Configuring & Troubleshooting

XenDesktop Sites
SUM408
May 2013

Ramon Scott Lead Escalation Engineer

Presentation Goals
Provide an Understanding of the
Architecture
Instruct on How to Configure
Provide Proven Troubleshooting
Methodologies and Resources
2

High-Level XenDesktop Database

And Services Architecture

Database

XenDesktop 5 Database Overview

Supported Databases:
SQL Server 2008 SP1 / 2008R2

Broker

(including Express)
Database
Broker

Database Schema
Full Relational Schema
Tables, Views, Stored Procedures
Single Database (for core product)
Multiple SQL Schemas in Database
Schemas map onto Windows
services running on Broker

Setup Process
Single Admin

Separate Admins
XD Admin

XD Admin
credentials
used

ch
e

XD
Console

Database

SQL Server
Console

1.
Schema

Export
(SQL script)

3.
Schema

SQL Admin
SQL Admin
credentials
used

Broker
4. Verify

2.
S

Broker

2.
Schema

XD Admin

1.
Schema

3. Verify

XD
Console

Database

Database Access
Security Access Model
Network Service Account

Controller Controller

NT AUTHORITY\NETWORK SERVICE
Broker
Broker
Service
Service

Computer Account
DOMAIN\MACHINE$

SQL Login per Broker

Restricted permission set

Controller

Brokers do not have rights to change schema

Database

Database

Database High-Availability
Broker is critically dependant on Database
Existing connections not impacted
Creating new connections and reconnecting to desktops
impacted

Database Failure = Broker Failure

Supported Database H/A Options:

(expected popularity

order)

1.SQL Mirror
2.Virtual Machine H/A
3.SQL Cluster
Citrix Confidential - Do Not Distribute

Database Schema Roles and Permissions

XenDesktop Service

Database Role

AD Identity Service (Acct)

ADIdentitySchema_ROLE

Broker Service (Broker)

chr_Broker
chr_Controller

Central Configuration Service

(Config)

ConfigurationSchema_ROLE

Machine Creation Service (PvsVM)

DesktopUpdateManagerSchema_
ROLE

Hosting Management Service

(Hyp)

HostingUnitServiceSchema_ROLE

Machine Identity Service (Prov)

MachinePersonalitySchema_ROLE

Health Checks: XDDBDiag

Provided consistency data check on
the data
Provides connectivity verification
It also provides the following:

Virtual Desktop Agent Information

Hypervisor Connections Information
Policy Information
Controller Information
Desktop Groups Information
SQL Information
Current Connections / Connection Log

Services

XenDesktop 5 Services Architecture

Desktop
Studio
WCF
[80]

PowerSh
ell

Controller

Machine
Creation
Service
AD Identity
Service

PowerSh
ell

Machine
Identity
Service

Machine Creation
Services

Desktop
Director
WCF
[80]

[5985/5986]

Host
Service

Broker
Service

Configurati
on
Service

Broker
Service

Infrastructure
Services

SQL Server

WinRM 2.0

Virtual
Desktop
Agent
(VDA)

Windows
Windows Communication
Communication
Foundation
Foundation (WCF)
(WCF)
12

Service Status
XenDesktop Service

PowerShell Cmdlet

AD Identity Service (Acct)

Get-AcctServiceStatus

Broker Service (Broker)

Get-BrokerServiceStatus

Central Configuration Service

(Config)

Get-ConfigServiceStatus

Machine Creation Service (Prov)

Use Get-ProvServiceStatus

Hosting Management Service(Hyp)

Get-HypServiceStatus

Machine Identity Service (PvsVM)

Get-PvsvmServiceStatus

Machine Creation

Desktop Catalog models

App
App

Existing

Profile
PvD
Profile
PvD
PvD
PvD

Dedicated
Pooled
Pooled with personal vDisk
Streamed
Streamed with personal vDisk

Image
Image

Profile
Profile

App
App

Base Image
BaseApps
Image
with
with Apps

Profile
Profile

Streamed
Image
Streamed
Streamed
Base
Image
Image
Base
Image
Streamed
Base
Image
Base
Image
Base
Image
withImage
Apps
Base
Image
Base
withImage
Apps
Base
with
Apps
with Apps

App
App

Image
Image

Profile
PvD
PvD
Profile
PvD
PvD

Profile
PvD
PvD
Profile
PvD
PvD
Profile
Profile

*Image
Streamed
from
*Image
created
with
*Image
Streamed
from
*Image
created
with
*Image
created
outside
of
*Image
created
outside
of
Citrix
Provisioning
Server
Machine
Creation
Services
Citrix Provisioning
Server
Machine
Creation Services
XenDesktop
XenDesktop
(PVS)
(MCS)
(PVS)
(MCS)

Desktop Catalog models

** Behaves
Behaves like
like
pooled-static
pooled-static

MCS ID Disk, Difference Disk, Base VM

Windows 7
Master
VHD Chain

VHD Chain

VHD Chain

This is what the

user sees as Drive
C:\

This is hidden from

the users view

Diff Disk

ID Disk

Virtual Desktop 1

Diff Disk

ID Disk

Virtual Desktop 2

Diff Disk

ID Disk

Virtual Desktop x

Storage Subsystem

MCS with PvD ID Disk, Diff Disk, Base VM, PVDisk

Windows 7
Master
VHD Chain
Diff Disk
This part is hidden from
user
Merged with the Diff
Disk
Seen by user as Drive
C:\
E.g. Installed apps

ID Disk

Personal vDisk

PVDisk auto-created during

catalog creation by copying
PvD template from Base VM
10GB by default with 50 /
50 split for App Data / User
Data

Virtual Desktop 1
Seen by the user as Drive
P:\
USERDATA e.g. My
Documents
Free space is the split
allocation

PVS Streamed vDisk, Cache, Base VM

Windows 7
Master

This is what the

user sees as Drive
C:\

Visible file on
another disk,
typically D:\

PVS Stream

Streame
d
vDisk

Write
Cache

Virtual Desktop 1

PVS Stream

Streame
d
vDisk

Write
Cache

Virtual Desktop 2

PVS Stream

Streame
d
vDisk

Write
Cache

Virtual Desktop x

Storage Subsystem

PVS with PvDStreamed vDisk, Cache, Base VM, PvDisk

Windows 7
Master
PVS Stream

This part is hidden from

user
Seen by user as Drive C:\
E.g. Installed apps

Streame
d vDisk

Write
Cache

Personal vDisk

PvDisk auto-created during

catalog creation by copying
PvD template from Base VM
10GB by default with 50 /
50 split for App Data / User
Data

Virtual Desktop 1
Seen by the user as Drive
P:\
USERDATA e.g. My
Documents
Free space is the split
allocation

Where are some of the common Issue ?

Hypervisor communication
Domain permissions
Previously failed attempts still present
in database
Host Connection configured with
incorrect storage
Naming convention on the host

What logs do we need for this issue ?

Desktop
Studio

PoSH

WCF
[80]

Broker

Machine
Creation
Service
AD Identity
Service

Machine
Identity
Service

Machine Creation
Services

Host
Service

Broker
Service

Configurati
on
Service

Broker
Service

Infrastructure
Services

SQL Server

Troubleshooting Methodology
Understand issue history
Verify configuration, error logs and
alerts
Gather and review log data of issues
Compare data to working environment

23

Enabling Log from the Command Line

Citrix.MachineCreation.SdkWcfEndpoint.exe -Logfile
c:\xdlogs\MCS-PVSvm.log
Citrix.ADIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\AD.log

Service LogFile <Location>

Citrix.MachineIdentity.SdkWcfEndpoint.exe -LogFile
c:\xdlogs\mi.log

Case Study 1
Machine Creation Services

Case Study 1: MCS Fails after wizard

Case Study
Walk Through

Background:
New Deployment
Latest Hotfixes
Full Administrator account used
Worked before they rebuilt environment

Log Analysis: Desktop Studio Logs

Case Study 1: Machine Creation Service fail after wizard

24/04/13 02:37:10.7603 : DesktopStudio: [6] Script

SetActionMetaData(402): [RES] Value:
Failed
to copy all master images to all of the Hosts. No machines
have been added to the Catalog.
Search
Search Terms:
Terms:
[Time
[Time of
of Issue]
Issue]
Fail
|
Error
Fail | Error || Exception
Exception ||
Denied
Denied

Log Analysis: Machine Creation Service Logs

Case Study 1: Machine Creation Service fail after wizard

Failed to copy disk. Reason : SR_HAS_NO_PBDS

ManagedMachineException: Failed to copy disk. Reason : SR_HAS_NO_PBDS
Concluding job d5ea54c6-b7f1-4d45-ac08-2e2abae39e48 with state
DiskConsolidationFailed.
WorkflowAddMetadata(, Citrix_DesktopStudio_ExtraWarnings, Failed to copy all
master images to all of the Hosts. No machines have been added to the Catalog.)
Search
Search Terms:
Terms:
[Time
[Time of
of Issue]
Issue]
Fail
|
Error
Fail | Error || Exception
Exception ||
Denied
Denied

Root Cause analysis: Misconfiguration

Failed to copy disk Reason :
SR_HAS_NO_PBDS
Hypervisor Connections did not
include correct storage for the
Master Image
Target device disk could not be
copied due to this Hypervisor
-Storage misconfiguration
*Definitions:
*Definitions:
SR
SR -- Storage
Storage Repositories
Repositories
PBD
PBD -- Physical
Physical Block
Block Devices
Devices
29

VDA Startup and Registration

VDA Registration
Registered
VDA

WCF

Desktop

Broker
Service

Service

VDA

Controller

LDAP

Active
Directory
Controller

Database
DDC

Troubleshooting VDA Startup and Registration

XDPing Log
Basic Checks
Logs:
Workstation Agent Logs
Broker Logs
Network Trace
VDA
Desktop

Service

Controller
1011011010 SSL 1011011010 SSL 101101
Broker

Service

XDPING
Can be run on both the DDC and
VDA
Used to collect data related to basic
components
Will verify if the components are
working correctly

Verify Domain Membership

Network Interfaces
WCF Endpoints
Services
DNS lookup
Time difference between machine and
Domain Controller

Basic Checks
Check the Network: Ping , Telnet and NetStat,
Firewall
Ensure Services started without errors
Listening on the correct port
Check time
Check configured list of DDCs in registry

Case Study 2
Startup and Registration

Case Study 2: New Catalog Fail to Register

Case Study
Walk Through

Background:
Locked down environment
Special configuration needed to
manually enable needed services
Worked in the Proof of Conference Lab
but failed in production

Log Analysis: Workstation Agent Service Logs

Case Study 2: New Catalog Fail to Register

Failed to register with

http://FTLRSCOTT2RHONE.lab.net:80/Citrix/CdsController/IRegistrar.
WCF Fault with detail CallbackCommunicationError, message 'Fail worker callback using
SPN host/RS2-SynPool01.lab.net and IP address 10.19.196.945'
Register FAILURE: HighAvailabilityActive = False, InHighAvailabilityMode = False,
_firstRegistrationAttemptTime = 05/18/2013 13:54:31, HighAvailabilityRegistrationTimout
= 00:05:00
Message following Error pattern
Could not register with any controllers. Waiting to try again in 9407 ms
37

Search
Search Terms:
Terms:
[Time
[Time of
of Issue]
Issue]
Fail
|
Error
Fail | Error || Exception
Exception ||
Denied
Denied

Log Analysis: Broker Service Logs

Case Study 2: New Catalog Fail to Register

Broker:TestWorkerComms failed for worker S-1-5-21-1123877020-4656265633648135752-1267 caught exception:

System.ServiceModel.Security.SecurityNegotiationException: The caller was not
authenticated by the service. ---> System.ServiceModel.FaultException: The
request for security token could not be satisfied because authentication failed.
Search
Search Terms:
Terms:
[Time
[Time of
of Issue]
Issue]
Fail
|
Error
Fail | Error || Exception
Exception ||
Denied
Denied

38

Root Cause analysis: Misconfiguration

The DDC was not authorized the initiate
a connection to the VDA
Access To Compute From The Network
Computer Policy did not have an entry for
the Controlled and the default everyone
was removed in production.
Resolution: Customer added explicit entry
to a Group that included all the Brokers
as members
39

 PVD maintains logs in the base of the volume attached to the VM

(alongside the VHD containing the PVD user-installed applications)
These logs contain a wealth of information that should be captured and provided
to support/engineering if you experience problems
Most frequently seen PVD support cases
Failure of PVD to start virtualization (PVD cant locate volume/VHD, etc.. )
Customers trying to install unsupported apps
Customers trying to move PVDs between VMs

 Desktop Director has helpdesk-facing PVD metrics and support

% of application area in use / total size
% of user profile area in use / total size
PVD reset
PVD reset allows the helpdesk to reset the application area while leaving the
users data intact
Aka revert to factory default
Useful to reset PVDs that become wedged due to users installing broken applications

41

VDA Launch

VDA Launch
VDA
Desktop
Service

VDA

Idle

Preparing
New Session
WCF

Polic
Setti y
ngs

ICA
Service

Controller #1
Broker
Service

DDC

Broker signals
worker to Prepare
Launch Request
for a Session
User Clicks to
launch session

SQL

XML broker queries

DB for a ready worker

WI

Active
Connected
VDA
Desktop
Service

VDA

WCF

Polic
Setti y
ngs

Controller #1
Broker
Service

DDC

ICA
Service

Request to
Validate Ticket
Ticket
is
ICA
filegets
is sent to
Portica
sent Controller
ValidAuthNTicket
Endpoint
License

1.
2.
3.

