Unidesk 3.4.4 for Hyper-V · CachePoint Appliance and Layer storage tier: This tier includes the...
Transcript of Unidesk 3.4.4 for Hyper-V · CachePoint Appliance and Layer storage tier: This tier includes the...
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.1https://docs.citrix.com
Unidesk 3.4.4 for Hyper-V
Sep 08 , 2017
This pdf file includes the Unidesk 3.4.4 documentation. You can save a local copy of this file and use it offline.
Use the built-in Search and Bookmark features to find what you need. Avoid using the links in this file, as they refer back to the landing page.
Plan
Unidesk infrastructure
Unidesk appliances and disks
Unidesk 3.4 for Hyper-V platform support
Unidesk Layer storage
Deploy
About this release
Unidesk appliances
OS Layer
Create Unidesk Collect ions
Collect ions for Desktops
Collect ions for Session Hosts
Desktops and Session Hosts
Applicat ion Layers
Administer
Unidesk Management Console
Unidesk Layers
Desktops, Session Hosts, and Collect ions
Hosts and appliances
Appliance health
Brokers
Users
Troubleshoot
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.2https://docs.citrix.com
Plan
Jun 28 , 2017
Unidesk infrastructure
Unidesk appliances and disks
Unidesk 3.4 for Hyper-V platform
support Unidesk Layer storage
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.3https://docs.citrix.com
Unidesk infrastructure
Jun 28 , 2017
The Unidesk solution provides simplified management, significant storage efficiency, performance, operational agility, and
persistent personalization or customization of Unidesk Machines (Desktops or Session Hosts). The Unidesk environment
includes a collection of virtual appliances that run on your existing virtual infrastructure. These appliances work together to
dynamically composite Unidesk Machines that look and feel just like ordinary virtual machines.
The following diagram shows the logical infrastructure of the Unidesk environment. The Unidesk environment is a grid of
virtual appliances that replicate the operating system, application, and user workspace layers across an enterprise network.
This environment uses the Unidesk Composite Virtualization™ technology to synthesize the Layers into complete,
personalized Unidesk Machines.
For the latest information about what platforms Unidesk supports, see Platform Support.
Unidesk Layers
A Unidesk Machine is a composite of Layers that provide the operating system, applications, and user data. Unidesk stores
all layers as Hyper-V Virtual Hard Disk (VHDX) files in the Windows server file system. Unidesk uses the following types of
layers to create a virtual machine:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.4https://docs.citrix.com
Layer Description
Operating
SystemAn Operating System Layer contains an imported copy of the operating system from a gold image.
Application An Application Layer contains one or more applications that you assign to a Unidesk Machine.
Personalization
A Layer that behaves similarly to an Application Layer. This Layer collects all of the user's changes to a Unidesk
Machine and persists those changes through restarts of the virtual machine, and changes to Application Layer and
Operating System Layer changes.
The Unidesk software creates this Layer when you create a Unidesk Machine.
Unidesk storage tiers
Unidesk stores content in tiers.
Tier Description
Boot
The Boot tier contains boot images and page files for your Unidesk Machines (Desktops or Session Hosts). The boot
image serves as the kernel for this virtual machine. Once a boot image exists for a particular machine, this tier retains the
image as a VHDX file. If a particular Unidesk Machine becomes corrupted or lost, Unidesk can simply recreate the boot
image for that machine.
The performance of this tier can affect the performance of Unidesk Machines.
CachePoint®
and Layers
he CachePoint and Layers tier contains the CachePoint Appliances as well as Operating System, Application, and
Personalization Layers for your Unidesk Machines. Each Layer exists as a discrete VHDX file. A boot image created from
the Boot tier draws Layers from this tier to finish creating a Unidesk Machine. The majority of Input/Output activities take
place on this tier.
The performance of this tier can affect the performance of Unidesk Machines.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.5https://docs.citrix.com
Unidesk appliances and disks
Jun 28 , 2017
The Unidesk appliances include software for managing the Unidesk environment, master copies of all Layers, and the
configuration data for your Unidesk Machines (Desktops or Session Hosts).
Management Appliance
The Management Appliance is a virtual appliance that coordinates the communication between the Unidesk Management
Console, the CachePoint® Appliances, and the virtual infrastructure. The Management Appliance includes these
components.
Component Description
Unidesk Management
Console
The Web-based application that administrators use to manage the following components:
Unidesk Machines
Operating System Layers
Application Layers
Directory service integration points
The Unidesk infrastructure
Management
infrastructure
The software that controls the workflow required to manage virtual machines. It includes a database that
stores the following information:
Data about all of the Operating System and Application Layers that exist in the system.
All data from the Unidesk Management Console.
Schemas that implement back-end storage in the virtual infrastructure.
Master CachePoint Appliance
The first CachePoint Appliance that you provision in the Unidesk environment becomes the Master CachePoint Appliance.
This virtual appliance maintains the master copy of all of the Operating System and Application Layers in the Unidesk
environment. The Master CachePoint Appliance stores the Layers as VHDX files.
The Master CachePoint Appliance automatically replicates Operating System and Application Layers to secondary
CachePoint Appliances that manage Unidesk Machines (Desktops or Session Hosts) that use these Layers. Layer replication
to secondary CachePoint Appliances occurs only if one or more Unidesk Machines associated with a specific CachePoint
Appliance needs the Layers.
The Master CachePoint Appliance also manages the Installation Machines that you use to create and modify Operating
System and Application Layers. An Installation Machine is a special type of Unidesk Machine that you use as a staging area
for creating Application Layers or add versions to existing Operating System and Application Layers. The Master CachePoint
Appliance stores the VHDX files for Installation Machines.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.6https://docs.citrix.com
Secondary CachePoint Appliance(s)
The Secondary CachePoint Appliances are responsible for:
The initial deployment of Unidesk Machines.
Deployment of Unidesk Machine configuration changes.
CachePoint Appliances maintain copies of the Layers that the Unidesk Machines need in their configured storage tiers.
They also store the VHDX files associated with the Unidesk Machines deployed in the same storage tiers. All Unidesk
Machines associated with a specific CachePoint Appliance share the same Layers.
The CachePoint file system
Each CachePoint Appliance (including the Master CachePoint Appliance) creates a folder in the selected CachePoint
storage location. That folder, which will have the same name as your CachePoint, contains the CachePoint virtual machine
and the Unidesk Layers folder.
The Unidesk Layers folder has subfolders for the Operating System Layer(s), Application Layers, and User (Personalization)
Layers for the Unidesk Machines that the CachePoint Appliance manages. Here’s a screen shot of a typical CachePoint file
system after creating an Operating System Layer (OS folder), an Application Layer (App folder), and a Desktop (User folder).
For each Desktop or Session Host, the User folder contains two VHDX files, which together make up the user's
Personalization Layer:
One for the Desktop or Session Host configuration data, for example, data for user-installed application and system
settings.
One for the user data.
The CachePoint Appliances and Unidesk Machines (Desktops or Session Hosts) operation
As long as one of the servers in a cluster has an active CachePoint Appliance on storage accessible by the whole cluster,
you can create Desktops on the other servers in the cluster. And, because the Unidesk Machine connects directly to its
Layers, the state of the CachePoint Appliance has no effect on Unidesk Machine operation. For example, you can shut
down a CachePoint Appliance without affecting active users.
To your users, Unidesk Machines appear as standard computers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.7https://docs.citrix.com
Unidesk 3.4 for Hyper-V platform support
Jun 28 , 2017
Unidesk 3.4 for Hyper-V supports the following third-party software.
Infrastructure software
Unidesk supports the following virtual infrastructure software, US-English language pack only. For the best Unidesk
experience, we recommend running the first of these configurations.
Microsoft Windows Server 2012 R2 (Standard, Datacenter) with Hyper-V role and the Remote Desktop Connection
Broker (RDCB) service enabled in the Remote Desktop Services (RDS) role
Microsoft Windows Server 2012 R2 (Standard, Datacenter) with the Hyper-V role installed
Microsoft Hyper-V Server 2012 R2 (This server does not include a graphical user interface)
Unsupported features
The "Move the virtual machine's storage" option in the Move Wizard of the Hyper-V Manager
The "Migrate Storage" option in the System Center Virtual Machine Manager (SCVMM)
Internet browser
The Unidesk Management Console (UMC) supports any standards-based browser that supports Silverlight 4.0.
Desktop operating system
Unidesk Desktops support these operating systems as Generation 1 virtual machines:
Microsoft Windows 10 64-bit (Professional, Enterprise, Education)
Windows Server 2012 R2 64-bit (Datacenter, Standard)
Microsoft Windows 8.1 Update, 64-bit (Professional, Enterprise)
Microsoft Windows 7 SP1, 64-bit (Professional, Ultimate, Enterprise)
Session host operating system
Unidesk Session Hosts support these operating systems as Generation 1 virtual machines:
Windows Server 2012 R2 64-bit (Datacenter, Standard)
Windows Server 2008 R2 64-bit (Standard, Enterprise and Datacenter)
NoteWindows Server 2008 is supported on Unidesk Session Hosts, not on Unidesk Desktops.
Directory service
Microsoft Active Directory
Virtualization connection brokers for Unidesk Desktops
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.8https://docs.citrix.com
The following brokers are directly integrated with Unidesk:
Remote Desktop Connection Broker (RDCB) (See Infrastructure software above.)
Citrix XenDesktop 7.6
Virtualization connection brokers for Unidesk Session Hosts
Remote Desktop Connection Broker (RDCB) (See Infrastructure software above.)
Citrix XenApp 7.6
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.9https://docs.citrix.com
Unidesk Layer storage
Jun 28 , 2017
Unidesk Application and Operating System Layers are stored as separate differencing disks on parent VHDX files in the
Windows server file system. Unidesk Machines (Desktops or Session Hosts) mount these differencing disks directly from the
file system in a many-to-one fashion.
Master CachePoint Appliance
The following image shows the file structure of a Master CachePoint Appliance on the disk. Note the folders for the
Application (App) Layers, Operating System (OS) Layer(s), and Users' Personalization Layers.
Each deployed Unidesk Machine also has a folder with files, which includes the VM’s XML files, boot drive VMHD, and a
differencing disk for each Layer attached to the machine. This file structure provides a great deal of information. For
example it is easy to determine the space used by a particular layer.
Each Unidesk Layer version starts as a full clone of the previous Layer. Changes are made to the Layer and saved. This
means that versions are normally larger than the base Layer.
Unidesk storage tiers
Boot drives T ier: This tier includes just the f iles required to boot the Unidesk Machine. Use any type of storage for this
tier, as speed is not an issue.
CachePoint Appliance and Layer storage tier: This tier includes the Operating System Layer(s) and Application Layers that
you can assign to your Unidesk Machines (Desktops or Session Hosts). It also includes a Personalization Layer for every
Persistent Unidesk Machine. This tier should be kept on fast storage devices.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.10https://docs.citrix.com
Deploy
Jun 28 , 2017
About this release
Unidesk appliances
OS Layer
Create Unidesk Collections
Collections for Desktops
Collections for Session Hosts
Desktops and Session Hosts
Application Layers
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.11https://docs.citrix.com
About this release
Sep 08 , 2017
This Unidesk release provides you with Unidesk's VDI Management product in a Microsoft Hyper-V environment.
Unidesk 3.4.4 Release Notes
Unidesk 3.4.4 Platform Support
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.12https://docs.citrix.com
Unidesk 3.4 Release Notes
Sep 21, 2017
Welcome to Unidesk 3.4.4 for Hyper-V!
This release provides more stability for your Windows 10 Layered Desktops. Several issues have been f ixed, as described
below under Issues f ixed.
Links in the UI now bring you to the Unidesk documentation on the new Citrix site.
Issues fixed in this release
Unattend and Optimizer f iles no longer f lagged by some virus scanners. The Unattend.exe and Optimize.exe f iles
are now only delivered as .hta f ile types, because the .exe f iles were getting f lagged by some virus scanners. To use these
.hta f iles, execute them from an admin cmd prompt.
The Off iceActivate.cmd script has been modif ied to reorder how the script executes.
