Configuring and Troubleshooting XenDesktop Sites

21,123 views

Published on

Citrix XenDesktop introduced a number of new concepts and processes for desktop administrators. The goal of this session is to demystify these concepts and provide a tactical approach to deployment and troubleshooting of a XenDesktop environment. In this session we will demonstrate the core configuration that is required, and also cover proven troubleshooting approaches to the top three problems we see in customer deployments.

Published in: Technology
3 Comments
9 Likes
Statistics
Notes
No Downloads
Views
Total views
21,123
On SlideShare
0
From Embeds
0
Number of Embeds
193
Actions
Shares
0
Downloads
1,465
Comments
3
Likes
9
Embeds 0
No embeds

No notes for slide
  • Good afternoon my name is Ramon Scott and I am a Lead Escalation Engineer on the Citrix Escalation Team Today my presentation be on Configuring and Troubleshooting XenDesktop Sites.
  • let's begin by looking at the high level XenDesktop database and services architecture
  • We will start by looking at the database
  • XenDesktop supported databases are:SQL 2008 SP1, 2008 R2 and higher including express editions.The database schema has a full relational schema; complete with tables views and stored procedures there is a single database for the core productand there aremultiple schemas inside the databaseschemas map to windows services running on the broker
  • the setup process will depend on the environment What does this mean ?If there is a single administrator account used for SQL and XenDesktop then this admin will generate the schema from the console and the console in turnwill connect to the SQL database and execute the script to create the database . <.>Once this script has successfully executed the broker will connect to the database and verify that it is operationalIn case where their are separate XenDesktop and SQL admin account. the XenDesktop admin will generate the schema from the console, this schema will be exported to a SQL script that should be provided to the SQL admin. Next, the SQL admin will connect to the SQL server console and execute the script to create the database . Once this script has successfully executed the broker will connect to the database and verify that it is operational
  • Database accessThe runtime access performed by the XenDesktop DDCs on the database uses the following security model:In the environment where the controller and the SQL database are housed on the same Server the broker will connect to the database using its local network service accounts .NT AUTHORITY /NETWORK SERVICE On the other hand If the broker and SQL database are on separate servers, the broker will connect to using itscomputer accounts : “DOMAIN\MACHINE$”there is one SQL login for each brokerThis account login has a restricted permission thatmeans the broken does not have rights to change the schemaThe XD database contains a set of pre-configured DB roles which have detailed execute/select permissions hung off them. Each DDC has a dedicated user within the XD database that is a member of the above roles. Each DDC accesses the DB server through its AD machine account which requires it to have a login created for it, and for that login to be mapped to the associated user in the XD DB. The login does not need to be a member of any server-level roles.´The XenDesktop 5 services access the database using their computer account logins (domain\machine$, or „NT AUTHORITY\NETWORK SERVICE‟ if database is located on a controller ( i.e. SQL Express)
  • Now discuss our high availability options the Booker is critically dependent on the database however if there is a database failure existing connections will not be impacted but creating new connections and reconnecting to desktops willthat means a database failure equals a broker failure the supported high availability options are SQL mirroring ,virtual machine high availability and SQL clustering
  • Here is a table that Maps the XenDesktop services to the available database schemas
  • to perform basic health check on a XD site you can use the XDDBDiag tool
  • We will now transition and review the services architecture
  • The Machine creation service is responsible for the creation and provisioning activities for VMs and master ImagesMachine Identity Service, this service is responsible for the management of the Disks attached to the VMsAD Identity service, this service is responsible for the maintenance and creation of the AD computer accountsThe services combine to make-up the Machine Creation ServicesBroker service, this service is responsible for VDA registration, Power Management, license enforcement and resource allocation host service , this service manages the hypervisor connections and resourcesConfiguration Service, this service provides directory services metadata storage and security These two services make up the Infrastructure ServicesAll six services maintaining their own separate connection to the backend SQL database So what does this mean for you?Well, when there is an issue with Expanding catalogs , the personality of machines computer accounts lockouts, the troubleshooting efforts will be focused on the Machine creation servicesIf your issue is related to the hypervisor connection storage or its resources, Site configuration or errors in service communication your focus should be directed at the Infrastructure ServicesAnd for issues with registration, licensing, power management your efforts will be focused on the Broker ServiceDesktop studio is the management console used to configure the site and it leverages PowerShell and WCF typically on port 80Desktop director is a web based portal that can be used to the support and helpdesk teams to monitor and troubleshooting system issues before they become system-critical while at the same time Quickly and seamlessly perform crucial support tasks for their end users including view Performance statistics via WinRMWindows Communication Foundation (or WCF), previously known as "Indigo", is a runtime and a set of APIs (application programming interface) in the .NET Framework for building connected, service-oriented applicationsSOA: Service-oriented architectureRef:http://en.wikipedia.org/wiki/Service-oriented_architectureEach service instance reads and writes to the SQL database periodically using connectionless ADO.net.PoSH – PowerShellWCF – Windows Communication FoundationWinRM – Windows Remote Management
