <string>] [-Confirm] [-WhatIf] [<CommonParameters>]New-PSDrive [-Name] <string> [-PSProvider] <CitrixGroupPolicy> [-Root] <string> -Controller <string> [-LoggingId <Guid>] [-Description <string>] [-Scope <string>] [-Confirm] [-WhatIf] [<CommonParameters>]New-PSDrive [-Name] <string> [-PSProvider] <CitrixGroupPolicy> [-Root] <string> -Templates [-Description <string>][-Scope <string>] [-Confirm] [-WhatIf] [<CommonParameters>]
  • UseSet-Item -LiteralPath xdhyp:\hostingunits\local -UseLocalStorageCaching $true to enable intellicache (LocalStorageCaching) for the Hosting Unit.Local = HostingUnitNameNote: LocalStorageCaching is only supported on NFS shared storage and as per the screenshot above where local storage is being used, Citrix Studio will throw an error when trying to add machines to an existing MCS based catalog or when trying to create a new Catalog – see next slide for an example.
  • The following issue will be seen if Intellicache (LocalStorageCaching)is enabled for local storageTo Resolve the above issue you could disable Intellicache (LocalStorageCaching)Set-Item -LiteralPath xdhyp:\hostingunits\local -UseLocalStorageCaching $false
  • We can use the CitrixGroupPolicy PSProvider to create and edit polices in AD and in the Site DB. Understanding how to do this can be very useful especially for automation purposes…
  • Filters can also be configured through PoSH…
  • After launching a desktop associated with the training tag, you can open the registry and confirm that the policy was applied correctly. This validates the usage of tags in relation to HDX policy filtering.
  • Source: http://technet.microsoft.com/en-us/library/ff461033.aspx
  • Note: Logoff options will not impact Pooled machines of course as a pooled machine will always restart at logoff regardless of power policy setting through the SDK
  • Note: Timeout is set in minutes
  • Tip 2: Using the Site Access Policy to Restrict Access to ResourcesExample:within PoSH run Get-BrokerAccessPolicyRule -DesktopGroupName "Training Win7 - Dedicated" to return both default rules for the "Training Win7 - Dedicated" delivery GroupRun Set-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct" -ExcludedClientIPFilterEnabled $true -ExcludedClientIPs 192.168.10.29 to restrict access from the Win7Client machineLog into Storefront as Training User1 and notice that the Win7 Dedicated machine icon is no longer visibleremove filter: Set-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct" -ExcludedClientIPFilterEnabled $false -ExcludedClientIPs @()
  • Set-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct" -ExcludedClientIPFilterEnabled $true -ExcludedClientIPs 192.168.10.29
  • After applying the ExcludedClientIPs filter to the direct default access policy of the Training Win7 – Dedicated delivery Group, the machines will no longer be available through Storefront…
  • http://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controller-to-an-existing-db-3-simple-steps/
  • Create Instance Scripts for each service running on DC1 (Controller)Configure the DB connection string for each serviceRegister each service with the Configuration serviceLets take a look…
  • Create Instance Scripts for each service running on DC1 (Controller)Configure the DB connection string for each serviceRegister each service with the Configuration serviceLets take a look…
  • Create Instance Scripts for each service running on DC1 (Controller)Configure the DB connection string for each serviceRegister each service with the Configuration serviceLets take a look…
  • For more XD Tipster Blogs see the official Citrix Blogs page and/or follow @Xdtipster for announements
  • At Citrix Services - we’re Citrix consultants, teachers and support engineers and we’re all about one thing: making sure you succeed.With our help, you’ll deploy high-performance, robust virtualization and networking projects, faster – with dramatically lower risk and higher return.The best Citrix architects and administrators are the ones who never stop learning – and Citrix Education is here to help you learn those skills.Citrix Consulting gives you direct access to our most experienced virtualization and networking experts.When it’s complex; when it’s mission-critical; when it’s big; That’s when Citrix consultants can really help.On your virtualization journey, you’ll want always-on support from people who really care about your success.There’s no better insurance for your Citrix investment than with Citrix Support.
  • Secrets of the Citrix Support Ninjas is a FREE eBook available next week.The eBook contains 40 insider troubleshooting tips for administrators.So the purpose of the eBook is to help administrators like you keep your Citrix deployments on track.We’ve collected some of their best tips and tricks for running robust Citrix environments and packaged them up into a free eBook.In it, you’ll discover some of the little-known tricks that our own support people use every day to tune, tweak, troubleshoot and test Citrix solutions. You may know a few of these tips. But you probably don’t know them all.And – you never know – you might discover just one that will change your life as an administrator.Let me give you a sneak peak now.
  • 10 Tips Every XenDesktop Admin Should Know

    1. 1. Important links: PoSH Scripts Webinar Recording Citrix Support Secrets Webinar Series 10 Tips Every XenDesktop Admin Should Know Mick Glover – Sr. Readiness Specialist, Worldwide Support Readiness January 30, 2014
    2. 2. Presenter Bio: Mick Glover • Over 18 Years of Experience in IT • Joined Citrix in January 2005 • Started as Senior member of Frontline team • Spent 3 years working as an Escalation Engineer • Been with the WW Readiness team since 2009 • Certifications: CCA, CCEE, CCIA, CCI & MCSE • SME areas: XenDesktop, App Orchestration, UPM • Promotes the XD Tipster Blog Series and @XDtipster twitter feed 2 © 2012 Citrix | Confidential – Do Not Distribute
    3. 3. Objectives At the end of this webinar, you will be able to: • Customize your PoSH working environment • Validate the true state of FMA services and identity possible issues • Generate and apply Schema update scripts against Site DB • Logically group machines using Broker tags • Manage computer a/c’s and naming schemes for MCS Catalogs • Explicitly Control access to desktops through PoSH • Configure aspects of XD using built-in Citrix PSProviders • Configure advanced PMGMT features • Create service DB scripts of various types to facilitate XD Deployments © 2012 Citrix | Confidential – Do Not Distribute
    4. 4. Tip Number 10 Creating a customized XD PoSH $profile
    5. 5. What is a PoSH Profile? The nuts and Bolts • PoSH script file (.ps1) that runs when PoSH starts up ᵒCan contain Cmdlets, Scripts, functions i.e. any valid PoSH commands • Can be used to set-up and customize your PoSH env • Advantage for XenDesktop administrators? • Lets take a look…. © 2012 Citrix | Confidential – Do Not Distribute
    6. 6. Step 1: Confirm if profile already exists Test-path $profile • Return value False = No existing profile • Return value True = Existing profile © 2012 Citrix | Confidential – Do Not Distribute
    7. 7. Step 2: Create PoSH $Profile New-item –type file $profile • -Force parameter can be used to overwrite an existing profile © 2012 Citrix | Confidential – Do Not Distribute
    8. 8. Step 3: Configure PoSH $Profile Notepad $profile • Type notepad $profile ᵒEnter commands to customize PoSH env ᵒFile  Save  Exit © 2012 Citrix | Confidential – Do Not Distribute
    9. 9. Step 4: Confirm existence of $Profile Test-Path %profile • Expected return value = True • Edit at any stage by typing Notepad $profile  Return © 2012 Citrix | Confidential – Do Not Distribute
    10. 10. New-Item PoSH cmdlet -Force switch Usage • Allows the cmdlet to create an item that writes over an existing read-only item © 2012 Citrix | Confidential – Do Not Distribute
    11. 11. Step 5: Confirm $Profile functionality E.G. Get-BrokerSite © 2012 Citrix | Confidential – Do Not Distribute
    12. 12. Tip Number 9 Service MGMT (Checking The state of FMA services through PoSH)
    13. 13. Checking the Status of the controller Services Windows services applet won’t paint the full picture… • Run Get-<Alias>ServiceStatus for each service ᵒExpected return value = OK • Other Possible Return values include: • • • • DBMissingOptionalFeature DBRejectedConnection DBUnconfigured … • Lets take a look… © 2012 Citrix | Confidential – Do Not Distribute
