606: journey to the center of xendesktopdocs.citrixvirtualclassroom.com/events/...journey.pdf ·...

606: Journey to the center of XenDesktop

Hands-on Lab Exercise Guide This session is offered as both an instructor led training and a self-paced online lab. Make money selling Field Services Stop by the Education and Consulting booths in the Solutions Expo to find out how! We're here to help.

| 1 |

Contents Contents .................................................................................................................................... 1

Overview .................................................................................................................................... 2

Exercise 1 .................................................................................................................................. 5

Configuring StoreFront and Certificates ..................................................................................... 5

Exercise 2 .................................................................................................................................24

Configuring NetScaler for StoreFront Load Balancing ...............................................................24

Exercise 3 .................................................................................................................................37

Creating & Editing PowerShell Profiles .....................................................................................37

Exercise 4 .................................................................................................................................45

Manually Adding a Controller to a Site DB ................................................................................45

Exercise 5 .................................................................................................................................64

Manually Updating FMA Service DB Schemas..........................................................................64

Exercise 6 .................................................................................................................................78

Controlling Access To Resources through the SDK ..................................................................78

Exercise 7 .................................................................................................................................92

Changing Delivery Group Icons ................................................................................................92

| 2 |

Overview Hands-on Training Module Objective This training will provide hands-on experience with carrying out XenDesktop 7.x advanced administration & configuration tasks.

Prerequisites Basic XenDesktop 5.x/7.x administration and configuration knowledge would be beneficial but not essential.

Audience Citrix Partners, Customers, Sales Engineers, Consultants, Technical Support.

Lab Environment Details Describe the lab environment. The system diagram of the lab is shown below:

The Student Desktop is accessed remotely using Citrix Receiver running on your laptop. All windows applications such as XenCenter, (the XenServer GUI management tool), are accessed from the Student Desktop.

| 3 |

Lab Guide Conventions This symbol indicates particular attention must be paid to this step

Special note to offer advice or background information

reboot Text the student enters or an item they select is printed like this

VMDemo Filename mentioned in text or lines added to files during editing

Start Bold text indicates reference to a button or object

Focuses attention on a particular part of the screen (R:255 G:20 B:147)

Shows where to click or select an item on a screen shot (R:255 G:102 B:0)

List of Virtual Machines Used VM Name IP Address Description / OS

AD.training.lab 192.168.10.11 Domain Controller DC1 192.168.10.22 XenDesktop 7.5 Site Controller DC2 192.168.10.23 XenDesktop 7.5 Site Controller NetScaler 192.168.10.96 NetScaler for StoreFront site LB RDS2012 192.168.10.25 Windows 2012 R2 RDS Server SF1 192.168.10.26 Windows 2012 R2 StoreFront 2.5 Server SF2 192.168.10.27 Windows 2012 R2 StoreFront 2.5 Server

SQLServer 192.168.10.28 Windows 2012 R2 SQL 2012 Server (Hosting CitrixSynergy606 site DB)

Win7Client 192.168.10.29 Windows 7 Client machine Win7Master 192.168.10.50

(DHCP) Win7 machine used

Win7VDA56 192.168.10.30 Win7 machine with VDA v5.6 installed Win7VM 192.168.10.31 Win7 machine with VDA v7.5 installed Win8VM 192.168.10.32 Win8 machine with VDA v7.5 installed

| 4 |

Required Lab Credentials The credentials required to connect to the environment and complete the lab exercises.

VM Name Username Password

AD.training.lab training\administrator Citrix123 DC1 training\administrator Citrix123 DC2 training\administrator Citrix123 NetScaler nsroot nsroot RDS2012 training\administrator Citrix123 SF1 training\administrator Citrix123 SF2 training\administrator Citrix123 SQLServer training\administrator Citrix123 Win7Client training\administrator Citrix123 Win7Master training\administrator Citrix123 Win7VDA56 training\administrator Citrix123 Win7VM training\administrator Citrix123 Win8VM training\administrator Citrix123

| 5 |

Exercise 1 Configuring StoreFront and Certificates Overview In this exercise we will configure the StoreFront virtual machines which serve as the connection point to resources. We’ll begin by configuring the first server with a server group and then proceed to configure the second server to join the server group. This will allow us to load balance connections amongst both servers using NetScaler.

Step by step guidance Estimated time to complete this lab: 25 minutes.

Step Action 1. Logon to AD.training.lab as training\administrator with password Citrix123. 2. Launch DNS Manager by clicking on the DNS icon on the taskbar:

3. Expand Forward Lookup Zones, right-click training.lab and select New Host.

4. Enter connect for the name and 192.168.10.60 for the IP address. Click Add Host.

NOTE: This will serve as the virtual host and IP address that users will connect to through the NetScaler.

| 6 |

5. Click OK on the confirmation.

6. Click Done.

7. Switch to the SF1 virtual machine and logon as training\administrator with password Citrix123.

8. Launch the Citrix StoreFront console by clicking on the StoreFront icon on the taskbar:

9. Click the Server Group node.

10.

Click Add Server under the Actions pane.

11. Make note of the authorization code that is shown and move to step 12.

12. Switch to SF2 and logon as training\administrator with password Citrix123.

13. Launch the Citrix StoreFront console by clicking on the StoreFront icon on the taskbar:

| 7 |

14. Click Join existing server group.

15. Enter SF1.training.lab for the Authorizing server and enter the Authorization code that was shown on above in Step 11. Click the Join button and wait for the operation to complete.

| 8 |

16. The process may take a few minutes.

Note: If you switch back to SF1 you can see a corresponding status indicator that the configuration propagation is taking place.

17. Click OK on the dialog when the join completes.

18. Go to Start and launch IIS Manager.

19. Expand the nodes and click the Default Web Site.

| 9 |

20. Double-click HTTP Redirect.

21. Click Redirect requests to this destination and enter the URL for the store that was

preconfigured on SF1: https://connect.training.lab/Citrix/CitrixSynergyStoreWeb Select both options: Redirect all requests to the exact destination Only redirect requests to content in this directory Then click Apply.

22. Still on SF2 click the SF2 server node in IIS Manager.

https://connect.training.lab/Citrix/Citrix

| 10 |

23. Double-click Server Certificates.

24. Click Create Domain Certificate.

| 11 |

25. Enter the following details: Common name: *.training.lab Organization: Citrix Organization unit: Synergy 606 City/locality: LA State/province: CA Country/region: US Click Next.

IMPORTANT: Make certain you enter *.training.lab correctly for the common name. If this is misspelled and you proceed through the exercises, you will need to repeat several steps with a newly requested certificate.

26. Click the Select button and select the certificate authority of ad.training.lab. Click OK.

| 12 |

27. Enter WildcardCert for the Friendly name. Click Finish.

28. Ensure the WildcardCert is selected and click Export.

29. Export the certificate to C:\WildcardCert.pfx with password Citrix123.

| 13 |

30. Right-click the Default Web Site node and select Edit Bindings.

31. Click Add.

32. *Change the type to https

*Leave the host name blank. *Select the WildcardCert under SSL certificate. Click OK.

33. Click Close.

| 14 |

34.

Switch to the SF1 virtual machine and click OK on the dialog confirming the server join operation.

35. Launch IIS Manager from the taskbar icon:

36. Expand the nodes and then click the Default Web Site.

37. Double-click HTTP Redirect.

| 15 |

38. Click Redirect requests to this destination and enter https://connect.training.lab/Citrix/CitrixSynergyStoreWeb Select both options: Redirect all requests to the exact destination Only redirect requests to content in this directory Then click Apply.

39. Click the SF1 server node.


https://connect.training.lab/Citrix/CitrixSynergyStoreWeb

| 16 |

41. Click Import.

42. Click the button and browse to the WildcardCert certificate at \\sf2\c$

43. Enter the password of Citrix123 and leave the default as Personal for the store.

Click OK.

44. Right-click the Default Web Site and select Edit Bindings.

| 17 |

45. Click Add.

46. *Change the type to https

*Leave the host name blank *Select the WildcardCert under SSL certificate. Click OK

47. Click Close.

48. You should now see the WildcardCert listed.

| 18 |

49. Switch to the DC1 virtual machine.

50. Launch IIS Manager from Start.

NOTE: We will import the certificate to our delivery controllers as well as our StoreFront servers in order to provide secure communications between StoreFront and the XML Service on the controllers.

51. Click the DC1 node.

52. Place a tick in the box to not show this message again and click No:


| 19 |

54. Click Import.

55. Click the button and browse (…) and type \\sf2\c$ on the path.

Select WildcardCert Click Open. Password: Citrix123 Click OK.


57. Click Add.

| 20 |

58. *Change the type to https *Leave the host name blank. *Select the WildcardCert under SSL certificate. Click OK.

59. Click Close.

60. Switch to the DC2 virtual machine.

61. Launch IIS Manager from Start:

62. Once again, place a tick in the box to not show this message again and click No:

| 21 |

63. Click the DC2 node.

64. Double-click Server Certificates on the middle pane.

65. Click Import.

66. Click the button and browse to the WildcardCert certificate at \\sf2\c$

Enter Password: Citrix123 Leave the default as Personal for the store. Click OK.

| 22 |


68. Click Add.

*Change the type to https. *Leave the host name blank. *Select the WildcardCert under SSL certificate. Click OK.

69. Click Close.

70. Congratulations, you have finished this lab exercise.

| 23 |

Exercise Summary Takeaways from this exercise:

• StoreFront configuration data is now stored locally on the StoreFront Servers and synchronized periodically between each one (with the option to synchronize manually as well). A central SQL Server database is not utilized as it was in earlier versions.

• An IIS HTTP redirect is used to ensure that when users hit the default web site through the NetScaler, they are redirected to the correct location (we will configure NetScaler in the next exercise).

• The certificates have to be present on all XD controllers and StoreFront servers to ensure secure communication can take place.

| 24 |

Exercise 2 Configuring NetScaler for StoreFront Load Balancing Overview In this exercise we will configure the NetScaler virtual appliance (VPX) to load balance connections amongst both StoreFront servers.


Step Action 1. Logon to Win7Client as training\administrator with password Citrix123.

2. Launch Internet Explorer.

3. Browse to http://192.168.10.96 and logon with the default credentials of nsroot / nsroot. This will launch the NetScaler Management Console.

4. Click Configuration.

| 25 |

5. From the navigation tree on the left, select Traffic Management and click on Load Balancing.

6. Click Load Balancing wizard.

Note: Wait until download completes if presented with the following dialog.

7. Click Next on the Introduction screen.

| 26 |

8. Enter SFService1 for the Name and click the New button.

9. Enter SF1 for the server name, click Domain Name and enter sf1.training.lab. Then click

Create.

10. Select SSL for the Protocol.

11. Click the Add button to add in the first service.

| 27 |

12. Enter SFService2 for the Name and click the New button.

13. Enter SF2 for the server name, click Domain Name and enter sf2.training.lab. Then click

Create.

14. Click the Add button to add in the second service.

15. Click Next.

16. Enter SFVirtualServer for the name and 192.168.10.60 for the IP address. Select SSL for

the Protocol.

Note: This is the same IP we assigned to the Host we added through DNS Manager.

| 28 |

17. Select both services and click Add.

18. Click Next.

19. Click Finish to complete the wizard.

Click Exit.

| 29 |

20. Under Load Balancing > Virtual Servers, double-click the new entry of SFVirtualServer that was created.

21. Click the Method and Persistence tab.

22. Ensure the method is set to Least Connection, persistence is set to COOKIEINSERT and

time-out value is set to 0.

NOTE: This will result in fair-share load balancing amongst the two servers and ensure that open connections between clients persist to the same backend server. A time-out of 0 means that the session will only remain valid as long as the browser is open.

23. Click OK.

| 30 |

24. From the navigation pane, click Traffic Management > SSL.

25. Click Import PKCS#12.

26. Enter the following details:

Output File Name: cert.pem PKCS12 File: <<Browse to \\SF2\C$\WildcardCert.pfx>> Import Password: Citrix123 Click OK.

| 31 |

27. Browse to Traffic Management > SSL > Certificates.

28. Click Install.

| 32 |

29. Enter the following: Certificate-Key Pair Name: WildcardCert Certificate File name: /nsconfig/ssl/cert.pem Key File Name: /nsconfig/ssl/cert.pem Password: Citrix123 Click Create.

30. Click Close to view the newly installed certificate.

Note: If this does not appear then repeat steps 28 & 29.

31. We will now add the certificate to the StoreFront virtual server. Browse to Traffic Management > Load Balancing > Virtual Servers.

| 33 |

32. Double-click the SFVirtualServer entry.

NOTE: Choose Yes if you are presented with a dialog about settings that have not yet been saved.

33. Click the SSL Settings tab.

34. Click WildcardCert and click Add.

| 34 |

35. Click OK.

36. The SFVirtualServer should now show as Up.

Note: If the SFVirtualServer does not show a green Up state, double-click on it and make sure the Active checkboxes are selected for each of the two services we’ve added.

| 35 |

37. Click the disk icon towards the top right and then Yes to save the running state to disk.

38. In a new tab in Internet Explorer text the following

URL: https://connect.training.lab/Citrix/CitrixSynergyStoreWeb 39. Click Allow when presented with the following request to run the Receiver for web add-on.

40. When prompted, log on using training\user1 and Citrix123.

You should see a total of 3 published desktops:

Note: All traffic to published resources is secure and load balanced between StoreFront servers through the NetScaler virtual channel.


https://connect.training.lab/Citrix/CitrixSynergyStoreWeb

| 36 |


• A VPX Appliance is configured via a web based console. • NetScaler includes a wizard for load-balancing connections to backend servers such as

StoreFront. • A valid certificate must to be imported and bound to the virtual server in order to use secure

SSL communication.

| 37 |

Exercise 3 Creating & Editing PowerShell Profiles Overview In this exercise we will edit an existing customized PowerShell (PoSH) Profile which has been prepared in advance so that the required functionality to interact with our XenDesktop site is available each time we start a PoSH instance. We will also create a new PoSH profile from scratch so that the process to do so is clear.


Step 1. Login to DC1 as training\administrator with password Citrix123 and launch a PowerShell

window by clicking on the PoSH icon on the taskbar:

2. As mentioned in the overview section above, a customized PoSH Profile including greeting and functionality details has already been created on DC1.

Type Notepad $PROFILE and hit RETURN to begin editing the existing PoSH Profile:

http://blogs.citrix.com/2014/02/04/xd-tipster-creating-a-customized-xd-posh-profile/


| 38 |

3. Add the following lines & remove the # comment symbol highlighted in the image below:

Click File Save before closing Notepad.

$null = New-PSDrive -Name XDGPO -PSProvider CitrixGroupPolicy -Root \ -DomainGPO lab_policies $null = New-PSDrive -Name XDSITEPOL -PSProvider CitrixGroupPolicy -Root \ -Controller DC1

Note: The lines above which are nulled out ($null =) to hide the output. This will ensure that the Citrix Group Policy PoSH drives (PSDrives) are available at any given time to create and manage AD & Site HDX policies.

http://blogs.citrix.com/2013/10/01/xd-tipster-creating-hdx-policies-through-posh/

4. Close and re-open the PoSH window.

Note: The third action now appears after the line is un-commented. Your PoSH Profile is now fully armed and ready to be used.

http://blogs.citrix.com/2013/10/01/xd-tipster-creating-hdx-policies-through-posh/

| 39 |

5. Test your PoSH Profile by typing Get-BrokerSite and hitting return.

Note: All XenDesktop snap-ins are pre-loaded as per the asnp citrix* command which is now loaded as part of your PoSH Profile and therefore all traditional cmdlets are available for use right away.

Get-BrokerSite returns a number of key details about the Synergy606 site.

| 40 |

6. To validate the other functionality loaded through the PoSH Profile type the following in turn:

1. Get-XDSite (One of a number of XD alias based cmdlets introduced with the new High Level Admin SDK in XD 7)

2. Get-PSDrive (Newly created PoSH drives as per the Citrix Group Policy PS-Provider will be displayed)

http://blogs.citrix.com/2013/09/19/xd-tipster-introducing-the-new-xd7-xendesktop-posh-module/

7. Login to DC2 as training\administrator with password Citrix123 and launch a PowerShell window by clicking on the PoSH icon on the taskbar:

8. Type Test-Path $PROFILE to check for the existence of a previously configured profile on DC2:

Note: A return value of false indicates that a PoSH Profile does not exist and therefore must be created. This is the expected behavior.



| 41 |

9. Type New-Item -Type File $profile -force to create a new PoSH profile:

Note: Although the built-in PoSH variable $Profile can be queried at any time, the .ps1 file does not exist by default and must be created using the above command.

10. Observation: Prior to creating a PoSH Profile, if you type $PROFILE and hit return you will notice that although the path to the ps1 file exists but the file itself does not exist by default. As per step 9 above, the ps1 file must be created by running New-Item -Type File $profile -force.

| 42 |

11. Tip: The New-Item -force switch used above in step 9 allows the cmdlet to create an item that writes over an existing read-only item. If not used, you may receive the following error:

12. Type Notepad $PROFILE and hit RETURN to begin editing the existing PoSH Profile

13. Paste the following text into notepad:

asnp citrix* Import-Module –name Citrix.Xendesktop.Admin $null = New-PSDrive -Name XDGPO -PSProvider CitrixGroupPolicy -Root \ -DomainGPO lab_policies $null = New-PSDrive -Name XDSITEPOL -PSProvider CitrixGroupPolicy -Root \ -Controller DC1 Write-Host "XD 606 profile loaded:" -foregroundcolor yellow -backgroundcolor black Write-Host "1.XD Snap-ins/cmdlets loaded" -foregroundcolor yellow -backgroundcolor black Write-Host "2.XD Admin module loaded" -foregroundcolor yellow -backgroundcolor black Write-Host "3.XD Group Policy PSDrives created [XDGPO, XDSITEPOL]" -foregroundcolor yellow -backgroundcolor black “ “ “ “

| 43 |

14.

Save the changes and close notepad.

15. Close and re-open the PoSH window from the taskbar icon:

16. Observation: Your new PoSH profile including all desired functionality loads by default:

Note: To delete an existing PoSH profile just type Remove-Item $PROFILE (DO Not Run THIS COMMAND)


| 44 |


• During this first exercise we learned how to customize a working XenDesktop PoSH environment through the use of a PoSH profile. Similar to a User profile, a PoSH profile loads each time an instance of PoSH is launched and configures the PoSH env as per the users unique needs.

• For more information about creating a customized XD PoSH profile see the following XDtipster blog post:



| 45 |

Exercise 4 Manually Adding a Controller to a Site DB Overview In this exercise you will learn how to manually add a controller to a site DB, simulating a situation where you do not have an existing Controller to facilitate the process. In the real world, this may be required when restoring a customer’s DB in house or in DR situations.


Step Action 1. Switch back to and Login again if needed to DC1 as training\administrator with password

Citrix123 and launch a PowerShell window by clicking on the PoSH icon on the taskbar:

Note: A PoSH instance may already be running from exercise 3

2. Type Get-BrokerController and hit return to view information about each Controller in the Synergy606 site:

Note: The state of each controller is listed as Active (This is a good thing… For Controllers to be fully functional members of a site, their state must be Active).

| 46 |

3. In preparation for removal from the Synergy606 site, let’s turn off DC2 by changing the services state to OFF:

To do this run the following script from the root of PoSH (to get to the root just type cd\ & hit return). C:\> .\turnoffdc2.ps1

Reminder: You should be running this script from DC1

| 47 |

4. Browse to the root of DC1 and open turnoffdc2.ps1 with notepad to view the contents and script structure: Note: The Set-<serviceALIAS>DBConnection cmdlet is used here to set the DBConnection value to $null placing DC2 into an OFF state. Cmdlets: -AdminAddress is used to run the commands against a specific Controller and set of FMA services (Built-in PoSH remoting mechanism) -DBCconnection parameter is always required when setting the DBConnection to $null or a valid string -Force is used to force the service to accept a new DBConnection string and prevents certain dependencies from causing an issue when setting the DBConnection

| 48 |

5. While still on DC1, type Get-BrokerController -adminaddress DC1 and hit return:

Note: Notice the use of the -AdminAddress parameter again. This is required now as the FMA service DBConnection strings on DC2 have been un-configured and therefore running any cmdlets against DC2 will return an error. DC1 is still active and therefore we must run any query against the DB from this Controller.

IMPORTANT: One thing to remember when using PoSH locally from one of the controllers and using the -adminaddress parameter is that once used it will set the context of which Controller to run all commands against by default even when not specified. Closing and re-opening the PoSH instance will revert the context back to the localhost (local FMA services)

6. Launch Citrix Studio from the icon on the taskbar:

| 49 |

7. Observation: As DC2 is in an OFF state, its last update state is > 0 minutes and it has 0 registered desktops (if you do not see 0 registered desktops for DC2, hit F5 to refresh the console.)

Note: Fully functioning Controllers should always show a last update state of 0 minutes as they heartbeat by default with the Site DB every 20 seconds and will timeout after 40 seconds.

8. Right click on DC2.training.lab and select “Remove Delivery Controller”

9. Click Yes when asked if you are sure you want to remove the Delivery Controller from the Site:

| 50 |

10. Click Yes when asked if you would like Studio to update the database automatically:

11. Observation: Citrix Studio will carry out all essential tasks to gracefully remove DC2.training.lab from the Synergy606 site:

12. Observation: How many registered desktops are appearing against the DC1 Controller? Haven’t we only published 3 desktops as per the three Delivery Groups? If so then why do you see 5 Registered desktops? See next step for explanation…

| 51 |

13. If you type Get-BrokerUnconfiguredMachine -adminaddress dc1.training.lab and hit return from within the already running instance of PoSH on DC1 you will find the answer.

The answer is actually in the name of the cmdlet itself.

Note: The above cmdlet returns a list of any un-configured machines with the VDA installed within the site. Un-configured machines are machines which are considered to be Soft Registered only and not Hard registered.

Soft Registered Machines: Machines with the VDA installed & communicating with at least one site Controller but have not been added to a Catalog and Delivery Group and therefore cannot be brokered for user connections.

Hard registered Machines: Machines with the VDA installed & communicating with at least one site Controller but which are already members of a Catalog and Delivery Group and therefore are available to be brokered for user connections.

14. Now that DC2 is no longer a member of the Synergy606 site lets simulate a situation where you need to manually add a controller to a site without the having the luxury of using an existig active site controller to faciliate the process…

Login to DC2 as training\administrator with password: Citrix123 and launch a PowerShell window by clicking on the PoSH icon on the taskbar:

| 52 |

15. Run the following simple script from the root of PoSH: (To get to the root just type cd\ & hit return)

C:\> .\createinstancescript.ps1


16. Browse to the root of DC1 and open createinstancescript.ps1 with notepad to view the contents and script structure:

Note: The Get-<serviceALIAS>DBSchema cmdlet can be used to generate an instance script to add each service instance running on DC2 to the site DB (Synergy606 site)

To optimize the process, you can see that we are using the | out-file –append switch so all service instance scripts are merged into a single .sql file. (Makes sense…)

| 53 |

17. Type copy join.sql \\SQLServer\c$ and hit return to copy the join script to the root of the SQLServer VM:

18. Login to SQLServer as training\administrator with password Citrix123

19. Browse the local disk on SQLServer and double click on the Join.sql file:

| 54 |

20. Click Connect on the Database engine authentication dialog box:

21. Click Connect again to authenticate to the Server:

22. Click inside the Join.sql script window.

| 55 |

23. Click on Query and select SQLCMD Mode:

Note: If you review the comments in the script you will see that enabling SQLCMD mode is advised for the purposes of error handling.

24. Press F5 or the Execute Icon on the Toolbar to execute the Join.sql script

Note: There is no requirement to select the CitrixSynergy606 DB to run the script against as the script itself determines this.

| 56 |

25. Observation: Script runs without errors and does the following:

1. Creates DB login for new Controller (Training\DC2$)

2. Adds all FMA services added to the Synergy606 site

26. Close SQL management Studio

27. Now that all the FMA services on DC2 have been successfully added to the Synergy606 site DB, we need to set the DBconnection string for each so they point to the correct DB.

To do this, switch back to DC2 and run the following simple script from the root of PoSH: (To get to the root just type cd\ & hit return)

C:\> .\set.ps1


| 57 |

28. Browse to the root of DC1 and open set.ps1 with notepad to view the contents and script structure:

Note: The Set-<serviceALIAS>DBConnection cmdlet is used again here but as before, rather than setting the value to $null, we are setting a complete string to communicate with the Synergy606 site DB.

Also note that the script includes a Ref list of all FMA service Aliases.

| 58 |

29. Now that we have added the services to the site DB and Set the DBConnection strings, we need to register each service instance on DC2 with the site configuration service.

The configuration service acts as a directory services listing for the site and to be fully functional members of the site. Each FMA service has to advertise its communication address with the configuration service.

To do this just run the following simple script from the root of PoSH: (To get to the root just type cd\ & hit return)

C:\> .\register.ps1


| 59 |

30. Browse to the root of DC1 and open register.ps1 with notepad to view the contents and script structure:

Note: The Register-ConfigServiceInstance cmdlet can be used to register each service instance with the site configuration service. In the example below, we use the Get-<serviceALIAS>ServiceInstance cmdlet to return the specific service instance before piping the return value to the Register-ConfigServiceInstance cmdlet to register each specific service.

31. Taking Stock: Now that 3 of the 4 steps required to manually add a Controller to an existing site are complete we can carry out the final task. Before we do this, let’s recap. The following 3 steps have now been completed:

1. All FMA services on DC2 have been added to the Synergy606 site DB

2. DBConnection strings have been set for all FMA services on DC2

3. All FMA services on DC2 have been registered against the site configuration service

| 60 |

32. To complete the task we need to finally update all FMA service group memberships in the site with the complete and updated list of all configuration service endpoints. Essentially we need to let every FMA service group know that there is now more than one configuration service in the site. In fact, we now have two. One running on DC1 and one running on DC2


C:\> .\resetgroupmemberships.ps1


33. Browse to the root of DC1 and open resetgroupmemberships.ps1 with notepad to view the contents and script structure:

Note: The Get-ConfigServiceInstance cmdlet can be used to return a list of all available configuration service instances in the Synergy606 site. In the example below, we pipe this information and reset each service group membership so that every service instance of the same type across all Controllers will have the full updated list of all configuration service instances in the site.

| 61 |

34. As per the script instructions above, type Get-BrokerController to check Site membership and confirm that DC2 appears as ACTIVE.

Note: As DC2 has just been added to the Synergy606 site, DC1 holds all the Site Service leases. This will remain as is until both controllers are rebooted and the Broker service restarted on each. At this point the leasing process will start again with an even distribution of Site Services.

35. Launch Citrix Studio from the icon on the taskbar:

36. Observation: Both Controllers last update value = 0 as expected:

| 62 |



• To reduce the administration burden when carrying out complex repetitive tasks, PoSH scripts can and should be used.

• There are 4 key steps when manually adding a Controller to an existing Site DB which can essentially be broken as follows:

1. Create Instance script for each FMA service on the controller to join the existing DB.

2. Set DBConnection string for each of the FMA services on the controller to join the existing DB.

3. Register all new FMA services on the controller to join the existing DB with the site configuration service.

4. Reset all existing FMA service Group memberships so that they are aware of the new configuration service endpoint running on the new controller.

• All scripts actions are logged by the Configuration logging service which is enabled by default and can be viewed under the Common Tasks dashboard tab and/or the Logging node:

| 63 |

| 64 |

Exercise 5 Manually Updating FMA Service DB Schemas Overview In this exercise we will check the true status of the key FMA services running on a XenDesktop site Controller and show how to manually change the DB Schema version through PoSH for troubleshooting purposes.


Step Action 1. While logged into DC2 as training\administrator with password Citrix123.

If not already running, launch a PowerShell window by clicking on the PoSH icon on the taskbar:

2. Type Get-BrokerServiceStatus and hit return to check the status of the Broker service running on DC2:

Expected Status = OK

| 65 |

3. Type Get-BrokerInstalledDBVersion and hit return:

Note: The expected DBVersion should appear as 7.5.0.0 indicating that the installed XenDesktop version is; you guessed it… XenDesktop 7.5.

4. Type Get-BrokerInstalledDBVersion -downgrade and hit return:

Quick Tip: Hit the up arrow on your keyboard to retrieve the last run command and just append -downgrade to the end.

| 66 |

5. Paste the following two lines in order in the PoSH window and hit return after each to create a script to downgrade the DB Schema for the Broker service.

$downgrade = Get-BrokerDBVersionChangeScript -DatabaseName CitrixSynergy606 -TargetVersion 7.1.0.0

$downgrade.Script > c:\downgradebroker_71.sql

6. Type copy downgradebroker_71.sql \\SQLServer\c$ and hit return to copy the Schema downgrade script to the root of the SQLServer VM:

| 67 |

7. IMPORTANT: DO NOT BY PASS THIS STEP:

Before we can downgrade the existing Broker service DB Schema we need to disconnect all controllers from the DB.

To do this just run the following simple script from the root of PoSH: (To get to the root just type cd\ & hit return) C:\> .\turnoffall.ps1


Note: Setting DBConnection strings to DBUnconfigured will turn off each controller gracefully and release all assigned Site Services.

8. Login to SQLServer as training\administrator with password Citrix123

| 68 |

9. Browse the local disk and double click on the downgradebroker.sql file:

10. Click Connect on the Database engine authentication dialog box:

| 69 |

11. Click Connect again to authenticate to the Server:

12. Click on Query and select SQLCMD Mode:

| 70 |

13. IMPORTANT: HAVE YOU COMPLETED STEP 6 ABOVE i.e. ran turnoffall.ps1 to un-configure all site controller FMA services? It is essential that this is completed or you will receive an error when executing downgradebroker.sql.

Press F5 or the Execute Icon on the Toolbar to execute the downgradebroker_71.sql script

Note: There is no requirement to select the CitrixSynergy606 DB to run the script against as the script itself determines this.

14. Observation: Script runs without errors and updates the Broker service schema from 7.5.0.0 to 7.1.0.0.

15. Switch back to DC2 (Controller where you created the DB schema downgrade script) and login again if needed as training\administrator with password Citrix123

16. If needed launch a new PoSH window from the taskbar icon.

| 71 |

17. Before we can check the status of the Broker service after the DB Schema has been downgraded we must reconnect all site Controllers to the Synergy606 DB


C:\> .\turnonall.ps1


Note: Script indicates that the state of at least one FMA service running on each Controller is not OK but in fact DBMissingOptionalFeature. Let’s investigate…

| 72 |

18. Run statuserror.ps1 from within the existing PoSH instance

C:\> .\statuserror.ps1

Note: Press any key to view the service states for the remaining services and note that all services are reporting an OK value apart from the Broker service which now reports a status of DBMissingOptionalFeature


Note: After downgrading the Broker Service DB schema the above cmdlet reports the installed DB version as 7.1.0.0 and not 7.5.0.0.

| 73 |

20. Type Get-BrokerInstalledDBVersion –upgrade to view the available upgrade options:

Note: At this point, you could (But DON’T) repeat Step 5-13 with a few little tweaks to manually upgrade the Broker service Schema to target version 7.5.0.0. let’s take the easy option this time…

21. Launch Citrix Studio and select the option to “Start the automatic Site upgrade”

| 74 |

22. Select the radio button “I am ready to upgrade” and click Upgrade:

23. Click Finish once the Site upgrade process completes:

| 75 |

24. Observation: Citrix Studio dashboard appears correctly after applying the mandatory DB schema update:

| 76 |

25. Run statusfixed.ps1from within the existing PoSH instance

C:\> .\statusfixed.ps1

Note: Press any key to view the service states for the remaining services and note that all services are now reporting an OK value including the Broker service after carrying out the mandatory DB upgrade.


Note: After carrying out the mandatory upgrade of the Broker Service DB schema the above cmdlet reports the installed DB version correctly as 7.5.0.0

| 77 |

27. Congratulations you have finished this exercise.


• FMA services should be running against the latest DB Schema versions to avoid possible inconsistent behavior.

• Citrix Studio will inform you if a mandatory DB upgrade is required and will also complete the task if instructed through helpful wizards

o PoSH can be used to check for upgrade and downgrade schema target versions and also generate an SQL script to apply directly against the site DB. This is an alternative method which can be used if Citrix Studio encounters issues.

• It is important to look beyond the windows services applet and check the true state of the FMA services using the PoSH SDK

o E.G. Get-BrokerServiceStatus = OK

| 78 |

Exercise 6 Controlling Access To Resources through the SDK Overview In this exercise we will use the PoSH SDK to explicitly control access to resources.


Step

Action

1. Logon to SF1 as training\administrator with password Citrix123 and launch Citrix StoreFront from the taskbar icon:

2. Right click on the Server Group node and select Change Base URL:

| 79 |

3. Enter https://sf1.training.lab as the new Base URL and click OK:

Note: Due to a restriction with the Site Access policy (which we will configure later in this exercise), we must change the base URL to https://sf1.training.lab.

4. Login to Win7Client as training\administrator with password Citrix123.

5. Launch Internet Explorer from the taskbar icon and enter the new Receiver for Web URL in the address bar: https://sf1.training.lab/Citrix/CitrixSynergyStoreWeb

6. Log on to StoreFront using Training\user1 and Citrix123.

https://sf1.training.lab/

https://sf1.training.lab/

https://sf1.training.lab/Citrix/CitrixSynergyStoreWeb

| 80 |

7. Based on the three existing Delivery Group user assignments, the following desktops types are available to User1:

1. W2K12 RDS Shared Desktop 2. Win7 Radom Desktop 3. Win8 Static Desktop

8. Login to DC2 as training\administrator with password Citrix123 and launch a PowerShell window by clicking on the PoSH icon on the taskbar:

| 81 |

9. Type Get-BrokerEntitlementPolicyRule and hit return:

Note: The Site Entitlement Policy contains a single rule by default for each Existing Random or Pooled Random (MCS) Delivery Group and can be used to explicitly control access to member desktops.

| 82 |

10. Copy and paste the following string into the PoSH window and hit return:

Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $true -ExcludedUsers training\user1

Note: The above string will enable the excluded users filter and exclude training\user1 from accessing any resources with the Training Win7 Delivery Group even though user 1 is part of the Domain Users Group which in turn has been granted access through the UI (Citrix Studio) Entitlement & Access Policies will always take precedence over user associations through the UI.

| 83 |

11. Copy and paste the following string into PoSH and hit return:

Get-BrokerEntitlementPolicyRule -Name "Training Win7_1"

Note: We can now confirm the exclusion just set in place.

| 84 |

12. Switch back to Win7Client and press F5 or hit return to refresh StoreFront console. If your session has timed out, just log in again as Training\user1 and Citrix123.

Based on the three existing Delivery Group user assignments and the explicit entitlement policy exclusion on the Training Win7 Delivery Group, only the following two desktops types are available to User1:

1. W2K12 RDS Shared Desktop 2. Win8 Static Desktop

Note: The Win7 Radom Desktop is no longer available based on the entitlement policy exclusion which we just set in Step 9 above.

13. Switch back to DC2 and remove the exclusion by copying one of the following strings into the open PoSH window and hitting return:

Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -RemoveExcludedUsers training\user1 -ExcludedUserFilterEnabled $false

Or

Set-BrokerEntitlementPolicyRule -Name "Training Win7_1" -ExcludedUserFilterEnabled $false -ExcludedUsers @()

| 85 |

14. Copy and paste the following string into the PoSH window and hit return to confirm:

Get-BrokerEntitlementPolicyRule -Name "Training Win7_1"

Note: The exclusion has now been removed

15. Switch back to Win7Client and press F5 to refresh the StoreFront console. If your session has timed out, just log in again as Training\user1 and Citrix123.

Once again we can see that based on the three existing Delivery Group user assignments the following three desktops types are available to User1:

1. W2K12 RDS Shared Desktop 2. Win7 Radom Desktop (WELCOME BACK DEAR FRIEND!!!!!!!) 3. Win8 Static Desktop

| 86 |

16. Switch back to DC2 and login again if needed as training\administrator with password Citrix123

17. Type Get-BrokerAssignmentPolicyRule and hit return:

Note: The Site Assignment Policy contains a single rule by default for each Existing Static or Pooled Static (MCS) Delivery Group and can be used to explicitly control access to member desktops.

The same steps carried out above (Steps 9 through 14) can also be followed to set and remove explicit exclusions against Static or Dedicated desktops.

| 87 |

18. Type Get-BrokerAccessPolicyRule and hit return:

Note: The Site Access Policy contains two rules by default for each existing Delivery Group regardless of type i.e. Existing Static, Pooled Static (MCS), Existing Random or Pooled Random (MCS) and controls the conditions for accessing resources contained within each Delivery Group.

By default, a Direct connection rule and a connection via Access Gateway exist.

| 88 |

19. Copy and paste the following string into the PoSH window and hit return:

Get-BrokerAccessPolicyRule -DesktopGroupName "Training Win8" | select allowedconnections, desktopgroupname, excludedclientip*, name | format-list

Note: Using the select function will allow us to view the relevant information on a single page without having to use the scroll bar. You should use this technique whenever possible for a better overall user experience.

20. Copy and paste the following string into the open PoSH window and hit return to set the new ClientIP access exclusion:

Set-BrokerAccessPolicyRule "Training Win8_Direct" -ExcludedClientIPFilterEnabled $true -ExcludedClientIPs 192.168.10.29

21. Copy and paste the following string once again into the PoSH window and hit return:


Note: The new ClientIP exclusion can be clearly seen and verified.

| 89 |

22. Switch back to Win7Client and press F5 or return to refresh the StoreFront console. If your session has timed out, just log in again as Training\user1 and Citrix123.

Based on the Three existing Delivery Group user assignments and the explicit access policy exclusion on the Training Win8 Delivery Group, only the following two desktops types are now available to User1:

1. W2K12 RDS Shared Desktop 2. Win7 Random Desktop

23. Switch back to DC2 and remove the exclusion by copying one of the following strings into the open PoSH window and hitting return:

Set-BrokerAccessPolicyRule "Training Win8_Direct" -ExcludedClientIPFilterEnabled $false -ExcludedClientIPs @()

OR

Set-BrokerAccessPolicyRule "Training Win8_Direct" -ExcludedClientIPFilterEnabled $false -RemoveExcludedClientIPs 192.168.10.29

| 90 |

24. Copy and paste the following string once again into the PoSH window and hit return:


Note: The previously set ClientIP exclusions have been removed.

25. Switch back to Win7Client and press F5 or return to refresh StoreFront console. If your session has timed out, just log in again as Training\user1 and Citrix123.

Once again we can see that based on the Three existing Delivery Group user assignments the following three desktops types are available to User1:

1. W2K12 RDS Shared Desktop 2. Win7 Random Desktop 3. Win8 Static Desktop (WELCOME BACK ME AUL PAL!!!!!!!)

| 91 |

26. Logout of StoreFront and close IE.

27. Congratulations you have finished this exercise.


• XenDesktop includes a number of Site wide policies which can be used to explicitly control access to resources and the conditions under which the resources are accessed. Some of those discussed during the above exercise include:

o Broker Entitlement Policy (Get-BrokerEntitlementPolicyRule)

Controls access to Existing Random or Pooled Random (MCS) machines

o Broker Assignment Policy (Get-BrokerAssignmentPolicyRule)

Controls access to Existing Static or Pooled Static (MCS) machines

o Broker Access Policy (Get-BrokerAccessPolicyRule)

Controls the conditions for accessing resources contained within each Delivery Group

• For complete granular control of access to site resources through site policies, the PoSH SDK must be used.

| 92 |

Exercise 7 Changing Delivery Group Icons Overview In this exercise we will have some fun and give our Delivery Group icons a little bit of a makeover…


Step 1. Login to Win7Client as training\administrator with password Citrix123

2. Launch Internet Explorer from the taskbar icon:

3. Enter one of the following links and hit return:

http://www.iconarchive.com/

http://findicons.com/

4. Browse the free icon archives until you find two you like and then download both to the C:\ drive on Win7Client

Can’t decide? Try these…

http://findicons.com/icon/56773/flag_of_ireland?id=57179

http://findicons.com/icon/259333/package_games?id=260307

http://www.iconarchive.com/

http://findicons.com/

http://findicons.com/icon/56773/flag_of_ireland?id=57179

http://findicons.com/icon/259333/package_games?id=260307

| 93 |

5. Open a new tab in IE and browse to the following Link

http://www.motobit.com/util/base64-decoder-encoder.asp

6. Click the Browse button; select your first image from C:\ and select Convert the source data button:

http://www.motobit.com/util/base64-decoder-encoder.asp

| 94 |

7. Select all & copy the Base64 representation of the source data:

| 95 |

8. Minimize IE and create a new text file called Icon1 (extensions are hidden by default) on the desktop of the Win7Client VM and save the Base 64 String output:

VERY IMPORTANT STEP: Place Inverted Commas (“) at the beginning and end of string so that is treated as a complete string without spaces by PoSH.

9. Repeat the above steps for the 2nd icon naming the second text file Icon2

10. Copy both text files i.e. Icon1 & Icon2 to the root of DC2 i.e. \\DC2\C$

11. Login to DC2 as training\administrator with password Citrix123

12. Launch a PowerShell window by clicking on the PoSH icon on the taskbar:

13. Type Get-BrokerIcon and hit return:

Note: The above cmdlet returns a list of all current Icons available within the site DB

| 96 |

14. Type or copy and paste the following string into the open PoSH window and hit return:

Get-BrokerDesktopGroup | select published*, name*, icon*, uid* | format-table

Note: All Delivery Groups use the default icon which is identified with the IconUid of 1

15. Browse to the root of DC2 and open the Icon1 text file

Select All and copy the entire string:

| 97 |

16. Within PoSH, type New-BrokerIcon –EnCodedIconData <paste the complete string within the Icon1 text file just copied in step 15 above>

Hit Return Twice to execute the command once the full string is loaded:

Note: A new icon is imported into the DB with taking the next available UID identifier of 6

| 98 |

17. Browse once again to the root of DC2 and open the Icon2 text file

Select All and copy the entire string:

| 99 |

18. Within PoSH, type New-BrokerIcon –EnCodedIconData <paste the complete string within the Icon2 text file just copied in step 17 above>

Hit Return Twice to execute the command once the full string is loaded

Note: A new icon is imported into the DB with taking the next available UID identifier of 7

19. Type Get-BrokerIcon and hit return to see the full list of available Broker Icons once again:

Note: The two new imported icons are represented above by Uid 6 & 7 and the default delivery Group icon is represented by Uid 1 as per step 25 above but what about Uid 2,3,4 & 5? What do they represent? Let’s see…

| 100 |

20. Type or copy and paste the following string into the open PoSH window and hit return:

Get-BrokerApplication | select published*, name*, iconuid*, uid* | format-table

Note: That’s correct! Published Applications…

21. Type or copy and paste the following strings into the open PoSH window and hit return after each:

Set-BrokerDesktopGroup -name “Training Win7” -IconUid 6

Set-BrokerDesktopGroup -name “Training Win8” -IconUid 7

Note: The Set-BrokerDesktopGroup cmdlet can be used to change the IconUid associated with any given Delivery Group.

22. Type or copy and paste the following string into the open PoSH window and hit return to see the updated Icon associations:

Get-BrokerDesktopGroup | select published*, name*, icon*, uid* | format-table

23. Login to Win7Client as training\administrator with password Citrix123.

24. Launch Internet Explorer from the taskbar icon, enter the NEW Receiver for Web URL in the address bar and hit return:

Direct URL:



| 101 |

25. Log on to StoreFront using Training\user1 and Citrix123.

26. Observation: The Win7 Random & Win8 Static Delivery Groups are feeling completely revitalized after their new makeover…



• XenDesktop can be FUN!!!

• Delivery Group icons are stored as base64 strings inside the database and can be manually imported.

• For more information and XenDesktop related tips follow @XDtipster and @XDInformer

o http://blogs.citrix.com/2013/08/21/xd-tipster-changing-delivery-group-icons-revisited-xd7/

http://blogs.citrix.com/2013/08/21/xd-tipster-changing-delivery-group-icons-revisited-xd7/

| 102 |

Please complete this survey

We value your feedback! Please take a moment to let us know about your training experience by completing the brief Learning Lab Survey

Revision Change Descriptions Updated By Date

1.0 Original Version Kim Ferrie May 2014

1.01 Fixed typo in login credentials Brian Bustin May 7, 2014

About Citrix Citrix (NASDAQ:CTXS) is a cloud company that enables mobile workstyles—empowering people to work and collaborate from anywhere, securely accessing apps and data on any of the latest devices, as easily as they would in their own office. Citrix solutions help IT and service providers build clouds, leveraging virtualization and networking technologies to deliver high-performance, elastic and cost-effective cloud services. With market-leading cloud solutions for mobility, desktop virtualization, networking, cloud platforms, collaboration and data sharing, Citrix helps organizations of all sizes achieve the speed and agility necessary to succeed in a mobile and dynamic world. Citrix products are in use at more than 330,000 organizations and by over 100 million users globally. Annual revenue in 2012 was $2.59 billion. Learn more at www.citrix.com.

http://tinyurl.com/SummitILT

https://citrix.co1.qualtrics.com/SE/?SID=SV_7ZMrgdK7XPIi0Wp

http://www.citrix.com/

606: journey to the center of xendesktopdocs.citrixvirtualclassroom.com/events/...journey.pdf ·...

Documents