  • You can also receive the current status of any of the core services from the XenDesktop PowerShell prompt by running the the respective command from this list as you can see the syntax is quite intuitive  Let’s look at the example in the first row‘to get the status of the AD identity service , you simply execute the get ‘dash’ acct service status
  • We can now review the concept of Machine Creation
  • In XenDesktop 5.6 and higher support , Seven virtual desktop models are supported we have existing which leverages virtual machines created outside of XenDesktop .These next three are created by desktop through MCSFor a dedicated catalog , the image is cloned and provided to multiple user that will have the ability to persist their changes going forward we then have pooled that create a cloned image that is then referenced as a single base image ; The virtual machines then saves any changes from the base image to a volatile diff disk that is discarded on rebootThen there is pooled with personal vdisk , this allows pooled machines the facility to save change to a separate disk that will persist with them on rebootNext there is streamed, this catalog leverages Citrix PVS server to  stream a non-persistent image to the VM and all changes the image are lost on rebootand lastly we have streamed with Pvds , the steamed images the  facility to save change to a separate disk that will persist with them on reboot 
  • under the MCS options, A pooled catalog can be either Randomly assigned or statically Assigned and then with Dedicated catalogs you can have Pre-Assigned or assigned to a user on first usePooled with PVD operated like a static pool as the same machine is proved to the users in addition to there unique PVDThe dedicated model can be pre-assigned to a user or assigned on first use and they will retain the assignment going forwardAnd Now For The two PVS options , You can either steam to a virtual to physical desktop Where as steamed with PVD, allows you toonly steam to Virtual Machines Ref:Random in that a user gets a new pooled image or the static option in which the same images is provided to the users after reboots.
  • Machine creation service catalogs comprise of three disks, the Master base disk shared among all VMs in the catalog, and for each Virtual desktop, a diff disk and an identity diskThe Diff, This is what the user sees as Drive C:\And the identity disk this is hidden from the users view and maintains the machines personality configuration. This scheme is replicated for each disk that is created.
  • For Machine creation with Personal Vdisk , we have the base, and VM dif and id disk, however there is an addition personal vdisk auto-created by copying the pvd template from the base VM. This disk is 10 GB by default and has a 50/50 split for application data and user dataThis part is hidden from user and Merged with the Diff Disk and the users accesses its information as drive C:\ eg application data
  • PVD stream catalogs have the Streams vdisk, the write cache and the Base VM.The Streamed vDisk is what the user sees as Drive C:\And the Write Cache is visible file on another disk, typically D:\
  • Streamed with PVD has the base image and for each Virtual desktop there is a streamed vdisk and write cache however it also has the personal vdisk attached . The PVD is the same as in the MCS configuration, I.e.., defaults to 10 GB, there’s a 50/50 split , the application data is hidden and the User data is seen as the as P:\
  • You may be interested in also learning what are some of the common issues They are:Hypervisor communicationDomain permissionsPreviously failed attempts still present in databaseTheHost Connection configured with incorrect storage repositorythe host configured with and unsupported Naming convention
  • So What happened when after you just sold your business unit on the concept of moving to XenDesktop and they request 500 new desktops for tomorrow morning and the wizard Fails ?What logs do we need ? wellas previously mentioned for issue with machine creation you need the machine creation services logs from the three servicesYou may also collect the logs from the desktop studio to see what command were run and what errors we actually returnedAt this point all other logs can be ignored
  • When troubleshooting an issue I recommend the following MethodologyUnderstand issue historyWhat changed?When did is StartAny specific images it happens more frequently with?Verify configuration, error logs and alertsGather and review service log data of issuesCompare collected data to a working environment
  • Citrix provides many methods to enable and collect logs; and I wanted to provide one that was a little less knownYou can enable the service logs by locating the service executable and launching with the parameter dash logfile and then the valid location for the log fileHere we go and enable the machine creation service logsNext the AD identify service logs and lastly the Machine identity serviceReference for log enablingC:\Program Files\Citrix\MachineCreation\Service>Citrix.MachineCreation.SdkWcfEndpoint.exe -logfile c:\xdlogs\MCS-PVSvm.logC:\Program Files\Citrix\ADIdentity\Service>Citrix.ADIdentity.SdkWcfEndpoint.exe -logfile c:\xdlogs\AD.logC:\Program Files\Citrix\Host\Service>Citrix.Host.SdkWcfEndpoint.exe -logfile c:\xdlogs\host.logC:\Program Files\Citrix\MachineCreation\Service>Citrix.MachineCreation.SdkWcfEndpoint.exe -logfile c:\xdlogs\MC.logC:\Program Files\Citrix\MachineIdentity\Service>Citrix.MachineIdentity.SdkWcfEndpoint.exe -logfile c:\xdlogs\mi.log