After you resolve bad WPA keys, af fected desktops now start and Windows is successfully activated. This is
because the Software Protection service (SPPsvc) now starts as expected. Affected desktops need to be republishedafter upgrading to the 3.4.4 release. (UNI-58506)
On Windows 10 LTSB installation machines, WindowsTrustedRT.sys driver is present and no longer containsa crit ical error.
Newly created desktops that use OS Windows 10 version 1607 no longer have broken Metro Apps.
Upgrading f rom Win10 version 1511 to version 1607 no longer results in broken tiles or Store apps.
You can now turn off Windows 10 Store downloads and updates without issue.
After upgrading f rom Windows 10, version 1511 to version 1607, you can f inalize the OS layer as expected.You no longer receive the message, "An .msi install operation is in progress – please check the packaging machine."
Microsoft Hot f ix KB3063109 no longer causes driver store problems for new desktops. When you install this hot
fix on an OS layer version, desktops that use this layer now function without driver store problems.
Installing Unidesk
You can download the Unidesk 3.4 package from our download page for the Hyper-V environment.
Platform Support
For details about supported server software, desktop operating systems, and directory services, see the Unidesk 3.x for
Hyper-V Platform Support.
Considerations
Clusters and load balancing. Virtual machine load balancing is done outside of Unidesk. In a Hyper-V role, you can set
up Desktops to f loat between hosts. Please note however, that you should not configure Unidesk Appliances to f loat
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.13https://docs.citrix.com
between hosts. When you set up Clusters in your Hyper-V environment you must use Cluster Shared Volumes (CSV). For
details about how to achieve load balancing in this release, click here.
Microsoft RemoteFX 3D Video Adapter. You must turn on this feature using the settings in Hyper-V manager in either
your gold image or in the user's vm. Please be sure to restart the gold vm so this setting can take effect.
Known issues in this release
Windows 10 upgrade
Compatibility of Unidesk software with Windows 10 1703 Creators Edition is being tested, and what appearto be compatibility issues have been found. Using the WIndows 10 1703 Creators Edition at this time.
If you want to upgrade to Windows 10, version 1607 (Anniversary Update edition), you must do this one-timestep. After upgrading to this Windows 10 version, you must add a new Layer Version to each App Layer, and republish
the updated Image Template with the new OS and App Layer Versions. (UNI-54892).
After a Windows 10 upgrade, you must allow all scheduled tasks to f inish. After a Windows 10 upgrade, for
example after upgrading from 1511 to 1607, you must allow any scheduled system tasks to complete. This allows
existing desktops to gather the networking information required to ensure that the change in the OS Layer Version
does not loose the network. Simply let the virtual machines f inish their task or edit them immediately to ensure that they
are completed before you upgrade your OS Layer to Windows 10 1607 and assign it to desktops.
Windows updates may cause issues on persistent desktops. If Windows updates are causing issues on persistent
desktops in your environment, disable Windows Updates via a local GPO.
Win 10 upgrade may result in new Recovery Volume partit ion. During a major upgrade, for example when upgrading
from 1511 to 1607, Windows 10 sometimes creates a Recovery Volume as a new partition on the same disk as the OS
Layer Version. This volume should always be removed before you f inalize the OS Layer Version. Otherwise, the recovery
volume can cause desktops to fail to boot correctly. For the steps to safely remove a recovery volume, click here.
General
The f irst Desktop that you create in a Collection can fail. If the f irst Desktop that you create in a Collection fails
with the error "Broker error: One of the specif ied user groups, group-name, could not be mapped to a valid SID," the
Active Directory group may have been created pre-Windows 2000, so it doesn't match the group name in RDS. For
details about how to diagnose and f ix this problem, click here. (UNI-30270)
When editing a large number of desktops, a single desktop cannot be viewed in the visualization panel. If you
select a large number of Desktops for editing, performance is slow when you attempt to select a single desktop in the
visualization panel. (UNI-37936)
Remote Desktop Services not refreshing the Desktop. In approximately 5-10% of the cases per 300 desktops on a
single host, RDS does not detect that a user has logged out and consequently does not refresh the Desktop. (UNI-
35626)
Conf iguring the Citrix Xen Delivery Groups Access Policy. Once you integrate with XenDesktop and create Unidesk
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.14https://docs.citrix.com
Collections and Desktops, you will receive an error message if you attempt to edit the Access Policy directly in Citrix
Studio. To make any changes to Group Access Policy, use the Unidesk Management Console to edit the Collection
Entitlements. (UNI-31613)
RDS Remote App collections become unusable if Session Hosts are deleted f rom the Unidesk Management.Console. If Session Hosts that were manually added to RDS RemoteApp programs are deleted from the Unidesk
Management Console, then the entire collection becomes unusable in RDS. The workaround is to delete the servers
from the RemoteApp session collection on RDS Connection Brokers f irst before deleting them from the Unidesk
Management Console. (UNI-35810)
RDS User prof ile disks not supported. RDS User profile disks are not supported, but Unidesk is compatible with profile
management tools, such as roaming profiles and folder redirection, that you can use to give Non-persistent Desktops
some personalization. (UNI-29231)
A Desktop may end up in an Active or Disconnected state after a user or Hyper-V administrator shuts down,restarts, or powers off the Desktop. If a user issues a restart or shutdown from their Desktop, the RD Connection
Broker may not recognize the event. A restart of the Desktop via the Unidesk Management Console will clear the issue
and allow the Desktop to be accessed through RDS. (UNI-30191)
Setting up deduplication on any storage accessed by Unidesk is not supported. Running a deduplication process
on a storage accessed by Unidesk can produce an error message that reads, "Access to the path... is denied." (UNI-38062)
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.15https://docs.citrix.com
Unidesk 3.4 Platform Support
Jun 28 , 2017
Unidesk 3.4 for Hyper-V supports the following third-party software.
Infrastructure software
Unidesk supports the following virtual infrastructure software, US-English language pack only. For the best Unidesk
experience, we recommend running the first of these configurations.
Microsoft Windows Server 2012 R2 (Standard, Datacenter) with Hyper-V role and the Remote Desktop Connection
Broker (RDCB) service enabled in the Remote Desktop Services (RDS) role
Microsoft Windows Server 2012 R2 (Standard, Datacenter) with the Hyper-V role installed
Microsoft Hyper-V Server 2012 R2 (This server does not include a graphical user interface)
Unsupported features
The "Move the virtual machine's storage" option in the Move Wizard of the Hyper-V Manager
The "Migrate Storage" option in the System Center Virtual Machine Manager (SCVMM)
Internet browser
The Unidesk Management Console (UMC) supports any standards-based browser that supports Silverlight 4.0.
Desktop operating system
Unidesk Desktops support these operating systems as Generation 1 virtual machines:
Microsoft Windows 10 64-bit (Professional, Enterprise, Education)
Windows Server 2012 R2 64-bit (Datacenter, Standard)
Microsoft Windows 8.1 Update, 64-bit (Professional, Enterprise)
Microsoft Windows 7 SP1, 64-bit (Professional, Ultimate, Enterprise)
Session Host Operating System
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.16https://docs.citrix.com
Unidesk Session Hosts support these operating systems as Generation 1 virtual machines:
Windows Server 2012 R2 64-bit (Datacenter, Standard)
Windows Server 2008 R2 64-bit (Standard, Enterprise and Datacenter)
Note: Windows Server 2008 is supported on Unidesk Session Hosts, not on Unidesk Desktops.
Directory service
Microsoft Active Directory
Virtualization connection brokers for UnideskDesktops
The following brokers are directly integrated with Unidesk:
Remote Desktop Connection Broker (RDCB) (See Infrastructure software above.)
Citrix XenDesktop 7.6
Virtualization connection brokers for Unidesk SessionHosts
Remote Desktop Connection Broker (RDCB) (See Infrastructure software above.)
Citrix XenApp 7.6
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.17https://docs.citrix.com
Unidesk appliances
Jun 28 , 2017
You can get started with your Unidesk deployment by installing the Unidesk Management Appliance and Master
CachePoint Appliance.
What you need to deploy Unidesk for Hyper-V
You can use this checklist as a reference when setting up your environment.
Checklist: What you need
Install Unidesk appliances
Refer to these detailed steps while running the installer.
Install Unidesk appliances
Create Secondary CachePoint Appliances
Create additional CachePoints to manage Unidesk Machines (Desktops or Session Hosts)
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.18https://docs.citrix.com
What you need to deploy Unidesk in a Hyper-Venvironment
Jun 28 , 2017
Whether you are setting up a Proof of Concept (POC) or deploying a pilot (production) version, you'll need to meet some
basic requirements.
Basic Requirements
To get started with Unidesk, you'll need these hardware and software basics:
Unidesk-supported Windows Server with specif ic roles enabled (see details below)
500+ GB of storage
Unidesk-supported Operating System for your Desktops or Session Hosts
A single network time source for your Desktops, Session Hosts, and Appliances
Detailed Requirements
A POC requires much of the same software, accounts, and credentials as a full pilot deployment. However, for a full pilot,
you'll need more servers, storage, and network addresses.
Server requirements
Servers POC Pilot
Unidesk-supported Windows Server Microsoft Windows Server 2012 R2 (Standard, Datacenter) with Hyper-V role and the Remote
Desktop Connection Broker (RDCB) service enabled in the Remote Desktop Services (RDS) role
Microsoft Windows Server 2012 R2 (Standard, Datacenter) with the Hyper-V role installed
Microsoft Hyper-V Server 2012 R2 (This server does not include a graphical user interface)
Xs Xs
Roles conf igurer Hyper-V Virtualization Host role
RD Connection Broker role
RD Web Access role
Xs Xs
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.19https://docs.citrix.com
RD Licensing role (even if it is in trial mode)
Other requirements for the serverThe .NET Framework 4.5 Features selected on the server.
Two DNS servers are required when installing the Management Appliance.
The operating system (gold image) for your Desktops or Session Hosts available on the server.
(You will prepare this OS for the Unidesk environment when creating the Operating System
Layer.)
Xs Xs
Credentials requiredYou need the credentials for the server Administrator. You can either log in as Administrator or as
a User with Administrator privileges.
Xs Xs
Port opened by the Unidesk InstallerThe Unidesk Installer opens a port on the local server's f irewall for the TCP protocol. This port is
used for communications between the Hyper-V Agent service and the Unidesk Appliances. By
default this is port 8014, but you can change the port number during installation.
Xs Xs
Register the Hyper-V server with DNSYou must register the Hyper-V server with DNS so that the Management Appliance can
communicate with it.
Xs Xs
Requirements for running the Unidesk Management Console·A standards-based browser on the Management Appliance that supports Silverlight 4.0.
Xs Xs
Network setup
Routing, DHCP, DNS and IP addresses POC Pilot
BasicsThe network must be able to route between server and Desktop vLAN
2 IP addresses required: One address for the Management Appliance, and one for the Master
CachePoint Appliance
vLAN with DHCP for Desktops
DNS entries for appliances
Xs Xs
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.20https://docs.citrix.com
Additional Additional IP addresses for the number of Secondary CachePoint Appliances you need to
support the number of virtual Desktops planned.
Xs
Active Directory
AD accounts POC Pilot
Single service account or multiple accounts
An account that can join computers to the domain/OU
An account that can read from Active Directory
If using Citrix XenDesktop, an account that is both:
Local administrator on the DDC
XenDesktop administrator
Xs Xs
Storage
Drives required POC Pilot
Type of drivesSupported drive types: Fixed disks, Network (cluster shared volumes).
Unsupported drive types: CD-ROM, Removable, RAM, NoRootDirectory, and Unknown.
Xs Xs
Minimum amount of disk space500+ GB of storage - Assuming 5 - 10 Desktops with average Personalization Layer size of 10 GB
Xs
Desktop and Session Host Operating System
Supported Windows versions POC Pilot
Desktop Operating System
Unidesk Desktops support these operating systems as Generation 1 virtual machines:
Microsoft Windows 10 64-bit (Professional, Enterprise, Education)
Windows Server 2012 R2 64-bit (Datacenter, Standard)
Xs Xs
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.21https://docs.citrix.com
Microsoft Windows 8.1 Update, 64-bit (Professional, Enterprise)
Microsoft Windows 7 SP1, 64-bit (Professional, Ultimate, Enterprise)
Session Host Operating System
Unidesk Session Hosts support these operating systems as Generation 1 virtual machines:
Windows Server 2012 R2 64-bit (Datacenter, Standard)
Windows Server 2008 R2 64-bit (Standard, Enterprise and Datacenter)
Note: Windows Server 2008 is supported on Unidesk Session Hosts, not on Unidesk Desktops.
Implementation Notes:Install Operating System from ISO (do not reuse an existing copy)
If Windows 7, install Microsoft Integration Services
Do not join the domain with the gold image
Do not run optimization tools from outside utilities
Xs Xs
Connection Broker (for full Desktop broker integration)
If you are using one of the supported desktop integration brokers for full broker integration, you'll need the software and
associated requirements shown below.
Supported brokers POC Pilot
Citrix XenDesktopAn account that is both a local administrator on the DDC and a XenDesktop administrator
DDC FQDN
Xs Xs
Microsoft Remote Desktop Connection Broker (RDCB) Xs Xs
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.22https://docs.citrix.com
Install Unidesk appliances
Oct 03, 2017
In the first stages of the Unidesk installation process, you:
Install Unidesk Hyper-V Agent
Deploy the Unidesk Management Appliance
Copy the Unidesk CachePoint Template to the same location as the Management Appliance
Manually deploy the Master CachePoint Appliance in two steps:
Configure the CachePoint Template
Configure the Master CachePoint settings
Before you start
Whether you are deploying a proof of concept (POC), or a production pilot, be sure to meet the requirements detailed here.
Deploy the Unidesk Appliances
Download the Unidesk Installation package
Download the Unidesk ZIP file from the Unidesk Support Download Center onto one of the local drives on your Server.
Deploy the Unidesk Management Appliance (MA)
This procedure installs the Unidesk Hyper-V Agent, and then the Management Appliance on your Hyper-V Server. It also
copies the CachePoint Appliance Template onto your Hyper-V Server as the first step in deploying your Unidesk Master
CachePoint Appliance (MCP):
1. Unzip the Unidesk for Hyper-V installation package. This contains the Unidesk Installer ZIP and other f iles.
2. Extract the installer Zip f ile to a folder on your local drive.
3. Double-click the Unidesk installer f ile (UnideskInstaller.exe). The Unidesk End User License Agreement is displayed.
4. Read the End User License agreement, and if you agree to the terms, check I Agree, and then click Accept . A window for
installing the Unidesk Hyper-V Agent appears.
5. Note the Current version of the Hyper-V Agent (if any). If the agent is not yet installed, click Install or Upgrade if a
newer version exists. Once the Hyper-V Agent installation is complete, a window for installing the Unidesk Management
Appliance appears.
6. Specify the following settings for the Management Appliance, and click Install. This deploys the Management Appliance,
copies the CachePoint Template to the same location, and opens the Next Steps window.
Name A unique name for the Management Appliance.
LocationBrowse for a folder on the local server for the Management Appliance VM and CachePoint
Template.
Virtual SwitchSpecify the virtual network to use for the Management Appliance and Master CachePoint
Appliance.
Time Zone The international T ime Zone for the MA.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.23https://docs.citrix.com
NTP Server 1
and 2The Network Time Protocol servers used to synchronize the time on the server. The URLs for
recommended NTP servers are included.
IP Configuration
Type of IP address, Dynamic (DHCP) or Static. It is strongly recommended that you use a Static IP
address for your Management Appliance, and Dynamic IP addresses for your CachePoint
Appliances.
If you must use a DHCP address for the Management Appliance, you'll need to set a Static
MAC address for it. Refer to this article about how to set the Static MAC address:
Microsoft Hyper-V Static MAC Address
VLAN TagThe VLAN tag inserted into packet headers, indicating which logical network to use for this virtual
machine.
7. When the Next Steps window opens, note the CachePoint Template path, so you can use this location to configure
the CachePoint in the Management Appliance.
8. Click the Management Console link to open the Unidesk Management Console (UMC). Login using "administrator" and
the password "Unidesk1".
9. Dismiss the 1-2-3 message that appears, and change the UMC Administrator password.
10. Then, change the root password on the new Management Appliance and Master CachePoint Appliance. If you are
comfortable using Linux, use the Hyper-V console or SSH to log into the appliance as root (password v9Yx*6uj), and
enter Linux commands to change the root password.
If you are not familiar with the Linux commands for changing the root password, please contact the Unidesk Support
team, and they will either walk you through the steps or change it for you.
Next, you will configure the Master CachePoint Appliance, as described in the next section.
If the MA is deployed to a UNC, set up the CachePoint Appliance Template
When deploying a Management Appliance (MA) to a UNC path, the installer will attempt to configure the network storage
location to allow you to setup the CachePoint Appliance template. If this fails, take the following steps:
1. Log into the Unidesk Management Console.
2. Select System , and click Manage Network Storage on the Action bar. This opens the Manage Network Storage
wizard.
3. Click the New button, and enter the network share used to deploy the Management Appliance, where the entry is of
the form:
\\server\sharename
4. Click Add. By default, the new network share will be assigned to the Hyper-V host on which the Management Appliance
was deployed, as well as any other hosts known by the Management Appliance.
5. From the Confirm and Complete wizard tab, review the changes and, if correct, click Submit Network StorageChanges.
You should now be able to Edit the CachePoint Appliance Settings to browse to the location of the CachePoint template,
as displayed in the Unidesk Installer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.24https://docs.citrix.com
Configure the Master CachePoint Appliance
Once you've deployed the Management Appliance, you can configure the CachePoint Template and create your first
CachePoint Appliance, which will be your Master CachePoint Appliance.
1. In the Unidesk Management Console, select System > Settings and Conf iguration.
2. Click Edit next to the CachePoint Settings.
3. Browse for the CachePoint Template (the path you noted in Step #6 above), and click Save. Now you can create your
first CachePoint.
4. Select System > Manage Appliances, and click Create CachePoint .
5. Enter a name for the CachePoint. If you are not planning to create a secondary CachePoint Appliance, make sure that
Allow new machines to be deployed to this CachePoint is checked.
6. On the Storage Tiers tab, select a location on the server for the Boot Images, and for the Master CachePoint Appliance
and Layers.
7. On the Virtual Switch tab, select the type of virtual switch (Network). Specify the VLAN Tag, if needed, and the
IP configuration settings for the CachePoint Appliance. For the IP Configuration, choose DHCP if using a dynamic IP
address, or Static if using a Static IP address. If Static, enter the additional values required.
8. On the Confirm and Complete tab, verify that the settings are correct, and click Create CachePoint . This deploys the
Master CachePoint Appliance.
9. Then, change the root password on the new Master CachePoint Appliance. If you are comfortable using Linux, use the
Hyper-V console or SSH to log into the appliance as root (password v9Yx*6uj), and enter Linux commands to change the
root password.
If you are not familiar with the Linux commands for changing the root password, please contact the Unidesk Support
team, and they will either walk you through the steps or change it for you.
Refresh the Unidesk Management Console and deploy Unidesk machines
Once you've deployed the appliances, you need to refresh the Unidesk Management Console , and follow the steps to:
Create your Operating System Layer
Create Collections
Create a Unidesk Machine (either a Desktop or Session Host)
To get started:
1. Refresh the Unidesk Management Console by logging out and logging back in again. A window pops up over the
Management Console with the three steps required to deploy your Unidesk machines.
2. Click each of the step icons for instructions. Once you've created a Unidesk Machine, this window will no longer appear
when you start the Management Console.
Configure email notifications
Types of email notifications you can set
You can configure email notifications to inform you in case there are issues with services running on your CachePoint
Appliances.
Events that can trigger an email notice
When you configure email notifications, you will receive an email for any of the following events:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.25https://docs.citrix.com
Tests of the email notif ication connection.
An internal failure occurs on a CachePoint Appliance that requires an automatic restart.
Log f iles are exported.
Connection issues between Desktops or Session Hosts and CachePoint Appliances occur.
Types of email notifications
Emailnotif ication
Description
CachePointservicefailures
The Management Appliance sends an email message to the designated addresses when an internal
service failure occurs and the affected CachePoint Appliance tries to restart the service or the
CachePoint Appliance.
Exportinglog f iles
When you export logs for Desktops or the virtual appliances, the software sends the specified recipients
an email notification that includes a link to the log files. For details, click here.
Connectionissues
If a Desktop or Session Host loses its connection to its assigned CachePoint Appliance, the Desktop or
Session Host contacts the Management Appliance to either obtain a new IP address for the
CachePoint Appliance or to confirm that it has the correct IP address.
If the Desktop or Session Host has the correct address but cannot communicate with its CachePoint
Appliance, the Management Appliance sends an email notification the first time it tries to communicate
with the CachePoint Appliance.
When you receive this message, verify that the CachePoint Appliance is operational and available on the
network.
Configure email notifications
To set up email notifications
1. Select System > Settings and Configuration.
2. Navigate to Notifications Settings and click Edit.
3. In the Mail Server box, enter the name of your email server or the name of the SMTP relay server.
4. In the Mail Server port, enter the number of the port that the email server uses for communication.
5. In the User Name box, enter the user name for the email account you want to use for sending notifications. For
example, [email protected].
6. In the Password box, enter the password for the email account.
7. In the From box, enter an email address to identify the source of the email message. For example, if you enter
[email protected], the email message displays the following in the From box of the received notification:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.26https://docs.citrix.com
Unidesk Management Appliance [[email protected]]
8. In the Recipient List box, enter the email addresses that should receive notifications. Use a comma or semicolon to
separate the email addresses.
9. Click Test Email Configuration to verify that the settings for the email server and account work correctly. If the test
succeeds, the software displays a success message and sends the recipients a confirmation email.
10. Enter a comment, if necessary, and click Save to save the email settings. If you enter comments, they appear in the
Information view Audit History.
Secure the appliances
Make sure you've changed the Administrator and root passwords for each appliance
Make sure you have changed the default Administrator password for the Management Appliance and Master CachePoint
Appliances as described in Deploy the Unidesk Management Appliance (MA) and Configure the Master CachePoint
Appliance above.
You must also be sure to change the root password on each of the appliances, as described above. If you are not familiar
with the Linux commands to change this password, please contact Unidesk Support for assistance.
Set a session timeout for the UMC
You can set a timeout for the Unidesk Management Console, so that if there is no user-initiated activity for a specified
length of time, the console ends the session.
Session activity includes user interaction with the console, for example, starting tasks and editing settings. Tasks in progress
will not keep a session from timing out, nor will simply selecting an object or clicking inside the console window.
If you have just installed Unidesk software, the Session Timeout is set to 15 minutes by default. If you have upgraded from
an earlier version of Unidesk, the Session Timeout will be set to zero (0) by default, effectively leaving this function turned
off.
To set a session timeout
1. Select System > Settings and Configuration.
2. Scroll to Security Settings.
3. Select Session Timeout, and click the Edit button.
4. Enter the number of minutes after which the session will timeout. Valid values include numbers from 0 - 10000. (A value
of 0 turns off this feature.)
5. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.27https://docs.citrix.com
Upgrade Unidesk
Oct 03, 2017
This release contains updates for the following components:
Unidesk Management Appliance
Unidesk Master CachePoint® Appliance and Secondary CachePoint Appliances
Unidesk Hyper-V Agent
Unidesk for Hyper-V Broker Agent
Unidesk® Gold Image Tools
Component upgrades
This upgrade supports moving from Unidesk 3.x for Hyper-V to the current release.
To see which Unidesk version is installed on each appliance, open the Unidesk Management Console, select System >Manage Appliances, and click the icon for each component to see the version.
Upgrade Steps
It 's important to upgrade the Unidesk components in the order shown here.
Upgrade Notes
The Unidesk Hyper-V Agent must be upgraded on all Hyper-V servers in your Unidesk environment, and you must do these
upgrades manually, as described in Step 2 below.
The Unidesk Broker Agent must be upgraded on all broker servers (the XenDesktop Delivery Controller or RD Connection
Broker server) in your Unidesk environment, and you must do these upgrades manually, as described in Step 3 below.
Some new Unidesk features will not be available until the CachePoint Appliances have all been upgraded.
Existing machines that had the Dynamic Memory option turned on before the upgrade process have that option turned
off after the upgrade.
