PowerShell: XenApp Server Performance

I wrote a simple PowerShell script to monitor the real time performance (CPU usage, Memory usage and Disk queue length) of the XenApp farm servers.

To make it work, you need to:

1) Download and install the XenApp Powershell SDK.

2) Ensure the ‘Citrix XenApp Commands Remoting’ service is running on the data collector server. If it fails to start, you may need to configure the proxy for it – e.g. netsh winhttp set proxy myproxy:8080

3) Modify the parameters to fit your environment, then run the script. The log file looks like this:

Farm name is: MyFarm
Zone name is: DEFAULT ZONE
26/03/2014 11:54 AM
The Desktop sessions number is: 17
My-Farm-DC-01, CPU Usage(%): 0.000641017422853274, Free RAM(MB): 2287, Disk queue: 0
My-Farm-XenApp-01, CPU Usage(%): 42.6923101577751, Free RAM(MB): 2329, Disk queue: 0.118488823789591

The script can be downloaded from here:



Recreate Citrix LHC

We received a user report complaining that one of the published applications can not be opened. Login into the Citrix console, I noticed there are couple alerts regarding that single server which hosts the published application.

Health Monitoring and Recovery test failed.
Server lost connection to farm data store.

I checked the networks, everything looks fine. And the application can be executed while RDP into the server. So it must have something to do with Citrix. So I stopped the IMA service, and recreated the local host cache by running ‘dsmaint recreatelhc’, then started the IMA service. Tested it and found the issue was gone. I guess this might be cause by that the damaged LHC prevents the IMA service to update it from the datastore.

Citrix XenApp 6.5 Administration Training Day 5 Notes

Module 11: Configuring Self-Service Applications

  • Citrix Receiver
    – For Windows applications, users can only receive self-service applications when the self-service plugin is also deployed.


  • Citrix Merchandising Server
    – Citrix receiver updater keeps the version updated since the first deployment


  • Citrix Plug-ins
    – Citrix receiver/ self-service plugin/ offline plugin/ App-V client/ secure access plugin/ profile management plugin/ service monitoring plugin/ acceleration plugin/ single sign on plugin
    – Delivery method
    – Java client requires 32bit JRE


Module 12: Configuring Printing

  • Printing concepts
    – printer types: local, network and redirected client
    – security


  • Default printing behavior
    – user local printers are created automatically when session begins > printing jobs queued to locally defined printer –> printing jobs queued to network printers directly –> XenApp server retains user’s printer settings or save it to user’s profile if fails–> XenApp tries native printer driver or universal printer driver if fails.
    – Use policy to alter default printing behavior


  • Printer provisioning
    – Auto-creation/ Network printer provisioning
    – Synchronous vs. Asynchronous printer creation when publishing an application


  • Printing Pathways
    – Network printing pathway is ideal for fast local networks (default)/ Client printing pathway is ideal for WAN


  • Printer Drivers
    – Types: Native/ OEM/ Universal
    – Automatic installation of in-box printer drivers is enabled by default, and can result in the installation of a large number of native drivers in the environment.


  • Citrix Universal Printing
    – EMF-based/ XPS-based/ Universal printer with universal driver
    – Policy settings


  • Administrator-Assigned Network Printers
    – Session printer policy


  • Workspace control and proximity printing
    – Proximity printing is enabled through the session printer policy rule in GPMC or IMA policy


  • Printing preferences
    – The settings can be saved to XenApp server/ User device/ the document
    – Retention policy


  • Printing bandwidth


Module 13: Securing XenApp

  • XenApp Security Solutions
    – SecureICA/ SSL Relay/ Citrix Access Gateway (SSL VPN appliance)


  • Access Gateway
    – WI generates ICA file that includes STA
    – Access gateway validates the STA (Secure Ticket Authority) ticket
    – If CAG authentication is enabled, both CAG and WI are responsible for authenticating users
    – SSO to WI
    – SmartAccess: EPA scan and SSL certificate check


  • WI configuration
    – Access method: gateway direct/ gateway alternate (AltAddr must be run on each server)/ gateway translated


Module 14: Monitoring

  • Health Monitoring and recovery
    – implemented as Citrix policy


  • Service Monitoring for XenApp
    – EdgeSight monitors license usage, server/ published application performance and availability, end user experience
    – EdgeSight server/agent


  • Workflow Studio


Module 15: Additional Components

  • Additional components
    – SmartAuditor
    – Single sign-on
    – Brach optimization
    – Provisioning services
    – Power and capacity management
    – XenServer

