Author: Carl Stalhood

Delivery Controller 7.14.1 and Licensing

Last Modified: Aug 18, 2021 @ 7:35 am

6 Comments

Navigation

💡 = Recently Updated

Upgrade

If you are performing a new install of XenApp/XenDesktop Controller, then skip to the next section.

You can upgrade directly from any Delivery Controller version 5.6 or newer.

Before upgrading, if you have a standalone Citrix Licensing Server, upgrade it to 11.14.1.1 build 20104.

During the upgrade of Delivery Controller, be aware that a database upgrade is required. Either get a DBA to grant you temporary sysadmin permission, or use Citrix Studio to generate SQL scripts that a DBA must then run in SQL Studio.

  1. Frequent upgrades – XenApp and XenDesktop 7.14.1 is a Current Release (CR). It is only supported for 6 months from the date it was released by Citrix. You are expected to in-place upgrade to the next Current Release the next time it becomes available. If you’re not willing to perform frequent upgrades, then the Long Term Service Release (LTSR) might be more appropriate for you.
  2. SCOM Agent – If StoreFront is installed on the Controller, and if the Citrix SCOM Agent for StoreFront is installed, stop the Citrix MPSF Agent service. See CTX220935 Cannot Perform a StoreFront Upgrade if Citrix SCOM Management Pack Agent Service is Running.
  3. Close PowerShell and Consoles. Make sure all Citrix Consoles and PowerShell consoles are closed. StoreFront won’t upgrade if any are running. If StoreFront fails, then the StoreFront configuration is wiped out.
  4. Other Users – Use Task Manager > Users tab to logoff any other user currently logged into the machine.
  5. Snapshot. If StoreFront is on the Controller, take a snapshot before attempting the upgrade.
  6. Another option is to export the StoreFront configuration so you can restore it later if something goes wrong.
  7. Download the XenApp/XenDesktop 7.14.1 ISO.  💡
  8. Before upgrading, open PowerShell and run the following. 
    asnp citrix*
Get-TrustDBConnection

  9. If you don’t see a returned value, then you’ll need to run additional commands to fix the Trust Database Connection as detailed at Known Issues at Citrix Docs.  💡 
    $cs = Get-ConfigDBConnection
Set-TrustDBConnection –DBConnection $cs
  10. Run AutoSelect.exe from the 7.14.1 ISO. Make sure it’s 7.14.1, and not 7.14.0.

  11. On the top left, click Studio and Server Components.
  12. In the Licensing Agreement page, select I have read, understand, and accept the terms, and click Next.
  13. In the Ensure Successful Upgrade page, read the steps, check the box next to I’m ready to continue, and click Next.
  14. In the Firewall page, click Next.
  15. In the Summary page, click Upgrade.
  16. If you see a Running Processes window, close the listed programs, and click Continue.
  17. Click Close if prompted to restart.
  18. If you see a window asking you to Locate ‘XenDesktop’ installation media, click Cancel.
  19. Mount the XenApp_and_XenDesktop_7_14_1.iso.
  20. Run AutoSelect.exe.
  21. Click Delivery Controller, and installation will resume.
  22. In the Smart Tools page, make a selection. If participating, click Connect, login with Citrix Cloud or mycitrix.com credentials, and then click Next. See Citrix Insight Services at Citrix Docs for more information on these options.
  23. In the Finish page, check the box next to Launch Studio, and click Finish.
  24. Programs and Features should show Citrix XenDesktop 7.14.1 as version 7.14.1.14098.
  25. After Citrix Studio launches, if you have sysadmin permissions on SQL, then click Start the automatic Site upgrade. If you don’t have full permission, then get a DBA to help you, click Manually upgrade this site, and follow the instructions.

  26. If you choose to Manually upgrade this site, then note that there might not be an upgrade for the Logging Database schema, depending on what version you are upgrading from.

  27. After all Controllers and VDAs are upgraded, right-click the Catalogs, and click Upgrade Catalog. Note: 7.9 is the newest minimum functional level. You won’t see an option for 7.14. If your Catalogs are already set to VDA version 7.9, then there’s no need to upgrade the Catalogs or Delivery Groups.


  28. Then do the same for the Delivery Groups. Note: 7.9 is the newest minimum functional level. You won’t see an option for 7.14. If your Delivery Groups are already set to VDA version 7.9, then no upgrade is needed.


Other XenApp/XenDesktop components can also be in-place upgraded:

New Install Preparation

Frequent upgrades – XenApp and XenDesktop 7.14.1 is a Current Release (CR). It is only supported for 6 months from the date it was released by Citrix. You are expected to in-place upgrade to the next Current Release the next time it becomes available. If you’re not willing to perform frequent upgrades, then the Long Term Service Release (LTSR) might be more appropriate for you.

Automation – If you want to automate the install of Delivery Controllers, see Dennis Span Citrix Delivery Controller unattended installation with PowerShell and SCCM.

Citrix Licensing – If you are going to use an existing Citrix Licensing Server, upgrade it to 11.14.1.1 build 20104.

Note: 7.14  and newer supports multiple license types in a single farm. See CTX223926 How to Configure Multiple License Types within a Single XenApp and XenDesktop Site.

SQL Databases

  • Citrix CTX209080 Database Sizing Tool for XenDesktop 7
  • Citrix article CTX114501 – Supported Databases for XenApp and XenDesktop Components
  • There are typically three databases: one for the Site (aka farm), one for Logging (audit log) and one for Monitoring (Director).
    • The name of the monitoring database must not have any spaces in it. See CTX200325 Database Naming Limitation when Citrix Director Accesses Monitoring Data Using OData APIs
    • If you want Citrix Studio to create the SQL databases automatically, then the person running Studio must be a sysadmin on the SQL instances. No lesser role will work. sysadmin permissions can be granted temporarily and revoked after installation.
    • As an alternative, you can use Citrix Studio to create SQL scripts and then run those scripts on the SQL server. In that case, the person running the scripts only needs the dbcreator and securityadmin roles.
    • It is possible to create the databases in advance. However, you must use the non-default Latin1_General_100_CI_AS_KS collation. Citrix Studio will configure the database tables in the pre-created database.
  • If SQL 2016 or newer, create a Basic Availability Group.
  • If SQL 2014 or older, Citrix recommends SQL Mirroring because it has the fastest failover.
    • SQL Mirroring requires two SQL Standard Edition servers and one SQL Express for the witness server.
    • You can setup SQL Mirroring either before installing XenDesktop or after installing XenDesktop. If after, then see Citrix CTX140319 to manually change XenDesktop’s database connection strings How to Migrate XenDesktop Database to New SQL Server.
    • To setup SQL Mirroring, see Rob Cartwright: Configure SQL Mirroring For Use With XenDesktop, XenApp, and PVS Databases.
    • If you try to stretch the mirror across datacenters, the SQL witness must be placed in a third datacenter that has connectivity to the other two datacenters. However, stretching a single XenApp/XenDesktop site/farm and corresponding SQL mirror across datacenters is not recommended.
  • AlwaysOn Availability Groups and SQL Clustering are also supported. However, these features require the much more expensive SQL Enterprise Edition.

Windows Features

  • Installing Group Policy Management on the Delivery Controller lets you edit GPOs and have access to the Citrix Policies node in the GPO Editor. Or you can install Citrix Studio on a different machine that has GPMC installed.

vSphere

  • Create a role in vSphere Client. Assign a service account to the role at the Datacenter or higher level.

Delivery Controller Install

  1. A typical size for the Controller VMs is 2-4 vCPU and 8+ GB of RAM. If all components (Delivery Controller, StoreFront, Licensing, Director, SQL Express) are installed on one server, then you might want to bump up memory to 10 GB or 12 GB.
  2. From Local Host Cache sizing and scaling at Citrix Docs:
    1. For LHC LocalDB, assign the Controller VMs a single socket with multiple cores.
    2. Add two cores for LHC.
    3. Add at least three more Gigs of RAM and watch the memory consumption.
    4. Since there’s no control over LHC election, ensure all Controllers have the same specs.
  3. Make sure the User Right Log on as a service includes NT SERVICE\ALL SERVICES or add NT SERVICE\CitrixTelemetryService to the User Right.
  4. Download the XenApp/XenDesktop 7.14.1 ISO.  💡
  5. On two Delivery Controllers, install the Delivery Controller software. Run AutoSelect.exe from the 7.14.1 ISO. Make sure it’s 7.14.1, and not 7.14.0.

  6. Click Start next to either XenApp or XenDesktop. The only difference is the product name displayed in the installation wizard.
  7. On the left, click Delivery Controller.
  8. In the Licensing Agreement page, select I have read, understand, and accept the terms, and click Next.
  9. In the Core Components page, you can install all components on one server, or on separate servers. Splitting them out is only necessary in large environments, or if you have multiple farms and want to share the Licensing, StoreFront, and Director components across those farms.
  10. In the Features page, uncheck the box next to Install Microsoft SQL Server 2014 SP2 Express, and click Next.
  11. In the Firewall page, click Next.
  12. In the Summary page, click Install.
  13. In the Call Home page, make a selection, click Connect, enter your Citrix Cloud or MyCitrix.com credentials, and then click Next.


