Professional Documents
Culture Documents
Baptiste Duflos, Escalation Manager & Ken Baldwin, Escalation Engineer Tuesday, May 24th 2011
VM
Storage
Id Disk Diff Disk Id Disk Diff Disk Id Disk Diff Disk
Master Disk One copy of the base image shared by all VMs
AD Identity Service
Broker Data Access
Active Directory
Data Access
SQL
Data Access
HCL
HCL
Host Service
Configuration Service
Citrix Confidential - Do Not Distribute
Hypervisors
Hypervisors
The Catalog could not be loaded due to the following errors: There are no master images associated with this Catalog See CTX127068 for resolutions to this problem
Network
Citrix Confidential - Do Not Distribute
Check permissions if Check the master image Try using Certs and Validate the Hypervisor Verify the another virtual storage pathand test is not using Configure CTX125578 snapshot image for creation permissions - CTX127546 Proxy.xmlwasnt deleted local attached storage multiple host connections
Citrix Confidential - Do Not Distribute
Resolution
This issue resulted in Citrix adding a check in the code for each call to path with improved error handling when illegal characters are discovered in the storage naming scheme. The change has been checked into XenDesktop 5 SP1.
Problem Definition
XenDesktop 5 sessions fail to launch when using passthrough authentication
Steps to Reproduce:
1. Launch XenDesktop session from a domain-joined Windows PC 2. Desktop Viewer opens, and the progress wheel spins.. 3. VDA Windows logon screen is seen briefly Expected Results: The session logon process completes, and the Windows desktop is presented. Actual Results: The session closes immediately after flashing the Windows Logon screen
XenDesktop 4 sessions prompt for credentials at the Windows logon screen from the same endpoint
Explicit authentication works for both XD4&5
Broker
SQL
VDA
Endpoint
Pass-through Authentication
User identity is verified by IIS using NTLM or Kerberos Allows Broker to validate the user for desktop enumeration Requires endpoint device to provide credentials directly to the ICA Server
Explicit Authentication
XenDesktop 5 Broker
XML Services Controller Web Interface WCF HTTP(S) ICA SQL
Endpoint
VDA
Pass-through Authentication
XenDesktop 5 Broker
ICA File XML Services Controller Web Interface IIS HTTP(S) ICA WCF SQL
Endpoint
VDA
Test Results
1. Reached the Windows logon screen, where I was able to login 2. Session launch fails at the Web Interface Site 3. Worked with both XD4 & XD5
Endpoint
VDA
Service Logging - CTX127492 CDF Control - CTX111961 XDPing - CTX123278 Powershell SDK - CTX127254 WCF Diagnostics- MS732009
Endpoint
VDA
CdsWorkerAgent Portica_DLL_PICACredProvider ICA Service Portica_DLL_PICADisplayManager Utils.Kernel32.UnmanagedBuffer.SafeDisposeObj MF_Session_Wfshell Portica_DLL_PICASessionHelper ThreadID=7, disposing=True, pointer=32C60E8, size=1568, MF_DLL_Ctxgina Portica_Library_picaCPHelper source=Citrix.Portica.GinaServer.SendAutoLogonMessage MF_Library_System
Endpoint
ICA Logging - CTX115304 CDFControl - CTX124934 DebugView - BB896647 Client Policies - EDocs
Desktop Group
ICA Address
Auto-Logon Allowed
Desktop Viewer Single Sign-On
Checks WI Site against Internet Explorer security zones Blocks certain ICA Client actions (such as Pass-through) based on region settings (CTX124871) Requires CST registry keys to be present (CTX128775)
Citrix Confidential - Do Not Distribute
CST Whitelist
KB-Win7-x32RTM] Address=10.54.67.97:1494 AutologonAllowed=ON BrowserProtocol=HTTPonTCP ConnectionBar=1 InitialProgram=#WinXP 32-bit $P8 Launcher=WI LaunchReference=EE2998E87E058B78E1CAF7050FB40E SessionsharingKey=-R7YM1LL1qw5bcb7LTq21sC UseLocalUserAndPassword=On
Pass-through Authentication
XenDesktop 5 Broker
ICA File XML Services Controller Web Interface IIS HTTP(S) ICA WCF SQL
Endpoint
VDA
Endpoint
Client Selective Trust requires additional client policies to be used Pass-through authentication is treated more securely than explicit authentication
Resolution
Provided a private binary that instead evaluates the ICA address, which supports wildcards
Resources discussed