The recording of this webinar can be found here:
https://www1.gotomeeting.com/register/549106393
PoSH scripts used in webinar
https://citrix.sharefile.com/d/s6f2aa129f424c43b
As a XenDesktop administrator, it’s your responsibility to make sure your XenDesktop infrastructure is running smoothly and your users are working efficiently. In this webinar our very own XenDesktop master, Michael Glover will guide you in utilizing our award winning solution for virtual desktop delivery, XenDesktop, with some really key tips and time savers to help you make the very most of your investment. Michael has been involved in XenDesktop from day one and has gathered a huge amount of knowledge which he would love to share with you.
During this webinar you will:
• Learn to carry out advanced administration tasks using the public PoSH SDK
• Troubleshoot and resolve serious Site issues
• Learn how to carry out real-time infrastructure testing to validate site functionality
• Learn how to use key Tools to Troubleshoot XD issues
• Gain greater in-dept knowledge of the internal workings of XenDesktop
1. Important links:
PoSH Scripts
Webinar Recording
Citrix Support Secrets
Webinar Series
10 Tips Every XenDesktop Admin Should Know
Mick Glover – Sr. Readiness Specialist, Worldwide Support Readiness
January 30, 2014
Tip 10: Creating a customized XD PoSH $profilerun Test-Path $Profilerun New-Item -Type File $Profile (-Force optional / overwrite existing object)type Notepad $profile 7 hit returnadd the following lines:asnpcitrix*Import-Module -name Citrix.XenDesktop.Admin (New XD High Level Administration Module)Close PoSH and re-openTest-Path $Profile = return value = TrueRun Get-BrokerSiteRun Get-XD & Tab......To delete PoSH profile --> Remove-Item $PROFILESource:http://technet.microsoft.com/en-us/library/ff461033.aspxhttp://blogs.technet.com/b/heyscriptingguy/archive/2012/05/21/understanding-the-six-powershell-profiles.aspxhttp://technet.microsoft.com/en-us/library/bb613488%28v=vs.85%29.aspxhttp://technet.microsoft.com/en-us/magazine/2008.10.windowspowershell.aspx
Notes:It’s location and name are what separate it from a regular .ps1 fileQuerying the $profile will return the full path to the default profile locationDefault PoSH Profile:%UserProfile%\My Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1
Test-path $profile (Expected return value = False) / No Existing PoSH profileTo remove an existing PoSH profile use the following: Remove-Item -force $profile
Notes:asnp citrix* will load all Citrix XD snap-ins i.e all XD cmdletsImport-Module -name Citrix.XenDesktop.Admin will import the new XD Administration module and its associated cmdlets. For more information see http://blogs.citrix.com/2013/09/19/xd-tipster-introducing-the-new-xd7-xendesktop-posh-module/
-Force [<SwitchParameter>] Allows the cmdlet to create an item that writes over an existing read-only item. Implementation varies from pro vider to provider. For more information, see about_Providers. Even using the Force parameter, the cmdlet cannot override security restrictions.
After the PoSH Profile has been configured correctly, you can close the PoSH window, even log-out of the machine and the next time you launch an instance of PoSH – the configured profile will load and customize your env.
Tip 9: Service MGMT (Checking The state of FMA services through PoSH)Run Script - statuserror.ps1Run Help Get-BrokerServiceStatus –Full to view details about DBMissingOptionalFeature return value
Just because the Controller FMA services appear to be running fine through the windows services applet, this does not mean that they are in a healthy state internally. The exact status can and should be queried through PoSH.
Run Help Get-BrokerServiceStatus –Full to view full list of return values for the Broker service for example…
Run Help Get-BrokerServiceStatus –Full to view full list of return values for the Broker service for example…
Run Help Get-BrokerServiceStatus –Full to view full list of return values for the Broker service for example…
Tip 8: Checking & Updating DB Schema versions manually through PoSHRun Get-BrokerInstalledDBVersion - Return value = 7.0.0.0 (Reason for error)Run Get-BrokerInstalledDBVersionRun Get-BrokerInstalledDBVersion - upgradeUpdate Schema manually by creating update script and applying to DB:$upgrade = Get-BrokerDBVersionChangeScript -DatabaseName CitrixTraining -TargetVersion 7.1.0.0$upgrade.Script > update_71.sql (Already exists on SQLServer)Stop Broker service on DC1 or run reset.ps1 (Note usage of -Force switch) to unconfigure all servicesExecute update_71.sql on SQLServerRun Script - statusfixed.ps1 again: return value for Broker Service = OK
Based on the description of the DBMissingOptionalFeature return value when checking the status of the Broker Service through PoSH:“The broker is connected to a database that is valid, but it does not have the full functionality required for optimal performance. Upgrading the database is advisable.”It appears the DB schema for the Broker service is out of date or out of sync with the Broker Service binary version. Run Get-BrokerInstalledDbVersion to check the
After confirming the DB schema version for the broker service in the previous slide i.e. 7.0.0.0, running Get-BrokerController will give a good indication if the schema is out of date i.e. Broker Schema should be 7.1.0.0 to match major and minor versions above.
