Thursday, 22 November 2012

1030 Connection Error - VDI-in-a-Box

Please check out for more of my technical posts, alternately please call us on 01932 268289. 

Had an issue the other day on VDI-in-a-Box 5.1.1 where remote access was through a CAG 5.04 and i was getting the dreaded 1030 error!

Checked all the usual places to check for a 1030 error.

  • Is the STA generated from the vdiMrg in the CAG.
  • Used an SSL checker to see if the SSL was created correctly.
  • Checked that the vDesktop DHCP range is in the ICA access control list on the CAG.
  • CHecked that the correct ports are opened up on the firewall.
just to name a few.

If you log in to the vdiMgr console and go to advance properties and look under gateways ensure that you have specified the "Internal HDX gateway IP Addresses" which HAS TO point to the internal IP address of the CAG.

A way you can test if you 1030 error is because the "Internal HDX gateway IP Addresses" is wrong is by downloaded and saving the ICA file and seeing if it has been marked with the internal IP address of the vDesktops rather than with the STA.

Wednesday, 7 November 2012

VDI-in-a-Box - Best Practices

Best Practices: Scale One by One

Creating the VDI-in-a-Box Grid
  • Start with one server then expand, or one image then expand
  • Scale the grid one server at a time
  • Keep host versions consistent
  • Assign static IP addresses to servers
  • Use of thin provisioning to cut down dramatically on disk space
  • Size your server using recommended best practice
  • Ensure that you can generate desktops and users can log on before adding a second or third or fourth server to the grid.
Joining servers to the Grid
  • Do not join multiple servers at the same time
  • Let the second server join, receive images, provision desktops before joining the third
Use IP addresses instead of DNS names
  • To remove the dependency on DNS
  • For setting up the hypervisor connection
  • For the vdiManager console when configuring the Grid
  • For the Active Directory User database connection
Create a base image
  • Start with an ISO to create a base published image
  • Test this base image first and use this to make additional copies for production
  • Keep image sizes small (20-30GB). Less storage space consumed
  • Create one domain administrator account for both user authentication (Active Directory) and for image syspreps
  • Minimize password changes to accounts. You can do this by creating special “Citrix” accounts
  • vdiManager <> Hypervisor | HTTP over SSL/TLS (HTTPS):443
  • vdiManager <> Active Directory | LDAP:389 | LDAP over SSL/TLS (LDAPS):636
  • Endpoint <> vdiManager | HTTP over SSL/TLS (HTTPS):443
  • Endpoint <> Secure Remote Access (CAG VPX) |HTTP over SSL/TLS (HTTPS):443
  • Desktop Receiver <> Virtual Desktop | ICA:1494 or 2598 RDP:3389

Logins and username and passwords
  • Management COnsole https://vdiMgrIPaddress/admin - Account: vdiadmin/kaviza
  • VDI-in-a-Box appliance logon (vdiMgrIPaddress) - User: kvm/kaviza123|User: root/kaviza123
  • User logon from a web browser https://vdiMgrIPaddres
  • User logon from the Java Client http://vdiMgrIPaddres/dt/vdiclient.jnlp
  • User logon from mobile devices http://vdiMgrIPaddres/dt/PNAgent/config.xml

Migrating the Datastore from SQL Express to SQL 2005 or SQL 2008

Please check out for more of my technical posts, alternately please call us on 01932 268289. 

I was recently at a client that had a requirement to migrate their Datastore from an old XenApp server to the enterprise class SQL cluster, the only problem was that the Datastore was a SQL Express 2005 database and which was due to go on to a SQL 2008 instance.

Citrix offers  good pointers for migrating from Access to SQL/Oracle, Oracle to SQL, SQL to Oracle and same version SQL to SQL but nothing for SQL Express to SQL.

My saviour came in the form of Carl Webster (the accidental Citrix Admin)

Migrating from one database version to the other might be necessary to move the data store to a more powerful server. The best method for migrating between versions of the database is to back up and restore the database using the utilities provided by the database software vendor.
To point a Citrix XenApp Server farm to a new database complete the following steps. For the best performance, complete this procedure on the data collectors after all other servers are reconfigured.

Back up the existing farm database.

Create a new blank database on the destination SQL instance

Create a new DSN file that points to the new database:

Click Start -> Administrative Tools -> Data Sources (ODBC).

Note: What is ODBC?  This is taken from

"Open Database Connectivity (ODBC) is Microsoft's strategic interface for accessing data in a heterogeneous environment of relational and non- relational database management systems. Based on the Call Level Interface specification of the SQL Access Group, ODBC provides an open, vendor- neutral way of accessing data stored in a variety of proprietary personal computer, minicomputer, and mainframe databases.
ODBC alleviates the need for independent software vendors and corporate developers to learn multiple application programming interfaces. ODBC now provides a universal data access interface. With ODBC, application developers can allow an application to concurrently access, view, and modify data from multiple, diverse databases."
Click the File DSN Tab.

Note:  What is the difference between "User DSN", "System DSN" and "File DSN"?  This is taken from

User DSN: The User DSN is a data source that is user-specific. A User DSN is stored locally but is available only to the user who creates it.

System DSN: Unlike a User DSN, a System DSN is not user-specific. A System DSN is stored locally and is not dedicated to a particular user. Any user who logs on to a computer that has permission to access the data source can use a System DSN. Some programs, such as Microsoft SQL Server or Microsoft Internet Information Server (IIS), require a System DSN. This DSN must be created on the server where the program is located. System DSNs are stored in the Windows registry under the following key: HKEY_LOCAL_MACHINE\Software\Odbc\Odbc.ini\Odbc Data sources

File DSN: The File DSN is created locally and can be shared with other users. The File DSN is file-based, which means that the .dsn file contains all the information required to connect to the data source. Note that you must install the ODBC driver locally to use a File DSN.  File DSNs are not stored in the Windows registry. The .dsn file is a text file that you can view in any text editor, such as Microsoft Notepad.

Change the Look in to C:\Program Files\Citrix\Independent Management Architecture.  The new DSN must be placed in this folder.  The IMASERVICE service is programmed to look in only this folder.

Click the Add button.

 Click on SQL Server and click Next.

Type in C:\Program Files\Citrix\Independent Management Architecture\WebsterFarmDSMF20.dsn and click Next.

Note: The DSN can be named anything as long as it has a .dsn file extension.  It does not need to contain "MF20" anywhere in the name.

Click Finish.

Enter a Description and type in the name of the SQL Server and click Next.

If a successful connection to the SQL Server is made click Next.  A common problem is the Windows Firewall is not configured to allow SQL traffic (TCP Port 1433).  To configure an instance of SQL Server 2005 to use a static port, follow the steps described in the "How to: Configure a Server to Listen on a Specific TCP Port (SQL Server Configuration Manager)" topic in SQL Server 2005 Books Online.

Note:  If SQL Server is set to use a static port, click Client Configuration, then uncheck Dynamically determine port and enter the value for the static port number.

 If the account listed in the grayed out Login ID authenticates successfully to the SQL Server, Change the default database to the new SQL Server data store and click Next

Note: One problem could be the Login ID account is not setup to access the SQL Server.

Click Finish.

Click Test Data Source.

If the message TESTS COMPLETED SUCCESSFULLY is shown, click OK.  Otherwise, you will need to troubleshoot the ODBC connection to the SQL Server.

 Click OK.

Your new DSN is created.  Click OK.

Run the dsmaint config command on the server with the new DSN file:

dsmaint CONFIG /user:LAB\Administrator /pwd:Password1 /dsn:"C:\Program Files (x86)\Citrix\Independent Management Architecture\XA65LABDS.dsn"

Stop and restart the IMA Service.

Important: Restarting the IMA Service instead of restarting the server might cause the SNMP service to initiate Dr. Watson if SNMP is enabled. This error is benign.
Ensure that the server is pointing to the new data store by checking the following registry setting:
If the IMA Service started successfully, copy the new DSN file to all servers in the farm.
Run the dsmaint config command to change the IMA Service configuration on all remaining servers in the farm. 
Stop and restart the IMA Service on all servers in the farm.

