1. Ramon Scott – Lead Escalation Engineer
Configuring & Troubleshooting XenDesktop Sites
SUM408
May 2013
Ramon Scott – Lead Escalation Engineer
Good afternoon my name is Ramon Scott and I am a Lead Escalation Engineer on the Citrix Escalation Team Today my presentation be on Configuring and Troubleshooting XenDesktop Sites.

2. Presentation Goals Provide an Understanding of the Architecture
Instruct on How to Configure
Provide Proven Troubleshooting Methodologies and Resources
I'd like to start by providing the goals of my presentation
The first goal is to provide an understanding of the architecture, then instruct on how to configure core components and lastly, provide Proven Troubleshooting Methodologies and Resources

3. High-Level XenDesktop Database And Services Architecture
let's begin by looking at the high level XenDesktop database and services architecture

4. Database
We will start by looking at the database

5. XenDesktop 5 Database Overview
Supported Databases:
SQL Server 2008 SP1 / 2008R2 (including Express)
Database Schema
Full Relational Schema
Tables, Views, Stored Procedures
Single Database (for core product)
Multiple SQL ‘Schemas’ in Database
‘Schemas’ map onto Windows services running on Broker
Broker
Database
Broker
XenDesktop supported databases are:
SQL 2008 SP1, R2 and higher including express editions.
The database schema has a full relational schema; complete with tables views and stored procedures
there is a single database for the core product
and
there are multiple schemas inside the database
schemas map to windows services running on the broker

6. Setup Process XD Console Single Admin Broker Database XD Admin
1. Schema
Database
2. Schema
XD Admin
3. Verify
XD Admin credentials used
Separate Admins
XD Console
Broker
1. Schema
Database
3. Schema
XD Admin
4. Verify
SQL Server Console
SQL Admin
2. Schema
“Export”
(SQL script)
SQL Admin credentials used
the setup process will depend on the environment
What does this mean ?
If there is a single administrator account used for SQL and XenDesktop
then this admin will generate the schema from the console
and the console in turn will connect to the SQL database and execute the script to create the database .
<.>Once this script has successfully executed the broker will connect to the database and verify that it is operational
In case where their are separate XenDesktop and SQL admin account. the XenDesktop admin will generate the schema from the console, this schema will be exported to a SQL script that should be provided to the SQL admin.
Next, the SQL admin will connect to the SQL server console and execute the script to create the database . Once this script has successfully executed the broker will connect to the database and verify that it is operational

7. Database Access Database Security Access Model SQL Login per Broker
Network Service Account
“NT AUTHORITY\NETWORK SERVICE”
Computer Account
“DOMAIN\MACHINE$”
SQL Login per Broker
Restricted permission set
Brokers do not have rights to change schema
Controller
Database
Broker Service
Controller
Database
Broker Service
Database access
The runtime access performed by the XenDesktop DDCs on the database uses the following security model:
In the environment where the controller and the SQL database are housed on the same Server
the broker will connect to the database using its local network service accounts . NT AUTHORITY /NETWORK SERVICE
On the other hand If the broker and SQL database are on separate servers, the broker will connect to using its computer accounts : “DOMAIN\MACHINE$”
there is one SQL login for each broker
This account login has a restricted permission
that means the broken does not have rights to change the schema
The XD database contains a set of pre-configured DB roles which have detailed execute/select permissions hung off them. Each DDC has a dedicated user within the XD database that is a member of the above roles. Each DDC accesses the DB server through its AD machine account which requires it to have a login created for it, and for that login to be mapped to the associated user in the XD DB. The login does not need to be a member of any server-level roles.
´The XenDesktop 5 services access the database using their computer account logins (domain\machine$, or „NT AUTHORITY\NETWORK SERVICE‟ if database is located on a controller ( i.e. SQL Express)

8. Database High-Availability
Broker is critically dependant on Database
Existing connections not impacted
Creating new connections and reconnecting to desktops impacted
Database Failure = Broker Failure
Supported Database H/A Options: (expected popularity order)
SQL Mirror
Virtual Machine H/A
SQL Cluster
Now discuss our high availability options
the Booker is critically dependent on the database however
if there is a database failure existing connections will not be impacted
but creating new connections and reconnecting to desktops will
that means a database failure equals a broker failure
the supported high availability options are SQL mirroring ,virtual machine high availability and SQL clustering
Citrix Confidential - Do Not Distribute

