Catalogs, Delivery Groups, Zones

Last Modified: Aug 15, 2024 @ 6:40 am

Navigation

💡 = Recently Updated

Change Log

 Persistent vs Non-persistent

VDA design – One of the tasks of a Citrix Architect is VDA design. There are many considerations, including the following:

  • Machine type – single user (virtual desktop), or multi-user (Remote Desktop Session Host). RDSH is more hardware efficient.
  • Machine operating system – Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016
  • Machine persistence – persistent, non-persistent
  • Number of new machines – concurrent vs named-users
  • Machine provisioning – full clones, Machine Creation Services (MCS), Citrix Provisioning
  • Hardware for the new machines – hypervisor clusters, storage
  • How the machines are updated – SCCM, MCS, Citrix Provisioning etc.
  • Application integration – locally installed, App-V, Layering, Virtual Apps or XenApp published, leave on local endpoint machine, cloud apps, etc.
  • User Profiles – roaming, mandatory, home directories
  • Group Policies – session lockdown, automation
  • Disaster Recovery – replication. VDAs running in a warm site. DR for profiles and home directories too.

Desktop Management in a Citrix environment – Some environments try to use Citrix to improve desktop management. Here are some desktop management aspects of Citrix that aren’t possible with distributed physical desktops:

  • Datacenter network speeds – The VDAs have high speed connectivity to the desktop management tools, which eliminates WAN bandwidth as a desktop management consideration. For example, you can use Microsoft App-V to stream apps to VDAs. And SCCM deployments have much greater success rates than PCs that are frequently offline.
  • Non-persistence – Non-persistent VDAs revert at every reboot. To update non-persistent VDAs, simply update your master image, and push it out.
  • Layering – The VDA VMs can be composed of multiple layers that are combined during machine boot, or when the user logs in. Citrix App Layering is an example of this technology. A single layer can be shared by multiple VDAs. The layers are updated once, and all machines using the layer receive the updated layer at next boot/login.
  • See the Reddit thread Citrix at scale.

Non-persistent VDAs – Probably the easiest of these desktop-management technologies is non-persistence. That’s because you install your applications once into a master image, and you can easily create a pool of identical machines based on that master image. Whenever an update is needed, you install the update once into your master image and push it out.

However, there are several drawbacks to non-persistence:

  • Multiple Master Images – it’s extremely rare for there to only be one master image. You’ll probably have a number of master images, each with different application sets. The more master images you have, the more effort is required to maintain them.
    • Same apps in multiple images – Some apps are common to multiple images. For example, Office and Adobe Reader. How do you update these common apps identically on multiple master images?
    • Multi-datacenter – how do you perform the same master image updates in multiple datacenters? Replicate the master images? Perform the same change multiple times?
    • Automation – You’ll need new automation for managing the multiple master images and updating Catalogs. Automation complicates the simple management you were hoping to achieve.
  • Master Images must be designed – Which apps go on which master image? Do you install the same app on multiple master images?
    • How do you know which apps a user needs? – Most Citrix admins, and even desktop teams, don’t know every app that a user needs. You can use tools like Liquidware Labs or Lakeside Software to discover app usage, but it’s a very complicated process to find commonality across multiple users.
    • How are One-off apps handled? – If you have an app used by only a small number of users, do you add it to one of your master images? Do you create a new master image? Do you publish it from Virtual Apps or XenApp (double hop)? Do you stream it using App-V? Layering is another option.
    • Application Licensing – for licensed apps, do you install the licensed app into the master image and try to hide it from non-licensed users? Or do you create a new master image for the licensed users?
    • Patching multiple images – when a new OS patch needs to be deployed, you have to update every master image running that OS version. Thus Citrix admins usually try to limit the number of master images, which makes image design more complicated.
    • How do you manage an app that is installed on multiple master images? – Layering might help with this.
  • Who manages the master images? – Citrix admins? Desktop team? It’s unlikely that traditional desktop management will ever be completely removed from an enterprise environment, which means that master image management is an additional task that was not performed before. Does the Citrix admin team have the staff to take on this responsibility? Would the desktop management team be willing to perform this new process?
    • Politically feasible? – Large enterprises usually have mature desktop management practices. Would this new process interfere with existing desktop management requirements?
    • Responsibility – if the Citrix admins are not maintaining the master images, and if a Catalog update causes user problems, who is responsible?
    • Compliance – template machines usually go through a security and licensing compliance process. If the Citrix team is managing the master images, who checks them for compliance?
    • RDSH Apps are complicated – who is responsible for integrating apps into Remote Desktop Session Host (Virtual Apps or XenApp)? Does the desktop team have the skills to perform the additional RDSH testing?
  • Change Control – Longer Deployment Times – Any change to a master image would affect every machine/user using that image, thus dev/QA testing is recommended for every change, which slows down app update deployment. And once a change is made to the master, it doesn’t take effect until the user’s VDA is rebooted.
  • Roaming Profiles – some apps (e.g. Office) save user settings in user profiles. Since the machines are non-persistent, the profiles would be lost on every reboot unless roaming profiles are implemented. This adds a dependency on roaming profile configuration, and the roaming profile file share.
    • How is the Outlook OST file handled? – With Cloud Hosted Exchange, for best performance, Outlook needs to run in Cached Exchange mode, which creates a large OST file in the user’s profile.
      • OST files are large (multiple gigabytes). One option is to use group policy to minimize the size of the OST file.
      • How is the large OST file roamed? If you leave the OST in the default location, then the OST is copied back and forth every time the user logs on and logs off. You usually want to put the OST file on a file share, or in a mounted VHDX file that is stored on a file share.
      • Search indexes are rebuilt every time the user starts a new session. This takes time and performance.
      • Citrix Profile Management 7.18 has an Outlook OST and Search roaming capability.
      • Another option is to purchase a 3rd party OST handling product like FSLogix.
  • IT Applications (e.g. antivirus) on non-persistent machines – Many IT apps (antivirus, asset mgmt, security, etc.) have special instructions to work on non-persistent machines. Search the vendor’s knowledgebase for “VDI”, “non-persistent”, “Citrix”, etc.
    • Antivirus in particular has a huge impact on VDA performance. The special antivirus instructions for non-persistent VDAs are in addition to normal antivirus configuration.
  • Local Host Cache does not easily support non-persistent virtual desktops – if the Citrix Virtual Apps and Desktops (CVAD) SQL database is down, and if users need to connect to non-persistent random desktops, then Local Host Cache won’t help you. It’s not possible to connect to non-persistent virtual desktops until the Citrix Virtual Apps and Desktops (CVAD) SQL database connection is recovered.

Application Integration Technologies – Additional technologies can be used to overcome some of the drawbacks of non-persistent machines:

  • Microsoft App-V – this technology can dynamically stream apps to a non-persistent image. Different users get different apps. And the apps run in isolated bubbles. However:
    • App-V is an additional infrastructure that must be built and maintained.
    • App-V requires additional skills for the people packaging the apps, and the people troubleshooting the apps.
    • Since the apps are isolated, app interaction is configured manually.
    • Because of application isolation, not every app can run in App-V. Maybe 60-80% of apps might work. How do you handle apps that don’t work?
  • Layering – each application is a different layer (VHD file). The layering tool combines multiple layers into a single unified image. Layers are updated in one place, and all images using the layer are updated, which solves the issue of a single app in multiple images. Layering does not use application isolation, so almost 100% of apps should work with layering. Layers can be mounted dynamically based on who’s logging in. There’s also a persistent user layer that lets users install apps, or admins can install one-off apps. Citrix has an App Layering feature. Notes:
    • Citrix App Layering is a separate infrastructure that must be built and maintained.
    • Somebody has to create the layers. This is an additional task on top of normal desktop management packaging duties.
    • It takes time to update a layer and publish it to multiple images.
      • Citrix App Layering captures the OS Layer. So OS patches are handled by Citrix App Layering. It takes time to push an OS security update to every image based on the same OS Layer.
      • Other Layering products don’t capture the OS Layer. As a result, they can’t achieve 100% app compatibility like Citrix App Layering can.
    • With Layers, it’s very easy to remove a layer from an image. There’s no need to completely rebuild an image because one app is corrupted.
    • Citrix’s App Layering does not have a supported API, so you can’t automate it.

Persistent virtual desktops – Another method of building VDAs is by creating full clone virtual desktops that are persistent. Each virtual desktop is managed separately using traditional desktop management tools. If your storage is an All Flash Array with inline deduplication and compression, then full-clone, persistent virtual desktops probably take no more disk space than non-persistent linked clones. Here are some advantages of full-clone, persistent virtual desktops as opposed to non-persistent VDAs:

  • Skills and Processes – No new skills to learn. No new desktop management processes. Use existing desktop management tools (e.g. SCCM). The existing desktop management team can manage the persistent virtual desktops, which reduces the workload of the Citrix admins. Just treat the persistent virtual desktops like that are more PCs.
    • The persistent virtual desktops are usually powered on and in the datacenter, thus improving the success rate of package deployment.
    • However, pushing a package to many desktops at once can result in a “patch storm”, which reduces performance while the patches are being installed.
  • One-off applications – If a user needs a one-off application, simply install it on the user’s persistent desktop. The application can be user-installed, SCCM self-service installed, or administrator installed.
  • User Profile – Outlook’s OST file is no longer a concern since the user’s profile persists on the user’s virtual desktop. It’s not necessary to implement roaming profiles when using persistent virtual desktops. If you want a process to move a user profile from one persistent virtual desktop to another, how do you do it on physical desktops today?
  • API integration – a self-service portal can use VMware PowerCLI and Citrix’s PowerShell SDK to automatically create a new persistent virtual desktop for a user. Chargeback can also be implemented.
  • Offline Citrix Virtual Apps and Desktops (CVAD) SQL Database – if the Citrix Virtual Apps and Desktops (CVAD) SQL database is not reachable, then Citrix Local Host Cache can still broker sessions to persistent virtual desktops that have already been assigned to users. This is not possible with non-persistent virtual desktops.

