XenApp & XenDesktop 7.x – Logon delay of 20 seconds at ” Please wait for Citrix User Profile Manager”


If you ever have a situation where your Citrix logons sits on “Please wait for Citrix User Profile Manager” for around 20 – 25 sec, you have come to the right post. I have had this strange one where users started to see their logons taking longer than usual. Below is my setup and your results may vary depending on the UPM version that you are running

  • XenApp 7.5 site
  • Server 2012 R2 VDAs
  • Citrix UPM 5.1
  • McAfee AV 8.8

Issue Manifestation – Delay of 20-25 seconds on ” Please wait for Citrix User Profile Manager” and this was consistent.

Remediation – Turn ON Citrix Profile Streaming

I am partially to blame for this issue as I had turned OFF Profile Streaming when I had my users complaining that the logoff was taking a little while. Now i need to figure out what is causing the logoffs to take roughly 10 seconds to complete. Already looked at the AV side of things and i have the required Exclusions. Hunt continues and will update with the findings..

So that’s a quick one there for you guys and hopefully someone will find it useful. If you find it working/not working for you, let me know

Citrix XenApp – Long Logon Times and Potential Fixes


Long logon times in Citrix is a dreadful situation to be in as an end-user and as an Administrator and is the no 1 reason people hate Citrix. I have had a similar issue recently for one of my deployments with XenApp 7.5 on Windows Server 2012 R2 workloads. My logon times averaged around 30 seconds which is not bad at all. I still wanted to make it a tad better and my target was to bring it under 15 seconds 🙂 Wish me luck , peeps!

Below are a few things that you can do to reduce the logon times. This is going to be a living document as over time new XenApp releases are going to come out and what works on one version may not necessarily work on the others. Having said, that the list below is a generic list of checks that is applicable to most of the Citrix releases till date. Please feel free to comment below with your findings so that I can update it and make the list better.

If you have Citrix Director in your environment, that would be the first place to look. It gives you in-depth details on where the profile load takes longer so that you can focus on those areas first.

I had Citrix Director and looking at it, Interactive Session seems to take a major chunk of the overall login time.

  1. Anti-Virus – This is one item that is overlooked often so ensure that you have set the required exclusions for your AV product. I would even go head and recommend turning OFF Real-time scanning for MCS/PVS created images as they are only read only. Please ensure that you run Real-time scanning on the network shares that hosts the profiles/home folders and also on the Write Cache location in case of PVS images.
  2. Enable Legacy Graphics Mode –This is a Citrix policy and enabling this is found to increase the logon speed. This is Adaptive Display First Generation which is good on older operating systems like Windows Server 2008 R2. Not recommended to be enabled in Windows Server 2012 R2 and newer as it is found to cause some/all applications to fail consistently or randomly. In short, apply this setting only if you have a reason to and with caution if your workloads are Windows Server 2012 R2 / Windows 8.x
  3. Remove CD-ROM drives from your virtual Citrix servers – May sound silly but having a CD-Drive on the server is found to increase the logon time.
  4. Active Setup – My suggestion is to check the Active Setup on the Citrix servers. I use SysInternals Autoruns tool to disable (not delete) the unwanted Active Setup keys under Installed components for HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components  as well.
  5. Autoruns This is a brilliant tool from SysInternals and throws a lot of light into what runs under the hood when a user logs in to a Windows Server. Run this and disable all that is not required for your environment.
  6. Internet Explorer – Uncheck In Internet Explorer Options Advanced -> Security,  disable “Check for publisher´s certificate revocation” and “Check for Server Certificate Revocation
  7. DisableStatus registry – Again apply this fix with caution as this is found to introduce the blue login screen(Windows GINA) when accessing applications which is not ideal. http://support.citrix.com/article/CTX135782 . Some have reported to have reduce the login times by doing this.
  8. Citrix UPM Profile Streaming – Profile Streaming is sometimes found to adversely affect the logon times especially when McAfee is used. Turn OFF UPM Profile Streaming completely to see if it makes any difference or if you don’t want to do that, consult with McAfee if there is a patch available. There will be one most likely.
  9. Themes Key in Active Setup – Remove the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}. Make sure that the key is removed for the user profile as well under HKCU
  10. Receiver version – Use the latest stable version of Receiver on the client devices. Running the latest version on the server side will help in launching published application quickly when users are using Published Desktops.
  11. Drive Mappings – It could either be via logon scripts or via GPPs. Citrix Director can easily show you if this is the case so that you can focus on the right area from the beginning itself. if you have Citrix WEM, move all or most of your drive mapping into it to map them as a background task once the Desktop is shown to the user.
  12. Printer Mappings – Same as drive mappings. the GPPs should be set to move on if it errors and not wait for it and time out. Else, use WEM.
  13. Group Policy Processing errors – Look in the Event Viewer for any potential policy processing errors and fix them.
  14. Default delay of 5-10 seconds for VDAs based on Windows 8.x and Server 2012 – Microsoft introduced a delay of 5-10 secs for operating systems starting from Windows 8 and hence this does apply to Server 2012 OSes as well. To remove the delay, add the registry value StartupDelayInMSec (REG_DWORD) to 0 in HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\Serialize   (You can add the key “Serialize” if not present already). This will greatly reduce the “interactive logon” delays
  15. Profile Sizes – This should have been higher up in the order, TBH; Check the size of user profiles and find out what is causing the profile bloat. In most cases, publishing Google Chrome and Firefox is one of the most common causes of large profile sizes. It is recommended to exclude the whole of \AppData\Local\Google\Chrome and just have the per-requisite files/ folder synchronized using UPM policy. I would start with the below synchronization list for Chrome
AppData\Local\Google\Chrome\User Data\First Run
AppData\Local\Google\Chrome\User Data\Local State
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Google\Chrome\User Data\Default\Favicons
AppData\Local\Google\Chrome\User Data\Default\History
AppData\Local\Google\Chrome\User Data\Default\Preferences

