10 Tips Every XenDesktop Admin Should Know

Citrix Support Secrets
Webinar Series
10 Tips Every XenDesktop Admin Should Know
Mick Glover Sr. Readiness Specialist, Worldwide Support Readiness
January 30, 2014
Presenter Bio: Mick Glover

Over 18 Years of Experience in IT
Joined Citrix in January 2005
Started as Senior member of Frontline team
Spent 3 years working as an Escalation Engineer
Been with the WW Readiness team since 2009
Certifications: CCA, CCEE, CCIA, CCI & MCSE
SME areas: XenDesktop, App Orchestration, UPM
Promotes the XD Tipster Blog Series and @XDtipster twitter feed
2012 Citrix | Confidential Do Not Distribute
Objectives
At the end of this webinar, you will be able to:
Customize your PoSH working environment
Validate the true state of FMA services and identity possible issues
Generate and apply Schema update scripts against Site DB
Logically group machines using Broker tags
Manage computer a/cs and naming schemes for MCS Catalogs
Explicitly Control access to desktops through PoSH
Configure aspects of XD using built-in Citrix PSProviders
Configure advanced PMGMT features
Create service DB scripts of various types to facilitate XD Deployments
Tip Number 10
Creating a customized XD PoSH $profile
What is a PoSH Profile?

The nuts and Bolts
PoSH script file (.ps1) that runs when PoSH starts up
Can contain Cmdlets, Scripts, functions i.e. any valid PoSH commands
Can be used to set-up and customize your PoSH env

Advantage for XenDesktop administrators?
Lets take a look.
Step 1: Confirm if profile already exists

Test-path $profile
Return value False = No existing profile
Return value True = Existing profile
Step 2: Create PoSH $Profile

New-item type file $profile
-Force parameter can be used to overwrite an existing profile
Step 3: Configure PoSH $Profile

Notepad $profile
Type notepad $profile
Enter commands to customize PoSH env
File Save Exit
Step 4: Confirm existence of $Profile

Test-Path %profile
Expected return value = True
Edit at any stage by typing Notepad $profile Return
New-Item PoSH cmdlet

-Force switch Usage
Allows the cmdlet to create an item that writes over an existing read-only item
Step 5: Confirm $Profile functionality

E.G. Get-BrokerSite
Tip Number 9
Service MGMT (Checking The state of FMA
services through PoSH)
Checking the Status of the controller Services

Windows services applet wont paint the full picture
Run Get-<Alias>ServiceStatus for each service
Expected return value = OK
Other Possible Return values include:
DBMissingOptionalFeature
DBRejectedConnection
DBUnconfigured
Lets take a look
PoSH - Validating Service Status

XD 5.x
Use Get-BrokerServiceStatus (Broker Service)
Use Get-ConfigServiceStatus (Configuration Service)
Use Get-HypServiceStatus (Host Service)
Use Get-AcctServiceStatus (AD Identity Service)
Use Get-ProvServiceStatus (Machine Creation Service)
Use Get-PvsvmServiceStatus (Machine Identity Service)
Use Get-LicServiceStatus (License Service)

XD 7.x 1 of 2
Use Get-BrokerServiceStatus (Broker Service)
Use Get-ConfigServiceStatus (Configuration Service)
Use Get-HypServiceStatus (Host Service)
Use Get-AcctServiceStatus (AD Identity Service)
Use Get-ProvServiceStatus (Machine Creation Service)
Use Get-LicServiceStatus (License Service)

XD 7.x 2 of 2
Use Get-EnvTestServiceStatus (Environment Test Service)
Use Get-SfServiceStatus (Storefront Service)
Use Get-MonitorServiceStatus (Monitor Service)
Use Get-LogServiceStatus (Configuration Logging Service)
Use Get-AdminServiceStatus (Delegated Administration Service)
Get-BrokerServiceStatus - Return Values (1 of 2)

Status
Meaning
OK
The broker is connected to a database that is valid, and

the service is running.
DBUnconfigured
The broker does not have a database connection

configured
DBRejectedConnection
The database rejected the logon from the Broker

Service. This may be caused by bad credentials, or the
database not being installed.
InvalidDBConfigured
The database schema is missing (possibly just the

stored procedures in it).
DBNotFound
The specified database could not be located with the

configured connection string.
DBMissingOptionalFeature
The broker is connected to a database that is valid, but

it does not have the full functionality required for
optimal performance. Upgrading the database is
advisable.
DBMissingMandatoryFeature
The broker is connected to a database that is valid, but

it does not have the full functionality required so the
broker cannot function. Upgrading the database is
required.
Get-BrokerServiceStatus - Return Values (2 of 2)