  • great, We have done quite a lot so far, now lets see how it applies with a case study
  • This case study is actually something seen in my lab when rebuilding my lab for a new case.This is a New Deployment with the Latest Hotfixes , I utilized account with Full Administrative access to the domain and hypervisor . This environment worked before it was rebuilt
  • So I started by reviewing the Desktop Studio logsThe search terms I users were the [Time of Issue].* Fail | Error | Exception | DeniedIt quickly returned the error seen in the console “Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.”Ok It tell me I failed however I need to dig further
  • So I then review the Machine Creation Service logI used the same search terms [Time of Issue].* Fail | Error | Exception | DeniedIt returned with a from interesting errorsFirst it reported : Failed to copy disk. Reason : SR_HAS_NO_PBDSThen it how and Managedexception with the same errorNext it indicated the job I created was concluding with a disk consolidation failed errorAnd finally it reported the error seen in the console and Desktop studio logsSo what do you do next, that have a detailed error, we can use it and conduct some research via forums , search engines etc.
  • So the issue was a misconfigurationThe main clue is that messageFailed to copy disk Reason : SR_HAS_NO_PBDS So research shows that SRs are Storage Repositories and PBD are Physical Block Devices implies that the sr does not have access to the disk, so we check and found thatHypervisor Connection’s did not include correct storage for the Master ImageThe Broker could not communicate with the correct storage location and therefore we were not able to create the base master image . When creating the hypervisor connection we followed the defaults of the wizard and did not specify the location that we utilized from images.
  • Desktop Service is startedLooks up list of DDC from local registry or from personality.ini fileLooks up the computer accounts in Active DirectorySelects one DDC from the DDCs list at random and then initiates a connection through WCFDDC receives or rejects connectionIf DDC rejects or does not respond, service wait for the timeout then selects another DDC at randomIf DDC receives connection, it looks up the VDA computer accountChecks that computer account (SID) isin published assignmentInitiates WCF Test connection to VDAQueries the VDA stateSets configuration and policiesVDA is marked as registeredReturns success for registrationVDA starts heartbeat ping to DDC
  • CTX123278Xd Ping report networking information of the machinePerforms time checks against the domainRetrieve the current Users informationRef Info:Information and status of Network Interfaces and Network settings. (Console Only)Performs DNS lookup and reverse lookup on the IP address of the device.Information on Time synchronization and time check for Kerberos Authentication (Console Only)User information for login User (Console Only)Including User details, Authentication type used, Group Membership.Machine information (Console Only)Environment information (Computer Name, operating system version, Domain) Domain membership verification (Membership = Verified, SID:S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXX [OK])Information on XenDesktop Services (Windows Communication Foundation Endpoints) installed and confirms if each installed service is responsive. (Console Only)Displays information on the Windows Firewall installed on the VDA and checks if the important ports are configured correctly.Queries the local event log to check for known events that are related to XenDekstop.Provides client bandwidth and response time information from the VDA to the client.
  • Bidirectional network tests, verifying that telnet is possible bidirectional, verify that the services are started and are the listening on the correct portThen disable any firewallsWe then check the time against the Doman and between the ddc and VDA next we verify the registry entry for the list of ddcsIf after these check we still haven’t found the root cause , then we enable service logging on the Vda and broker
  • Its now time to review the second Case Study.
  • DDc not AutorizedPolicy found that was needed but not enabledResolution to explicitly enable access
  • When troubleshooting Vda Issues the best place to start is asking the simple questions what happenedWhat did the user see ?was it just a generic error ? Did the error indicate the actual causeDid the receiver start and disappear without and errorOr did the receiver launch and then return and error
  • When trouble shooing a launch issue should start by reviewing the event logs
  • great, We have done quite a lot so far, now lets see how it applies with a case study
  • Good Launch
  • Bad launchAdd fail|exception|error to search strings
  • DDC not AuthorizedPolicy found that was needed but not enabledResolution to explicitly enable access
  • Citrix Scout used to collect environment information and CDF tracesXenDesktop Collector the replacement for Scout with the next Feature Pack release of XenDesktop
  • Desktop Director is a tool that will utilize role-based permission sets to support the daily usage of Citrix products. It enables support teams to perform basic maintenance tasks and to monitor and troubleshoot system issues. Desktop Director 1.0 wasintroduced with XenDesktop5 and Desktop Director 2.0 supports troubleshooting XenAppsessions.Role-based access control – assign appropriate permissions to specific roles to perform certain operation. Full administrator can view all and make changes. Read-only administrator can view all but cannot perform tasks. Help desk administrator can performday-to-day monitoring and maintenance tasks (restarting desktops or logoff sessions).