Note: In fact, Only the Broker service has to be un-configured to place a Controller in an off state.
Note: if you stopped the Broker service in step 4 then just start the service again. If you disconnected all services from the DB using a script or manually using PoSH then reset each service to point to the DB again.
Tip 7: Machine TaggingSet Some tags through Citrix Studio - W7dedicated1.training.lab = TrainingRun Get-BrokerMachine | select machinename, tags | format-table through PoSHExtra steps If needed: (time permitting) run Get-BrokerDesktop | select machinen*, uid | format-table + Take note of Desktop UId of Training\W7dedicated2 machine = 4run New-BrokerTag -Name <Finance> to create new Tagrun $desktop = Get-BrokerDesktop -uid 4Add-BrokerTag -Name finance -desktop $desktop
Once Machines have been logical grouped, HDX policies can be applied to the specific tag (subset of machines).
With tags, you can deliver a HDX policy for example to a subset of machines across Delivery Groups/Delivery Group types and OUs (the three well known machine filters)…-Tags can be added and edited with Citrix Studio.-Multiple tags can be assigned -Tags can overlap machines of course
Note: Tags support the asterisk (*) wildcardAlso see: http://blogs.citrix.com/2013/08/29/xd-tipster-machine-tagging-and-hdx-policies/Note: you will need to know the Uid of the desktop you want to apply the tag against – see next slide…
run Get-BrokerDesktop | select machinen*, uid | format-table + Take note of Desktop UId of Training\W7dedicated2 machine = 4run New-BrokerTag -Name <Finance> to create new Tagrun $desktop = Get-BrokerDesktop -uid 4Add-BrokerTag -Name finance -desktop $desktop
Using the Select command to only return information from specific tables is optimal. You can also format the returned output as you see fit using the various format options:Format-TableFormat-List…
Quite often, the tag filter is ignored or mis-understood. Filtering policies by Machine tags can be very useful.
Tip 7: Machine TaggingSet Some tags through Citrix Studio - W7dedicated1.training.lab = TrainingRun Get-BrokerMachine | select machinename, tags | format-table through PoSHExtra steps If needed: (time permitting) run Get-BrokerDesktop | select machinen*, uid | format-table + Take note of Desktop UId of Training\W7dedicated2 machine = 4run New-BrokerTag -Name <Finance> to create new Tagrun $desktop = Get-BrokerDesktop -uid 4Add-BrokerTag -Name finance -desktop $desktop
Each MCS based catalog is associated with an identity pool of the same name which manages computer a/c’s for all machines generated from the parent catalog.Based on the screenshot above, The next machine to be created from the Windows 7 SP1 x86 – 1GB catalog (The IdentityPoolName value is inherited from the catalog name) would be W7PoolRandom4… see next slide.
The IdentityPoolName value is inherited from the catalog name i.e. ProvisioningSchemeName
With the introduction of XD5.x and MCS we introduced some flexibility in relation to AD computer a/c management….If the StartCount value is reset then MCS will create the next machine using the next StartCount value as long a matching computer a/c does not exist in AD. If it does then it will move onto the next available count value…
Each MCS based catalog is associated with an identity pool of the same name which manages computer a/c’s for all machines generated from the parent catalog. The StartCount value is not reset if Desktops are deleted.The StartCount value in the above screenshot is 6 as the last AD a/c assigned to a machine was W7PoolRandom5
The StartCount value in the above screenshot is 2 as the last AD a/c assigned to a machine was W7PoolRandom1You will also notice that the same machine exists i.e. W7PoolRandom5 as per the previous slide also. We can only create a new machine with a numeric number lower then 5 i.e. 1 after we reset the StartCount back to 1. Note: Regardless of machines being deleted, MCS will continue to increment the numeric or alpha value at the end of the NamingScheme.
Set-AcctIdentityPool -IdentityPoolName "Windows 7 SP1 x86 - 1GB" -NamingScheme WebinarTest# -StartCount 1Result: Any new machines created from the catalog will inherit the new NamingScheme
Tip 5: Controlling Access To Resources (Example: Using the Broker Entitlement Policy to explicitly exclude a user from accessing desktops with a Delivery Group)1.Login to StoreFront and Show 3 Desktops available for User12.from within PoSH on DC1 change the Entitlement Policy for the Win7 pooled Delivery Group to exclude user1:Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $true -ExcludedUsers training\user13.Refresh or logout/in again to StoreFront and notice that only 2 Desktops are now available for User1 (My Win7 Pooled Desktops button is missing)4.Discuss how to revert exclusions: Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -RemoveExcludedUsers training\user1 -ExcludedUserFilterEnabled $falseorSet-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $false -ExcludedUsers @()
The above policies (Entitlement & Assignment) control access to resources and also the conditions (Access Policy) under which resources can be accessed.Assignment policies are useful if you are assigning users on first use at the Delivery Group level. No impact if you exclude the same user that you pre-assign to a desktop as the pre-assignment will override the exclusion.
