Citrix Desktop Director 2.1
I have now released my Desktop Director RES AM Runbook. Follow this link for more details
Citrix Desktop Director 2.1 has just been released with XenDesktop 5.6. Desktop Director is the web administration tool which allows support and helpdesk staff to manage certain components of XenApp and XenDesktop. The interface is intuitive and offers lots of information that was not available in previous consoles. It’s a great addition to XenApp and XenDesktop but requires some work to get it up and running.
In this article I will share some of the issues I have come across when setting up Desktop Director.
I always favour a tiered approach to Citrix environments and I therefore like to separate out the different roles, such as Controllers and Management components. This article describes hosting Desktop Director on separate servers to your XenDesktop or XenApp controllers, in smaller environments you may want to install it directly onto a XenDesktop controller.
You may use a XenApp server to host your management tools; because Desktop Director requires the IIS role you probably won’t want to install this on a XenApp server – in this case I think Web Interface servers make a good place to host it.
- XenDesktop 5 Service Pack 1 or XenDesktop 5.5, 5.6
- HDX information displays are not supported for XenDesktop 5 Service Pack 1.
- XenApp 6.5
User Requirements (these are no longer listed in the requirements of Desktop Director 2.1)
- The Desktop Director client requires one of the following operating systems:
- Microsoft Windows 7 Service Pack 1 (32- and 64-bit), Professional and higher
- Microsoft Windows XP Service Pack 3 (32- and 64-bit), Professional and higher
- Apple Macintosh 10.5 or 10.6
Desktop Director supports the following browsers:
Desktop Director 2.0
- Microsoft Internet Explorer 7 or 8
- Internet Explorer 7 is not supported for Windows 7. Compatibility mode is not supported for Internet Explorer 7 or 8.
- Mozilla Firefox 3.6 for Windows
- Mozilla Firefox 3.6 for Mac
- Adobe Flash Player 10 must be installed to view the graphs.
- Internet Explorer 8 or 9
- Firefox 8.x
- Safari 5
Installing Desktop Director
Desktop Director 2.0 can be installed using the XenDesktop 5.5 installation media, or you can download it from Citrix website under XenDesktop 5.5 Custom Download or XenApp 6.5 Custom Download (Click on XenApp 6.5 - Version, scroll down to custom download and click the + next to your language)
Desktop Director 2.1 can be downloaded from the Citrix website under XenDesktop 5.6 Custom Download.
If you are trying to install Desktop Director 2.1 you must first install version 2.0 then upgrade to 2.1
The server you are installing Desktop Director on needs to have the IIS Role.
Run Autorun, deselect all components except Desktop Director.
During the install you will be prompted to enter the names of your XenDesktop Controllers, you are able to enter the addresses of multiple controllers but Desktop Director does not load balance or failover between XenDesktop Controllers, this is merely if you want to manage multiple XenDesktop sites. In an enterprise environment you would need to load balance using NetScaler or another type of load balancer.
For smaller environments, in the instance where you lose the Controller that Desktop Director is pointing at, you can manually change the name of the Controller in the IIS config. See further down for instructions.
For XenApp, you only need to enter the name of one of the Controllers, and Desktop Director discovers all controllers in the farm and uses them for failover. It will not, however, use them for load balancing.
Don't enter the name of your XenApp controllers at this stage though as Desktop Director will think they are XenDesktop Controllers. See further down for instructions on how to add XenApp Controllers.
In Desktop Director 2.1 there is a bug that causes the WinRM reports to give you this error when looking at a machine in the console:
Failed to retrieve data: Server reported unexpected error (error code 100). View server event logs for further information.
Citrix have now released CTX132851 which explains how to resolve this.
If you are using Desktop Director with XenApp you should install the hotfix found in CTX131221
Configuring Desktop Director
Configuration of Desktop Director is done via the IIS website Applications Settings. To get to these:
- Open IIS Manager
- Expand Default Website
- Click on DesktopDirector
- Double click Application settings.
If you are not securing Desktop Director with an SSL certificate you will get this error at the logon screen.
To stop this set UI.EnableSslCheck to false
XenApp Only Implementations
If you are only using Desktop Director for XenApp change Service.AutoDiscoveryAddresses to Service.AutoDiscoveryAddressesXA
Otherwise, logon to Desktop Director will fail and you will see an Event ID 7 in the Application log with this detail
Logon attempt failed.
Additional diagnostics information (exception message):
'No farms or sites are currently accessible'
To manage multiple XenApp and / or multiple XenDesktop sites, configure Service.AutoDiscoveryAddressesXA with the addresses of the XenApp Controllers for the multiple sites separated by commas; and Service.AutoDiscoveryAddresses with the addresses of the XenDesktop Controllers for the multiple sites separated by commas.
You will want to configure a timeout for the Desktop Director console for security reasons. To do this:
- Expand Default Website
- Click on DesktopDirector
- Double click Session State
- Set your timeout under Cookie Settings
Win RM is used by Desktop Director to pull the Memory, CPU, and Network stats, and the HDX report.
CTX125243 explains all you need to know about installing and /or enabling WinRM.
The person viewing the reports needs to have some permission on the endpoint on which they are trying to view information. This can either be granted by giving the person viewing the report local Administrator rights on the endpoint, or by manually granting a user or group the permissions in WinRM (this is known as the Trusted Subsystem Model).
To use the Impersonation Model you need to run the following command on the XenApp or XenDesktop endpoint that the person will be viewing the WinRM stats on.
ConfigRemoteMgmt.exe /configwinrmuser <var>domain</var><var>name</var>
ConfigRemoteMgmt.exe can be found in the XenDesktop installation media under x86Virtual Desktop Agent and x64Virtual Desktop Agent folders and on the XenApp installation media in the tools folder.
To use the Trusted Subsystem Model change
Connector.WinRM.Identity = User
Connector.WinRM.Identity = Service
in the Desktop Director IIS Application settings.
This is contrary to Citrix's documentation which states the setting should be Service.Connector.WinRM.Identity = Service, which is incorrect (thanks to Ken for helping me get this working)
Remote Assistance can be configured as part of the Virtual Desktop Agent install but if you didn't do it at time of install you can configure it using the following GPO applied to your Desktops:
Computer Configuration-->Policies-->Administrative Templates-->System-->Remote Assistance
If you do not configure one of these, you will get the message "Failed to initiate Remote Assistance" in the Desktop Director console when you try to shadow.
One last thing to note is that if you delegate rights to your helpdesk staff in XenDesktop and you give them the Helpdesk role, when they log into Desktop Director they will not be able to see the Dashboard.
Instead of seeing this screen, they will just get a search box.
If you want to enable the Dashboard for Helpdesk role, run the following PowerShell command on your XenDesktop Controllers:
To allow non-administrators to reset XenDesktop Personal vDisks you need to create an registry key on your XenDesktop Virtual Desktop Agents. Do this in your gold image(s) if you are using Machine Creation Services or Provisioning Services, otherwise you will have to deploy it to all VDAs using some other method.
The registry key is HKEY_LOCAL_MACHINESoftwareCitrixpersonal vDiskConfigPvDResetUserGroup (REG_SZ)
Populate this registry key with the AD group that you want to grant reset Personal vDisk permissions.