Concurrent vs Named User – one advantage of non-persistent virtual desktops is that you only need enough virtual desktops to handle the concurrent user load. With persistent virtual desktops, you need a separate machine for each named user, whether that user is using it or not.

Disaster Recovery – for non-persistent VDAs, one option is to replicate the master images to the DR site, and then create a Catalog of machines either before the disaster, or after. If before the disaster, the VDAs will already be running and ready for connections; however, the master images must be maintained separately in each datacenter.

Persistent virtual desktops have several disaster recovery options:

  • Immediately after the disaster, instruct the persistent users to connect to a pool of non-persistent machines.
  • In the DR site, create new persistent virtual desktops for the users. Users would then need to use SCCM or similar to reinstall their apps. Scripts can be used to backup the user’s profile and restore it on the DR desktops. This method is probably closest to how recovery is performed on physical desktops.
  • The persistent virtual desktops can be replicated and recovered in the DR site. When the machines are added to Citrix Studio in DR, each recovered machine needs to be assigned to specific users. This process is usually scripted.

Zones

Caveats – Zones let you stretch a single Citrix Virtual Apps and Desktops (CVAD) site/farm across multiple datacenters. However, note these caveats:

  • Studio – If all Delivery Controllers in the Primary Zone are down, then you can’t manage the farm/site. This is true even if SQL is up, and Delivery Controllers are available in Satellite Zones. It’s possible to designate an existing zone as the Primary Zone by running Set-ConfigSite -PrimaryZone <Zone>, where <Zone> can be name, UID, or a Zone object.
  • Version/Upgrade – All Delivery Controllers in the site/farm must be the same version. During an upgrade, you must upgrade every Delivery Controller in every zone.
  • Offline database – There’s Local Host Cache (LHC). However, the LHC in 7.12 and newer has limitations: no non-persistent desktops (dirty desktops are an option), maximum of 5,000 VDAs per zone (10,000 per zone, 40K per site, in 7.14 and newer), has issues if Delivery Controller is rebooted, etc. Review the Docs article for details.
  • Complexity – Zones do not reduce the number of servers that need to be built. And they increase complexity when configuring items in Citrix Studio.
  • Zone Preference – to choose a VDA in a particular zone, your load balancer needs to include a special HTTP header (X-Citrix-ZonePreference) that indicates the zone name.

The alternative to zones is to build a separate site/farm in each datacenter and use StoreFront to aggregate the published icons. Here are benefits of multiple sites/farms as compared to zones:

  • Isolation – Each datacenter is isolated. If one datacenter is down, it does not affect any other datacenter.
  • Versioning – Isolation lets you upgrade one datacenter before upgrading other datacenters. For example, you can test upgrades in a DR site before upgrading production.
  • SQL High Availability – since each datacenter is a separate farm/site with separate databases, there is no need to stretch SQL across datacenters.
  • Home Sites – StoreFront can prioritize different farms/sites for different user groups. No special HTTP header required.

Citrix Consulting recommends separate Citrix Virtual Apps and Desktops (CVAD) sites/farms in each datacenter instead of using zones. See Citrix Blog Post XenApp 7.15 LTSR – Now Target Platform for Epic Hyperspace!.

Here are some general design suggestions for Citrix Virtual Apps and Desktops (CVAD) in multiple datacenters:

  • For multiple central datacenters, build a separate Citrix Virtual Apps and Desktops (CVAD) site/farm in each datacenter. Use StoreFront to aggregate the icons from all farms. Use NetScaler GSLB to distribute users to StoreFront. This provides maximum flexibility with minimal dependencies across datacenters.
  • For branch office datacenters, zones with Local Host Cache (7.12 and newer) is an option. Or each branch office can be a separate farm.

Create Zones – This section details how to create zones and put resources in those zones. In 7.9 and older, there’s no way to select a zone when connecting. In 7.11 and newer, NetScaler and StoreFront can now specify a zone and VDAs from that zone will be chosen. See Zone Preference for details.

Citrix Links:

There is no SQL in Satellite zones. Instead, Controllers in Satellite zones connect to SQL in Primary zone. Here are tested requirements for remote SQL connectivity. You can also set HKLM\Software\Citrix\DesktopServer\ThrottledRequestAddressMaxConcurrentTransactions to throttle launches at the Satellite zone.

From Mayunk Jain: “I guess we can summarize the guidance from this post as follows: the best practice guidance has been to recommend a datacenter for each continental area. A typical intra-continental latency is about 45ms. As these numbers show, in those conditions the system can handle 10,000 session launch requests in just under 20 minutes, at a concurrency rate of 36 requests.”

The following items can be moved into a satellite zone:

  • Controllers – always leave two Controllers in the Primary zone. Add one or two Controllers to the Satellite zone.
  • Hosting Connections – e.g. for vCenter in the satellite zone.
  • Catalogs – any VDAs in satellite catalogs automatically register with Controllers in the same zone.
  • NetScaler Gateway – requires StoreFront that understands zones (not available yet). StoreFront should be in satellite zone.

Do the following to create a zone and move items into the zone:

  1. In Citrix Studio 7.7 or newer, expand the Configuration node, and click Zones.
  2. Right-click Zones and click Create Zone.
  3. Give the zone a name. Note: Citrix supports a maximum of 10 zones.
  4. You can select objects for moving into the zone now, or just click Save.
  5. Select multiple objects, right-click them, and click Move Item.
  6. Select the new Satellite zone and click Yes.
  7. To assign users to the new zone, create a Delivery Group that contains machines from a Catalog that’s in the new zone.
  8. If your farm has multiple zones, when creating a hosting connection, you’ll be prompted to select a zone.
  9. If your farm has multiple zones, when creating a Manual catalog, you’ll be prompted to select a zone.
  10. MCS catalogs are put in a zone based on the zone assigned to the Hosting Connection.
  11. The Citrix Provisioning Citrix Virtual Desktops Setup Wizard ignores zones so you’ll have to move the Citrix Provisioning Machine Catalog manually.
  12. New Controllers are always added to the Primary zone. Move it manually.

Zone Preference

Zone Preference, which means NetScaler and StoreFront can request Delivery Controller to provide a VDA in a specific zone.

Citrix Blog Post Zone Preference Internals details three methods of zone preference: Application Zone, User Zone, and NetScaler Zone.


To configure zone preference:

  1. Create separate Catalogs in separate zones, and add the machines to a single Delivery Group.
  2. You can add users to one zone by right-clicking the zone, and clicking Add Users to Zone. If there are no available VDAs in that preferred zone, then VDAs are chosen from any other zone.
  3. Note: a user can only belong to one home zone.
  4. You can delete users from a zone, or move users to a different zone.
  5. If you edit the Delivery Group, on the Users page, you can specify that Sessions must launch in a user’s home zone. If there are no VDAs in the user’s home zone, then the launch fails.
  6. For published apps, on the Zone page, you can configure it to ignore the user’s home zone.
  7. You can also configure a published app with a preferred zone, and force it to only use VDAs in that zone. If you don’t check the box, and if no VDAs are available in the preferred zone, then VDAs can be selected from any other zone.
  8. Or you can Add Applications to Zone, which allows you to add multiple Applications at once.

  9. NetScaler can specify the desired zone by inserting the X-Citrix-ZonePreference header into the HTTP request to the StoreFront 3.7 server. This header can contain up to 3 zones. The first Zone in the header is the preferred Zone, and the next 2 are randomised such as EMEA,US,APAC or EMEA,APAC,US. StoreFront 3.7 will then forward the zone names to Delivery Controller 7.11, which will select a VDA in the desired zone. This functionality can be combined with GSLB as detailed in the 29 page document Global Server Load Balancing (GSLB) Powered Zone Preference. Note: only StoreFront 3.7 and newer will send the zone name to the Delivery Controller.
  10. Delivery Controller entries in StoreFront can be split into different entries for different zones. Create a separate Delivery Controller entry for each zone, and associate a zone name with each. StoreFront uses the X-Citrix-ZonePreference header to select the Delivery Controller entry so the XML request is sent to the Controllers in the same zone. HDX Optimal Gateways can also be associated to zoned Delivery Controller entries. See The difference between a farm and a zone when defining optimal gateway mappings for a store at Citrix Docs.
  11. Citrix Blog Post Zone Preference Internals indicates that there’s a preference order to zone selection. The preference order can be changed.
    1. Application’s Zone
    2. User’s Home Zone
    3. The Zone specified by NetScaler in the X-Citrix-ZonePreference HTTP header sent to StoreFront.