    14. 14. PoSH - Validating Service Status XD 5.x • Use Get-BrokerServiceStatus (Broker Service) • Use Get-ConfigServiceStatus (Configuration Service) • Use Get-HypServiceStatus (Host Service) • Use Get-AcctServiceStatus (AD Identity Service) • Use Get-ProvServiceStatus (Machine Creation Service) • Use Get-PvsvmServiceStatus (Machine Identity Service) • Use Get-LicServiceStatus (License Service) © 2012 Citrix | Confidential – Do Not Distribute
    15. 15. PoSH - Validating Service Status XD 7.x 1 of 2 • Use Get-BrokerServiceStatus (Broker Service) • Use Get-ConfigServiceStatus (Configuration Service) • Use Get-HypServiceStatus (Host Service) • Use Get-AcctServiceStatus (AD Identity Service) • Use Get-ProvServiceStatus (Machine Creation Service) • Use Get-LicServiceStatus (License Service) © 2012 Citrix | Confidential – Do Not Distribute
    16. 16. PoSH - Validating Service Status XD 7.x 2 of 2 • Use Get-EnvTestServiceStatus (Environment Test Service) • Use Get-SfServiceStatus (Storefront Service) • Use Get-MonitorServiceStatus (Monitor Service) • Use Get-LogServiceStatus (Configuration Logging Service) • Use Get-AdminServiceStatus (Delegated Administration Service) © 2012 Citrix | Confidential – Do Not Distribute
    17. 17. Get-BrokerServiceStatus - Return Values (1 of 2) Status Meaning OK The broker is connected to a database that is valid, and the service is running. DBUnconfigured The broker does not have a database connection configured DBRejectedConnection The database rejected the logon from the Broker Service. This may be caused by bad credentials, or the database not being installed. InvalidDBConfigured The database schema is missing (possibly just the stored procedures in it). DBNotFound The specified database could not be located with the configured connection string. DBMissingOptionalFeature The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable. DBMissingMandatoryFeature © 2012 Citrix | Confidential – Do Not Distribute The broker is connected to a database that is valid, but it does not have the full functionality required so the broker cannot function. Upgrading the database is required.
    18. 18. Get-BrokerServiceStatus - Return Values (2 of 2) Status Meaning DBNewerVersionThanService The broker is too old to use the database. A newer version is required. DBOlderVersionThanService The database is too old for the Broker Service. Upgrade the database. DBVersionChangeInProgress A database schema upgrade is in progress. OK PendingFailure Connectivity between the Broker Service and the database has been lost. This may be a transitory network error, but may indicate a loss of connectivity that requires administrator intervention. Failed Connectivity between the broker and the database has been lost for an extended period of time, or has failed due to a configuration problem. The broker service cannot operate while its connection to the database is unavailable. Unknown The Service's status cannot be determined © 2012 Citrix | Confidential – Do Not Distribute
    19. 19. Validating the Status of the controller Services Write simple .ps1 script for single Controller to make your life easier © 2012 Citrix | Confidential – Do Not Distribute
    20. 20. Validating the Status of the controller Services Return value is important © 2012 Citrix | Confidential – Do Not Distribute
    21. 21. What does DBMissingOptionalFeature mean? Run Help Get-BrokerServiceStatus –Full to find out… • The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable. • Next Step? See Tip 8 © 2012 Citrix | Confidential – Do Not Distribute
    22. 22. Tip Number 8 Checking & Updating DB Schema versions manually through PoSH
    23. 23. DB Schema’s background • Each Service has it’s own DB Schema and set of tables that it communicates with • DB Schema version should match the version of the service itself for optimal performance • Let’s take a look and see what the problem is… © 2012 Citrix | Confidential – Do Not Distribute
