Navigation
- Change Log
- Persistent vs Non-persistent
- Zones
- Zone Preference
- Machine Creation Services (MCS)
- MCS – Machine Profile (CVAD 2402+ on vSphere)
- MCS – Image Management (CVAD 2402+)
- MCS – Full Clones
- MCS – Machine Naming
- MCS – Storage I/O optimization (i.e. Memory Caching, aka MCSIO)
- MCS – Image Prep – KMS Rearm
- MCS – Base Disk Deletion
- MCS – Static (Dedicated) Catalog Master Image
- MCS – Hybrid Azure AD Join
- Controller – Name Cache
- Delivery Group License Type
- Delivery Group Published Apps and Desktops in 7.8 and newer
- Maximum Desktop Instances in Site/Farm (CVAD 1808+)
- Logoff Closed Desktop (Workspace app 2309+)
- Tags
- RDSH Scheduled Restart
- Autoscale
- Allow one user to have Multiple Sessions
- Catalog Maintenance:
- Published Applications
💡 = Recently Updated
Change Log
- 2024 Dec 5 – Image Management – Image Sharing in 2411
- 2024 April 20 – MCS – Machine Profile and MCS – Image Management
- 2023 Oct 5 – Logoff Closed Desktop (Workspace app 2309 and newer)
- 2023 Sept 16 – Autoscale Vertical Load Balancing
- 2023 June 1 – Autoscale in CVAD 2305+ Web Studio
- 2023 June 1 – Hybrid Azure AD Join in CVAD 2305+ Web Studio
- 2023 Mar 21 – Multiple Sessions – configure session roaming in Web Studio 2303+
- 2021 Apr 4 – RDSH Scheduled Restarts – Restart after draining users
Persistent vs Non-persistent
VDA design – One of the tasks of a Citrix Architect is VDA design. There are many considerations, including the following:
- Machine type – single user (virtual desktop), or multi-user (Remote Desktop Session Host). RDSH is more hardware efficient.
- Machine operating system – Windows 7, Windows 10, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2016
- Machine persistence – persistent, non-persistent
- Number of new machines – concurrent vs named-users
- Machine provisioning – full clones, Machine Creation Services (MCS), Citrix Provisioning
- Hardware for the new machines – hypervisor clusters, storage
- How the machines are updated – SCCM, MCS, Citrix Provisioning etc.
- Application integration – locally installed, App-V, Layering, Virtual Apps or XenApp published, leave on local endpoint machine, cloud apps, etc.
- User Profiles – roaming, mandatory, home directories
- Group Policies – session lockdown, automation
- Disaster Recovery – replication. VDAs running in a warm site. DR for profiles and home directories too.
Desktop Management in a Citrix environment – Some environments try to use Citrix to improve desktop management. Here are some desktop management aspects of Citrix that aren’t possible with distributed physical desktops:
- Datacenter network speeds – The VDAs have high speed connectivity to the desktop management tools, which eliminates WAN bandwidth as a desktop management consideration. For example, you can use Microsoft App-V to stream apps to VDAs. And SCCM deployments have much greater success rates than PCs that are frequently offline.
- Non-persistence – Non-persistent VDAs revert at every reboot. To update non-persistent VDAs, simply update your master image, and push it out.
- Layering – The VDA VMs can be composed of multiple layers that are combined during machine boot, or when the user logs in. Citrix App Layering is an example of this technology. A single layer can be shared by multiple VDAs. The layers are updated once, and all machines using the layer receive the updated layer at next boot/login.
- See the Reddit thread Citrix at scale.
Non-persistent VDAs – Probably the easiest of these desktop-management technologies is non-persistence. That’s because you install your applications once into a master image, and you can easily create a pool of identical machines based on that master image. Whenever an update is needed, you install the update once into your master image and push it out.
However, there are several drawbacks to non-persistence:
- Multiple Master Images – it’s extremely rare for there to only be one master image. You’ll probably have a number of master images, each with different application sets. The more master images you have, the more effort is required to maintain them.
- Same apps in multiple images – Some apps are common to multiple images. For example, Office and Adobe Reader. How do you update these common apps identically on multiple master images?
- Multi-datacenter – how do you perform the same master image updates in multiple datacenters? Replicate the master images? Perform the same change multiple times?
- Automation – You’ll need new automation for managing the multiple master images and updating Catalogs. Automation complicates the simple management you were hoping to achieve.
- One option is SCCM Package Deployment to the Master Images, but not the linked clones. See Implementing SCCM in a XenDesktop VDI environment for info on using Client Classes to create a dynamic Collection for non-persistent machines.
- Master Images must be designed – Which apps go on which master image? Do you install the same app on multiple master images?
- How do you know which apps a user needs? – Most Citrix admins, and even desktop teams, don’t know every app that a user needs. You can use tools like Liquidware Labs or Lakeside Software to discover app usage, but it’s a very complicated process to find commonality across multiple users.
- How are One-off apps handled? – If you have an app used by only a small number of users, do you add it to one of your master images? Do you create a new master image? Do you publish it from Virtual Apps or XenApp (double hop)? Do you stream it using App-V? Layering is another option.
- Application Licensing – for licensed apps, do you install the licensed app into the master image and try to hide it from non-licensed users? Or do you create a new master image for the licensed users?
- Patching multiple images – when a new OS patch needs to be deployed, you have to update every master image running that OS version. Thus Citrix admins usually try to limit the number of master images, which makes image design more complicated.
- How do you manage an app that is installed on multiple master images? – Layering might help with this.
- Who manages the master images? – Citrix admins? Desktop team? It’s unlikely that traditional desktop management will ever be completely removed from an enterprise environment, which means that master image management is an additional task that was not performed before. Does the Citrix admin team have the staff to take on this responsibility? Would the desktop management team be willing to perform this new process?
- Politically feasible? – Large enterprises usually have mature desktop management practices. Would this new process interfere with existing desktop management requirements?
- Responsibility – if the Citrix admins are not maintaining the master images, and if a Catalog update causes user problems, who is responsible?
- Compliance – template machines usually go through a security and licensing compliance process. If the Citrix team is managing the master images, who checks them for compliance?
- RDSH Apps are complicated – who is responsible for integrating apps into Remote Desktop Session Host (Virtual Apps or XenApp)? Does the desktop team have the skills to perform the additional RDSH testing?
- Change Control – Longer Deployment Times – Any change to a master image would affect every machine/user using that image, thus dev/QA testing is recommended for every change, which slows down app update deployment. And once a change is made to the master, it doesn’t take effect until the user’s VDA is rebooted.
- Roaming Profiles – some apps (e.g. Office) save user settings in user profiles. Since the machines are non-persistent, the profiles would be lost on every reboot unless roaming profiles are implemented. This adds a dependency on roaming profile configuration, and the roaming profile file share.
- How is the Outlook OST file handled? – With Cloud Hosted Exchange, for best performance, Outlook needs to run in Cached Exchange mode, which creates a large OST file in the user’s profile.
- OST files are large (multiple gigabytes). One option is to use group policy to minimize the size of the OST file.
- How is the large OST file roamed? If you leave the OST in the default location, then the OST is copied back and forth every time the user logs on and logs off. You usually want to put the OST file on a file share, or in a mounted VHDX file that is stored on a file share.
- Search indexes are rebuilt every time the user starts a new session. This takes time and performance.
- Citrix Profile Management 7.18 has an Outlook OST and Search roaming capability.
- Another option is to purchase a 3rd party OST handling product like FSLogix.
- How is the Outlook OST file handled? – With Cloud Hosted Exchange, for best performance, Outlook needs to run in Cached Exchange mode, which creates a large OST file in the user’s profile.
- IT Applications (e.g. antivirus) on non-persistent machines – Many IT apps (antivirus, asset mgmt, security, etc.) have special instructions to work on non-persistent machines. Search the vendor’s knowledgebase for “VDI”, “non-persistent”, “Citrix”, etc.
- Antivirus in particular has a huge impact on VDA performance. The special antivirus instructions for non-persistent VDAs are in addition to normal antivirus configuration.
- Local Host Cache does not easily support non-persistent virtual desktops – if the Citrix Virtual Apps and Desktops (CVAD) SQL database is down, and if users need to connect to non-persistent random desktops, then Local Host Cache won’t help you. It’s not possible to connect to non-persistent virtual desktops until the Citrix Virtual Apps and Desktops (CVAD) SQL database connection is recovered.
Application Integration Technologies – Additional technologies can be used to overcome some of the drawbacks of non-persistent machines:
- Microsoft App-V – this technology can dynamically stream apps to a non-persistent image. Different users get different apps. And the apps run in isolated bubbles. However:
- App-V is an additional infrastructure that must be built and maintained.
- App-V requires additional skills for the people packaging the apps, and the people troubleshooting the apps.
- Since the apps are isolated, app interaction is configured manually.
- Because of application isolation, not every app can run in App-V. Maybe 60-80% of apps might work. How do you handle apps that don’t work?
- Layering – each application is a different layer (VHD file). The layering tool combines multiple layers into a single unified image. Layers are updated in one place, and all images using the layer are updated, which solves the issue of a single app in multiple images. Layering does not use application isolation, so almost 100% of apps should work with layering. Layers can be mounted dynamically based on who’s logging in. There’s also a persistent user layer that lets users install apps, or admins can install one-off apps. Citrix has an App Layering feature. Notes:
- Citrix App Layering is a separate infrastructure that must be built and maintained.