  • At Citrix Services - we’re Citrix consultants, teachers and support engineers and we’re all about one thing: making sure you succeed.With our help, you’ll deploy high-performance, robust virtualization and networking projects, faster – with dramatically lower risk and higher return.The best Citrix architects and administrators are the ones who never stop learning – and Citrix Education is here to help you learn those skills.Citrix Consulting gives you direct access to our most experienced virtualization and networking experts.When it’s complex; when it’s mission-critical; when it’s big; That’s when Citrix consultants can really help.On your virtualization journey, you’ll want always-on support from people who really care about your success.There’s no better insurance for your Citrix investment than with Citrix Support.
  • Secrets of the Citrix Support Ninjas is a FREE eBook available next week.The eBook contains 40 insider troubleshooting tips for administrators.So the purpose of the eBook is to help administrators like you keep your Citrix deployments on track.We’ve collected some of their best tips and tricks for running robust Citrix environments and packaged them up into a free eBook.In it, you’ll discover some of the little-known tricks that our own support people use every day to tune, tweak, troubleshoot and test Citrix solutions. You may know a few of these tips. But you probably don’t know them all.And – you never know – you might discover just one that will change your life as an administrator.Let me give you a sneak peak now.
  • Configuring and Troubleshooting XenDesktop Sites

    1. 1. Ramon Scott – Lead Escalation Engineer Configuring & Troubleshooting XenDesktop Sites August 29, 2013 Citrix Support Secrets Webinar Series
    2. 2. © 2012 Citrix | Confidential – Do Not Distribute Presenter Bio: Ramon Scott 2 Over 17 Years of Experience in IT Joined Citrix in April 2010 Started directly into the Escalation Team – primary focus on XenApp Assigned as the Dedicated Engineer for a Major Strategic Account from Q4-2010 Moved to XenDesktop team in July 2011 Additional details • Bachelor’s Degree in Information Technology with a specialization in Network Administration • Certifications: CCA, CCNA, CCDA, MCSE and MCITP-EA
    3. 3. © 2012 Citrix | Confidential – Do Not Distribute Presentation Goals 3  Provide an Understanding of the Architecture  Instruct on How to Configure  Provide Proven Troubleshooting Methodologies and Resources
    4. 4. High-Level XenDesktop Database And Services Architecture
    5. 5. © 2012 Citrix | Confidential – Do Not Distribute Database
    6. 6. © 2012 Citrix | Confidential – Do Not Distribute • Supported Databases: • SQL Server 2008 SP1 / 2008R2 (including Express) • Database Schema • Full Relational Schema • Tables, Views, Stored Procedures • Single Database (for core product) • Multiple SQL „Schemas‟ in Database • ‘Schemas’ map onto Windows services running on Broker XenDesktop 5 Database Overview Broker Broker Database
    7. 7. © 2012 Citrix | Confidential – Do Not Distribute Setup Process XD Console Single Admin Broker1. Schema Database XD Admin 3.Verify XD Admin credentials used Separate Admins XD Console Broker1. Schema Database3. Schema XD Admin 4.Verify SQL Server Console SQL Admin 2.Schema “Export” (SQL script) SQL Admin credentials used
    8. 8. © 2012 Citrix | Confidential – Do Not Distribute Database Access • Security Access Model ᵒNetwork Service Account “NT AUTHORITYNETWORK SERVICE” ᵒComputer Account “DOMAINMACHINE$” • SQL Login per Broker • Restricted permission set ᵒBrokers do not have rights to change schema Controller DatabaseController Broker Service Controller DatabaseController Broker Service Database
    9. 9. © 2012 Citrix | Confidential – Do Not Distribute • Broker is critically dependant on Database • Existing connections not impacted • Creating new connections and reconnecting to desktops impacted • Database Failure = Broker Failure • Supported Database H/A Options: (expected popularity order) 1. SQL Mirror 2. Virtual Machine H/A 3. SQL Cluster Database High-Availability Citrix Confidential - Do Not Distribute
    10. 10. © 2012 Citrix | Confidential – Do Not Distribute Database Schema Roles and Permissions XenDesktop Service Database Role AD Identity Service (Acct) ADIdentitySchema_ROLE Broker Service (Broker) chr_Broker chr_Controller Central Configuration Service (Config) ConfigurationSchema_ROLE Machine Creation Service (PvsVM) DesktopUpdateManagerSchema_ROLE Hosting Management Service (Hyp) HostingUnitServiceSchema_ROLE Machine Identity Service (Prov) MachinePersonalitySchema_ROLE