9. Database Schema Roles and Permissions
XenDesktop Service
Database Role
AD Identity Service (Acct)
ADIdentitySchema_ROLE
Broker Service (Broker)
chr_Broker
chr_Controller
Central Configuration Service (Config)
ConfigurationSchema_ROLE
Machine Creation Service (PvsVM)
DesktopUpdateManagerSchema_ROLE
Hosting Management Service (Hyp)
HostingUnitServiceSchema_ROLE
Machine Identity Service (Prov)
MachinePersonalitySchema_ROLE
Here is a table that Maps the XenDesktop services to the available database schemas

10. Health Checks: XDDBDiag
Provided consistency data check on the data
Provides connectivity verification
It also provides the following:
Virtual Desktop Agent Information
Hypervisor Connections Information
Policy Information
Controller Information
Desktop Groups Information
SQL Information
Current Connections / Connection Log
XDDBDIAG
to perform basic health check on a XD site you can use the XDDBDiag tool

11. Services
We will now transition and review the services architecture

12. XenDesktop 5 Services Architecture
Desktop Studio
WCF
[80]
PowerShell
Desktop Director
WCF
[80]
PowerShell
Virtual Desktop Agent (VDA)
WinRM 2.0
[5985/5986]
Controller
Machine Creation
Service
Host Service
AD Identity Service
Machine Identity Service
Broker Service
Configuration
Service
Machine Creation
Services
Broker
Service
Infrastructure
Services
Windows Communication Foundation (WCF)
SQL Server
The Machine creation service is responsible for the creation and provisioning activities for VMs and master Images
Machine Identity Service, this service is responsible for the management of the Disks attached to the VMs
AD Identity service, this service is responsible for the maintenance and creation of the AD computer accounts
The services combine to make-up the Machine Creation Services
Broker service, this service is responsible for VDA registration, Power Management, license enforcement and resource allocation
host service , this service manages the hypervisor connections and resources
Configuration Service, this service provides directory services metadata storage and security
These two services make up the Infrastructure Services
All six services maintaining their own separate connection to the backend SQL database
So what does this mean for you?
Well, when there is an an issue with Expanding catalogs , the personality of machines computer accounts lockouts, the troubleshooting efforts will be focused on the Machine creation services
If your issue is related to the hypervisor connection storage or its resources, Site configuration or errors in service communication your focus should be directed at the Infrastructure Services
And for issues with registration, licensing, power management your efforts will be focused on the Broker Service
Desktop studio is the management console used to configure the site and it leverages PowerShell and WCF typically on port 80
Desktop director is a web based portal that can be used to the support and helpdesk teams to monitor and troubleshooting system issues before they become system-critical while at the same time
Quickly and seamlessly perform crucial support tasks for their end users including view Performance statistics via WinRM
Windows Communication Foundation (or WCF), previously known as "Indigo", is a runtime and a set of APIs (application programming interface) in the .NET Framework for building connected, service-oriented applications
SOA: Service-oriented architecture
Ref:
Each service instance reads and writes to the SQL database periodically using connectionless ADO.net.
PoSH – PowerShell
WCF – Windows Communication Foundation
WinRM – Windows Remote Management

13. Service Status XenDesktop Service PowerShell Cmdlet
AD Identity Service (Acct)
Get-AcctServiceStatus
Broker Service (Broker)
Get-BrokerServiceStatus
Central Configuration Service (Config)
Get-ConfigServiceStatus
Machine Creation Service (Prov)
Use Get-ProvServiceStatus
Hosting Management Service(Hyp)
Get-HypServiceStatus
Machine Identity Service (PvsVM)
Get-PvsvmServiceStatus
You can also receive the current status of any of the core services from the XenDesktop PowerShell prompt by running the respective command from this list as you can see the syntax is quite intuitive
Let’s look at the example in the first row
‘to get the status of the AD identity service , you simply execute the get ‘dash’ acct service status