    24. 24. Step 1: Run Get-BrokerInstalledDbVersion Check current Broker Service DB schema and available upgrade options © 2012 Citrix | Confidential – Do Not Distribute
    25. 25. Step 2: Run Get-BrokerController Check Controller Version © 2012 Citrix | Confidential – Do Not Distribute
    26. 26. Step 3: Run Get-BrokerDBVersionChangeScript Create upgrade script © 2012 Citrix | Confidential – Do Not Distribute
    27. 27. Step 4: Disconnect Controller from DB • Any controller can essentially be turned off (disconnect from the DB)by unconfiguring the services • You could also stop the Broker Service… © 2012 Citrix | Confidential – Do Not Distribute
    28. 28. Step 5: Upgrade the Broker Service Schema • Execute upgrade_71.sql file on SQLServer in SQLCMD mode and against the XD DB • Check messages window for confirmation… • Start the Broker service one again on Controller prior to Step 7 (Next Slide) © 2012 Citrix | Confidential – Do Not Distribute
    29. 29. Step 7: Check Status of Broker Service again Get-BrokerServiceStatus • Expected return value = OK • Remember: Creating simple scripts will make your life easier and can be fun to use… © 2012 Citrix | Confidential – Do Not Distribute
    30. 30. Tip Number 7 Machine Tagging
    31. 31. Machine Tagging The Nuts and Bolts • Machine tagging first introduced in XD 5.x • Can be used to create a logical grouping of machines within a site ᵒAcross Delivery Groups & OU’s • This can have advantages when configuring HDX Policies/Access to resources • Let’s take a look… © 2012 Citrix | Confidential – Do Not Distribute
    32. 32. Machine Tagging through Citrix Studio • Any machine which is part of a Delivery or Desktop Group can be tagged within Citrix Studio… © 2012 Citrix | Confidential – Do Not Distribute
    33. 33. Assigning Tags through PoSH Example - Alternative Option 1. New-BrokerTag -Name <Executive> 2. $desktop = Get-BrokerDesktop -uid 1 3. Add-BrokerTag -Name Executive -desktop $desktop © 2012 Citrix | Confidential – Do Not Distribute
    34. 34. Assigning Tags through PoSH Visual Example 2 © 2012 Citrix | Confidential – Do Not Distribute
    35. 35. Confirming Machine UID’s © 2012 Citrix | Confidential – Do Not Distribute
    36. 36. Viewing Tags through PoSH Use Select Command • Get-BrokerMachine | select machinename, tags | format-table © 2012 Citrix | Confidential – Do Not Distribute
    37. 37. HDX Tag Filter Use Case • HDX Policies can be applied against specific tags… © 2012 Citrix | Confidential – Do Not Distribute
    38. 38. Tip Number 6 Managing the Identity Pool StartCount and NamingScheme Parameters for MCS Catalogs
    39. 39. Identity Pools Created and managed by the AD Identity Service • Associated with Catalogs © 2012 Citrix | Confidential – Do Not Distribute
    40. 40. Observation IdentityPoolName & ProvisioningSchemeName matching values © 2012 Citrix | Confidential – Do Not Distribute
    41. 41. XenDesktop A/C delete/re-use options MCS Only • Important to understand Delete options in relation to machine a/c mgmt… • NB: If machine AD a/c is deleted then it can be used again automatically as long as the StartCount value is reset to match • If AD a/c is not deleted then resetting the StartCount will have no impact © 2012 Citrix | Confidential – Do Not Distribute
    42. 42. StartCount value determines © 2012 Citrix | Confidential – Do Not Distribute
    43. 43. © 2012 Citrix | Confidential – Do Not Distribute
    44. 44. Changing the NamingScheme Considerations © 2012 Citrix | Confidential – Do Not Distribute
    45. 45. Changing the NamingScheme WebinarTest# • Set-AcctIdentityPool -IdentityPoolName "Windows 7 SP1 x86 - 1GB" -NamingScheme WebinarTest# -StartCount 1 • Note: Unless the StartCount value is explicitly set then it will remain as it was prior to the change in NamingScheme © 2012 Citrix | Confidential – Do Not Distribute
    46. 46. Reverting NamingScheme Considerations • StartCount will not change © 2012 Citrix | Confidential – Do Not Distribute