    11. 11. © 2012 Citrix | Confidential – Do Not Distribute Health Checks: XDDBDiag • Provided consistency data check on the data • Provides connectivity verification It also provides the following: ᵒVirtual Desktop Agent Information ᵒHypervisor Connections Information ᵒPolicy Information ᵒController Information ᵒDesktop Groups Information ᵒSQL Information ᵒCurrent Connections / Connection Log
    12. 12. © 2012 Citrix | Confidential – Do Not Distribute Services
    13. 13. © 2012 Citrix | Confidential – Do Not Distribute Machine Creation Services Broker Service Infrastructure Services XenDesktop 5 Services Architecture 13 Controller Broker Service Machine Creation Service AD Identity Service Machine Identity Service Host Service Configuration Service Virtual Desktop Agent (VDA) WinRM 2.0 [5985/5986] Desktop Studio WCF [80] PowerShell Desktop Director WCF [80] PowerShell SQL Server Windows Communication Foundation (WCF)
    14. 14. © 2012 Citrix | Confidential – Do Not Distribute Service Status XenDesktop Service PowerShell Cmdlet AD Identity Service (Acct) Get-AcctServiceStatus Broker Service (Broker) Get-BrokerServiceStatus Central Configuration Service (Config) Get-ConfigServiceStatus Machine Creation Service (Prov) Use Get-ProvServiceStatus Hosting Management Service(Hyp) Get-HypServiceStatus Machine Identity Service (PvsVM) Get-PvsvmServiceStatus
    15. 15. © 2012 Citrix | Confidential – Do Not Distribute Machine Creation
    16. 16. © 2012 Citrix | Confidential – Do Not Distribute Desktop Catalog models • Existing • Dedicated • Pooled • Pooled with personal vDisk • Streamed • Streamed with personal vDisk Base Image App Profile App Profile App Profile PvD PvD PvD Image Image Image Profile Profile Profile Profile Profile Profile Base Image with Apps Base Image with Apps Streamed Base Image with Apps Streamed Base Image App Profile App Profile App Profile PvD PvD PvD *Image Streamed from Citrix Provisioning Server (PVS) *Image created with Machine Creation Services (MCS) *Image created outside of XenDesktop
    17. 17. © 2012 Citrix | Confidential – Do Not Distribute Desktop Catalog models PVS Streamed Virtual Physical Streamed with PvD Virtual Only MCS Pooled Random Static Pooled with PvD* Dedicated PreAssigned First Use * Behaves like pooled-static
    18. 18. © 2012 Citrix | Confidential – Do Not Distribute MCS – ID Disk, Difference Disk, Base VM Virtual Desktop 1Diff Disk ID Disk VHD Chain Windows 7 Master This is what the user sees as Drive C: This is hidden from the users view Virtual Desktop 2Diff Disk ID Disk VHD Chain Virtual Desktop xDiff Disk ID Disk VHD Chain Storage Subsystem
    19. 19. © 2012 Citrix | Confidential – Do Not Distribute MCS with PvD – ID Disk, Diff Disk, Base VM, PVDisk Virtual Desktop 1 VHD Chain Windows 7 Master Diff Disk ID Disk Personal vDisk• This part is hidden from user • Merged with the Diff Disk • Seen by user as Drive C: • E.g. Installed apps • Seen by the user as Drive P: • USERDATA e.g. My Documents • Free space is the split allocation • PVDisk auto-created during catalog creation by copying PvD template from Base VM • 10GB by default with 50 / 50 split for App Data / User Data
    20. 20. © 2012 Citrix | Confidential – Do Not Distribute PVS – Streamed vDisk, Cache, Base VM Virtual Desktop 1Streamed vDisk Write Cache PVS Stream Windows 7 Master This is what the user sees as Drive C: Visible file on another disk, typically D: Virtual Desktop 2Streamed vDisk Write Cache PVS Stream Virtual Desktop xStreamed vDisk Write Cache PVS Stream Storage Subsystem
    21. 21. © 2012 Citrix | Confidential – Do Not Distribute PVS with PvD–Streamed vDisk, Cache, Base VM, PvDisk Virtual Desktop 1 PVS Stream Windows 7 Master Streamed vDisk Write Cache Personal vDisk• This part is hidden from user • Seen by user as Drive C: • E.g. Installed apps • Seen by the user as Drive P: • USERDATA e.g. My Documents • Free space is the split allocation • PvDisk auto-created during catalog creation by copying PvD template from Base VM • 10GB by default with 50 / 50 split for App Data / User Data
    22. 22. © 2012 Citrix | Confidential – Do Not Distribute Where are some of the common Issue ? • Hypervisor communication • Domain permissions • Previously failed attempts still present in database • Host Connection configured with incorrect storage • Naming convention on the host