- Somebody has to create the layers. This is an additional task on top of normal desktop management packaging duties.
- It takes time to update a layer and publish it to multiple images.
- Citrix App Layering captures the OS Layer. So OS patches are handled by Citrix App Layering. It takes time to push an OS security update to every image based on the same OS Layer.
- Other Layering products don’t capture the OS Layer. As a result, they can’t achieve 100% app compatibility like Citrix App Layering can.
- With Layers, it’s very easy to remove a layer from an image. There’s no need to completely rebuild an image because one app is corrupted.
- Citrix’s App Layering does not have a supported API, so you can’t automate it.
Persistent virtual desktops – Another method of building VDAs is by creating full clone virtual desktops that are persistent. Each virtual desktop is managed separately using traditional desktop management tools. If your storage is an All Flash Array with inline deduplication and compression, then full-clone, persistent virtual desktops probably take no more disk space than non-persistent linked clones. Here are some advantages of full-clone, persistent virtual desktops as opposed to non-persistent VDAs:
- Skills and Processes – No new skills to learn. No new desktop management processes. Use existing desktop management tools (e.g. SCCM). The existing desktop management team can manage the persistent virtual desktops, which reduces the workload of the Citrix admins. Just treat the persistent virtual desktops like that are more PCs.
- The persistent virtual desktops are usually powered on and in the datacenter, thus improving the success rate of package deployment.
- However, pushing a package to many desktops at once can result in a “patch storm”, which reduces performance while the patches are being installed.
- One-off applications – If a user needs a one-off application, simply install it on the user’s persistent desktop. The application can be user-installed, SCCM self-service installed, or administrator installed.
- User Profile – Outlook’s OST file is no longer a concern since the user’s profile persists on the user’s virtual desktop. It’s not necessary to implement roaming profiles when using persistent virtual desktops. If you want a process to move a user profile from one persistent virtual desktop to another, how do you do it on physical desktops today?
- API integration – a self-service portal can use VMware PowerCLI and Citrix’s PowerShell SDK to automatically create a new persistent virtual desktop for a user. Chargeback can also be implemented.
- Offline Citrix Virtual Apps and Desktops (CVAD) SQL Database – if the Citrix Virtual Apps and Desktops (CVAD) SQL database is not reachable, then Citrix Local Host Cache can still broker sessions to persistent virtual desktops that have already been assigned to users. This is not possible with non-persistent virtual desktops.
Concurrent vs Named User – one advantage of non-persistent virtual desktops is that you only need enough virtual desktops to handle the concurrent user load. With persistent virtual desktops, you need a separate machine for each named user, whether that user is using it or not.
Disaster Recovery – for non-persistent VDAs, one option is to replicate the master images to the DR site, and then create a Catalog of machines either before the disaster, or after. If before the disaster, the VDAs will already be running and ready for connections; however, the master images must be maintained separately in each datacenter.
Persistent virtual desktops have several disaster recovery options:
- Immediately after the disaster, instruct the persistent users to connect to a pool of non-persistent machines.
- In the DR site, create new persistent virtual desktops for the users. Users would then need to use SCCM or similar to reinstall their apps. Scripts can be used to backup the user’s profile and restore it on the DR desktops. This method is probably closest to how recovery is performed on physical desktops.
- The persistent virtual desktops can be replicated and recovered in the DR site. When the machines are added to Citrix Studio in DR, each recovered machine needs to be assigned to specific users. This process is usually scripted.
Zones
Caveats – Zones let you stretch a single Citrix Virtual Apps and Desktops (CVAD) site/farm across multiple datacenters. However, note these caveats:
- Studio – If all Delivery Controllers in the Primary Zone are down, then you can’t manage the farm/site. This is true even if SQL is up, and Delivery Controllers are available in Satellite Zones. It’s possible to designate an existing zone as the Primary Zone by running
Set-ConfigSite -PrimaryZone <Zone>
, where <Zone> can be name, UID, or a Zone object. - Version/Upgrade – All Delivery Controllers in the site/farm must be the same version. During an upgrade, you must upgrade every Delivery Controller in every zone.
- Offline database – There’s Local Host Cache (LHC). However, the LHC in 7.12 and newer has limitations: no non-persistent desktops (dirty desktops are an option), maximum of 5,000 VDAs per zone (10,000 per zone, 40K per site, in 7.14 and newer), has issues if Delivery Controller is rebooted, etc. Review the Docs article for details.
- Complexity – Zones do not reduce the number of servers that need to be built. And they increase complexity when configuring items in Citrix Studio.
- Zone Preference – to choose a VDA in a particular zone, your load balancer needs to include a special HTTP header (X-Citrix-ZonePreference) that indicates the zone name.
The alternative to zones is to build a separate site/farm in each datacenter and use StoreFront to aggregate the published icons. Here are benefits of multiple sites/farms as compared to zones:
- Isolation – Each datacenter is isolated. If one datacenter is down, it does not affect any other datacenter.
- Versioning – Isolation lets you upgrade one datacenter before upgrading other datacenters. For example, you can test upgrades in a DR site before upgrading production.
- SQL High Availability – since each datacenter is a separate farm/site with separate databases, there is no need to stretch SQL across datacenters.
- Home Sites – StoreFront can prioritize different farms/sites for different user groups. No special HTTP header required.
Citrix Consulting recommends separate Citrix Virtual Apps and Desktops (CVAD) sites/farms in each datacenter instead of using zones. See Citrix Blog Post XenApp 7.15 LTSR – Now Target Platform for Epic Hyperspace!.
Here are some general design suggestions for Citrix Virtual Apps and Desktops (CVAD) in multiple datacenters:
- For multiple central datacenters, build a separate Citrix Virtual Apps and Desktops (CVAD) site/farm in each datacenter. Use StoreFront to aggregate the icons from all farms. Use NetScaler GSLB to distribute users to StoreFront. This provides maximum flexibility with minimal dependencies across datacenters.
- For branch office datacenters, zones with Local Host Cache (7.12 and newer) is an option. Or each branch office can be a separate farm.
Create Zones – This section details how to create zones and put resources in those zones. In 7.9 and older, there’s no way to select a zone when connecting. In 7.11 and newer, NetScaler and StoreFront can now specify a zone and VDAs from that zone will be chosen. See Zone Preference for details.
Citrix Links:
- Zones at Citrix Docs.
- Citrix Blog Post Deep Dive: XenApp and XenDesktop 7.7 Zones
- Citrix Blog Post Zones, Latency and Brokering Performance
There is no SQL in Satellite zones. Instead, Controllers in Satellite zones connect to SQL in Primary zone. Here are tested requirements for remote SQL connectivity. You can also set HKLM\Software\Citrix\DesktopServer\ThrottledRequestAddressMaxConcurrentTransactions to throttle launches at the Satellite zone.
From Mayunk Jain: “I guess we can summarize the guidance from this post as follows: the best practice guidance has been to recommend a datacenter for each continental area. A typical intra-continental latency is about 45ms. As these numbers show, in those conditions the system can handle 10,000 session launch requests in just under 20 minutes, at a concurrency rate of 36 requests.”
The following items can be moved into a satellite zone:
- Controllers – always leave two Controllers in the Primary zone. Add one or two Controllers to the Satellite zone.
- Hosting Connections – e.g. for vCenter in the satellite zone.
- Catalogs – any VDAs in satellite catalogs automatically register with Controllers in the same zone.
- NetScaler Gateway – requires StoreFront that understands zones (not available yet). StoreFront should be in satellite zone.
Do the following to create a zone and move items into the zone:
- In Citrix Studio 7.7 or newer, expand the Configuration node, and click Zones.
- Right-click Zones and click Create Zone.
- Give the zone a name. Note: Citrix supports a maximum of 10 zones.
- You can select objects for moving into the zone now, or just click Save.
- Select multiple objects, right-click them, and click Move Item.
- Select the new Satellite zone and click Yes.
- To assign users to the new zone, create a Delivery Group that contains machines from a Catalog that’s in the new zone.
- If your farm has multiple zones, when creating a hosting connection, you’ll be prompted to select a zone.
- If your farm has multiple zones, when creating a Manual catalog, you’ll be prompted to select a zone.
- MCS catalogs are put in a zone based on the zone assigned to the Hosting Connection.
- The Citrix Provisioning Citrix Virtual Desktops Setup Wizard ignores zones so you’ll have to move the Citrix Provisioning Machine Catalog manually.
- New Controllers are always added to the Primary zone. Move it manually.
Zone Preference
Zone Preference, which means NetScaler and StoreFront can request Delivery Controller to provide a VDA in a specific zone.
Citrix Blog Post Zone Preference Internals details three methods of zone preference: Application Zone, User Zone, and NetScaler Zone.
To configure zone preference:
- Create separate Catalogs in separate zones, and add the machines to a single Delivery Group.
- You can add users to one zone by right-clicking the zone, and clicking Add Users to Zone. If there are no available VDAs in that preferred zone, then VDAs are chosen from any other zone.
- Note: a user can only belong to one home zone.
- You can delete users from a zone, or move users to a different zone.
- If you edit the Delivery Group, on the Users page, you can specify that Sessions must launch in a user’s home zone. If there are no VDAs in the user’s home zone, then the launch fails.
- For published apps, on the Zone page, you can configure it to ignore the user’s home zone.
- You can also configure a published app with a preferred zone, and force it to only use VDAs in that zone. If you don’t check the box, and if no VDAs are available in the preferred zone, then VDAs can be selected from any other zone.
- Or you can Add Applications to Zone, which allows you to add multiple Applications at once.
- NetScaler can specify the desired zone by inserting the X-Citrix-ZonePreference header into the HTTP request to the StoreFront 3.7 server. This header can contain up to 3 zones. The first Zone in the header is the preferred Zone, and the next 2 are randomised such as EMEA,US,APAC or EMEA,APAC,US. StoreFront 3.7 will then forward the zone names to Delivery Controller 7.11, which will select a VDA in the desired zone. This functionality can be combined with GSLB as detailed in the 29 page document Global Server Load Balancing (GSLB) Powered Zone Preference. Note: only StoreFront 3.7 and newer will send the zone name to the Delivery Controller.
- Delivery Controller entries in StoreFront can be split into different entries for different zones. Create a separate Delivery Controller entry for each zone, and associate a zone name with each. StoreFront uses the X-Citrix-ZonePreference header to select the Delivery Controller entry so the XML request is sent to the Controllers in the same zone. HDX Optimal Gateways can also be associated to zoned Delivery Controller entries. See The difference between a farm and a zone when defining optimal gateway mappings for a store at Citrix Docs.
- Citrix Blog Post Zone Preference Internals indicates that there’s a preference order to zone selection. The preference order can be changed.
- Application’s Zone
- User’s Home Zone
- The Zone specified by NetScaler in the X-Citrix-ZonePreference HTTP header sent to StoreFront.
Machine Creation Services (MCS)
MCS – Machine Profile
CVAD 2402 and newer support selecting a Machine Profile when creating a MCS Catalog on vSphere. MCS copies the VM specification (e.g., TPM) from the Machine Profile to the new MCS machines.
- Create a VM with your desired specs (e.g., TPM) and then Convert to Template. It must be a Template and not a VM.
- When creating a Catalog, on the Image page, there’s an option to Use a machine profile. Select the template.
MCS – Image Management
CVAD 2402 and newer have an MCS Image Management feature that lets you prepare your images prior to pushing them to your Catalogs.
- Make sure your gold image VMs have MCS storage optimization (MCSIO) installed.
- Take a snapshot of the gold image VM. The MCS Image Management feature will not create snapshots for you. When naming your snapshot, include the name of the gold image and version info (e.g. date).
- In Web Studio, on the left, click Images. On the right, click Create Image Definition.
- In the Introduction page, click Next.
- In the Image Definition page, choose the Session type and click Next.
- In the Image page, select a Hosting Resource. Select a master image snapshot. Select a VM template to use as the machine profile. If you don’t select a machine profile here, then you can’t select one later when creating the Catalog. Click Next.
- The Machine Specifications are copied from the machine profile. Click Next.
- The NICs are copied from the machine profile. Click Next.
- In Version Description, enter a description. Each Image Definition will have multiple Image Versions. Each Image Version is a different snapshot of the master image. Describe the Version accordingly.
- In the Summary page, click Finish.
- The gold image snapshot is copied to the target datastore as a baseDisk.
- You can then use the completed Image Version to create or update a Catalog. This happens very quickly because the image has already been prepared.
- The Machine Catalog wizard shows you the Prepared Image Version and the Machine Profile.
- You can add Image Versions to the existing Image Definition.
- To update a Catalog, right-click the Catalog and click Change Prepared Image.
- Select a new version of the image and then finish the wizard like normal.
- If you select the Catalog, in the bottom, you can select the tab named Template Properties to see info about the Prepared Image. There’s also a link to View image history.
- CVAD 2411 and newer let you share the image with multiple Hosting Resources under the same Hosting Connection.
MCS – Full Clones
In Citrix Virtual Apps and Desktops (CVAD), for dedicated (persistent) Desktop OS (aka Single session OS) Catalogs, MCS can create Full Clones instead of Linked Clones. Linked Clones can’t be moved, but Full Clones are regular virtual machines that can be moved without impacting MCS.
- CVAD 2407 and newer support Persistent Multi-session machines.
- Full Clones is only an option for Desktop OS (aka Single session OS). It’s not an option for Server OS (aka Multi-session OS).
In Citrix Virtual Apps and Desktops (CVAD), you can use MCS to create Full Clones. Full Clones are a full copy of a template (master) virtual machine. The Full Clone can then be moved to a different datastore (including Storage vMotion), different cluster, or even different vCenter. You can’t do that with Linked Clones.
For Full Clones, simply prepare a Master Image like normal. There are no special requirements. There’s no need to create Customization Specifications in vCenter since Sysprep is not used. Instead, MCS uses its identity technology to change the identity of the Full Clone. That means every Full Clone has two disks: one for the actual VM, and one for identity (machine name, machine password, etc).
In Citrix Virtual Apps and Desktops (CVAD), during the Create Catalog wizard, if you select Yes, create a dedicated virtual machine…
After you select the master image, there’s a new option for Use full copy for better data recovery and migration support. This is the option you want. The Use fast clone option is the older, not recommended, option.
During creation of a Full Clones Catalog, MCS still creates the master snapshot replica and ImagePrep machine, just like any other linked clone Catalog. The snapshot replica is then copied to create the Full Clones.
When you add machines to the MCS Full Clone Catalog, it uses the Master Image snapshot selected when you initially ran the Create Catalog Wizard. There is no function in Citrix Studio to change the Master Image. Instead, use the PowerShell commands detailed at CTX129205 How to Update Master Image for Dedicated and Pooled Machine Types using PowerShell SDK Console.
Since these are Full Clones, once they are created, you can do things like Storage vMotion.
During Disaster Recovery, restore the Full Clone virtual machine (both disks). You might have to remove any Custom Attributes on the machine, especially the XdConfig attribute.
Inside the virtual machines, you might have to change the ListOfDDCs registry value to point to your DR Delivery Controllers. One method is to use Group Policy Preferences Registry.
In the Create Catalog wizard, select Another Service or technology.
And use the Add VMs button to add the Full Clone machines. The remaining Catalog and Delivery Group steps are performed normally.
MCS – Machine Naming
Once a Catalog is created, you can run the following commands to specify the starting count:
Get-AcctIdentityPool
Set-AcctIdentityPool -IdentityPoolName "NAME" -StartCount VALUE
MCS – Storage Optimization Memory Caching
Memory caching (aka MCSIO, aka Storage Optimization) in MCS is very similar to Memory caching in Citrix Provisioning. All writes are cached to memory instead of written to disk. With memory caching, some benchmarks show 95% reduction in IOPS.
In CVAD 1903 and newer, MCS now uses the exact same Memory Caching driver as Citrix Provisioning. If you want to use the MCSIO feature, upgrade to CVAD 1903 or newer. Older versions of CVAD, including 7.15, have performance problems.
- For more info on the MCSIO enhancements in Citrix Virtual Apps and Desktops (CVAD) 1903 and newer, see Machine Creation Services (MCS) storage optimization at Citrix Docs.
Here are some notes:
- You configure a size for the memory cache. If the memory cache is full, it overflows to a cache disk.
- Whatever memory is allocated to the MCS memory cache is no longer available for normal Windows operations, so make sure you increase the amount of memory assigned to each virtual machine.
- The overflow disk (temporary data disk) can be stored on shared storage, or on storage local to each hypervisor host. Since memory caching dramatically reduces IOPS, there shouldn’t be any problem placing these overflow disks on shared storage. If you put the overflow disks on hypervisor local disks then you won’t be able to vMotion the machines.
- In CVAD 1811 and older, the overflow disk is uninitialized and unformatted. Don’t touch it. Don’t format it.
- In CVAD 1903 and newer, the overflow disk is formatted, and you can put logs (e.g. Event Logs) and other persistent files on it just like you do in Citrix Provisioning. See Andy McCullough MCSIO Reborn!
Memory caching requirements:
- Random Catalogs only (no dedicated Catalogs)
When installing the VDA software, on the Features page, make sure you select the MCS IO option. VDA 1903 and newer are the recommended versions.
Studio needs to be configured to place the temporary overflow disks on a datastore. You can configure this datastore when creating a new Hosting Resource, or you can edit an existing Hosting Resource.
To create a new Hosting Resource:
- In Studio, go to Configuration > Hosting, and click the link to Add Connection and Resources.
- In the Storage Management page, select shared storage.
- You can optionally select Optimize temporary data on local storage, but this might prevent vMotion. The temporary data disk is only accessed if the memory cache is full, so placing the temporary disks on shared storage shouldn’t be a concern.
- Select a shared datastore for each type of disk.
Or you can edit an existing Hosting Resource:
- In Studio, go to Configuration > Hosting, right-click an existing resource, and click Edit Storage.
- On the Temporary Storage page, select a shared datastore for the temporary overflow disks.
Memory caching is enabled when creating a new Catalog.
- In the Desktop Experience page, select random.
- Master Image VDA must be 7.9 or newer.
- In the Virtual Machines page
- CVAD 1903 and newer require you to specify a Disk cache size first. It needs to be large enough for memory write cache overflow, pagefile, and logs.
- Then allocate some memory to the cache. For virtual desktops, 256 MB is typical. For RDSH, 4096 MB is typical. More memory = less IOPS.