  14. In the Finish page, click Finish. Studio will automatically launch.
  15. Programs and Features should show Citrix XenDesktop 7.14.1 as version 7.14.1.14098.
  16. Ensure the two Controller VMs do not run on the same hypervisor host. Create an anti-affinity rule.

Create Site

There are several methods of creating the databases for XenApp/XenDesktop:

  • If you have sysadmin permissions to SQL, let Citrix Studio create the databases automatically.
  • If you don’t have sysadmin permissions to SQL, then use Citrix Studio to generate SQL scripts, and send them to a DBA.

Use Studio to Create Database Scripts

  1. Launch Citrix Studio. After it loads, click Deliver applications and desktops to your users.
  2. In the Introduction page, select An empty, unconfigured site. This reduces the number of pages in this Setup wizard. The other pages will be configured later.
  3. Enter a Site Name (aka farm name), and click Next. Only administrators see the farm name.
  4. In the Databases page, if you are building two Controllers, click Select near the bottom of the same page.
  5. Click Add.
  6. Enter the FQDN of the second Controller, and click OK. Note: the Delivery Controller software must already be installed on that second machine.
  7. Then click Save.
  8. If you don’t have sysadmin permissions, change the selection to Generate scripts to manually set up databases on the database server. Change the database names if desired, and click Next.
  9. In the Summary page, click Generate scripts.
  10. A folder will open with six scripts. Edit each of the scripts.
  11. Near the top of each script are two lines to create the database. Uncomment both lines (including the go line). Then save and close the file.

  12. Once all of the scripts are edited, you can send them to your DBA.
  13. On the Principal SQL Server, open the file Site_Principal.sql.

  14. Open the Query menu, and click SQLCMD Mode.
  15. Then execute the script.
  16. If SQLCMD mode was enabled properly, then the output should look something like this:
  17. If you have a mirrored database, run the second script on the mirror SQL instance. Make sure SQLCMD mode is enabled.
  18. Repeat for the Logging_Principal.sql script.
  19. You’ll have to enable SQLCMD Mode for each script you open.


  20. Repeat for the Monitoring_Principal.sql script.
  21. Once again enable SQLCMD Mode.


  22. The person running Citrix Studio must be added to the SQL Server as a SQL Login, and granted the public server role, so that account can enumerate the databases.

  23. Back in Citrix Studio, click the Continue database configuration and Site setup button.
  24. In the Databases page, enter the SQL server name, and instance name, and click Next.

  25. On the Licensing page, enter the name of the Citrix License Server, and click Connect. If you installed Licensing with your Delivery Controller, then simply enter localhost. See CTX223926 How to Configure Multiple License Types within a Single XenApp and XenDesktop Site.
  26. XenApp/XenDesktop 7.14 requires the newest Licensing Server. If your server isn’t compatible, leave it set to localhost and fix it later.
  27. If the Certificate Authentication appears, select Connect me, and click Confirm.T
  28. Then select your license, and click Next.
  29. In the Summary page, if your databases are mirrored, each database will show high availability servers, and the name of the Mirror server. Click Finish.

  30. It will take some time for the site to be created.

Verify Database Mirroring

If your database is mirrored, when you run asnp citrix.* and then run get-brokerdbconnection, you’ll see the Failover Partner in the database connection string.

Second Controller

When building the first Delivery Controller, the scripts might have already included the second Delivery Controller. Thus no special SQL permissions are needed. If the second Delivery Controller has not already been added to the SQL databases, then there are several methods of adding a second Controller to the databases for XenApp/XenDesktop:

  • If you have sysadmin permissions to SQL, let Citrix Studio modify the databases automatically.
  • If you don’t have sysadmin permissions to SQL then use Citrix Studio to generate SQL scripts and send them to a DBA.

To use Citrix Studio to create the SQL Scripts:

  1. On the first Delivery Controller, if StoreFront is installed, delete the default StoreFront store (/Citrix/Store) and recreate it with your desired Store name (e.g. /Citrix/CompanyStore).
  2. On the 2nd Delivery Controller, install XenDesktop as detailed earlier.
  3. After running Studio, click Connect this Delivery Controller to an existing Site.
  4. Enter the name of the first Delivery Controller, and click OK.
  5. If you don’t have full SQL permissions (sysadmin), click No when asked if you want to update the database automatically.
  6. Click Generate scripts.
  7. A folder will open with six scripts. If not mirroring, then the top three scripts need to be sent to a DBA. If mirroring, send all six.
  8. On the SQL Server, open one of the .sql files.

  9. Open the Query menu, and click SQLCMD Mode.
  10. Then execute the XenDesktop script.
  11. If SQLCMD mode was enabled properly, then the output should look something like this:
  12. Repeat for the remaining script files.
  13. Back in Citrix Studio, click OK.
  14. In Citrix Studio, under Configuration > Controllers, you should see both controllers.
  15. You can also test the site again if desired.

Studio – Slow Launch

From B.J.M. Groenhout at Citrix Discussions: The following adjustments can be made if Desktop Studio (and other Citrix management Consoles) will start slowly:

  • Within Internet Explorer, go to Tools – Internet Options – Tab Advanced – Section Security, and uncheck the option Check for publisher’s certificate revocation

After adjustment Desktop Studio (MMC) will be started immediately. Without adjustment it may take some time before Desktop Studio (MMC) is started.

Registry setting (can be deployed using Group Policy Preferences):

  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing
    • State“=dword:00023e00

Concurrent Logon Hard Limit

From Samuel Legrand XenApp 7.14 – (Really) Manage a DR! – Citrix Policies has a setting called Concurrent Logon Tolerance. However, it is not a hard limit, meaning once the limits are reached, it continues to let users connect. You can configure the Controllers to make it a hard limit by setting the following registry value:

  • HKLM\Software\Policies\Citrix\DesktopServer
    • LogonToleranceIsHardLimit (DWORD) = 1

Local Host Cache

If you have 10,000 or fewer VDAs per zone (up to 40,000 VDAs per multi-zone site/farm), you can enable Local Host Cache (LHC) instead of Connection Leasing. LHC allows new sessions to be started even if SQL database is unavailable. VDA limits for LHC are higher in 7.14 than previous versions of XenApp/XenDesktop.

From Local Host Cache sizing and scaling at Citrix Docs:

  1. For LHC LocalDB, assign the Controller VMs a single socket with multiple cores.
  2. Add two cores for LHC.
  3. Add at least three more Gigs of RAM and watch the memory consumption.
  4. Since there’s no control over LHC election, ensure all Controllers have the same specs.
  5. The Docs article has scripts for monitoring LHC performance.

From XenApp 7.12, LHC and a reboot at Citrix Discussions:

  • If the rebooted DDC is the elected one, a different DDC will take over (causing registration storm) and when the DDC gets back, it will take over brokering causing second registration storm. Site will sort itself out and all will work.
  • If the rebooted DDC is not the elected one, it will not impact any functionality.
  • If you turn the DDC down when site is working, and start it during outage, LHC will not trigger on that machine. This DDC will not impact the LHC unless it would become the elected one. In that scenario it will take control, however not start LHC and resources would not be available.

For Windows Server 2008 R2 Controllers, PowerShell 3, or newer, is required. See LHC XD 7.12 and W2K8SR2 SP1 at Citrix Discussions.

Local Host Cache can be enabled by running some PowerShell commands.

asnp citrix.*
Set-BrokerSite -ConnectionLeasingEnabled $false
Set-BrokerSite -LocalHostCacheEnabled $true

George Spiers Local Host Cache XenApp & XenDesktop 7.12 shows the Event Log entries when LHC is enabled.

Database Maintenance

Enable Read-Committed Snapshot

The XenDesktop Database can become heavily utilized under load in a large environment. Therefore Citrix recommends enabling the Read_Committed_Snapshot option on the XenDesktop databases to remove contention on the database from read queries. This can improve the interactivity of Studio and Director. It should be noted that this option may increase the load on the tempdb files. See Citrix article CTX137161 How to Enable Read-Committed Snapshot in XenDesktop for configuration instructions.

Change Database Connection Strings

Sometimes the database connection strings need to be modified:

  • When moving the SQL databases to a different SQL server
  • For AlwaysOn Availability Groups, to add MultiSubnetFailover to the SQL connection strings
  • For SQL mirroring, to add Failover Partner to the SQL connection strings

From Citrix Docs Update database connection strings when using SQL Server high availability solutions: Citrix offers several PowerShell scripts that update XenApp and XenDesktop database connection strings when you are using SQL Server high availability database solutions such as AlwaysOn and mirroring. The scripts, which use the XenApp and XenDesktop PowerShell API, are:

  • DBConnectionStringFuncs.ps1: The core script that does the actual work. This script contains common functions that the other scripts use.
  • Change_XD_Failover_Partner_v1.ps1: Updates (adds, changes, or removes) the failover partner. This script prompts for the failover partner location (FQDN) for each database. (Providing a blank failover partner removes the failover partner. You can also use the ClearPartner option to remove a partner.) Do not set the failover partner to the same location as the principal database server.
  • Change_XD_To_ConnectionString.ps1: Uses the provided connection strings to update the connection strings to the databases. This script ensures that certain Citrix services are up and running, and then updates those services in the correct order on all Controllers in the site. Enclose connection string information for each database in quotes.
  • Change_XD_To_MultiSubnetFailover.ps1: Toggles the addition and removal of MultiSubnetFailover=true. If you use AlwaysOn Availability Groups, Microsoft recommends that the connection string include MultiSubnetFailover=true. This option speeds up recovery when a high availability event occurs, and is recommended for both single and multi-subnet environments. Run this script once to add the option. Run the script again to remove it.
  • Change_XD_To_Null.ps1: Resets all the connection strings on the localhost because something has gone wrong. By resetting the connection strings to null, this script places the Controller into an “initial” state. If you run Studio after running this script, you’ll be asked if you want to create a site or join an existing site. This is useful if something has gone wrong and a reset is needed. After the reset, you can try again to set the connection strings.

CTX140319 How to Migrate XenDesktop Database to New SQL Server has the correctly ordered list of PowerShell commands to change the database connection strings. Make sure PowerShell is running as administrator before running these commands.

Here are the DB Connections that must be changed. This list might be longer than the article. When using the article, make sure you include all of the DB Connections shown below. You can get the full list of database commands by running Get-Command Set-*DBConnection. When changing the DB connections, AdminDBConnection must be the last to be set to NULL, and the first to be configured with the new connection string.

Set-ConfigDBConnection -DBConnection $null
Set-AppLibDBConnection –DBConnection $null    #7.8 and newer
Set-OrchDBConnection –DBConnection $null      #7.11 and newer
Set-TrustDBConnection –DBConnection $null     #7.11 and newer
Set-AcctDBConnection -DBConnection $null
Set-AnalyticsDBConnection -DBConnection $null
Set-HypDBConnection -DBConnection $null
Set-ProvDBConnection -DBConnection $null
Set-BrokerDBConnection -DBConnection $null
Set-EnvTestDBConnection -DBConnection $null
Set-SfDBConnection -DBConnection $null
Set-MonitorDBConnection -DataStore Monitor -DBConnection $null   #Monitoring Database
Set-MonitorDBConnection -DBConnection $null                      #Site Database
Set-LogDBConnection -DataStore Logging -DBConnection $null       #Logging Database
Set-LogDBConnection -DBConnection $null                          #Site Database
Set-AdminDBConnection -DBConnection $null -force

Citrix CTX221389 Scripts For Updating Connection Strings in XenApp/XenDesktop 7.x was recently updated for 7.13.

  • Change_XD_Failover_Partner_v1.ps1 – is used to update the mirroring failover partner.
  • Change_XD_To_ConnectionString.ps1 – this takes passed in connection strings and uses them, so a very generic version.
  • Change_XD_To_MultiSubnetFailover.ps1 – this toggles the MultiSubnetFailover. If it doesn’t exist or is false, it sets it to true. If it’s set to true, the script sets it back to false. If you need to remove the option then you’ll need to use Change_XD_To_ConnectionString.ps1 and provide strings without the setting.
  • Change_XD_To_Null.ps1 – this is a reset of all the connection strings on the localhost as something has gone wrong. Note because this resets the connection strings to null, it will actually place the ddc into a “initial” state. I.E. if you run Studio, it’ll ask if you want to create a site, or join to another DDC. This is useful if something has gone wrong, as you can reset a Controller’s settings, and then attempt to set the connection strings again using Change_XD_To_ConnectionString.ps1.

Director Grooming

If XenDesktop is not Platinum Edition, then all historical Director data is groomed at 30 days.

For XenDesktop/XenApp Platinum Edition, by default, most of the historical Director data is groomed at 90 days. This can be adjusted up to 367 days by running a PowerShell cmdlet.

  1. On a Delivery Controller, run PowerShell elevated (as administrator), and run asnp Citrix.*
  2. Run Get-MonitorConfiguration to see the current grooming settings.
  3. Run Set-MonitorConfiguration to change the grooming settings.

View Logging Database

To view the contents of the Logging Database, in Studio, click the Logging node. On the right is Create Custom Report. See Citrix article CTX138132 Viewing Configuration Logging Data Not Shown for more info.

The Logging Database can be queried using Get-LogLowLevelOperation. See Stefan Beckmann Get user who set maintenance mode for a server or client for an example script that uses this PowerShell cmdlet.

Maintain Logging Database

Citrix CTX215069 Troubleshooting and managing Oversized Configuration Logging database: The article’s queries can be used to determine the number of configuration operation types performed by XenDesktop Administrator, and to analyze the content of the Configuration Logging database when it is considered oversized. A grooming query is also provided to delete data older than a specified date.

Export/Import Configuration

Ryan Butler has a PowerShell script that can export configuration from one XenDesktop farm and import it to another.

Studio Administrators

Full Administrators

  1. In the Studio, under Configuration, click the Administrators node. The first time you access the node you’ll see a Welcome page. Feel free to check the box to Don’t show this again, and then click Close.
  2. On the Administrators tab, right-click, and click Create Administrator.
  3. In the Administrator and Scope page, Browse to a group (e.g. Citrix Admins) that will have permissions to Studio and Director. These groups typically have access to all objects, so select the All scope. Alternatively, you can create a Scope to limit the objects. Click Next.
  4. On the Role page, select a role, and then click Next. For example:
    • Full Administrator for the Citrix Admins group
    • Help Desk Administrator for the Help Desk group
    • Machine Catalog Administrator for the desktop team
  5. In the Summary page, click Finish.

Help Desk

  1. In the Studio, under Configuration, click the Administrators node. On the Administrators tab, right-click, and click Create Administrator.
  2. In the Administrator and Scope page, Browse to a Help Desk group that will have permissions to Studio and Director. Select the All scope. And click Next.
  3. On the Role page, select the Help Desk Administrator role, and then click Next.
  4. In the Summary page, click Finish.
  5. When administrators in the Help Desk role log into Director, all they see is this.

    To jazz it up a little, add the Help Desk group to the read-only role.
  6. Right-click the Help Desk Administrator, and click Edit Administrator.
  7. Click Add.
  8. In the Scope page, select a scope, and click Next.
  9. In the Role page, select Read Only Administrator, and click Next.
  10. In the Summary page, click Finish.
  11. Then click OK. Now Director will display the dashboard.

Provisioning Services w/Personal vDisk

From Considerations: Provisioning Services at Configure and manage Personal vDisk at Citrix Docs: The Provisioning Services Soap Service account must be added to the Administrator node of Studio and must have the Machine Administrator or higher role. This ensures that the PvD desktops are put into the Preparing state when the Provisioning Services (PVS) vDisk is promoted to production.

Customer Experience Improvement Program

XenApp/XenDesktop 7.14 enables CEIP by default. If desired, you can disable it in Citrix Studio:

  1. On the left, go to the Configuration node.
  2. On the right, switch to the Product Support tab.
  3. Click End.
  4. Click Yes.

Each XenApp/XenDesktop component has a separate configuration for disabling Customer Experience Improvement Program:

vCenter Connection

XenDesktop uses an Active Directory service account to log into vCenter. This account needs specific permissions in vCenter. To facilitate assigning these permissions, create a new vCenter role and assign it to the XenDesktop service account. The permissions should be applied at the datacenter or higher level.

Hosting Resources

A Hosting Resource = vCenter + Cluster (Resource Pool) + Storage + Network. When you create a machine catalog, you select a previously defined Hosting Resource, and the Cluster, Storage, and Network defined in the Hosting Resource object are automatically selected. If you need some desktops on a different Cluster+Storage+Network then you’ll need to define more Hosting Resources in Studio.

  1. In Studio, expand Configuration and click Hosting. Right-click it, and click Add Connection and Resources.
  2. In the Connection page, for Connection type, select VMware vSphere.
  3. Notice there’s a Learn about user permissions blue link to an article that describes the necessary permissions.
  4. Enter https://vcenter01.corp.local/sdk as the vCenter URL. The URL must contain the FQDN of the vCenter server.
  5. Enter credentials of a service account that can log into vCenter.
  6. In the Connection name field, give the connection a name. Typically, this matches the name of the vCenter server.
  7. If you are not using Machine Creation Services, and instead only need the vCenter connection for machine power management, change the Create virtual machines using selection to Other Tools. If you intend to use MCS, leave it set to Studio Tools.
  8. Click Next.
  9. If you see a message about the vCenter certificate, check the box next to Trust certificate, and click OK.
  10. Note: this vCenter certificate thumbprint is stored in the XenDesktop database, and is not updated when the vCenter certificate changes. See CTX217415 Cannot connect to the VCenter server due to a certificate error for instructions on manually updating the database with the new certificate thumbprint.