    23. 23. © 2012 Citrix | Confidential – Do Not Distribute What logs do we need for this issue ? Machine Creation Services Broker Service Infrastructure Services Broker Broker Service Machine Creation Service AD Identity Service Machine Identity Service Host Service Configuration Service Desktop Studio WCF [80] PoSH SQL Server
    24. 24. © 2012 Citrix | Confidential – Do Not Distribute Troubleshooting Methodology 24 • Understand issue history • Verify configuration, error logs and alerts • Gather and review log data of issues • Compare data to working environment
    25. 25. © 2012 Citrix | Confidential – Do Not Distribute Enabling Log from the Command Line Service –LogFile <Location>Citrix.ADIdentity.SdkWcfEndpoint.exe -LogFile c:xdlogsAD.log Citrix.MachineCreation.SdkWcfEndpoint.exe -Logfile “c:xdlogsMCS-PVSvm.log” Citrix.MachineIdentity.SdkWcfEndpoint.exe -LogFile c:xdlogsmi.log
    26. 26. Case Study 1 Machine Creation Services
    27. 27. © 2012 Citrix | Confidential – Do Not Distribute Case Study Walk Through Background: • New Deployment • Latest Hotfixes • Full Administrator account used • Worked before they rebuilt environment Case Study 1: MCS Fails after wizard
    28. 28. © 2012 Citrix | Confidential – Do Not Distribute Log Analysis: Desktop Studio Logs Case Study 1: Machine Creation Service fail after wizard 24/04/13 02:37:10.7603 : DesktopStudio: [6] Script SetActionMetaData(402): [RES] Value:Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog. Search Terms: [Time of Issue] Fail | Error | Exception | Denied
    29. 29. © 2012 Citrix | Confidential – Do Not Distribute Search Terms: [Time of Issue] Fail | Error | Exception | Denied Case Study 1: Machine Creation Service fail after wizard Log Analysis: Machine Creation Service Logs Failed to copy disk. Reason : SR_HAS_NO_PBDS ManagedMachineException: Failed to copy disk. Reason : SR_HAS_NO_PBDS Concluding job d5ea54c6-b7f1-4d45-ac08-2e2abae39e48 with state DiskConsolidationFailed. WorkflowAddMetadata(, Citrix_DesktopStudio_ExtraWarnings, Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.)
    30. 30. © 2012 Citrix | Confidential – Do Not Distribute Root Cause analysis: Misconfiguration 30 • Failed to copy disk Reason : SR_HAS_NO_PBDS • Hypervisor Connection‟s did not include correct storage for the Master Image • Target device disk could not be copied due to this Hypervisor - Storage misconfiguration *Definitions: SR - Storage Repositories PBD - Physical Block Devices
    31. 31. VDA Startup and Registration
    32. 32. © 2012 Citrix | Confidential – Do Not Distribute Controller DDC Broker Service VDA Registration VDA Desktop Service VDA Active Directory Controller WCF LDAP Database Registered
    33. 33. © 2012 Citrix | Confidential – Do Not Distribute Troubleshooting VDA Startup and Registration • XDPing Log • Basic Checks • Logs: ᵒWorkstation Agent Logs ᵒBroker Logs • Network Trace Controller Broker Service VDA Desktop Service 1011011010 SSL 1011011010 SSL 101101
    34. 34. © 2012 Citrix | Confidential – Do Not Distribute XDPING • Can be run on both the DDC and VDA • Used to collect data related to basic components • Will verify if the components are working correctly ᵒVerify Domain Membership ᵒNetwork Interfaces ᵒWCF Endpoints ᵒServices ᵒDNS lookup ᵒTime difference between machine and Domain Controller
    35. 35. © 2012 Citrix | Confidential – Do Not Distribute Basic Checks • Check the Network: Ping , Telnet and NetStat, Firewall • Ensure Services started without errors • Listening on the correct port • Check time • Check configured list of DDCs in registry
    36. 36. Case Study 2 Startup and Registration
    37. 37. © 2012 Citrix | Confidential – Do Not Distribute Case Study Walk Through Background: • Locked down environment • Special configuration needed to manually enable needed services • Worked in the Proof of Conference Lab but failed in production Case Study 2: New Catalog Fail to Register
    38. 38. © 2012 Citrix | Confidential – Do Not Distribute Log Analysis: Workstation Agent Service Logs Failed to register with http://FTLRSCOTT2RHONE.lab.net:80/Citrix/CdsController/IRegistrar. WCF Fault with detail CallbackCommunicationError, message 'Fail worker callback using SPN host/RS2-SynPool01.lab.net and IP address 10.19.196.945' Register FAILURE: HighAvailabilityActive = False, InHighAvailabilityMode = False, _firstRegistrationAttemptTime = 05/18/2013 13:54:31, HighAvailabilityRegistrationTimout = 00:05:00 Message following Error pattern Could not register with any controllers. Waiting to try again in 9407 ms 38 Search Terms: [Time of Issue] Fail | Error | Exception | Denied Case Study 2: New Catalog Fail to Register
    39. 39. © 2012 Citrix | Confidential – Do Not Distribute Log Analysis: Broker Service Logs Broker:TestWorkerComms failed for worker S-1-5-21-1123877020-465626563- 3648135752-1267 caught exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed. 39 Search Terms: [Time of Issue] Fail | Error | Exception | Denied Case Study 2: New Catalog Fail to Register
    40. 40. © 2012 Citrix | Confidential – Do Not Distribute Root Cause analysis: Misconfiguration 40 • The DDC was not authorized the initiate a connection to the VDA • “Access To Computer From The Network” Computer Policy did not have an entry for the Controlled and the default everyone was removed in production. Resolution: Customer added explicit entry to a Group that included all the Brokers as members
    41. 41. © 2012 Citrix | Confidential – Do Not Distribute • PVD maintains logs in the base of the volume attached to the VM ◦ (alongside the VHD containing the PVD user-installed applications) • These logs contain a wealth of information that should be captured and provided to support/engineering if you experience problems • Most frequently seen PVD support cases … ◦ Failure of PVD to start virtualization (PVD can‟t locate volume/VHD, etc.. …) ◦ Customers trying to install unsupported apps ◦ Customers trying to move PVDs between VMs
    42. 42. © 2012 Citrix | Confidential – Do Not Distribute 42 • Desktop Director has helpdesk-facing PVD metrics and support ◦ % of application area in use / total size ◦ % of user profile area in use / total size ◦ PVD reset • PVD reset allows the helpdesk to reset the application area while leaving the user‟s data intact ◦ Aka “revert to factory default” ◦ Useful to reset PVDs that become wedged due to users installing broken applications
    43. 43. VDA Launch
    44. 44. © 2012 Citrix | Confidential – Do Not Distribute VDA Launch Controller #1 Broker Service DDC VDA Desktop Service VDA WI Idle Launch Request SQL WCF XML broker queries DB for a ready worker Broker signals worker to Prepare for a Session User Clicks to launch session ICA Service Preparing New Session
    45. 45. © 2012 Citrix | Confidential – Do Not Distribute VDA Launch Controller #1 Broker Service DDC VDA Desktop Service VDA WI SQL WCF Work State: Active Work State: Connected Request to Validate Ticket sent Controller ICA file is sent to Endpoint ICA Service 1. Validates Ticket 2. Validates License 3. Policies Ticket is ValidAuthNTicket Connected Portica gets License Active
    46. 46. © 2012 Citrix | Confidential – Do Not Distribute
    47. 47. © 2012 Citrix | Confidential – Do Not Distribute Troubleshooting VDA Launch • Event Logs (Web Interface, Controller, Storefront) • Desktop Studio • Broker Logs • Workstation Agent • Portica Logs • Network Packet tracing
    48. 48. Case Study 3 VDA Launch
    49. 49. © 2012 Citrix | Confidential – Do Not Distribute Case Study Walk Through Background: • They recently converted all images to a Citrix PVS image • The original image worked • All streamed images including the golden image failed to launch Case Study 3: Launch Failure 1030
    50. 50. © 2012 Citrix | Confidential – Do Not Distribute Search: Prepare
    51. 51. © 2012 Citrix | Confidential – Do Not Distribute Troubleshooting :VDA Launch • Search Strings: Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect
    52. 52. © 2012 Citrix | Confidential – Do Not Distribute Troubleshooting :VDA Launch • Search Strings: Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect
    53. 53. © 2012 Citrix | Confidential – Do Not Distribute Root Cause analysis: MFAphook Module Failed to Load 53 • Conversion via provisioning server had changes the long name format of the drive • mfaphook failed to load and this is needed for interaction with the OS. Resolution: Add back short name to system see CTX133773 for more information
    54. 54. Tools
    55. 55. © 2012 Citrix | Confidential – Do Not Distribute XD Tools • HDX Monitor • CDF Control • Citrix Scout • Site Checker • Desktop Director
