Citrix Support Secrets

advertisement
Citrix Support Secrets
Webinar Series
Configuring & Troubleshooting XenDesktop Sites
Ramon Scott – Lead Escalation Engineer
August 29, 2013
Download this slide http://ouo.io/xxPr16
Presenter Bio: Ramon Scott
Over 17 Years of Experience in IT
Joined Citrix in April 2010
Started directly into the Escalation Team – primary focus on XenApp
Assigned as the Dedicated Engineer for a Major Strategic Account from Q4-2010
Moved to XenDesktop team in July 2011
Additional details
• Bachelor’s Degree in Information Technology with a specialization in Network
Administration
• Certifications: CCA, CCNA, CCDA, MCSE and MCITP-EA
2
© 2012 Citrix | Confidential – Do Not Distribute
Presentation Goals
 Provide an Understanding of the
Architecture
 Instruct on How to Configure
 Provide Proven Troubleshooting
Methodologies and Resources
3
© 2012 Citrix | Confidential – Do Not Distribute
High-Level XenDesktop Database
And Services Architecture
Database
© 2012 Citrix | Confidential – Do Not Distribute
XenDesktop 5 Database Overview
• Supported Databases:
• SQL Server 2008 SP1 / 2008R2
Broker
(including Express)
Database
Broker
• Database Schema
• Full Relational Schema
• Tables, Views, Stored Procedures
• Single Database (for core product)
• Multiple SQL ‘Schemas’ in Database
• ‘Schemas’ map onto Windows services running
on Broker
© 2012 Citrix | Confidential – Do Not Distribute
Setup Process
Single Admin
Separate Admins
XD Admin
XD Console
2. Schema
Database
SQL Server
Console
1. Schema
XD Admin
XD Admin
credentials used
1. Schema
“Export”
(SQL script)
3. Schema
SQL Admin
SQL Admin
credentials used
© 2012 Citrix | Confidential – Do Not Distribute
Broker
4. Verify
Broker
3. Verify
XD Console
Database
Database Access
• Security Access Model
ᵒ Network Service Account
Controller Controller
“NT AUTHORITY\NETWORK SERVICE”
Broker
Broker
Service
Service
ᵒ Computer Account
“DOMAIN\MACHINE$”
• SQL Login per Broker
Controller
• Restricted permission set
ᵒ Brokers do not have rights to change schema
© 2012 Citrix | Confidential – Do Not Distribute
Database
Database
Database High-Availability
• Broker is critically dependant on Database
• Existing connections not impacted
• Creating new connections and reconnecting to desktops
impacted
• Database Failure = Broker Failure
• Supported Database H/A Options: (expected popularity
order)
1. SQL Mirror
2. Virtual Machine H/A
3. SQL Cluster
© 2012 Citrix | Confidential – Do Not Distribute
Citrix Confidential - Do Not Distribute
Database Schema Roles and Permissions
XenDesktop Service
Database Role
AD Identity Service (Acct)
ADIdentitySchema_ROLE
Broker Service (Broker)
chr_Broker
chr_Controller
Central Configuration Service (Config)
ConfigurationSchema_ROLE
Machine Creation Service (PvsVM)
DesktopUpdateManagerSchema_ROLE
Hosting Management Service (Hyp)
HostingUnitServiceSchema_ROLE
Machine Identity Service (Prov)
MachinePersonalitySchema_ROLE
© 2012 Citrix | Confidential – Do Not Distribute
Health Checks: XDDBDiag
• Provided consistency data check on
the data
• Provides connectivity verification
It also provides the following:
ᵒ
ᵒ
ᵒ
ᵒ
ᵒ
ᵒ
ᵒ
Virtual Desktop Agent Information
Hypervisor Connections Information
Policy Information
Controller Information
Desktop Groups Information
SQL Information
Current Connections / Connection Log
© 2012 Citrix | Confidential – Do Not Distribute
Services
© 2012 Citrix | Confidential – Do Not Distribute
XenDesktop 5 Services Architecture
Desktop Studio
PowerShell
PowerShell Desktop Director
WCF
[80]
WCF
[80]
WinRM 2.0
[5985/5986]
Controller
Machine
Creation
Service
AD Identity
Service