14. Machine Creation
We can now review the concept of Machine Creation

15. Desktop Catalog models
App
Profile
Profile
App
PvD
PvD
Image
Existing
Dedicated
Pooled
Pooled with personal vDisk
Streamed
Streamed with personal vDisk
Profile
Profile
Base Image
with Apps
App
App
Image
Profile
Profile
PvD
PvD
Streamed
Base Image
with Apps
Streamed
Base Image
Base Image
Profile
Profile
Base Image
with Apps
Image
App
App
Profile
Profile
PvD
PvD
Profile
Profile
*Image created outside of XenDesktop
*Image Streamed from Citrix Provisioning Server (PVS)
*Image created with Machine Creation Services (MCS)
In XenDesktop 5.6 and higher support , Seven virtual desktop models are supported  we have existing which leverages virtual machines created outside of XenDesktop . These next three are created by desktop through MCS For a dedicated catalog , the image is cloned and provided to multiple user that will have the ability to persist their changes going forward  we then have pooled that create a cloned image that is then referenced as a single base image ; The virtual machines then saves any changes from the base image to a volatile diff disk that is discarded on reboot Then there is pooled with personal vdisk , this allows pooled machines the facility to save change to a separate disk that will persist with them on reboot Next there is streamed, this catalog leverages Citrix PVS server to  stream a non-persistent image to the VM and all changes the image are lost on reboot and lastly we have streamed with Pvds , the steamed images the  facility to save change to a separate disk that will persist with them on reboot  

16. Desktop Catalog models
MCS
Pooled
Random
Static
Pooled with PvD*
Dedicated
PreAssigned
First Use
PVS
Streamed
Virtual
Physical
Streamed with PvD
Virtual Only
under the MCS options, A pooled catalog can be either Randomly assigned or statically Assigned and then with Dedicated catalogs you can have Pre-Assigned or assigned to a user on first use
Pooled with PVD operated like a static pool as the same machine is proved to the users in addition to there unique PVD The dedicated model can be pre-assigned to a user or assigned on first use and they will retain the assignment going forward And Now For The two PVS options , You can either steam to a virtual to physical desktop
Where as steamed with PVD, allows you to only steam to Virtual Machines 
Ref:
Random in that a user gets a new pooled image or the static option in which the same images is provided to the users after reboots.
* Behaves like pooled-static

17. MCS – ID Disk, Difference Disk, Base VM
This is what the user sees as Drive C:\
This is hidden from the users view
Windows 7 Master
Virtual Desktop 1
Diff Disk
ID Disk
VHD Chain
Virtual Desktop 2
Diff Disk
ID Disk
VHD Chain
Virtual Desktop x
Diff Disk
ID Disk
VHD Chain
Machine creation service catalogs comprise of three disks, the Master base disk shared among all VMs in the catalog, and for each Virtual desktop, a diff disk and an identity disk
The Diff, This is what the user sees as Drive C:\
And the identity disk this is hidden from the users view and maintains the machines personality configuration.
This scheme is replicated for each disk that is created.
Storage Subsystem

18. MCS with PvD – ID Disk, Diff Disk, Base VM, PVDisk
Windows 7 Master
VHD Chain
Diff Disk
ID Disk
Virtual Desktop 1
Personal vDisk
This part is hidden from user
Merged with the Diff Disk
Seen by user as Drive C:\
E.g. Installed apps
Seen by the user as Drive P:\
USERDATA e.g. My Documents
Free space is the split allocation
PVDisk auto-created during catalog creation by copying PvD template from Base VM
10GB by default with 50 / 50 split for App Data / User Data
For Machine creation with Personal Vdisk , we have the base, and VM dif and id disk, however there is an addition personal vdisk auto-created by copying the pvd template from the base VM. This disk is 10 GB by default and has a 50/50 split for application data and user data
This part is hidden from user and Merged with the Diff Disk and the users accesses its information as drive C:\ eg application data

19. PVS – Streamed vDisk, Cache, Base VM
This is what the user sees as Drive C:\
Visible file on another disk, typically D:\
Windows 7 Master
Virtual Desktop 1
Streamed
vDisk
Write Cache
PVS Stream
Virtual Desktop 2
Streamed
vDisk
Write Cache
PVS Stream
Virtual Desktop x
Streamed
vDisk
Write Cache
PVS Stream
PVD stream catalogs have the Streams vdisk, the write cache and the Base VM.
The Streamed vDisk is what the user sees as Drive C:\
And the Write Cache is visible file on another disk, typically D:\
Storage Subsystem

20. PVS with PvD–Streamed vDisk, Cache, Base VM, PvDisk
Windows 7 Master
PVS Stream
Streamed vDisk
Write Cache
Virtual Desktop 1
Personal vDisk
This part is hidden from user
Seen by user as Drive C:\
E.g. Installed apps
Seen by the user as Drive P:\
USERDATA e.g. My Documents
Free space is the split allocation
PvDisk auto-created during catalog creation by copying PvD template from Base VM
10GB by default with 50 / 50 split for App Data / User Data
Streamed with PVD has the base image and for each Virtual desktop there is a streamed vDisk and write cache however it also has the personal vDisk attached . The PVD is the same as in the MCS configuration, I.e.., defaults to 10 GB, there’s a 50/50 split , the application data is hidden and the User data is seen as the as P:\