STEP 1: Download the Unidesk Upgrade ZIP file
1. Download the Unidesk Upgrade ZIP from the Unidesk for Hyper-V Download Center, and unzip the f iles.
2. Check the Unidesk Management Console Taskbar for any pending Desktop configuration changes, and if there are any
waiting to be processed as part of a Maintenance Schedule, override the schedule, as follows:
1. Select the affected Desktops and choose Edit Desktops.
2. In the Maintenance Schedule tab, select As soon as possible.
3. Complete the wizard.
3. Copy the Unidesk for Hyper-V Upgrade ISO image to a directory on the Hyper-V server that hosts the Management
Appliance.
1. Copy the upgrade image (unidesk_hyperv_upgrade_3.x.x.iso) from the extracted upgrade package to a directory on
the Hyper-V server that hosts the Management Appliance .
2. Use Hyper-V Manager to connect the CD/DVD device to the Unidesk ISO upgrade image
(unidesk_hyperv_upgrade_3.x.x.iso.). You can do this by right-clicking the Management Appliance in the HyperV-
Manager that runs on the Hyper-V server itself, and choosing Settings. The CD/DVD device must be inserted into the
IDE Controller 1, Location 0.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.28https://docs.citrix.com
STEP 2: Upgrade the Unidesk Hyper-V Agent
On every Hyper-V server where you've installed the Hyper-V Agent, you must upgrade the Unidesk Hyper-V Agent. To do
this, you must be logged onto the Hyper-V Server with administrator privileges.
1. Log onto the Hyper-V Server with Administrator privileges.
2. Copy the Hyper-V Agent executable (unidesk_hyperv_agent_installer.exe) from the extracted upgrade package to a
directory on the Hyper-V server .
3. Run the Upgrade executable and click through the screens to accept the default settings.
4. Click Finish to exit the wizard.
5. Repeat these steps for all of the installed Unidesk Hyper-V agents.
STEP 3: Upgrade the Unidesk for Hyper-V Broker Agent
You must be logged onto the broker server (the XenDesktop Delivery Controller or RD Connection Broker server) with
administrator privileges.
1. Log onto the broker server (the XenDesktop Delivery Controller or RD Connection Broker server) with administrator
privileges.
2. Copy the Unidesk Hyper-V Broker Agent executable (unidesk_hyperv_broker_agent_installer_3.x.x.exe) from the
extracted upgrade package to a directory on the server .
3. Run the executable and click through the screens to accept the default settings. This upgrades the broker agent.
4. Click Finish to exit the wizard.
5. Repeat these steps for all of the installed Unidesk Hyper-V Broker agents.
STEP 4: Upgrade the Management Appliance
1. In the Unidesk Management Console, select System > Upgrade.
2. In the next Upgrade tab, the CachePoint Appliances will remain deselected.
3. In the Confirm and Complete tab, click Upgrade. The upgrade process closes the current Unidesk Management Console
session and starts upgrading the Management Appliance. During the upgrade, the process displays a status page.
IMPORTANT! Do not refresh the Web browser before the upgrade completes, or the status page closes and you
cannot navigate back to it.
4. After the Management Appliance upgrade completes, refresh the browser and log into the Unidesk Management
Console (UMC) again.
STEP 5: Upgrade the Master CachePoint Appliance and Secondary CachePointAppliances
This assumes you have upgraded the Unidesk Hyper-V Agent, Unidesk for Hyper-V Broker Agent, and Management
Appliance. You'll begin by upgrading the CachePoint Appliance Template, and then upgrade the Master CachePoint
Appliance itself.
1. Log into the Hyper-V server that hosts the Management Appliance, and delete the old CachePoint Appliance Template
(the one currently selected in the System Settings) from the previous version of Unidesk.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.29https://docs.citrix.com
2. Copy the new CachePoint Appliance Template (CachePoint_3.x.x.x.unitemplate) to the directory where the previous
version of the template is stored.
3. In the Unidesk Management Console select System > Settings and Configuration, and then edit the CachePoint
Settings. Select the template that you just imported and click Save. This ensures that new CachePoint Appliances use
the new template.
4. In the Unidesk Management Console, select System > Upgrade.
5. In the next Upgrade tab, select the Master CachePoint Appliance and any Secondary CachePoint Appliances.
6. In the Confirm and Complete tab, you can enter a comment that will appear in the Audit log, then click Upgrade.
7. Unmount the CD drive by editing the settings for the MA. Click the DVD drive under IDE 1 and select None.
Note: CachePoint Appliances that have not been upgraded will disregard any Dynamic Memory settings. After the
CachePoint has been upgraded, the next edit will apply the Dynamic Memory settings.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.30https://docs.citrix.com
Add Hyper-V hosts to the Unidesk environment
Jun 28 , 2017
You can add a Hyper-V host to the Unidesk environment, and then configure your CachePoint Appliances to use the new
host. If this is a new Unidesk deployment, follow the instructions for Installing Unidesk appliances.
Before you start
Unidesk requirements
Once you have the required hardware in place, please be sure to meet the following detailed requirements before running
the Unidesk Installer.
Windows Server 2012 R2 system (with Hyper-V Role enabled), or Hyper-V Server 2012 R2
The .NET Framework 4.5 Features selected on the server.
Credentials required
You need the credentials for the server Administrator. You can either log in as Administrator or as a User with Administrator
privileges.
Port opened by the Unidesk Installer
The Unidesk Installer opens a port on the local server's firewall for the TCP protocol. This port is used for communications
between the Hyper-V Agent service and the Unidesk Appliances. By default this is port 8014, but you can change the port
number during installation.
Use host names in the Unidesk environment
You can set up your environment to use host names in addition to IP addresses, so that a change in an IP address will not
affect communications between the Management Appliance and its CachePoint Appliances.
If you set the host name on your Hyper-V server, Unidesk will automatically use it instead of the IP address. Then the IP
address can change without causing any problems, as long as the host name does not change.
Similarly if you set a host name for you MA and use it when you register the host (via the Unidesk installer, or manually as
described next) then you can change the IP address of the MA without issues, as long as the host name does not change.
Add a Hyper-V host
Add a new host to the environment
You can add a new host to the environment by installing the Unidesk Hyper-V Agent on the server, and registering the host
with your Management Appliance.
1. Download the Hyper-V Agent Installer from the Unidesk Hyper-V Download Center onto one of the local drives on your
new Hyper-V server.
2. Run the installer and when prompted, enter the host name or IP address of your Management Appliance. This installs the
Hyper-V agent on the host, and registers the host with the Management Appliance.
3. If the host is being added to a cluster, the Unidesk Management Appliance must be restarted to recognize the cluster
configuration change.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.31https://docs.citrix.com
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.32https://docs.citrix.com
Create Secondary CachePoint Appliances
Jun 28 , 2017
You can (and should) create one or more Secondary CachePoint Appliances in the Unidesk environment to manage
Desktops and store Desktop User data, while the Master CachePoint Appliance maintains the master copy of all Layers in
the environment.
You can specify a host or cluster for the CachePoint Appliance. As long as there is one host in a cluster with a CachePoint
on storage accessible by the whole cluster, you can create Unidesk Desktops on any of the clustered hosts that do not
have CachePoints. This minimizes both the storage requirements and the need for more resources, allowing you to create
Desktops across multiple hosts using fewer CachePoints.
Before you start
You must have provisioned a Master CachePoint Appliance as part of the Unidesk installation.
About CachePoint properties
Allow or prevent new Desktops on a CachePoint Appliance
You can allow or prevent a CachePoint Appliance to be used for new Desktops simply by editing the CachePoint Properties
and deselecting this check box on the first wizard tab: Allow new Desktops to be deployed to this CachePoint. This
feature is good for:
Preventing Desktops from being added to the Master CachePoint Appliance, a best practice.
Preparing to remove a Secondary CachePoint from the network.
Reserving space on a Secondary CachePoint for a future project.
Specify storage tiers used for this CachePoint
You can choose where to store the images and Layers the CachePoint uses to manage Desktops, including:
The Boot Images for Desktops managed by a CachePoint
The Layers used by the CachePoint's Desktops
Create a Secondary CachePoint Appliance
1. In the Unidesk Management Console, select System > Manage Appliances > Create CachePoint. This opens the Create
CachePoint Wizard..
2. In the Configuration tab specify the VM Name, the name of the CachePoint Appliance, and select the host where you
want to create it.
3. Leave the Allow new desktops to be deployed to this CachePoint check box selected, unless you want to prevent new
Desktops from being deployed to this CachePoint for reasons described above in Allow or prevent new Desktops on aCachePoint Appliance.
4. In the Storage Tiers tab, specify the locations in the virtual infrastructure where the CachePoint will store its Desktop
Boot images and Layers.
Select a Boot volume location for the Desktop s being managed by this CachePoint.
Select a location for the Application Layers and the CachePoint virtual machine itself .
5. In the Virtual Switch tab, select a virtual switch (network). Specify the VLAN Tag, if needed, and the IP configuration
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.33https://docs.citrix.com
settings for the CachePoint Appliance. For the IP Configuration, choose DHCP if using a dynamic IP address, or Static if
using a Static IP address (Static requires the IP address, gateway, and DNS information).
6. In the Confirm and Complete tab review the settings. If you want, enter a comment for the Audit History.
7. Click Create CachePoint.
The Unidesk software begins creating the new CachePoint. You can monitor the progress of this task in the Management
Console Tasks area.
Change the root password on the new CachePoint Appliance
If you are comfortable using Linux, log into the appliance as root (password v9Yx*6uj), and enter Linux commands to
change the root password.
If you are not familiar with the Linux commands for changing the root password, please contact the Unidesk Support team,
and they will either walk you through the steps or change it for you.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.34https://docs.citrix.com
Deploy Unidesk Appliances and Desktops in Clusters
Jun 28 , 2017
Unidesk supports High Availability and Failover in environments with multiple hosts and clustering.
Note: On non-clustered hosts without shared storage, Unidesk does work, but failover and load balancing are notsupported, and migrating Virtual Machines is more involved than it will be in the future.
Before you start
Install the Unidesk Management Appliance and Master CachePoint Appliance
Create Secondary CachePoint Appliances
Create Desktops
Migrate CachePoint Appliances
You can migrate Unidesk Virtual Machines to different hosts, but not to different storage, using two kinds of migration
that Hyper-V supports:
Live migrate moves the Virtual Machine while it’s running, and there is no interruption.
Quick migrate moves powered down machines. If you choose to quick migrate a running machine, Hyper-V will 'save' and
then move them.
Note: A Unidesk Move Tool for migrating Virtual Machines to different storage is in development.
Unidesk supports migrating the Unidesk Management Appliance or CachePoint Appliance as follows:
While the Virtual Machine is powered OFF, you can quick migrate the VM. (recommended)
While the Virtual Machine is powered ON:
You can Live Migrate idle Appliances, but Unidesk recommends that you migrate while the machine is powered OFF.
You cannot move Appliances that are running jobs
You cannot quick migrate a VM that is in a saved or paused state, as it causes jobs on that VM to fail for several
minutes after the migrate happens, and any jobs in progress will probably fail
The preferred method of migrating VMs is to power down the machine, and migrate it using Hyper-V Quick Migrate.
Configure load balancing
For best results, configure Unidesk load balancing as follows:
Configure each CachePoint to prefer only one host (the host it was originally deployed on).
You can set the CachePoint’s Possible Host to any reasonable choice.
Desktops can be configured as you please, as long as your load balancing software does not migrate powered down
Desktops (most do not).
Configure failover of Unidesk Virtual Machines
In this release, you'll need to manually configure failover of Unidesk Virtual Machines, including the Management Appliance,
Master CachePoint Appliance, Secondary Appliances, and Desktops.
WARNING: The MA should have a static IP address and/or a static mac, while the CachePoint Appliances can have Dynamic
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.35https://docs.citrix.com
IP addresses.
To configure Failover:
1. Set up Hyper-V Roles for any Unidesk VM you want to fail over, whether it's an appliance, Installation Machine, or
Desktop.
2. Configure a CachePoint Appliance on each host where you want to deploy Desktops. A host isn't eligible to get
Desktops until a CP has been deployed to it.
3. (Recommended) Set CachePoint Appliances to Low priority for failover, so that Desktops failover f irst.
4. Your Gold Image VM(s) can be stored in one of two locations so that they can be accessed by Unidesk in the event of a
failover:
(Recommended) On the cluster shared storage.
On local storage on the host for the Master CachePoint Appliance.
On network storage.
For network settings, configure your networks according to the Hyper-V requirements for a failover-capable cluster.For storage, you must use cluster shared volumes or network storage. Unidesk uses constant f ile system paths to VHDX
files when VMs move from host to host.For memory, Desktops that are failing over from a failed host cannot boot on a new host unless there is enough free
memory. You must take that into consideration when planning resources for your cluster.
Notes on Cluster Configuration Changes
If you add or remove hosts from a cluster, the MA must be restarted before Unidesk will recognize these changes. This is
necessary if hosts are added or removed, but it is not required for other changes such as:
Storage (including Cluster Shared Volumes) is added or removed
The host is powered off or on
CachePoints or Desktops are migrated between hosts
Until the MA is restarted you will see the following behavior:
If a new host has been added to the cluster, the new host will be listed under the cluster when you are selecting a host
in the Desktop Create Wizard, but the new host may be marked "Unavailable" with a tool tip that says "There are no
CachePoint Appliances that are capable of using this host for machine deployment" if there are no CachePoints on that
host. You will not be able to select that host in the Create Desktop Wizard. If you select the cluster, that host will not
be used and Desktops will only be deployed to the other hosts in the cluster.
If a host has been removed from the cluster, the host does not display in the cluster. If you attempt to create a
Desktop on that host or on the original cluster, the Desktop creation task may fail with the following error: "Could not
find a CachePoint with storage locations accessible by the selected host."
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.36https://docs.citrix.com
OS Layer
Jun 28 , 2017
About the Operating System Layer
What is the Unidesk Operating System Layer The Unidesk Operating System Layer contains the Windows Operating System that will be deployed to your virtual Unidesk
Machines (Desktops or Session Hosts). Once created, you can use this gold image to build thousands of Desktops and
Session Hosts.
This Operating System Layer includes a gold image, a virtual machine in your infrastructure running the Unidesk-supported
Windows Operating System that you want to use for your Unidesk Machines, whether they are Desktops or Session Hosts.
It is best to use a freshly installed gold image.
What you need to create the Unidesk Operating System Layer
To build the Operating System Layer, you'll need to:
Freshly install the gold image - A virtual machine in your infrastructure running the supported Windows Operating System
version that you want to use for your Unidesk Machines (Desktops or Session Hosts). It is best to use a freshly installed
gold image.
Prepare the gold image for the Unidesk environment, so you can use it to create your Operating System Layer.
Prepare the Gold Image
Windows 10 gold image
Steps: Prepare the Windows 10 Gold Image
Windows 8.1 gold image
Steps: Prepare the Windows 8.1 Gold Image
Prepare a Windows 7 gold image
Steps: Prepare the Windows 7 Gold Image
Prepare a Windows Server 2012 R2 Gold Image
Steps: Prepare a Windows Server 2012 R2 gold image
Prepare a Windows Server 2008 R2 Gold Image
Steps: Prepare a Windows Server 2008 R2 gold image
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.37https://docs.citrix.com
Create your Operating System Layer
Next, you'll import your gold image into a new Operating System Layer.
Import your gold image into a new Operating System Layer
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.38https://docs.citrix.com
Prepare the Gold Image
Jun 28 , 2017
About the gold image
About preparing the gold image
The gold image is a clean install of a supported Windows Operating System that you want to use on your Unidesk
Machines (Desktops or Session Hosts). To prepare the gold image, you will install it on a virtual machine whose disk is
accessible by the Unidesk Management Appliance. Then use Unidesk tools to both create a Windows answer file for
unattended installation on new Unidesk Machines, and to optimize the image for use in Unidesk. Once you have prepared
the gold image, you will use the Unidesk Management Console to import it into a new Operating System Layer.
This topic explains how to prepare a gold image for the Unidesk environment, including how to:
Set up a gold image on a virtual machine.
Install the Unidesk Gold Tools on the image. This includes the Unidesk Unattend Builder and the Unidesk Optimization
Script.
Create an answer f ile for unattended operating system setup, using the Unidesk Unattend Builder.
Optimize the operating system for the Unidesk environment, using the Optimization script.
CAUTION: Using Third-party optimization scripts can have adverse effects in Unidesk, because they can change services
and features that Unidesk uses, for example, Universal Plug and Play and the 8.3 f ile names setting.
For Windows 2012, this also includes steps to:
Configure the OS as either a desktop operating system, or a session host.
Install the Citrix XenApp Broker Agent, if you plan to use XenApp to manage sessions.
Before you start
Prerequisites
Make sure that the disk for the VM where you install the gold image is accessible by the Unidesk Management Appliance.
You can enable domain join in the answer f ile, for unattended operating system setup on each Desktop.
You can only have one network device in your gold image.
Any applications that are account bound, such as Microsoft One Drive, should not be installed on the gold image.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.39https://docs.citrix.com
The gold image should not be in a domain
The gold image should get its IP address from DHCP
If you are using a language other than US-English, please see this article on how to add the required nls f iles to the boot
image.
http://www.unidesk.com/support/kb/boot-failure-0xc000000f-windows-failed-load-because-nls-data-missing-or-
corrupt
Prepare a Gold Image
Choose the operating system you are using for the gold image:
Prepare a Windows 8.1, Windows 7, or Windows 10 gold image (Desktop) STEP 1: Set up a Windows gold image on a virtual machine
In the Hyper-V client :
1. Create a new Generation 1 virtual machine.
2. Configure memory and networking.
3. Note: You can have just one network device in your gold image.
4. Configure a virtual hard disk that is large enough for a Windows operating system installation, and make sure it is
accessible by the Unidesk Management Appliance.
5. Install the desktop operating system that you wish to use on the virtual machine.
6. Install the Hyper-V Integration Services in this virtual machine, using the Microsoft Windows Integration Services Setup
Disk. (This is not necessary on Windows 8.1 or Windows 10, because these systems include those services.)
This virtual machine is your gold image
STEP 2: Copy the Unidesk Tools onto the gold image
1. Copy the unidesk_win_gold_image_tools_3.4.x.exe f ile onto the gold image. You can f ind these tools in the Unidesk
Installer download, or in the Unidesk for Hyper-V Download Center.
2. Double-click the unidesk_win_gold_image_tools_3.4.x.exe to self-extract it to c:\windows\setup\scripts.
STEP 3: Create an answer file for unattended installation on Unidesk Desktops
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.40https://docs.citrix.com
1. In the c:\windows\setup\scripts folder, right-click the unattend.exe tool and choose Run as administrator. The unattend
builder form opens.
2. Complete the unattend form.
Product key activation For KMS activation, select KMS Server.
For KMS with a Multiple Activation Key (MAK), select KMS with MAK and enter the MAK.
For Retail Licensing with a MAK, select Retail with MAK, and the MAK.
Domain JoinSelect Enable if you want to configure the unattend.xml f ile to join Desktops to a specif ic domain. If you plan to use AD
join scripts, ensure Enable is not selected.
You can add Desktops to the Computer's container in Active Directory by deleting the OU entry. However, we
recommend that you use an alternate OU for Unidesk Desktops, both to segregate the Desktop from other machines
and to avoid applying virtual Desktop-specif ic GPOs to other types of machines.
If you are supporting multiple OUs within one or more domains, you can join machines in different Domains or OUs by
creating different unattend.xml f iles in different application layers.
Local Administrator accountYou can enable the Administrator account on each Unidesk Desktop by selecting Enable. Remember to also enable this
account in your gold image or Operating System Layer version. You can also enable the Administrator account for your
gold image and then have it disabled in the deployed Desktops by clearing the check box.
If you want to add an alternate Administrator account, select Enable and enter the account information. This account
cannot be preconfigured in the gold image.
You can create a Desktop where the Administrator is disabled and the alternate administrator is created and enabled.
However for this to work, the Administrator account must be enabled in the gold image and it cannot be renamed.
Time ZoneIf your time zone is not listed, you can add it to the Other box. Be sure to use the time zone, not the display setting.
Disabling automatic activationSelect this option if you plan to use the Microsoft Volume Activation Management Tool.
3. Click Save File.
STEP 4 : Optimize the gold image for the Unidesk environment
1. In the c:\windows\setup\scripts folder, right-click the Optimize64.exe tool and choose Run as administrator. This
creates a .cmd file (optimizations.cmd) that will be run during Desktop creation to optimize the image.
2. Follow the instructions to run the optimizations.cmd file on the gold image. This removes installation-specif ic drivers and
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.41https://docs.citrix.com
settings.
If you are using the Unidesk Optimizer script and you are enabling the View Persona feature, you must go to the section
of the Optimizer script called Disable Unnecessary Services to Save Memory and CPU, deselect the option to DisableOff line File Service, and click Save File. This is because View Persona folder redirection requires Offline f iles to be
enabled, and by default, the Unidesk Optimizer turns off Offline f iles, which are not a requirement for Unidesk.
STEP 5: Create a backup copy of the gold image
Once the gold image is ready, create a copy of it so you can return to this state at any time.
Important: It is critical to create a backup copy (checkpoint) before installing the Unidesk software onto the gold image.
Without this backup copy, returning to this state requires rebuilding the image.
STEP 6: Install the Unidesk software onto the gold image
1. Run setup_x64.exe from c:\Windows\setup\scripts.
Once this is done, you are ready to create a Unidesk Operating System Layer.
STEP 7: Run NGen
About Microsoft NGen operations NGen is the Microsoft "Native Image Generator". It is part of the .NET system, and basically re-compiles .NET byte code
into native images and constructs the registry entries to manage them. Windows will decide when to run NGen, based on
what is being installed and what Windows detects in the configuration. When NGen is running, you must let it complete. An
interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.
Force an NGen operation to the foreground
Normally, NGen is a background operation and will pause if there is foreground activity. Bringing the task into the
foreground can help the task to complete as quickly as possible.
1. Open a command prompt as Administrator.
2. Go to the Microsoft .NET Framework directory for the version currently in use:
cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
3. Enter the NGen command to execute the queued items:
ngen update /force
This brings the NGen task to the foreground in the command prompt, and lists the assemblies being compiled.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.42https://docs.citrix.com
4. Ensure that all NGen processes have run to completion. Optionally, you can now shut down the Gold Image VM.
Once you have completed these steps, you are ready to create a Unidesk Operating System Layer.
Windows 8.1 deployment tips
Improving Windows 8.1 login times
If you want to speed up login times for Windows 8.1 Desktops, you can disable some of the more costly and less necessary
GUI actions.
Turn off new user arrowsYou can turn off new user arrows, by making the following Registry edits:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\EdgeUI
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EdgeUI
DisableHelpSticker DWORD
0 = Enable help tips
1 = Disable help tips
Deploying applications on Windows 8.1
Windows 10 deployment tips
Removing Windows 10 built-in Applications
When preparing the gold image for import into a Unidesk Operating System Layer, you can remove Windows 10
applications. If you do, we recommend removing these applications either on the gold image itself, or on the Operating
System Layer. For the steps to remove Windows 10 Applications, click here.
Prepare a Windows 2012 R2 gold image (Desktops)
Use these steps to prepare a gold image for Desktops that will run in the Unidesk environment.
Note: Unidesk Desktops are supported on Windows Server 2012 R2, but not on Windows 2008 R2.
STEP 1: Set up a Windows Server 2012 R2 gold image on a virtual machine
In the Hyper-V client:
1. Create a new Generation 1 virtual machine.
2. Configure memory and networking, for example, the NIC and video memory.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.43https://docs.citrix.com
Note: You can have just one network device in your gold image.
3. Configure a virtual hard disk that is large enough for a Windows operating system installation, and make sure it is
accessible by the Unidesk Management Appliance.
4. Install the operating system and patches to bring it up-to-date.
5. Install the Hyper-V Integration Services in this virtual machine, using the Microsoft Windows Integration Services Setup
Disk.
STEP 2: Configure Windows Server as a desktop operating system (for Desktops)
Use this section as a guide to configuring Windows Server 2012 R2 as a desktop operating system for your users.
This section is not required. It is included for your convenience.
Disable Shutdown event tracker
The shutdown event tracker asks for the reason the system is being shut down before it allows the shutdown to continue.
To disable this feature, follow these steps.
Important : You must run the Group Policy Editor as Administrator, or it will appear as if the values are being changed, but
the Desktops will remain the s
1. Run the group policy editor as Administrator.1. Click Start .
2. Type gpedit.msc in the Search box.
3. Right-click gpedit.msc and choose Run as Administrator.
Running the editor this way ensures that you are running it as Administrator.
2. Browse to Computer Configuration /Administrative Templates/System.
3. Scroll down to, then double-click Display Shutdown Event Tracker.
4. Select Disabled and click OK.
Stop Server Manager f rom running automatically at logon
1. Run the group policy editor as Administrator.
1. Click Start .
2. Type gpedit.msc in the Search box.
3. Right-click gpedit.msc and choose Run as Administrator.
Running the editor this way ensures that you are running it as Administrator.
2. Browse to Local Computer Policy/Computer Configuration/Administrative Templates/System/Server Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.44https://docs.citrix.com
3. Scroll down to, then double-click Do not display Server Manager automatically at logon.
4. Select Enabled and click OK
Grant users shutdown rights
By default, only administrators will have the right to shut down or restart the machine. By following the steps below, other
users and/or groups can be granted the right to shut down the machine.
Important : You must run the Group Policy Editor as Administrator, or it will appear as if the values are being changed, but
the Desktops will remain the same.
1. Run the group policy editor as Administrator.1. Click Start .
2. Type gpedit.msc in the Search box.
3. Right-click gpedit.msc and choose Run as Administrator.
Running the editor this way ensures that you are running it as Administrator.
2. Browse to Computer Configuration /Windows Settings/Security Settings/Local Policies/User Rights Assignment.
3. Double click Shut down the system.
4. Click Add User or Group.
5. Click Object Types.
6. Select Groups.
7. Click OK in the Object Types dialog.
8. Type “Users” for the object name.
9. Click OK in the Select Users or Groups dialog.
10. Click OK in the Shut down the system Properties dialog.
Change the function of the Power button on the Start menu
By default, the Power button on the start menu is set to Log Off. If you would like a different setting for the desktops,
follow the steps below to change it.
Important: You must run the Group Policy Editor as Administrator, or it will appear as if the values are being changed, but
the Desktops will remain the same.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.45https://docs.citrix.com
Group Policy method
This method sets the button for all users and does not let individual users override the setting.
1. Run the group policy editor as Administrator.1. Click Start .
2. Type gpedit.msc in the Search box.
3. Right-click gpedit.msc and choose Run as Administrator
Running the editor this way ensures that you are running it as Administrator.
2. Browse to User Configuration /Administrative Templates/Start Menu and Taskbar.
3. Double click Change Start Menu Power Button.
4. Change the setting to Enabled.
5. Select which option to display on the start menu and click OK.
Copy Profile method
This method will set the button for all users and allow individual users to override the setting. This will only work if copy
profile is selected when creating the unattend file.
1. Right click on the task bar and select properties.
2. Click the Start Menu tab.
3. Select the desired Power button action in the drop down.
4. Click OK.
Disable IE Enhanced Security configuration
The IE Enhanced Security feature severely limits what can be done with IE with sites that are not part of the trusted sites
zone. To disable this feature, follow the steps below.
1. Open the Server Manager (right-click This PC on the start menu and select Manage).
2. Choose Local Server.
3. In the Properties panel, scroll to the right to f ind IE Enhanced Security Conf iguration.
4. Select Off for both Administrators and Users.
5. Click OK. Note that the Properties panel refreshes slowly, so the change may not be visible immediately
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.46https://docs.citrix.com
Install .Net 3.5 feature
The .Net feature is installed by default on workstation operating systems, but not on Windows Server 2012 R2. It is a
software framework provided by Microsoft that is required for many 3rd party applications to run. To install this feature,
follow the steps below.
1. On the Start menu, right-click This PC, and select Manage.
2. Select Add Roles and Features. If this opens the Before you begin page, select Next .
3. Select Role-based or feature-based installation, then select Next.
If not already selected, select the correct local server from the server pool.
4. In the right panel, select Features.
5. Click Add Features.
6. Expand .NET Framework 3.5 Features.
7. Check .NET Framework 3.5.
8. Click Next .
9. Click Install.
10. When the installation is done, click Close.
Install Desktop Experience Feature
The Desktop Experience feature includes several options that are installed by default on workstation operating systems.
These features include, among others, Themes, audio and video support, Windows Media player, and phone management.
Use these steps to install the Desktop Experience feature.
Installation
Here's how to install the Desktop Experience feature.
1. Open the Server Manager (right-click This PC on the start menu and select Manage).
2. In the left panel select Features.
3. In the right panel, click Add Features.
4. Scroll down the Features list to User Interfaces and Infrastructure (2 of 3 installed), and expand that entry.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.47https://docs.citrix.com
5. Check Desktop Experience.
6. If you are prompted to add features that are required by the Desktop Experience feature, click Add Required Features.
7. Click Next , and then Install.
8. When the installation is done, click Close.
9. Restart when prompted.
Enable themes
The following steps describe how to enable themes after the Desktop Experience feature is installed.
1. Click Start > Control Panel > Administrative Tools > Services.
2. Double click the Themes service.
3. Set Startup type to Automatic.
4. Click OK.
Assign default theme
It is possible to assign the default theme for new users by performing the following steps. Individual users will be able to
override the default theme.
Important : You must run the Group Policy Editor as Administrator, or it will appear as if the values are being changed, but
the Desktops will remain the same.
1. Run the group policy editor as Administrator.
1. Click Start .
2. Type gpedit.msc in the Search box.
3. Right-click gpedit.msc and choose Run as Administrator.
Starting the editor this way ensures that you are running it as Administrator.
2. Browse to User Configuration /Administrative Templates/Control Panel/Personalization.
3. Double click Load a specif ic theme.
4. Select Enabled.
5. Enter the path to the theme file. “%windir%\Resources\Themes\aero.theme” is the path to the aero theme. More
themes can be downloaded from the Microsoft website.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.48https://docs.citrix.com
6. Click OK.
Install Windows Search service
The Windows Search service is not installed by default in Windows Server 2012. Microsoft Outlook depends on this service
for searching emails. To install this service, follow the steps below.
1. Open the Server Manager (right-click This PC on the start menu and select Manage).
2. In the left panel select Features.
3. In the right panel, click Add Features.
4. In the Features list, scroll down to Windows Search Service, and select it.
5. Click Install on the Confirmation page.
6. Once the installation has completed, click Close.
Enable audio
By default, audio is not enabled. To enable audio, follow the steps below.
1. Click Start > Control Panel > Administrative Tools > Services.
2. Double click the Windows Audio service.
3. Set Startup type to Automatic.
4. Click OK.
Adjust performance for programs
By default, the operating system is optimized to run background services rather than user programs. To change this, follow
the steps below.
1. On the Start menu, right click This PC and select Properties.
2. Click Advanced system settings in the left pane.
3. Click the Settings button in the Performance section.
4. Click the Advanced tab.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.49https://docs.citrix.com
5. Select Programs.
6. Click OK.
STEP 3: Mount or copy the Unidesk Tools onto the gold image
1. Mount the Unidesk_Gold_Image_Tools ISO or copy the Unidesk_Gold_Image_Tools ZIP f ile onto the gold image. You
can f ind these tools in the Unidesk Installer download.
2. Open the ISO or extract the ZIP.
3. In the extracted Unidesk_Gold_Image_Tools_x.x.x folder, extract Unidesk_Windows_Gold_Image_Tools.zip to
c:\windows\setup\scripts.
STEP 4 : Create an answer file for unattended installation on Unidesk desktops
1. In the c:\windows\setup\scripts folder, right-click the unattend.exe tool and choose Run as administrator. The unattend
builder form opens.
2. Complete the unattend form
1. Product key activation
a. For KMS activation, select KMS Server.
b. For KMS with a Multiple Activation Key (MAK), select KMS with MAK and enter the MAK
c. For Retail Licensing with a MAK, select Retail with MAK, and the MAK.
2. Domain Join
a. Select Enable if you want to configure the unattend.xml f ile to join desktops to a specif ic domain. If you plan to
use AD join scripts, ensure Enable is not selected.
b. You can add desktops to the Computer's container in Active Directory by deleting the OU entry. However, we
recommend that you use an alternate OU for Unidesk desktops, both to segregate the desktop from other machines
and to avoid applying virtual desktop-specif ic GPOs to other types of machines.
c. If you are supporting multiple OUs within one or more domains, you can join machines in different Domains or OUs
by creating different unattend.xml f iles in different application layers.
d. For information about domain join scripts,see the following Support articles:
Debugging Domain Join Problems
3. Local Administrator account
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.50https://docs.citrix.com
a. If you want to use the unattend.xml f ile to enable the Administrator account on each Unidesk desktop, select
Enable. Remember to also enable this account in your gold image or Operating System Layer revision. It is possible to
enable the Administrator account for your gold image and then have it disabled in the deployed desktops by clearing
the check box.
b. If you want to add an alternate Administrator account, select Enable and enter the account information. This
account cannot be pre-configured in the gold image.
c. You can create a desktop where the Administrator is disabled and the alternate administrator is created and
enabled. However for this to work, the Administrator account must be enabled in the gold image and it cannot be
renamed.
4. T ime zone
a. Select the time zone. If your time zone is not listed, you can add it to the Other box. Be sure to use the time zone,
not the display setting. A list of time zone settings can be found here.
5. Disabling automatic activatio
a. Select this option if you plan to use the Microsoft Volume Activation Management Tool.
3. Click Save File
STEP 5: Optimize the gold image for the Unidesk environment
1. In the c:\windows\setup\scripts folder, run the Optimize executable to create a .cmd file (optimization.cmd) that will be
run to optimize the image during desktop creation.
STEP 6: Create a checkpoint of the gold image
Once the gold image is ready, create a Hyper-V checkpoint of it, so that you can return to this state at any time.
Important : It is critical to create a checkpoint before installing the Unidesk software onto the gold image. Without this
checkpoint, returning to this state requires rebuilding the image.
STEP 7: Install the Unidesk tools onto the gold image
1. In the c:\windows\setup\scripts folder, run the Unidesk setup_x64.exe (64-bit).
2. The installation prompts for the location of the Management Appliance IP address and the location of the unattend.xml
file (the default location is c:\windows\panther).
Once this is done, you are ready to create a Unidesk Operating System Layer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.51https://docs.citrix.com
Prepare a Windows 2012 R2 or Windows 2008 R2 gold image (Session Host)
Use these steps to prepare a gold image for Session Hosts that will run in the Unidesk environment. If you are building
Desktops rather than Session Hosts, see the previous steps to Prepare a Windows 2012 R2 gold image (Desktop).
Note: Unidesk Desktops are not yet supported on Windows Server 2008.
STEP 1: Set up a Windows Server gold image on a virtual machine
In the Hyper-V client:
1. Create a new Generation 1 virtual machine.
2. Configure memory and networking, for example, the NIC and video memory.
Note: You can have just one network device in your gold image.
3. Configure a virtual hard disk that is large enough for a Windows operating system installation, and make sure it is
accessible by the Unidesk Management Appliance.
4. Install Windows Server 2012 R2, and patches to bring it to the most current.
Note: The machine is not joined to the domain.
5. Install the Hyper-V Integration Services in this virtual machine, using the Microsoft Windows Integration Services Setup
Disk.
STEP 2: Add the RD Session Host Role
Using Server Manager, add the RD Session Host Role to the machine.
IMPORTANT : This should be done as a Role-based or Feature-based installation, not as a Remote Desktop Services
installation.
