Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

10 Tips Every XenDesktop Admin Should Know

29,735 views

Published on

The recording of this webinar can be found here:
https://www1.gotomeeting.com/register/549106393

PoSH scripts used in webinar
https://citrix.sharefile.com/d/s6f2aa129f424c43b

As a XenDesktop administrator, it’s your responsibility to make sure your XenDesktop infrastructure is running smoothly and your users are working efficiently. In this webinar our very own XenDesktop master, Michael Glover will guide you in utilizing our award winning solution for virtual desktop delivery, XenDesktop, with some really key tips and time savers to help you make the very most of your investment. Michael has been involved in XenDesktop from day one and has gathered a huge amount of knowledge which he would love to share with you.

During this webinar you will:
• Learn to carry out advanced administration tasks using the public PoSH SDK
• Troubleshoot and resolve serious Site issues
• Learn how to carry out real-time infrastructure testing to validate site functionality
• Learn how to use key Tools to Troubleshoot XD issues
• Gain greater in-dept knowledge of the internal workings of XenDesktop

Published in: Technology

10 Tips Every XenDesktop Admin Should Know

  1. 1. Important links: PoSH Scripts Webinar Recording Citrix Support Secrets Webinar Series 10 Tips Every XenDesktop Admin Should Know Mick Glover – Sr. Readiness Specialist, Worldwide Support Readiness January 30, 2014
  2. 2. Presenter Bio: Mick Glover • Over 18 Years of Experience in IT • Joined Citrix in January 2005 • Started as Senior member of Frontline team • Spent 3 years working as an Escalation Engineer • Been with the WW Readiness team since 2009 • Certifications: CCA, CCEE, CCIA, CCI & MCSE • SME areas: XenDesktop, App Orchestration, UPM • Promotes the XD Tipster Blog Series and @XDtipster twitter feed 2 © 2012 Citrix | Confidential – Do Not Distribute
  3. 3. Objectives At the end of this webinar, you will be able to: • Customize your PoSH working environment • Validate the true state of FMA services and identity possible issues • Generate and apply Schema update scripts against Site DB • Logically group machines using Broker tags • Manage computer a/c’s and naming schemes for MCS Catalogs • Explicitly Control access to desktops through PoSH • Configure aspects of XD using built-in Citrix PSProviders • Configure advanced PMGMT features • Create service DB scripts of various types to facilitate XD Deployments © 2012 Citrix | Confidential – Do Not Distribute
  4. 4. Tip Number 10 Creating a customized XD PoSH $profile
  5. 5. What is a PoSH Profile? The nuts and Bolts • PoSH script file (.ps1) that runs when PoSH starts up ᵒCan contain Cmdlets, Scripts, functions i.e. any valid PoSH commands • Can be used to set-up and customize your PoSH env • Advantage for XenDesktop administrators? • Lets take a look…. © 2012 Citrix | Confidential – Do Not Distribute
  6. 6. Step 1: Confirm if profile already exists Test-path $profile • Return value False = No existing profile • Return value True = Existing profile © 2012 Citrix | Confidential – Do Not Distribute
  7. 7. Step 2: Create PoSH $Profile New-item –type file $profile • -Force parameter can be used to overwrite an existing profile © 2012 Citrix | Confidential – Do Not Distribute
  8. 8. Step 3: Configure PoSH $Profile Notepad $profile • Type notepad $profile ᵒEnter commands to customize PoSH env ᵒFile  Save  Exit © 2012 Citrix | Confidential – Do Not Distribute
  9. 9. Step 4: Confirm existence of $Profile Test-Path %profile • Expected return value = True • Edit at any stage by typing Notepad $profile  Return © 2012 Citrix | Confidential – Do Not Distribute
  10. 10. New-Item PoSH cmdlet -Force switch Usage • Allows the cmdlet to create an item that writes over an existing read-only item © 2012 Citrix | Confidential – Do Not Distribute
  11. 11. Step 5: Confirm $Profile functionality E.G. Get-BrokerSite © 2012 Citrix | Confidential – Do Not Distribute
