Posted on

Adding a Published Application to multiple Delivery Groups in XenDesktop 7.x

Although assigning a Published Application to multiple Worker Groups in XenApp 6.x was a fairly straightforward task, the same activity is not as intuitive in XenDesktop 7.x. The Citrix Product Documentation isn’t exactly crystal clear on the process either. As such, I thought I would take the opportunity to document the process here.

Firstly, I am using XenDesktop 7.1 in my example below and I haven’t found a way to do this using the GUI, so we have to use PowerShell. I haven’t validated this for 7.0 or 7.5, although I assume the process will be the same.

After creating the target Delivery Groups, the first thing to do is discover and publish the required application(s) to the first Delivery Group using the Citrix Studio Console. I suggest using this method as it is quick and easy. Alternatively PowerShell can be used to create the application. I will detail at the end of the article.

Once you have a Published Application you will need to launch PowerShell, again I find this easiest to do from the Citrix Studio Console. The following command will assign the named Published Application to the Delivery Group specified, much like you would do with XenApp 6.x and Worker Groups. This can be repeated as required.

Note: Published Applications can only be assigned to Delivery Group with a type of ‘Applications Only’ or ‘Desktops and Applications’

Add-BrokerApplication -Name "Publised App Name" -DesktopGroup "Delivery Group 1"

In addition to this a priority can also be assigned. By default the priority is 0. 0 is the highest priority. To assign a priority, use the -priority attribute as seen below. The priority can be used to either load balance the group, when both Delivery Groups have the same priority, or in failover order as the priority descends.

Add-BrokerApplication -Name "Publised App Name" -DesktopGroup "Delivery Group 1" -priority 1

To add a Published Application using PowerShell use the following Cmdlet:

Add-BrokerApplication -BrowserName "Publised App Name" -DesktopGroup "Delivery Group 1"

I hope this helps.

Posted on

Citrix XenDesktop VDA’s not registering

Today I walked in on an odd issue with XenDesktop. The Delievery Controllers were showing each of the VDA’s as “Not Registered”

The environment is currently as follows:

  • XenDesktop 4 with Multiple Active Directory Forests.
  • Forest 1 is Windows 2003 located in local data centre
  • Forest 2 is Windows 2008 with the PDC located on a remote WAN site, the are local write-able domain controllers located within the local data centre
  • There is a domain level trust between the child domains
  • There are DNS stub zones for the other domains on each of the domain controllers
  • Desktop Delievery Controllers are located in the local data centre and are members of Forest 1
  • XenDesktop VDA’s are located in the local data centre but the machines are members of Forest 2
  • The NTLM authentication happens via the domain trust.

    • After viewing the trusty event viewer on the Delievery Controller you might see the following:

    Event ID: 1309
    The delivery controller failed to broker a connection for user ‘[email protected]’ to desktop group ‘Desktop Group’. The assigned virtual desktop ‘‘ for the user is not available.

    This may be because the desktop is not connected to a controller, another user is already using the desktop, or it may still be initializing.

    Moving across to the desktop event log you see the following:

    Event ID: 1221
    The Citrix Desktop Service cannot connect to the delivery controller ‘http://controller.fqdn:8080/Citrix/CdsController/IRegistrar’ (IP Address ‘10.10.10.10’)

    Check that the system clock is in sync between this machine and the delivery controller. If this does not resolve the problem, please refer to Citrix Knowledge Base article CTX117248 for further information.

    Error Details:
    Exception ‘Fail worker callback using SPN HOST/machine.domain.com and IP address 10.10.10.10’ of type ‘System.ServiceModel.FaultException`1[Citrix.Cds.Protocol.Controller.Fault]’.

    Event ID: 1246
    The Citrix Desktop Service has detected that the delivery controller controller.fqdn (IP Address 10.10.10.10) cannot connect to the Service. One possible reason for this is that the ‘Access this computer from the network’ security policy does not allow the delivery controller server identity to access this machine.

    Please check that a local or group policy is not set incorrectly to disallow access from the delivery controller servers.

    Event ID: 1208
    The Citrix Desktop Service’s connection to the Citrix Desktop Delivery Controller Service was terminated. The Citrix Desktop Delivery Controller Service is running on server ‘controller.fqdn’.

    Check that there is no active firewall blocking the controller communicating with this machine.

    Please refer to Citrix Knowledge Base article CTX117248 for further information.

    Error details:
    Keep-alive request was rejected.

    After some troubleshooting with the AD team it turns out that the domain controller for Forest 2 at the local data centre had stop replicating and was no longer accepting requests for Directory Services. Other services on the local DC were working as expected and even an LDAP bind was working inbound to the box but outbound (return) communications were not. Once the Directory Services service was restarted authentication started to flow again which in turn allowed the VDAs to register again.

    A good article on how NTLM authenication works with multi domains can be found here.