21. Where are some of the common Issue ?
Hypervisor communication
Domain permissions
Previously failed attempts still present in database
Host Connection configured with incorrect storage
Naming convention on the host
You may be interested in also learning what are some of the common issues
They are:
Hypervisor communication
Domain permissions
Previously failed attempts still present in database
The Host Connection configured with incorrect storage repository
the host configured with and unsupported Naming convention

22. What logs do we need for this issue ?
Desktop Studio
PoSH
WCF
[80]
Broker
Machine Creation
Service
Host Service
AD Identity Service
Machine Identity Service
Broker Service
Configuration
Service
Machine Creation
Services
Broker
Service
Infrastructure
Services
SQL Server
So What happened when after you just sold your business unit on the concept of moving to XenDesktop and they request 500 new desktops for tomorrow morning
and
the wizard Fails ?
What logs do we need ?
well as previously mentioned for issue with machine creation you need the machine creation services logs from the three services
You may also collect the logs from the desktop studio to see what command were run and what errors we actually returned
At this point all other logs can be ignored

23. Troubleshooting Methodology
Understand issue history
Verify configuration, error logs and alerts
Gather and review log data of issues
Compare data to working environment
When troubleshooting an issue I recommend the following Methodology
Understand issue history
What changed?
When did is Start
Any specific images it happens more frequently with?
Verify configuration, error logs and alerts
Gather and review service log data of issues
Compare collected data to a working environment

24. Enabling Log from the Command Line
Service –LogFile <Location>
Citrix.MachineCreation.SdkWcfEndpoint.exe -Logfile “c:\xdlogs\MCS-PVSvm.log”
Citrix.ADIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\AD.log
Citrix.MachineIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\mi.log
Citrix provides many methods to enable and collect logs; and I wanted to provide one that was a little less known
You can enable the service logs by locating the service executable and launching with the parameter dash logfile and then the valid location for the log file
Here we go and enable the machine creation service logs
Next the
AD identify service logs and lastly the Machine identity service
Reference for log enabling
C:\Program Files\Citrix\MachineCreation\Service>Citrix.MachineCreation.SdkWcfEndpoint.exe -logfile c:\xdlogs\MCS-PVSvm.log
C:\Program Files\Citrix\ADIdentity\Service>Citrix.ADIdentity.SdkWcfEndpoint.exe -logfile c:\xdlogs\AD.log
C:\Program Files\Citrix\Host\Service>Citrix.Host.SdkWcfEndpoint.exe -logfile c:\xdlogs\host.log
C:\Program Files\Citrix\MachineCreation\Service>Citrix.MachineCreation.SdkWcfEndpoint.exe -logfile c:\xdlogs\MC.log
C:\Program Files\Citrix\MachineIdentity\Service>Citrix.MachineIdentity.SdkWcfEndpoint.exe -logfile c:\xdlogs\mi.log

25. Case Study 1 Machine Creation Services
great, We have done quite a lot so far, now lets see how it applies with a case study

26. Case Study 1: MCS Fails after wizard
Background:
New Deployment
Latest Hotfixes
Full Administrator account used
Worked before they rebuilt environment
Case Study
Walk Through
This case study is actually something seen in my lab when rebuilding my lab for a new case.
This is a New Deployment with the Latest Hotfixes , I utilized account with Full Administrative access to the domain and hypervisor . This environment worked before it was rebuilt

27. Log Analysis: Desktop Studio Logs
Case Study 1: Machine Creation Service fail after wizard
24/04/13 02:37: : DesktopStudio: [6] Script SetActionMetaData(402): [RES] Value:
Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.
Search Terms: [Time of Issue]
Fail | Error | Exception | Denied
So I started by reviewing the Desktop Studio logs
The search terms I users were the [Time of Issue].* Fail | Error | Exception | Denied
It quickly returned the error seen in the console “Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.”
Ok It tell me I failed however I need to dig further