- CVAD 2407 and newer let you specify the drive letter for the disk cache.
- Whatever you enter for cache memory, also add it to the Total memory on each machine. Any memory allocated to the cache is no longer available for applications so you should increase the total memory to account for this.
- Once the machines are created, add them to a Delivery Group like normal.
- In CVAD 1903 and newer, the Write Cache Disk is formatted and has a drive letter, just like Citrix Provisioning.
- In CVAD 1811 and older, the temporary overflow disk is not initialized or formatted. From Martin Rowan at discussions.citrix.com: “Don’t format it, the raw disk is what MCS caching uses.”
MCS – Image Prep
When a Machine Creation Services catalog is created or updated, a snapshot of the master image is copied to each LUN. This Replica is then powered on and a few tasks are performed like KMS rearm.
From Citrix Blog Post Machine Creation Service: Image Preparation Overview and Fault-Finding and CTX217456 Updating a Catalog Fails During Image Preparation: if you are creating a new Catalog, here are some PowerShell commands to control what Image Prep does: (run asnp citrix.*
first). These commands do not affect existing Catalogs.
Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value EnableDHCP
Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value OsRearm
Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value OfficeRearm
Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value "OsRearm,OfficeRearm"
Set-ProvServiceConfigurationData -Name ImageManagementPrep_DoImagePreparation -Value $false
If you are troubleshooting an existing Catalog, here are some PowerShell commands to control what Image Prep does: (run asnp citrix.*
first)
Get-ProvScheme
– Make a note of the “ProvisioningSchemeUid” associated with the catalog.Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_Excluded_Steps -Value EnableDHCP
Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_Excluded_Steps -Value OsRearm
Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_Excluded_Steps -Value OfficeRearm
Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_DoImagePreparation -Value $false
If multiple excluded steps, separate them by commas: -Value "OsRearm,OfficeRearm"
To remove the excluded steps, run Remove-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps
or Remove-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_Excluded_Steps
.
A common issue with Image Prep is Rearm. Instead of the commands shown above, you can set the following registry key on the master VDA to disable rearm. See Unable to create new catalog at Citrix Discussions.
- HKEY_LOCAL_MACHINE/SOFTWARE/Microsoft/Windows NT/CurrentVersion/SoftwareProtectionPlatform
- SkipRearm (DWORD) = 1
Mark DePalma at XA 7.6 Deployment Failure Error : Image Preparation Office Rearm Count Exceeded at Citrix Discussions had to increase the services timeout to fix the rearm issue:
- HKLM\SYSTEM\CurrentControlSet\Control
- ServicesPipeTimeout (DWORD) = 180000
From Mark Syms at Citrix Discussions: You can add one (or both) of the following MultiSZ registry values
- HKLM\Software\Citrix\MachineIdentityServiceAgent\ImagePreparation\Before
- HKLM\Software\Citrix\MachineIdentityServiceAgent\ImagePreparation\After
The values are expected to be an executable or script (PoSh or bat), returning 0 on success
Citrix CTX140734 Error: “Preparation of the Master VM Image failed” when CREATING MCS Catalog: To troubleshoot image prep failures, do the following:
- In PowerShell on a Controller, for a new Catalog, run:
asnp citrix.* Set-ProvServiceConfigurationData -Name ImageManagementPrep_NoAutoShutdown -Value $True
- For an existing Catalog, run the following:
asnp citrix.* Get-ProvScheme Set-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_NoAutoShutdown -Value $True
- On the master image, set the DWORD registry value HKLM\Software\Citrix\MachineIdentityServiceAgent\LOGGING to 1
- If you now attempt catalog creation, an extra VM will be started; log into this VM (via the hypervisor console, it has no network access) and see if anything is obviously wrong (e.g. it’s bluescreened or something like that!). If it hasn’t there should be two log files called “image-prep.log” and “PvsVmAgentLog.txt” created in c:\ – scan these for any errors.
- When you’ve finished doing all this debugging, remember to run one of the following:
Remove-ProvServiceConfigurationData -Name ImageManagementPrep_NoAutoShutdown Remove-ProvSchemeMetadata -ProvisioningSchemeUid xxxxxxx -Name ImageManagementPrep_NoAutoShutdown
MCS – Base Disk Deletion
Citrix CTX223133 How to change the disk deletion interval to delete unused base disks on the VM storage. Every 6 hours, Citrix Virtual Apps and Desktops (CVAD) runs a task to delete unused base disks.
The Disk Reaper interval is configured using PowerShell. The default values are shown below:
Set-ProvServiceConfigurationData -Name DiskReaper_retryInterval -Value 6:0:0 | Out-Null Set-ProvServiceConfigurationData -Name DiskReaper_heartbeatInterval -Value 1:0:0 | Out-Null
MCS – Static (Dedicated) Catalog Master Image
If you create a Machine Catalog of Dedicated Machines (aka Static Catalog), then it’s not possible to update the Master Image using Citrix Studio.
You might want to change the Master Image so that machines added to this Static Catalog are cloned from a new Master Image instead of the Master Image that was originally selected with the Catalog was created.
Official instructions are at CTX129205 How to Update Master Image for Dedicated and Pooled Machine Types using PowerShell SDK Console.
If vSphere, Chaitanya at Machine Catalog Update Tool at knowcitrix.com created a GUI for these Citrix and vSphere PowerShell commands.
MCS – Hybrid Azure AD Join
CVAD 2305 and newer support Hybrid Azure AD Join when creating a Catalog. See Hybrid Azure Active Directory joined at Citrix Docs. VDA Registration is delayed until the computer is synced to Azure AD, which can take 30 minutes or longer.
Controller – Name Caching
George Spiers in Active Directory user computer name caching in XenDesktop explains how the Broker Service in Delivery Controller caches Active Directory user and computer names. The cache can be updated by running Update-BrokerNameCache -Machines
or Update-BrokerNameCache -Users
. Also see Update-BrokerNameCache at Citrix SDK documentation.
Delivery Group License Type
Citrix Virtual Apps and Desktops (CVAD) supports multiple license types (e.g. Concurrent and User/Device) within a Single farm/site. However, a farm/site only supports a single Edition (i.e. Enterprise or Platinum, but not both). The license model and product are configured at the Delivery Group. See CTX223926, and Multi-type licensing at Citrix Docs.
To configure license model and product, run the following PowerShell commands (run asnp citrix.* first):
Set-BrokerDesktopGroup –Name "DeliveryGroupName" –LicenseModel LicenseModel Set-BrokerDesktopGroup –Name "DeliveryGroupName" –ProductCode ProductCode
LicenseModel can be UserDevice, or Concurrent. ProductCode can be XDT (Citrix Virtual Apps and Desktops [CVAD]) or MPS (Citrix Virtual Apps [CVA]).
Delivery Groups
In Citrix Virtual Apps and Desktops (CVAD), when creating a Delivery Group, there are options for publishing applications and publishing desktops.
On the Applications page of the Create Delivery Group wizard, From start menu reads icons from a machine in the Delivery Group and lets you select them. Manually lets you enter file path and other details manually. These are the same as in prior releases.
Existing is the new option. This lets you easily publish applications across multiple Delivery Groups.
You can also go to the Applications node, edit an existing application, change to the Groups tab, and publish the existing app across additional Delivery Groups.
Once multiple Delivery Groups are selected, you can prioritize them by clicking the Edit Priority button.
On the Desktops page of the Create Delivery Group wizard, you can now publish multiple desktops from a single Delivery Group. Each desktop can be named differently. And you can restrict access to the published desktop.
There doesn’t seem to be any way to publish a Desktop across multiple Delivery Groups.
To publish apps and desktops across a subset of machines in a Delivery Group, see Tags.
Maximum Desktop Instances in Site/Farm
Citrix Virtual Apps and Desktops (CVAD) 1808 and newer lets you restrict the maximum instances of a published desktop in the Site. This feature is configured using PowerShell.
asnp citrix.* Get-BrokerEntitlementPolicyRule | Select-Object Name,PublishedName Set-BrokerEntitlementPolicyRule -Name RDSH16_1 -MaxPerEntitlementInstances 1
If too many instances are launched, the user sees Cannot start desktop in StoreFront.
And StoreFront Server > Event Viewer > Applications and Services > Citrix Delivery Services shows session-limit-reached.
To revert to unlimited instances of the published desktop, set MaxPerEntitlementInstances to 0.
Logoff Closed Desktop
In Citrix Workspace app 2309 version onwards, when users close a desktop session, users can be asked to Sign out instead of Disconnect. This feature is called Save energy or Logoff on Close.
To enable the feature, edit a published desktop, find the Description field, and enter something similar to the following:
KEYWORDS:LogoffOnClose=true PromptMessage="Do you want to Log off?"
Tags
In Citrix Virtual Apps and Desktops (CVAD), you can assign tags to machines. Then you can publish apps and/or desktops to only those machines that have the tag. This means you can publish icons from a subset of the machines in the Delivery Group, just like you could in XenApp 6.5.
Tags also allow different machines to have different restart schedules.
- In Citrix Studio, find the machines you want to tag (e.g. double-click a Delivery Group). You can right-click one machine, or select multiple machines and right-click them. Then click Manage Tags.
- Click Create.
- Give the tag a name and click OK. This tag could be assigned to multiple machines.
