This blog is what you're looking for if : You are using SEP 11 with PVS and XenDesktop 4 / 5 / 5.5 If your VMs have a "Persona" drive (D: for ex) Windows XP VMs (it should work with Windows 7 as well) If you don't want or you cannot use PVS Personality Strings The SEP11 administrator is becoming crazy because all the XenDesktop VMs are creating new entries at every reboot. Using an antivirus software on a VDI plate form is a discussion often see here and there but this time the question wasn't if I needed to install an antivirus or not, Symantec Endpoint Protection was already installed and running on my customer Citrix XenDesktop 4 / PVS 5.6 sp1 infrastructure. SEP11 (Short name for Symantec EndPoint Protection) was installed and was running well on the PVS distributed pool VMs. Yesterday the SEP administrator came to me and complained about the fact XenDesktop VMs were generating new entry in the SEP11 administration console every time they were rebooted and every morning he was forced to move all the object in the VDI node and delete all the past entries... But everything was working... I guess this administrator might have fund that a bit boring, he just complained and continued to do this tack every day and when he wasn't here, no one was taking care of that manual task. XenDesktop VMs needed to be in the VDI node because the exclusion in place were important for VMs performances : PVS cache file Event logs EdgeSight firebird database etc etc...
In a new mission, I had to learn a new environment based on Citrix XenDesktop 4, Provisioning Services 5.6 and vmware vSphere 4.1. This week, I had a weird issue, I didn't change anything, I just didn't understood why suddenly VMs stopped to be available, in fact VMs were available but for some reason, it was impossible for everyone to access it through the Web Interface. VMs were working well XenDesktop brokers were fine Web Interface was ok Citrix License Server was up and running with correct license vmware vSphere was ok as well, VMs were running without any problem on it On the Web Interface, the following message was display while trying to launch a XenDesktop virtual desktop : "xxxxx is currently unavailable. try reconnecting and, if the problem persists, contact your administrator." On the DDC, XenDesktop Desktop Delivery Controller, I found event logs with ID 1301, source : Citrix Desktop Delivery Controller, with the following description : "The delivery controller failed to broker a connection for user xxxxx to desktop group yyyyy. The delivery controller cannot find any available virtual desktops. Please add more virtual desktops to the desktops group. If the problem is due to existing virtual desktops not becoming available, refer to Citrix Knowledge Base article CTX117248 for further information." It look like a communication problem between XenDesktop DDCs and vmware Virtual Center, so I checked every component, DDCs, Virtual Center.... I found nothing really relevant. So the next step was to enable extended logs on the DDC side, after a short search on Citrix website I found how to do do with CTX117452. I got a lot of logs, but after one day scratching my head to try to understand why without changing anything I had such behavior, I just had bunch of logs but I was missing something... Here is a short part of the pool_log.log file : 13/07/11 15:40:41.8971 : ActionOnDisconnect=DoNothing 13/07/11 15:40:41.8971 : ActionOnLogOff=DoNothing 13/07/11 15:40:41.8971 : DisconnectActionDelay=300 13/07/11 15:40:41.8971 : LogOffActionDelay=420 13/07/11 15:40:41.8971 : MaximumStateAgeForDecisions=5 13/07/11 15:40:41.8971 : MaximumStateAgeWithNotify=600 13/07/11 15:40:41.8971 : MaximumStateAgeWithoutNotify=30 13/07/11 15:40:41.8971 : MinimumOperationInfoAge=7200 13/07/11 15:40:41.8971 : TaintAction=DoNothing 13/07/11 15:40:41.8971 : VM info for VM with guestOsId S-1-5-21-839522115-287218729-725345543-1720816 is not loaded in the cache. Please verify the guestOsId is correct and the read-only privilege is set one level above this VM. Otherwise it could be a caching error. 13/07/11 15:40:41.8971 : Citrix.PoolManagement.MachineManager.MachineManagementApi.NoSuchGuestOSIdException: VM info for VM with guestOsId S-1-5-21-839522115-287218729-725345543-1720816 is not loaded in the cache. Please verify the guestOsId is correct and the read-only privilege is set one level
VDI Project – Not only a XenDesktop project (part.1) VDI Project - The framework (part.2) VDI Project - Hypervisor war (part.3) VDI Project - Desktops and applications delivery (part.4) VDI Project - User Environment Manager (part.5) Beginning a new project is every time a new challenge, new team, new processes and new environment. Each customer have its own past IT history and,  depend of the size, different IT, politics and complexity. This time I'm a desktop architect and I've been hired mostly for my Citrix skills. The challenge is the size of this new project, I will design for sure some Citrix architectures, XenDesktop, XenApp, PVS, maybe Access Gateway or Netscaler on a very large scale but I'm also responsible to design a complete workstation delivery service (automation / industrialization) and address all kind of endpoints, from the "classic" workstation to the well known iPad. This is my largest XenDesktop 5 project, I will use XenDesktop to bring flexibility and mobility to users. I will write some blogs along the project because I think this will be a great experience to share, technical and not technical. I can't wait to post some very technical stuff about IOPS with Citrix Provisioning Services, XenDesktop and Machine Creation Service related with storage. I will post every major subject for ex : The Software Framework, The Hypervisor War (these two blogs are almost finished) etc etc... I also want to share the non technical subjects because this is how a project live... Changing the way people are working in a company can be very painful, first you need to bring the idea of a change in their everyday life and then prove them they will have more time to work on more important project. Then you show they can save some money within 3 or 5 years. I can tell you this is the big part of a project and the less fun (for me) but this is a mandatory part of every project : Show the company board and managers how much they can save and explain to the IT staff they will be able to spend more time on larger scale issue and project, work more efficiently. This is a lot of work, first administrative / politics, then technical (POC) and very technical (Global Architecture) And I always I will learn so many thing, and I'm sure it will be a great experience to work with different kind of
Last week, Alexander Jushin asked me if I would be ok to make a 45mns presentation at PubForum event in Dublin, I answer without hesitation yes and here we are on the way to build a new presentation focused on Citrix Provisioning Services. I like this product and I like to share my everyday work experiences. This presentation will be focus on the experience I got from the field and from all the best practices / tips I know can make the difference during a deployment. My session will take place on Saturday 14th of May 2011 at 15:00 in the room 2 (Be careful with the agenda slide'n drift :) ) Here is an extract from what I've plan to deliver : Citrix Provisioning Services – Technical Overview - by Stephane Thirion, France Citrix Provisioning Services has been update to a new version at the end of 2010, new features have been added (and removed) This session will bring an insight on the new features with a  “real life” production experience. Architecture point of view XenDesktop related : MCS vs PVS overview ? Should you virtualize PVS ? PVS Automation / industrialization, why and how ? Best Practices and Tuning Tips PVS You can read the full agenda here : I'm sure many of you already have some questions or/and would like to ear about a specific PVS subject, you can send me by email or by commenting this blog what you would like to know or understand, I'll integrate your request in this presentation. Here are the main reasons why it is a very good Idea to attend PubForum! PubForum Conference is a non-commercial event, which is a very cost efficient and a highly effective way to gain the best Citrix, Microsoft and other companies virtualisation products knowledge, as well to receive the best vendor and independent expert's training. It is also a chance to meet many independent industry experts, who are also attending the event and the ability to talk directly to the vendors support engineers in a non-formal atmosphere. Presenters and Trainers at PubForum include world recognized names in the field of Virtualization - those are Microsoft Most Valued Professionals, Citrix Technology Professionals and escalation Engineers from EMEA/Worldwide headquarters from  companies like AppSense, Citrix, Jetro, 2X, Microsoft, RES and other.
Other automation blogs I posted : XenApp 6 Automation XenDesktop 5 Automation XenApp 4.5 / 5 Automation Today, I needed to prepare the deployment of Citrix PVS servers in silent mode, as usual I'm using a distribution / deployment software like Altiris or SCCM to use the scripts you will read in this blog. The following scripts have been found on the Citrix Community and it was so well done by Kevin Bacon I didn't want and need to build another one from scratch. To deploy the console and the PVS server, we use PowerShell because I needed to add as well a Windows Feature .NET Framework 3.5.1 before begining the Provisioning Services Server deployment. I bring some modification to these scripts to auto install the .Net Framework Feature, add log files for the installation troubleshooting and the PVS console installation. Unattended installation and PVS farm creation This first cmd script is the one to run to start the silent installation : @ECHO OFF CLS Echo Enabling PowerShell Scripts ... reg add HKLM\Software\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell /v ExecutionPolicy /d Unrestricted /f Echo Executing Build Script ... %windir%\system32\WindowsPowerShell\v1.0\powershell -nologo "& ""c:\PVS_Auto_Install\Framework.ps1""" %windir%\system32\WindowsPowerShell\v1.0\powershell -nologo "& ""c:\PVS_Auto_Install\PVSsilent.ps1""" Echo Build Complete PAUSE This PowerShell very short script add the Framework 3.5.1 feature and is launch by the PVSinit.cmd launch script. (Thanx to Joe Shonk IV) Import-Module Servermanager Add-WindowsFeature NET-Framework-Core and this is the big piece and thanks again to Kevin for this work, you will need two tools from the Microsoft Resource Kit ntrights.exe and subinacl.exe.
First part : Fast Provisioning Citrix Xenapp 6 with Worker Groups and Policies 1/3 Second part : Fast Provisioning Citrix Xenapp 6 with Worker Groups and Policies 2/3 This is now the third and last part, now you know what are Worker Groups and how to manage Policies, I will show a fast XenApp 6 provisioning. Before I would like to focus a bit on how to troubleshot Policies. XenApp Policies Troubleshooting This schema is very important, once you know which policy take over the other one, everything will be clear. This is not really troubleshooting policies but more how to understand you Resultant Set of Policy (RSoP) If you arrive on a Citrix XenApp 6 environment and there are IMA Policies and Group Policies define, if you need to understand and clear it out, there is a way with GPMC.msc and the Group Policy Results : When launching this tool, you will need to follow a very easy step by step wizard to select the XenApp server and the user you want to include in you Resultant Set of Policy and here is the result :
Now you know a bit more about Worker Groups (cf Fast Provisioning Citrix XenApp 6 with Worker Groups and Policies 1/3) I can continue with the fast provisioning and policies part. What's new regarding Policies ? XenApp 6 policies changed a lot, first change, you don't need to launch a Citrix Management Console (Java old console), you can access it from the Citrix Delivery Services Console, a node named Policies is here, waiting for a click. Here is CDSC (Citrix Delivery Services Console) screenshot : For the non familiar with this management console, I will just point the different sections focusing on the policies part. This is the Policies node, when selected, the right pane popup with Policies informations In XenApp 6, policies have been split in two parts, User Policies and Computer Policies (GPO like) Here is the list of IMA Policies created with for example, the Allow Local Drive Mapping one I created for the example. This is a summary of the parameters set in the selected policy This is the filter apply to the selected policy above (here this policy allow the Worker Group XE_CEC). New feature extended to Active Directory Group Policies But, the new Policies feature extend the new view in the CDSC, you can now set your XenApp Policies in the Active Directory and administer the same way you administer your GPOs. What does it means ? Wherever you set your farm settings, in the CDSC and/or in the Active Directory, possibilities and result are the same. The following diagram has been draw by Juliano Malander and this is the best way to "show" the two new ways to use Policies in XenApp 6.
Worker Groups and Policies are some of the feaures included in Citrix XenApp 6. I know this version isn't deployed wildly and tehre are many reasons I won't speak about here; you can still read a blog and very interresting comments about that here : I work with Citrix Education to build exams for XenApp 6 Basic Administration and Advanced Administation and in order to do it, I needed to know every XenApp 6 new features. I tried everything with the Technical Preview release when XenApp 6 was still XenApp for Windows 2008 R2. Now I want to share and blog about two major features, Worker Groups and Policies because I think it can dramatically improve your productivity and accelerate your deployments. What are Worker Groups ? Worker groups are collections of XenApp servers, residing in the same farm, that are managed as a single unit. Using worker groups, you can: Streamline application publishing to multiple farm servers Load balance access to published resources Filter policies so that settings are applied only to sessions hosted on a specific set of farm servers When using worker groups, consider the following: A farm server can belong to multiple worker groups A worker group can include any number of XenApp servers or none at all Only servers that belong to the same XenApp farm are included in a worker group Above writting is the Citrix definition, I made a shorter version bellow : Manage XenApp servers collectively as “worker groups” Assign published applications and policies to worker groups Worker groups contain farm servers or domain OUs Servers added to a worker groups inherit settings, policies, applications  and Load Balancing Policies
Now we know how to install Citrix Provisioning Server 5 on Windows 2008 ( Citrix Provisioning Server 5 on Windows 2008 ) and how to deploy the 'client' on a target device (  ) we need to know to learn how everything works together. This video shows how to configure Citrix Provisioning Server 5 and  how to create the first template then build a virtual hard disk from scratch and share it for 2 or more Virtual Machine.  If you want to use your Citrix Provisioning Server, you need to complete the two previous steps and have a Citrix Licence Server runing with proper licences. Click on continue reading to watch the video
Now the Citrix Provisioning Server 5 is install and running, the next step is to deploy the Target Device Client on a machine and I will show you this very simple and basic installation in the next video with a Microsoft Windows XP computer. The next step after this installation is to show you how Citrix Provisioning Server is working, the