Citrix XenApp 6.5 Administration Training Day 4 Notes

Module 8: Configuring Policies

  • Group Policy Integration
    – Group policy integration does not require changes to the Active Directory schema
    – GPMG is generally recommended. Benefits: backup, restore, migrate, view the resultant, perform modeling… AGPM
    – IMA-based group policies
    – Group policy extension
    – Group policy architecture. GPO Citrix policy (ADM/X, GPF/X) is stored in sysvol folder, IMA-based citrix policy is stored in datastore database and local sysvol folder (GPF/X).
    – HKLM\Software\Policy\Citrix registry key


  • Policy Evaluation
    – IMA-based policy subjects to the AD GPO refresh cycle (90 min) for computer configuration, but applies immediately for user configuration
    – Processing –> local/ IMA based/ site/ domain/ OU <-Precedence
    – If Loopback processing is enabled, it only affects AD GPO processing


  • Policy Rules
    – Computer/ User policies
    – Bandwidth limit precent
    – policy templates
    – Policy Filter (unfilter vs filtered)
    – Policy modeling, resultant


Module 9: Configuring Load Management

  • Load Manager
    – By default, the load is measured and balanced by the number of user sessions on each server
    – Load manager calculates server load using load evaluators attached to servers or application
    – Session sharing takes precedence over load balancing, except when the server is fully loader
    – Load balancing process
    1) each sever calculate the load periodically based on the load evaluators
    2) each server sends calculated value to the zone data collector (the last 10 samples are calculated into a running average value)
    3) the data collector gathers the information and maintains a numeric index for each load balanced server
    4) the data collector receives request and returns the IP address or FQDN of the least busy server
    5) the user device plug-in connects in


  • Load Calculation
    – Five load throttling settings (Extreme 1, … Medium low 5)
    – Load Throttling formula: current load + 1/N * (10000 – current load)
    – If a change of +/- 500 occurs to the server load, the server sends the change to the data collector immediately
    – Moving average rules: CPU, Memory utilization (low, high threshold)
    – Incremental rules: application user load, server user load
    – Boolean rules: IP range, scheduling


  • Load Evaluator Configuration
    – Only one load evaluator can be assigned to each server and each streamed application


  • Load Balancing Policies
    – Benefits: redirect to backup server/ redirect to dedicated severs/ reducing WAN by directing users to closest regional servers/ force application to be streamed
    – preferential load balancing: importance of application/ user sesssion


Module 10: Optimizing the user Experience

  • Optimizing Session Performance
    -Tune the session performance policy to reduce the impact of network latency and bandwidth


  • HDX Broadcast Session Reliability
    – Enabled by default
    – HDX realtime is only available for Windows user device. And it is recommend for LAN environment only.
    – HDX plug-n-play


  • HDX MediaStream Flash Redirection v2


  • SpeedScreen Latency Reduction
    – Mouse click feedback/ Local text echo


  • HDX 3D Image Acceleration
    – Lossy compression scheme


  • User Profiles
    – it consists of: registry hive and a set of profile folders stored in the file system
    – type: local/ roaming/ mandatory/ temporary
    – redirecting user data


  • To enable profile management
    – user the adm template
    – profile management logon process
    – .mft (Master File Table)

Citrix XenApp 6.5 Administration Training Day 3 Notes

Module 7: Streaming Applications

  • Application Streaming
    – Benefits: centralized management/ isolated environment/ optimal utilization of computing resource/ …
    – Components: CTX streaming profiler/ Citrix receiver with offline plug-in/ Application hub or web server
    – Application Streaming communication process:
    1) A user clicks a published streaming application icon. The start request is relayed to the web interface
    2) The web interface contacts the XenApp server to obtain the information required to run the application
    3) The web interface server creates a .rad file based on the information obtained and provides it to the RadeRun.exe utility
    4) The RadeRun.exe utility passes the .rad file to the Citrix streaming service (RadeSvc), which creates an isolated environment and downloads the application profile from the application hub
    5) The Citrix streaming service opens the application executable according to the instructions included in the application profile and runs the executable inside the isolated space
    6) Additional application files are downloaded from the application hub as needed during normal application usage
    – Streaming App-V package


  • Citrix Offline Plug-in
    – Cache location %ProgramFiles% (x86) \Citrix\Radecache\
    – Cache size: 1G or 5% of the installation disk volume, whichever is larger
    – %ProgramFiles% (x86) \Citrix\Streaming Client\ClientCache.exe
    – Installer CitrixOfflinePlugin.exe


