Complex XenDesktop use cases; common mistakes; tools and

Document Sample
Complex XenDesktop use cases; common mistakes; tools and Powered By Docstoc
					Complex XenDesktop use cases;
common mistakes; tools and
techniques for resolution

Baptiste Duflos
Manager, Escalation Services

May 8th, 2012
Introduction and objectives
    Tweet about this session with
    hashtag #SUM301and

Focusing on the major components of

                     SQL Database

        User    WI    Controllers            VM Host
                                      (XenServer, Hyper-V, VMware)

#CitrixSummit                                                        4
Deploying Controller Servers

                              • All Controllers load balance session
                                launch and VDA registrations

                              • Configuring Controllers in an N+1
                Controllers     configuration allows for resiliency in
                                case of a failure

                              • All Controllers talk to the SQL database
                                and should deployed as close as
#CitrixSummit                                                              5
Controller Server Scalability

                          Broker          Hypervisor Pool

                WI    Broker (ZDC)        Hypervisor Pool

                          Broker          Hypervisor Pool

                        Controller        Hypervisor Pool

                WI      Controller        Hypervisor Pool

                     Controller(failed)   Hypervisor Pool

#CitrixSummit                                               6
Controllers – Scalability and Best Practices

• Can overwhelm the hosting infrastructure with power state requests during
  peak times when many users logon and off.

• You can throttle the amount of power commands sent per Controller with
  “MaximumTransitionRate” – default is 20, do NOT increase it won’t speed up
  power up times

#CitrixSummit                                                                  7
Deploying SQL for XD Databases

                            • XD 5 uses a single database with
                              multiple schemas that map to XD
                Databases   • Stored procedures are leveraged to
                              reduce load on database

                            • Database is critical to XD 5 – all
                              Controllers have heartbeat to database

#CitrixSummit                                                          8
SQL – Database Mirroring

• Database failure = Controller Failure           • Mirroring sends transaction log
                                                    If the principal database fails,
      Principal                 Mirror
 ○   Only impacts new connections – existing or disconnected sessions not affected
      database                  database
                                                    user Principal database to the
                                                    from intervention is required to
• Citrix recommends leveraging SQL Mirroring for fault tolerance
               Transaction log
                                                    redundant database
                                                    fail over the database

                                                  • Citrix recommends using
                   Server                           synchronous database
                                                    mirroring with witness
#CitrixSummit                                                                        9
SQL – Best Practices

• SQL transaction log is critical to monitor
  ○   Connection launches and idle desktops consume transaction log space
  ○   Use a fixed-size transaction log – auto-growth feature could impact response times
  ○   Leverage SQL Alerts when log reaches thresholds (recommend 50%)

• Database failover tuning – adjust Controller heartbeat interval
  ○   Default heartbeat is 30secs and requires a SQL operation
  ○   Controllers unregister workers that do not heartbeat for over one minute
  ○   Controlled by Regkey: HKLM\Software\Citrix\DesktopServer\HeartbeatPeriodMs

#CitrixSummit                                                                              10
Deploying Virtual Desktop Agents

                          • VDA now uses “registry based”
                            registration by default
                Desktop   • Verify ports are open and firewall
                Agents      configured

                          • Forward and Reverse DNS is required

#CitrixSummit                                                     11
VDA – Scalability and best practice

• Increase the Service timeouts if you expect periods with large amount of VMs
  rebooting – increase to 3 mins recommended

• Optimize the logon process – improves desktop performance

• Plan staged deployments and consider leveraging tools such like LoginVSI to
  perform scale and load testing before adding large groups of users to

#CitrixSummit                                                                    12
Key points to remember

• Controllers are resilient and scale well – keep deployments simple

• SQL server plays pivotal role in infrastructure – protect it!