    56. 56. © 2012 Citrix | Confidential – Do Not Distribute HDX Monitor • Thinwire (Graphics) • Direct 3D (Graphics) • Media Stream (aka RAVE) • Flash • Audio • USB Devices
    57. 57. © 2012 Citrix | Confidential – Do Not Distribute HDX Monitor • Mapped Client Drives (CDM) • Branch Repeater • Printer • Client • Smart Card • Scanner • System
    58. 58. © 2012 Citrix | Confidential – Do Not Distribute Citrix Scout / XD Collector (CTX130147) 58 • Push button easy data collection system • Makes data collection and upload push button easy • Integrates data collected by Scout with the Citrix Tools as a Service (TaaS) backend • Simplifies data collection & analysis
    59. 59. © 2012 Citrix | Confidential – Do Not Distribute #CitrixSummit CDF Control: CTX111961 Tip: • Use this tool to remotely enable and collect CDF traces when system are non persistent 59
    60. 60. © 2012 Citrix | Confidential – Do Not Distribute Site Checker Tool: CTX133767 • Enumerate Environment • Checks Services Status • Checks service instances registration status • Reset Controllers Services instances into Database
    61. 61. © 2012 Citrix | Confidential – Do Not Distribute Desktop Director 61 • Web Based • Unified view of apps and desktops • End-user details empower the help desk • Includes HDX Monitor • Access to personal vDisk tasks
    62. 62. Resources discussed
    63. 63. © 2012 Citrix | Confidential – Do Not Distribute Optimal deployment recommendations • CTX124087 - XenDesktop Modular Reference Architecture • CTX127939 - XenDesktop 5 Database Sizing and Mirroring Best Practices • CTX123244 - High Availability for Desktop Virtualization - Reference Architecture • CTX120760 - XenDesktop - Design Handbook • CTX128700 - XenDesktop Planning Guide - XenDesktop Scalability • Whitepaper - Benchmarking Citrix XenDesktop using Login Consultants VSI 63
    64. 64. © 2012 Citrix | Confidential – Do Not Distribute For More Information • CTX132536 - Worker Unregisters at Session Launch • CTX130147 - Citrix Scout • CTX111961 - CDFControl • CTX127492 - How to enable Controller Service Logging in XenDesktop 5 • CTX128075 - XDDBDiag: XenDesktop 5 Database Diagnostics • CTX128909 - XenDesktop 5 Logon Process and Communication Flow 64
    65. 65. © 2012 Citrix | Confidential – Do Not Distribute For More Information • Vmware – Using VMware with XenDesktop • SCVMM Using Microsoft SCVMM 2008 with XenDesktop • CTX127538: How to Reconfigure a XenDesktop Site to Use a Mirrored Database • CTX127998 : Database Access and Permission Model for XenDesktop 5 CTX133160 - LSQuery - License Server Data Collection Tool CTX127314 - How to Collect Data for Troubleshooting Licensing Issues 65
    66. 66. Takeaways
    67. 67. © 2012 Citrix | Confidential – Do Not Distribute Presentation Goals Recap 67  Provide an understanding of the architecture  Instruct On How To Configure  Provide Troubleshooting Resources
    68. 68. © 2012 Citrix | Confidential – Do Not Distribute About Citrix Services Citrix Services make sure you succeed with your virtualization programs. How we can help Citrix Education – The fastest, most efficient way to get your team the virtualization skills they need. Online, on-site or in class. citrix.com/training Citrix Consulting – Intensive engagements for complex, critical or just plain massive projects. citrix.com/consulting Citrix Support – Always-on support services that leverage everything we know about best-practice deployment and maintenance. citrix.com/support Educate | Guide | Support | Succeed
    69. 69. © 2012 Citrix | Confidential – Do Not Distribute • 40 insider troubleshooting tips • Covering XenDesktop, XenServer, XenApp and NetScaler • Citrix Support top engineers • FREE eBook • Citrix Auto Support • Now available! Secrets of the Citrix Support Ninjas
    70. 70. © 2012 Citrix | Confidential – Do Not Distribute Premier Support Calculator Check it out
    71. 71. © 2012 Citrix | Confidential – Do Not Distribute Next Webinar: September • Title: Troubleshooting a XenDesktop environment using the PowerShell SDK • Description: The Citrix XenDesktop PowerShell SDK is the foundation for all interactions with a XenDesktop database and is the same SDK used by Desktop Studio. • This deep dive session will include a behind-the-scenes look at several tools used by Citrix Technical Support that utilize the PowerShell SDK, including common configuration cmdlets and scripts. • When: Sept 26th Registration Now!
    72. 72. Work better. Live better.Work better. Live better.

    ×