Status
Meaning
DBNewerVersionThanService
The broker is too old to use the database. A newer

version is required.
DBOlderVersionThanService
The database is too old for the Broker Service. Upgrade

the database.
DBVersionChangeInProgress
A database schema upgrade is in progress.
OK
PendingFailure
Connectivity between the Broker Service and the

database has been lost. This may be a transitory
network error, but may indicate a loss of connectivity
that requires administrator intervention.
Failed
Connectivity between the broker and the database has

been lost for an extended period of time, or has failed
due to a configuration problem. The broker service
cannot operate while its connection to the database is
unavailable.
Unknown
The Service's status cannot be determined
Validating the Status of the controller Services

Write simple .ps1 script for single Controller to make your life easier
Validating the Status of the controller Services

Return value is important
What does DBMissingOptionalFeature mean?

Run Help Get-BrokerServiceStatus Full to find out
The broker is connected to a database that is valid, but it does not have the full
functionality required for optimal performance. Upgrading the database is
advisable.
Next Step? See Tip 8
Tip Number 8
Checking & Updating DB Schema versions
manually through PoSH
DB Schemas
background
Each Service has its own DB Schema and set of tables that it communicates
with
DB Schema version should match the version of the service itself for optimal
performance
Lets take a look and see what the problem is
Step 1: Run Get-BrokerInstalledDbVersion

Check current Broker Service DB schema and available upgrade options
Step 2: Run Get-BrokerController

Check Controller Version
Step 3: Run Get-BrokerDBVersionChangeScript

Create upgrade script
Step 4: Disconnect Controller from DB
Any controller can essentially be turned off (disconnect from the DB)by unconfiguring the services
You could also stop the Broker Service
Step 5: Upgrade the Broker Service Schema

Execute upgrade_71.sql file on
SQLServer in SQLCMD mode and
against the XD DB
Check messages window for
confirmation
Start the Broker service one again
on Controller prior to Step 7 (Next
Slide)
Step 7: Check Status of Broker Service again

Get-BrokerServiceStatus
Expected return value = OK
Remember: Creating simple scripts will make your life easier and can be fun to
use
Tip Number 7
Machine Tagging
Machine Tagging
The Nuts and Bolts
Machine tagging first introduced in XD 5.x
Can be used to create a logical grouping of machines within a site
Across Delivery Groups & OUs
This can have advantages when configuring HDX Policies/Access to resources

Lets take a look
Machine Tagging through Citrix Studio

Any machine which is part of a Delivery or Desktop Group can be tagged within
Citrix Studio
Assigning Tags through PoSH

Example - Alternative Option
1. New-BrokerTag -Name <Executive>
2. $desktop = Get-BrokerDesktop -uid 1
3. Add-BrokerTag -Name Executive -desktop $desktop
Assigning Tags through PoSH

Visual Example 2
Confirming Machine UIDs
Viewing Tags through PoSH

Use Select Command
Get-BrokerMachine | select machinename, tags | format-table
HDX Tag Filter

Use Case
HDX Policies can be applied
against specific tags
Tip Number 6
Managing the Identity Pool StartCount and
NamingScheme Parameters for MCS Catalogs
Identity Pools
Created and managed by the AD Identity Service
Associated with Catalogs
Observation
IdentityPoolName & ProvisioningSchemeName matching values
XenDesktop A/C delete/re-use options

MCS Only
Important to understand
Delete options in relation to
machine a/c mgmt
NB: If machine AD a/c is
deleted then it can be used
again automatically as long as
the StartCount value is reset
to match
If AD a/c is not deleted then
resetting the StartCount will
have no impact
StartCount value determines
Changing the NamingScheme

Considerations
Changing the NamingScheme

WebinarTest#
Set-AcctIdentityPool -IdentityPoolName
"Windows 7 SP1 x86 - 1GB" -NamingScheme
WebinarTest# -StartCount 1
Note: Unless the StartCount value is explicitly
set then it will remain as it was prior to the
change in NamingScheme
Reverting NamingScheme
Considerations
StartCount will not change
Tip Number 5
Controlling Access To Resources
XD Site Policies
Overview
Entitlement Policies (Pooled/Shared Desktops)
Get-BrokerEntitlementPolicyRule
Get-BrokerAppEntitlementPolicyRule
Assignment Policies (Dedicated/Private Desktops)