• Make your end users happy – tune your VDAs for performance

#CitrixSummit                                                          13
Troubleshooting a session launch failure

                Case Study
                              • Users were reporting they got an error
                                when trying to launch their desktops

                              • Admin noticed that intermittently VDAs
                                would de-register at session launch

#CitrixSummit                                                            14
Environment overview

• XenDesktop deployment with:
  ○   Web Interface 5.4
  ○   XD 5.6
  ○   SQL 2008
  ○   VMWare 5.0
  ○   Windows 2008 R2 Active Directory
  ○   Virtual Desktop Agent OS – Win7 32-bit            5.6
                                               Web XDDirectory
                                               ActiveVDAs 5.4
                                                VMWare 5.0
                                                 SQL 2008
  ○   Citrix Receiver 3.1

#CitrixSummit                                                    15
What did failure look like?

#CitrixSummit                 16
                User attempts to start the session

                1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011101101110 11

#CitrixSummit                                                                      17
Initial Troubleshooting

• How often does it happen?

• Any particular timeframe it happens?

• Any specific users or images it happens more frequently with?

• What changed?

• Any event viewer messages?

#CitrixSummit                                                     18
 What changed?

Customer had
                         Controller #1
second Controller
single server
for redundancy
                    WI                        VDAs

                         Controller #2   VDAs register on
                                         Controller #1

#CitrixSummit                                          19
Where do we start looking?

• We found 4 interesting messages in Event Viewer:
  Application Warning – Event ID 1060:
  Warning – Event ID 1101:
  An unexpected exceptionfailed to apply settings on Broker usermachine 'KB-WIN7-
                                     broker connection virtual
                                     contact the Citrix thefor Service processed an XML
  The Citrix Broker Service occurred whileavirtual machine 'KB-WIN7-'. 'KB-Win7-PW'.
  transaction. to resource(IP address ).'

  An incompatible clientmachine can be contacted the XML service. Verify theadd more
  The Citrix Broker Service cannot find any access from the Controller and that any firewall
  Check that the virtual might be trying to available virtual machines. Please compatibility
  virtual virtual machine service. If this problem persists, reinstall themachines not
  on the machines to       site. If the problem is due to existing virtual Citrix XenDesktop
  of clients accessing the allows connections from the Controller. See Citrix Knowledge Base
  article CTX126992.
  Controller.available, see Citrix Knowledge Base article CTX126992.

  Error details:
  Exception 'Access is denied.' of
  Transaction: 'RequestAddress' type
  Exception Type: 'System.ServiceModel.Security.SecurityAccessDeniedException'
#CitrixSummit                                                                             20
Troubleshooting Methodology – verify

• Check Firewall configuration

• Active Directory mis-configuration

• Forward DNS and Reverse DNS

• Environmental checks:
  ○ Check for time skew
  ○ Default ports

  ○ Port conflicts

#CitrixSummit                          21
Troubleshooting Methodology – gathering data

• Run Citrix Scout

• TaaS beta

• Enable logging on both Controllers

• Run a CDFTrace

#CitrixSummit                                  22
Citrix Scout / XD Collector (CTX130147)
• Push button easy data collection system

• Makes data collection and upload push button easy

• Integrates data collected by Scout with the Citrix Tools as a Service
 (TaaS) backend

• Simplifies data collection & analysis

#CitrixSummit                                                             23
Tools as a Service

 1                              2               3
   Data Collection

       Quickly collect and      Auto analysis       Recommendations
       upload your data         health check        tailored to YOU

 #CitrixSummit                                                        24
Enabling logging

                             • Enabling Controller Service
                              Logging - CTX127492

                             • CDF Control - CTX111961

#CitrixSummit                                                25
 Digging deeper – Controller log analysis
CdsBroker:1:1:UpdateWorkerSettings configurationService.Set failed:
System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.
Server stack trace:
 at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

Exception rethrown at [0]:
  at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage
  at System.Runtime.Remoting.Proxies.RealProx"
CdsBroker:1:1:UpdateWorkerSettings reject the worker (S-1-5-21-1123877020-465626563-3648135752-
BrokerDAL:8:5:DAL >>> DeregisterWorker(S-1-5-21-1123877020-465626563-3648135752-3586,

BrokerDAL:8:5:DAL >>> DeleteBrokeredSessionOnPrepareFailure(LaunchToken=54711b77-4fce-4edc-b31e-
937bc7dca341, SinBin=True)

 #CitrixSummit                                                                                    26
 Using CDF Control

