10 Tips Every XenDesktop Admin Should Know

Important links:
PoSH Scripts
Webinar Recording

Citrix Support Secrets
Webinar Series
10 Tips Every XenDesktop Admin Should Know
Mick Glover – Sr. Readiness Specialist, Worldwide Support Readiness
January 30, 2014

Presenter Bio: Mick Glover
• Over 18 Years of Experience in IT
• Joined Citrix in January 2005
• Started as Senior member of Frontline team
• Spent 3 years working as an Escalation Engineer
• Been with the WW Readiness team since 2009

• Certifications: CCA, CCEE, CCIA, CCI & MCSE
• SME areas: XenDesktop, App Orchestration, UPM
• Promotes the XD Tipster Blog Series and @XDtipster twitter feed

2

© 2012 Citrix | Confidential – Do Not Distribute

Objectives
At the end of this webinar, you will be able to:
• Customize your PoSH working environment
• Validate the true state of FMA services and identity possible issues
• Generate and apply Schema update scripts against Site DB
• Logically group machines using Broker tags
• Manage computer a/c’s and naming schemes for MCS Catalogs

• Explicitly Control access to desktops through PoSH
• Configure aspects of XD using built-in Citrix PSProviders
• Configure advanced PMGMT features

• Create service DB scripts of various types to facilitate XD Deployments

Tip Number 10
Creating a customized XD PoSH $profile

What is a PoSH Profile?
The nuts and Bolts
• PoSH script file (.ps1) that runs when PoSH starts up
ᵒCan contain Cmdlets, Scripts, functions i.e. any valid PoSH commands

• Can be used to set-up and customize your PoSH env
• Advantage for XenDesktop administrators?
• Lets take a look….


Step 1: Confirm if profile already exists
Test-path $profile
• Return value False = No existing profile
• Return value True = Existing profile


Step 2: Create PoSH $Profile
New-item –type file $profile
• -Force parameter can be used to overwrite an existing profile


Step 3: Configure PoSH $Profile
Notepad $profile
• Type notepad $profile
ᵒEnter commands to customize PoSH env
ᵒFile  Save  Exit


Step 4: Confirm existence of $Profile
Test-Path %profile
• Expected return value = True
• Edit at any stage by typing Notepad $profile  Return


New-Item PoSH cmdlet
-Force switch Usage
• Allows the cmdlet to create an item that writes over an existing read-only item


Step 5: Confirm $Profile functionality
E.G. Get-BrokerSite


Tip Number 9
Service MGMT (Checking The state of FMA
services through PoSH)

Checking the Status of the controller Services
Windows services applet won’t paint the full picture…
• Run Get-<Alias>ServiceStatus for each service
ᵒExpected return value = OK

• Other Possible Return values include:
•
•
•
•

DBMissingOptionalFeature
DBRejectedConnection
DBUnconfigured
…

• Lets take a look…


PoSH - Validating Service Status
XD 5.x
• Use Get-BrokerServiceStatus (Broker Service)
• Use Get-ConfigServiceStatus (Configuration Service)
• Use Get-HypServiceStatus (Host Service)
• Use Get-AcctServiceStatus (AD Identity Service)
• Use Get-ProvServiceStatus (Machine Creation Service)

• Use Get-PvsvmServiceStatus (Machine Identity Service)
• Use Get-LicServiceStatus (License Service)


XD 7.x 1 of 2
• Use Get-BrokerServiceStatus (Broker Service)
• Use Get-ConfigServiceStatus (Configuration Service)
• Use Get-HypServiceStatus (Host Service)
• Use Get-AcctServiceStatus (AD Identity Service)
• Use Get-ProvServiceStatus (Machine Creation Service)

• Use Get-LicServiceStatus (License Service)


XD 7.x 2 of 2
• Use Get-EnvTestServiceStatus (Environment Test Service)
• Use Get-SfServiceStatus (Storefront Service)
• Use Get-MonitorServiceStatus (Monitor Service)
• Use Get-LogServiceStatus (Configuration Logging Service)
• Use Get-AdminServiceStatus (Delegated Administration Service)


Get-BrokerServiceStatus - Return Values (1 of 2)
Status

Meaning

OK

The broker is connected to a database that is valid, and the service is
running.