- After the tag is created, check the box next to the tag to assign it to these machines. Then click Save.
- Edit a Delivery Group that has published desktops. On the Desktops page, edit one of the desktops.
- You can use the Restrict launches to machines with tag checkbox and drop-down to filter the machines the desktop launches from. This allows you to create a new published desktop for every machine in the Delivery Group. In that case, each machine would have a different tag. Create a separate published desktop for each machine, and select one of the tags.
- A common request is to create a published desktop for each Citrix Virtual Apps (CVA) server. See Citrix Blog Post How to Assign Desktops to Specific Servers in XenApp 7 for a script that can automate this configuration.
- When you create an Application Group, on the Delivery Groups page, there’s an optional checkbox to Restrict launches to machines with tag. Any apps in this app group only launch on machines that have the selected tag assigned. This lets you have common apps across all machines in the Delivery Group, plus one-off apps that might be on only a small number of machines in the Delivery Group. In that case, you’ll have one app group with no tag restrictions for the common apps. And a different app group with tag restriction for the one-off apps.
RDSH Scheduled Restart
If you create a Scheduled Restart inside Citrix Studio, it applies to every machine in the Delivery Group. Alternatively, you can use the 7.12 tags feature to allow different machines to have different restart schedules.
To configure a scheduled reboot on RDSH machines:
- Right-click an RDSH Delivery Group and click Edit Delivery Group.
- On the User Settings page, make sure the Time zone is configured correctly. Scheduled restarts use this time zone. (Source = CTX234892 Scheduled Restart Happen At Incorrect Time For A Specific Delivery Group)
- In Citrix Virtual Apps and Desktops (CVAD) 1811 and newer, you can create multiple Restart Schedules from the GUI. First, tag your machines. Then create a restart schedule for each tag.
- The Restart Schedule page lets you schedule a restart of the session hosts.
- Citrix Virtual Apps and Desktops (CVAD) and XenApp 7.7 and newer lets you send multiple notifications.
- Restart after drain – in CVAD 2103 and newer, you can configure a Restart Schedule to wait for all users to log off of the machine. Use the
-UseNaturalReboot $true
parameter with the New-BrokerRebootScheduleV2 and Set-BrokerRebootScheduleV2 cmdlets. Run Get-BrokerRebootScheduleV2 to see the existing schedules. Then run Set-BrokerRebootScheduleV2 to modify the schedule. This feature is not available in Citrix Studio.
- Restart after database outage – If a site database outage occurs before a scheduled restart begins for machines (VDAs) in a Delivery Group, the restarts begin when the outage ends. This can have unintended results. To help avoid this situation, you can use the MaxOvertimeStartMins parameter for the New-BrokerRebootScheduleV2 and Set-BrokerRebootScheduleV2 cmdlets in CVAD 1909 and newer. See Scheduled restarts delayed due to database outage at Citrix Docs.
- Maintenance mode and restarts – VDAs in Maintenance Mode will not restart automatically.
- In CVAD 2006 and newer, the
Set-Brokerrebootschedulev2
cmdlets have-IgnoreMaintenanceMode $true
. This setting is not available in Citrix Studio. See Scheduled restarts for machines in maintenance mode at Citrix Docs. - Or see Matthias Schlimm at Reboot Schedule – VM’s in Maintenance Mode … do it at CUGC provides a script that reboots maintenance mode VDAs.
- In CVAD 2006 and newer, the
- If all the user sessions on the VDA are not logged off within 10 minutes, and if machine is not shutdown gracefully, then the Delivery Controller sends a force shutdown of the VDA, and machine does not power on. The following Delivery Controller registry values can be tweaked. Source = Citrix CTX237058 Schedule reboot does not restart machines and it stays in Shutdown state
- HKLM\Software\Citrix\DesktopServer\SiteServices\MaxShutdownTimeSecs
- HKLM\Software\Citrix\DesktopServer\RebootSchedule\MaxShutdownDelayMin
Or use a reboot script/tool:
- Wedel IT – Citrix Reboot Scheduler – GUI to create multiple reboot schedules in 7.12 and newer
- Citrix Blog Post – XenApp & XenDesktop 7.x Server OS VDA Staggered Reboot Framework v2
- Citrix Blog Post – XenApp and XenDesktop 7.x Server OS VDA Staggered Reboot
- Dane Young – Citrix Chained Reboot Scripts, now supporting XenApp 5, 6, 6.5 and XenDesktop 7.0, 7.1, 7.5, and 7.6!
- Citrix Blog Post – XenApp 7.x Reboot Schedules – 2017 Edition– reboots odds or evens in a Delivery Group with customizable drainTimer
- Citrix CTX203346 – Scheduled Reboots for XenApp 7.6 Application Servers (odds, evens) Using Script
Autoscale
In CVAD 2305 and newer, Web Studio supports Autoscale. Right-click a Delivery Group and click Manage Autoscale. See Getting started with Autoscale at Citrix Docs.
In CVAD 2407 and newer, in Static (dedicated) Single-session Delivery Groups, in Autoscale > Load-based Settings, you can power off machines that nobody logged on to.
For schedule-based autoscale, edit the Delivery Group and set the Time Zone on the User Settings page.
Web Studio 2308+ on the Settings page has an option for Vertical load balancing.
CVAD 2311 and newer let you set Vertical load balancing at the Delivery Group instead of only at the Site.
Multiple Sessions
From Configure session roaming at Citrix Docs: By default, users can only have one session. Citrix Web Studio in CVAD 2303 and newer lets you configure session roaming by editing the delivery group. For published apps, disable it on the Users page. For published desktops, edit a published desktop and disable it on the bottom of the window.
Or you can configure the SessionReconnection setting available via PowerShell. On any Server OS delivery group, run:
Set-BrokerEntitlementPolicyRule <Published Desktop Name> -SessionReconnection <Value>
For <Published Desktop Name>, run Get-BrokerEntitlementPolicyRule and look for the Name field.
<Value> can be:
- Always – This is the default and matches the behavior of a VDI session. Sessions always roam, regardless of client device.
- DisconnectedOnly – This reverts back to the XenApp 6.x and earlier behavior. Sessions may be roamed between client devices by first disconnecting them (or using Workspace Control) to explicitly roam them. However, active sessions are not stolen from another client device, and a new session is launched instead.
- SameEndpointOnly – This matches the behavior of the “ReconnectSame” registry setting in XenApp 6.x. Each user will get a unique session for each client device they use, and roaming between clients is completely disabled.
For app sessions, use:
Set-BrokerAppEntitlementPolicyRule <App Entitlement Rule Name> -SessionReconnection <Value>
For <App Entitlement Rule Name>, run Get-BrokerAppEntitlementPolicyRule and look for the Name field.
Static Catalog – Export/Import Machine Assignments
It is sometimes useful (e.g. DR) to export machine assignments from one Catalog/Delivery Group and import to another.
- In Studio, click Delivery Groups on the lefthand menu
- Right click Edit delivery group
- Select Machine allocation tab on the left
- Click Export list
- Select a file name > Click Save
- Create the new machine catalog
- Right click the delivery group > Click Edit
- Select Machine allocation tab on the left
- Click Import list..
- Select the list you exported in step 4
- Click Apply
Your clients will now have users re-assigned to machines.
Monitor the Number of Free Desktops
Sacha Thomet wrote a script at victim of a good reputation – Low free pooled XenDesktops that polls Director to determine the number of free desktops in a Delivery Group. If lower than the threshold, an email is sent.
List Desktops Not Used for x Days
CTP Kees Baggerman has a script at Making sure your Citrix Desktops are utilized with Powershell v2 that does the following:
- Grab all the desktops that haven’t been used within x amount of days
- Notify the user
- Set the desktop to maintenance mode
- Uses the Office 365 SMTP servers for notifications
Hi Carl,
I am running a 1912 CU2 environment. static machines. I’m not able to do an upgrade at this time. My question is can you replace an existing master image with a new one, on an existing machine catalog? Or do I have to create a new machine catalog for the new image?
I don’t manage the images, They don’t want to update an existing image, they want to produce a new image every 90 days.
I don’t this is possible.
Thank you.
This only applies to new machines – https://support.citrix.com/article/CTX129205/how-to-update-master-image-for-dedicated-and-pooled-mcs-catalog-using-powershell-sdk
Hi Carl, nice write up, like to check if an application in Citrix can be run by a service account, instead of the actual authenticated user.
Robotics Automation can probably do it. LoginVSI can do it for performance testing. Or just treat the VDAs like normal Windows machines and install services/scripts to run whatever you want.
A little difficult for me to do the mentioned.
Currently I do not have Citrix setup in front of me to verify, does the following steps feasible?
1. Navigate to the “Delivery Groups” node in the left-hand pane.
2. Select the delivery group that contains the applications to be configured.
3. In the details pane, click on the “Applications” tab.
4. Locate the application for which you want to specify the service account.
5. Right-click on the application and select “Properties” from the context menu.
6. In the application properties window, go to the “Execution” tab or a similar section that handles application execution settings.
7. Look for an option or field that allows you to specify the service account for running the application.
8. Specify the service account by providing its credentials or choosing it from a predefined list of service accounts.
That’s not an option. Users authenticate to Citrix StoreFront. Users launch an icon, which connects to a Windows VDA and logs in as the user. The application is then launched in the security context of the user that logged into StoreFront. You would need to automate that entire process, which is what LoginVSI and other robotics tools do.