1. In the Hyper-V Server Manager, select Add roles and features.
2. For the Installation Type, select Role-based or Feature-based installation.
3. For the Server Role, select Remote Desktop Services > Remote Desktop Session Host (Installed).
4. Complete the process of adding the Server Roles.
STEP 3: Copy the Unidesk Tools onto the gold image
1. Copy the Unidesk_Gold_Image_Tools RAR f ile onto the gold image. You can f ind these tools in the Unidesk Installer
download.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.52https://docs.citrix.com
2. Run the RAR f ile. This copies the tools to the C:windows\setup\scripts directory.
STEP 4 : Create an answer file for unattended installation on Unidesk desktops
1. In the c:\windows\setup\scripts folder, right-click the unattend.exe tool and choose Run as administrator. The unattend
builder form opens.
2. Complete the unattend form
1. Product key activation
a. For KMS activation, select KMS Server.
b. For KMS with a Multiple Activation Key (MAK), select KMS with MAK and enter the MAK
c. For Retail Licensing with a MAK, select Retail with MAK, and the MAK.
2. Domain Join
a. Select Enable if you want to configure the unattend.xml f ile to join desktops to a specif ic domain. If you plan to
use AD join scripts, ensure Enable is not selected.
b. You can add Session Hosts to the Computer's container in Active Directory by deleting the OU entry. However, we
recommend that you use an alternate OU for Unidesk Session Hosts, both to segregate the Session Host from other
machines and to avoid applying specif ic GPOs for Session Hosts to other types of machines.
c. If you are supporting multiple OUs within one or more domains, you can join machines in different Domains or OUs
by creating different unattend.xml f iles in different application layers.
d. For information about domain join scripts,see the following Support articles:
Debugging Domain Join Problems
3. Local Administrator account
a. If you want to use the unattend.xml f ile to enable the Administrator account on each Unidesk desktop, select
Enable. Remember to also enable this account in your gold image or Operating System Layer revision. It is possible to
enable the Administrator account for your gold image and then have it disabled in the deployed desktops by clearing
the check box.
b. If you want to add an alternate Administrator account, select Enable and enter the account information. This
account cannot be pre-configured in the gold image.
c. You can create a desktop where the Administrator is disabled and the alternate administrator is created and
enabled. However for this to work, the Administrator account must be enabled in the gold image and it cannot be
renamed.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.53https://docs.citrix.com
4. T ime zone
a. Select the time zone. If your time zone is not listed, you can add it to the Other box. Be sure to use the time zone,
not the display setting. A list of time zone settings can be found here.
5. Disabling automatic activatio
a. Select this option if you plan to use the Microsoft Volume Activation Management Tool.
3. Click Save File
STEP 5: Optimize the gold image for the Unidesk environment
1. In the c:\windows\setup\scripts folder, run the Optimize executable to create a .cmd file (optimization.cmd) that will be
run to optimize the image during Session Host creation.
STEP 6: Create a checkpoint of the gold image
Once the gold image is ready, create a Hyper-V checkpoint of it, so that you can return to this state at any time.
Important : It is critical to create a checkpoint before installing the Unidesk software onto the gold image. Without this
checkpoint, returning to this state requires rebuilding the image.
STEP 7: Install the Unidesk tools onto the gold image
1. In the c:\windows\setup\scripts folder, run the Unidesk setup_x64.exe (64-bit).
2. The installation prompts for the location of the Management Appliance IP address and the location of the unattend.xml
file (the default location is c:\windows\panther).
Once this is done, you are ready to create a Unidesk Operating System Layer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.54https://docs.citrix.com
Create the OS Layer
Jun 28 , 2017
An Operating System Layer includes the software and settings for the operating system that you deploy to Unidesk
Machines (Desktops or Session Hosts). Once you have prepared the gold image for deploying to your Unidesk Machines,
you can create a Unidesk Operating System Layer by importing the gold into a new Layer.
Before you start
The disk for the VM where the gold image is installed must be accessible by the Unidesk Management Appliance.
The gold image must not be in the domain.
Import the gold image onto a Unidesk Operating System Layer
1. Apply all Windows updates to the image, so that it is at the most current Microsoft patch level.
2. In the Unidesk Management Console, select Layers > OS Layers.
3. Click Create OS Layer. This opens a wizard.
4. Layer Details tab:
Layer Name - Enter a name for the Layer, for example, Win81_64gold.
Version - You can create many versions of the Operating System Layer, for example, to add updates from Microsoft.
Name this version (the date can be useful).
Gold Image - Select the gold image you've prepared for your Unidesk Machines from the list of images on your
Management Appliance.
5. Icon Assignment tab - Choose an icon for this Layer.
6. Confirm and Complete tab - Verify your settings and click Create Layer.
Creating a Windows Operating System Layer can take up to 20-30 minutes to complete. You can then create a Unidesk
Machine to verify that the Layer works as intended.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.55https://docs.citrix.com
Create Unidesk Collections
Jun 28 , 2017
Unidesk Collections are containers for organizing Unidesk machines. Each Collection is intended for either Desktops or
Session Hosts, not both. You'll need to create a Collection before you can create either a Desktop or a Session Host.
To get started, choose the type of Collection you're creating:
Get started creating a Collection for Desktops
Get started creating a Collection for Session Hosts
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.56https://docs.citrix.com
Collections for Desktops
Jun 28 , 2017
Unidesk Collections are containers for organizing Session Hosts or Desktops. You'll need to create a Desktop Collection
before you can create your first Desktop.
A Collection is where you specify the Operating System Layer to use for your Desktops. With Desktop Collections, you'll
also specify the connection broker (if you have integrated with one of the Unidesk-supported brokers). Once integrated
with a broker, your Desktop Collections will mirror the groupings already established in the broker, so you should integrate
with a broker before setting up any Desktop Collections.
If you're using a supported desktop connection broker, like the Remote Desktop Connection Broker (RDCB) or Citrix
XenDesktop, you'll start by integrating with the broker, so that when you create Unidesk Collections they'll mirror the
groupings used by your broker.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.57https://docs.citrix.com
Integrate with Microsoft Remote Desktop ConnectionBroker
Jun 28 , 2017
To simplify Desktop management, Unidesk supports full integration with selected virtualization connection brokers,
including supported versions of Microsoft Remote Desktop Connection Broker (RDCB).
Once you set RDCB as the broker for Unidesk Collections, any Desktops you create in the Collection are assigned to
Desktop groupings in the broker that mirror the Unidesk Collections.
Install or upgrade the Unidesk Broker Agent
The first step to integrate Unidesk with RDCB is to install the UnideskBroker Agent on the connection broker server.
The first step to integrate Unidesk with RDCB is to install the UnideskBroker Agent on the connection broker server.
Privileges requiredPrivileges required
Ensure you have access to an account with administrator privileges on the connection broker server.
Roles requiredRoles required
Remote Desktop Services must be configured as prescribed by Microsoft.
The Virtualization Host role for RDS must be enabled on every server that hosts Unidesk Desktops.
When setting up a High Availability connection broker, install the Unidesk Broker Agent on each of the connection broker
servers.
To inst all or upgrade t he Unidesk Broker AgentTo inst all or upgrade t he Unidesk Broker Agent
1. Log into the connection broker server by using an account with administrator privileges.
2. Download the unidesk_hyperv_broker_agent_setup_3.3.0.exe f ile from the Unidesk Download Center to a convenient
location on the server.
3. Double click unidesk_hyperv_broker_agent_setup_3.3.0.exe, and when prompted, enter the location where you want to
install the Unidesk Broker Agent. The default is C:\Program Files (x86)\Unidesk Corporation\Unidesk Connection Broker
Agent\.
4. Set the communications port number by either accepting the default (8015) or by specifying a different port for the
Unidesk Broker Agent.
5. Click F inishFinish to exit the wizard.
If you need to change the port number later. (needs a link)
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.58https://docs.citrix.com
Integrate with Microsoft Remote Desktop ConnectionBroker (RDCB)
If more than one broker server is set up for High Availability, determine which is the current active management server.
1. Log onto the Hyper-V host.
2. Open Server ManagerServer Manager, and select Remot e Deskt op ServicesRemot e Deskt op Services on the left.
3. Note the server listed under Deployment OverviewDeployment Overview. This is the current active management server, required for the
following procedure.
Integrating with the Remote Desktop Connection Broker (RDCB), enables Unidesk to:
Create RDCB Virtual Desktop Collections.
Add Unidesk Desktops to the RDCB Collections.
NoteRDCB allows one Desktop per user in a Collection.
You can integrate with RDCB by configuring the Unidesk broker agent connection settings in the Unidesk Management
Console.
1. In the Unidesk Management Console (UMC), select Syst em > Set t ings and Conf igurat ionSyst em > Set t ings and Conf igurat ion.
2. Scroll to Broker Set t ingsBroker Set t ings and then click AddAdd.
3. For Broker Set t ingsBroker Set t ings, type the broker server information. If you have a High Availability broker setup, type the
information for the active management server (determined by using the steps in the previous section):
* Broker Name
* Broker Description
*Broker Address
* Broker Port (suggested port number is 8015)
4. Click T est Connect ionT est Connect ion to ensure that Unidesk can communicate with the broker.
5. Once the connection is validated, click ApplyApply .
6. Save this new broker by entering a comment, if needed, and then click SaveSave .
If the active management broker server fails
If the active management server fails, users can still connect to Desktops through RDWeb, and Unidesk's scheduled
maintenance of those Desktops continues. However, you cannot create new Desktops or edit Collection entitlements until
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.59https://docs.citrix.com
the broker settings in the Unidesk Management Console are updated with the new active management server.
To update the RD connection broker settings, you can wait for RDS to detect that the server has gone down and change
the active management server, which may take several minutes. Or, you can manually change the active management server.
If you don't want to wait for RDS to detect that the server failed and change to the active management server, you can
change the active RD Connection broker server as follows.
1. Log into the Hyper-V host.
2. Open Server ManagerServer Manager and select Remot e Deskt op ServicesRemot e Deskt op Services on the left.
3. Choose a new server from the list and then click the Set Act iveSet Act ive button.
When there is a new active management server, connect to the Unidesk Management Appliance and update the server
information.
1. Log into the Unidesk Management Console (UMC).
2. Click the Syst emSyst em tab and then the Set t ing and Conf igurat ionSet t ing and Conf igurat ion tab.
3. Click EditEdit next to the Broker Set t ingsBroker Set t ings section.
4. Select the broker server from the list and click the Modif yModif y button.
5. Update the Broker Address to the FQDN of the new active management server and click ApplyApply .
6. Click SaveSave to commit the change.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.60https://docs.citrix.com
Integrate with XenDesktop
Jun 28 , 2017
You can integrate Unidesk for Hyper-V with Citrix XenDesktop, so that your Unidesk Collections specify that you want new
Desktops to belong to a XenDesktop group. This article lays out what you need to integrate with XenDesktop, and
explains the steps in detail.
Requirements to integrate Unidesk for Hyper-V withXenDesktop
What you need to integrate with Citrix XenDesktop
Hyper-V servers in an SCVMM environmentFor users to access Unidesk Desktops hosted on Hyper-V servers via XenDesktop, the HyperV servers must be part of a MicrosoftSystem Center 2012 Virtual Machine Manager (SCVMM) environment.
Note: If you do not have an SCVMM environment, Microsoft provides a downloadable appliance in the form of a VHD (Virtual Hard Disk)file for evaluation purposes. This VHD may be deployed as a virtual machine on any HyperV server. You may also install the SCVMMsoftware directly on any Windows Server 2012 system (physical or virtual) in your environment.
Citrix XenDesktop SiteXenDesktop Desktop Site must have the following software installed and configured: A supported version of the Citrix XenDesktopsoftware and Citrix Studio, Delivery Controller(s), Citrix License Server, and Citrix StoreFront.
The XenDesktop Site, Hyper-V Servers, and SCVMM Console(s) must all be in the same domain.
Windows PowerShell 4.0 must be installed on the Citrix XenDesktop host, and the PowerShell execution policies must be set to eitherUnrestricted or Bypass. You can set this by running the PowerShell script “set-executionpolicy unrestricted”. You must run this script as auser with local admin rights on the server.
You must have access to an account with administrator privileges.
Firewall Port open for the Unidesk Broker AgentA port in your firewall is opened by the Unidesk Broker Agent installer. By default, the broker agent uses Port 8015. You can change thisport in the Unidesk Management Console by selecting System > Settings and Configuration > Broker Settings, and then editing thebroker.