Machine Creation Services (MCS)

MCS – Machine Profile

CVAD 2402 and newer support selecting a Machine Profile when creating a MCS Catalog on vSphere. MCS copies the VM specification (e.g., TPM) from the Machine Profile to the new MCS machines.

  1. Create a VM with your desired specs (e.g., TPM) and then Convert to Template. It must be a Template and not a VM.
  2. When creating a Catalog, on the Image page, there’s an option to Use a machine profile. Select the template.

MCS – Image Management

CVAD 2402 and newer have an MCS Image Management feature that lets you prepare your images prior to pushing them to your Catalogs.

  1. Make sure your gold image VMs have MCS storage optimization (MCSIO) installed.
  2. Take a snapshot of the gold image VM. The MCS Image Management feature will not create snapshots for you. When naming your snapshot, include the name of the gold image and version info (e.g. date).
  3. In Web Studio, on the left, click Images. On the right, click Create Image Definition.
  4. In the Introduction page, click Next.
  5. In the Image Definition page, choose the Session type and click Next.
  6. In the Image page, select a Hosting Resource. Select a master image snapshot. Select a VM template to use as the machine profile. If you don’t select a machine profile here, then you can’t select one later when creating the Catalog. Click Next.
  7. The Machine Specifications are copied from the machine profile. Click Next.
  8. The NICs are copied from the machine profile. Click Next.
  9. In Version Description, enter a description. Each Image Definition will have multiple Image Versions. Each Image Version is a different snapshot of the master image. Describe the Version accordingly.
  10. In the Summary page, click Finish.
  11. The gold image snapshot is copied to the target datastore as a baseDisk.
  12. You can then use the completed Image Version to create or update a Catalog. This happens very quickly because the image has already been prepared.
  13. The Machine Catalog wizard shows you the Prepared Image Version and the Machine Profile.
  14. You can add Image Versions to the existing Image Definition.
  15. To update a Catalog, right-click the Catalog and click Change Prepared Image.
  16. Select a new version of the image and then finish the wizard like normal.
  17. If you select the Catalog, in the bottom, you can select the tab named Template Properties to see info about the Prepared Image. There’s also a link to View image history.

MCS – Full Clones

In Citrix Virtual Apps and Desktops (CVAD), for dedicated (persistent) Desktop OS (aka Single session OS) Catalogs, MCS can create Full Clones instead of Linked Clones. Linked Clones can’t be moved, but Full Clones are regular virtual machines that can be moved without impacting MCS.

  • CVAD 2407 and newer support Persistent Multi-session machines.
  • Full Clones is only an option for Desktop OS (aka Single session OS). It’s not an option for Server OS (aka Multi-session OS).

In Citrix Virtual Apps and Desktops (CVAD), you can use MCS to create Full Clones. Full Clones are a full copy of a template (master) virtual machine. The Full Clone can then be moved to a different datastore (including Storage vMotion), different cluster, or even different vCenter. You can’t do that with Linked Clones.

For Full Clones, simply prepare a Master Image like normal. There are no special requirements. There’s no need to create Customization Specifications in vCenter since Sysprep is not used. Instead, MCS uses its identity technology to change the identity of the Full Clone. That means every Full Clone has two disks: one for the actual VM, and one for identity (machine name, machine password, etc).

In Citrix Virtual Apps and Desktops (CVAD), during the Create Catalog wizard, if you select Yes, create a dedicated virtual machine

After you select the master image, there’s a new option for Use full copy for better data recovery and migration support. This is the option you want. The Use fast clone option is the older, not recommended, option.

During creation of a Full Clones Catalog, MCS still creates the master snapshot replica and ImagePrep machine, just like any other linked clone Catalog. The snapshot replica is then copied to create the Full Clones.

When you add machines to the MCS Full Clone Catalog, it uses the Master Image snapshot selected when you initially ran the Create Catalog Wizard. There is no function in Citrix Studio to change the Master Image. Instead, use the PowerShell commands detailed at CTX129205 How to Update Master Image for Dedicated and Pooled Machine Types using PowerShell SDK Console.

Since these are Full Clones, once they are created, you can do things like Storage vMotion.

During Disaster Recovery, restore the Full Clone virtual machine (both disks). You might have to remove any Custom Attributes on the machine, especially the XdConfig attribute.

Inside the virtual machines, you might have to change the ListOfDDCs registry value to point to your DR Delivery Controllers. One method is to use Group Policy Preferences Registry.

In the Create Catalog wizard, select Another Service or technology.

And use the Add VMs button to add the Full Clone machines. The remaining Catalog and Delivery Group steps are performed normally.

MCS – Machine Naming

Once a Catalog is created, you can run the following commands to specify the starting count:

Get-AcctIdentityPool
Set-AcctIdentityPool -IdentityPoolName "NAME" -StartCount VALUE

MCS – Storage Optimization Memory Caching

Memory caching (aka MCSIO, aka Storage Optimization) in MCS is very similar to Memory caching in Citrix Provisioning. All writes are cached to memory instead of written to disk. With memory caching, some benchmarks show 95% reduction in IOPS.

In CVAD 1903 and newer, MCS now uses the exact same Memory Caching driver as Citrix Provisioning. If you want to use the MCSIO feature, upgrade to CVAD 1903 or newer. Older versions of CVAD, including 7.15, have performance problems.

Here are some notes:

  • You configure a size for the memory cache. If the memory cache is full, it overflows to a cache disk.
  • Whatever memory is allocated to the MCS memory cache is no longer available for normal Windows operations, so make sure you increase the amount of memory assigned to each virtual machine.
  • The overflow disk (temporary data disk) can be stored on shared storage, or on storage local to each hypervisor host. Since memory caching dramatically reduces IOPS, there shouldn’t be any problem placing these overflow disks on shared storage. If you put the overflow disks on hypervisor local disks then you won’t be able to vMotion the machines.
  • In CVAD 1811 and older, the overflow disk is uninitialized and unformatted. Don’t touch it. Don’t format it.
  • In CVAD 1903 and newer, the overflow disk is formatted, and you can put logs (e.g. Event Logs) and other persistent files on it just like you do in Citrix Provisioning. See Andy McCullough MCSIO Reborn!

Memory caching requirements:

  • Random Catalogs only (no dedicated Catalogs)

When installing the VDA software, on the Features page, make sure you select the MCS IO option. VDA 1903 and newer are the recommended versions.

Studio needs to be configured to place the temporary overflow disks on a datastore. You can configure this datastore when creating a new Hosting Resource, or you can edit an existing Hosting Resource.

To create a new Hosting Resource:

  1. In Studio, go to Configuration > Hosting, and click the link to Add Connection and Resources.
  2. In the Storage Management page, select shared storage.
  3. You can optionally select Optimize temporary data on local storage, but this might prevent vMotion. The temporary data disk is only accessed if the memory cache is full, so placing the temporary disks on shared storage shouldn’t be a concern.
  4. Select a shared datastore for each type of disk.

Or you can edit an existing Hosting Resource:

  1. In Studio, go to Configuration > Hosting, right-click an existing resource, and click Edit Storage.
  2. On the Temporary Storage page, select a shared datastore for the temporary overflow disks.

Memory caching is enabled when creating a new Catalog.

  1. In the Desktop Experience page, select random.
  2. Master Image VDA must be 7.9 or newer.
  3. In the Virtual Machines page
    • CVAD 1903 and newer require you to specify a Disk cache size first. It needs to be large enough for memory write cache overflow, pagefile, and logs.
    • Then allocate some memory to the cache. For virtual desktops, 256 MB is typical. For RDSH, 4096 MB is typical. More memory = less IOPS.
    • CVAD 2407 and newer let you specify the drive letter for the disk cache.
  4. Whatever you enter for cache memory, also add it to the Total memory on each machine. Any memory allocated to the cache is no longer available for applications so you should increase the total memory to account for this.
  5. Once the machines are created, add them to a Delivery Group like normal.
  6. In CVAD 1903 and newer, the Write Cache Disk is formatted and has a drive letter, just like Citrix Provisioning.
  7. In CVAD 1811 and older, the temporary overflow disk is not initialized or formatted. From Martin Rowan at discussions.citrix.com: “Don’t format it, the raw disk is what MCS caching uses.”

MCS – Image Prep

When a Machine Creation Services catalog is created or updated, a snapshot of the master image is copied to each LUN. This Replica is then powered on and a few tasks are performed like KMS rearm.

 

From Citrix Blog Post Machine Creation Service: Image Preparation Overview and Fault-Finding and CTX217456 Updating a Catalog Fails During Image Preparation: if you are creating a new Catalog, here are some PowerShell commands to control what Image Prep does: (run asnp citrix.* first). These commands do not affect existing Catalogs.

  • Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value EnableDHCP
  • Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value OsRearm
  • Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value OfficeRearm
  • Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value "OsRearm,OfficeRearm"
  • Set-ProvServiceConfigurationData -Name ImageManagementPrep_DoImagePreparation -Value $false

If you are troubleshooting an existing Catalog, here are some PowerShell commands to control what Image Prep does: (run asnp citrix.* first)

  • Get-ProvScheme – Make a note of the “ProvisioningSchemeUid” associated with the catalog.
  • Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_Excluded_Steps -Value EnableDHCP
  • Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_Excluded_Steps -Value OsRearm
  • Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_Excluded_Steps -Value OfficeRearm
  • Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_DoImagePreparation -Value $false

If multiple excluded steps, separate them by commas: -Value "OsRearm,OfficeRearm"

To remove the excluded steps, run Remove-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps or Remove-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_Excluded_Steps.

 

A common issue with Image Prep is Rearm. Instead of the commands shown above, you can set the following registry key on the master VDA to disable rearm. See Unable to create new catalog at Citrix Discussions.

  • HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/SoftwareProtectionPlatform
    • SkipRearm (DWORD) = 1

Mark DePalma at XA 7.6 Deployment Failure Error : Image Preparation Office Rearm Count Exceeded at Citrix Discussions had to increase the services timeout to fix the rearm issue:

  • HKLM\SYSTEM\CurrentControlSet\Control
    • ServicesPipeTimeout (DWORD) = 180000

 

From Mark Syms at Citrix Discussions: You can add one (or both) of the following MultiSZ registry values

  • HKLM\Software\Citrix\MachineIdentityServiceAgent\ImagePreparation\Before
  • HKLM\Software\Citrix\MachineIdentityServiceAgent\ImagePreparation\After

The values are expected to be an executable or script (PoSh or bat), returning 0 on success

 

Citrix CTX140734 Error: “Preparation of the Master VM Image failed” when CREATING MCS Catalog: To troubleshoot image prep failures, do the following:

  1. In PowerShell on a Controller, for a new Catalog, run:
    asnp citrix.*
    
    Set-ProvServiceConfigurationData -Name ImageManagementPrep_NoAutoShutdown -Value $True
    
  2. For an existing Catalog, run the following:
    asnp citrix.*
    Get-ProvScheme
    Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_NoAutoShutdown -Value $True
  3. On the master image, set the DWORD registry value HKLM\Software\Citrix\MachineIdentityServiceAgent\LOGGING to 1
  4. If you now attempt catalog creation, an extra VM will be started; log into this VM (via the hypervisor console, it has no network access) and see if anything is obviously wrong (e.g. it’s bluescreened or something like that!). If it hasn’t there should be two log files called “image-prep.log” and “PvsVmAgentLog.txt” created in c:\ – scan these for any errors.
  5. When you’ve finished doing all this debugging, remember to run one of the following:
    Remove-ProvServiceConfigurationData -Name ImageManagementPrep_NoAutoShutdown
    Remove-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_NoAutoShutdown

MCS – Base Disk Deletion

Citrix CTX223133 How to change the disk deletion interval to delete unused base disks on the VM storage. Every 6 hours, Citrix Virtual Apps and Desktops (CVAD) runs a task to delete unused base disks.

The Disk Reaper interval is configured using PowerShell. The default values are shown below:

Set-ProvServiceConfigurationData -Name DiskReaper_retryInterval -Value 6:0:0 | Out-Null
Set-ProvServiceConfigurationData -Name DiskReaper_heartbeatInterval -Value 1:0:0 | Out-Null

MCS – Static (Dedicated) Catalog Master Image

If you create a Machine Catalog of Dedicated Machines (aka Static Catalog), then it’s not possible to update the Master Image using Citrix Studio.

You might want to change the Master Image so that machines added to this Static Catalog are cloned from a new Master Image instead of the Master Image that was originally selected with the Catalog was created.

Official instructions are at CTX129205 How to Update Master Image for Dedicated and Pooled Machine Types using PowerShell SDK Console.

If vSphere, Chaitanya at Machine Catalog Update Tool at knowcitrix.com created a GUI for these Citrix and vSphere PowerShell commands.

MCS – Hybrid Azure AD Join

CVAD 2305 and newer support Hybrid Azure AD Join when creating a Catalog. See Hybrid Azure Active Directory joined at Citrix Docs. VDA Registration is delayed until the computer is synced to Azure AD, which can take 30 minutes or longer.

Controller – Name Caching

George Spiers in Active Directory user computer name caching in XenDesktop explains how the Broker Service in Delivery Controller caches Active Directory user and computer names. The cache can be updated by running Update-BrokerNameCache -Machines or Update-BrokerNameCache -Users. Also see Update-BrokerNameCache at Citrix SDK documentation.

Delivery Group License Type

Citrix Virtual Apps and Desktops (CVAD) supports multiple license types (e.g. Concurrent and User/Device) within a Single farm/site. However, a farm/site only supports a single Edition (i.e. Enterprise or Platinum, but not both). The license model and product are configured at the Delivery Group. See CTX223926, and Multi-type licensing at Citrix Docs.

To configure license model and product, run the following PowerShell commands (run asnp citrix.* first):

Set-BrokerDesktopGroup –Name "DeliveryGroupName" –LicenseModel LicenseModel
Set-BrokerDesktopGroup –Name "DeliveryGroupName" –ProductCode ProductCode

LicenseModel can be UserDevice, or Concurrent. ProductCode can be XDT (Citrix Virtual Apps and Desktops [CVAD]) or MPS (Citrix Virtual Apps [CVA]).

Delivery Groups

In Citrix Virtual Apps and Desktops (CVAD), when creating a Delivery Group, there are options for publishing applications and publishing desktops.

On the Applications page of the Create Delivery Group wizard, From start menu reads icons from a machine in the Delivery Group and lets you select them. Manually lets you enter file path and other details manually. These are the same as in prior releases.

Existing is the new option. This lets you easily publish applications across multiple Delivery Groups.

You can also go to the Applications node, edit an existing application, change to the Groups tab, and publish the existing app across additional Delivery Groups.

Once multiple Delivery Groups are selected, you can prioritize them by clicking the Edit Priority button.

On the Desktops page of the Create Delivery Group wizard, you can now publish multiple desktops from a single Delivery Group. Each desktop can be named differently. And you can restrict access to the published desktop.

There doesn’t seem to be any way to publish a Desktop across multiple Delivery Groups.

To publish apps and desktops across a subset of machines in a Delivery Group, see Tags.

Maximum Desktop Instances in Site/Farm

Citrix Virtual Apps and Desktops (CVAD) 1808 and newer lets you restrict the maximum instances of a published desktop in the Site. This feature is configured using PowerShell.

asnp citrix.*
Get-BrokerEntitlementPolicyRule | Select-Object Name,PublishedName
Set-BrokerEntitlementPolicyRule -Name RDSH16_1 -MaxPerEntitlementInstances 1

If too many instances are launched, the user sees Cannot start desktop in StoreFront.

And StoreFront Server > Event Viewer > Applications and Services > Citrix Delivery Services shows session-limit-reached.

To revert to unlimited instances of the published desktop, set MaxPerEntitlementInstances to 0.

Logoff Closed Desktop

In Citrix Workspace app 2309 version onwards, when users close a desktop session, users can be asked to Sign out instead of Disconnect. This feature is called Save energy or Logoff on Close.

To enable the feature, edit a published desktop, find the Description field, and enter something similar to the following:

KEYWORDS:LogoffOnClose=true PromptMessage="Do you want to Log off?"

Tags

In Citrix Virtual Apps and Desktops (CVAD), you can assign tags to machines. Then you can publish apps and/or desktops to only those machines that have the tag. This means you can publish icons from a subset of the machines in the Delivery Group, just like you could in XenApp 6.5.

Tags also allow different machines to have different restart schedules.

  1. In Citrix Studio, find the machines you want to tag (e.g. double-click a Delivery Group). You can right-click one machine, or select multiple machines and right-click them. Then click Manage Tags.
  2. Click Create.
  3. Give the tag a name and click OK. This tag could be assigned to multiple machines.
  4. After the tag is created, check the box next to the tag to assign it to these machines. Then click Save.
  5. Edit a Delivery Group that has published desktops. On the Desktops page, edit one of the desktops.
  6. You can use the Restrict launches to machines with tag checkbox and drop-down to filter the machines the desktop launches from. This allows you to create a new published desktop for every machine in the Delivery Group. In that case, each machine would have a different tag. Create a separate published desktop for each machine, and select one of the tags.
  7. A common request is to create a published desktop for each Citrix Virtual Apps (CVA) server. See Citrix Blog Post How to Assign Desktops to Specific Servers in XenApp 7 for a script that can automate this configuration.
  8. When you create an Application Group, on the Delivery Groups page, there’s an optional checkbox to Restrict launches to machines with tag. Any apps in this app group only launch on machines that have the selected tag assigned. This lets you have common apps across all machines in the Delivery Group, plus one-off apps that might be on only a small number of machines in the Delivery Group. In that case, you’ll have one app group with no tag restrictions for the common apps. And a different app group with tag restriction for the one-off apps.

RDSH Scheduled Restart

If you create a Scheduled Restart inside Citrix Studio, it applies to every machine in the Delivery Group. Alternatively, you can use the 7.12 tags feature to allow different machines to have different restart schedules.