  11. In the Storage Management page, click Browse, and select a vSphere cluster. Note: as detailed at CTX223662, make sure there’s no comma in the datacenter name.
  12. Select Use storage shared by hypervisors.
  13. If you have sufficient disk space on each ESXi host, also select Optimize temporary data on available local storage. From Mark Syms at XA 7.9 MCS with RAM Caching at Citrix Discussions: “If you use just MCS caching to local storage then the VM is not agile at all and cannot be moved even when powered off as it has a virtual disk permanently associated with a single host.”
  14. From Martin Rowan at XA 7.9 MCS with RAM Caching at Citrix Discussions: for the temporary cache disk, “Don’t format it, the raw disk is what MCS caching uses.”
  15. Click Next.
  16. In the Storage Selection page, OS and Personal vDisk must be selected on at least one datastore. For maximum flexibility, only select one datastore. To select additional datastores, run this wizard again to create a separate Hosting Resource.
  17. If you selected the temporary data on local storage option, on the bottom, click Select, and choose the datastores you want to use for disk caching. By default, all local datastores are selected. Click Next when done.
  18. In the Network page, enter a name for the hosting resource. Since each hosting resource is a combination of vCenter, Cluster, Network, and Datastores, include those names in this field (e.g. vCenter01-Cluster01-Network01-Datastore01).
  19. Select a network and click Next.
  20. In the Summary page, click Finish.
  21. If you have multiple datastores for your VDAs, run the wizard again.
  22. You can use the existing vCenter connection.
  23. This time, select a different datastore.
  24. Give it a name that indicates the chosen datastore.
  25. When you create a Catalog, select the Hosting Resource for the datastore where you want the VDAs to be placed. Create additional Catalogs for each datastore. You can then combine the Catalogs into a single Delivery Group.
  26. Later in the Catalog wizard, you’re given an option to enable caching and select a cache size. This is similar to Provisioning Services option “Cache in RAM with overflow to disk”.
  27. If you rename Storage, Network, or Datacenters, see Citrix CTX225019 XA/XD 7.13: Renaming Storage, Network or Datacenters When Used With MCS or PVS. Either run Update-HypHypervisorConnection -LiteralPath "XDHyp:\Connections\MyConnection", or right-click the Hosting Resource and click Edit Storage. You can cancel the wizard.  💡

Citrix Licensing Server

Upgrade

XenApp/XenDesktop 7.14 comes with 11.14.1.1 build 20104

If you have a standalone Licensing Server, upgrade it to Citrix Licensing 11.14.1.1 build 20104 if it isn’t already.

  1. Go to the downloaded Citrix Licensing 11.14.1.1 build 20104, and run CitrixLicensing.exe.
  2. If you see the Subscription Advantage Renewal page, make a selection, and click Next.
  3. In the Upgrade page, click Upgrade.
  4. Click Finish.
  5. If you go to Programs and Features, it should now show version 14.0.0.20104.
  6. If you login to the license server web console, on the Administration tab, it shows it as version 11.14.1.1 build 120104.
  7. You can also view the version in the registry at HKLM\Software\Wow6432Node\Citrix\LicenseServer\Install.

License Server CEIP

11.14.1.1 build 19005 and newer enables CEIP by default. This can be disabled in the Citrix Licensing Manager (https://localhost:8083) by clicking the gear icon.

Scroll down to Share usage statistics with Citrix and make a selection.

Citrix License Management Service

Version 11.14.0.1 and newer include the Citrix License Management Service. This service helps you avoid prohibited practices:

  • Duplication of licenses outside a Disaster Recovery (DR) environment
  • Use of legacy licenses for new product versions
  • Use of rescinded licenses

Licensing Server HA using GSLB

From Dane Young – Creating a Bulletproof Citrix Licensing Server Infrastructure using NetScaler Global Server Load Balancing (GSLB) and CtxLicChk.ps1 PowerShell Scripts. Here is a summary of the configuration steps. See the blog post for detailed configuration instructions.

  1. Build two License Servers in each datacenter with identical server names. Since server names are identical, they can’t be domain-joined.
  2. Install identical licenses on all License Servers.
  3. Set the DisableStrictNameChecking registry key on all Citrix Licensing servers.
  4. Synchronize the certificate files located at C:\Program Files (x86)\Citrix\Licensing\WebServicesForLicensing\Apache\conf. They must be identical on all Licensing Servers.
  5. Download CtxLicChk.exe from http://support.citrix.com/article/CTX123935 and place on all Licensing Servers.
  6. Schedule the PowerShell script CtxLicChk.ps1 on all Licensing Servers. Get this script from the blog post linked above.
  7. Configure NetScaler:
    1. Configure GSLB ADNS services.
    2. Add wildcard Load Balancing service for each Citrix Licensing Server.
    3. Configure service TCP monitoring for ports 27000, 7279, 8082, and 8083.
    4. Create Load Balancing Virtual Server for each Licensing Server.
    5. Set one Load Balancing Virtual Server as backup for the other.
    6. Repeat in second datacenter.
    7. Configure GSLB Services and GSLB Monitoring.
    8. Configure GSLB Virtual Servers. Set one GSLB Virtual Server as backup for the other.
  8. Delegate the Citrix Licensing DNS name to the ADNS services on the NetScaler appliances.
  9. Configure Citrix Studio to point to the GSLB-enabled DNS name for Citrix Licensing.

Citrix License Server Monitoring

Citrix Licensing 11.13.1 and newer has historical usage reporting:

  1. Run Citrix Licensing Manager from the Start Menu. Or use a browser to connect to https://MyLicenseServer:8083
  2. Use the drop-down menus to select a license type, select dates, and export to a .csv file.
  3. The Update Licenses tab lets you check for renewals and download them.
  4. On the top right is a gear icon where you can set the historical retention period and configure SA license auto-renewal.

Jonathan Medd Monitor Citrix License Usage With PowerShell.

Lal Mohan – Citrix License Usage Monitoring Using Powershell

Jaroslaw Sobel – Monitoring Citrix Licenses usage – Graphs using WMI, Powershell and RRDtool. This script generates a graph similar to the following:

Remote Desktop Licensing Server

Install Remote Desktop Licensing Server

Do the following on your XenDesktop Controllers:

  1. In Server Manager, open the Manage menu, and click Add Roles and Features.
  2. In the Installation Type page, select Role-based or feature-based installation.
  3. Click Next until you get to the Server Roles page. Check the box next to Remote Desktop Services, and click Next.
  4. Click Next until you get to the Role Services page. Check the box next to Remote Desktop Licensing, and click Next.
  5. Click Add Features if prompted.
  6. Then finish the wizard to install the role service.

Activate Remote Desktop Licensing

  1. After RD Licensing is installed, in Server Manager, open the Tool menu, expand Terminal Services (or Remote Desktop Services), and click Remote Desktop Licensing Manager.
  2. The tool should find the local server. If it does not, right-click All servers, click Connect, and type in the name of the local server.
  3. Once the local server can be seen in the list, right-click the server and click Activate Server.
  4. In the Welcome to the Activate Server Wizard page, click Next.
  5. In the Connection Method page, click Next.
  6. In the Company Information page, enter the required information, and click Next.
  7. All of the fields on the Company Information page are optional, so you do not have to enter anything. Click Next.
  8. In the Completing the Activate Server Wizard page, uncheck the box next to Start Install Licenses Wizard now, and click Finish. Since the session hosts will be configured to pull Per User licenses, there is no need to install licenses on the RD Licensing Server.
  9. In RD Licensing Manager, right-click the server, and click Review Configuration.
  10. Ensure you have green check marks. If the person installing Remote Desktop Licensing does not have permissions to add the server to the Terminal Server License Servers group in Active Directory, ask a domain admin to do it manually. If you have the proper permissions, click Add to Group.
  11. Click Continue when prompted that you must have Domain Admins privileges.
  12. Click OK when prompted that the computer account has been added.
  13. Click OK to close the window.

Smart Check

Citrix Cloud offers a Smart Check service that can scan your XenApp/XenDesktop infrastructure for known issues. Soon Smart Check will require Citrix Customer Success Services (Select).

To run Smart Check:

  1. Go to https://citrix.cloud.com, and login.
  2. After logging in, find Smart Tools, and click Manage.
  3. Click Smart Check.
  4. If you enabled Smart Tools during the installation of XenDesktop 7.14, then the site should already be there. Click Complete Setup.
  5. If you didn’t enable Smart Check during XenDesktop installation, then on the top right, click Add Site.

    1. In step 1, click Download Agent.
    2. Step 2 indicates it is waiting for you to install the Agent.
    3. On a Delivery Controller, run the downloaded CitrixLifecycleManagementAgent.exe.
    4. Check the box next to I accept the terms in the License Agreement, and click  Install.
    5. In the Completed the Citrix Smart Tools Agent Setup Wizard page, click Finish.
    6. Step 2 now shows that the Agent was installed successfully. Click Next.
  6. Enter credentials for your XenDesktop farm, and click Add Site.
  7. Eventually you’ll see a Get Started link.
  8. Or, if the site is already added to your list of sites, click View Report next to the site.
  9. At the top right, if you click Perform Check, you can run one of the checks.
  10. If you click Configure.
  11. You can schedule the checks to automatically run periodically.
  12. To view the alerts, click one of the alert badges in the component category. Also see Smart Check alerts reference at Citrix Docs.
  13. Expand a component, and click an alert.
  14. On the right, there’s an option to Hide Alert.