  12. 12. Tip Number 9 Service MGMT (Checking The state of FMA services through PoSH)
  13. 13. Checking the Status of the controller Services Windows services applet won’t paint the full picture… • Run Get-<Alias>ServiceStatus for each service ᵒExpected return value = OK • Other Possible Return values include: • • • • DBMissingOptionalFeature DBRejectedConnection DBUnconfigured … • Lets take a look… © 2012 Citrix | Confidential – Do Not Distribute
  14. 14. PoSH - Validating Service Status XD 5.x • Use Get-BrokerServiceStatus (Broker Service) • Use Get-ConfigServiceStatus (Configuration Service) • Use Get-HypServiceStatus (Host Service) • Use Get-AcctServiceStatus (AD Identity Service) • Use Get-ProvServiceStatus (Machine Creation Service) • Use Get-PvsvmServiceStatus (Machine Identity Service) • Use Get-LicServiceStatus (License Service) © 2012 Citrix | Confidential – Do Not Distribute
  15. 15. PoSH - Validating Service Status XD 7.x 1 of 2 • Use Get-BrokerServiceStatus (Broker Service) • Use Get-ConfigServiceStatus (Configuration Service) • Use Get-HypServiceStatus (Host Service) • Use Get-AcctServiceStatus (AD Identity Service) • Use Get-ProvServiceStatus (Machine Creation Service) • Use Get-LicServiceStatus (License Service) © 2012 Citrix | Confidential – Do Not Distribute
  16. 16. PoSH - Validating Service Status XD 7.x 2 of 2 • Use Get-EnvTestServiceStatus (Environment Test Service) • Use Get-SfServiceStatus (Storefront Service) • Use Get-MonitorServiceStatus (Monitor Service) • Use Get-LogServiceStatus (Configuration Logging Service) • Use Get-AdminServiceStatus (Delegated Administration Service) © 2012 Citrix | Confidential – Do Not Distribute
  17. 17. Get-BrokerServiceStatus - Return Values (1 of 2) Status Meaning OK The broker is connected to a database that is valid, and the service is running. DBUnconfigured The broker does not have a database connection configured DBRejectedConnection The database rejected the logon from the Broker Service. This may be caused by bad credentials, or the database not being installed. InvalidDBConfigured The database schema is missing (possibly just the stored procedures in it). DBNotFound The specified database could not be located with the configured connection string. DBMissingOptionalFeature The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable. DBMissingMandatoryFeature © 2012 Citrix | Confidential – Do Not Distribute The broker is connected to a database that is valid, but it does not have the full functionality required so the broker cannot function. Upgrading the database is required.
  18. 18. Get-BrokerServiceStatus - Return Values (2 of 2) Status Meaning DBNewerVersionThanService The broker is too old to use the database. A newer version is required. DBOlderVersionThanService The database is too old for the Broker Service. Upgrade the database. DBVersionChangeInProgress A database schema upgrade is in progress. OK PendingFailure Connectivity between the Broker Service and the database has been lost. This may be a transitory network error, but may indicate a loss of connectivity that requires administrator intervention. Failed Connectivity between the broker and the database has been lost for an extended period of time, or has failed due to a configuration problem. The broker service cannot operate while its connection to the database is unavailable. Unknown The Service's status cannot be determined © 2012 Citrix | Confidential – Do Not Distribute
  19. 19. Validating the Status of the controller Services Write simple .ps1 script for single Controller to make your life easier © 2012 Citrix | Confidential – Do Not Distribute
  20. 20. Validating the Status of the controller Services Return value is important © 2012 Citrix | Confidential – Do Not Distribute
  21. 21. What does DBMissingOptionalFeature mean? Run Help Get-BrokerServiceStatus –Full to find out… • The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable. • Next Step? See Tip 8 © 2012 Citrix | Confidential – Do Not Distribute
  22. 22. Tip Number 8 Checking & Updating DB Schema versions manually through PoSH