28. Log Analysis: Machine Creation Service Logs
Case Study 1: Machine Creation Service fail after wizard
Failed to copy disk. Reason : SR_HAS_NO_PBDS
ManagedMachineException: Failed to copy disk. Reason : SR_HAS_NO_PBDS
Concluding job d5ea54c6-b7f1-4d45-ac08-2e2abae39e48 with state DiskConsolidationFailed.
WorkflowAddMetadata(, Citrix_DesktopStudio_ExtraWarnings, Failed to copy all master images to all of the Hosts. No machines have been added to the Catalog.)
Search Terms: [Time of Issue]
Fail | Error | Exception | Denied
So I then review the Machine Creation Service log
I used the same search terms [Time of Issue].* Fail | Error | Exception | Denied
It returned with a from interesting errors
First it reported : Failed to copy disk. Reason : SR_HAS_NO_PBDS
Then it how and Managed exception with the same error
Next it indicated the job I created was concluding with a disk consolidation failed error
And finally it reported the error seen in the console and Desktop studio logs
So what do you do next, that have a detailed error, we can use it and conduct some research via forums , search engines etc.

29. Root Cause analysis: Misconfiguration
Failed to copy disk Reason : SR_HAS_NO_PBDS
Hypervisor Connection’s did not include correct storage for the Master Image
Target device disk could not be copied due to this Hypervisor - Storage misconfiguration
*Definitions:
SR - Storage Repositories
PBD - Physical Block Devices
So the issue was a misconfiguration
The main clue is that message
Failed to copy disk Reason : SR_HAS_NO_PBDS
So research shows that SRs are Storage Repositories and PBD are Physical Block Devices implies that the sr does not have access to the disk, so we checked and found that the
Hypervisor Connection’s did not include correct storage for the Master Image
The Broker could not communicate with the correct storage location and therefore we were not able to create the base master image . When creating the hypervisor connection we followed the defaults of the wizard and did not specify the location that we utilized from images.

30. VDA Startup and Registration

31. VDA Registration Database VDA DDC ListofDDC Registered VDA Controller
WCF
Desktop Service
Broker Service
Database
VDA
DDC
LDAP
Active Directory
Controller
ListofDDC
Desktop Service is started
Looks up list of DDC from local registry or from personality.ini file
Looks up the computer accounts in Active Directory
Selects one DDC from the DDCs list at random and then initiates a connection through WCF
DDC receives or rejects connection
If DDC rejects or does not respond, service wait for the timeout then selects another DDC at random
If DDC receives connection, it looks up the VDA computer account
Checks that computer account (SID) is in published assignment
Initiates WCF Test connection to VDA
Queries the VDA state
Sets configuration and policies
VDA is marked as registered
Returns success for registration
VDA starts heartbeat ping to DDC

32. Troubleshooting VDA Startup and Registration
XDPing Log
Basic Checks
Logs:
Workstation Agent Logs
Broker Logs
Network Trace
VDA
Controller
Desktop Service
SSL SSL
Broker Service

33. XDPING XDPING Can be run on both the DDC and VDA
Used to collect data related to basic components
Will verify if the components are working correctly
Verify Domain Membership
Network Interfaces
WCF Endpoints
Services
DNS lookup
Time difference between machine and Domain Controller
XDPING
CTX123278
Xd Ping report networking information of the machine
Performs time checks against the domain
Retrieve the current Users information
Ref Info:
Information and status of Network Interfaces and Network settings. (Console Only)
Performs DNS lookup and reverse lookup on the IP address of the device.
Information on Time synchronization and time check for Kerberos Authentication (Console Only)
User information for login User (Console Only) Including User details, Authentication type used, Group Membership.
Machine information (Console Only) Environment information (Computer Name, operating system version, Domain)  Domain membership verification (Membership = Verified, SID:S-X-X-XX-XXXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXX [OK])
Information on XenDesktop Services (Windows Communication Foundation Endpoints) installed and confirms if each installed service is responsive. (Console Only)
Displays information on the Windows Firewall installed on the VDA and checks if the important ports are configured correctly.
Queries the local event log to check for known events that are related to XenDekstop.
Provides client bandwidth and response time information from the VDA to the client.

34. Basic Checks Check the Network: Ping , Telnet and NetStat, Firewall
Ensure Services started without errors
Listening on the correct port
Check time
Check configured list of DDCs in registry
Bidirectional network tests, verifying that telnet is possible bidirectional, verify that the services are started and are the listening on the correct port
Then disable any firewalls
We then check the time against the Doman and between the ddc and VDA
next we verify the registry entry for the list of ddcs
If after these check we still haven’t found the root cause , then we enable service logging on the Vda and broker

35. Case Study 2 Startup and Registration
Its now time to review the second Case Study.

36. Case Study 2: New Catalog Fail to Register
Background:
Locked down environment
Special configuration needed to manually enable needed services
Worked in the Proof of Conference Lab but failed in production
Case Study
Walk Through