DBUnconfigured

The broker does not have a database connection configured

DBRejectedConnection

The database rejected the logon from the Broker Service. This may be
caused by bad credentials, or the database not being installed.

InvalidDBConfigured

The database schema is missing (possibly just the stored procedures in
it).

DBNotFound

The specified database could not be located with the configured
connection string.

DBMissingOptionalFeature

The broker is connected to a database that is valid, but it does not
have the full functionality required for optimal performance.
Upgrading the database is advisable.

DBMissingMandatoryFeature

The broker is connected to a database that is valid, but it does not
have the full functionality required so the broker cannot function.
Upgrading the database is required.

Get-BrokerServiceStatus - Return Values (2 of 2)
Status

Meaning

DBNewerVersionThanService

The broker is too old to use the database. A newer version is required.

DBOlderVersionThanService

The database is too old for the Broker Service. Upgrade the database.

DBVersionChangeInProgress

A database schema upgrade is in progress.

OK
PendingFailure

Connectivity between the Broker Service and the database has been
lost. This may be a transitory network error, but may indicate a loss of
connectivity that requires administrator intervention.

Failed

Connectivity between the broker and the database has been lost for
an extended period of time, or has failed due to a configuration
problem. The broker service cannot operate while its connection to
the database is unavailable.

Unknown

The Service's status cannot be determined


Validating the Status of the controller Services
Write simple .ps1 script for single Controller to make your life easier


Validating the Status of the controller Services
Return value is important


What does DBMissingOptionalFeature mean?
Run Help Get-BrokerServiceStatus –Full to find out…
• The broker is connected to a database that is valid, but it does not have the full
functionality required for optimal performance. Upgrading the database is
advisable.
• Next Step? See Tip 8


Tip Number 8
Checking & Updating DB Schema versions
manually through PoSH

DB Schema’s
background
• Each Service has it’s own DB Schema and set of tables that it communicates
with

• DB Schema version should match the version of the service itself for optimal
performance
• Let’s take a look and see what the problem is…


Step 1: Run Get-BrokerInstalledDbVersion
Check current Broker Service DB schema and available upgrade options


Step 2: Run Get-BrokerController
Check Controller Version


Step 3: Run Get-BrokerDBVersionChangeScript
Create upgrade script


Step 4: Disconnect Controller from DB

• Any controller can essentially be turned off (disconnect from the DB)by unconfiguring the services
• You could also stop the Broker Service…

Step 5: Upgrade the Broker Service Schema
• Execute upgrade_71.sql file on
SQLServer in SQLCMD mode and
against the XD DB
• Check messages window for
confirmation…
• Start the Broker service one again
on Controller prior to Step 7 (Next
Slide)


Step 7: Check Status of Broker Service again
Get-BrokerServiceStatus
• Expected return value = OK
• Remember: Creating simple scripts will make your life easier and can be fun to
use…


Machine Tagging
The Nuts and Bolts
• Machine tagging first introduced in XD 5.x
• Can be used to create a logical grouping of machines within a site
ᵒAcross Delivery Groups & OU’s

• This can have advantages when configuring HDX Policies/Access to resources
• Let’s take a look…


Machine Tagging through Citrix Studio
• Any machine which is part of a Delivery or Desktop Group can be tagged within
Citrix Studio…


Assigning Tags through PoSH
Example - Alternative Option
1. New-BrokerTag -Name <Executive>
2. $desktop = Get-BrokerDesktop -uid 1
3. Add-BrokerTag -Name Executive -desktop $desktop


Assigning Tags through PoSH
Visual Example 2


Confirming Machine UID’s


Viewing Tags through PoSH
Use Select Command
• Get-BrokerMachine | select machinename, tags | format-table


