Citrix XenDesktop Studio Error – Changes made to Policies Outside of this console, such as PowerShell or management tools from previous versions, resulted in a discrepancy between policies


I am not sure what I have done wrong in this case  and these things happen when you least expect. I was doing some changes to Citrix policies and had to add a couple of new policies to setup XenDesktop printing for my customer. I did also rearrange the policy priorities and that’s all I know or could remember. Policy node under Studio started throwing the below error message.

The priorities for policy Unfiltered and policy <policy name> interfere with each other in the “user” and “computer” components. The priorities must be assigned in the same order for both policies

Capture37

That’s the first time I had ever come across something like that and I knew I had to work my magic with PowerShell to get it right. I still wasn’t sure of managing Citrix Policies via PowerShell. Did a quick Google search and came across this from Citrix http://blogs.citrix.com/2013/07/15/merging-of-user-and-computer-policies-in-xendesktop-7-0/

Ok, that gave me a start. I decided to give it a try and see what is in store for me.

 

Ran PowerShell in admin mode and entered the below command.

asnp Citrix*

Mount a drive letter for the provider, here I’m using “Site” as the drive and running it right from the Broker/DDC server

New-PSDrive Site -PSProvider CitrixGroupPolicy -Root \ -Controller localhost

Capture38

cd Site:\User

Now you are in the User policy container and will be able to see all the XenDesktop User Policies. I took a note of  the policies that showed issues from the error message before and checked their priorities and I couldn’t find anything wrong with the assigned priorities. That’s different to what the error said.

To see all the User policies run the below

ls

Capture39

 

I did the same for the Computer policy as well by running the below

cd..
cd Computer
ls

 

Took note of the priorities and of course they are different as well. I ported the results in a Notepad and did a comparison as well and they indeed have different priorities

Name : Profile Settings and User Workspace for VDI Users
Description : This Policy will NOT take effect on Windows XP and Win Server 2003 due to UPM v5.0
Enabled : False
Priority : 4
PSPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\User\Profile Settings and User Workspace for VDI
Users
PSParentPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\User
PSChildName : Profile Settings and User Workspace for VDI Users
PSDrive : Site
PSProvider : Citrix.Common.GroupPolicy\CitrixGroupPolicy
PSIsContainer : True
*************************************************************************************************
Name : Profile Settings and User Workspace for VDI Users
Description : This Policy will NOT take effect on Windows XP and Win Server 2003 due to UPM v5.0
Enabled : False
Priority : 3
PSPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\Computer\Profile Settings and User Workspace for
VDI Users
PSParentPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\Computer
PSChildName : Profile Settings and User Workspace for VDI Users
PSDrive : Site
PSProvider : Citrix.Common.GroupPolicy\CitrixGroupPolicy
PSIsContainer : True
**********************************************************************************************************
Name : Unfiltered
Description : This is the system-created default policy, it cannot be deleted. Note that its settings will apply to
all connections.
Enabled : True
Priority : 5
PSPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\User\Unfiltered
PSParentPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\User
PSChildName : Unfiltered
PSDrive : Site
PSProvider : Citrix.Common.GroupPolicy\CitrixGroupPolicy
PSIsContainer : True
*********************************************************************************************************************
Name : Unfiltered
Description : This is the system-created default policy, it cannot be deleted. Note that its settings will apply to
all connections.
Enabled : True
Priority : 2
PSPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\Computer\Unfiltered
PSParentPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\Computer
PSChildName : Unfiltered
PSDrive : Site
PSProvider : Citrix.Common.GroupPolicy\CitrixGroupPolicy
PSIsContainer : True
**************************************************************************************************

Next, I tried to disable one of the conflicting policies. Remember, this needs to be done for both User and Computer containers.

Computer Policy First

Capture40

Ran the above to check the Status of the policy I want to disable.

Now run the set command as below

Set-ItemProperty . -Name Enabled -Value False

Capture41

Repeat the same for the User container for the same policy as below

Capture42

I thought that had fixed it and went back to Studio and gave the Policy node a refresh. Nope, it didnt.

Still the same error.

I decided to remove the offending policy altogether; again this had to be done for the User and Computer.

From the Computer Container – you need to run the below to remove the Computer settings in the policy

Remove-Item "Profile Settings and User Workspace for VDI Users"

Capture43

When PS prompts, say A to remove all the child objects and Recurse parameters

Perform the same for User settings for the same policy. Same command as before but from the User space.

Capture44

Remove-Item "Profile Settings and User Workspace for VDI Users"

 

 

Refresh the Policy node in Studio and viola, I can see all my policies with an exception of the deleted one. I don’t mind it now as I can easily recreate it and I just didn’t have the time to investigate further. A word of advice, it is always recommended to save your Prod policies as a template so in case they gets corrupted, they can be easily reinstated. you would still have to apply the filters though.

 

Qfarm/load does not Return any Server Load Information


Symptoms

When the command Qfarm/load is carried out, the server load information is not returned.

Cause

This issue is leaked because of the invalid zones that are associated with the servers in the farm. The issue is usually caused by zones being created and deleted, servers moving in and out of zones and not immediately being rebooted which can leave the servers with the old information.

Resolution

To resolve the issue, complete the following steps:

  • Run the following command from the command prompt of the Zone data Collector. This gathers the dynamic store information of Zone Data Collector:

Queryds /table:LMS_ServerLoadTable > c:\loadtable.txt
(The c:\ can be replaced by any local drive on the XenApp server)

  • Run a CDF trace for 30 seconds on all modules from the Zone Data Collector and simultaneously run the command Qfarm /load from the command prompt of the zone data collector.
  • Upload both the queryds output log and the cdftrace .etl file to the automatic support site for analysis.

To find the servers that have issues, open the queryds log in Notepad and look for any servers that are listed in a zone that does not exist.

In the cdf trace, look for the following errors:

  • “IMA_BUF_BinBuffer::ReadStringObject size<=0 00B895E4 0 00B88CBC 00B895E4 20
    and
  • Read fetch Errored Uid: 1796-000c-00006692 (the Uid will be different as it a unique identifier for the XenApp server)”

There must be a matching host ID in the queryds output log that shows the server that has the issue.

name : 1796-000c-00006692

host : XenAppServerName

zone : Zone 5

Once the server or servers have been identified, remove them from the server farm and run the command dscheck /full servers to ensure that the servers are no longer part of the farm.

Once that has been verified, the command qfarm /load must now run without issues, and then add the problem servers back to the farm, and the command qfarm /load must continue to work.

The issue can also occur if the server was removed from the farm but XenApp was not removed from the server. The XenApp might still contact the ZDC causing the issue. If yes, just turn off the machine to resolve the issue. The command queryds in the preceding section will not show the server.

Note: The local host cache must be recreated on all servers or on the zone data collector of the farm if the dscheck command shows the servers in the database after removal, and run the command dscheck with the clean switch to remove them.

More Information

Queryds utility is located on the XenApp install media under the support > debug folder.

CTX134966 – Citrix Diagnostics Toolkit – 32bit Edition

CTX135075 – Citrix Diagnostics Toolkit – 64bit Edition

CTX111961 – CDFControl

CTX130147 – Citrix Scout

CTX124406 – DSCHECK – XenApp Data Store Checker Tool Commands

CTX133983 – IMA Helper Tool

XenApp and XenDesktop – Optimization Guide: User Logon


Here is a “never to be missed” guide on how to optimize the user logons in a XenApp and XenDesktop environment published by Citrix. I have found this very handy when deploying XenApp deployments.

Logon Optimization for XenDesktop and XenApp