37. Log Analysis: Workstation Agent Service Logs
Case Study 2: New Catalog Fail to Register
Failed to register with
WCF Fault with detail CallbackCommunicationError, message 'Fail worker callback using SPN host/RS2-SynPool01.lab.net and IP address '
Register FAILURE: HighAvailabilityActive = False, InHighAvailabilityMode = False, _firstRegistrationAttemptTime = 05/18/ :54:31, HighAvailabilityRegistrationTimout = 00:05:00
Message following Error pattern
Could not register with any controllers. Waiting to try again in 9407 ms
Search Terms: [Time of Issue]
Fail | Error | Exception | Denied

38. Log Analysis: Broker Service Logs
Case Study 2: New Catalog Fail to Register
Broker:TestWorkerComms failed for worker S caught exception: System.ServiceModel.Security.SecurityNegotiationException: The caller was not authenticated by the service. ---> System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
Search Terms: [Time of Issue]
Fail | Error | Exception | Denied

39. Root Cause analysis: Misconfiguration
The DDC was not authorized the initiate a connection to the VDA
“Access To Compute From The Network” Computer Policy did not have an entry for the Controlled and the default everyone was removed in production.
Resolution: Customer added explicit entry to a Group that included all the Brokers as members
DDC was not Authorized to call back to the VDA
Policy found that was needed but not enabled
Resolution to explicitly enable access

40. Troubleshooting and Support
PVD maintains logs in the base of the volume attached to the VM
(alongside the VHD containing the PVD user-installed applications)
These logs contain a wealth of information that should be captured and provided to support/engineering if you experience problems
Most frequently seen PVD support cases …
Failure of PVD to start virtualization (PVD can’t locate volume/VHD, etc.. …)
Customers trying to install unsupported apps
Customers trying to move PVDs between VMs

41. Troubleshooting and Support (cont’d)
Desktop Director has helpdesk-facing PVD metrics and support
% of application area in use / total size
% of user profile area in use / total size
PVD reset
PVD reset allows the helpdesk to reset the application area while leaving the user’s data intact
Aka “revert to factory default”
Useful to reset PVDs that become wedged due to users installing broken applications

42. Diagnostic Information to Collect
When reporting PVD issues (PVD won’t boot, app doesn’t work, etc.), collect
… the PVD logs from the root of the PVD disk
… OS version and type, bitness
… list of applications installed in the base image (appwiz.cpl)
… list of applications installed in the PVD, if applicable
… which hypervisor, version (XenServer, Hyper-V, etc.)
… provisioning technology (MCS, PVS) and version
PVD Support/Engineering will need this information to troubleshoot

43. VDA Launch

44. VDA Launch Idle SQL WI Preparing New Session
Desktop Service
Controller #1
Broker
Service
DDC
SQL
WCF
Policy
Settings
ICA Service
Broker signals worker to Prepare for a Session
Launch Request
XML broker queries DB for a ready worker
User Clicks to launch session WI

45. VDA Launch (cont’d) Connected Active SQL WI Request to Validate Ticket
Desktop Service
Controller #1
Broker
Service
DDC
SQL
WCF
Policy
Settings
ICA Service
Request to Validate Ticket
sent Controller
Validates Ticket
Validates License
Policies
Ticket is ValidAuthNTicket
Portica gets License
ICA file is sent to Endpoint
Work State: Connected
Work State: Active WI

46. What Happened ?
When troubleshooting Vda Issues the best place to start is asking the simple questions what happened
What did the user see ?was it just a generic error ? Did the error indicate the actual cause
Did the receiver start and disappear without and error
Or did the receiver launch and then return and error

47. Troubleshooting VDA Launch
Event Logs (Web Interface, Controller, Storefront)
Desktop Studio
Broker Logs
Workstation Agent
Portica Logs
Network Packet tracing
When trouble shooing a launch issue you should start by reviewing the event logs

48. Case Study 3
VDA Launch
great, We have done quite a lot so far, now lets see how it applies with a case study

49. Case Study 3: Launch Failure 1030
Background:
They recently converted all images to a Citrix PVS image
The original image worked
All streamed images including the golden image failed to launch
Case Study
Walk Through

50. Search: Prepare

51. Troubleshooting :VDA Launch
Search Strings:
Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect

52. Troubleshooting :VDA Launch
Search Strings:
Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect
Add fail|exception|error to search strings

