XenApp & XenDesktop 7.x – Citrix Director Load Balancing using NetScaler


Here is a quick and easy way to load balance your Citrix Director instances in a XenApp or XenDesktop environment.

Below is my environment

  • Citrix Director servers ( Controller servers in most cases) – director-1 and director-2
  • A NetScaler HA pair ( you can do this on a stand alone NetScaler as well)

 

Monitors

Firstly, create a monitor for the Director services

Navigate to Traffic Management >Load Balancing >Monitors and click Add

mon1

Give it a name and select type as HTTP ( if there are no SSL certificates installed on the Director servers). Click on the Special Parameters tab and under the HTTP Type box, enter GET /Director/LogOn.aspx?cc=true

mon3

Before you click Create, ensure that it is enabled and Secure box is ticked if SSL certs are being used.

mon4

Click Create

Servers

  • Second step is to create Servers

Navigate to Traffic Management >Load Balancing >Servers and click Add

mon5

Add your Director servers here

mon6

Similarly, add the second Director servers as well

Service Groups

  • Now create the Service Group

Navigate to Traffic Management >Load Balancing >Service Groups and click Add

mon7

Give the Service Group a name and protocol is HTTP and click OK

mon8

Now Edit the service group that was just created and click on Service Group members and add the newly created services, director-1 and director-2

mon9

Once added, it will look like the below

mon10

 

Click Close. Click on the Monitors link as below and add the monitor that was created in Step 1

mon11

Once add the screen will look like the below. Click Close

mon12

The service group will look like the below once the above steps are completed.

mon13

Click Done

Responder Policy

A Responder policy needs to be created to redirect the users from the root of the IIS web server to the Director page.

Please note that Responder feature may need to be enabled first before you can use it.

Click on the + sign next to AppExpert and select Responder. Right click and choose Enable Feature. The yellow exclamation mark will disappear when you do that.

Once enabled, Navigate to AppExpert >Responder > Actions

mon14

Now think of a nice name to call the load balanced Director instance. you will need to add a DNS host entry later on for this name. the name that i have chosen is director

Give it a descriptive name and use the drop down for Type to select Redirect

Under Expressions, type the string here with the quotes as below

"http://director.domain.co.nz/Director"

mon15

Click Create

Time now to create the Responder policy. The one that we created earlier was a Responder action.

Give a descriptive name to the Responder policy and under the Action drop down menu, select the name of the action that was created in previous step. Under the Expressions field,  type

HTTP.REQ.URL.CONTAINS(“Director”).NOT

mon16

Click Create

Virtual Server for Load balancing

Reserve an IP address to use for the virtual server.

On the left, navigate to Traffic Management >Load Balancing >Virtual Servers and click Add on the right. Give it a name and select the Protocol as HTTP

Specify the IP address for virtual server and the port number as 80. Click OK.  Note that in production environments, use secure Director access by using an SSL certificate. For the purpose of demo, we are using an unsecure connection

mon17

On the page where it says, Services and Service Groups, click No Load Balancing Virtual Server ServiceGroup Binding

mon18.PNG

Add the service group that was created in earlier steps

Click Continue

On the right hand side under Advanced Settings, Click Persistence

Select SOURCE IP as the Persistence and change the timeout value to 245 ( the default time out value for Director is 245 mins). Leave the rest of the settings as defaults and Click OK

mon19

Now, move on to the right hand side again and select Policies

Select Responder as the policy and Type as Request and click Continue

mon20.

Select the redirect policy created earlier and click Bind

mon21

Click Done

Ensure that the virtual server is marked as UP in green.

DNS Config

Create a host A record in DNS for the name which in my case is director

Test the Director URL and ensure that it redirects you to the correct URL and also login and confirm that Director is usable.

That’s all you need to do to setup Director load balancing using NetScaler.

 

 

 

 

Citrix XenApp – Long logon times and potential fixes


Long login times are something that we have been hearing from time to time working with Citrix XenApp /XenDesktop environments. I have had a similar issue recently for one of my deployments with XenApp 7.5 on Windows Server 2012 R2 workloads. My logon times averaged around 30 seconds which is not bad at all. I still wanted to make it better and my target was to bring it under 15 seconds 🙂

Below are a few things that you can do to reduce the logon times. Please note that this is not a comprehensive list so feel free to comment below with your findings on this post so that i can update it and make the list better.

If you have Citrix Director in your environment, that would be the first place to look. It gives you in-depth details on where the profile load takes longer so that you can focus on those areas first.

I had Citrix Director in the environment and looking at it, Interactive Session seems to take a major chunk of the overall login time.

