Jump to content


Photo

App Layered PVS image not registering with DDC

Started by Wayne Weir , 13 September 2017 - 09:38 PM
10 replies to this topic

Wayne Weir Members

Wayne Weir
  • 16 posts

Posted 13 September 2017 - 09:38 PM

Environment:

XA 7.9

PVS 7.9

App Layering 4.3

 

I have an app layered image that I have deployed to the PVS server. When I boot up those target devices they are not registering with the DDC. I tried logging into the server itself and starting the Citrix Desktop Service but the option is grayed out. I am logged in with domain admin creds, but I did notice under computer management that domain admins were not part of the local administrator group. Did I miss a step somewhere? If I do need to add that group to the local admin, which layer do I do this in? I keep hitting all these tiny roadblocks and would like to at least get a working image to test with.



Jens Löcke Members

Jens Löcke
  • 13 posts

Posted 14 September 2017 - 07:23 AM

Hi,

 

During VDA Installation:

  1. "Direct Access Users" local group is created. Which allows non admin users to RDP the Server if needed.
  2. Domain Users group added to the local "Remote Desktop Users" (could also be to the local "Users" group)
  3. NT SERVICE\BrokerAgent account is added to the local "Performance Monitor Users" group
  4. NT SERVICE\CitrixTelemetryService account is added to the local "Performance Log Users" group
  5. Local Anonymous group is created.
  6. Maybe something else, which depends on VDA setup options.

 

All this is missing if using App Layering mechanism.

 

 

As a workaround, create a GPO which does the following:

 

  1. Create Direct Access Users local group. Which allows non admin users to RDP the Server if needed. Add this group to RDP User Right.
  2. Add Domain Users or Authenticated Users group to the local Remote Desktop Users (could also be to the local “Users” group)
  3. Add NT SERVICE\BrokerAgent account to the local Performance Monitor Users group
  4. Add NT SERVICE\CitrixTelemetryService account to the local Performance Log Users group
  5. Create Local Anonymous group

 

 

Also see https://discussions....s/#entry1966341

 

Regards,

Jens



Gunther Anderson Citrix Employees

Gunther Anderson
  • 12 posts

Posted 14 September 2017 - 01:40 PM

Wayne,

 

Did you join your platform layer to the domain?  That normally does all the domain stuff that's supposed to happen, including setting up the local administrator group.  Try versioning the Platform Layer, verifying that it's joined properly to the domain, and maybe even login as the domain Administrator once to make sure it's all working.  A "gpupdate /force" can't hurt.  I don't know if that will solve the registration problem, but it's how I'd approach your domain stuff, which seems like a logical step. 

 

Otherwise, figure out what it takes to make the server itself work, and go do that in the platform layer.  And see if logging in as the local Administrator helps you to do things like try to start the service.



Wayne Weir Members

Wayne Weir
  • 16 posts

Posted 14 September 2017 - 08:53 PM

Thanks for the tips, I will be testing these out shortly. 



Wayne Weir Members

Wayne Weir
  • 16 posts

Posted 15 September 2017 - 04:35 AM

Well after some testing I noticed that the VDA was not installed on the platform layer. This somehow got skipped in the process. So I went ahead and created another version, installed the VDA, finalized, and deployed another PVS template and now the desktop service is running as planned, but its still not registering with the DDC. For fun I downloaded and ran the Citrix Health Assistant and its failing with the domain controller piece. These machines are definitely on the domain and registered in DNS. I have no idea where I went wrong.



Gunther Anderson Citrix Employees

Gunther Anderson
  • 12 posts

Posted 15 September 2017 - 01:42 PM

I'd give up on that platform layer and make a new one, making sure PVS and XenDesktop are installed (and the DDC is selected), making sure it's joined to the domain, even logging in once as a Domain Administrator, before finalizing.  It's sometimes better to just make a new layer rather than versioning an existing one, to start completely clean.  And then in PVS, have it reset the domain password for your target machines just in case.



Wayne Weir Members

Wayne Weir
  • 16 posts

Posted 18 September 2017 - 05:17 PM

thanks Gunther. I will create a new layer and try what you recommended. 



Wayne Weir Members

Wayne Weir
  • 16 posts

Posted 19 September 2017 - 10:02 PM

well, I tried a few times by re-creating the platform layer and no dice. When I ran Citrix Health Assistant before it was stopping me at the 2nd test VDA machine domain membership. I can now get past that part and the current failed test is a time sync issue. I went ahead and opened a ticket with support, hopefully will be resolved soon. 



Wayne Weir Members

Wayne Weir
  • 16 posts

Posted 21 September 2017 - 03:18 PM

So I opened a support case and worked with an engineer for a short while and what he told me is that VMware tools cannot be in the platform layer, only in the OS layer. So I nuked all my layers and started recreating them from scratch. My exact steps were to go into VMware, create a brand new VM for the OS layer, ran updates, installed the tools, installed the app layering tools, etc as the instructions go. I then shut it down, and imported that VM as an OS layer. When I go to create a platform layer, doesnt it use the OS layer as a base for the platform? What I am seeing is the platform layer hardware matches the OS but it has VMware tools on it already. According to the support guy, the platform layer shouldnt have VMware tools. How do I get around this? Do I need to create a whole new template for the platform?



Gunther Anderson Citrix Employees
  • #10

Gunther Anderson
  • 12 posts

Posted 21 September 2017 - 04:47 PM

It's a matter of where the VMware Tools are installed.  The Platform Layer (and indeed any Layer) is the collected changes against the OS layer.  So when your Packaging Machine boots up, before any meaningful changes have been made, your machine looks like a clone of the OS layer, including the fact that the OS layer already includes VMware Tools.  So it's normal to already see VMware Tools when you create a Platform Layer; you just don't want to install them there.

 

What we really expect is that your OS layer contains the machine tools for the hypervisor that you're going to do your work on.  It's hard to boot up a machine and interact with Windows if VMware Tools isn't there, so you should just put them in the OS layer.  If you need to publish into a different hypervisor, then you install *their* tools into the Platform Layer.  And we do a little prestidigitation during Publish to remove VMware Tools from that image.  But in your case, everybody inherits the VMware Tools in the OS layer.

 

But let us know what you see when you publish with that new OS+Platform image.  I can't imagine why it would fail to register with the DDC, unless there's something funky in the network.  Everything else is pretty straightforward.



Wayne Weir Members
  • #11

Wayne Weir
  • 16 posts

Posted 22 September 2017 - 08:44 PM

I was able to get app layering working for the most part. When my VDA’s were registering with the DDC because of a time sync issue I googled the event log error and found an article about the machine catalog being desktop OS vs Server OS. I was deploying Server OS but had the catalog as Desktop OS. Once I deleted the catalog and created it as Server OS it worked perfect. Now though when I launch an app from the App Layering PVS collection I get a RDP group permission error. I am assuming I need to create a GPO to add the Domain Users group to the RDP group on each VDA?