You might be able to publish a script that takes credentials as a parameter but that would be very insecure.
hi carl does MCS master images support UEFI on VMWare?
Yes. Have you tried it?
Hi Carl, I’m using MCS to create 2 Windows 2022 VDA’s. The master image is activated using a MAK key which Citrix says will work but when I check the 2 VDA’s they are saying they cannot be activated using that key. Is there a way to get these to activate?
What version of Citrix? Also see https://support.citrix.com/article/CTX558938/user-launch-failures-seen-on-vda-2303-when-vda-brought-up-ondemand-cvadhelp2739
Version is 2303, I’m not having a problem with users launching, the VDA’s are just unactivated and I assume this will become an issue if not resolved?
Did you follow https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/2303/install-configure/machine-catalogs-create.html#volume-licensing-activation ?
Yep, I followed that and still nothing…..
Hi Carl, Is there anyway to assign a specific drive letter for the write cache disk for MCS?
See https://updates.cloud.com/details/support-for-specifying-drive-letter-for-mcsio-wbc-disk–pmcs28634
Hi is this geared towards PVS images or is this required on MCS too Window 10/2016/2019 ?
Disable IPv6
IPv4 Checksum Offload = Disabled
IPv4 TSO Offload = Disabled
Large Send Offload V2 (IPv4) = Disabled
Large Send Offload V2 (IPv6) = Disabled
Offload IP Options = Disabled
Offload tagged traffic = Disabled
Receive Side Scaling = Disabled
TCP Checksum Offload (IPv4) = Disabled
TCP Checksum Offload (IPv6) = Disabled
UDP Checksum Offload (IPv4) = Disabled
UDP Checksum Offload (IPv6) = Disabled
Only for PVS, and there’s some debate about whether disabling NIC offload is still needed. If your PVS is operating with satisfactory performance with low retries, then you don’t need these settings.
Hi, Carl,
I want to convert an existing catalog machine into a new gold image.
I removed the machine from catalog only (keep vm and AD), removed 16MB disk, and cleaned AD accounts from Citrix studio.
However “create new catalog” still cannot see this “virtual machine”. I cannot use this vm as gold image.
Could you please provide any guideline?
You know to create a new gold image from vanilla installation takes long long time.
Thank very much
Your virtual machine might have an attribute called XdConfig. Remove it.
Hi Carl,
your comment regarding
Set-ProvServiceConfigurationData -Name DiskReaper_retryInterval -Value 0:6:0 | Out-Null
does not match to the KB article you have linked. Following your content, the Value is using ??:hh:mm, means hours are in the middle. Following the linked article here: https://support.citrix.com/article/CTX223133/how-to-change-the-disk-deletion-interval-to-delete-unused-base-disks-on-the-vm-storage
the hours are at the beginning using hh:mm:ss notation. Your notation i found somewhere else. So is the Citrix KB article wrong?
I think I got it from a thread, which might have been from memory. See https://discussions.citrix.com/topic/411458-questions-about-adjustments-of-diskreaper-intervall-for-base-disk-cleanup-with-mcs/
Can we change the Application Delivery group?
What exactly do you want to change?
Do you have blog for Cloud deployment?
No. It changes too frequently, especially Azure hosting.
We need to migrate the MCS created pooled worker servers and desktops from one vcenter to other with all new hosts. What approach can be followed?
Move the master image, then create new Catalogs.
Hi, I created MCS static VMs windows 10 on Vmware 6.7 / CVAD 2103
I’m unable to keep thoses VM always power-on, after a few minutes unused, they shutdown and I can see the command into vmware tasks. I checked in powershell that for my delivery group ShutdownDesktopsAfterUse = False and AutoScale is disabled. Any hints i’m not aware
It usually means the VDAs are not registering within a timeout. Log into one of the machines, check Event Viewer > Application log for Citrix Broker Service events.
Hello, Thanks for your answer. I need to add some precisions; Thoses vm registers correctly on boot up on delivery controller and my users can use thems. But, when they logoff, the vm will shutdown by itself 5-30 minutes after be unused. I check the Application event log, I got the Citrix Desktop Service says it successfully registered with delivery controller […] I checked in the application and system log, the only event I got when shutdown initiates is about the vmware guest agent (vmtoolsd.exe) has initialed the shutdown of computer […]. This is compliant with what I saw that shutdown came from vmware interface
FYI, I use others machine catalog and delivery groups for PVS instances, I don’t get issue with thoses. I only get issues when I create MCS vm instances.
Hello, I checked and my VM registers correctly to the delivery controllers. But I found the issue; it’s related to % of idle : OffPeakBufferSizePercent and PeakBufferSizePercent default to 10%, I increase to 100% and now VM kept running even idle
Hi Carl,
I am facing slowness issue while loading catalog from Citrix Studio. In Studio others like loading the delivery groups and check other information is quickly visable.
The MCS is working on Nutanix AHV and recently we updated nutanix software to latest version. also upgraded MCS AHV plugin on DDCs.
Could you please suggest where could be the issue? I checked while creating the Catalog it is also taking 10 to 15 minuts time.
Thanks in Advance.
Hi Carl
We have a very odd issue which has been plaguing us for months. Nutanix, Microsoft and Citrix have all been unable to help. 🙁 All of our VDIs and App Servers are non persistent and controlled through/built MCS. On reboot they are recycled but we are seeing that it usually takes a long time before any IP address is assigned. Usually this is around 5 minutes, meaning that BISF and GPO processing all fail and the machine never becomes registered.
Current thinking is that this related to some failure in MCS.
All machines are hosted on Nutanix AHV. If we force a reboot from Nutanix console the machine will come up straight away. So the feeling is that when teh machine has been recycled and comes up fresh we have these issues. we have tried to investigate for DHCP but it appears that sometimes when the machine comes up it has an IP address in registry and therefore does no try to renew for a valid address on start.
regards
Does it work if you run “ipconfig /release” on your base image before you snapshot it and update Catalog?
yes we are doing that as a final step in the image prep.
Have you always done that command? If so, try it without running that command. I never do and I don’t have issues.
https://www.robinhobo.com/a-duplicate-ip-address-was-assigned-on-provisioning-services-target-devices/ shows some registry values you can clear.
Hi Carl,
I am using non-persistent VDI over MCS VMware. I am getting error can not start your desktop after my vCenter goes down. and all VDI status show unmanage power status in Studio.
Restoring the vCenter from backup taking time. Is there any workaround to fix this issue?
What do you mean by “goes down”?
If vCenter is actually reachable, then sometimes you can go to Studio > Configuration > Hosting, put the connection in Maintenance mode and then remove it from maintenance mode.
There’s a command for LHC called “Set-BrokerSite -ReuseMachinesWithoutShutdownInOutageAllowed $true” but I’m not sure if this will work if SQL is up but vCenter is down. https://docs.citrix.com/en-us/citrix-virtual-apps-desktops-service/manage-deployment/local-host-cache.html#application-and-desktop-support
Hi Carl, thanks for all your great Job on Citrix
i create Machine Catalog on Citrix cloud interface, the sessions hoists are located on AWS, all works successful
But do you know if it’s possible to add EC2 Tags on instance once created by MCS ?
i can see Citrix add 2 tags (automatically)
XdConfig -> XdProvisioned=true
NAme -> “The Computername”
ps: I cannot use the Tags from the GoldenImage used to build catalog because source Instance of this golden is deleted (by packer)
Thanks !
Hi
I want to create script that create tags from csv file
and then it will associates it with machine from specific delivery grop
how we can to do it ???
Hi Carl,
We are using CVAD 1912 with control layer on Citrix cloud. We have created image from AppLayering. While creating Win2016 machine catalog it succeeded however with 2 warnings,
1. Image preparation failed to rearm the copy of Microsoft Office installed on the master image.
2. Image preparation failed to rearm the copy of Windows installed on the master image.
Can you please suggest how to mitigate this? If excluding these rearms then where to run the commands (on VDA master image)?
Thanks
How is Windows Sysprep done? To not have duplicate SIDs in Active Directory
I am looking for a way to export Delivery Groups from one farm (7.15 LTSR) and import the Delivery groups to another farm 1912 LTSR.
Hello Carl, do you know if there is a way to increase the size of the MCS cache drive without tearing down the catalog and rebuilding it?
You can probably do it manually on each machine.
Were you saying that if we have SSD backing the storage on the VDIs that we probably don’t need a cache drive (or cache in RAM)? How is the performance of that method?
All IOPS go to storage. If storage can handle it, then great. The idea of caching is to offload IOPS from the storage array.
Hi Carl,
Greetings!!!
Need your advise on migrating static VDI to new data store.
Currently we have 7.15 LTSR CU3 and customer wants to migrate it to new datastore. I found one Citrix link https://support.citrix.com/article/CTX200434 which is 5 yrs old and its not showing that applicable to 7.15 LTSR.
Could you please advise how to migrate 7.15 LTSR VDI’s to new data store.
Thanks & Regards
Aditya
Are they full clones? Or are they fast clones (aka linked clones)? Full clones can be moved to different storage but linked clones usually cannot. You can convert fast clones to full clones by cloning each of the fast clones to a new VM and then adding them to a Manual Catalog.