To configure a scheduled reboot on RDSH machines:

  1. Right-click an RDSH Delivery Group and click Edit Delivery Group.
  2. On the User Settings page, make sure the Time zone is configured correctly. Scheduled restarts use this time zone. (Source = CTX234892 Scheduled Restart Happen At Incorrect Time For A Specific Delivery Group)
  3. In Citrix Virtual Apps and Desktops (CVAD) 1811 and newer, you can create multiple Restart Schedules from the GUI. First, tag your machines. Then create a restart schedule for each tag.

  4. The Restart Schedule page lets you schedule a restart of the session hosts.
  5. Citrix Virtual Apps and Desktops (CVAD) and XenApp 7.7 and newer lets you send multiple notifications.
  6. Restart after drain – in CVAD 2103 and newer, you can configure a Restart Schedule to wait for all users to log off of the machine. Use the -UseNaturalReboot $true parameter with the New-BrokerRebootScheduleV2 and Set-BrokerRebootScheduleV2 cmdlets. Run Get-BrokerRebootScheduleV2 to see the existing schedules. Then run Set-BrokerRebootScheduleV2 to modify the schedule. This feature is not available in Citrix Studio.
  7. Restart after database outage – If a site database outage occurs before a scheduled restart begins for machines (VDAs) in a Delivery Group, the restarts begin when the outage ends. This can have unintended results. To help avoid this situation, you can use the MaxOvertimeStartMins parameter for the New-BrokerRebootScheduleV2 and Set-BrokerRebootScheduleV2 cmdlets in CVAD 1909 and newer. See Scheduled restarts delayed due to database outage at Citrix Docs.
  8. Maintenance mode and restarts – VDAs in Maintenance Mode will not restart automatically.
    1. In CVAD 2006 and newer, the Set-Brokerrebootschedulev2 cmdlets have -IgnoreMaintenanceMode $true. This setting is not available in Citrix Studio. See Scheduled restarts for machines in maintenance mode at Citrix Docs.
    2. Or see Matthias Schlimm at Reboot Schedule – VM’s in Maintenance Mode … do it at CUGC provides a script that reboots maintenance mode VDAs.
  9. If all the user sessions on the VDA are not logged off within 10 minutes, and if machine is not shutdown gracefully, then the Delivery Controller sends a force shutdown of the VDA, and machine does not power on. The following Delivery Controller registry values can be tweaked. Source = Citrix CTX237058 Schedule reboot does not restart machines and it stays in Shutdown state
    • HKLM\Software\Citrix\DesktopServer\SiteServices\MaxShutdownTimeSecs
    • HKLM\Software\Citrix\DesktopServer\RebootSchedule\MaxShutdownDelayMin 

Or use a reboot script/tool:

Autoscale

In CVAD 2305 and newer, Web Studio supports Autoscale. Right-click a Delivery Group and click Manage Autoscale. See Getting started with Autoscale at Citrix Docs.

In CVAD 2407 and newer, in Static (dedicated) Single-session Delivery Groups, in Autoscale > Load-based Settings, you can power off machines that nobody logged on to.

For schedule-based autoscale, edit the Delivery Group and set the Time Zone on the User Settings page.

Web Studio 2308+ on the Settings page has an option for Vertical load balancing.

CVAD 2311 and newer let you set Vertical load balancing at the Delivery Group instead of only at the Site.

Multiple Sessions

From Configure session roaming at Citrix Docs: By default, users can only have one session. Citrix Web Studio in CVAD 2303 and newer lets you configure session roaming by editing the delivery group. For published apps, disable it on the Users page. For published desktops, edit a published desktop and disable it on the bottom of the window.

Or you can configure the SessionReconnection setting available via PowerShell.  On any Server OS delivery group, run:

Set-BrokerEntitlementPolicyRule <Published Desktop Name> -SessionReconnection <Value>

For <Published Desktop Name>, run Get-BrokerEntitlementPolicyRule and look for the Name field.

<Value> can be:

  • Always – This is the default and matches the behavior of a VDI session. Sessions always roam, regardless of client device.
  • DisconnectedOnly – This reverts back to the XenApp 6.x and earlier behavior. Sessions may be roamed between client devices by first disconnecting them (or using Workspace Control) to explicitly roam them. However, active sessions are not stolen from another client device, and a new session is launched instead.
  • SameEndpointOnly – This matches the behavior of the “ReconnectSame” registry setting in XenApp 6.x. Each user will get a unique session for each client device they use, and roaming between clients is completely disabled.

For app sessions, use:

Set-BrokerAppEntitlementPolicyRule <App Entitlement Rule Name> -SessionReconnection <Value>

For <App Entitlement Rule Name>, run Get-BrokerAppEntitlementPolicyRule and look for the Name field.

Static Catalog – Export/Import Machine Assignments

It is sometimes useful (e.g. DR) to export machine assignments from one Catalog/Delivery Group and import to another.

  1. In Studio, click Delivery Groups on the lefthand menu
  2. Right click Edit delivery group
  3. Select Machine allocation tab on the left
  4. Click Export list
  5. Select a file name > Click Save
  6. Create the new machine catalog
  7. Right click the delivery group > Click Edit
  8. Select Machine allocation tab on the left
  9. Click Import list..
  10. Select the list you exported in step 4
  11. Click Apply

Your clients will now have users re-assigned to machines.

Monitor the Number of Free Desktops

Sacha Thomet wrote a script at victim of a good reputation – Low free pooled XenDesktops that polls Director to determine the number of free desktops in a Delivery Group. If lower than the threshold, an email is sent.

List Desktops Not Used for x Days

CTP Kees Baggerman has a script at Making sure your Citrix Desktops are utilized with Powershell v2 that does the following:

  • Grab all the desktops that haven’t been used within x amount of days
  • Notify the user
  • Set the desktop to maintenance mode
  • Uses the Office 365 SMTP servers for notifications

Related Topics

284 thoughts on “Catalogs, Delivery Groups, Zones”

  1. Carl,

    Love your documentation, it’s fantastic.

    Do I need to enforce TLS for the Citrix Receiver via policy (Receiver.admx) on the domain-joined clients to enable HDX-SSL Direct connection to the VDA? I couldn’t find it in the documentation as a requirement.

    I have executed Enable-HDXSsl.ps1 on the VDA and it’s listening on 443. When I launch an XenApp it does not connect, I can see it’s still trying to connect over 2598. If i modify the ica after it’s downloaded (SSLEnable=Off >> SSLEnable=On) the session launched and is encrypted using TLS1.2. Or if I enforce TLS on the client (receiver.admx: “TLS and Compliance mode configuration” setting), the session connects without issue.

    Regards,
    David

      1. Appreciate the quick reply, sure did execute the PowerShell command. I’ve worked it out now!!! 🙂

        The published application I was using in my testing is attached to another delivery group that does not have HDXSSL enabled. I created a new application and only assigned it to the encrypted delivery group, I then launch the application successfully.

        I guess you cannot have the same application assigned to a non-SSL and HDXSSL delivery group an expect the application to launch over SSL.

        ICA file now looks good with SSLEnable=On and SSLProxy, and other SSL attributes now appear in the ICA file!

        Shout out from Australia Carl!!! Now to get my hands dirty with WEM. Wish me luck

  2. Hi. Sorry for my English. I have a problem. XenDesktop 7.15 vda on Windows 2012 r2. When user trying reconnect to own disconnected session they see black screen with banner “Welcome…”. I just only click logoff on this session every time.

  3. Hi Carl,

    I have an Issue with MCS on Allflash Storage.
    After Reboot of the VDAs, they hung at the Windows Splash Screen.
    The Workaround with “monitor_control.enable_softResetClearTSC = “TRUE”” doesn`t help.
    After moving the VDAs to a SAS-Storage everything is running fine. No Problems.
    If I move the VDAs back to the Allflash Storage, the Problem is back.

    Is booting from SSD too fast für MCS?
    Can I set some timeouts in MSC?

    Thanks, Michael Gernetzke

    1. After some testing it seems to be the cachedisk. If this disk is on the SAS Storage all is running fine.

      Thanks, Michael Gernetzke

  4. Hi Carl: Inside Studio (7.13), when I right-click some of my Machine Catalogs, the options for “Update Machines” and “Rollback Machine Update” are missing, while on others, those options DO appear. What makes the difference, here?

      1. Yes, just about the same time as your Reply dropped into my Inbox, I saw in Studio the difference: Machines where “User Data” is marked “Discard”, those 2 options are on the context menu; where “User Data” says “On local disk”, they are missing. Thanks for the Reply.

  5. Carl, when a template VM is used to create Full Clones inside MCS, what is the right way to Update those Full Clones when needed? Is it still a matter of updating the template VM and then updating the Catalog?

      1. Right exactly, that’s what I was thinking too, just wanted to make sure there wasn’t something I was missing. SCCM, Shavlik, Ivanti, etc… Thank you —

  6. “The persistent virtual desktops can be replicated and recovered in the DR site. When the machines are added to Citrix Studio in DR, each machine is assigned to specific users. This process is usually scripted.”

    Carl, when you implement SRM with SRA and replica all full clones, how it works on DR site with new Vcenter and replicated DDC? I understand you will have to add host connection in DDC to repoint to new Vcenter but apart of that, anything else is required? With SRM machines will be already registered to new Vcenter? How it works exactly?

    1. I leave SRM design to the vSphere engineers.

      As long as the VM UUIDs do not change, then XenDesktop should be able to find the VMs across the new Hosting connection.

    2. SRM uses what’s called Place holders in the secondary site. Its like visible stubs in the secondary site.
      Is this what your asking?

    3. Without testing this, its just logical in my mind.
      If your using Persistent aka Static servers or Static Desktops. The as long as you add the new Vcenter Connection, I don’t see a issue. Vcenter is inventory and power options for xendesktop anyway. Its not like you 100% need it in a DR setup.
      Non- if its non persistent, then you need PVS or ELM. That is another story.

      But I am 95% Sure SRM changes the UUID of the VM.
      Select I moved it to keep them. or script all this.
      https://kb.vmware.com/s/article/1541

  7. Hi Carl

    I have a customer has office 2007 and he needs to inslall it om citrix master image, Citrix MCS will be used to create VDAs form master, i know that MCS does not support office MAK, is there any way to activate office 2007 after the machines update, like when its rebooted using script to activate office 2007.

    Best Regards
    Basem

      1. Hi Carl,

        Thank you for your response, no there is no volume license . can i use office 2007 with MCS ?

        Thank you carl.

        Basem

          1. Thank you Carl, i want to create 3 VDAs from the master image, office 2007 get activated on Master using MAK, how can i end with office 2007 get activated on the 3 VDAs

          2. “If you are trying to activate Office 2007 you should know that volume licensed editions of Office 2007 do not require activation. Retail editions will require activation, and there aren’t any tools available to help automate it. If you are deploying Office 2007 to a large number of computers you should be using VL software.” https://social.technet.microsoft.com/Forums/en-US/189c27e6-2f32-4762-aa1a-5ab2eb62d003/automated-activation-of-office-2007?forum=officesetupdeployprevious

  8. Hi, my new xa7.15 ltsr environment currently just has 2 manually added Server VDA’s – I now want to use MCS to deploy Server VDAs – do manually and Provisioned VDAs need to go in separate Machine Catalogs??

    Can I use one of the manually added VDA’s to create my master image? or would it be better to create a clean VM (vsphere) with just w2K12 o/s / patches / basic tools / VDA agent .

    Also one other item – I have published Studio (installed & loadbalanced on 2 x VDA vms) – is it possible to load balance and have Delivery Controller pre configured?
    * user connects to Studio published on “VDA 1”- that connection will go to “Delivery Controller 1”
    if
    * users connect to Studio published “VDA 2” the connection goes to “Delivery controller 2″and have studio this – as once launched get prompted for the delivery Controller (which there are 2) so goi

    1. Each provisioning method requires a separate Catalog.

      You can create a MCS Catalog from any master machine that has the VDA installed.

      Studio config is located at %appdata%\Microsoft\MMC\Studio.msc or something like that. You can use scripts to control this file.

  9. Hi Carl: As you know, the 7.x version of XenApp / XenDesktop brings some profound Changes to the way most of us have been doing Citrix for a long time… I’m trying to get used to it… Quick question: Can / should I use STUDIO GUI to do things like add Users to a Delivery Group, add or remove Machines from a Machine catalog, etc.? Or must I run Powershell scripts to do that? Thanks very much!

    1. Most admins use Studio. If you want to automate the configuration (e.g from a self-service portal), you can use PowerShell.

      1. OK great. Turns out I hadn’t been given the Permissions I needed… Those in place, it is all much more clear now. We’re still going to lean toward Powershell though. Thanks again.

  10. Hi, when you talk about the LHC and it’s limitations regarding non-persistent desktops you say that “(dirty desktops are an option in 7.14 and newer)”…Could you explain this in a bit more detail? I would like to know if there is a way to workaround this limitation in the case of an outage. I guess it has something to do with manually rebooting the pooled-VDIs? Thanks in advance.

  11. Well, for Office Activation issue…tried;

    1. the SkipRearm reg hack (on the gold image) (new

    2. Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value OfficeRearm (on the DDC/Studio server)

    …but Office still tries to activate. Office 2010 using MAK, not KVM license mode.

    …any other tips?

    Using VDA 7.8 on Windows 2016 image.

    1. I’ve been disabling ImagePrep altogether. That does the trick.

      Note: 7.15 no longer errors out and instead just shows a warning.

      1. Carl, I noticed today what you noted for 7.15 where the catalog doesn’t error out and rather notes the warning. Is it suggested to disable all of Image Prep and then you do not see this warning? But does this introduce other things to resolve with the MCS VDA’s?

  12. Hi Carl – thanks for great article. If not initializing and formatting the temporary disk where do you put the Eventlogs – remember best practice for PVS deployed machines where you put the Eventlogs etc. on the PVS cache disk so that they are kept between reboots etc.

    Regards.

    1. For PvS, correct. But for MCS, there’s no option to move them another drive, because MCS does not support a second drive.

  13. Hi Carl,

    I have used machine creation service to create Citrix VDA from master image, can i use the same Citrix master image to create a new machine catalog ?

    Best Regards,
    Basem

        1. I see Disk Cache size option is grad out during the new catalog creation ? how can i enable it ?

          Thank you in advance.

          1. You are creating non-persistent machines? Is memory caching enabled on the same page?

            Or maybe you didn’t specify a disk cache storage location. In Studio, go to Configuration > Hosting. Edit a hosting resource and specify the storage location for the disk cache.

  14. Hello Carl,

    from XenDesktop 7.6 with Windows7 to 7.13 with Windows10 we always come across the problem that sporadically the Windows group policies are not applied on the machine startup, using MCS as provisioning method.

    We use some startup scripts (e.g. for user profile disk) as well as gpo loopback processing, so proper startup group policy processing essential.

    To remedy this behavior we already set some local policies in the master image, like “always wait for the network at computer startup and logon” or “specify startup policy processing wait time”.
    This reduces the occurrences, but does not completely resolves the issue.

    Do you have any tips how to fix this problem?

    Best regards

    1. I’ve had this issue in the past also. Also set ‘Configure Logon Script Delay’ to 0. The other thing I’ve been using in my current MCS implementations is the BISF frame work. It has a module that processes group policy after everything is connected along with other cleanup and optimization items. I rely heavily on GPO and haven’t had any issues recently.

  15. Carl,

    The Full clones option in Studio only appears for XenDeskop side. I assume link clones are still used on the RDSH side of things for the xa 7.11 and newer? Unless you clone them and bring them in as Full Clones ( AKA other Service or Technology option) Which will bring it in as a full clone.

  16. Nice, docs, small typo :

    MCS – Image Prep -> 5. should be Remove-ProvSchemeMetadata not Remove-ProvServiceMetadata

  17. I think the commands in your MCS – Image Prep section changed from Set-ProvServiceMetadata to Set-ProvSchemeMetadata. As the -ProvisioningSchemeUid is no longer available with Set-ProvServiceMetadata

  18. UFEI support with MCS and Gen2VMs

    Any idea when MCS will support Gen2VMs? I tried setting the connection option in Studio to the EnumerateGen2VMs=True, however it doesnt seem to enumerate the gen2 machines. I rebooted the VDA several times as well as the controller but cant get these machines to enumerate

      1. Yes. I entered it in the advanced properties of the host connection (in studio -> hosting -> edit connection -> advanced), however still not able to get these gen2 machines to enumerate. Do you know if it is supported in XA7.11? thats the version of XA that we are using to test with. Thanks Carl

  19. Does Zone Preferences also work without Netscaler ica proxy connections ? Is this a replacement for what we known in XenApp 6.5 as Load Balancing Polcies ? Iam looking for a way to puplish some apps only once in my site and if a user is a member of a specific Group, Word on the Sattelite XenApp Server will open, instead in the Headquarter. That was supereasy to implement with LB Policies.

    1. Kind of. You can assign users to a home zone and configure the apps to launch in the user’s home zone.

      1. So there are 3 forms of ZonePreference supported by Netscaler 11.x, StoreFront and XenDesktop 7.x. The determinant which controls which VDAs to use to launch apps and desktops is different for all 3 methods.

        Client IP or Client DNS Server IP Based:
        This requires Netscaler 11.x , StoreFront and XenDesktop 7.x to have consistent Zone configuration and works best with StoreFront aggregation also configured.
        This uses GSLB static proximity to determine the location of the client device based on its own IP or the IP of the DNS server it used to resolve a GSLB domain name to a particular service. The GSLB services can be internal StoreFront load balancers or external GSLB Gateways for remote access. the policy to inject the Zone X-Citrix-ZonePreference header can be bound to either LB vServers or VPN vServers within netscaler. I have configured this within Citrix in our production RTST environment. This is the most dynamic Zone Preference method as it supports roaming users who visit different geos frequently but is also by far the most complicated to set up.

        User Group Based using Active Directory Groups:
        XenDesktop 7.x Only.
        This maps VDAs in different zones and geos to particular AD user groups. UKUsers have their apps delivered by UK VDAs and USUsers are directed to US VDAs for a better user experience once their HDX session is established.

        App Based:
        XenDesktop 7.x Only
        This is defined at App level on the XenDesktop 7.x delivery groups and it can be used if a particular app is only available from VDAs in 1 geo and may be absent in the other geos.