  15. To view the hidden alerts, at the top right, click the menu icon, and click Show Hidden Alerts.
  16. The hidden alert is grayed out. If you click the alert, you can restore it.

Citrix Scout

XenDesktop 7.14 includes a new Citrix Scout that can be launched from the Start Menu.

The tool can run a manual collection, run a trace, or schedule periodic collection. The results are uploaded to Citrix Smart Tools.


Links with more information:

XenApp/XenDesktop Health Check

Sacha Tomet Finally 1.0 – but never finalized!: XenApp & XenDesktop 7.x Health Check script has now Version 1.0.

Andrew Morgan – New Free Tool: Citrix Director Notification Service: The Citrix Director Notification service sits on an edge server as a service (or local to the delivery controller) and periodically checks the health of:

  • Citrix Licensing.
  • Database Connections.
  • Broker Service.
  • Core Services.
  • Hypervisor Connections.

And if any of these items fall out of bounds, an SMTP alert is sent to the mailbox of your choice for action. The tool will also send “All Clear” emails when these items are resolved, ensuring you are aware when the service has resumed a healthy state.

Matt Bodholdt XenDesktop 7.x Controller Service Status Script at CUGC – PowerShell script that checks the following:

  • Lists Controllers with boot time
  • Licensing status
  • Service status on each Controller
  • DB Connections
  • Controller Available Memory
  • Hypervisor Connections Status

Related Pages

EUC Weekly Digest – May 13, 2017

Last Modified: Nov 7, 2020 @ 6:34 am

Leave a comment

Here are some EUC items I found interesting last week. For more immediate updates, follow me at http://twitter.com/cstalhood.

 

For a list of updates at carlstalhood.com, see the Detailed Change Log.

XenApp/XenDesktop VDA

StoreFront

Receiver

NetScaler

NetScaler MAS

NetScaler Gateway

XenMobile

ShareFile

NetScaler Management and Analytics System (MAS) 12

Last Modified: May 21, 2019 @ 9:25 am

106 Comments

Navigation

The newer 12.1 version of NetScaler MAS (aka Citrix ADM, aka Citrix Application Delivery Management) is detailed in a different article.

The older 11.1 version of NetScaler MAS is detailed in a different article.

💡 = Recently Updated

Change Log

Planning

NetScaler MAS is a replacement for NetScaler Insight Center, Command Center, and Control Center. It’s a combination of these three different tools.

For an overview of MAS, see Citrix’s YouTube video Citrix NetScaler MAS: Application visibility and control in the cloud.

Cloud vs on-prem – MAS is available both on-premises and as a Cloud Service. For the Cloud Service, you import a MAS Agent appliance to an on-prem hypervisor, or deploy a MAS Agent to AWS or Azure. The MAS Agent is the broker between the Cloud Service and the on-prem (or cloud hosted) NetScaler appliances. For more info on the MAS Cloud Service, see the following:

The rest of this article focuses on the on-premises version, but much of it also applies to the Cloud Service.

On-premises MAS Licensing:

  • Instance management is free (unlimited). This includes Configuration Jobs, Instance Backups, Network Functions/Reporting. Basically everything in the Networks node is free.
  • Analytics and Application monitoring are free for up to 30 Virtual Servers (Load Balancing, NetScaler Gateway, Content Switching, etc.).
    • Beyond 30 Virtual Servers, licenses can be purchased in 100 Virtual Server packs. See NetScaler MAS Licensing at Citrix Docs.
    • You can control assignment of licenses to Virtual Servers.

MAS version – The version/build of NetScaler MAS must be the same or newer than the version/build of the NetScaler appliances being monitored.

HDX Insight Requirements (AppFlow Analytics for ICA traffic):

  • Your NetScaler appliance must be running Enterprise Edition or Platinum Edition.
  • NetScaler must be 10.1 or newer.
  • HDX Insight works with the following Receivers:
    • Receiver for Windows must be 3.4 or newer.
    • Receiver for Mac must be 11.8 or newer.
    • Receiver for Linux must be 13 or newer.
    • Notice no mobile Receivers. See the Citrix Receiver Feature Matrix for the latest details.
  • For ICA Session Reliability with AppFlow: NetScaler 10.5 build 54 and newer.
    • For ICA Session Reliability, AppFlow, and NetScaler High Availability: NetScaler 11.1 build 49 and newer.
  • Internally, when a user clicks an icon from StoreFront, an ICA connection is established directly from Receiver to the VDA, thus bypassing the internal NetScaler. To produce AppFlow statistics, here are some methods of getting ICA traffic to flow through an internal NetScaler:
  • For ICA round trip time calculations, in a Citrix Policy, enable the following settings:
    • ICA > End User Monitoring > ICA Round Trip Calculation
    • ICA > End User Monitoring > ICA Round Trip Calculation Interval
    • ICA > End User Monitoring > ICA Round Trip Calculation for Idle Connections
  • Citrix CTX215130 HDX Insight Diagnostics and Troubleshooting Guide contains the following contents:
    • Introduction
    • Prerequisites for Configuring HDX Insight
    • Troubleshooting
      • Issues Related to ICA parsing
      • Error Counter details
    • Checklist before Contacting Citrix Technical Support
    • Information to collect before Contacting Citrix Technical support
    • Known Issues

Citrix CTX204274 How ICA RTT is calculated on NetScaler Insight: ICA RTT constitutes the actual application delay. ICA_RTT = 1 + 2 + 3 + 4 +5 +6:

  1. Client OS introduced delay
  2. Client to NS introduced network delay (Wan Latency)
  3. NS introduced delay in processing client to NS traffic (Client Side Device Latency)
  4. NS introduced delay in processing NS to Server (XA/XD) traffic (Server Side Device Latency)
  5. NS to Server network delay (DC Latency)
  6. Server (XA/XD) OS introduced delay (Host Delay)

Import MAS Appliance

You can use either the vSphere Client, or the vSphere Web Client, to import the appliance. In vSphere Client, open the File menu, and click Deploy OVF Template. vSphere Web Client instructions are shown below.

  1. Download NetScaler MAS for ESX, and then extract the .zip file.
  2. In vSphere Web Client, right-click a cluster, and click Deploy OVF Template.
  3. In the Select an OVF Template page, select Local file, and browse to the NetScaler MAS .ovf files. If vCenter 6.5+, select all three files. Click Next.
  4. In the Select name and folder page, enter a name for the virtual machine, and select an inventory folder. Then click Next.
  5. In the Select a resource page, select a cluster or resource pool, and click Next.
  6. In the Review details page, click Next.
  7. In the Select storage page, select a datastore. If a single appliance, or if a database appliance, due to high IOPS, SSD or Flash is recommended.
  8. Change the virtual disk format to Thin Provision. Click Next.
  9. In the Select networks page, choose a valid port group, and click Finish.
  10. In the Ready to Complete page, click Finish.
  11. In vSphere 6.5 and newer, you’ll need to upgrade the VM Compatibility.
    1. Right-click the NetScaler MAS appliance, expand Compatibility, and click Upgrade VM Compatibility.
    2. Click Yes.
    3. Select at least hardware version 7 (ESX/ESXi 4.0 and later).
  12. Before powering on the appliance, you can review its specs.
  13. If you see a message about Invalid guestid in Configinfo, then you’ll have to upgrade the VM hardware version first. VM hardware version 4 seems to be too old for vSphere 6.5.
  14. Now you can review the default specs and increase them. Citrix Docs VMware ESXi Hardware Requirements has recommended specs.
  15. Citrix Docs How to Attach an Additional Disk to NetScaler MAS: power off appliance, add a second disk that’s larger than the first, then power on the appliance. Note: you can only add one disk. Use the MAS storage calculator to determine the recommended size of the disk.

    • Enabling more features on MAS means more disk space. MAS features that consume large amounts of disk space include: Web/SSL Insight. SNMP/Syslog/Network Reports have a configurable purge interval.
  16. Power on the VM if it’s not running already.
  17. If you see a message about freeBSD not being supported, then you might have to upgrade the VM Hardware Compatibility Level. VM hardware version 4 seems to be too old for vSphere 6.5.

Appliance IP Configuration and Deployment Modes

  1. Open the console of the virtual machine.
  2. Configure an IP address.
  3. Enter 7 when done.
  4. When prompted for Deployment Type, enter 1 for NetScaler MAS Server. The first appliance must always be NetScaler MAS Server.
  5. Other deployment options:
    1. Notice the option for Remote Backup Node.

MAS High Availability

MAS 12.0 build 51 and newer support active/passive High Availability. Another option is the Remote Backup Node.

  1. If you want to deploy two NetScaler MAS appliances and HA pair them, enter no for Standalone, and yes for First Server Node.
    1. Note: HA is only for database redundancy. All other traffic (SNMP, AppFlow) only goes to one node.
  2. Enter Yes to reboot.
  3. Deploy another appliance.
  4. This time, when asked if First Server Node, enter no. You will then be asked for the IP address of the first node. Enter the nsroot password.

MAS Maintenance

Getting Started

  1. Once you’ve built all of the nodes, point your browser to the primary NetScaler MAS IP address, and login as nsroot/nsroot.
  2. If you see CUXIP, either Skip or Enable the Customer User Experience Improvement Program.
  3. Click Get Started
  4. If you did a standalone deployment, select Single Server Deployment, click Next, and skip to the next section to Add Instances.
  5. If you deployed high availability appliances, select Two servers deployed in High Availability Mode, and click Next.
  6. It should show both nodes. Click Deploy on the top right.
  7. Click Yes to reboot the appliances.

  8. If you login to one of the appliances, at System > Deployment, you’ll see the performance of each node. Notice the Break HA icon on the top right.

  9. You can manage the pair by logging in to either node.
  10. Or you can load balance the pair. Load Balancing is only useful for administration. All other communications (e.g.  SNMP, AppFlow) go directly to one of the nodes. See High Availability Deployment at Citrix Docs for load balancing instructions. NetScaler Load Balancing can detect which node is Active and connect you to the Active node.

Add Instances

NetScaler MAS must discover NetScaler instances before they can be managed. Citrix Docs How NetScaler MAS Discovers Instances.

  1. On the Add New Instances page, click + New near the top right.
  2. Enter the NSIP address of a NetScaler appliance.
  3. Click the pencil next to ns_nsroot_profile.
  4. Check the box next to Do you want to change the password and enter the password for the nsroot account. MAS will use this password to login to the NetScaler instance.
  5. The NetScaler Profile defaults to using https for instance communication. You can change it by unclicking Use global settings for NetScaler communication.
  6. Enter an SNMP v2 community string or SNMP v3 Security Name that NetScaler MAS will configure on the appliance.
  7. Click OK.
  8. Then click OK to add the instance.
  9. A progress window will appear.
  10. You can add more instances, or just click Finish.
  11. To add more instances later, click the top left hamburger icon, go to Networks > Instances, select the Instance type, and on the right, click Add.

NetScaler SDX

  1. At Networks > Instances > NetScaler SDX, you can click Add to discover a SDX appliance, and all VPXs on that appliance. You don’t have to discover the VPXs separately.
  2. In the Add NetScaler SDX page, click the pencil icon next to the Profile Name drop-down to edit nssdx_default_profile. Or you can click the plus icon to create a new SDX Profile. Note: SDX profiles are different than VPX profiles.
  3. Enter the credentials for the SDX SVM Management Service.
  4. For NetScaler Profile, select an admin profile that has nsroot credentials for the VPX instances. If you don’t have one in your drop-down list, click the plus icon. Note: You can only select one NetScaler Profile. If each VPX instance has different nsroot credentials, you can fix it after SDX discovery has been performed. The NetProfile Profile is different than the SDX Profile.

    1. In the Create NetScaler Profile page, enter the nsroot credentials for the VPX instances, and click Create.
  5. Back in the Configure NetScaler SDX Profile page, you can uncheck the box for Use global settings for SDX communication, and change the protocol. Click OK when done.
  6. Back in the Add NetScaler SDX page, click OK to start discovery.
  7. After discovery is complete, on the left, go to Networks > Instances > NetScaler VPX. You should automatically see the VPX instances.
  8. To specify the nsroot credentials for a VPX, right-click the VPX, and click Edit.

    1. In the Modify NetScaler VPX page, either select an existing Profile Name, or click the plus icon to create a new one. Click OK when done. It should start rediscovery automatically.
  9. After fixing the nsroot credentials, right-click the VPX instance, and click Configure SNMP. MAS will configure the VPX to send SNMP Traps to MAS.

Instance management

  • REST API proxy – NetScaler MAS can function as a REST API proxy server for its managed instances. Instead of sending API requests directly to the managed instances, REST API clients can send the API requests to NetScaler MAS. See Citrix CTX228449 NetScaler MAS as an API Proxy Server
  • NetScaler VPX Check-In/Check-Out Licensing – You can allocate VPX licenses to NetScaler VPX instances on demand from NetScaler MAS. The Licenses are stored and managed by NetScaler MAS, which has a licensing framework that provides scalable and automated license provisioning. A NetScaler VPX instance can check out the license from the NetScaler MAS when a NetScaler VPX instance is provisioned, or check back in its license to NetScaler MAS when an instance is removed or destroyed. See Citrix CTX228451 NetScaler VPX Check-In/Check-Out Licensing with NMAS

Licenses

Virtual Server License Packs

Without licenses, you can enable analytics features on only 30 Virtual Servers. You can install additional licenses in 100 Virtual Server packs. More info at NetScaler MAS Licensing at Citrix Docs.

  1. Go to Networks> Licenses > System Licenses to see the number of currently installed licenses, and the number of managed virtual servers.
  2. By default, Auto-select Virtual Servers is enabled. If you disable this setting, then the Select Virtual Servers button appears.
  3. On the left, go to Networks > Licenses.
  4. On the right, notice the Host ID.
  5. At mycitrix.com, allocate your NetScaler MAS licenses to this Host ID.
  6. Then use the Browse button to upload the allocated license file.
  7. Click Finish after uploading the license file to apply it.
  8. The License Expiry Information section shows you the number of installed licenses and when they expire.
  9. You can use the Notification Settings section to email you when licenses are almost fully consumed or about to expire.

Allocate licenses to Virtual Servers

You can manually unassign a MAS Virtual Server license and reassign it to a different Virtual Server.

  1. Go to Networks > Licenses > System Licenses to see the number of Allowed Virtual Servers.
  2. By default, Auto-select Virtual Servers is enabled. If you disable this setting, then the Click to select button appears. Click it.
  3. In the top row, select the type of Virtual Server you want to unlicense or license. Yes, the headings are clickable.
  4. Select one or more Virtual Servers, and click the Mark Unlicensed button. Only the licensed Virtual Servers are listed.
  5. Click Yes when asked to mark unlicensed.
  6. The unlicensed Virtual Servers won’t be removed from the list until you click the Save and Exit or Finish button.
  7. Back in Choose Virtual Servers, to allocate a license to a Virtual Server, click the Add Virtual Servers button.
  8. Select the Virtual Server(s) you want to allocate.
    • You can use the Search button.
    • 12.0 build 57 adds a Throughput column, so you can see how much traffic each vServer is currently handling.
  9. At the top of the screen, click the blue Select button.
  10. Click Save & Exit or Finish when done.

Enable AppFlow / Insight

  1. Go to Networks > Instances > Instance type (e.g. NetScaler VPX).
  2. Right-click an instance, and then click Enable/Disable Insight.
  3. At the top of the page are boxes you can check.
  4. With Load Balancing selected in the View list, right-click your StoreFront load balancer, and click Enable AppFlow. If you don’t see your Virtual Server in this list, then you need to assign a license.
  5. Type in true.
  6. Select Web Insight.
  7. If App Firewall is enabled on the vServer, then also select Security Insight.
  8. HTML Injection injects JavaScript in HTTP responses to measure page load times.
  9. Click OK.

  10. Use the View drop-down to select VPN.
  11. Right-click a NetScaler Gateway Virtual Server, and click Enable AppFlow.
  12. In the Select Expression drop-down, select true.
  13. For Export Option, select ICA and HTTP, and click OK. The HTTP option is for Gateway Insight.
  14. The TCP option is for the second appliance in double-hop ICA. If you need double-hop, then you’ll also need to run set appflow param -connectionChaining ENABLED on both appliances. See Enabling Data Collection for NetScaler Gateway Appliances Deployed in Double-Hop Mode at Citrix Docs for more information.

  15. By default, with AppFlow enabled, if a NetScaler High Availability pair fails over, all Citrix connections will drop, and users must reconnect manually. NetScaler 11.1 build 49 adds a new feature to replicate Session Reliability state between both HA nodes.
    1. From Session Reliability on NetScaler High Availability Pair at Citrix Docs: Enabling this feature will result in increased bandwidth consumption, which is due to ICA compression being turned off by the feature, and the extra traffic between the primary and secondary nodes to keep them in sync.
    2. If you still want this feature, on a NetScaler 11.1 build 49 and newer appliance, go to System > Settings.
    3. On the right, in the Settings section, click Change ICA Parameters.
    4. Check the box next to Session Reliability on HA Failover, and click OK.
  16. In a NetScaler 12 instance, at System > AppFlow > Collectors, you can see if the Collector (MAS) is up or not. However, NetScaler uses SNIP to verify connectivity, but AppFlow is sent using NSIP, so being DOWN doesn’t necessarily mean that AppFlow isn’t working. Citrix CTX227438 After NetScaler Upgrade to Release 12.0 State of AppFlow Collector Shows as DOWN.

  17. AppFlow (e.g. HDX Insight) information can be viewed in NetScaler MAS under the Analytics node.

Citrix Blog Post – NetScaler Insight Center – Tips, Troubleshooting and Upgrade

Enable Syslog on Instance

MAS can configure Syslog on the NetScaler instances, including sending Syslog to MAS.

Configure Syslog Method:

  1. Go to Networks > Instances > Instance Type.
  2. On the right, right-click an instance and click Configure Syslog.
  3. Uncheck All and check the other boxes. You probably don’t want Debug. Click OK.

Configuration Job Method:

  1. Go to Networks > Configuration Jobs.
  2. On the right, click Create Job.
  3. Give the job a name.
  4. Change the Configuration Source drop-down to Inbuilt Template.
  5. On the left, drag the NSConfigureSyslogServer blue text to the right side of the screen. Notice that this job uses variables.
  6. On the bottom, click Next.
  7. On the Select Instances page, click Add Instances.
  8. Select one or more instances, and click OK.
  9. Click Next.
  10. In the Specify Variable Values page, switch to the Common Variable Values for all instances tab.
  11. Enter the Syslog server IP address (e.g. MAS IP address). Click Next.
  12. In the Job Preview page, review the commands it’s going to run, and click Next.
  13. In the Execute page, click Finish.
  14. The job will eventually say Completed.

MAS Nsroot Password

  1. In MAS, go to System > User Administration > Users.
  2. On the right, right-click the nsroot account, and click Edit.
  3. Check the box next to Change Password and enter a new password.
  4. You can also specify a session timeout by checking the box next to Configure Session Timeout. Click OK.

Management Certificate

The certificate to upload must already be in PEM format. If you have a .pfx, you must first convert it to PEM (separate certificate and key files). You can use NetScaler to convert the .pfx, and then download the converted certificate from the appliance.

  1. Go to System > System Administration.
  2. On the right, in the Set Up NetScaler MAS section, click Install SSL Certificate.
  3. Click Choose File to browse to the PEM format certificate and key files. If the keyfile is encrypted, enter the password. Click OK.
  4. Click Yes to reboot the system.

System Configuration

Note: the System Administration page has been rearranged slightly in MAS 12.0 build 53 and newer.

  1. Go to System > System Administration.
  2. On the right, modify settings (e.g. Change Time Zone) as desired.

  3. Click Change System Settings.

    1. Check the box next to Enable Session Timeout, and specify a value.
    2. By default, on the Instances page, if you click a blue IP address link, it opens the instance in a new webpage, and logs in using the nsroot credentials. If you want to force users to login using non-nsroot credentials, in Modify System Settings, check the bottom box for Prompt Credentials for Instance Login.

  4. Configure SSL Settings lets you disable TLS 1 and TLS 1.1.

    1. Click the Protocol Settings section in the Edit Settings section on the right side of the screen.

  5. On the left are Prune Settings.
  6. System Prune Settings defaults to deleting System Events, Audit Logs, and Task Logs after 15 days. System events are generated by the MAS appliance, which contrasts with Instance events (SNMP traps) that are generated by NetScaler appliances.

    1. 12.0 build 53 and newer can initiate a purge automatically as the database starts to get full.
    2. If you click the pencil next to the purge threshold value, you can configure an alarm for when the database gets full.

    3. To see the current database disk usage, go to System > Statistics.
  7. Instance Events prune Settings controls when instance SNMP traps are pruned, which defaults to 40 days.

  8. If you are sending Syslog from instances to MAS, Instance Syslog Purge Settings controls when the log entries are purged. You can even configure different purge intervals for different types of NetScaler Gateway log entries.

  9. In the right column, under Backup Settings, are additional settings.
  10. System Backup Settings lets you export MAS backups to an external file server (External Transfer).

  11. Instance Backup Settings lets you configure how often the instances are backed up. These can also be transferred to External systems.

  12. There are more settings under System > Analytics Settings.
  13. ICA Session Timeout can be configured by clicking the link. Two minutes of non-existent traffic must occur before the session is considered idle. Then this idle timer starts.

  14. MAS 12.0 build 56 lets you configure how the App Score (Application Dashboard) is calculated.

  15. System > Analytics Settings > Database Summarization lets you configure how long Analytics data is retained. Adjusting these values could dramatically increase disk space consumption. See CTX224238 How Do I Increase Granularity of Data Points Stored on NetScaler MAS Analytics?.

    • To see the current database disk usage, go to System > Statistics.
  16. On the left, click System > NTP Servers.
  17. On the right, click Add.
  18. Enter an NTP server, and click Create.

  19. After adding NTP servers, click the NTP Synchronization button.
  20. Check the box next to Enable NTP Synchronization, and click OK.
  21. Click Yes to restart.
  22. Go to System > Auditing > Syslog Servers.
  23. On the right, click Add.
  24. Enter the syslog server IP address, and select Log Levels. Click Create.
  25. You can click Syslog Parameters to change the timezone and date format.

System Email Notifications

  1. Go to System > Notifications > Email.
  2. On the right, on the Email Servers tab, click Add.
  3. Enter the SMTP server address, and click Create.
  4. On the right, switch to the Email Distribution List tab, and click Add.
  5. Enter an address for a destination distribution list, and click Create.
  6. On the left, click System > Notifications.
  7. On the right, click Change Notification Settings.
  8. Move notification categories (e.g. UserLogin) to the right.
  9. Check the box next to Send Email. Select a notification distribution list. Then click OK.

Authentication

  1. Go to System > Authentication > LDAP.
  2. On the right, click Add.
  3. This is configured identically to NetScaler. Enter a Load Balancing VIP for LDAP. Change the Security Type to SSL, and Port to 636. Scroll down.
  4. Enter the Base DN in LDAP format.
  5. Enter the bind account credentials.
  6. Check the box for Enable Change Password.
  7. Click Retrieve Attributes, and scroll down.
  8. For Server Logon Attribute, select sAMAccountName.
  9. For Group Attribute, select memberOf.
  10. For Sub Attribute Name, select cn.
  11. To prevent unauthorized users from logging in, configure a Search Filter. Scroll down.
  12. If desired, configure Nested Group Extraction.
  13. Click Create.
  14. On the left, go to System > User Administration > Groups.
  15. On the right, click Add.

    1. Enter the case sensitive name of your NetScaler Admins AD group.
    2. Move the admin Permission to the right.
    3. The Configure User Session Timeout checkbox lets you configure a session timeout.
    4. Click Next.
    5. On the Applications and Templates page, click Create Group. If you are delegating limited permissions, you can uncheck these boxes and delegate specific entities.
    6. In the Assign Users page, click Finish. Group membership comes from LDAP, so there’s no need to add local users.
  16. On the left, go to System > User Administration.
  17. On the right, click User Lockout Configuration.
  18. If desired, check the box next to Enable User Lockout, and configure the maximum logon attempts. Click OK.
  19. On the left, go to System > Authentication.
  20. On the right, click Authentication Configuration.
  21. Change the Server Type to EXTERNAL, and click Insert.
  22. Select the LDAP server you created, and click OK.
  23. Make sure Enable fallback local authentication is checked, and click OK.

Analytics Thresholds

  1. Go to System > Analytics Settings > Thresholds.
  2. On the right, click Add.
  3. Enter a name.
  4. Use the Traffic Type drop-down to select HDXWeb, or Security.

    • In MAS 12.0 build 56 and newer, with HDX as the Traffic Type, the Rules section lets you add multiple rules. The other two Traffic Type options only let you specify one rule.
  5. Use the Entity drop-down to select a category of alerts. What you choose here determines what’s available as Metrics when you click Add Rule. With HDX as the Traffic Type, to add multiple rules for multiple Entity types, simply change the Entity drop-down before adding a new rule.
  6. Check the box to Enable Alert.
  7. Check the box to Notify through Email and select an existing Email Distribution List.
  8. In MAS 12.0 build 56 and newer, if HDX is the Traffic Type, click Add Rule to add a rule.
  9. Select a Metric, and enter threshold values (e.g. WAN Latency > 200 ms). The available metrics are based on the Entity chosen earlier. Click OK when done.
  10. In MAS 12.0 build 56 and newer, if HDX is the Traffic Type, you can add multiple rules for multiple Entity types.
  11. If the Traffic Type is HDX, and the Entity drop-down is set to Users, on the bottom in the Configure Geo Details section, you can restrict the rule so it only fires for users for a specific geographical location.

  12. On the bottom of the window, click Create.

Geo Map

  1. Download the Maxmind database from http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz.
  2. Extract the .gz file.
  3. On the left, go to System > Advanced Settings, and click Geo Database Files.
  4. On the right, click Upload.
  5. Browse to the extracted GeoLiteCity.dat file, and click Open.
  6. You can also define Geo locations for internal subnets. Go to Networks > Sites > Private IP Blocks.
  7. On the right, click Add.
  8. Enter a name for the subnet.
  9. Enter the starting and ending IP address.
  10. Select a Geo Location (Country, Region, City).
  11. Click Create.
  12. On the left, go to Networks > Sites.
  13. On the right, click Add.
  14. Give the site a name.
  15. Click Add IP Block.
  16. Select one or more IP Blocks, and click Select.
  17. Click Create.

Instance Email Alerts (SNMP Traps)

You can receive email alerts whenever a NetScaler appliance sends a critical SNMP trap.

  1. On the left, go to Networks > Events > Rules.
  2. On the right, click Add.
  3. Give the rule a name.
  4. Move Severity filters (e.g. Major, Critical) to the right by clicking the plus icon next to each Severity.
  5. While scrolling down, you can configure additional alert filters.
  6. On the bottom of the page, click Add Action.
  7. Select an Action Type (e.g. Send e-mail Action).
  8. Select the recipients (or click the plus icon to add recipients).
  9. Optionally, enter a Subject and/or Message.
  10. Emails can be repeated by selecting Repeat Email Notification until the event is cleared.
  11. Click OK.
  12. Then click Create.
  13. See the Event Management section at MAS How-to articles at Citrix Docs.

Events Digest  💡

MAS can email you a daily digest (PDF format) of system and instance events

To enable the daily digest:

  1. Go to System > Notifications.
  2. On the right, click Configure Event Digest Settings.
  3. Uncheck the box next to Disable Event Digest.
  4. Configure the other settings as desired, and click OK.

Director Integration

Integrating NetScaler MAS with Director adds Network tabs to Director’s Trends and Machine Details views. Citrix Blog Post Configure Director with Netscaler Management & Analytics System (MAS)

Requirements:

  • XenApp/XenDesktop must be licensed for Platinum Edition. This is only required for the Director integration. Without Platinum, you can still access the HDX Insight data by going visiting the NetScaler MAS website.
  • Director must be 7.11 or newer for NetScaler MAS support.
  • NetScaler MAS must be 11.1 build 49 or newer.

To link Citrix Director with NetScaler MAS:

  1. On the Director server, run C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /confignetscaler.
  2. Enter the NetScaler MAS nsroot credentials.
  3. If HTTPS Connection (recommended), the NetScaler MAS certificate must be valid and trusted by both the Director Server and the Director user’s browser.
  4. Enter 1 for NetScaler MAS.
  5. Do this on both Director servers.

Use NetScaler MAS

The AppFlow Analysis tools (e.g. HDX Insight) are located under the Analytics node. See Viewing HDX Insight Reports and Metrics at Citrix Docs.

NetScaler MAS also includes all previous Command Center functionality, which you can find on the Networks nodes. For example, at Networks > Instances, select an instance, and view its Dashboard.

Backups are available by right-clicking an instance, and clicking View Backup.

Networks > Network Reporting > NetScaler let you view Instance performance data.

Dave Bretty Automating Your Netscaler 11.1 Vserver Config Using Netscaler Management and Analytics System: use a Configuration Job to deploy StoreFront load balancing configuration to an instance.

Applications > Dashboard automatically includes all licensed vServers in the Others section. On the top right, click Define Custom App to group vServers together into an application. The grouped vServers are removed from the Others list.

The Applications Node has quite a bit of functionality. See Application Analytics and Management at Citrix Docs for details.

Link:

HDX Insight

HDX Insight Dashboard displays ICA session details including the following:

  • WAN Latency
  • DC Latency
  • RTT (round trip time)
  • Retransmits
  • Application Launch Duration
  • Client Type/Version
  • Bandwidth
  • Licenses in use

HDX Insight can also display Geo Maps. Configure NetScaler MAS with Data Center definitions (private IP blocks). More info at Geo Maps for HDX Insight at Citrix Docs.

Citrix CTX215130 HDX Insight Diagnostics and Troubleshooting Guide contains the following contents:

  • Introduction
  • Prerequisites for Configuring HDX Insight
  • Troubleshooting
    • Issues Related to ICA parsing
    • Error Counter details
  • Checklist before Contacting Citrix Technical Support
  • Information to collect before Contacting Citrix Technical support
  • Known Issues

Gateway Insight

In the Analytics node is Gateway Insight.

This feature displays the following details:

  • Gateway connection failures due to failed EPA scans, failed authentication, failed SSON, or failed application launches.
  • Bandwidth and Bytes Consumed for ICA and other applications accessed through Gateway.
  • # of users
  • Session Modes (clientless, VPN, ICA)
  • Client Operating Systems
  • Client Browsers

More details at Gateway Insight at Citrix Docs.

Security Insight

The Security Insight dashboard uses data from Application Firewall to display Threat Index (criticality of attack), Safety Index (how securely NetScaler is configured), and Actionable Information. More info at Security Insight at Citrix Docs.

Troubleshooting

Citrix CTX215130 HDX Insight Diagnostics and Troubleshooting Guide: Syslog messages; Error counters; Troubleshooting checklist, Logs

Citrix CTX224502 NetScaler MAS Troubleshooting Guide

Citrix Blog Post NetScaler Insight Center – Tips, Troubleshooting and Upgrade

See Citrix Docs Troubleshooting Tips. Here are sample issues covered in Citrix Docs:

  • Can’t see records on Insight Center dashboard
  • ICA RTT metrics are incorrect
  • Can’t add NetScaler appliance to inventory
  • Geo maps not displaying

Upgrade NetScaler MAS

  1. Download the latest Upgrade Package for NetScaler Management and Analytics System. You want the Upgrade Package, not a MAS image.
  2. Login to NetScaler MAS.
  3. Go to System > System Administration.
  4. On the right, in the right pane, click Upgrade NetScaler MAS.
  5. Browse to the Upgrade Package .tgz file, and click OK.
  6. Click Yes to reboot the appliance.



  7. After it reboots, login. The new firmware version will be displayed by clicking your username in the top right corner.

EUC Weekly Digest – May 6, 2017

Last Modified: Nov 7, 2020 @ 6:34 am

2 Comments

Here are some EUC items I found interesting last week. For more immediate updates, follow me at http://twitter.com/cstalhood.

For a list of updates at carlstalhood.com, see the Detailed Change Log.

 

XenApp/XenDesktop

Director/Monitoring

WEM/Profile Management

Provisioning Services

NetScaler

NetScaler Gateway

XenMobile

ShareFile

Microsoft

EUC Weekly Digest – April 29, 2017

Last Modified: Nov 7, 2020 @ 6:34 am

1 Comment

Here are some EUC items I found interesting last week. For more immediate updates, follow me at http://twitter.com/cstalhood.

For a list of updates at carlstalhood.com, see the Detailed Change Log.

 

XenApp/XenDesktop

Director/Monitoring

WEM/Profile Management

NetScaler

NetScaler MAS

NetScaler Gateway

XenMobile

ShareFile

VMware

EUC Weekly Digest – April 22, 2017

Last Modified: Nov 7, 2020 @ 6:34 am

Leave a comment

Here are some EUC items I found interesting last week. For more immediate updates, follow me at http://twitter.com/cstalhood.

For a list of updates at carlstalhood.com, see the Detailed Change Log.

XenApp/XenDesktop

VDA

App Layering

Provisioning Services

Receiver

NetScaler

NetScaler MAS

XenMobile

VMware

Microsoft

EUC Weekly Digest – April 15, 2017

Last Modified: Nov 7, 2020 @ 6:34 am

Leave a comment

Here are some EUC items I found interesting last week. For more immediate updates, follow me at http://twitter.com/cstalhood.

For a list of updates at carlstalhood.com, see the Detailed Change Log.

XenApp/XenDesktop

HDX

WEM/Profile Management

Provisioning Services

Receiver

NetScaler

NetScaler MAS

NetScaler Gateway

XenMobile

ShareFile

Citrix Cloud

VMware

Microsoft

Other

EUC Weekly Digest – April 8, 2017

Last Modified: Nov 7, 2020 @ 6:34 am

Leave a comment

Here are some EUC items I found interesting last week. For more immediate updates, follow me at http://twitter.com/cstalhood.

For a list of updates at carlstalhood.com, see the Detailed Change Log.

 

XenApp/XenDesktop

Receiver

NetScaler

XenMobile

XenServer

VMware

Microsoft

Other

  • HP Universal Print Driver 6.4.1 — Support for Windows 2016 + Win10 1607 fix – Jonathan Pitre on Twitter
  • Now available for XenDesktop 7.13: Nutanix AHV Plug-in for Citrix Director. Statistics for VM IOPS, I/O Bandwidth, Average I/O Latency – René Bigler on Twitter

Site Updates – March 2017

Last Modified: Nov 7, 2020 @ 6:34 am

Leave a comment

To trigger RSS Feed, Mailing List, etc., here is the March 2017 excerpt from the Detailed Change Log.

EUC Weekly Digest – April 1, 2017

Last Modified: Nov 7, 2020 @ 6:34 am

Leave a comment

Here are some EUC items I found interesting last week. For more immediate updates, follow me at http://twitter.com/cstalhood.

For a list of updates at carlstalhood.com, see the Detailed Change Log.

XenApp/XenDesktop

HDX

App Layering (formerly known as Unidesk)

WEM/Profile Management

Receiver

NetScaler

XenMobile

ShareFile

Citrix Cloud

VMware

  • Pre-packaged Ubuntu OVA that automates most of the customization and configuration needed for VMware Horizon 7 – VMware Fling

Microsoft