HDX Tag Filter
Use Case
• HDX Policies can be applied
against specific tags…


Tip Number 6
Managing the Identity Pool StartCount and
NamingScheme Parameters for MCS Catalogs

Identity Pools
Created and managed by the AD Identity Service
• Associated with Catalogs


Observation
IdentityPoolName & ProvisioningSchemeName matching values


XenDesktop A/C delete/re-use options
MCS Only
• Important to understand
Delete options in relation to
machine a/c mgmt…
• NB: If machine AD a/c is
deleted then it can be used
again automatically as long as
the StartCount value is reset
to match
• If AD a/c is not deleted then
resetting the StartCount will
have no impact

StartCount value determines


Changing the NamingScheme
Considerations


Changing the NamingScheme
WebinarTest#
• Set-AcctIdentityPool -IdentityPoolName
"Windows 7 SP1 x86 - 1GB" -NamingScheme
WebinarTest# -StartCount 1
• Note: Unless the StartCount value is explicitly
set then it will remain as it was prior to the
change in NamingScheme


Reverting NamingScheme
Considerations
• StartCount will not change


Tip Number 5
Controlling Access To Resources

XD Site Policies
Overview
• Entitlement Policies (Pooled/Shared Desktops)
ᵒGet-BrokerEntitlementPolicyRule
ᵒGet-BrokerAppEntitlementPolicyRule

• Assignment Policies (Dedicated/Private Desktops)
ᵒGet-BrokerAssignmentPolicyRule
ᵒGet-BrokerAppAssignmentPolicyRule

• Access Policy
ᵒGet-BrokerAccessPolicyRule (Discussed during Tip# 2)



Viewing BrokerEntitlementPolicy rule(s)
Training Win7 Delivery Group

• By default, no exclusions are set


Setting a BrokerEntitlementPolicy rule
Edit existing rule for relevant Delivery Group


Revert Changes/Remove Exclusions
• Use –RemoveExcludedUsers parameter or empty the array using @()
ᵒSet-BrokerEntitlementPolicyRule -Name "Training Win7_1" -RemoveExcludedUsers
traininguser1 -ExcludedUserFilterEnabled $false
Or
ᵒSet-BrokerEntitlementPolicyRule -Name "Training Win7_1" ExcludedUserFilterEnabled $false -ExcludedUsers @()


Tip Number 4
Exploring Citrix PowerShell Providers

What are PowerShell Providers
The nuts and Bolts
• Extension’s which allow data structures to be mounted through PoSH
• Available PSProviders can be viewed using Get-PSProvider
• XenDesktop 5.x & 7.x ship with two PSproviders
ᵒCitrixGroupPolicy
ᵒCitrix.Hypervisor

• Lets take a look….


View all available Providers
Run Get-PSProvider

• Specific PS-Drives are created by default for each PSProvider

Use CD command to mount PSDrives
• CD XDHYP:  Return
• CD LocalGPO:  Return
• CD Templates: --> Return
• CitrixGroupPolicy PSProvider also supports other PSDrives that are not
available by default
ᵒTo view these options run Help New-PSDrive –Full from within the mounted LocalGPO
or Templates drive…


Example Usage: Enabling Intellicache


LocalStorageCaching related error


Creating HDX Policies through PoSH
Use the CitrixGroupPolicy PSProvider
• New-PSDrive Webinar -PSProvider CitrixGroupPolicy -Root -Controller
DC1dir


Enable Setting
Example: ReadonlyClipboard
• PS Webinar:usertrainingSettingsica> Set-ItemProperty ReadonlyClipboard Name State -Value enabled

• Running dir under the Ica folder will return the following…


Configure Tag filter through Citrix Studio
Allow: Training Tag


Validate Functionality
Through Registry
• HKLMSoftwarePoliciesCitrix<s
ession#UserVCPolicies….