Get-BrokerAssignmentPolicyRule
Get-BrokerAppAssignmentPolicyRule
Access Policy
Get-BrokerAccessPolicyRule (Discussed during Tip# 2)
Lets take a look
Viewing BrokerEntitlementPolicy rule(s)

Training Win7 Delivery Group
By default, no exclusions are set
Setting a BrokerEntitlementPolicy rule

Edit existing rule for relevant Delivery Group
Revert Changes/Remove Exclusions

Use RemoveExcludedUsers parameter or empty the array using @()
Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -RemoveExcludedUsers
training\user1 -ExcludedUserFilterEnabled $false
Or
Set-BrokerEntitlementPolicyRule -Name "Training Win7_1"
-ExcludedUserFilterEnabled $false -ExcludedUsers @()
Tip Number 4
Exploring Citrix PowerShell Providers
What are PowerShell Providers

The nuts and Bolts
Extensions which allow data structures to be mounted through PoSH
Available PSProviders can be viewed using Get-PSProvider
XenDesktop 5.x & 7.x ship with two PSproviders
CitrixGroupPolicy
Citrix.Hypervisor
Lets take a look.
View all available Providers

Run Get-PSProvider
Specific PS-Drives are created by default for each PSProvider

Use CD command to mount PSDrives

CD XDHYP: Return
CD LocalGPO: Return
CD Templates: --> Return
CitrixGroupPolicy PSProvider also supports other PSDrives that are not
available by default
To view these options run Help New-PSDrive Full from within the mounted LocalGPO
or Templates drive
Example Usage: Enabling Intellicache
LocalStorageCaching related error
Creating HDX Policies through PoSH

Use the CitrixGroupPolicy PSProvider
New-PSDrive Webinar -PSProvider CitrixGroupPolicy -Root \ -Controller
DC1dir
Enable Setting
Example: ReadonlyClipboard
PS Webinar:\user\training\Settings\ica> Set-ItemProperty ReadonlyClipboard
-Name State -Value enabled
Running dir under the Ica folder will return the following
Configure Tag filter through Citrix Studio

Allow: Training Tag
Validate Functionality
Through Registry
HKLM\Software\Policies\Citrix\<s
ession#\User\VCPolicies.
Tip Number 3
Configuring Extended Disconnect/Logoff settings
Extended Disconnect/Logoff Settings

Extending Functionality
Available for Pooled & Dedicated Desktops/Delivery Groups
Can only be configured through PoSH
Available for Peak & OffPeak hours
Lets take a look
View all disconnect options through PoSH

Get-BrokerDesktopGroup -Name "training win7" | select *peakdis*, *extende* |
format-list
Configuring Extended Disconnect Setting

Example: Peak Hours
Set-BrokerDesktopGroup -Name "Training Win7"
-PeakExtendedDisconnectAction suspend -PeakExtendedDisconnectTimeout 5
Tip Number 2
Using the Site Access Policy to Restrict Access to
Resources
Site Access Policy

Contains two rules per Delivery Group by default
Direct Connections
Connections through Netscaler/AG
Similar to the Entitlement and Assignment site policy rules, Site access policy
rules control access to resources
What is the key difference?
Entitlement & Assignment policy rules control user access (included/excluded users)
Access policy rules control the wider conditions
(Clientnames/ClientIPs/SmartAccessFilters)
Lets take a look
Example: Restrict access from ClientIP

Return Access Policy rules for a specific Delivery Group
Get-BrokerAccessPolicyRule -DesktopGroupName "Training Win7 - Dedicated
Edit the direct rule and exclude a specific IP address

Set-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct"
-ExcludedClientIPFilterEnabled $true -ExcludedClientIPs 192.168.10.29 to restrict
access from the Win7Client machine
Tip Number 1
Manually Joining a Controller to an existing Site