  23. 23. DB Schema’s background • Each Service has it’s own DB Schema and set of tables that it communicates with • DB Schema version should match the version of the service itself for optimal performance • Let’s take a look and see what the problem is… © 2012 Citrix | Confidential – Do Not Distribute
  24. 24. Step 1: Run Get-BrokerInstalledDbVersion Check current Broker Service DB schema and available upgrade options © 2012 Citrix | Confidential – Do Not Distribute
  25. 25. Step 2: Run Get-BrokerController Check Controller Version © 2012 Citrix | Confidential – Do Not Distribute
  26. 26. Step 3: Run Get-BrokerDBVersionChangeScript Create upgrade script © 2012 Citrix | Confidential – Do Not Distribute
  27. 27. Step 4: Disconnect Controller from DB • Any controller can essentially be turned off (disconnect from the DB)by unconfiguring the services • You could also stop the Broker Service… © 2012 Citrix | Confidential – Do Not Distribute
  28. 28. Step 5: Upgrade the Broker Service Schema • Execute upgrade_71.sql file on SQLServer in SQLCMD mode and against the XD DB • Check messages window for confirmation… • Start the Broker service one again on Controller prior to Step 7 (Next Slide) © 2012 Citrix | Confidential – Do Not Distribute
  29. 29. Step 7: Check Status of Broker Service again Get-BrokerServiceStatus • Expected return value = OK • Remember: Creating simple scripts will make your life easier and can be fun to use… © 2012 Citrix | Confidential – Do Not Distribute
  30. 30. Tip Number 7 Machine Tagging
  31. 31. Machine Tagging The Nuts and Bolts • Machine tagging first introduced in XD 5.x • Can be used to create a logical grouping of machines within a site ᵒAcross Delivery Groups & OU’s • This can have advantages when configuring HDX Policies/Access to resources • Let’s take a look… © 2012 Citrix | Confidential – Do Not Distribute
  32. 32. Machine Tagging through Citrix Studio • Any machine which is part of a Delivery or Desktop Group can be tagged within Citrix Studio… © 2012 Citrix | Confidential – Do Not Distribute
  33. 33. Assigning Tags through PoSH Example - Alternative Option 1. New-BrokerTag -Name <Executive> 2. $desktop = Get-BrokerDesktop -uid 1 3. Add-BrokerTag -Name Executive -desktop $desktop © 2012 Citrix | Confidential – Do Not Distribute
  34. 34. Assigning Tags through PoSH Visual Example 2 © 2012 Citrix | Confidential – Do Not Distribute
  35. 35. Confirming Machine UID’s © 2012 Citrix | Confidential – Do Not Distribute
  36. 36. Viewing Tags through PoSH Use Select Command • Get-BrokerMachine | select machinename, tags | format-table © 2012 Citrix | Confidential – Do Not Distribute
  37. 37. HDX Tag Filter Use Case • HDX Policies can be applied against specific tags… © 2012 Citrix | Confidential – Do Not Distribute
  38. 38. Tip Number 6 Managing the Identity Pool StartCount and NamingScheme Parameters for MCS Catalogs
  39. 39. Identity Pools Created and managed by the AD Identity Service • Associated with Catalogs © 2012 Citrix | Confidential – Do Not Distribute
  40. 40. Observation IdentityPoolName & ProvisioningSchemeName matching values © 2012 Citrix | Confidential – Do Not Distribute
  41. 41. XenDesktop A/C delete/re-use options MCS Only • Important to understand Delete options in relation to machine a/c mgmt… • NB: If machine AD a/c is deleted then it can be used again automatically as long as the StartCount value is reset to match • If AD a/c is not deleted then resetting the StartCount will have no impact © 2012 Citrix | Confidential – Do Not Distribute
  42. 42. StartCount value determines © 2012 Citrix | Confidential – Do Not Distribute
  43. 43. © 2012 Citrix | Confidential – Do Not Distribute
  44. 44. Changing the NamingScheme Considerations © 2012 Citrix | Confidential – Do Not Distribute
  45. 45. Changing the NamingScheme WebinarTest# • Set-AcctIdentityPool -IdentityPoolName "Windows 7 SP1 x86 - 1GB" -NamingScheme WebinarTest# -StartCount 1 • Note: Unless the StartCount value is explicitly set then it will remain as it was prior to the change in NamingScheme © 2012 Citrix | Confidential – Do Not Distribute