    47. 47. Tip Number 5 Controlling Access To Resources
    48. 48. XD Site Policies Overview • Entitlement Policies (Pooled/Shared Desktops) ᵒGet-BrokerEntitlementPolicyRule ᵒGet-BrokerAppEntitlementPolicyRule • Assignment Policies (Dedicated/Private Desktops) ᵒGet-BrokerAssignmentPolicyRule ᵒGet-BrokerAppAssignmentPolicyRule • Access Policy ᵒGet-BrokerAccessPolicyRule (Discussed during Tip# 2) • Lets take a look… © 2012 Citrix | Confidential – Do Not Distribute
    49. 49. Viewing BrokerEntitlementPolicy rule(s) Training Win7 Delivery Group • By default, no exclusions are set © 2012 Citrix | Confidential – Do Not Distribute
    50. 50. © 2012 Citrix | Confidential – Do Not Distribute
    51. 51. Setting a BrokerEntitlementPolicy rule Edit existing rule for relevant Delivery Group © 2012 Citrix | Confidential – Do Not Distribute
    52. 52. © 2012 Citrix | Confidential – Do Not Distribute
    53. 53. Revert Changes/Remove Exclusions • Use –RemoveExcludedUsers parameter or empty the array using @() ᵒSet-BrokerEntitlementPolicyRule -Name "Training Win7_1" -RemoveExcludedUsers traininguser1 -ExcludedUserFilterEnabled $false Or ᵒSet-BrokerEntitlementPolicyRule -Name "Training Win7_1" ExcludedUserFilterEnabled $false -ExcludedUsers @() © 2012 Citrix | Confidential – Do Not Distribute
    54. 54. Tip Number 4 Exploring Citrix PowerShell Providers
    55. 55. What are PowerShell Providers The nuts and Bolts • Extension’s which allow data structures to be mounted through PoSH • Available PSProviders can be viewed using Get-PSProvider • XenDesktop 5.x & 7.x ship with two PSproviders ᵒCitrixGroupPolicy ᵒCitrix.Hypervisor • Lets take a look…. © 2012 Citrix | Confidential – Do Not Distribute
    56. 56. View all available Providers Run Get-PSProvider • Specific PS-Drives are created by default for each PSProvider © 2012 Citrix | Confidential – Do Not Distribute
    57. 57. Use CD command to mount PSDrives • CD XDHYP:  Return • CD LocalGPO:  Return • CD Templates: --> Return • CitrixGroupPolicy PSProvider also supports other PSDrives that are not available by default ᵒTo view these options run Help New-PSDrive –Full from within the mounted LocalGPO or Templates drive… © 2012 Citrix | Confidential – Do Not Distribute
    58. 58. Example Usage: Enabling Intellicache © 2012 Citrix | Confidential – Do Not Distribute
    59. 59. LocalStorageCaching related error © 2012 Citrix | Confidential – Do Not Distribute
    60. 60. Creating HDX Policies through PoSH Use the CitrixGroupPolicy PSProvider • New-PSDrive Webinar -PSProvider CitrixGroupPolicy -Root -Controller DC1dir © 2012 Citrix | Confidential – Do Not Distribute
    61. 61. Enable Setting Example: ReadonlyClipboard • PS Webinar:usertrainingSettingsica> Set-ItemProperty ReadonlyClipboard Name State -Value enabled • Running dir under the Ica folder will return the following… © 2012 Citrix | Confidential – Do Not Distribute
    62. 62. Configure Tag filter through Citrix Studio Allow: Training Tag © 2012 Citrix | Confidential – Do Not Distribute
    63. 63. Validate Functionality Through Registry • HKLMSoftwarePoliciesCitrix<s ession#UserVCPolicies…. © 2012 Citrix | Confidential – Do Not Distribute
    64. 64. Tip Number 3 Configuring Extended Disconnect/Logoff settings
    65. 65. Extended Disconnect/Logoff Settings Extending Functionality… • Available for Pooled & Dedicated Desktops/Delivery Groups • Can only be configured through PoSH • Available for Peak & OffPeak hours • Let’s take a look… © 2012 Citrix | Confidential – Do Not Distribute
    66. 66. View all disconnect options through PoSH • Get-BrokerDesktopGroup -Name "training win7" | select *peakdis*, *extende* | format-list © 2012 Citrix | Confidential – Do Not Distribute
    67. 67. Configuring Extended Disconnect Setting Example: Peak Hours • Set-BrokerDesktopGroup -Name "Training Win7" PeakExtendedDisconnectAction suspend -PeakExtendedDisconnectTimeout 5 © 2012 Citrix | Confidential – Do Not Distribute
    68. 68. Tip Number 2 Using the Site Access Policy to Restrict Access to Resources