Tuesday, 6 November 2012

Internet Explorer crashes in XenDesktop

Please check out for more of my technical posts, alternately please call us on 01932 268289. 

Recently had issue in XenDesktop where IE would just randomly crash.  No event logged nothing!

Now I find there's a few ways that you can troubleshoot this problem.

Log directly in to a vDesktop and see if you can replicate the issue.
Check\Change the version of Citrix Receiver that is install on the endpoint.
Check\Change the version of flash that is installed on the endpoint.

If none of the above point you in the right direction try deleting the following regkey from the vDesktop and updating your MCS or PVS image.


Tuesday, 25 September 2012

XenDesktop Virtual Channels

Please check out for more of my technical posts, alternately please call us on 01932 268289. 
This blog describes how to change the Virtual Channel Priorities in the VDA in XenDesktop 5 and above and it also has which 
Virtual channels are used within an ICA connection exchange specific types of information between a client and server application. A few of the Virtual Channels implemented by Citrix are sound, graphics, CDM, USB, and printing. Based on different user scenarios, Virtual Channels priorities may need to be changed to lessen interactions between different types of content. This article describes how to change priorities of Virtual Channels in XenDesktop 5.

Remote Session Screen Update (THINWIRE) - CTXTW  ,0
Seamless Windows Screen Update (THINWIRE) - CTXTWI ,0
Clipboard - CTXCLIP,1
Client Audio Mapping - CTXCAM ,1
License Management - CTXLIC ,1
Video Server (Dead – Remember VideoFrame ?) - CTXVFM ,1
Program Neighborhood - CTXPN  ,1
Windows Media Redirection - CTXMM  ,1
Flash - CTXFLSH,1
Smart Cards - CTXSCRD,1
Still cant find this one - CTXCTL ,1
End User Experience Monitoring - CTXEUEM,1
Client COM Port Mapping - CTXCCM ,2
Client Drive Mapping - CTXCDM ,3
Client Management (Auto-Update) - CTXCM  ,3
Printer Mapping for Non-Spooling Clients - CTXLPT1,3
Printer Mapping for Non-Spooling Clients - CTXLPT2,3
Printer Mapping for Non-Spooling Clients - CTXCOM1,3
Printer Mapping for Non-Spooling Clients - CTXCOM2,3
Printer Mapping for Spooling Clients (nearly all) - CTXCPM ,3

If you want to implement these virtual channels on a VDA add the following regkey 


Then create a MULTI_SZ named “VirtualChannelPriority” with the following contents but change these to your requirements:


Tuesday, 18 September 2012

Windows 7 Optimization and GPO's Settings

Please check out for more of my technical posts, alternately please call us on 01932 268289. 

Hi Guys,

I’d get my ideas down and put them up for discussion but no doubt over time I'll expand on this but this gives you a good base to work from.

Some are from Citrix best practices but the rest are what I think should be changed.

Disable following services
This can be done on the VM itself or via GPO added the settings to the below section.
Background Intelligent Transfer Service
Desktop Windows Manager Session Manager
Function Discovery Resource Publication
HomeGroup listener
HomeGroup provider
Offline Files
Security Center
System Restore
Windows Defender
Windows Media Player Sharing Service

Group Policies applied to Windows 7 VM - Computer
Error Reporting: Administrative Templates – Windows Components – Windows Error Reporting Disable Windows Error Reporting: Enabled
Windows Update: Administrative Templates – Windows Components – Windows Updates Configure Automatic Updates: Disabled
System Restore: Administrative templates – System – System Restore Turn off System Restore: Enabled

Group Policies applied to Windows 7 VM - Users
Screensaver :Administrative Templates – Control Panel – Personalization
Enable screen saver: Enabled
Prevent changing screen saver: Enabled
Password protect screen saver: Enabled
Screen saver timeout: Enabled – 600 seconds
Force specific screen saver: Enabled – scrnsave.scr
Force folder redirection: Enabled (Include AppData, Desktop, Documents, Downloads, Favourites and Pictures and Music depending on how strict we want to be.)
Ensure each folder redirection is setup like so.