  1. Anti-Virus – This is one item that is overlooked often so ensure that you have set the required exclusions for your AV product. I would even go head and recommend turning OFF Real-time scanning for MCS/PVS created images as they are only read only. Please ensure that you run Real-time scanning on the network shares that hosts the profiles/home folders and also on the Write Cache location in case of PVS images.
  2. Enable Legacy Graphics Mode –This is a Citrix policy and enabling this is found to increase the logon speed. This is Adaptive Display First Generation which is good on older operating systems like Windows Server 2008 R2. Not recommended to be enabled in Windows Server 2012 R2 as it is found to cause some/all applications to fail consistently or randomly. In short, apply this setting with caution if your workloads are Windows Server 2012 R2 / Windows 8.x
  3. Remove CD-ROM drives from your virtual Citrix servers – May sound silly but having a CD-Drive on the server is found to increase the logon time.
  4. Active Setup – My suggestion is to check the Active Setup on the Citrix servers. I use SysInternals Autoruns tool to disable (not delete) the unwanted Active Setup keys under Installed components for HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components  as well.
  5. Autoruns This is a brilliant tool from SysInternals and throws a lot of light into what runs when a user logs in to a Windows Server. Run this and disable all that is not required for your environment.
  6. Internet Explorer – Uncheck In Internet Explorer Options Advanced -> Security,  disable “Check for publisher´s certificate revocation” and “Check for Server Certificate Revocation
  7. DisableStatus registry – Again apply this fix with caution as this is found to introduce the blue login screen(Windows GINA) when accessing applications which is not ideal. http://support.citrix.com/article/CTX135782 . Some have reported to have reduce the login times by doing this.
  8. Citrix UPM Profile Streaming – Profile Streaming is sometimes found to adversely affect the logon times especially when McAfee is used. Turn OFF UPM Profile Streaming completely to see if it makes any difference.
  9. Themes Key in Active Setup – Remove the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}. Make sure that the key is removed for the user profile as well under HKCU
  10. Receiver version – Use the latest stable version of Receiver on the client devices. Running the latest version on the server side will help in launching published application quickly.
  11. Drive Mappings – It could either be via logon scripts or via GPPs. Citrix Director can easily show you if this is the case so that you can focus on the right area from the beginning itself.
  12. Printer Mappings – Same as drive mappings. the GPPs should be set to move on if it errors and not wait for it and time out.
  13. Group Policy Processing errors – Look in the EventViewer for any potential policy processing errors and fix them.
  14. Default delay of 5-10 seconds for VDAs based on Windows 8.x and Server 2012 – Microsoft introduced a delay of 5-10 secs for operating systems starting from Windows 8 and hence this does apply to Server 2012 OSes as well. To remove the delay, add the registry value StartupDelayInMSec (REG_DWORD) to 0 in HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\Serialize   (You can add the key “Serialize” if not present already). This will greatly reduce the “interactive logon” delays
  15. Last but not the least (this should have been higher up in the order), check the size of user profiles and find out what is causing the profile bloat. In most cases, publishing Google Chrome and Firefox is one of the most common causes of large profile sizes. It is recommended to exclude the whole of \AppData\Local\Google\Chrome and just have the per-requisite files/ folder synchronized using UPM policy. I would start with the below synchronization list for Chrome
AppData\Local\Google\Chrome\User Data\First Run
AppData\Local\Google\Chrome\User Data\Local State
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Google\Chrome\User Data\Default\Favicons
AppData\Local\Google\Chrome\User Data\Default\History
AppData\Local\Google\Chrome\User Data\Default\Preferences

You can find more about Chrome and Firefox exclusion and synchronization policies here

16. Enable the Microsoft policy “Set maximum wait time for the network if a user has a roaming user profile or remote home directory” and set the value to 0. The policy could be found under Computer Configuration – Policies – Administrative Templates – System – User Profiles

17. Check the Citrix KB here – http://support.citrix.com/article/CTX133595/

In my case it turned out to be the Active setup key for Themes and the CD-ROM – made a difference of ~ 12 seconds

There is another fantastic article out there on XenAppBlog

That’s an interesting read as well. i will continue to update the post as I find out more and please feel free to post your comments below.

Pre-populate domain name in Citrix Director – XenDesktop


Citrix Director URL doesn’t populate the domain name automatically for you and this can’t be done via the GUI either at least up to XenDesktop 7.1.

To achieve this, you would need to manually edit the LogOn.aspx file on the XenDesktop Delivery Controllers(at least in my case, the Director role was installed on DDCs)  If you have multiple DDCs, the change has to be made on all. Or If the Director role is installed on any other server, then the changes need to be performed on them and not the DDCs.

The LogOn.aspx file could be located at

C:\inetpub\wwwroot\Director

Open the file in Notepad ( Ensure that the Notepad file is opened as an Administrator) and Turn Off Word Wrap first. I found it easy to find what you are looking for this way. Now towards the bottom of the file, you will see the below text and you would have to insert the highlighted text after <asp:TextBox ID=”Domain”

</div>
                            <div class='indicator-bar' id='Domain-bar'></div>
                            <asp:TextBox ID="Domain" Text="MYDOMAIN" readonly="true" runat="server" CssClass="text-box" onfocus="showIndicator(this);" 
                                onblur="hideIndicator(this);"></asp:TextBox> <br/>
                            <asp:Panel runat="server" class="error eight" ID="Failure" Visible="False">

 

Capture

Save the file and access Director URL to confirm the changes.

ISS Roles Required for Citrix Desktop Director


Desktop Director runs on top of Microsoft IIS. The below are the IIS roles required for Desktop Director to function properly.

 

  • Web Server > Common HTTP Features >
Static Content
Default Document
HTTP Errors
HTTP Redirection
  • Web Server > Application Development >
ASP.NET
.NET Extensibility
ISAPI Extensions
ISAPI Filters
  • Web Server > Health and Diagnostics >
HTTP Logging
Tracing
  • Web Server > Security >
Request Filtering
  • Web Server > Performance >
Static Content Compression
Dynamic Content Compression
  • Web Server > Management Tools >
IIS Management Console
Management Service
  • Web Server > Management Tools > IIS 6 Management Compatibility
IIS 6 Metabase Compatibility

Desktop Director 2.1


Desktop Director is a tool that will utilize role-based permission sets to support the daily usage of Citrix products.

It enables support teams to perform basic maintenance tasks and to monitor and troubleshoot system issues.

Desktop Director 1.0 was introduced with XenDesktop 5 and Desktop Director 2.0 supports troubleshooting XenApp sessions.

Role-based access control – assign appropriate permissions to specific roles to perform certain operation. Full administrator can view all and make changes. Read-only administrator can view all but cannot perform tasks. Help desk administrator can perform day-to-day monitoring and maintenance tasks (restarting desktops or logoff sessions).

The below guide gives a quick insight on how the version 2.1 differs from previous releases of DD.

DesktopDirector2.1