53. Root Cause analysis: MFAphook Module Failed to Load
Conversion via provisioning server had changes the long name format of the drive
mfaphook failed to load and this is needed for interaction with the OS.
Resolution: Add back short name to system see CTX for more information
The conversion from Physical to Virtual removed the short name associated with the Program files folder (i.e. c:\progra~1). This name was used in the register to enable the Mfaphook process that’s needed to interact with the OS

54. Tools

55. XD Tools HDX Monitor CDF Control Citrix Scout Site Checker
Desktop Director

56. HDX Monitor Thinwire (Graphics) Direct 3D (Graphics)
Media Stream (aka RAVE)
Flash
Audio
USB Devices

57. HDX Monitor Mapped Client Drives (CDM) Branch Repeater Printer Client
Smart Card
Scanner
System

58. Citrix Scout / XD Collector (CTX130147)
Push button easy data collection system
Makes data collection and upload push button easy
Integrates data collected by Scout with the Citrix Tools as a Service (TaaS) backend
Simplifies data collection & analysis

59. CDF Control: CTX111961
Tip:
Use this tool to remotely enable and collect CDF traces when system are non persistent

60. Site Checker Tool: CTX133767 Enumerate Environment
Checks Services Status
Checks service instances registration status
Reset Controllers Services instances into Database

61. Desktop Director Web Based Unified view of apps and desktops
End-user details empower the help desk
Includes HDX Monitor
Access to personal vDisk tasks
Desktop Director is a tool that will utilize role-based permission sets to support the daily usage of Citrix products.
It enables support teams to perform basic maintenance tasks and to monitor and troubleshoot system issues.
Desktop Director 1.0 was introduced with XenDesktop 5 and Desktop Director 2.0 supports troubleshooting XenApp sessions.
Role-based access control – assign appropriate permissions to specific roles to perform certain operation. Full administrator can view all and make changes. Read-only administrator can view all but cannot perform tasks. Help desk administrator can perform day-to-day monitoring and maintenance tasks (restarting desktops or logoff sessions).

62. DB Troubleshooting teaser
Sometimes missed , The SQL server logs found under the SQL management folder in the Management studio can tell customer what the issue was, the account that attempted and why it was denied

63. Resources discussed

64. Optimal deployment recommendations
CTX XenDesktop Modular Reference Architecture
CTX XenDesktop 5 Database Sizing and Mirroring Best Practices
CTX High Availability for Desktop Virtualization - Reference Architecture
CTX XenDesktop - Design Handbook
CTX XenDesktop Planning Guide - XenDesktop Scalability
Whitepaper - Benchmarking Citrix XenDesktop using Login Consultants VSI

65. For More Information CTX132536 - Worker Unregisters at Session Launch
CTX Citrix Scout
CTX CDFControl
CTX How to enable Controller Service Logging in XenDesktop 5
CTX XDDBDiag: XenDesktop 5 Database Diagnostics
CTX XenDesktop 5 Logon Process and Communication Flow

66. For More Information Vmware – Using VMware with XenDesktop
SCVMM Using Microsoft SCVMM 2008 with XenDesktop
CTX127538: How to Reconfigure a XenDesktop Site to Use a Mirrored Database
CTX : Database Access and Permission Model for XenDesktop 5
CTX LSQuery - License Server Data Collection Tool
CTX How to Collect Data for Troubleshooting Licensing Issues

67. Takeaways

68. Presentation Goals Recap
Provide an understanding of the architecture
Instruct On How To Configure
Provide Troubleshooting Resources

69. Q & A

70. Before you leave…
Conference surveys are available online at starting Friday, May 24 at 9:00 a.m. PT
Provide your feedback by 4:00 p.m. PT that day and you’ll receive a $30 Amazon.com gift card via
Download presentations starting Monday, June 3, from your My Conference Planning tool located within the My Account section

72. Service configuration logging
Configuration File
Location
Component
Broker Service
BrokerService.exe.Config
%ProgramFiles%\Citrix\Broker\Service
Broker (DDC)
Machine Creation Service
Citrix.MachineCreation.SdkWcfEndpoint.exe.Config
%ProgramFiles%\Citrix\MachineCreation\Service
ADIdentity Service
Citrix.ADIdentity.SdkWcfEndpoint.exe.Config
%ProgramFiles%\Citrix\ADIdentity\Service
Configuration Service
Citrix.Configuration.SdkWcfEndpoint.exe.Config
%ProgramFiles%\Citrix\Configuration\Service
Machine Identity Service
Citrix.MachineIdentity.SdkWcfEndpoint.exe.Config
%ProgramFiles%\Citrix\MachineIdentity\Service
Citrix Host Service
Citrix.Host.SdkWcfEndpoint.exe.Config
%ProgramFiles%\Citrix\Host\Service
WorkStation Agent
WorkStationAgent.exe.config
%ProgramFiles%\Citrix\Virtual Desktop Agent
VDA

