XenApp & XenDesktop 7.x – Logon delay of 20 seconds at ” Please wait for Citrix User Profile Manager”


If you ever have a situation where your Citrix logons sits on “Please wait for Citrix User Profile Manager” for around 20 – 25 sec, you have come to the right post. I have had this strange one where users started to see their logons taking longer than usual. Below is my setup and your results may vary depending on the UPM version that you are running

  • XenApp 7.5 site
  • Server 2012 R2 VDAs
  • Citrix UPM 5.1
  • McAfee AV 8.8

Issue Manifestation – Delay of 20-25 seconds on ” Please wait for Citrix User Profile Manager” and this was consistent.

Remediation – Turn ON Citrix Profile Streaming

I am partially to blame for this issue as I had turned OFF Profile Streaming when I had my users complaining that the logoff was taking a little while. Now i need to figure out what is causing the logoffs to take roughly 10 seconds to complete. Already looked at the AV side of things and i have the required Exclusions. Hunt continues and will update with the findings..

So that’s a quick one there for you guys and hopefully someone will find it useful. If you find it working/not working for you, let me know

Citrix XenApp – Long logon times and potential fixes


Long login times are something that we have been hearing from time to time working with Citrix XenApp /XenDesktop environments. I have had a similar issue recently for one of my deployments with XenApp 7.5 on Windows Server 2012 R2 workloads. My logon times averaged around 30 seconds which is not bad at all. I still wanted to make it better and my target was to bring it under 15 seconds 🙂

Below are a few things that you can do to reduce the logon times. Please note that this is not a comprehensive list so feel free to comment below with your findings on this post so that i can update it and make the list better.

If you have Citrix Director in your environment, that would be the first place to look. It gives you in-depth details on where the profile load takes longer so that you can focus on those areas first.

I had Citrix Director in the environment and looking at it, Interactive Session seems to take a major chunk of the overall login time.

  1. Anti-Virus – This is one item that is overlooked often so ensure that you have set the required exclusions for your AV product. I would even go head and recommend turning OFF Real-time scanning for MCS/PVS created images as they are only read only. Please ensure that you run Real-time scanning on the network shares that hosts the profiles/home folders and also on the Write Cache location in case of PVS images.
  2. Enable Legacy Graphics Mode –This is a Citrix policy and enabling this is found to increase the logon speed. This is Adaptive Display First Generation which is good on older operating systems like Windows Server 2008 R2. Not recommended to be enabled in Windows Server 2012 R2 as it is found to cause some/all applications to fail consistently or randomly. In short, apply this setting with caution if your workloads are Windows Server 2012 R2 / Windows 8.x
  3. Remove CD-ROM drives from your virtual Citrix servers – May sound silly but having a CD-Drive on the server is found to increase the logon time.
  4. Active Setup – My suggestion is to check the Active Setup on the Citrix servers. I use SysInternals Autoruns tool to disable (not delete) the unwanted Active Setup keys under Installed components for HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components  as well.
  5. Autoruns This is a brilliant tool from SysInternals and throws a lot of light into what runs when a user logs in to a Windows Server. Run this and disable all that is not required for your environment.
  6. Internet Explorer – Uncheck In Internet Explorer Options Advanced -> Security,  disable “Check for publisher´s certificate revocation” and “Check for Server Certificate Revocation
  7. DisableStatus registry – Again apply this fix with caution as this is found to introduce the blue login screen(Windows GINA) when accessing applications which is not ideal. http://support.citrix.com/article/CTX135782 . Some have reported to have reduce the login times by doing this.
  8. Citrix UPM Profile Streaming – Profile Streaming is sometimes found to adversely affect the logon times especially when McAfee is used. Turn OFF UPM Profile Streaming completely to see if it makes any difference.
  9. Themes Key in Active Setup – Remove the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}. Make sure that the key is removed for the user profile as well under HKCU
  10. Receiver version – Use the latest stable version of Receiver on the client devices. Running the latest version on the server side will help in launching published application quickly.
  11. Drive Mappings – It could either be via logon scripts or via GPPs. Citrix Director can easily show you if this is the case so that you can focus on the right area from the beginning itself.
  12. Printer Mappings – Same as drive mappings. the GPPs should be set to move on if it errors and not wait for it and time out.
  13. Group Policy Processing errors – Look in the EventViewer for any potential policy processing errors and fix them.
  14. Default delay of 5-10 seconds for VDAs based on Windows 8.x and Server 2012 – Microsoft introduced a delay of 5-10 secs for operating systems starting from Windows 8 and hence this does apply to Server 2012 OSes as well. To remove the delay, add the registry value StartupDelayInMSec (REG_DWORD) to 0 in HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\Serialize   (You can add the key “Serialize” if not present already). This will greatly reduce the “interactive logon” delays
  15. Last but not the least (this should have been higher up in the order), check the size of user profiles and find out what is causing the profile bloat. In most cases, publishing Google Chrome and Firefox is one of the most common causes of large profile sizes. It is recommended to exclude the whole of \AppData\Local\Google\Chrome and just have the per-requisite files/ folder synchronized using UPM policy. I would start with the below synchronization list for Chrome
AppData\Local\Google\Chrome\User Data\First Run
AppData\Local\Google\Chrome\User Data\Local State
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Google\Chrome\User Data\Default\Favicons
AppData\Local\Google\Chrome\User Data\Default\History
AppData\Local\Google\Chrome\User Data\Default\Preferences

You can find more about Chrome and Firefox exclusion and synchronization policies here

16. Enable the Microsoft policy “Set maximum wait time for the network if a user has a roaming user profile or remote home directory” and set the value to 0. The policy could be found under Computer Configuration – Policies – Administrative Templates – System – User Profiles

17. Check the Citrix KB here – http://support.citrix.com/article/CTX133595/

18. In case you are using VDA versions below 7.14.1 (7.14 excluded), Check this key out

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Under the Run key, you are most likely to find the below entry

30

If you see this entry, that is why your Interactive Logon times are too high. You will need to delete that key and add the same key under here

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Find the Userinit REG_SZ value and append the value as in the screenshot below.

31

Please note that you will need to use a trailing comma at the end of the line, else your applications wouldn’t launch.

In my case it turned out to be the UPM process UpmUserMsg.exe and it made a massive difference to the login times. In newer VDA versions, this issue isn’t there and the UPM process has been renamed to UpmEvent.exe.

19. Citrix Workspace Environment Manager (WEM)This is a must have for any Citrix deployments; Helps speed logon times, provide system optimization, manage user profiles, user personalization and much more. There is absolutely no reason not to deploy this in your environment.

There is another fantastic article out there on XenAppBlog

That’s an interesting read as well. i will continue to update the post as I find out more and please feel free to post your comments below.

Using Group Policies to populate IE Favorites


Here is one of the easiest way to populate Favorites in Internet Explorer using Microsoft group policies.

Using Group Policy to populate the favorites in Internet Explorer allows you to make sure your users have quick access to mission critical websites.  To do this, create or use an existing GPO that is properly scoped to the users you want to publish the links to.

In Group Policy Manager right click the GPO and click Edit.

Expand User Configuration / Policies \ Windows Settings / Internet Explorer Maintenance / URLs

Double click Favorites and Links
image

Click Add URL

Provide a name and a URL.  You can even provide the location for a custom icon for the site.

Click OK.
image

Once you are finished, click OK in the Favorites and Links window.

Close the Group Policy Management Editor to save the policy.

Refresh the Group Polices on a client and test.
image
Should the user delete this link, it will re-appear at the next Group Policy refresh.