Citrix Access Gateway - Recovery Mode

Please check out www.kaztechsolutions.co.uk for more of my technical posts, alternately please call us on 01932 268289. 

I had an issue this week where I'd setup a XenDesktop environment and everything was looking good and internal testing showed everything was working as it should be.  I moved on to the configuration of the CAG VPX and after configuring just the hostname, Licensing, STA, Access List, Logon Points and the Date and time the CAG would restart it self over and over again until it went in to Recovery Mode.

Upon troubleshooting I started to configure the CAG bit by bit and I found that once I configured the STA the CAG would then restart - very strange.

So I enabled logging on the DDC using the Log EnablerV3 and I could see that I was getting STA error's logged in the broker log, so i started to think that this must have been a dodgy install even though XD installer didn't highlight anything once it had finshed.

So I had a quick peek in the registry and i could see under the following key that the STA identifier wasn't created correctly.

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\DesktopServer

So I re-ran the Broker_Service_x64.msi from the XD iso and then refreshed the registry and I could now see that the STA identifier was now correctly configured in the registry.

Hope this helps someone out.

1030 Connection Error - VDI-in-a-Box

Please check out www.kaztechsolutions.co.uk for more of my technical posts, alternately please call us on 01932 268289. 

Had an issue the other day on VDI-in-a-Box 5.1.1 where remote access was through a CAG 5.04 and i was getting the dreaded 1030 error!

Checked all the usual places to check for a 1030 error.

• Is the STA generated from the vdiMrg in the CAG.
• Used an SSL checker to see if the SSL was created correctly.
• Checked that the vDesktop DHCP range is in the ICA access control list on the CAG.
• CHecked that the correct ports are opened up on the firewall.

just to name a few.

If you log in to the vdiMgr console and go to advance properties and look under gateways ensure that you have specified the "Internal HDX gateway IP Addresses" which HAS TO point to the internal IP address of the CAG.

A way you can test if you 1030 error is because the "Internal HDX gateway IP Addresses" is wrong is by downloaded and saving the ICA file and seeing if it has been marked with the internal IP address of the vDesktops rather than with the STA.

VDI-in-a-Box - Best Practices

Best Practices: Scale One by One

Creating the VDI-in-a-Box Grid

• Start with one server then expand, or one image then expand
• Scale the grid one server at a time
• Keep host versions consistent
• Assign static IP addresses to servers
• Use of thin provisioning to cut down dramatically on disk space
• Size your server using recommended best practice
• Ensure that you can generate desktops and users can log on before adding a second or third or fourth server to the grid.

Joining servers to the Grid

• Do not join multiple servers at the same time
• Let the second server join, receive images, provision desktops before joining the third

Use IP addresses instead of DNS names

• To remove the dependency on DNS
• For setting up the hypervisor connection
• For the vdiManager console when configuring the Grid
• For the Active Directory User database connection

Create a base image

• Start with an ISO to create a base published image
• Test this base image first and use this to make additional copies for production
• Keep image sizes small (20-30GB). Less storage space consumed
• Create one domain administrator account for both user authentication (Active Directory) and for image syspreps
• Minimize password changes to accounts. You can do this by creating special “Citrix” accounts

Ports

• vdiManager <> Hypervisor | HTTP over SSL/TLS (HTTPS):443
• vdiManager <> Active Directory | LDAP:389 | LDAP over SSL/TLS (LDAPS):636
• Endpoint <> vdiManager | HTTP over SSL/TLS (HTTPS):443
• Endpoint <> Secure Remote Access (CAG VPX) |HTTP over SSL/TLS (HTTPS):443
• Desktop Receiver <> Virtual Desktop | ICA:1494 or 2598 RDP:3389

Logins and username and passwords

• Management COnsole https://vdiMgrIPaddress/admin - Account: vdiadmin/kaviza
• VDI-in-a-Box appliance logon (vdiMgrIPaddress) - User: kvm/kaviza123|User: root/kaviza123
• User logon from a web browser https://vdiMgrIPaddres
• User logon from the Java Client http://vdiMgrIPaddres/dt/vdiclient.jnlp
• User logon from mobile devices http://vdiMgrIPaddres/dt/PNAgent/config.xml