Add following via registry preferences through a GPO
Force Offscreen Composition for Internet Explorer: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Force Offscreen Composition"=dword:00000001
Reduce Menu Show Delay: [HKEY_CURRENT_USER\Control Panel\Desktop] "MenuShowDelay"="150"
Disable all Visual Effects:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects] "VisualFXSetting"=dword:00000003
[HKEY_CURRENT_USER\Control Panel\Desktop\WindowMetrics] "MinAnimate"="0"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "ListviewAlphaSelect"=dword:00000000 "TaskbarAnimations"=dword:00000000 "ListviewWatermark"=dword:00000000
[HKEY_CURRENT_USER\Control Panel\Desktop] "DragFullWindows"="0" "FontSmoothing"="0" "UserPreferencesMask"=binary:90,12,01,80 ,10,00,00,00

Citrix Profile Manager GPO – Version 4 and above
IMPORTANT: make sure the version of the ADM added to the GPO is exactly the same as the version of the installation that is in the image.
Profile Management – Enable Profile Management - Enabled
Profile Management – Processed groups: Enabled (add AD groups containing required users)
Profile Management – Process logons of local Administrators: Disabled
Profile Management – Path to Store: Enabled (specify path to store)
Profile Management – Active write back: Enabled
Profile Management – Profile Handling – Template profile: Enable (if we want to standardise user profiles)
Profile Management – Advanced settings – Process Internet cookies files on logoff: Enabled
Profile Management – Log Settings – Enable logging: Enabled
Profile Management – File System – Exclusion list – Directories

AppData\Local\Microsoft\Windows\Temporary Internet Files
AppData\Local\Microsoft\Windows Live
AppData\Local\Microsoft\Windows Live Contacts
AppData\Local\Microsoft\Terminal Server Client
AppData\Local\Windows Live
AppData\Local\Google\Chrome\User Data\Default\Cache
AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images
AppData\Roaming\Microsoft\Windows\Start Menu

Profile Management – File System – Synchronization – folders to mirror: Enabled (AppData\Roaming\Microsoft\Windows\Cookies)
Profile Management – Streamed user profile – Profile Streaming: Enabled

Changes applied directly to VM
Disable Large Send Offload :[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BNNS\Parameters] "EnableOffload"=dword:00000000
Disable TCP/IP Offload :[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]  "DisableTaskOffload"=dword:00000001
Increase Service Startup Timeout [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control] "ServicesPipeTimeout"=dword:0002bf20
Hide Hard Error Messages [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows] "ErrorMode"=dword:00000002
Disable CIFS Change Notifications :[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoRemoteRecursiveEvents"=dword:00000001
Disable Logon Screensaver :[HKEY_USERS\.DEFAULT\Control Panel\Desktop] "ScreenSaveActive"="0"
Modify C:\ProgramData\Microsoft\Windows\Start Menu to reflect a “tidy” start menu

If we are using a PVS in an environment ensure that the PVS optimizer is run at least once on image or at the end of each image update process just to be on the safe side.

One time changes
Disable Boot Animation: bcdedit /set bootux disabled
Remove unused Windows components : Windows Media Center, DVD Maker, Tablet Components
Page file : Minimum and maximum the same

Final actions to be performed at each image update process.
Disk Cleanup
Run defragmentation
Optimize Antivirus
Clear event logs
Run a windows updates (potential)
Rerun PVS optimizer if client is using a PVS

Thursday, 30 August 2012

XenDesktop Planning

Please check out for more of my technical posts, alternately please call us on 01932 268289. 

Where and how do you start with planning a XenDesktop deployment???  After looking around the web for a bit I came to a conclusion that there really isn't anything out there that lays out exactly what you need and in what order to do it.

So after thumbling around the edocs that Citrix have on XenDesktop, finding some really good knowledge base articles and basically going through the installation of XenDesktop a few times this is what I've come up with.  

By no means am I saying this is the correct way or order to do a deployment every single time but it will give you (and me...) a good starting point to work from, highlight a few options you should consider before you get started and basically just help you out.