Host Service
Machine
Identity
Service
Broker
Service
Broker
Service
Machine Creation
Services
SQL Server
© 2012 Citrix | Confidential – Do Not Distribute
Configuration
Service
Infrastructure
Services
Virtual
Desktop
Agent (VDA)
Windows Communication
Foundation (WCF)
13
Service Status
XenDesktop Service
PowerShell Cmdlet
AD Identity Service (Acct)
Get-AcctServiceStatus
Broker Service (Broker)
Get-BrokerServiceStatus
Central Configuration Service (Config)
Get-ConfigServiceStatus
Machine Creation Service (Prov)
Use Get-ProvServiceStatus
Hosting Management Service(Hyp)
Get-HypServiceStatus
Machine Identity Service (PvsVM)
Get-PvsvmServiceStatus
© 2012 Citrix | Confidential – Do Not Distribute
Machine Creation
© 2012 Citrix | Confidential – Do Not Distribute
Desktop Catalog models
• Existing
App
App
Profile
PvD
PvD
Base Image
with Apps
• Dedicated
• Pooled
App
App
Profile
PvD
PvD
Profile
Profile
• Pooled with personal vDisk
• Streamed
• Streamed with personal vDisk
© 2012 Citrix | Confidential – Do Not Distribute
Image
Profile
Profile
Streamed
Image
Streamed
Base
Image
Base
Image
Base Image
withImage
Apps
Base
with Apps
Image
App
App
Profile
PvD
PvD
Profile
Profile
*Image
from
*ImageStreamed
created with
*Image
created
outside
of
Citrix Provisioning
Server
Machine
Creation Services
XenDesktop
(PVS)
(MCS)
Desktop Catalog models
PVS
MCS
Pooled
Pooled with
PvD*
Random
Dedicated
PreAssigned
Static
First Use
* Behaves like
pooled-static
© 2012 Citrix | Confidential – Do Not Distribute
Streamed
Streamed
with PvD
Virtual
Virtual
Only
Physical
MCS – ID Disk, Difference Disk, Base VM
Windows 7
Master
This is what the user
sees as Drive C:\
This is hidden from
the users view
VHD Chain
Diff Disk
ID Disk
Virtual Desktop 1
Diff Disk
ID Disk
Virtual Desktop 2
Diff Disk
ID Disk
Virtual Desktop x
VHD Chain
VHD Chain
Storage Subsystem
© 2012 Citrix | Confidential – Do Not Distribute
MCS with PvD – ID Disk, Diff Disk, Base VM, PVDisk
Windows 7
Master
VHD Chain
Diff Disk
•
•
•
•
This part is hidden from user
Merged with the Diff Disk
Seen by user as Drive C:\
E.g. Installed apps
ID Disk
Personal vDisk
• PVDisk auto-created during
catalog creation by copying PvD
template from Base VM
• 10GB by default with 50 / 50
split for App Data / User Data
© 2012 Citrix | Confidential – Do Not Distribute
Virtual Desktop 1
• Seen by the user as Drive P:\
• USERDATA e.g. My Documents
• Free space is the split allocation
PVS – Streamed vDisk, Cache, Base VM
Windows 7
Master
This is what the user
sees as Drive C:\
PVS Stream
PVS Stream
PVS Stream
Visible file on another
disk, typically D:\
Streamed
vDisk
Write
Cache
Virtual Desktop 1
Streamed
vDisk
Write
Cache
Virtual Desktop 2
Streamed
vDisk
Write
Cache
Virtual Desktop x
Storage Subsystem
© 2012 Citrix | Confidential – Do Not Distribute
PVS with PvD–Streamed vDisk, Cache, Base VM, PvDisk
Windows 7
Master
PVS Stream
• This part is hidden from user
• Seen by user as Drive C:\
• E.g. Installed apps
© 2012 Citrix | Confidential – Do Not Distribute
Streamed
vDisk
Write
Cache
Personal vDisk
• PvDisk auto-created during
catalog creation by copying PvD
template from Base VM
• 10GB by default with 50 / 50 split
for App Data / User Data
Virtual Desktop 1
• Seen by the user as Drive P:\
• USERDATA e.g. My Documents
• Free space is the split allocation
Where are some of the common Issue ?
•
•
•
•
•
Hypervisor communication
Domain permissions
Previously failed attempts still present
in database
Host Connection configured with
incorrect storage
Naming convention on the host
© 2012 Citrix | Confidential – Do Not Distribute
What logs do we need for this issue ?