73. DB Troubleshooting teaser
DBUnconfigured
The broker does not have a database connection configured.
DBRejectedConnection
The database rejected the logon from the Broker Service. This may be caused by bad credentials, or the database
not being installed.
InvalidDBConfigured
The database schema is missing (possibly just the stored procedures in it
DBNotFound
The specified database could not be located with the configured connection string.
DBVersionChangeInProgress
A database schema upgrade is in progress
DBUnconfigured
The broker does not have a database connection configured.
DBRejectedConnection
The database rejected the logon from the Broker Service. This may be caused by bad credentials, or the database
not being installed.
InvalidDBConfigured
The database schema is missing (possibly just the stored procedures in it).
DBNotFound
The specified database could not be located with the configured connection string.
DBMissingOptionalFeature
The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable.
DBMissingMandatoryFeature
The broker is connected to a database that is valid, but it does not have the full functionality required so the broker cannot function. Upgrading the database is required.
DBNewerVersionThanService
The broker is too old to use the database. A newer version is required.
DBOlderVersionThanService
The database is too old for the Broker Service. Upgrade the database.
DBVersionChangeInProgress
A database schema upgrade is in progress. OK
The broker is connected to a database that is valid, and the service is running.
PendingFailure
Connectivity between the Broker Service and the database has been lost. This may be a transitory network error,
but may indicate a loss of connectivity that requires administrator intervention.
Failed
Connectivity between the broker and the database has been lost for an extended period of time, or has failed du
e to a configuration problem. The broker service cannot operate while its connection to the database is unavailable.
Unknown
The Service's status cannot be determined.

74. DB Troubleshooting teaser
DBMissingOptionalFeature
The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable.
DBMissingMandatoryFeature
The broker is connected to a database that is valid, but it does not have the full functionality required so the broker cannot function. Upgrading the database is required.
DBNewerVersionThanService
The broker is too old to use the database. A newer version is required.
DBOlderVersionThanService
The database is too old for the Broker Service. Upgrade the database
DBMissingOptionalFeature
The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable.
DBMissingMandatoryFeature
The broker is connected to a database that is valid, but it does not have the full functionality required so the broker cannot function. Upgrading the database is required.
DBNewerVersionThanService
The broker is too old to use the database. A newer version is required.
DBOlderVersionThanService
The database is too old for the Broker Service. Upgrade the database.
DBVersionChangeInProgress
A database schema upgrade is in progress. OK
The broker is connected to a database that is valid, and the service is running.
PendingFailure
Connectivity between the Broker Service and the database has been lost. This may be a transitory network error,
but may indicate a loss of connectivity that requires administrator intervention.
Failed
Connectivity between the broker and the database has been lost for an extended period of time, or has failed du
e to a configuration problem. The broker service cannot operate while its connection to the database is unavailable.
Unknown
The Service's status cannot be determined.

75. DB Troubleshooting teaser
PendingFailure
Connectivity between the Broker Service and the database has been lost. This may be a transitory network error, but may indicate a loss of connectivity that requires administrator intervention.
Failed
Connectivity between the broker and the database has been lost for an extended period of time, or has failed due to a configuration problem. The broker service cannot operate while its connection to the database is unavailable.
Unknown
The Service's status cannot be determined. OK
The broker is connected to a database that is valid, and the service is running.
DBMissingOptionalFeature
The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable.
DBMissingMandatoryFeature
The broker is connected to a database that is valid, but it does not have the full functionality required so the broker cannot function. Upgrading the database is required.
DBNewerVersionThanService
The broker is too old to use the database. A newer version is required.
DBOlderVersionThanService
The database is too old for the Broker Service. Upgrade the database.
DBVersionChangeInProgress
A database schema upgrade is in progress. OK
The broker is connected to a database that is valid, and the service is running.
PendingFailure
Connectivity between the Broker Service and the database has been lost. This may be a transitory network error,
but may indicate a loss of connectivity that requires administrator intervention.
Failed
Connectivity between the broker and the database has been lost for an extended period of time, or has failed du
e to a configuration problem. The broker service cannot operate while its connection to the database is unavailable.
Unknown
The Service's status cannot be determined.