VM Desktop (Golden Image)
It's important that you plan your "golden image" appropriately and decide on how you want to deploy your virtual desktops, are you going to use MCS or PVS?  Are you going install all apps on your image or use XenApp?  These are just some of the questions you need to ask yourself before you start, have a read of the Preparing a Master VM eDocs article.
  • What OS is required?
  • Ensure that the hard disk for the master VM is attached at device location 0.
  • Ensure you set enough hard drive space as this cannot be changed at a later date. vCpu's and memory can be changed though.
  • Install on the VM the appropriate integration tools for your hypervisor.
  • If you plan to deliver desktops from pooled and dedicated machines, join the VM to the domain of which you want users' desktops to be members and ensure that the master VM is available on the host where you want to create the machines.
  • Install the Virtual Desktop Agent from the XenDesktop installation media.
  • Install any third-party tools require such as AV.
  • Install and configure any third-party applications that you do not want to virtualize.  Remember Citrix recommends virtualizing applications and delivering them to users' desktops with XenApp.
Note: In the case of streamed machines, image a vDisk from your master target device before you join the master target device to a domain - have a read of the following doc

If you plan to deliver desktops from pooled and dedicated machines, Citrix recommends that you create a snapshot of your master VM and name the snapshot in a way that allows you to identify the master VM in the future. If you specify a VM rather than a snapshot when creating a pooled or dedicated machine catalog, Desktop Studio will create a snapshot for you but you will not be able to name it.

When installing the VDA ask yourself the following questions before you begin, a lot of this information I found dotted around and there was not a defined things to look out for a consider. 
  • What VDA do you require? VDA for HDX 3D Pro or just the standard VDA?  Remember if you require 3D pro you need to obtain your Key file beforehand.
  • Choose advanced Install unless you are setting up a POC without personal vDisks or HDX 3D Pro, in which case you can select Quick Deploy.
  • Remember to launch the install through the autorun and not by double clicking on the standalone installer.
  • If you are using Personal vDisks what drive letters are already currently in use?  if you require to change the drive letter follow this article.
  • Do you want HA for the VDA?  This is not an alternative to other HA solutions.
  • Have you meet all the VDA requirements?
  • What discovery method are you going to use to communicate with the controller?  AD or registry based?
Planning your Database
XenDesktop 5 and upwards is now fully dependant on an SQL database, all information is stored on the database and controllers communicate only with the database and not with each other.  Things to be considered and planned for are.
  • Windows authentication must be used when connecting to the database.
  • SQL Express can be used but should only be when doing a POC.  Remember Express doesn't offer any kind clustering or mirroring.
  • Check the database requirements.
  • Citrix recommends that you use a HA solution for your database using either the hypervisior's HA feature, SQL mirroring or SQL clustering with mirroring being Citrix's preferred method. 
Note: If you want to mirror the XenDesktop database, ensure that the database uses the full recovery model and not the simple model. When Desktop Studio is used to create a database on an external SQL server, the database is configured to use the simple model by default; this means the transaction log cannot be backed up and the database cannot be mirrored. To ensure the database is configured to use the full recovery model, create the database manually and then use Desktop Studio to generate the necessary setup scripts to be run on the database.

Planning your Controller 
For desktops to be usable they must register with the correct controller or with any one of the controllers if there are more than one.  Here is a good read on Controller planning but things to consider are...
XenDesktop Install
To be totally honest the install of XenDesktop is dead straight forward, its knowing how you want it configured and setup to provide you or your client with the best experience. Things to consider before you start your install on Xendesktop are.
  • How are you going to split the components?
  • Do you already have an existing license server that you can use?
  • What SQL server are you going to use?  More about this later.
  • Is a firewall enabled on the controller?  if so are the necessary ports open?
  • Have you installed the prerequisite? or will you let the install do it for you?
Configuring a XenDesktop site
Before you start to configure your XenDesktop environment it's a good idea to have a few of the following details already decided on before you begin as there is nothing worse than having to do something twice!!!
  • Specify a site name.
  • Licensing server name and port.  NOTE: you will not be prompted for a license server if you've installed the license server component on the controller.
  • Specify the database to use.
  • What hyperversior will you be using?  VMware, XenServer or Hyper-V?  If you are using vmware you may need to either purchase a CA certificate or amend the the proxy.xml on the vCenter.
  • Cluster to use along with the Networking that the VM's will use on the hypervisor.
  • Storage to be used along with the personal vDisk storage if required.
Also another thing to consider when thinking about sites is do you require site failover for DR? You have a couple of options here but from a very high overview you have a couple of options.
  • Configuring the Web Interface RecoveryFarm setting with a list of alternate sites.
  • Use a NetScaler to intelligently load balance and validate that Web Interface and XML services.
  • Fault tolerance can be increased yet further by using the Global Server Load Balancing (GSLB) features of NetScaler.
Choosing the Machine Type
It does help to have the machine type that you require decided on before you start to create your catalog's.  What machine type you require will also decide what image delivery option you need to take - MCS or PVS.  See below for some brief information on MCS vs PVS.

Here is a VERY quick overview of what each desktop is and who it best suits, read the following article for more information.

Pooled - Desktops that are allocated to users on a per-session, first-come first-served basis. Pooled-random machines are assigned to users at each logon and returned to the pool when they log off.  Perfect for task workers who require standardized desktops, who share workstation and do not require to install applications.

Dedicated - Desktops that are assigned to individual users. Machines can be assigned manually or automatically assigned to the first user to connect to them. Whenever users request a desktop, they are always connected to the same machine, so you can allow users to personalize their desktops to suit their needs.

Existing - The existing machine type enables you to use XenDesktop to manage and deliver user desktops that you have already migrated to VMs in the data center.

Physical The physical machine type enables you to use XenDesktop to manage user desktops hosted on dedicated workstations or blade PCs, this enables you to support small numbers of users who have particularly demanding performance requirements.

Streamed The streamed machine type enables you to deliver desktops to VMs and blade PCs that have been configured to load the operating system over the network from Provisioning services. Target devices are managed in Provisioning services as a device collection and the desktops are delivered from a Provisioning services vDisk imaged from a master target device. Using Provisioning services to deliver desktops enables you to leverage the processing power of existing hardware, while realizing all the benefits of centralized desktop management.

Machine Catalog
Machine catalog is a collections of VM's or physical computers are managed as a single entity and can only contain one machine type.

Pooled or dedicated machine catalog

  • A host with sufficient processors, memory, and storage to accommodate the number of machines you plan to create.
  •  master VM from which to create the desktops. 
  • An admin AD account or enough pre-created AD computer accounts to use.
Existing or physical machine catalog

  • VMs or dedicated blade PCs hosting user desktops.
  • Active Directory user and computer accounts to assign to the VMs or blade PCs.

Streamed machine catalog

  • A Provisioning services deployment with a vDisk.
  • Device collections configured to load the vDisk over the network.
  • AD computer accounts managed by PVS for each target device in the device collections.

PVS or Machine Creation Service?
As we are talking about machine types and catalogs I thought it best that we now add a little bit about whether to go with a PVS or use MCS. Just a few points to note on this matter and also read this article which has some really good pointers in.
MCS Pro's 

  • Simpler to manage than PVS.
  • Ideal for smaller deployments.
  • Uses technology within the hypervisor and doesn't require an additional server(s) .
MCS Con's
  • In some tests, it was shown that MCS required 1.5x as many IOPS on the SAN as PVS.
  • MCS can only use dynamic disks, which incurs the expansion penalty during boot storms and reboots.
  • MCSs is limited in that it is meant for hosted VDI desktops only, pooled or dedicated.
PVS Pro's
  • Reduced IOPS compared to MCS.
  • Ideal for large deployments.
  • Organizations looking to utilize a hosted shared desktop model, a streamed VHD model or a Hosted VDI model with blade PCs can use be provided by a PVS.
PVS Con's
  • To some the additional steps required to manage a PVS prove to complicated.
  • Requires additional server(s) to host the PVS.
Client\User Considerations
Without doubt you will have to consider what the needs, wants and experience that a client\user requires.  some pointers for things to consider
This blog will be an ever expanding post but if you feel you would like to add something please don't hesitate to post your thoughts and i'll add them.

Hope this helps.