Without any exclusions set, User1 has access to Three delivery Groups and the contained Desktops through association with the Domain Users Group…
To set an exclusion use the following command as an example: Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $true -ExcludedUsers training\user1
After editing the existing Broker Entitlement Policy for the Training Win7 Delivery Group and excluding user1 refreshing StoreFront will reflect this…Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $true -ExcludedUsers training\user1
Tip 4: Exploring Citrix PowerShell Providersshow usage of XDHYP: and LocalGPO: PS-DrivesRun Get-PSProviderchange Dir to XDHYP:cd to Hostingunits dirrun Set-Item -LiteralPath xdhyp:\hostingunits\local -UseLocalStorageCaching $true to enable intellicacheadd new machine to existing catalog or crate new catalog = ERRORrun Set-Item -LiteralPath xdhyp:\hostingunits\local -UseLocalStorageCaching $false to disable intellicachecd into localgpo: driveRun help New-PSDrive -full and create simple HDX policy in Site DBCreating a HDX Policy in Site DB:Create New PSDrive: New-PSDrive Webinar -PSProvider CitrixGroupPolicy -Root \ -Controller DC1drill down to \user\training\settings\ICA>create setting and enable value: Set-ItemProperty ReadonlyClipboard -Name State -Value enabledSet tag through Citrix Studio and launch W7dedicated1 through Storefront as user1 and check to see if policy has been applied
Windows includes some default PSProviders to mount and access the registry and File System through PoSH…
UseSet-Item -LiteralPath xdhyp:\hostingunits\local -UseLocalStorageCaching $true to enable intellicache (LocalStorageCaching) for the Hosting Unit.Local = HostingUnitNameNote: LocalStorageCaching is only supported on NFS shared storage and as per the screenshot above where local storage is being used, Citrix Studio will throw an error when trying to add machines to an existing MCS based catalog or when trying to create a new Catalog – see next slide for an example.
The following issue will be seen if Intellicache (LocalStorageCaching)is enabled for local storageTo Resolve the above issue you could disable Intellicache (LocalStorageCaching)Set-Item -LiteralPath xdhyp:\hostingunits\local -UseLocalStorageCaching $false
We can use the CitrixGroupPolicy PSProvider to create and edit polices in AD and in the Site DB. Understanding how to do this can be very useful especially for automation purposes…
Filters can also be configured through PoSH…
After launching a desktop associated with the training tag, you can open the registry and confirm that the policy was applied correctly. This validates the usage of tags in relation to HDX policy filtering.
Note: Logoff options will not impact Pooled machines of course as a pooled machine will always restart at logoff regardless of power policy setting through the SDK
Note: Timeout is set in minutes
Tip 2: Using the Site Access Policy to Restrict Access to ResourcesExample:within PoSH run Get-BrokerAccessPolicyRule -DesktopGroupName "Training Win7 - Dedicated" to return both default rules for the "Training Win7 - Dedicated" delivery GroupRun Set-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct" -ExcludedClientIPFilterEnabled $true -ExcludedClientIPs 192.168.10.29 to restrict access from the Win7Client machineLog into Storefront as Training User1 and notice that the Win7 Dedicated machine icon is no longer visibleremove filter: Set-BrokerAccessPolicyRule "Training Win7 - Dedicated_Direct" -ExcludedClientIPFilterEnabled $false -ExcludedClientIPs @()
After applying the ExcludedClientIPs filter to the direct default access policy of the Training Win7 – Dedicated delivery Group, the machines will no longer be available through Storefront…
Create Instance Scripts for each service running on DC1 (Controller)Configure the DB connection string for each serviceRegister each service with the Configuration serviceLets take a look…
Create Instance Scripts for each service running on DC1 (Controller)Configure the DB connection string for each serviceRegister each service with the Configuration serviceLets take a look…
Create Instance Scripts for each service running on DC1 (Controller)Configure the DB connection string for each serviceRegister each service with the Configuration serviceLets take a look…
For more XD Tipster Blogs see the official Citrix Blogs page and/or follow @Xdtipster for announements
At Citrix Services - we’re Citrix consultants, teachers and support engineers and we’re all about one thing: making sure you succeed.With our help, you’ll deploy high-performance, robust virtualization and networking projects, faster – with dramatically lower risk and higher return.The best Citrix architects and administrators are the ones who never stop learning – and Citrix Education is here to help you learn those skills.Citrix Consulting gives you direct access to our most experienced virtualization and networking experts.When it’s complex; when it’s mission-critical; when it’s big; That’s when Citrix consultants can really help.On your virtualization journey, you’ll want always-on support from people who really care about your success.There’s no better insurance for your Citrix investment than with Citrix Support.
Secrets of the Citrix Support Ninjas is a FREE eBook available next week.The eBook contains 40 insider troubleshooting tips for administrators.So the purpose of the eBook is to help administrators like you keep your Citrix deployments on track.We’ve collected some of their best tips and tricks for running robust Citrix environments and packaged them up into a free eBook.In it, you’ll discover some of the little-known tricks that our own support people use every day to tune, tweak, troubleshoot and test Citrix solutions. You may know a few of these tips. But you probably don’t know them all.And – you never know – you might discover just one that will change your life as an administrator.Let me give you a sneak peak now.