Hi Carl. Do you know how to upgrade delivery controllers when there are multiple zones? Should I upgrade the delivery controllers in the primary zone first and then satellite zone second or vice versa? Or it doesn’t matter about the sequences?
Thanks,
Han
I think all must be upgraded in the same maintenance window.
Hi, Carl. Can you tell me why “at least one machine must remain unused” when I crete a new Delivery Group (https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-6-long-term-service-release/xad-build-new-enviroment/xad-dg-create.html)? That is, I cannot create any new Delivery Group if there is ONLY 1 machine remained? Or it mean that if there are no machines ‘unassigned’, when I go in ‘Machines’ tab (when I click on Create a new Delivery Group) I can’t see any machine in this tab?
Thank you
When creating a Delivery Group, it asks you to add unassigned machines from a Catalog. If you don’t have any unassigned machines, then you can’t create the Delivery Group.
A machine can only be assigned to one Delivery Group.
Hi Carl, is the syntax above meant to be “diskreaPer” or “diskreaDer”? I’ve seen it spelled both ways, but it’s spelled only as “reaper” in this article: https://support.citrix.com/article/CTX223133 and also by a Citrix employee in this comment: https://discussions.citrix.com/topic/331755-problem-with-mcs-base-disk-deletion/ .
Thanks for pointing this out. I just updated the text.
Hi Carl!
We would need to start providing our end users ipv6 apps and desktops along with our existing ipv4 apps and desktops. The problem is that Citrix doesn’t seem to provide instructions about how this can be done. The only thing I found was this, and it doesn’t get me far:
https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-15-ltsr/manage-deployment/ipv6.html
Do you have any plans to write a tutorial about how one could enable both ipv4 and ipv6 in a ADC + Virtual Apps and Desktops environment?
hello Carl,
I have installed a new Citrix XenDesktop environment with 1912 LTSR version. i am trying to create a machine catalog with the golden image that i have created with App Layering and i dont see the golden image. i have only one cluster. i only see the VMs that i created with PVS. it is really weird. could you please share your opinions with me about this case?
thank you and have a nice day
Kerem
Is the VM on the same cluster and same storage as the Hosting Resource? When you published the image, did you clone a template? If so, did the template have a hypervisor attribute called XdConfig?
hello Carl,
yes, all the VMs on the same storage and cluster. i did not clone a template but in VM attiributes i can see XdConfig.
XdConfig should not be there. It’s only there if the machine was created using MCS. Remove that attribute.
Hi Carl, How would one update the Machine Catalog Security Groups via powershell, if I have 3 AWS security Groups linked to the Machine Catalog and want to remove 2 of them, how would I do this via powershell?
New-ProvScheme has a SecurityGroup parameter but I don’t see the equivalent for Set-ProvScheme. https://developer-docs.citrix.com/projects/citrix-virtual-apps-desktops-sdk/en/latest/MachineCreation/New-ProvScheme/
You might have to create a new Catalog to replace the existing machines.
Thanks Carl. Sure would’ve been nice if Citrix had made that available.
We have MCS to publish Persistent Static Desktops. In the Delievery Group we have 2 Desktop Assignment Groups. Is there a way to restrict these using Tags via powershell as there is no opton in the GUI to restrict with tags?
Hi,
we are using MCS with Hyper-V/SCVMM and a large number of VMs per machine catalogues.
The update of the VMs takes a long time, because of only ~ 3 VMs updates at the same time (shutdown/change config/reboot process).
Is it possible to increase the number of updates at the same time?
Thanks
Chris
At Configuration > Hosting, edit the connection. There’s an Advanced page.
Hi Carl,
We have requirement to evergreen a project. All the delivery controllers, Storefront and Director should be newly built in a site and data should be exported from Windows 2012 R2 (7.15 LTSR CU3) and imported into a newly build site to WIndows 2019 (Citrix virtual apps and desktop 1909).
Is there any script available to export the complete data from existing to new site ??
Data is machine catalog, Delivery group, delegated administrators, applications.
Thanks looking for your response
Thanks and regards
Sumeet
Maybe this: http://citrixtips.com/tools/xendesktop-farm-migration-tool/. And this: https://github.com/ryancbutler/XDReplicate
Otherwise, it’s possible to use PowerShell commands to get items and export them to XML. Then import in the farm.
Thanks Carl,
I think https://github.com/ryancbutler/XDReplicate will serve the purpose.
Carl, I am trying to download the xendesktop-farm-migration-tool, but it seems the link doesn’t can you help me with a download location?
I think the site is back up now.
We are going to deliver published apps over Citrix WorkSpace and use our on-prem vSAN hosts to store the VDAs. These workloads will be a lot smaller VDAs that will only be providing a Chrome Browser and a published RDP to the users. (No Remote PC option for this phase). We have a master VM that is a 2016 RDSH host with FSLogix installed along with Chrome. The VM will have a 80GB C drive only with 8GB RAM and 2 vCPU. We believe we can get up to 10 users maximum per VDA but to support 3500 users I am not certain of how much the total memory size would be along with the Memory allocated and disk cache size. This is going to use MCS and are on version 7.15.5000
Since we are setting the page file at a maximum of 2GB my thought is to go with:
Total Memory size = 8092
Memory Allocated = 4096
Disk Cache Size = 20GB
The free space on a master is around 50GB after updates.
We basically have 10 Readynodes in a vSAN cluster with around 34TB of usable space.They are Dell r640 Xeon Gold 6132 2 sockets 14 cores per socket with 766Gb per each in memory.
Can you see the MCS cache settings as too much or aligns with a best practice? We will be doing some testing but curious on thoughts on this config?
You only need MCS memory cache and disk cache if your storage can’t handle the IOPS. I usually don’t enable it in all-flash deployments. I also don’t enable it in 7.15 due to known performance problems.
Hi Carl,
If I am using MCS is mandatory to deploy a DHCP Server (Ms role)? or could I use the DHCP service what is ruuning over Cisco switches.
Thanks in advance and kind regards.
IP addresses must be provided dynamically using DHCP. DHCP can run on anywhere. E.g. Infoblox is a common DHCP server.
We want to assign a group specific delegated access in Citrix Studio to update machines defined in their Scope only. Hopefully that makes sense what I am trying to describe. We have a powershell script that will get the name of the Machine Catalog and supply the master VM to reference so it can create the snapshot to apply to the catalog.
I don’t want to add this user to the built in role of machine catalog administrator but create one that only gives just enough permission to only update machines but not delete or delete a catalog.
Can you create an Administrator Scope with just the one Catalog and assign the Role to the Scope? You can also create a custom Role with just the Perform Machine Update permission.
We did that and think the problem is we are using Powershell JEA and it’s using a virtual account to connect and not the real account defined in the role. I think I need to figure out how to make the JEA session connect with the real account. When I look in the Citrix logging site, I see the JEA virtual account connecting and getting permission denied.
We were also able to configure PowerShell JEA properly to allow our custom Citrix Module to update a Machine Catalog. We had to change the language setting from NoLanguage to ConstrainedLanguage and then allow very specific cmdlets so that a user can only perform Citrix commands and not get information about the controller they are connected to try to elevate within the session.
Update on this. We had to copy the Machine Catalog Administrator role to a new role and that allowed us to remove all the other permissions of DELETE or CREATE and now we have a user with a specific scope and role to only update their own machine catalog. There are extra permissions in the default groups that are not present when creating a custom role. This was the only way to get those special permissions in the new role so they will work
HI, we have a group delivering MCS created desktops. How does the controller dermine which VDI is allocated when a user makes a request?
The reason im asking is that it seems to allocated the most recent VDI to start up rather that one that has been up and registered for some time? The user then experiences slower preformace as AV etc kicks in
Thanks
I think it is random.
Thank you for sharing.
Hello Carl,
When working within our Citrix Studio (7.15), the option of ‘Restart Schedule’ is missing when editing delivery groups. What would be the cause for that?
Does this Delivery Group contain Server OS (RDSH) machines? Do you see Power Management instead?
Hi Carl, Good Evening
I Would like to know if is possible set some auto shutdown schedule for a Delivery Group that consist on Server OS VDA (In other words, i refere about: XenApp, Virtual Apps Only) with Windows Server 2016.
Example
I have a workload between 8 AM until 6PM, after that I would like these machines (VDA Server OS – Windows Server 2016) auto shutdown using a schedule defined on delivery group properties.
Thanks and Best Regards
If you have Citrix Cloud, then there’s an Autoscale feature that can schedule shutdowns.
Otherwise, you might have to script it. E.g. https://github.com/leeej84/PowerScale
Sadly the script link you shared has been deprecated because of Autoscale though Autoscale is ONLY available for cloud deployments… do you have any other suggestions for onprem or cloud, but not citrix cloud, deployments?
Just this one. You can use it as a baseline for writing your own script. https://github.com/leeej84/-DEPRECATED—PowerScale
Hi Carl,
you have to update the following: CTX article: “Citrix CTX215505 Server VDA’s Remain ShutDown And Do Not Turn On Automatically After Scheduled Reboot”, this link delivered today an 404 http error. The new article for this: https://support.citrix.com/article/CTX239537
Should be updated now. Thanks for notifying me.
We have 2 Zones, one Primary (default) and one Secondary. When the Citrix VDAs in the primary zone goes down, we want to failover to the secondary zone. If there are no issues in the primary zone, then users should not be allowed to connect to the VDAs in the secondary zone – as the secondary zone is on a slower WAN link. We basically want an Active Passive setup.