Tip Number 3
Configuring Extended Disconnect/Logoff settings

Extended Disconnect/Logoff Settings
Extending Functionality…
• Available for Pooled & Dedicated Desktops/Delivery Groups
• Can only be configured through PoSH
• Available for Peak & OffPeak hours
• Let’s take a look…


View all disconnect options through PoSH
• Get-BrokerDesktopGroup -Name "training win7" | select *peakdis*, *extende* |
format-list


Configuring Extended Disconnect Setting
Example: Peak Hours
• Set-BrokerDesktopGroup -Name "Training Win7" PeakExtendedDisconnectAction suspend -PeakExtendedDisconnectTimeout 5


Tip Number 2
Using the Site Access Policy to Restrict Access to
Resources

Site Access Policy
• Contains two rules per Delivery Group by default
ᵒDirect Connections
ᵒConnections through Netscaler/AG

• Similar to the Entitlement and Assignment site policy rules, Site access policy
rules control access to resources
• What is the key difference?
ᵒEntitlement & Assignment policy rules control user access (included/excluded users)
ᵒAccess policy rules control the wider conditions
(Clientnames/ClientIPs/SmartAccessFilters)



Example: Restrict access from ClientIP
• Return Access Policy rules for a specific Delivery Group
ᵒGet-BrokerAccessPolicyRule -DesktopGroupName "Training Win7 - Dedicated“

• Edit the direct rule and exclude a specific IP address
ᵒSet-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct" ExcludedClientIPFilterEnabled $true -ExcludedClientIPs 192.168.10.29 to restrict
access from the Win7Client machine


Tip Number 1
Manually Joining a Controller to an existing Site

Simple three step process

1

• Create Instance Scripts for each service running on DC1
(Controller)

2
3


1

2

(Controller)
• Configure the DB connection string for each service

3


1

2
3

(Controller)
• Configure the DB connection string for each service
• Register each service with the Configuration service


Lets take a look…
• Complete instructions can be found here
ᵒhttp://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controller-to-anexisting-db-3-simple-steps/


XD Tipster Blogs
Just a selection…
• http://blogs.citrix.com/2013/09/19/xd-tipster-introducing-the-new-xd7xendesktop-posh-module/

• http://blogs.citrix.com/2013/08/29/xd-tipster-machine-tagging-and-hdx-policies/
• http://blogs.citrix.com/2013/08/21/xd-tipster-changing-delivery-group-iconsrevisited-xd7/

• http://blogs.citrix.com/2013/08/20/xd-tipster-manually-joining-a-new-controllerto-an-existing-db-3-simple-steps/
• http://blogs.citrix.com/2013/10/01/xd-tipster-creating-hdx-policies-through-posh/
• http://blogs.citrix.com/2013/10/22/xd-tipster-removing-controllers-from-an-xdsite-using-posh/

About
Citrix Services
Citrix Services make sure
you succeed with your
virtualization programs.

Educate | Guide | Support | Succeed

How we can help
Citrix Education – The fastest, most efficient way to
get your team the virtualization skills they need. Online,
on-site or in class.
citrix.com/training
Citrix Consulting – Intensive engagements for
complex, critical or just plain massive projects.
citrix.com/consulting
Citrix Support – Always-on support services that
leverage everything we know about best-practice
deployment and maintenance.
citrix.com/support


Secrets of the Citrix Support Ninjas
• 40 insider troubleshooting tips

• Covering XenDesktop, XenServer, XenApp and NetScaler
• Citrix Support top engineers

• FREE eBook
• Citrix Auto Support
• Now available!

Premier Support Calculator
Check it out


10 Tips Every XenDesktop Admin Should Know

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Destacado

Destacado (20)

Similar a 10 Tips Every XenDesktop Admin Should Know

Similar a 10 Tips Every XenDesktop Admin Should Know (20)

Más de David McGeough

Más de David McGeough (16)

Último

Último (20)

10 Tips Every XenDesktop Admin Should Know

Notas del editor