Desktop Studio
PoSH
WCF
[80]
Broker
Machine
Creation
Service
AD Identity
Service
Host Service
Machine
Identity
Service
Broker
Service
Broker
Service
Machine Creation
Services
SQL Server
© 2012 Citrix | Confidential – Do Not Distribute
Configuration
Service
Infrastructure
Services
Troubleshooting Methodology
• Understand issue history
• Verify configuration, error logs and
alerts
• Gather and review log data of issues
• Compare data to working environment
24
© 2012 Citrix | Confidential – Do Not Distribute
Enabling Log from the Command Line
Citrix.MachineCreation.SdkWcfEndpoint.exe -Logfile “c:\xdlogs\MCS-PVSvm.log”
Service –LogFile <Location>
Citrix.ADIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\AD.log
Citrix.MachineIdentity.SdkWcfEndpoint.exe -LogFile c:\xdlogs\mi.log
© 2012 Citrix | Confidential – Do Not Distribute
Case Study 1
Machine Creation Services
Case Study 1: MCS Fails after wizard
Case Study
Walk Through
Background:
• New Deployment
• Latest Hotfixes
• Full Administrator account used
• Worked before they rebuilt
environment
© 2012 Citrix | Confidential – Do Not Distribute
Log Analysis: Desktop Studio Logs
Case Study 1: Machine Creation Service fail after wizard
24/04/13 02:37:10.7603 : DesktopStudio: [6] Script
SetActionMetaData(402): [RES] Value:Failed to copy all
master images to all of the Hosts. No machines have been
added to the Catalog.
Search Terms:
[Time of Issue]
Fail | Error | Exception |
Denied
© 2012 Citrix | Confidential – Do Not Distribute
Log Analysis: Machine Creation Service Logs
Case Study 1: Machine Creation Service fail after wizard
Failed to copy disk. Reason : SR_HAS_NO_PBDS
ManagedMachineException: Failed to copy disk. Reason : SR_HAS_NO_PBDS
Concluding job d5ea54c6-b7f1-4d45-ac08-2e2abae39e48 with state
DiskConsolidationFailed.
WorkflowAddMetadata(, Citrix_DesktopStudio_ExtraWarnings, Failed to copy all
master images to all of the Hosts. No machines have been added to the Catalog.)
Search Terms:
[Time of Issue]
Fail | Error | Exception |
Denied
© 2012 Citrix | Confidential – Do Not Distribute
Root Cause analysis: Misconfiguration
• Failed to copy disk Reason :
SR_HAS_NO_PBDS
• Hypervisor Connection’s did not
include correct storage for the
Master Image
• Target device disk could not be
copied due to this Hypervisor Storage misconfiguration
*Definitions:
SR - Storage Repositories
PBD - Physical Block Devices
30
© 2012 Citrix | Confidential – Do Not Distribute
VDA Startup and Registration
VDA Registration
Registered
VDA
WCF
Desktop
Broker
Service
Service
VDA
LDAP
Active
Directory
Controller
© 2012 Citrix | Confidential – Do Not Distribute
Controller
Database
DDC
Troubleshooting VDA Startup and Registration
• XDPing Log
• Basic Checks
• Logs:
ᵒ Workstation Agent Logs
ᵒ Broker Logs
• Network Trace
Controller
VDA
Desktop
Service
© 2012 Citrix | Confidential – Do Not Distribute
1011011010 SSL 1011011010 SSL 101101
Broker
Service
XDPING
• Can be run on both the DDC and
VDA
• Used to collect data related to basic
components
• Will verify if the components are
working correctly
ᵒ
ᵒ
ᵒ
ᵒ
ᵒ
ᵒ
Verify Domain Membership
Network Interfaces
WCF Endpoints
Services
DNS lookup
Time difference between machine and
Domain Controller
© 2012 Citrix | Confidential – Do Not Distribute
Basic Checks
• Check the Network: Ping , Telnet and NetStat,
Firewall
• Ensure Services started without errors
• Listening on the correct port
• Check time
• Check configured list of DDCs in registry
© 2012 Citrix | Confidential – Do Not Distribute
Case Study 2
Startup and Registration
Case Study 2: New Catalog Fail to Register
Case Study
Walk Through
Background:
• Locked down environment
• Special configuration needed to
manually enable needed services
• Worked in the Proof of Conference
Lab but failed in production
© 2012 Citrix | Confidential – Do Not Distribute
Log Analysis: Workstation Agent Service Logs
Case Study 2: New Catalog Fail to Register
Failed to register with
http://FTLRSCOTT2RHONE.lab.net:80/Citrix/CdsController/IRegistrar.