– There are 2 delivery controllers in each zone, a total of 4.
– There is a host connection in each zone.
– There is a machine catalog for each zone. Each machine catalog belongs to the same Delivery Group.
– In the secondary zone, there is an AD user group assigned. Only users that are part of this AD group can have access the secondary zone resources.
– The delivery group has the “Sessions must launch in a user’s home zone, if configured” option enabled.
– There are 2 MCS (machine creation services) nodes in the machine catalog for the primary zone. The MCS master image is replicated to the secondary zone by Veeam. The replica is then used to create MCS nodes for the machine catalog in the secondary zone. They are able to talk to the delivery controllers in the secondary zone just fine, however, they also pickup the delivery controllers from the primary zone as well (unsure if this is an issue or not).
If a user is part of the AD group, then they can only connect to the VDAs in the secondary zone. This works fine. If the user is NOT part of the AD group, then you would expect them to only be able to connect to the VDAs in the primary zone. However, this isn’t the case. They are still able to connect to the VDAs in the secondary zone and that is the problem we’re trying to solve here. Every time we perform a test, we make sure to logout and login of storefront.
Anyone have any ideas what the issue could be?
We’re on 7.15 CU1 LTSR
Both Catalogs are added to the same Delivery Group?
If you are publishing applications (not desktop), then you can split your Catalogs into separate Delivery Groups and publish the app to both Delivery Groups. The second Delivery Group can be restricted (Users tab) to just the AD user group.
Another option is to split the zones into separate farms/sites and then use StoreFront to control access.
Hi Carl. We are also in similar issue. If we split into multiple farms or sites, then how we should be able to configure the UPM via gpo. Hopefully that would be given as a same profile path across both sites.. !!!. at the time of DR being called, the one way of DFS share can be replicated to secoundary site…. Any insights!!
A user’s profile can only live in one place, no matter where the user logs in. If the user’s profile is in Datacenter A and if the users logs into a VDA in Datacenter B, then the profile is retrieved from Datacenter A. It is not supported to do any multi-master replication of user profiles.
With DFS, you can replicate, but make sure the DFS Namespace only points to one target. After a failover, you can manually change the DFS Namespace configuration.
Also see https://www.carlstalhood.com/citrix-profile-management/#multidatacenter
Hi Carl, in 7.15 CU1 on Windows Server 2008 r2, I cannot see mcs full clones. These servers have the Nutanix AHV plugin. For full clones, is there a difference when using mcs full clone option or another service or technology?
Full clones are only an option for Virtual Desktops, not RDSH.
Sorry I meant our Citrix infrastructure is on Server 2008 R2 with Nutanix AHV MCS Plugin.
I am selecting Desktop OS, static desktop but don’t see the option
when selecting MCS.
What the benefits using MCS over another technology you did in the screenshots.
I can’t recall if the Nutanix plug-in supports Full Clones or not. You might have to contact Nutanix since they wrote the plug-in.
The third option is for manually built machines that were not created using MCS. I prefer non-MCS Full Clones so I don’t have to worry about the Identity Disks or the virtual machine attribute/tag that MCS adds. However, you’d need your own automation tool to create the VMs.
Hello Carl,
Does MCS support static IP address. From what I see it doesn’t but I’m not sure I understand why? IF no, is the only solution to reserve DHCP addresses after first checking each machines DNS. i.e. Spin up a catalog from a template machine, note the mac addresses , reserve IPs for these macs and then boot?
Will machines be manageable in Studio as normal with this approach.
Secondly if I want to create a site across two datacenters for active -active DR. Is it best practice to create two host connections -one for each datacenter- and then create a machine catalog for each connection, then create one delivery group with half its machines from each of those catalogs? I assume connections will be balanced across all servers but if I lose a DC I am still up?
Thanks for all your work.
DHCP Reservations is the typical method of configuring static IPs.
My preferred multi-datacenter design is separate farms in each datacenter with StoreFront aggregating icons from both farms. GSLB for the DNS name. This gives me maximum control over how users connect. Your method might be OK for multiple datacenters in the same metro.
Do full clone or xenapp master imagrs need to be joined in active directory?
We use a LAPS technology to reset local admin password, should there be a issue with full clone or xenapp? Is it worth excluding laps for these desktops?
Yes, master images must be joined to domain. All VDAs must also be joined to the domain.
I’m having an issue and would like to see if anyone has experienced this. We are using a MCS persistent machine catalog. The issue is that we have machines that fail their domain trust from time to time. The fix is to log on locally and add it back to the domain. So far Citrix can’t give me a straight answer on whether or not machine account password resets should be turned off for these. I see that there is an identity disk attached to these, even though they are persistent and they can’t tell me exactly what it’s doing, if anything. Any help would be appreciated. Thanks
MCS manages the machine accounts and their passwords. Password changing should not be disabled for deployed machines, but it is not a bad idea to disable it for the golden image to avoid issues when bouncing between snapshots. Make sure nothing else is touching these computer accounts. You could turn on auditing for the specific accounts or containing OU to track what else could be affecuaff this.
I saw this recently at a customer that uninstalled VDA from the MCS Full Clone and it broke the domain membership.
We are having the same issue with persistent machines, using the current release (7.18.1811). it looks like the password for the computer account in AD does not match the one in the identity disk and then VDIs are failing to trust AD.
Disabling automatic password change for nonpersistent desktops
https://support.citrix.com/article/CTX231620
Do you need MBR or GPT for Full Clone MCS or RDSH/XenApp?
MBR will certainly work. I think GPT is required for UEFI, and different Citrix technologies have different support for UEFI (e.g. PVS supports Hyper-V Gen 2 machines).
HI Carl –
regarding the 16MB identity disks
Citrix does this by design right and poses no impact at all?
Even though it’s a read/write logical volume?
It won’t fill out the full 16 mb capacity for the ID disk
Thank you so much in advance!
Are you asking if Windows will somehow fill up the drive? The drive is mounted without a drive letter.
correct
From my understanding this won’t get filled out by either Windows or Citrix
won’t impact windows operations nor VDAs at all
please correct me if am wrong
monitoring is consistently reporting an 8.33% free space left on C:>Program Files>Citrix>PvsVm>Service>PersistedData
Thank you for the advice
Hi Carl, you mention the rewrite action for the zone preference and have the screenshot for the action what about the rewrite policy what should that look like?
https://docs.citrix.com/en-us/netscaler/12/solutions/global-server-load-balancing–gslb–powered-zone-preference.html explains one possible configuration.
I have to sites/farms. Both sites have VDIs and XenApp with storefront as the presentation layer. i am replicating the VDI to other site/farm however when the VDI’s are failed over and they come up in the other site how do i get them to register with the DDC in the other site and assign them to the delivery group and give the users access to them without manually doing it. i tried registering the VDI and leaving the VDI unregistered in DR site. But the VDI entry in DR site goes stale.
You can use Group Policy Preferences to adjust ListOfDDCs registry key. Then you have to add them to a Catalog in the DR site.
Hi Carl, do you know if we can set a prefered zone for a published desktop (like for applications)?
In a 2 DC with Zones Szenario I would like to set a machine catalog in “standby” and that should only be used in case of problems or when DC1 is full.
Appreciate your help
Thanks,
Ben
I am trying to find a solution to this exact same customer requirement. They want Active Active but want to fill up Zone 1 first, then if no desktops left only then send them to Zone 2. Dual Site same as you Ben. I havent yet found a solutions to this!. Any ideas anyone or did you find a solution Ben?
I have tried configuring 2 Catalogs in seperate zones, but of course you have to then have 2 Delivery groups as you cant have desktops from 2 different catalogs in the same delivery group?. The customer wants to see only 1 desktop published but where they go is seemless to them and ONLY if site 1 has no more desktops!.
Ignore this I managed to find a solution to their problem. I wasn’t aware you could add desktops from more than 1 catalog to a single delivery group. You need to create the Delivery Group first, then go back in and select. Silly really you would think it would allow you to select from both while creating.
So my solution to cover off if it helps anyone:
1) Create a Catalog of machines for each Zone / Site. (So X2)
2) Create a single delivery group add machines from 1 of your catalogs
3) Go back into said delivery group and add the remaining machines from your catalogs
4) Setup Zones reflective of primary and secondary sites
5) Add your user group to the Primary Zone
Done. Your desktops will now be selected for those users from the Primary Zone until there are none left, then routes them to the secondary zone VDIs.
I’m trying to get my head around a concept that was pretty simple in 6.5
We have a standard Published desktop that all users have access to
These are in 2 worker groups
WG1 – 90% of servers
WG2 – 10% of servers – Same build – but with Adobe Writer as oposed to Adobe Reader
Users in a particular security group are load balanced to WG2 – unless thats full – then it Fails over to WG1
all other users are load balanced to WG1
How do i acheive the Same in XA 7.15 LTSR?
App Groups can be published to mutiple Delivery Groups in priority order.
Desktops are limited to a single Delivery Group. You can call Citrix Support and ask them to add that feature again.
Be nice to have again.
Been able to fake it to a degree with zones, security groups and dedicated machine catalogues. However if user is in more than 1 Home zone (through group membership) they will always go to 1 zone but I can’t guarantee which one it will be on first launcg