  20. Hey Carl,

    We’re looking to setup a multi-tenant unified gateway for our clients. While we already have the multi-tenant design configured and working (2 DDC’s and 2 LB SF’s in a central resource forest with VDA’s in client forests with a 2 way trust between them) we’d like to get HA failover between data centers in 2 geographic locations with 2 separate Citrix sites.

    From my understanding, we need to utilize the application aggregation features on the SF’s. We’re testing this out currently but have you seen any “gotcha’s” in your experience when setting this up?

    Your guides and explanations are always the most helpful resources and I thank you very much for all your hard work!

  21. I keep seeing “Unavailable capacity” on application Server VDAs.
    Some of the Servers keep shutting down despite adjusting the off peak and buffer settings to max

    Set-BrokerDesktopGroup -name “XXX” -OffPeakBufferSizePercent 100 -PeakBufferSizePercent 100

    OffPeakBufferSizePercent : 100
    OffPeakDisconnectAction : Nothing
    OffPeakDisconnectTimeout : 0
    OffPeakExtendedDisconnectAction : Nothing
    OffPeakExtendedDisconnectTimeout : 0
    OffPeakLogOffAction : Nothing
    OffPeakLogOffTimeout : 0
    PeakBufferSizePercent : 100
    PeakDisconnectAction : Nothing
    PeakDisconnectTimeout : 0
    PeakExtendedDisconnectAction : Nothing
    PeakExtendedDisconnectTimeout : 0
    PeakLogOffAction : Nothing
    PeakLogOffTimeout : 0
    ProtocolPriority : {}

    Any advice on how I can make the servers stay on and available?

  22. Carl Unfortunately I get this error when I run

    Set-BrokerEntitlementPolicyRule EDISKIOSK -SessionReconnection SameEndpointOnly

    I ran this command for another delivery group few months ago and it worked great but now I have no clue why this is happening. Running Get-BrokerEntitlementPolicyRule does not return anythng

    Set-BrokerEntitlementPolicyRule : No items match the supplied pattern At line:1 char:1 + Set-BrokerEntitlementPolicyRule

    Thanks always for your help.

      1. Hey Carl, Thanks for responding. I finally found why. Interestingly, when I ran powershell from windows command line, and ran the same command, it executed without any errors. Both ran as admin, but one gave an error exception but the other ran fine.

  23. Carl,

    I’m trying to use XA 7.8 App-V AppLibrary integration without Mgmt/Publishing servers. I was hoping that if I have a new version of an application and I upgrade that App-V package, then I import it,that it was automatically start launching that new version. However, so far it seems like I have to reboot the PVS target devices in my Delivery Group. I don’t really see a benefit besides a cleaner golden image if I can’t upgrade an application without rebooting at times.

    Maybe I’m doing something wrong? Or maybe there are enhancements in 7.9 or 7.11.

    Thoughts?

  24. Hi Carl,

    I have a question on MCS Memory Caching.

    When creating a new Machine Catalog, I see the option to configure the memory caching.

    Once the catalog has been created, how do I to remove or re-configure the caching values?

  25. Carl, just verifying that under Machine Catalog Setup, I would select Server OS to create Xenapp servers, and would not use the Desktop OS selection, and the new options like full clone? Thanks.

  26. Carl, we are looking at MCS to create our Xenapp servers. It seems most of the options at the start of this document are for desktops, so what would you recommend for servers, persistent – non persistent, don’t see full clones as a server option, etc. Thanks.

    1. Since RDSH is a shared system, there’s typically no reason for persistent. Even if you want persistent so they can be updated by an external ESD, it’s difficult to update them while they are being used. Thus, RDSH is almost always built as PvS or MCS Catalogs. One exception I’ve seen is an application that can only store data on the local RDSH server, but this is typically only used by a small number of users.

  27. Hi Carl

    It might also be worth highlighting that delivery controllers in Storefront need to be tagged with their respective zones in their advanced properties. This is necessary if the admin wishes Storefront to prioritise a zones’s delivery controllers first within an aggregation group and send the user to a local resource rather than a remote data center. Without a ZonePreference header, Storefront will randomly choose a delivery controller from the list of equivalents in the aggregation group. More often than not, this results in an app or desktop launch from the wrong zone which is NOT closest to the client device. If Storefront receives the X-Citrix-ZonePreference header it reorders the list of available delivery controllers in the aggregation group and places the preferred zone’s delivery controllers first in its launch list.

    Mark

  28. Hi Carl

    Netscaler 11.1 can dynamically insert a list of preferred zones using a ZonePreference LB vServer. Each of its services represent a Zone. Each Zone should have monitors attached which probe the DDCs within it and can determine if a Zone is up or down. Create a monitor for each DDC and set a monitoring threshold of at least 1 controller per Zone and if at least 1 of the monitored DDCs is available, then the preferred Zone will be injected into the X-Citrix-ZonePrerence header. Up to 3 Zones can be injected into X-Citrix-ZonePreference. The policy can be bound to either LB vServers, or Gateway vServers when using GSLB or manually selecting a gatewayin the correct geolocation. If using GSLB and static proximity, the client IP or client DNS server can be used to determine the preferred Zone. The first Zone in the header is the preferred Zone and the next 2 are randomised such as EMEA,US,APAC or EMEA,APAC,US.

    I can send details of how to configure this in Netscaler if you wish?

    Regards Mark @ Citrix Storefront Test & RTST

  29. We recently upgraded to 7.11 and want to build non linked Full Clones. During Machine Catalog creation, under Desktop Experience I can select “I want users to connect to the same (static) desktop each time they log on, but I do not get the “Do you want to save any changes that the user makes to the desktop?” Options. Do you know why this may be? Do I need to enable something on the DDC’s to have this functionality?

      1. No, I seemed to have misread your guide. Although when I do select a hosting resource, when I get to “Virtual Machines” I don’t have the “Select a virtual machine copy mode.” We are using a Nutanix AHV backend through the Nutanix Studio Plugin, perhaps its a limitation of the Nutanix plugin.

          1. We also don’t have the “Select a virtual machine copy mode” option. We are using Xenapp 7.11 MCS with Vsphere 5.5.

  30. Carl,

    I actually found that using ‘Set-ProvServiceConfigurationData -Name ImageManagementPrep_ExcludedSteps’ does not work. Using ‘Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps’ works for me.

    -Mark

  31. Hi,

    One of my MCS servers computer object got deleted from AD and now MCS server showing unregistered. Is it possible to remove the machine from domain and rejoin? or do i need to create new machine from base image?

    BR

  32. Hi Carl,

    you mentioned the following
    During Disaster Recovery, restore the VM (both disks). You might have to remove any Custom Attributes on the machine, especially the XdConfig attribute.

    Now, This will be a huge manual effort and will require a significant time if we are talking for 5000+ VDI or can we automate it.

    Just wanted to understand can we do the following with full clone

    create VMs in both DC and no storage is attached to the DR VMs. In the event of a failure, these VMs disk will be assigned from the backup storage location. the storage for each VM will be made available from the latest storage backup of the dedicated VMs and to be attached individually to the pre-created VMs which is already present.

    Please let me know your inputs.

    Kind Regards,
    Nivesh Pankaj

    1. They’re just regular VMs so you can do anything that normally works for a VM.

      As for the attribute, there might be a PowerCLI option. Let me do more research.

  33. Carl,

    Setting up a new XA 7.11 site. I’ve been through XA 6.5, XD 5.6, XD 7.6, and now XA 7.11. This time when I go to create an MCS-based machine catalog I don’t see any option to specify CPU (this has changed). What is the recommended way to set your socket/core count for the catalog? I also don’t see networking anymore? If everything is setup in the base image will it properly propagate?

    -Mark

    1. Networking comes from the Hosting Resources.

      I think CPU was intentionally removed. Can’t remember which version. But it should copy from the master.

  34. Hello Carl,

    I have XenDesktop 7.8 setup. Some of my MCS servers are moved to different vCenter but on same Cluster, Storage and Virtual network and now power status is unknown. Only vCenter server is changed.

    I have two hosting connections for those two vCenter (vCenter1 and vCenter2). The vCenter1 is the previous vCenter on which MCS servers were hosted. On vCenter 1 I can see Resources connection but not showing storage as it is moved to vCenter2.

    On vCenter2, I don’t have any resources connection set up yet but have VDI’s and Servers hosted manually on it.

    I am thinking to rename Resource on vCenter1 and then create new Resource with the same name (same cluster, storage and virtual network) on vCenter 2. vCenter2 hosting connection was created with other tools (not with Studio tools Machine Creation Service). Can I create Resources connection for MCS servers under same existing connection or should I create new hosting connection with vCenter 2 for MCS servers?

    Is it possible to update the MCS servers hosting connection details with Powershell commands after creating new hosting connection-resource and get power status?

    Regards

    1. If the UUIDs change in vCenter then it probably won’t work.

      To move MCS, you basically have to rebuild them. If Dedicated MCS, you can clone them to Full Clones, then add them to a Manual Catalog.

      1. I get following entries which looks same.

        Get-BrokerMachine -PowerState Unknown –HostedMachineId : 422e2e47-6da9-69b1-cb74-0ff0b1427bad
        Vmx file entry for MCS server — uuid.bios = “42 2e 2e 47 6d a9 69 b1-cb 74 0f f0 b1 42 7b ad”

        Can I update it with Set-BrokerMachine -MachineName ‘MyDomain\MyMachine’ -HostedMachineId

        Also please share your thoughts on below point.

        I am thinking to rename Resource on vCenter1 and then create new Resource with the same name (same cluster, storage and virtual network) on vCenter 2. vCenter2 hosting connection was created with other tools (not with Studio tools Machine Creation Service). Can I create Resources connection for MCS servers under same existing connection or should I create new hosting connection with vCenter 2 for MCS servers?

        Regards.

        1. If you look inside the .vmdk file, it has a pointer to the parent image. If the path doesn’t change, then it might work.

          Yes, you can add Hosting Resource to an existing Connection.

          1. My base image is also moved from vCenter 1 to vCenter 2 on same cluster, storage and virtual network where MCS app servers are.

            Is it the right command to update -> Set-BrokerMachine -MachineName ‘xyz\Server1’ -HostedMachineId 422e2e47-6da9-69b1-cb74-0ff0b1427bad

          2. The connection will work, but the machines probably won’t. MCS has many links and dependencies and can’t be easily moved. You usually have to recreate them.

          3. In this case i need to rebuild MCS servers. Please check below steps. Is there anything I m missing?

            * Create new hosting connection and resources
            * Create new Machine Catalog with a single server using the existing base image snapshot
            * Add the newly created server to the existing Delivery Group
            * Put existing servers in maintenance mode and check apps on new server
            * Add additional servers to new Machine Catalog
            * Add new servers to existing Delivery Group
            * Remove old servers from old machine catalog and delete old catalog

      2. Hello Carl,
        I have a similar question, I have a XennApp 7.8 environment, and I need to migrate it to a new vCenter. I already have a hosting connection setup for the new vCenter with same Network and Datastores, and I want to create a new machine catalog with same base image-template in this new vCenter. Can I move the ESX host with the base image-template to the new vCenter? can this action break the existing machine catalog? also will I be able delete the machine catalog later if I moved the image-template to the new vCenter?

        1. Moving ESX won’t change anything, assuming you still have hosts on the old vCenter. MCS does not need the master image for normal operations. It’s only needed during catalog updates.

          1. Thanks Carl,
            Yes, I have the master image on the old VCenter (I still have some ESXi hosts on it). I will move the master image from old vCenter to new vCenter with one of those hosts, then I will create a new machine catalog

  35. Question. I would like to use zones to setup a single site (two physical sites) XenApp environment. They are connected by a 100mb WAN connection and the sattlite site would be a DR site with its own hypervisor, controllers, Netscalers, and server VDAs. I don’t see how connection leasing would work as users would only connect to DR in the event of a failover. Would I be able to use SQL mirroring/Always On in conjunction with a primary/satellite zone model? I don’t really see any reason why this wouldn’t work, but I can’t find anything saying you can do this.

    1. I still prefer two separate farms until Citrix adds zone preference / failover and true offline database. No SQL DR required. StoreFront controls the connections.

  36. Is there a way to span subnets within a single machine catalog using MCS? We would like to have a single catalog of 5000 machines, but having a single subnet with 5000 machines causes broadcast storms. We would like to avoid having multiple catalogs with the only difference being the network they are assigned to.

    1. Rick – did you ever confirm/verify this? Trying to do something similar and wanted to get clarification. Thanks!

      1. Lauren — We do now have a solution in place that is working well for large machine catalogs. Our machine catalog still points to a single DHCP scope which is where MCS creates the machines. Then after the machines are created we manually change the network to divide the machines up among ten different subnets. We were able to automate this process with powershell so it is fairly painless. We have found that XenDesktop does not use these network settings after machine creation, so editing them after the fact does not cause any problems, and the VDA is able to report back the actual IP to the DDC. So now we are able to have 5000 machines in the same catalog, but spread across 10 subnets to avoid broadcast storms and such. I hope this helps!

  37. Carl,
    Wondering if you can point me in the right direction.
    We are running XD7.8 and using MCS to create new servers in our AWS environment.
    Everything is running nicely, however I want to run a script to install AV software and activate Office after MCS creates the machine.
    What would be the best way to have a script launch once a machine is created by MCS?
    The base image which is being used by MCS is an Amazon Web Service AMI that I created.

    Thank you in advance.

    1. Can you create a group policy with a computer startup script?

      Or you can create a Scheduled Task that runs when then computer starts.

  38. Hi Carl,

    I created a MCS provisioned catalog at that time I used 3 LUN’s so base disk is there on all LUN’s.

    I added 3 more LUN’s but i could not see base disk there on new LUN’s. Do i need to update the machine catalog to get base disk copied along all LUN’s

    Please suggest.

    Thanks in advance!

    1. When you add more machines it should start using the new datastores and copy the snapshot to those datastores. You might have to add 6 machines before it does it. Note, there is no rebalance option. To rebalance, you’ll have to delete the VMs and remake them.

  39. Is there an equivalent to the load balancing policies pf XenApp 6.5 in XD 7.6?

    in 7.6 I don’t see failover policies that XenApp 6.x had where you could specify one worker group of servers as primary and failover to a secondary group.
    I can’t see how you can add 2 machine catalogues to 1 delivery group and place a catalogue in maintenance – unless you create a single MC and failover individual machines.

  40. Insightful,
    I am creating 2 machine catalogs (1 at DR site other at main site) to be used by a single delivery group, not at the same time.
    How do I load balance (or SWAP) the machine catalogs so I can perform maintenance one at a time without affecting user sessions?
    Thanks

    1. Add both to the Delivery Group. Then put the DR machines in maintenance mode and they won’t be used until you turn off maintenance mode. No need to remove and add machines.

      1. I have XD7.9, there are 2 machine catalogs created(A- 1 Machine, B-1 Machine). I was tried to add both catalogs in delivery group C but appreantly it doesn’t allow do so.
        Can you please tell me whether i have done anything wrong

  41. Carl,

    I’ve found that specifying session reconnect options for the delivery groups to anything but “Always” breaks session sharing. Have you found a way to to keep the session from roaming and keep session sharing?

  42. Hi Carl

    You suggested not using Link-Clone for Persistent VDI, are such machines to be configured as “Remote PC Access” ?

    When installing VDA, there are are only the Options “Create a Master Image” and “Enable Remote PC Access”. Which Option would be appropriate in this case?

    1. It doesn’t matter. The “Master Image” option installs a few more services than the other option. That’s the only difference. I usually install with “Master Image” just in case I want to do that later.

      1. I have some persistent VDI which were earlier created with MCS under Version 7.6.
        I would like to upgrade both the catalog and Delivery Group to 7.7, but the VDA on the VM should be same Version as to access the latest Feature.

        Since creating persistent VDI actually disassociate itself from the Original Base Image and there is no longer possible to update the Machines through “Catalog”, would it be okay to upgrade the VDA directly on the persistent VDI?

        Thanks

        1. Yes. The linked clones are handled by vSphere, not Citrix. Citrix only does the machine identity.

          I would recommend that you clone each persistent VM into a full clone so you don’t have to worry about linked clones anymore.

  43. Hello Carl,

    I have an issue with configuring “Windowed Mode” and “Multiple Instance” on XenApp 7.6 at the same time.

    I will be able to achieve any one at a time. For example, If I edit defalut.ica file as below, it will allow me to launch an application in windowed mode. If this setting is removed, then I will be able to launch multiple instance. Please suggest.

    [APP123]
    TWIMode=Off
    ScreenPercent=99

        1. When you launch multiple instances, are they in the same session? If so, I would expect all of the instances to run in the same window.

          Otherwise, I don’t have any advice. You can try posting to discussions.citrix.com or contact Citrix Support.

          1. When I launch multiple instances, they are in same session, meaning I don’t see multiple sessions on Studio. But it is launched in different window. I will try posting in Citrix. Thanks for your Inputs so far.

  44. HI Carl,

    I wondered what you would think is the best delivery method if I was to build two XenApp images for roughly 100 people. This is a single data centre solution, so no DR required.

    Would MCS be preferred if it is non-persistent? I would imagine PVS would be over kill. Else, if it was persistent, as you stated, something else such as SCCM or hypervisor cloning would be best?

    1. The problem with MCS is that you can no longer just login to your VDAs and make a change. Instead you have to update the master and then push it to the linked clones. For only two identical machines, I would do updates manually on both. However, some people prefer the master image method because it gives them one thing to back up.

  45. Good Afternoon Carl,
    Curious if If you ran accoss if Citrix recommendation to have a separate drive (D:) for the windows OS paging file and the windows spool location. This I believe was the recommendation awhile back for optimum performance (separate disk queues for each drive). Just curious if we should be concerned with that or does Citrix just recommend a C: drive large enough to hold everything? The Provisioning service will be MCS as well.

    1. I don’t see any difference between Citrix VDAs and regular PCs. If you don’t multi-partition your PCs then don’t multi-partition your VDAs. XenApp is nothing more than a PC that lets multiple users login at once.

Leave a Reply

Your email address will not be published. Required fields are marked *