  High level failure is: “CdsWorkerAgent:8:5:UserAllowed: found no you
• Parsing the CDF trace and enabling the expert shader feature allows
                                               • With CDFControl
  matching Controllers, access not allowed for user”
  us to quickly find exceptions which are typically highlighted in orange
                                                can download the
                                                public TMF files which
                                                will allow you to parse
                                                the CDF trace and
                                                troubleshoot your issue
 #CitrixSummit                                                         27
 Digging deeper – CDF trace log analysis
Initial trust failure:
CdsWorkerAgent:8:5:CheckAccessCore: Calling delegate to provide SID list
CdsWorkerAgent:8:5:CheckAccessCore: entered, have 1 trusted DDCs
CdsWorkerAgent:8:5:UserAllowed: found no matching Controllers, access not allowed for user GET\KB-XD5-
SP1-2$ S-1-5-21-1123877020-465626563-3648135752-3604

After worker Sin-Bin timeout:
CdsWorkerAgent:1:1:Heartbeat to rejected
CdsWorkerAgent:2:1:EventLogManager decided to log event

Re-Registered (after timeout expires):
CdsWorkerAgent:2:1:Succesfully registered with http://KB-XD5-; starting heartbeats

 #CitrixSummit                                                                                      28
Under the hood - VDA Session Launch explained
                VDA                                             Controller #1         Worker flagged in DB as Ready
                               VDA registers to Controller #1

                Desktop                                          Broker Service
   VDA          Service

ListOfDDCs=Controller #1                                        Controller #2                                SQL
                                    XML sends
                                Controller #2 is not in                                      XML broker unregisters
  VDA checks                        PrepareSession ticket         XML Broker
                                ListOfDDCs, VDA                                              queries DB for a
  ListOfDDCs to                     to VDA
                                invalidates session                                          ready worker
  authorize                     launch request                            WI Sends launch
                                                                         XML Returns Error
                                                                         to WI to XML
                          WI Error returned to user                WI
                                                                                    Worker is placed
                          User launches session                                     in SinBin

#CitrixSummit                                                                                                         29
Root Cause analysis

• The customer added a second Controller to handle XML requests for

• As soon as the new Controller was added to the WI XML failover list it was
  available to broker session launches by design

• Since the new Controller was not added as an authorized trusted agent
  XenDesktop rejects the session logons

• Workstation agent de-registers temporarily and then attempts to re-register

#CitrixSummit                                                                   30

• DDCs that handle authentication must be authorized agents and added to
  “ListOfDDCs” registry value

• CTX132536 outlines the registry key and how to define broker groups

• Adding DDCs to WI XML failover list enables the ability for DDCs to handle
  session logons

#CitrixSummit                                                                  31
Resources discussed
Optimal deployment recommendations
• CTX124087 - XenDesktop Modular Reference Architecture

• CTX127939 - XenDesktop 5 Database Sizing and Mirroring Best Practices

• CTX123244 - High Availability for Desktop Virtualization - Reference

• CTX120760 - XenDesktop - Design Handbook

• CTX128700 - XenDesktop Planning Guide - XenDesktop Scalability

• Whitepaper - Benchmarking Citrix XenDesktop using Login Consultants VSI

#CitrixSummit                                                               33
For More Information
• CTX132536 - Worker Unregisters at Session Launch

• CTX130147 - Citrix Scout

• CTX111961 - CDFControl

• CTX127492 - How to enable Controller Service Logging in XenDesktop 5

• CTX128075 - XDDBDiag: XenDesktop 5 Database Diagnostics

• CTX128909 - XenDesktop 5 Logon Process and Communication Flow

#CitrixSummit                                                            34
Tools as a Service

     Find out how to rev up environment maintenance
     See your Citrix pit crew in the expo hall with the

                               checkered racing shoes

#CitrixSummit                                             35
We value your feedback!
Take a survey of this session now in the mobile app

• Click 'Sessions' button

• Click on today's tab

• Find this session

• Click 'Surveys'

Before you leave…
• Conference surveys are available online at starting
  Thursday, May 10
  ○   Provide your feedback and pick up a complimentary gift at the registration desk

• Download presentations starting Monday, May 21, from your My Organizer tool
  located in your My Account


Shared By: