Citrix XenDesktop Studio Error – Changes made to Policies Outside of this console, such as PowerShell or management tools from previous versions, resulted in a discrepancy between policies


I am not sure what I have done wrong in this case  and these things happen when you least expect. I was doing some changes to Citrix policies and had to add a couple of new policies to setup XenDesktop printing for my customer. I did also rearrange the policy priorities and that’s all I know or could remember. Policy node under Studio started throwing the below error message.

The priorities for policy Unfiltered and policy <policy name> interfere with each other in the “user” and “computer” components. The priorities must be assigned in the same order for both policies

Capture37

That’s the first time I had ever come across something like that and I knew I had to work my magic with PowerShell to get it right. I still wasn’t sure of managing Citrix Policies via PowerShell. Did a quick Google search and came across this from Citrix http://blogs.citrix.com/2013/07/15/merging-of-user-and-computer-policies-in-xendesktop-7-0/

Ok, that gave me a start. I decided to give it a try and see what is in store for me.

 

Ran PowerShell in admin mode and entered the below command.

asnp Citrix*

Mount a drive letter for the provider, here I’m using “Site” as the drive and running it right from the Broker/DDC server

New-PSDrive Site -PSProvider CitrixGroupPolicy -Root \ -Controller localhost

Capture38

cd Site:\User

Now you are in the User policy container and will be able to see all the XenDesktop User Policies. I took a note of  the policies that showed issues from the error message before and checked their priorities and I couldn’t find anything wrong with the assigned priorities. That’s different to what the error said.

To see all the User policies run the below

ls

Capture39

 

I did the same for the Computer policy as well by running the below

cd..
cd Computer
ls

 

Took note of the priorities and of course they are different as well. I ported the results in a Notepad and did a comparison as well and they indeed have different priorities

Name : Profile Settings and User Workspace for VDI Users
Description : This Policy will NOT take effect on Windows XP and Win Server 2003 due to UPM v5.0
Enabled : False
Priority : 4
PSPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\User\Profile Settings and User Workspace for VDI
Users
PSParentPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\User
PSChildName : Profile Settings and User Workspace for VDI Users
PSDrive : Site
PSProvider : Citrix.Common.GroupPolicy\CitrixGroupPolicy
PSIsContainer : True
*************************************************************************************************
Name : Profile Settings and User Workspace for VDI Users
Description : This Policy will NOT take effect on Windows XP and Win Server 2003 due to UPM v5.0
Enabled : False
Priority : 3
PSPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\Computer\Profile Settings and User Workspace for
VDI Users
PSParentPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\Computer
PSChildName : Profile Settings and User Workspace for VDI Users
PSDrive : Site
PSProvider : Citrix.Common.GroupPolicy\CitrixGroupPolicy
PSIsContainer : True
**********************************************************************************************************
Name : Unfiltered
Description : This is the system-created default policy, it cannot be deleted. Note that its settings will apply to
all connections.
Enabled : True
Priority : 5
PSPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\User\Unfiltered
PSParentPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\User
PSChildName : Unfiltered
PSDrive : Site
PSProvider : Citrix.Common.GroupPolicy\CitrixGroupPolicy
PSIsContainer : True
*********************************************************************************************************************
Name : Unfiltered
Description : This is the system-created default policy, it cannot be deleted. Note that its settings will apply to
all connections.
Enabled : True
Priority : 2
PSPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\Computer\Unfiltered
PSParentPath : Citrix.Common.GroupPolicy\CitrixGroupPolicy::Site:\Computer
PSChildName : Unfiltered
PSDrive : Site
PSProvider : Citrix.Common.GroupPolicy\CitrixGroupPolicy
PSIsContainer : True
**************************************************************************************************

Next, I tried to disable one of the conflicting policies. Remember, this needs to be done for both User and Computer containers.

Computer Policy First

Capture40

Ran the above to check the Status of the policy I want to disable.

Now run the set command as below

Set-ItemProperty . -Name Enabled -Value False

Capture41

Repeat the same for the User container for the same policy as below

Capture42

I thought that had fixed it and went back to Studio and gave the Policy node a refresh. Nope, it didnt.

Still the same error.

I decided to remove the offending policy altogether; again this had to be done for the User and Computer.

From the Computer Container – you need to run the below to remove the Computer settings in the policy

Remove-Item "Profile Settings and User Workspace for VDI Users"

Capture43

When PS prompts, say A to remove all the child objects and Recurse parameters

Perform the same for User settings for the same policy. Same command as before but from the User space.

Capture44

Remove-Item "Profile Settings and User Workspace for VDI Users"

 

 

Refresh the Policy node in Studio and viola, I can see all my policies with an exception of the deleted one. I don’t mind it now as I can easily recreate it and I just didn’t have the time to investigate further. A word of advice, it is always recommended to save your Prod policies as a template so in case they gets corrupted, they can be easily reinstated. you would still have to apply the filters though.

 

Qfarm/load does not Return any Server Load Information


Symptoms

When the command Qfarm/load is carried out, the server load information is not returned.

Cause

This issue is leaked because of the invalid zones that are associated with the servers in the farm. The issue is usually caused by zones being created and deleted, servers moving in and out of zones and not immediately being rebooted which can leave the servers with the old information.

Resolution

To resolve the issue, complete the following steps:

  • Run the following command from the command prompt of the Zone data Collector. This gathers the dynamic store information of Zone Data Collector:

Queryds /table:LMS_ServerLoadTable > c:\loadtable.txt
(The c:\ can be replaced by any local drive on the XenApp server)

  • Run a CDF trace for 30 seconds on all modules from the Zone Data Collector and simultaneously run the command Qfarm /load from the command prompt of the zone data collector.
  • Upload both the queryds output log and the cdftrace .etl file to the automatic support site for analysis.

To find the servers that have issues, open the queryds log in Notepad and look for any servers that are listed in a zone that does not exist.

In the cdf trace, look for the following errors:

  • “IMA_BUF_BinBuffer::ReadStringObject size<=0 00B895E4 0 00B88CBC 00B895E4 20
    and
  • Read fetch Errored Uid: 1796-000c-00006692 (the Uid will be different as it a unique identifier for the XenApp server)”

There must be a matching host ID in the queryds output log that shows the server that has the issue.

name : 1796-000c-00006692

host : XenAppServerName

zone : Zone 5

Once the server or servers have been identified, remove them from the server farm and run the command dscheck /full servers to ensure that the servers are no longer part of the farm.

Once that has been verified, the command qfarm /load must now run without issues, and then add the problem servers back to the farm, and the command qfarm /load must continue to work.

The issue can also occur if the server was removed from the farm but XenApp was not removed from the server. The XenApp might still contact the ZDC causing the issue. If yes, just turn off the machine to resolve the issue. The command queryds in the preceding section will not show the server.

Note: The local host cache must be recreated on all servers or on the zone data collector of the farm if the dscheck command shows the servers in the database after removal, and run the command dscheck with the clean switch to remove them.

More Information

Queryds utility is located on the XenApp install media under the support > debug folder.

CTX134966 – Citrix Diagnostics Toolkit – 32bit Edition

CTX135075 – Citrix Diagnostics Toolkit – 64bit Edition

CTX111961 – CDFControl

CTX130147 – Citrix Scout

CTX124406 – DSCHECK – XenApp Data Store Checker Tool Commands

CTX133983 – IMA Helper Tool

Key Infrastructure XenApp Server Tuning


Hello All,

This article has been taken from the Citrix Knowledge Base article CTX116492

Summary

This article describes techniques for tuning key infrastructure servers in a Citrix Presentation Server (XenApp) farm.

Background

To communicate with server farms, the server running the Web Interface contacts the Citrix XML Service through broker servers running on one or more specified servers. This service functions as the contact point to provide least-loaded, and other published application information, to clients and servers running between the server farm, and the server running the Web Interface. The Citrix XML Service is automatically installed with Presentation Server for Windows and Presentation Server for UNIX.

The Key Infrastructure Servers in a Citrix Presentation Server farm are the Zone Data Collector and XML Broker Servers. Having more Zones increases the load on the Zone Data Collectors in all other Zones in the farm because information must be replicated between the Zone Data Collectors in all Zones. Production Zones should not include servers from different physical locations and should not be grouped into a single zone.

Key Infrastructure Server Best Practices

Ensure that the Zone Data Collector has ample (75%) available space on the system drive (for example, a 400GB hard drive should have 400 X 0.75 = 300 or 300 GB available).

To reduce non-essential load on the Key Infrastructure Servers, do not run or point the Access Management (or Presentation Server) Console (running on another computer) to a Zone Data Collector or XML Broker Server.
Failover: Dedicate a Most Preferred Zone Data Collector in each zone.

• These servers should not run published applications.

• A lightly loaded Preferred (Backup) Zone Data Collector server should also be designated for each zone.

• This server should not be a Resource Manager Database Connection Server or Farm Metric Server.

Dedicate at least two XML Broker servers for each Web Interface Site.

• These servers should not run published applications.

• These servers should not be a Resource Manager Database Connection Server or Farm Metric Server.

Zone Data Collector Tuning

Enable the setting, Share Information across zones in the properties of the farm in the Access Management Console.

This decreases application resolution time because the local Zone Data Collector does not have to request the load information for the target zone (where the published application resides) at the time of application resolution.

Decreasing resolution time frees up the IMA service to perform other activities faster.

Fine Tuning Parameters for XML

Configure the tuning parameters on the XML brokers serving each Web Interface site and the Most Preferred and Preferred Zone Data Collector in each zone to increase scalability. These settings can also be made to all servers in the farm.

Registry Changes

Caution! Using the Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be solved. Use the Registry Editor at your own risk. Back up the registry before editing it.

SQL Option: The values below enable timeouts for IMA threads when waiting on a SQL server for information. These values are not present by default.

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA]

The value below causes IMA to timeout a connection to SQL if it doesn’t receive a response to a query after 45 seconds.
“DB_Connection_Timeout”=dword:0000002d

The value below causes IMA to wait 300 seconds to make another connection to SQL after a timeout occurs.
“DB_TIMEOUT_DELAY”=dword:0000012C

NOTE: The changes made by the registry settings below are automatically made by IMA on Presentation Server 4.5 with Hotfix Rollup Pack 3 and above. For more information refer to CTX118659 – Best Practices for Installing and Maintaining a Large Farm with Hotfix Rollup Pack 3 for XenApp 5.0 and Presentation Server 4.5

[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA]

The value below increases the amount of worker threads for the IMA Service from the default value of 8 to 128.
“WorkQueueThreadCount”=dword:00000080

“IsolationWorkQueueThreadCount” =dword:00000080

 

This document applies to: