Citrix Controller troubleshooting
Find and test Broker database:
- $brok = Get-Brokerdbconnection
- test-brokerdbconnection $brok
Find and test monitor database
- $mon = Get-MonitorDBConnection
- Test-MonitorDBConnection $mon
Handy Citrix Tips
Stuck session - if session cannot be logged off and does not show on the server you can log off the session in powershell:
- add-pssnapin *citrix*
- Get-BrokerSession -username Domain\User | Set-BrokerSession -Hidden $true
Find location of the citrix database used by delivery controllers and netscaler:
- Get-Brokerdbconnection
Remove citrix licence from account to free up for another user
On the citrix controller:
- cd "C:\Program Files (x86)\Citrix\Licensing\ls"
- Udadmin -list -times
- udadmin -f XDT_ENT_UD -user <username@domain> -delete (example udadmin -f xdt_adv_ud -user <username@domain> -delete)
You might have to repalce the license type with
- XDT_ADV_UD XenDesktop Advanced
- XDT_PLT_UD Citrix Virtual Apps and Desktop Premium
Show settings for citrix motoring logging:
- asnp Citrix.*
- Get-MonitorConfiguration
- Set-MonitorConfiguration -<setting name> <value>
Citrix Troubleshooting
If there are no apps available in the storefront check the citrix database for connection - look at the netscaler and see if there are any connection errors showing on console.
For errors when connecting from a new environment check that ports 8080, 1494, 80, 2598, 443 are open between client and all xenapp servers and netscaler.
Unknown machine state:
Citrix RDP to VDA
To RDP to citrix VDA user needs to be admin or member of the remote desktop users group. They will also need to be a member of the Airect Access users which is determined by this registry value: HKLM\Software\Citrix\PortICA\DirectAccessUsers
This will give you an SID, use this to find the group it references in AD
$SID = "<enter SID here>" ; Get-ADObject -Filter * -Properties * | where{$_.objectSid -eq $SID}
Citrix VDA Power State Unknown
Check this article:
NetScaler
Supported Cipher suites
Look here for supported cipher suites:
Shell Commands
Command Description show ns ip Shows configured Netscaler IP address (SNIP, VIP, MIP) show version Shows the current Netscaler firmware version show hardware Lists hardware details of appliance (including serial number) sh license Displays licensed feature on appliance sh running | more Shows the current running configuration (page per time) sh ns fea Displays list of Netscaler features en ns fea <acronym> Enables a Netscaler feature (Dependant on license) dis ns fea <acronym> Disables Netscaler feature sh ns mode Displays list of configured Netscaler modes en ns mode <acronym> Enables Netscaler Mode dis ns mode <acronym> Disables Netscaler mode sh lb vserver | more Displays list of configured Load Balanced vServers sh lb vserver <vserver name> Displays information relating to specified vserver en lb vserver <vserver name> Enable LB vserver dis lb vserver <vserver name> Disable LB vserver sh service | more Displays list of configured Services (not service groups) sh service <service name> Displays information relation to specified service en service <service name> Enable Service dis service <service name> <delay> Disable Service with a delay (in seconds) sh servicegroup | more Displays list of configured Service Groups sh servicegroup <servicegroup name> Displays information relating to specified servicegroup en servicegroup <servicegroup name> Enable servicegroup dis servicegroup <servicegroup name> –delay <#> Disables servicegroup with delay (in seconds) sh server Displays a list of servers en server <servername> Enables specified server dis server <servername> <delay> Disables specified server with a delay (in seconds) sh monitor Shows the list of configured Netscaler monitors sh monitor <monitor name> Displays information relating to the specificed monitor sh route Prints a list of defined routes add route <network> <netmask> <gateway> Adds a static route on the appliance rm route <network> <netmask> <gateway> Removes a static route on the appliance sh int Displays information on all network interfaces sh int <interface number> Displays information relating to specified network interface en int <interface number> Enable Netscaler NIC dis int <interface number> Disable Netscaler NIC sh arp Displays information from ARP table (including iface used) sh vlan Displays VLAN ID’s and assigned NIC’s sh ha node Displays HA node status force ha fail Forces HA Failover between nodes nstrace –tcpdump enable Performs a packet capture (all NICs) with tcpdump enabled shell Exits to shell command prompt (FreeBSD) dmesg Displays system message log from shell (since reboot) save c Saves current running config to file
Duplicate entries in citrix controller
Method to delete Stale entries from citrix database
Step 1) To find the machine ID in Citrix Monitoring DB
Select ID,Name,IPAddress,HostingServerName,CurrentRegistrationState From [MonitorData].[Machine] where Name Like'%VDA03%'
Select ID,Name,IPAddress,HostingServerName,CurrentRegistrationState From [MonitorData].[Machine] where Name Like'%VDA06%'
Select ID,Name,IPAddress,HostingServerName,CurrentRegistrationState From [MonitorData].[Machine] where Name Like'%VDA09%'
step 2 : To compare the Machine ID in Session Table
select * from [MonitorData].[Session] where MachineId = '1E22A7A8-AD67-46B9-AB87-EACE0DF22AE3' --- VDA03
select * from [MonitorData].[Session] where MachineId = 'FCC1D88F-D553-4C96-AA92-5D3A7435D846' --- VDA06
select * from [MonitorData].[Session] where MachineId = '71889325-37B1-4929-B527-D81BA04ABC6D' ----VDA09
Step 3 : Then replaced ID of stale Machine Id with the correct Machine Id in the Session Table
----- VDA03
UPDATE [MonitorData].[Session] SET MachineId='DB76C220-48BE-4297-95BA-D105109E735A' WHERE MachineId='1E22A7A8-AD67-46B9-AB87-EACE0DF22AE3'
----- VDA06
UPDATE [MonitorData].[Session] SET MachineId='1AD3F50D-97E2-4660-8656-1523AED50D83' WHERE MachineId='FCC1D88F-D553-4C96-AA92-5D3A7435D846'
----- VDA09
UPDATE [MonitorData].[Session] SET MachineId='207FC7C2-FF72-4DEA-8F30-A5B3FD8CC410' WHERE MachineId='71889325-37B1-4929-B527-D81BA04ABC6D'
Step 4 : Removed the Old Stale Machine as per the following
DELETE FROM [MonitorData].[Machine] WHERE ID = ‘1E22A7A8-AD67-46B9-AB87-EACE0DF22AE3’
DELETE FROM [MonitorData].[Machine] WHERE ID = ‘FCC1D88F-D553-4C96-AA92-5D3A7435D846'
DELETE FROM [MonitorData].[Machine] WHERE ID = ‘71889325-37B1-4929-B527-D81BA04ABC6D'
Clear and recreate database
Completethe following to repair the citrix local host database.
Carry this out on the server containing the citrix database
1. Download PsExec Sysinternal tool on the Delivery Controller, copy to C:\Temp
a. PsExec: https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
2. Stop Citrix High Availability Service
3. Open the command prompt, navigate to C:\Temp, execute the below command to elevate the command prompt with Network Service account
a. PsExec -i -u "NT AUTHORITY\NETWORK SERVICE" cmd
4. Run the command whoami to confirm the account.
5. Navigate to the SqlLocalDB installed path
a. For SQL LocalDB 2014: cd "C:\Program Files\Microsoft SQL Server\120\Tools\Binn"
For SQL LocalDB 2017: cd "C:\Program Files\Microsoft SQL Server\140\Tools\Binn"
6. Execute the below two commands to Stop and delete CitrixHA (LocalDB) database.
a. SqlLocalDB stop CitrixHA
b. SqlLocalDB delete CitrixHA
7. Remove the below files located in C:\Windows\ServiceProfiles\NetworkService
a. HADatabaseName.*
b. HADatabaseName_log.*
c. HAImportDatabaseName.* (If exists)
d. HAImportDatabaseName_log.* (If exists)
8. Start Citrix High Availability Service
9. Execute the below command to confirm that CitrixHA is recreated
a. SqlLocalDB i
CitrixHA <<<< disappears just after Stop/delete in step 5, and appears after start Citrix High Availability Service in step 7 MSSQLLocalDB
PVS
Lots of useful information about PVS image creation and updating can be found here: https://www.carlstalhood.com/pvs-update-vdisk/
issue with PVS server unable to load Citrix.PVS.Snapin could be caused by recent upgrade of PVS/citrix or applayering. You will need to redeploy and reregister the plugin. Use the following commands:
- CD \Windows\Microsoft.NET\Framework64\v4.0.30319
- .\InstallUtil.exe "C:\Program Files\Citrix\Provisioning Services Console\Citrix.PVS.Snapin.dll"
- CD \Windows\Microsoft.NET\Framework\v4.0.30319
- .\InstallUtil.exe "C:\Program Files\Citrix\Provisioning Services Console\Citrix.PVS.Snapin.dll"
PVS replication of images is done through RoboCopy.
See .bat settings:
- Robocopy <Location of new + current builds> <Network location of other PVS builds in cluster> *.vhdx *.vhd *.avhd *.avhdx *.pvp /b /mir /r:5 /w:5 /xf *.lok /xd WriteCache /xo
Issue with PVS citrix xenapp servers with performance and possible crashing of environment:
Issue could be due to write cache disk not being online during boot of citrix server causing write cache to default to the PVS server.
Solution is to set disk management to online all disks on boot in PVS image:
- diskpart
- sanpolicy=onlineall
- exit
If disk still shows offline due to policy set by administrator then the following attribute will need to be set on the disk:
- diskpart select disk <disknumber>
- attributes disk (check to see if its read only)
- attributes disk clear readonly
May also need to assign the same unique ID to the disk as the gold image:
Find unique id in diskpart:
- Uniqueid disk
Change unique disk id to match
- Unique disk id=<diskid>
Citrix profile management - troubleshooting
When seeing issues with citrix UPM profiles use the config checker to identify any potential issues:
https://support.citrix.com/article/CTX132805?_ga=1.60278061.1208613434.1464163161
Citrix profile Management
See best practices Citrix KB Also see this KB citrix KB
Also this guide can be used for Start menu layout MS Learn KB
To ensure that user pinned items and recent locations persist between sessions make sure the following folders are saved to the profile store(included in citrix profile management)
AppData\Roaming\Microsoft\Windows\Recent
Appdata\Local\Packages
Appdata\Local\Microsoft\Windows\Caches
!ctx_localappdata!\TileDataLayer (applicable only to Windows 10 version 1607 and earlier)
For start menu icons sync this folder:
AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
Set this file to synchronize rather than the whole folder:
Appdata\Local\Microsoft\Windows\UsrClass.dat*
Exclusions and Inclusions
When using citrix UPM ensure the recommended folders are excluded/included:
https://support.citrix.com/article/CTX230538?
Information Exclusion list-directories [These are part of Default Exclusions from UPM 5.3 onwards] !ctx_internetcache! AppData\Local\Google\Chrome\User Data\Default\Cache AppData\Local\Google\Chrome\User Data\Default\Cached Theme Images AppData\Local\Google\Chrome\User Data\Default\JumpListIcons AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld AppData\Local\GroupPolicy AppData\Local\Microsoft\AppV AppData\Local\Microsoft\Messenger AppData\Local\Microsoft\Office\15.0\Lync\Tracing AppData\Local\Microsoft\OneNote AppData\Local\Microsoft\Terminal Server Client AppData\Local\Microsoft\UEV AppData\Local\Microsoft\Windows Live AppData\Local\Microsoft\Windows Live Contacts AppData\Local\Microsoft\Windows\Application Shortcuts AppData\Local\Microsoft\Windows\Burn AppData\Local\Microsoft\Windows\CD Burning AppData\Local\Microsoft\Windows\Notifications AppData\Local\Packages AppData\Local\Sun AppData\Local\Windows Live !ctx_localsettings!\Temp AppData\Roaming\Microsoft\AppV\Client\Catalog AppData\Roaming\Sun\Java\Deployment\cache AppData\Roaming\Sun\Java\Deployment\log AppData\Roaming\Sun\Java\Deployment\tmp $Recycle.Bin AppData\LocalLow Tracing new path for Temporary Internet Files in Windows 8 and later AppData\Local\Microsoft\Windows\INetCache If running Office 365 with Shared Computer Activation, then exclude !ctx_localappdata!\Microsoft\Office\15.0\Licensing !ctx_localappdata!\Microsoft\Office\16.0\Licensing Exclusion List-Files !ctx_localappdata!\Microsoft\Windows\UsrClass.dat* Directories to synchronize. AppData\Local\Microsoft\Credentials Appdata\Roaming\Microsoft\Credentials Appdata\Roaming\Microsoft\Crypto Appdata\Roaming\Microsoft\Protect Appdata\Roaming\Microsoft\SystemCertificates Files to Synchronize AppData\LocalLow\Sun\Java\Deployment\security\exception.sites AppData\LocalLow\Sun\Java\Deployment\security\trusted.certs AppData\LocalLow\Sun\Java\Deployment\deployment.properties AppData\Local\Google\Chrome\User Data\First Run AppData\Local\Google\Chrome\User Data\Local State AppData\Local\Google\Chrome\User Data\Default\Bookmarks AppData\Local\Google\Chrome\User Data\Default\Favicons AppData\Local\Google\Chrome\User Data\Default\History AppData\Local\Google\Chrome\User Data\Default\Preferences
Citrix Database Move
To move a citrix database from one sql server to another follow the steps:
1: Get the details of the current databases: this can be found in the site settings on the delivery controllers or by running get-dbconnection commands
Write-Host "AccDB" -ForegroundColor yellow; (Get-AcctDBConnection);
Write-Host "AdminDB" -ForegroundColor yellow; (Get-AdminDBConnection);
Write-Host "AnalyticsDB" -ForegroundColor yellow; (Get-AnalyticsDBConnection);
Write-Host "AppLibDB" -ForegroundColor yellow; (Get-AppLibDBConnection);
Write-Host "BrokerDB" -ForegroundColor yellow; (Get-BrokerDBConnection);
Write-Host "ConfigDB" -ForegroundColor yellow; (Get-ConfigDBConnection);
Write-Host "EnvTestDB" -ForegroundColor yellow; (Get-EnvTestDBConnection);
Write-Host "HypDB" -ForegroundColor yellow; (Get-HypDBConnection);
Write-Host "LogDB" -ForegroundColor yellow; (Get-LogDBConnection);
Write-Host "MonitorDB" -ForegroundColor yellow; (Get-MonitorDBConnection);
Write-Host "Get-OrchDB" -ForegroundColor yellow; (Get-OrchDBConnection);
Write-Host "ProvDB" -ForegroundColor yellow; (Get-ProvDBConnection);
Write-Host "SfDB" -ForegroundColor yellow; (Get-SfDBConnection);
Write-Host "TrustDB" -ForegroundColor yellow; (Get-TrustDBConnection)
2: Check the permissions for the accounts used for accessing the current database in SQL - this will likely be the machine account for the delivery controllers but you will need to check a specific service account has not been used - record the permissions
3:Take backup of all citrix databases
4:Restore databases to new server
5:Create logins for the delivery controllers on the new SQL server (you will not be able to use the search for the account in sql to add the machine account but it will accept it if you type the full account name in the box: eg: domain\deliverycontroller$)
6:Reset the database connections with the following commands on the delivery controllers:
## Disable configuration logging for the XD site: Set-LogSite -State Disabled ## ## Clear the current Delivery Controller database connections ## Note: AdminDBConnection must be the last command Set-ConfigDBConnection -DBConnection $null Set-AppLibDBConnection -DBConnection $null #7.8 and newer Set-OrchDBConnection -DBConnection $null #7.11 and newer Set-TrustDBConnection -DBConnection $null #7.11 and newer Set-AcctDBConnection -DBConnection $null Set-AnalyticsDBConnection -DBConnection $null # 7.6 and newer Set-HypDBConnection -DBConnection $null Set-ProvDBConnection -DBConnection $null Set-BrokerDBConnection -DBConnection $null Set-EnvTestDBConnection -DBConnection $null Set-SfDBConnection -DBConnection $null Set-MonitorDBConnection -DataStore Monitor -DBConnection $null #Monitoring Database Set-MonitorDBConnection -DBConnection $null #Site Database Set-LogDBConnection -DataStore Logging -DBConnection $null #Logging Database Set-LogDBConnection -DBConnection $null #Site Database Set-AdminDBConnection -DBConnection $null -force
6:Change the database connections to the new values:
## Replace <dbserver> with the SQL server name, and instance if present, e.g "ServerName\SQLInstanceName". If no SQL Instance name is mentioned, this commandlet will try to connect to the default SQL instance. ## Replace <dbname> with the name of your restored Database ## Note: AdminDBConnection should be first $ServerName = "<dbserver>" $SiteDBName = "<SiteDbName>" $LogDBName = "<LoggingDbName>" $MonitorDBName = "<MonitorDbName>" $csSite = "Server=$ServerName;Initial Catalog=$SiteDBName;Integrated Security=True;MultiSubnetFailover=True" $csLogging = "Server=$ServerName;Initial Catalog=$LogDBName;Integrated Security=True;MultiSubnetFailover=True" $csMonitoring = "Server=$ServerName;Initial Catalog=$MonitorDBName;Integrated Security=True;MultiSubnetFailover=True" Set-AdminDBConnection -DBConnection $csSite Set-ConfigDBConnection -DBConnection $csSite Set-AcctDBConnection -DBConnection $csSite Set-AnalyticsDBConnection -DBConnection $csSite # 7.6 and newer Set-HypDBConnection -DBConnection $csSite Set-ProvDBConnection -DBConnection $csSite Set-AppLibDBConnection –DBConnection $csSite # 7.8 and newer Set-OrchDBConnection –DBConnection $csSite # 7.11 and newer Set-TrustDBConnection –DBConnection $csSite # 7.11 and newer Set-BrokerDBConnection -DBConnection $csSite Set-EnvTestDBConnection -DBConnection $csSite Set-SfDBConnection -DBConnection $csSite Set-LogDBConnection -DBConnection $csSite Set-LogDBConnection -DataStore Logging -DBConnection $null Set-LogDBConnection -DBConnection $null Set-LogDBConnection -DBConnection $csSite Set-LogDBConnection -DataStore Logging -DBConnection $csLogging Set-MonitorDBConnection -DBConnection $csSite Set-MonitorDBConnection -DataStore Monitor -DBConnection $null Set-MonitorDBConnection -DBConnection $null Set-MonitorDBConnection -DBConnection $csSite Set-MonitorDBConnection -DataStore Monitor -DBConnection $csMonitoring Set-LogSite -State Enabled
7:Test the connections
## Copy these variables from the previous step ## If you haven’t closed your PowerShell window, then the variables might still be defined. In that case, just run the Test commands $ServerName = "<dbserver>" $SiteDBName = "<SiteDbName>" $LogDBName = "<LoggingDbName>" $MonitorDBName = "<MonitorDbName>" $csSite = "Server=$ServerName;Initial Catalog=$SiteDBName;Integrated Security=True" $csLogging = "Server=$ServerName;Initial Catalog=$LogDBName;Integrated Security=True" $csMonitoring = "Server=$ServerName;Initial Catalog=$MonitorDBName;Integrated Security=True" Test-AcctDBConnection -DBConnection $csSite Test-AdminDBConnection -DBConnection $csSite Test-AnalyticsDBConnection -DBConnection $csSite # 7.6 and newer Test-AppLibDBConnection -DBConnection $csSite # 7.8 and newer Test-BrokerDBConnection -DBConnection $csSite Test-ConfigDBConnection -DBConnection $csSite Test-EnvTestDBConnection -DBConnection $csSite Test-HypDBConnection -DBConnection $csSite Test-LogDBConnection -DBConnection $csSite Test-LogDBConnection -DataStore Logging -DBConnection $csLogging Test-MonitorDBConnection -DBConnection $csSite Test-MonitorDBConnection -Datastore Monitor -DBConnection $csMonitoring Test-OrchDBConnection -DBConnection $csSite # 7.11 and newer Test-ProvDBConnection -DBConnection $csSite Test-SfDBConnection -DBConnection $csSite Test-TrustDBConnection -DBConnection $csSite # 7.11 and newer
Citrix Licensing
If using user/device licensing is required for citrix XepApp standard license then you may need to change teh licencing model details for the citrix site manually using powershell:
Get details of citrix site:
- Get-ConfigSite
Check config and apply the correct configuration required for the license:
- Set-ConfigSite -ProductCode <product code> -ProductEdition <product edition> -LicensingModel <licensing model>
<product code> is either XDT for Xen Desktop or MPS for Xen App
<product edition> is ADV for advanced
<licensing model> is either UserDevice or Concurrent
Get Assigned Licences
View licences that are currently assigned to users:
- Launch CMD or powershell
- cd “C:\Program Files (x86)\Citrix\Licensing\LS
- Udadmin -list -times
To remove licences from users which allows them to be assigned to new users run the following command:
- udadmin -f xdt_ent_ud -user username@domain -delete (you will need to specfiy the type of licence - advanced/enterprise - "xdt_ent_ud" or platinum - "xdt_plt_ud") - xdt
See details - Udadmin KB