Simple three step process
Create Instance Scripts for each service

running on DC1 (Controller)
2
3


Configure the DB connection string for each

service
3


Configure the DB connection string for each

service
Register each service with the Configuration

service
Lets take a look

Complete instructions can be found here
http://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controller-to-an-ex
isting-db-3-simple-steps
/
Before I Finish
XD Tipster Blog Series
XD Tipster Blogs
Just a selection
http://blogs.citrix.com/2013/09/19/xd-tipster-introducing-the-new-xd7-xendesk
top-posh-module
/
http://blogs.citrix.com/2013/08/29/xd-tipster-machine-tagging-and-hdx-policies/
http://blogs.citrix.com/2013/08/21/xd-tipster-changing-delivery-group-icons-revi
sited-xd7
/
http://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controllerto-an-existing-db-3-simple-steps
/
http://blogs.citrix.com/2013/10/01/xd-tipster-creating-hdx-policies-through-posh/
http://blogs.citrix.com/2013/10/22/xd-tipster-removing-controllers-from-an-xd-si
te-using-posh
About
Citrix Services
Citrix Services
make sure
you succeed with
your
virtualization
programs.
Educate | Guide | Support |

Succeed
How we can help

Citrix Education The fastest, most
efficient way to
get your team the virtualization skills they
need. Online,
on-site or in class.
citrix.com/training
Citrix Consulting Intensive engagements
for
complex, critical or just plain massive
projects.
citrix.com/consulting
Citrix Support Always-on support services
Secrets of the Citrix Support Ninjas

40 insider troubleshooting tips
Covering XenDesktop, XenServer, XenApp and NetScaler
Citrix Support top engineers
FREE eBook
Citrix Auto Support
Now available!
Premier Support Calculator

Check it out
Work better. Live better.

10 Tips Every XenDesktop Admin Should Know

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

10 Tips Every XenDesktop Admin Should Know

Enviado por

Direitos autorais:

Formatos disponíveis

Citrix Support Secrets

Presenter Bio: Mick Glover

2012 Citrix | Confidential Do Not Distribute

What is a PoSH Profile?

Can be used to set-up and customize your PoSH env

2012 Citrix | Confidential Do Not Distribute

Step 1: Confirm if profile already exists

2012 Citrix | Confidential Do Not Distribute

Step 2: Create PoSH $Profile

2012 Citrix | Confidential Do Not Distribute

Step 3: Configure PoSH $Profile

2012 Citrix | Confidential Do Not Distribute

Step 4: Confirm existence of $Profile

2012 Citrix | Confidential Do Not Distribute

New-Item PoSH cmdlet

2012 Citrix | Confidential Do Not Distribute

Step 5: Confirm $Profile functionality

2012 Citrix | Confidential Do Not Distribute

Checking the Status of the controller Services

Other Possible Return values include:

Lets take a look

2012 Citrix | Confidential Do Not Distribute

PoSH - Validating Service Status

2012 Citrix | Confidential Do Not Distribute

PoSH - Validating Service Status

2012 Citrix | Confidential Do Not Distribute

PoSH - Validating Service Status

2012 Citrix | Confidential Do Not Distribute

Get-BrokerServiceStatus - Return Values (1 of 2)

The broker is connected to a database that is valid, and

The broker does not have a database connection

The database rejected the logon from the Broker

The database schema is missing (possibly just the

The specified database could not be located with the

The broker is connected to a database that is valid, but

The broker is connected to a database that is valid, but

Get-BrokerServiceStatus - Return Values (2 of 2)

The broker is too old to use the database. A newer

The database is too old for the Broker Service. Upgrade

A database schema upgrade is in progress.

Connectivity between the Broker Service and the

Connectivity between the broker and the database has

The Service's status cannot be determined

2012 Citrix | Confidential Do Not Distribute

Validating the Status of the controller Services

2012 Citrix | Confidential Do Not Distribute

Validating the Status of the controller Services

2012 Citrix | Confidential Do Not Distribute

What does DBMissingOptionalFeature mean?

2012 Citrix | Confidential Do Not Distribute

2012 Citrix | Confidential Do Not Distribute

Step 1: Run Get-BrokerInstalledDbVersion

2012 Citrix | Confidential Do Not Distribute

Step 2: Run Get-BrokerController

2012 Citrix | Confidential Do Not Distribute

Step 3: Run Get-BrokerDBVersionChangeScript

2012 Citrix | Confidential Do Not Distribute

Step 4: Disconnect Controller from DB

Step 5: Upgrade the Broker Service Schema

2012 Citrix | Confidential Do Not Distribute

Step 7: Check Status of Broker Service again

2012 Citrix | Confidential Do Not Distribute

This can have advantages when configuring HDX Policies/Access to resources

2012 Citrix | Confidential Do Not Distribute