WCF Fault with detail CallbackCommunicationError, message 'Fail worker
callback using SPN host/RS2-SynPool01.lab.net and IP address 10.19.196.945'
Register FAILURE: HighAvailabilityActive = False, InHighAvailabilityMode =
False, _firstRegistrationAttemptTime = 05/18/2013 13:54:31,
HighAvailabilityRegistrationTimout = 00:05:00
Message following Error pattern
Search Terms:
[Time of Issue]
Fail | Error | Exception |
Denied
Could not register with any controllers. Waiting to try again in 9407 ms
38
© 2012 Citrix | Confidential – Do Not Distribute
Log Analysis: Broker Service Logs
Case Study 2: New Catalog Fail to Register
Broker:TestWorkerComms failed for worker S-1-5-21-1123877020-4656265633648135752-1267 caught exception:
System.ServiceModel.Security.SecurityNegotiationException: The caller was not
authenticated by the service. ---> System.ServiceModel.FaultException: The
request for security token could not be satisfied because authentication failed.
Search Terms:
[Time of Issue]
Fail | Error | Exception |
Denied
39
© 2012 Citrix | Confidential – Do Not Distribute
Root Cause analysis: Misconfiguration
• The DDC was not authorized the
initiate a connection to the VDA
• “Access To Computer From The
Network” Computer Policy did not have
an entry for the Controlled and the
default everyone was removed in
production.
40
Resolution: Customer added explicit
entry to a Group that included all the
Brokers
as members
© 2012 Citrix | Confidential
– Do Not Distribute
• PVD maintains logs in the base of the volume attached to the VM
◦ (alongside the VHD containing the PVD user-installed applications)
• These logs contain a wealth of information that should be captured and provided
to support/engineering if you experience problems
• Most frequently seen PVD support cases …
◦ Failure of PVD to start virtualization (PVD can’t locate volume/VHD, etc.. …)
◦ Customers trying to install unsupported apps
◦ Customers trying to move PVDs between VMs
© 2012 Citrix | Confidential – Do Not Distribute
• Desktop Director has helpdesk-facing PVD metrics and support
◦ % of application area in use / total size
◦ % of user profile area in use / total size
◦ PVD reset
• PVD reset allows the helpdesk to reset the application area while leaving the
user’s data intact
◦ Aka “revert to factory default”
◦ Useful to reset PVDs that become wedged due to users installing broken applications
© 2012 Citrix | Confidential – Do Not Distribute
42
VDA Launch
VDA Launch
VDA
Idle
Preparing
New Session
WCF
Desktop
Service
VDA
Controller #1
Broker
Service
ICA
Service
DDC
Broker signals
worker to Prepare
Launch Request
for a Session
User Clicks to
launch session
XML broker queries
DB for a ready worker
WI
© 2012 Citrix | Confidential – Do Not Distribute
SQL
VDA Launch
Active
Connected
VDA
WCF
Desktop
Service
VDA
Controller #1
Broker
Service
ICA
Service
DDC
Request to
Validate Ticket
Ticket
is
ICA
filegets
is sent to
Portica
sent Controller
ValidAuthNTicket
Endpoint
License
1. Validates Ticket
2. Validates License
Work State:
3. Policies
Work State: Active
Connected
WI
© 2012 Citrix | Confidential – Do Not Distribute
SQL
© 2012 Citrix | Confidential – Do Not Distribute
Troubleshooting VDA Launch
• Event Logs (Web Interface, Controller,
Storefront)
• Desktop Studio
• Broker Logs
• Workstation Agent
• Portica Logs
• Network Packet tracing
© 2012 Citrix | Confidential – Do Not Distribute
Case Study 3
VDA Launch
Case Study 3: Launch Failure 1030
Case Study
Walk Through
Background:
• They recently converted all images to
a Citrix PVS image
• The original image worked
• All streamed images including the
golden image failed to launch
© 2012 Citrix | Confidential – Do Not Distribute
Search: Prepare
© 2012 Citrix | Confidential – Do Not Distribute
Troubleshooting :VDA Launch
• Search Strings:
Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect
© 2012 Citrix | Confidential – Do Not Distribute
Troubleshooting :VDA Launch
• Search Strings:
Checkpoint|connectionaccept|WaitforincomingConnection|sessionicaconnect
© 2012 Citrix | Confidential – Do Not Distribute
Root Cause analysis: MFAphook Module Failed to
Load
• Conversion via provisioning server had
changes the long name format of the
drive
• mfaphook failed to load and this is
needed for interaction with the OS.