    69. 69. Site Access Policy • Contains two rules per Delivery Group by default ᵒDirect Connections ᵒConnections through Netscaler/AG • Similar to the Entitlement and Assignment site policy rules, Site access policy rules control access to resources • What is the key difference? ᵒEntitlement & Assignment policy rules control user access (included/excluded users) ᵒAccess policy rules control the wider conditions (Clientnames/ClientIPs/SmartAccessFilters) • Lets take a look… © 2012 Citrix | Confidential – Do Not Distribute
    70. 70. Example: Restrict access from ClientIP • Return Access Policy rules for a specific Delivery Group ᵒGet-BrokerAccessPolicyRule -DesktopGroupName "Training Win7 - Dedicated“ • Edit the direct rule and exclude a specific IP address ᵒSet-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct" ExcludedClientIPFilterEnabled $true -ExcludedClientIPs 192.168.10.29 to restrict access from the Win7Client machine © 2012 Citrix | Confidential – Do Not Distribute
    71. 71. © 2012 Citrix | Confidential – Do Not Distribute
    72. 72. Tip Number 1 Manually Joining a Controller to an existing Site
    73. 73. Manually Joining a Controller to an existing Site Simple three step process 1 • Create Instance Scripts for each service running on DC1 (Controller) 2 3 © 2012 Citrix | Confidential – Do Not Distribute
    74. 74. Manually Joining a Controller to an existing Site Simple three step process 1 2 • Create Instance Scripts for each service running on DC1 (Controller) • Configure the DB connection string for each service 3 © 2012 Citrix | Confidential – Do Not Distribute
    75. 75. Manually Joining a Controller to an existing Site Simple three step process 1 2 3 • Create Instance Scripts for each service running on DC1 (Controller) • Configure the DB connection string for each service • Register each service with the Configuration service © 2012 Citrix | Confidential – Do Not Distribute
    76. 76. Lets take a look… • Complete instructions can be found here ᵒhttp://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controller-to-anexisting-db-3-simple-steps/ © 2012 Citrix | Confidential – Do Not Distribute
    77. 77. Before I Finish…
    78. 78. © 2012 Citrix | Confidential – Do Not Distribute
    79. 79. XD Tipster Blog Series
    80. 80. XD Tipster Blogs Just a selection… • http://blogs.citrix.com/2013/09/19/xd-tipster-introducing-the-new-xd7xendesktop-posh-module/ • http://blogs.citrix.com/2013/08/29/xd-tipster-machine-tagging-and-hdx-policies/ • http://blogs.citrix.com/2013/08/21/xd-tipster-changing-delivery-group-iconsrevisited-xd7/ • http://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controllerto-an-existing-db-3-simple-steps/ • http://blogs.citrix.com/2013/10/01/xd-tipster-creating-hdx-policies-through-posh/ • http://blogs.citrix.com/2013/10/22/xd-tipster-removing-controllers-from-an-xdsite-using-posh/ © 2012 Citrix | Confidential – Do Not Distribute
    81. 81. About Citrix Services Citrix Services make sure you succeed with your virtualization programs. Educate | Guide | Support | Succeed How we can help Citrix Education – The fastest, most efficient way to get your team the virtualization skills they need. Online, on-site or in class. citrix.com/training Citrix Consulting – Intensive engagements for complex, critical or just plain massive projects. citrix.com/consulting Citrix Support – Always-on support services that leverage everything we know about best-practice deployment and maintenance. citrix.com/support © 2012 Citrix | Confidential – Do Not Distribute
    82. 82. Secrets of the Citrix Support Ninjas • 40 insider troubleshooting tips • Covering XenDesktop, XenServer, XenApp and NetScaler • Citrix Support top engineers • FREE eBook • Citrix Auto Support • Now available! © 2012 Citrix | Confidential – Do Not Distribute
    83. 83. Premier Support Calculator Check it out © 2012 Citrix | Confidential – Do Not Distribute
    84. 84. Work better. Live better.

    ×