WI

SQL

Validates Ticket
Validates License
Work State:
Policies
Work State: Active
Connected

Troubleshooting VDA Launch

Event Logs (Web Interface, Controller,
Storefront)
Desktop Studio
Broker Logs
Workstation Agent
Portica Logs
Network Packet tracing

Case Study 3
VDA Launch

Case Study 3: Launch Failure 1030

Case Study
Walk Through

Background:
They recently converted all images to a
Citrix PVS image
The original image worked
All streamed images including the
golden image failed to launch

Search: Prepare

Troubleshooting :VDA Launch

Search Strings:
Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect

Troubleshooting :VDA Launch

Search Strings:
Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect

Root Cause analysis: MFAphook Module Failed to

Load
Conversion via provisioning server had
changes the long name format of the
drive
mfaphook failed to load and this is
needed for interaction with the OS.
Resolution: Add back short name to
system see CTX133773 for more
information
53

Tools

XD Tools
HDX Monitor
CDF Control
Citrix Scout
Site Checker
Desktop Director

HDX Monitor
Thinwire (Graphics)
Direct 3D (Graphics)
Media Stream (aka RAVE)
Flash
Audio
USB Devices

HDX Monitor
Mapped Client Drives (CDM)
Branch Repeater
Printer
Client
Smart Card
Scanner
System

Citrix Scout / XD Collector (CTX130147)

Push button easy data collection system

Makes data collection and upload push button easy

Integrates data collected by Scout with the Citrix Tools as a Service
(TaaS) backend
Simplifies data collection & analysis

58

CDF Control: CTX111961

Tip:
Use this tool to remotely
enable and collect CDF traces
when system are non
persistent
59

#CitrixSummit

Site Checker Tool: CTX133767

Enumerate Environment
Checks Services Status
Checks service instances
registration status
Reset Controllers Services
instances into Database

Desktop Director
Web Based
Unified view of apps and
desktops
End-user details empower
the help desk
Includes HDX Monitor
Access to personal vDisk
tasks

61

Resources discussed

Optimal deployment recommendations

CTX124087 - XenDesktop Modular Reference Architecture
CTX127939 - XenDesktop 5 Database Sizing and Mirroring Best Practices
CTX123244 - High Availability for Desktop Virtualization - Reference
Architecture
CTX120760 - XenDesktop - Design Handbook
CTX128700 - XenDesktop Planning Guide - XenDesktop Scalability
Whitepaper - Benchmarking Citrix XenDesktop using Login Consultants VSI

64

For More Information

CTX132536 - Worker Unregisters at Session Launch
CTX130147 - Citrix Scout
CTX111961 - CDFControl
CTX127492 - How to enable Controller Service Logging in XenDesktop 5
CTX128075 - XDDBDiag: XenDesktop 5 Database Diagnostics
CTX128909 - XenDesktop 5 Logon Process and Communication Flow

65

For More Information

Vmware Using VMware with XenDesktop
SCVMM Using Microsoft SCVMM 2008 with XenDesktop
CTX127538: How to Reconfigure a XenDesktop Site to Use a Mirrored
Database
CTX127998 : Database Access and Permission Model for XenDesktop 5
CTX133160 - LSQuery - License Server Data Collection Tool
CTX127314 - How to Collect Data for Troubleshooting Licensing Issues

66

Takeaways

Presentation Goals Recap

Provide an understanding of the
architecture
Instruct On How To Configure
Provide Troubleshooting Resources
68

Q&A

Before you leave

Conference surveys are available online at www.citrixsynergy.com starting
Friday, May 24 at 9:00 a.m. PT
Provide your feedback by 4:00 p.m. PT that day and youll receive a $30 Amazon.com
gift card via email

Download presentations starting Monday, June 3, from your My Conference

Planning tool located within the My Account section

70

Work better. Live better.