  46. 46. Reverting NamingScheme Considerations • StartCount will not change © 2012 Citrix | Confidential – Do Not Distribute
  47. 47. Tip Number 5 Controlling Access To Resources
  48. 48. XD Site Policies Overview • Entitlement Policies (Pooled/Shared Desktops) ᵒGet-BrokerEntitlementPolicyRule ᵒGet-BrokerAppEntitlementPolicyRule • Assignment Policies (Dedicated/Private Desktops) ᵒGet-BrokerAssignmentPolicyRule ᵒGet-BrokerAppAssignmentPolicyRule • Access Policy ᵒGet-BrokerAccessPolicyRule (Discussed during Tip# 2) • Lets take a look… © 2012 Citrix | Confidential – Do Not Distribute
  49. 49. Viewing BrokerEntitlementPolicy rule(s) Training Win7 Delivery Group • By default, no exclusions are set © 2012 Citrix | Confidential – Do Not Distribute
  50. 50. © 2012 Citrix | Confidential – Do Not Distribute
  51. 51. Setting a BrokerEntitlementPolicy rule Edit existing rule for relevant Delivery Group © 2012 Citrix | Confidential – Do Not Distribute
  52. 52. © 2012 Citrix | Confidential – Do Not Distribute
  53. 53. Revert Changes/Remove Exclusions • Use –RemoveExcludedUsers parameter or empty the array using @() ᵒSet-BrokerEntitlementPolicyRule -Name "Training Win7_1" -RemoveExcludedUsers traininguser1 -ExcludedUserFilterEnabled $false Or ᵒSet-BrokerEntitlementPolicyRule -Name "Training Win7_1" ExcludedUserFilterEnabled $false -ExcludedUsers @() © 2012 Citrix | Confidential – Do Not Distribute
  54. 54. Tip Number 4 Exploring Citrix PowerShell Providers
  55. 55. What are PowerShell Providers The nuts and Bolts • Extension’s which allow data structures to be mounted through PoSH • Available PSProviders can be viewed using Get-PSProvider • XenDesktop 5.x & 7.x ship with two PSproviders ᵒCitrixGroupPolicy ᵒCitrix.Hypervisor • Lets take a look…. © 2012 Citrix | Confidential – Do Not Distribute
  56. 56. View all available Providers Run Get-PSProvider • Specific PS-Drives are created by default for each PSProvider © 2012 Citrix | Confidential – Do Not Distribute
  57. 57. Use CD command to mount PSDrives • CD XDHYP:  Return • CD LocalGPO:  Return • CD Templates: --> Return • CitrixGroupPolicy PSProvider also supports other PSDrives that are not available by default ᵒTo view these options run Help New-PSDrive –Full from within the mounted LocalGPO or Templates drive… © 2012 Citrix | Confidential – Do Not Distribute
  58. 58. Example Usage: Enabling Intellicache © 2012 Citrix | Confidential – Do Not Distribute
  59. 59. LocalStorageCaching related error © 2012 Citrix | Confidential – Do Not Distribute
  60. 60. Creating HDX Policies through PoSH Use the CitrixGroupPolicy PSProvider • New-PSDrive Webinar -PSProvider CitrixGroupPolicy -Root -Controller DC1dir © 2012 Citrix | Confidential – Do Not Distribute
  61. 61. Enable Setting Example: ReadonlyClipboard • PS Webinar:usertrainingSettingsica> Set-ItemProperty ReadonlyClipboard Name State -Value enabled • Running dir under the Ica folder will return the following… © 2012 Citrix | Confidential – Do Not Distribute
  62. 62. Configure Tag filter through Citrix Studio Allow: Training Tag © 2012 Citrix | Confidential – Do Not Distribute
  63. 63. Validate Functionality Through Registry • HKLMSoftwarePoliciesCitrix<s ession#UserVCPolicies…. © 2012 Citrix | Confidential – Do Not Distribute
  64. 64. Tip Number 3 Configuring Extended Disconnect/Logoff settings
  65. 65. Extended Disconnect/Logoff Settings Extending Functionality… • Available for Pooled & Dedicated Desktops/Delivery Groups • Can only be configured through PoSH • Available for Peak & OffPeak hours • Let’s take a look… © 2012 Citrix | Confidential – Do Not Distribute
  66. 66. View all disconnect options through PoSH • Get-BrokerDesktopGroup -Name "training win7" | select *peakdis*, *extende* | format-list © 2012 Citrix | Confidential – Do Not Distribute
  67. 67. Configuring Extended Disconnect Setting Example: Peak Hours • Set-BrokerDesktopGroup -Name "Training Win7" PeakExtendedDisconnectAction suspend -PeakExtendedDisconnectTimeout 5 © 2012 Citrix | Confidential – Do Not Distribute