  • Citrix Streaming Profiler
    – The profile does not install files already on the computer
    – Prerequisites: JRE can be profiled, .NET framework can not
    – Only 32 bits applications can be profiled
    – The profiling system run-time environment should be as close to the user devices’ or servers’ as possible
    – Profiling process
    – A target is a collection of files, registry data and other information used to represent an application isolated environment
    – The old version target only can be removed manually
    – Inter-Isolation communication
    – Not all applications with services will function correctly when profiled
    – It is possible to revert back to previous version of a streaming profile (see CTX120436)
    – Streaming application only support Windows family
    – It is possible to force the delivery of streamed to client streamed applications with filters
    – To use http or https as a delivery method, you need to add MIME type information .profile=text/xml
    – Stream to server vs. Stream to client
  • Offline Access Management
    – How:Enable an application for offline access/ Configure XenApp services site for offline or dual mode applications/ Ensure the license if available for check out
    – Offline access period: 21 days by default
    – Caching type: pre-deploy at logon / cache at launch (default)
    – Pre-deploy is automatic for offline streaming and is not recommended for online streaming
    – %ProgramFiles%\Citrix\Deploy\RadeDeploy.exe

Citrix XenApp 6.5 Administration Training Day 2 Notes

Module 5: Installing and Configuring the Web Interface

  • Web Interface Communication Process
    1) A user submit logon credentials through a web interface logon page.
    2) Web interface server forwards the logon credentials to the XML broker service on the XenApp server.
    3) The credentials are forwarded to a domain controller for authentication.
    4) The XML broker service retrieves a list of resources from the IMA subsystem.
    5) Web interface presents the resources in a web page on user device. The user clicks an application icon on the web page
    6) Web interface contacts the XML broker to locate the least busy sever in the farm. The XML broker requests a secure ticket for the user from the least busy server.
    7) The XML broker returns the address of the least busy server hosting the resources and the secure ticket for the user to the web interface. The web interface server dynamically generate an ICA file (launch.ica) and sends it to the web browser on the user device.
    8) The user device initiates a connection with the server specified in the connection information of the ICA file.


  • Web Interface Installation
    – Site creation: XenApp Web site (for web plugin)/ XenApp Service site (for online plugin)
    – The configuration information for a  web site is stored in webinterface.conf file (\INetPub\WWWRoot\Citrix\XenApp\Conf\)
    – Point of authentication (web interface, ADFS, access gateway, third party) can not be changed once set
    – Published resources type: online/ offline/ dual mode (attempts to virtualize the application to the user device first)
    – XenApp service site configuration information is stored in config.xml file (\INetPub\WWWRoot\Citrix\PNAgent\Conf\)


  • Web Interface Site Modification
    – A maximum of five backup URLs can be configured for each site
    – Add /m or /mobile to the end of the web interface URL to access available mobile pages on the site
    – Site appearance: Layout/ Appearance/ Content
    – Session settings are not available for XenApp service sites
    – Session options are not available fro XenApp web sites
    – The workspace control feature allows users to disconnect and reconnect to sessions as they move between different user devices (XenApp must be installed and configured, Web interface must be installed, and at least one web interface site must be configured)
    – Workspace control: Automatically reconnect to sessions/ Enable reconnect button/ Logoff/ Session lingering


  • Citrix Plug-ins and Web Interface
    – Citrix receiver and plug-ins update
    1) uncomment the following lines
    2) Rename CitrixOnlinePluginWeb.exe to CitrixReceiverWeb.exe
    3) Restart IIS web services – iisreset
    – Automatically Detecting Plug-ins

  • Authentication Configuration
    – Authentication options: Explicit/ Pass-through/ Pass-through with smart card/ Smart card/ Anonymous
    – Two factors authentication: RSA SecureID/ SafeWord/ RADIUS
    – Password setting configurations (Account Self-Service is not available for sites accessed using Access Gateway with Advanced Access Control)
    – ICAClient.adm GPO template is the used for the pass-through authentication
    – The pass-through, smart card, and pass-through with smart card authentication methods require trust relationships between the Web Interface server and the XenApp servers.


  • Secure Access Configuration
    – If Access Gateway is in use, one of the Access Methods should be used: Direct access/ Alternate access/ Translate access
    – NAT access types: User device route translation/ gateway route translation/ user device and gateway route translation


  • Client-side Proxy Settings


  • Server Configuration
    – Configure multi farms
    – XML broker servers failover and load balancing

Module 6: Delivering Applications and Content

  • Publishing Resources
    – Basic/ Advanced
    – Published Resource Types: Server Desktop/ Content


  • VM Hosted Apps requires the components: Desktop Delivery Controller/ Management Console/ Virtual Desktop Agent



  • Advanced Published Resources Settings
    – Access Control
    – Content Redirection (Client-to-Host, Host-to-Client)
    – File Type Association
    – Application Importance
    – Session sharing (all application in a shared session must be published with the same settings, e.g. encryption or color depth). Load balancing takes precedence over session sharing.


  • Published Resource Configuration
    – Session pre-launch reduces application start time ctxprelaunch.exe
    – Manage connections to resources (reset/ log off/ disconnect/ send message/ shadowing)
    – Disable or hide a published resource

Citrix XenApp 6.5 Administration Training Day 1 Notes

In the last week of the 2012 – 2013 fiscal year, I will have a five days training on Citrix XenApp 6.5 administration.

Ignoring my bad hand writing, these are two nice diagrams showing how Citrix XenApp works in server and client side. Keeping the big pictures in mind really helps to learn Citrix XenApp.



Module 1: Introducing XenApp

  • XenApp Editions: Advanced/ Enterprise/ Platinum
  • XenApp Architecture
    Basic components: Web interface/ Data collector/ XenApp servers/ Data store database/ License server/ Worker groups/ Zones
    Additional components: Load manager/ Access gateway VPX/ XenApp Management Pack/ AppCenter/ Receiver and plugins

Single or multiple farm environment consideration? Business decision/ Different version

XenApp servers: Session-host only/and Controllers (data collector, XML broker)

Data Store database maintains persistent farm data (farm configuration information/ published application configurations/ server configurations/ farm management security/ printer configurations/ license server name and port)

Datastore updates and the LHC (local host cache): The IMA (independent management architecture) service polls the data store DB every 30 minutes or whenever a configuration change is made to the farm.

IMA: It provides the framework for all server-to-server communication that occurs in the XenApp farm (TCP port 2512).

Data collector: It maintains dynamic farm information including server load data and user session status.

Data collector election criteria: Highest XenApp version/ Highest Rank/ Highest Host ID number (queryhr/ qfarm/ querydc commands)

Zones: A logical group of XenApp servers communicating with a single data collector. It can be used to designate physical (geographical) or logical groupings.

Sharing data across zones: The best practice is to keep the number of zones to a practical minimum.

AppCenter: the primary administrative utility.

Module 2: Licensing XenApps

  • To License XenApp

             purchase license (has to specify the host name) –> install license server –> import license file

             License communication process

             License types: user/ device

             Microsoft CALs and RDS CALs

  • License Administration Console

             -Citrix vendor daemon port (TCP 7279)
             -License server manager port (TCP 27000)
             -License Administration console port (TCP 8082)

             License server considerations: 200 servers – shared license server/ 200~4000 servers – dedicated license servers/ 4000 servers – dedicated license server for each Citrix product

  • License file management

             License file locat: %ProgramFiles%(x86)\Citrix\Licensing\MyFiles

             Citrix license portal: MyCitrix.com

             Subscription Advantage

  • High Availability Consideration (30 days recovery grace period)

             -Duplicate license server (same hostname, IP address)
             -License server clustering (two nodes Microsoft cluster in Active/Passive configuration)

Module 3: Installing XenApp

  • XenApp Server Role Manager. The roles are:
    -Citrix License serve
    – XenApp Server(XenApp installation on a domain controller is not supported)
    -Web interface server
    -Single sign-on services (Platinum only)
    -Power and Capacity management administration (Enterprise and Platinum only)
    -EdgeSight server (Platium only)
    -Provisioning services (Platinum only)
  • Hardware and Software requirements ( 20~40M RAM per connected user)
  • Server Configuration Tool (SCT)
  • Dynamic Datacenter Provisioning (for session only server)
  • XenApp Configuration Options
    -Database engine for data store (SQL server/express, Oracle)
    -Enable/disable shadowing (If shadowing is prohibited during XenApp installation, it can only enabled at a later time by reinstalling XenApp)
    -XML server port (TCP 80). If IIS is installed, IIS and Citrix XML service can share port 80
    -Pass-through authentication: If pass-through authentication is not enabled during the installation and is later desired on the server, Receiver must be reinstalled on the server before pass-through authentication can be used.
    – IMA encryption needs to be manually configured using CTXKeyTool command

Module 4: Configuring XenApp Administration

  • Worker Groups
    –  publishing applications/ load balancing
    – Worker groups are identified as a filter by name only
  • Administrator Privilege Levels
    Full administration/ View only/ Custom
  • Configuring Administrator/ Folder permissions/ Delegating Administration
  • Configuration Logging (who, when and what)
    – SQL 2005, 2008/ Oracle 11g
    – the configuration logging database can be protected using IMA encryption feature
    – One database only for one farm