You can find more about Chrome and Firefox exclusion and synchronization policies here

Also check my Citrix UPM baseline policies and recommended exclusions here

16. Enable the Microsoft policy “Set maximum wait time for the network if a user has a roaming user profile or remote home directory” and set the value to 0. The policy could be found under Computer Configuration – Policies – Administrative Templates – System – User Profiles

17. Check the Citrix KB here – http://support.citrix.com/article/CTX133595/

18. In case you are using VDA versions below 7.14.1 (7.14 excluded), Check this key out

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Under the Run key, you are most likely to find the below entry

30

If you see this entry, that is why your Interactive Logon times are too high. You will need to delete that key and add the same key under here

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Find the Userinit REG_SZ value and append the value as in the screenshot below.

31

Please note that you will need to use a trailing comma at the end of the line, else your applications wouldn’t launch.

In my case it turned out to be the UPM process UpmUserMsg.exe and it made a massive difference to the login times. In newer VDA versions, this issue isn’t there and the UPM process has been renamed to UpmEvent.exe.

19. Citrix Workspace Environment Manager (WEM)This is a must have for any Citrix deployments; Helps speed logon times, provide system optimization, manage user profiles, user personalization and much more. There is absolutely no reason not to deploy this in your environment. I have already written about WEM here and here so please check it out if you want to explore further. General rule of thumb is to shift everything to WEM what Group Policy Preferences (GPP) are currently set up to do.

20. If using Windows 10 VDAs, Check this Citrix KB and also check this Citrix forum discussion here Computer Configuration – Administrative Templates- System – Logon

Activate the GPO “Show clear logon Background

This policy setting disables the acrylic blur effect on logon background image.

21. If you are running an older version if Director, You can use the PowerShell script found here to get the login time splits.

22. If you use multiple monitors for Citrix sessions, try a single monitor and see if the logon time reduces. Try the GPO Computer Configuration > Administrative Templates > System > Logon > “Show first sign-in Animation” Citrix Discussions link here

There is another fantastic article out there on XenAppBlog which is an interesting read too.

I will continue to update the post as I find out more and please feel free to post your comments below.

Using Group Policies to populate IE Favorites


Here is one of the easiest way to populate Favorites in Internet Explorer using Microsoft group policies.

Using Group Policy to populate the favorites in Internet Explorer allows you to make sure your users have quick access to mission critical websites.  To do this, create or use an existing GPO that is properly scoped to the users you want to publish the links to.

In Group Policy Manager right click the GPO and click Edit.

Expand User Configuration / Policies \ Windows Settings / Internet Explorer Maintenance / URLs

Double click Favorites and Links
image

Click Add URL

Provide a name and a URL.  You can even provide the location for a custom icon for the site.

Click OK.
image

Once you are finished, click OK in the Favorites and Links window.

Close the Group Policy Management Editor to save the policy.

Refresh the Group Polices on a client and test.
image
Should the user delete this link, it will re-appear at the next Group Policy refresh.