  68. 68. Tip Number 2 Using the Site Access Policy to Restrict Access to Resources
  69. 69. Site Access Policy • Contains two rules per Delivery Group by default ᵒDirect Connections ᵒConnections through Netscaler/AG • Similar to the Entitlement and Assignment site policy rules, Site access policy rules control access to resources • What is the key difference? ᵒEntitlement & Assignment policy rules control user access (included/excluded users) ᵒAccess policy rules control the wider conditions (Clientnames/ClientIPs/SmartAccessFilters) • Lets take a look… © 2012 Citrix | Confidential – Do Not Distribute
  70. 70. Example: Restrict access from ClientIP • Return Access Policy rules for a specific Delivery Group ᵒGet-BrokerAccessPolicyRule -DesktopGroupName "Training Win7 - Dedicated“ • Edit the direct rule and exclude a specific IP address ᵒSet-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct" ExcludedClientIPFilterEnabled $true -ExcludedClientIPs 192.168.10.29 to restrict access from the Win7Client machine © 2012 Citrix | Confidential – Do Not Distribute
  71. 71. © 2012 Citrix | Confidential – Do Not Distribute
  72. 72. Tip Number 1 Manually Joining a Controller to an existing Site
  73. 73. Manually Joining a Controller to an existing Site Simple three step process 1 • Create Instance Scripts for each service running on DC1 (Controller) 2 3 © 2012 Citrix | Confidential – Do Not Distribute
  74. 74. Manually Joining a Controller to an existing Site Simple three step process 1 2 • Create Instance Scripts for each service running on DC1 (Controller) • Configure the DB connection string for each service 3 © 2012 Citrix | Confidential – Do Not Distribute
  75. 75. Manually Joining a Controller to an existing Site Simple three step process 1 2 3 • Create Instance Scripts for each service running on DC1 (Controller) • Configure the DB connection string for each service • Register each service with the Configuration service © 2012 Citrix | Confidential – Do Not Distribute
  76. 76. Lets take a look… • Complete instructions can be found here ᵒhttp://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controller-to-anexisting-db-3-simple-steps/ © 2012 Citrix | Confidential – Do Not Distribute
  77. 77. Before I Finish…
  78. 78. © 2012 Citrix | Confidential – Do Not Distribute
  79. 79. XD Tipster Blog Series
  80. 80. XD Tipster Blogs Just a selection… • http://blogs.citrix.com/2013/09/19/xd-tipster-introducing-the-new-xd7xendesktop-posh-module/ • http://blogs.citrix.com/2013/08/29/xd-tipster-machine-tagging-and-hdx-policies/ • http://blogs.citrix.com/2013/08/21/xd-tipster-changing-delivery-group-iconsrevisited-xd7/ • http://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controllerto-an-existing-db-3-simple-steps/ • http://blogs.citrix.com/2013/10/01/xd-tipster-creating-hdx-policies-through-posh/ • http://blogs.citrix.com/2013/10/22/xd-tipster-removing-controllers-from-an-xdsite-using-posh/ © 2012 Citrix | Confidential – Do Not Distribute
  81. 81. About Citrix Services Citrix Services make sure you succeed with your virtualization programs. Educate | Guide | Support | Succeed How we can help Citrix Education – The fastest, most efficient way to get your team the virtualization skills they need. Online, on-site or in class. citrix.com/training Citrix Consulting – Intensive engagements for complex, critical or just plain massive projects. citrix.com/consulting Citrix Support – Always-on support services that leverage everything we know about best-practice deployment and maintenance. citrix.com/support © 2012 Citrix | Confidential – Do Not Distribute
  82. 82. Secrets of the Citrix Support Ninjas • 40 insider troubleshooting tips • Covering XenDesktop, XenServer, XenApp and NetScaler • Citrix Support top engineers • FREE eBook • Citrix Auto Support • Now available! © 2012 Citrix | Confidential – Do Not Distribute
  83. 83. Premier Support Calculator Check it out © 2012 Citrix | Confidential – Do Not Distribute
  84. 84. Work better. Live better.

×