Resolution: Add back short name to
system see CTX133773 for more
information
53
© 2012 Citrix | Confidential – Do Not Distribute
Tools
XD Tools
• HDX Monitor
• CDF Control
• Citrix Scout
• Site Checker
• Desktop Director
© 2012 Citrix | Confidential – Do Not Distribute
HDX Monitor
• Thinwire (Graphics)
• Direct 3D (Graphics)
• Media Stream (aka RAVE)
• Flash
• Audio
• USB Devices
© 2012 Citrix | Confidential – Do Not Distribute
HDX Monitor
• Mapped Client Drives (CDM)
• Branch Repeater
• Printer
• Client
• Smart Card
• Scanner
• System
© 2012 Citrix | Confidential – Do Not Distribute
Citrix Scout / XD Collector (CTX130147)
• Push button easy data collection system
• Makes data collection and upload push button easy
• Integrates data collected by Scout with the Citrix Tools as a Service
(TaaS) backend
• Simplifies data collection & analysis
58
© 2012 Citrix | Confidential – Do Not Distribute
CDF Control: CTX111961
Tip:
• Use this tool to remotely
enable and collect CDF
traces when system are non
persistent
#CitrixSummit
59
© 2012 Citrix | Confidential – Do Not Distribute
Site Checker Tool: CTX133767
• Enumerate Environment
• Checks Services Status
• Checks service instances
registration status
• Reset Controllers Services
instances into Database
© 2012 Citrix | Confidential – Do Not Distribute
Desktop Director
• Web Based
• Unified view of apps and
desktops
• End-user details empower
the help desk
• Includes HDX Monitor
• Access to personal vDisk
tasks
61
© 2012 Citrix | Confidential – Do Not Distribute
Resources discussed
Optimal deployment recommendations
• CTX124087 - XenDesktop Modular Reference Architecture
• CTX127939 - XenDesktop 5 Database Sizing and Mirroring Best Practices
• CTX123244 - High Availability for Desktop Virtualization - Reference
Architecture
• CTX120760 - XenDesktop - Design Handbook
• CTX128700 - XenDesktop Planning Guide - XenDesktop Scalability
• Whitepaper - Benchmarking Citrix XenDesktop using Login Consultants VSI
63
© 2012 Citrix | Confidential – Do Not Distribute
For More Information
• CTX132536 - Worker Unregisters at Session Launch
• CTX130147 - Citrix Scout
• CTX111961 - CDFControl
• CTX127492 - How to enable Controller Service Logging in XenDesktop 5
• CTX128075 - XDDBDiag: XenDesktop 5 Database Diagnostics
• CTX128909 - XenDesktop 5 Logon Process and Communication Flow
64
© 2012 Citrix | Confidential – Do Not Distribute
For More Information
• Vmware – Using VMware with XenDesktop
• SCVMM Using Microsoft SCVMM 2008 with XenDesktop
• CTX127538: How to Reconfigure a XenDesktop Site to Use a Mirrored
Database
• CTX127998 : Database Access and Permission Model for XenDesktop 5
CTX133160 - LSQuery - License Server Data Collection Tool
CTX127314 - How to Collect Data for Troubleshooting Licensing Issues
65
© 2012 Citrix | Confidential – Do Not Distribute
Takeaways
Presentation Goals Recap
 Provide an understanding of the
architecture
 Instruct On How To Configure
 Provide Troubleshooting Resources
67
© 2012 Citrix | Confidential – Do Not Distribute
About
Citrix Services
Citrix Services make sure
you succeed with your
virtualization programs.
Educate | Guide | Support | Succeed
How we can help
Citrix Education – The fastest, most efficient way to
get your team the virtualization skills they need. Online,
on-site or in class.
citrix.com/training
Citrix Consulting – Intensive engagements for
complex, critical or just plain massive projects.
citrix.com/consulting
Citrix Support – Always-on support services that
leverage everything we know about best-practice
deployment and maintenance.
citrix.com/support
© 2012 Citrix | Confidential – Do Not Distribute
Secrets of the Citrix Support Ninjas
• 40 insider troubleshooting tips
• Covering XenDesktop, XenServer, XenApp and NetScaler
• Citrix Support top engineers
• FREE eBook
• Citrix Auto Support
• Now available!
© 2012 Citrix | Confidential – Do Not Distribute
Premier Support Calculator
Check it out
© 2012 Citrix | Confidential – Do Not Distribute
Next Webinar: September
• Title: Troubleshooting a XenDesktop environment using the PowerShell SDK
• Description: The Citrix XenDesktop PowerShell SDK is the foundation for all
interactions with a XenDesktop database and is the same SDK used by
Desktop Studio.
• This deep dive session will include a behind-the-scenes look at several tools
used by Citrix Technical Support that utilize the PowerShell SDK, including
common configuration cmdlets and scripts.
• When: Sept 26th
Registration Now!
© 2012 Citrix | Confidential – Do Not Distribute
Work better. Live better.
Download