XenApp slow logon troubleshooting and optimisation


I have spent about 3 days trying to troubleshoot a customer’s XenApp slow logon so I thought I would document what I went through. In the end I got the launch time of notepad down to about 18 seconds for a XenApp 6 server with 2 CPUs, 4 GB RAM, virtualised on vShere 5

Step 1: Service Packs and Hotfixes

First of all I would check that you are up to date on OS and XenApp hotfixes.

See Citrix’s guide to recommended hotfixes for XenApp 6 and Windows 2008 R2

CTX129229

Use Thomas Koetzing’s Update Script to download and install XenApp hotfixes.

Also check if you have these Microsoft Hotfixes installed.

KB973772

KB977346

KB2409711

KB977346

At time of writing Citrix are working on a hotfix to resolve an issue whereby CitrixCseEngine.exe causes a 50% CPU spike at logon. CitrixCseEngine is the Citrix group policy engine responsible for processing Citrix Policies held in Active Directory Group Policy Objects.

This hotfix will get rid of one of the CPU spikes; the other is just down to the normal processing of the logon.

There is also a hotfix for a known issue of XenApp slow logons when using Read-Only Domain Controllers. See CTX133873 for details.

Once you have all hotfixes up to date move onto the next step.

Step 2: Optimisation

I start off by putting in place all the best practise recommendations and then, if the logon is still slow, move onto troubleshooting further. You may not want to do it like this or you may not be able to, therefore move onto Step 3.

Citrix have a very good PDF called  "Optimization Guide: User Logon" which will help you understand the logon process, where delays can occur, and how to tackle them. It's a very good place to start.

Some people also have a Windows Security Dialog box that pops up with a disclaimer at logon. This should be disabled for published applications as it slows down the logon due to the fact the user has to click on it before the app will continue to launch.

You can either display it on the users Windows Client OS or on your XenApp Published Desktop servers when the user log on for the first time, on your Access Gateway before they log on remotely, or if you have thin clients, many of them allow you to display a disclaimer to the user before launching a published application or desktop.

In a GPO applied to your Workstations or XenApp Desktop servers

Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesSecurity Options Interactive logon: Message text for users attempting to log on

Computer ConfigurationPoliciesWindows SettingsSecurity SettingsLocal PoliciesSecurity Options Interactive logon: Message title for users attempting to log on

Incidentally, if you have a higher up GPO which is configuring the logon message and you want to block it on your XenApp servers you can do this by ticking Define this policy setting in the template and not entering any text as per the screenshot below.

 

Step 3: Troubleshooting

Environment Debug Logging has been removed in Windows 2008, it is still possible to turn it on some Group Policy debug logging. This blog post explains how. It will give you a log with timings that should indicate where a delay is occurring in the Group Policy processing. This report is useful if you don’t have Edgesight but the Edgesight report which Citrix mention in their optimisation guide gives much better information in my opinion.

There is a very useful free tool called Policy Reporter which formats the Userenv.log into a much more easily readable format. You can download the tool from the SysPro website

If you’ve got this far and still not seeing much improvement or not found out where your delay is then you have to do some good old fashioned hard work. Get a stop watch or timer and a published app; notepad.exe is good as it is quick to launch once logon has occurred so won’t skew your logon timings.

Disable one thing at a time and then see how much quicker the logon is afterwards. Remember to work methodologically and record the results in a spread sheet otherwise you will lose track of what you’re doing.

Taking a leaf from Citrix's "Optimization Guide: User Logon"

I would try:

  • Removing or blocking as many GPOs as possible.
  • Removing or disabling your logon script. Also check no one has snuck anything into usrlogon.cmd on the XenApp server
  • Disable Citrix Client Drive Mapping
  • Disable Citrix Client Printer Mapping
  • Disable Roaming Profiles
  • Check there are no dodgy entries in DNS or in your hosts file on the XenApp server

Microsoft also have a good article called Root Cause for Slow Boots and Logons