Unidesk LayerUnidesk Unidesk Operating System Layer on which to install the agent. You can install the agent on:
The Operating System Layer, or on a new Version of the Layer.An Application Layer or Layer version, unless you are integrating XenDesktop with App-V.
If Microsoft .NET Framework 4 is not yet installed, it must be installed before you install the XenDesktop agent on this Layer.
You must have Admin privs on the server that is running the Cirtix XenDesktop Delivery Controller. This requires editing the service. Thisis required for the Agent.
Integrate with XenDesktop
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.61https://docs.citrix.com
Once installed on your XenDesktop Controllers, the Unidesk Broker Agent lets you add Unidesk Desktops to XenDesktop
groups by creating Unidesk Collections and Desktops.
To install or upgrade the Unidesk Broker Agent:
1. Determine which port to use for communication between Unidesk and XenDesktop. By default, the installer configures
the Broker Agent to use port 8015, but you can choose a different port.
Not e:Not e: If you select a different port during installation, you must also edit the port in the Unidesk Management Console,
using Syst em > Set t ings and Configurat ion > Broker Set t ingsSyst em > Set t ings and Configurat ion > Broker Set t ings.
2. Log into the XenDesktop host using an account that has full administrator privileges on the XenDesktop Controller.(The
user must be a member of fulladministrators Role in Citrix.)
3. Download the Unidesk Broker Agent setup file from the Unidesk for Hyper-V Download page.
4. Run the Broker Setup, unidesk_hyperv_broker_agent_installer_3.3.0.exe.
5. Click Finish to exit the wizard.
6. Make sure that the logon user for the Unidesk Broker Agent is in the administrators group on the DDC and in the
XenDesktop Administrators in Desktop Studio as a Full Administrator.
Give t he Unidesk Broker Agent access t o t he XenDeskt op serviceGive t he Unidesk Broker Agent access t o t he XenDeskt op service
Using the Windows Administration Tools, make sure that the Unidesk Service running as Domain User is both an
Administrator for Citrix and a Local Administrator on the machine.
Set up a connect ion t o a Cit rix XenDeskt op Sit eSet up a connect ion t o a Cit rix XenDeskt op Sit e
1. Log into the Unidesk Management Console.
2. Select System > Settings and Configuration.
3. Next to Broker Settings, click Edit.
4. Click Add.
5. Enter the connection details for a XenDesktop Controller:
1. Enter a name and description for the broker.
2. Enter the IP address or Fully Qualif ied Domain Name (FQDN) for the XenDesktop Controller.
3. Enter the firewall port that the Unidesk Management Appliance and the XenDesktop Controller can use for
communication purposes.
Not e:Not e: By default, the Unidesk Broker installer opens port 8015 in the firewall for this purpose. If a different port was
set during installation, enter that port number, and make sure the port is open in the firewall.
6. Click Test Connection to verify that the connection to the Controller is valid.
If you created catalogs before you configured the settings for the XenDesktop Controller, clicking Test
Connectionallows Unidesk to retrieve a list of Existing catalogs.
7. Click Apply to add the Controller to the list of brokers.
8. Repeat this procedure for each Controller that you want to add to the configuration.
9. Click Save to save the Broker settings and exit Edit mode.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.62https://docs.citrix.com
If you want to configure Unidesk to communicate with more than one XenDesktop Controller, you can add another one
after this one is saved.
Configure Cit rix XenDeskt op t o work wit h t he Unidesk Hyper-V serversConfigure Cit rix XenDeskt op t o work wit h t he Unidesk Hyper-V servers
You can configure Citrix XenDesktop to work with the Unidesk Hyper-V servers by creating a new Host Connection, and
selecting Microsoft SCVMM as the connection type.
This assumes that your Hyper-V servers are part of a Microsoft System Center 2012 Virtual Machine Manager (SCVMM)
environment, as described in the requirements.
1. Log into the XenDesktop host.
2. Run Citrix Studio.
3. Select Citrix Studio > Configuration > Hosting.
4. In the Actions, select Add Connection and Resources.
5. On the Connection tab, select Create a new Connection.
6. In the Connection Type f ield, select Microsoft System Center Virtual Machine Manager as a connection type.
7. Finish completing the Connection wizard.
Install the XenDesktop Virtual Desktop Agent (VDA)on a Unidesk Layer
About installing the Virtual Desktop Agent
Next, you need to deploy the Citrix XenDesktop agent to the Desktops that will belong to the Citrix XenDesktop group.
You can install the agent by adding it to a version of the Unidesk OS Layer, though you could also install it on the gold
image. The steps vary based on the version of Windows the Desktop will be running.
Windows 7 or Windows 8.1 - Run the XenDesktop VDA installer.
Windows Server 2012 R2 - Run the XenDesktop VDA Command Line installer.
Not e:Not e: If you run the regular VDA installer on Windows Server 2012, the Virtual Desktop Agent for the Server OS will be
installed, instead of the agent for the Desktop OS, and the Operating System will be used as a Desktop OS.
Install VDA on Windows 7 or Windows 8.1
When you install XenDesktop 7.6, there are several settings you must choose for the software to work correctly with
Unidesk. Please use the instructions in this section when doing the installation.
You can install Citrix XenDesktop 7.6 on the Operating System Layer or on a Version of the Layer that you’ll deploy to
Desktops. Microsoft .NET Framework 4 must be installed before you install XenDesktop 7.
1. If .NET Framework 4 is not yet installed, install it on a Layer or Layer Version. (.NET Framework 4 is required by Citrix
XenDesktop 7.6.)
2. Start the Citrix XenDesktop 7.6 installer and choose Virt ual Delivery Agent f or Windows Deskt op OSVirt ual Delivery Agent f or Windows Deskt op OS .
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.63https://docs.citrix.com
3. On the Environment step, choose Enable Remot e PC AccessEnable Remot e PC Access .
4. On the HDX 3D Pro step, choose the appropriate type for your graphics hardware. For example:
5. On the Delivery Controller step, enter the fully qualified domain name (FQDN) of your XenDesktop 7.6 server. (You must
use the FQDN rather than the IP address.) For example:
6. On the Features step, disable both Opt imize perf ormanceOpt imize perf ormance and Personal vDiskPersonal vDisk. Optionally, select the Remote
Assistance, if it is something that you will be using with your Xen Desktops.
7. Continue to the end of the installer steps and start the installation.
8. If at any point during the installation a window pops up requesting a reboot and gives you the choice to reboot later,
choose Reboot lat erReboot lat er. Otherwise, restart and continue the installation when the Desktop comes back up.
9. When the installation completes, select Rest art machineRest art machine and click F inishFinish.
10. Now either finalize the layer (if you were building an OS version) or shutdown the gold and use it to create an OS layer.
Install VDA on Windows Server 2012 R2
When you install XenDesktop 7.6, there are several settings you must choose for the software to work correctly with
Unidesk. Please use the instructions in this section when doing the installation.
You can install Citrix XenDesktop 7.6 on the Operating System Layer or on a Version of the Layer that you’ll deploy to
Desktops. Microsoft .NET Framework 4 must be installed before you install XenDesktop 7.
To install the XenDesktop Agent as a desktop OS, you need to run it from the command line.
1. If .NET Framework 4 is not yet installed, install it on a Layer or Layer Version. (.NET Framework 4 is required by Citrix
XenDesktop 7.6.)
2. Run the Citrix XenDesktop 7.6 command line installer.
XenDesktopVdaSetup.exe /quiet /servervdi /controllers
where
/quiet - Set the installation process to run without the user interface appearing during the installation. If you want to
check the process status, check the Windows Task Manager.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.64https://docs.citrix.com
/serverdi - Install a VDA for Windows Desktop OS on the Windows Server.
/controllers - Specify the fully qualified domain name (FQDN) of your XenDesktop 7.6 server. You must use the FQDN
rather than the IP address. For example: server.domain.com.
3. When the installation completes, select Rest art machineRest art machine and click F inishFinish.
4. Now either finalize the layer (if you were building an OS version) or shutdown the gold and use it to create an OS layer.
Deploy Unidesk Desktops in XenDesktop Groups andCatalogs
About Deploying Unidesk Collections and Desktops
Unidesk creates Persistent Collections in a XenDesktop Dedicated Catalog, and Non-persistent Collections in a Pooled-Random Catalog.
For each Collection you create, Unidesk creates a corresponding XenDesktop Delivery Group. The Desktops you create in a
Collection go into the corresponding XenDesktop Group.
Deploy Desktops in a XenDesktop Group
To deploy Desktops in a XenDesktop Group:
1. Log into the Unidesk Management Console.
2. Select Deskt ops > Creat e Deskt opDeskt ops > Creat e Deskt op.
3. Follow the steps to Create a Desktop, and when you get to the User Assignment tab of the Create Desktop wizard,
select the connection broker and the users or groups to assign to the Desktop.
1. For the broker integration, select XenDesktop Group.
2. Then select the actual XenDesktop group.
3. Select a user assignment option:
Select Assigned to user and select an Active Directory user.
Select Assigned to group and select an Active Directory group. You must specify the number of Desktops that are
available to the group when you select this option.
Select Assigned by broker to allow the XenDesktop Controller to assign users to the Desktops. You must specify
the number of Desktops to create when you select this option.
4. In the Desktop Details tab, follow the usual Desktop creation instructions and select the Desktop Type.
5. Finish creating the Desktop(s).
Make sure the Windows Firewall is configured to allow the Desktops to communicate with the XenDesktop Controller. You
can use a GPO for this purpose after adding the Desktops to a domain. For additional details about firewall configuration,
see the Citrix XenDesktop documentation.
Activate Citrix XenDesktop on the Desktops
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.65https://docs.citrix.com
Activating Citrix XenDesktops on your Unidesk Desktops allows users to connect to their Desktops using RDP.
Configure the Web Storefront(s) to use HTTPS
1. Log onto the Citrix Receiver. Citrix Receiver lets you see the collections in the Web Storefront.
2. Configure the Web Storefront(s) to use HTTPS.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.66https://docs.citrix.com
Create Desktop Collections
Jun 28 , 2017
Unidesk Collections are groupings of Desktops that you can manage easily. Desktop Collections have settings associated
with them that all of the Desktops in the collection inherit, for example, the operating system and connection broker, if
applicable.
About Desktop Collections
You must create one or more Desktop Collections before you create your first Desktop, and when creating each Collection
you are required to specify which Users and Groups are entitled to be assigned to Desktops in the Collection.
All Desktops are created in a Collection, and you can only assign them to Users and Groups specified in the Collection's
Entitlements.
Typically, a Collection of Desktops is associated with a connection broker, and the Desktops in that Collection are deployed
as a group to that broker. You can specify no broker in your Collection, and the Desktops in that Collection will be created
without a broker integration.
There are several settings you must specify when creating a Desktop Collection:
Ent it lement sEnt it lement s - select the Users and GroupsUsers and Groups that are entitled to have Desktops in this Collection
T ype of Deskt opsT ype of Deskt ops - that this Collection contains, either Persistent (private/personal) or Non-
persistent (shared/pooled). A Persistent Desktop retains all user customizations, including settings and data f iles, while a
Non-persistent Desktop returns to its original state when the users logs off .
Operat ing Syst em LayerOperat ing Syst em Layer - that is assigned to the Desktops.
Create a Unidesk Desktop Collection
1. In the Unidesk Management Console, select Deskt ops > Collect ionsDeskt ops > Collect ions, based on which Desktops you'll be putting in the
Collection.
2. Click Creat e Collect ionCreat e Collect ion.
3. Type a name for the Collection and select an icon (or create a custom icon) for the Collection.
4. (Desktop collection only) On the Broker and Ent it lement sBroker and Ent it lement s tab, choose a connection broker for this Collection, or
select No BrokerNo Broker. Then select the Groups and UsersGroups and Users entitled to access this collection.
5. (Desktop collection only) On the Collect ion Det ailsCollect ion Det ails tab, choose the Collect ion T ypeCollect ion T ype , either Persist entPersist ent or Non-Non-
Persist enPersist ent.
6. OS AssignmentOS Assignment tab: Select the Operat ing Syst em LayerOperat ing Syst em Layer and version. If there is more than one version of this LayerLayer,
the latest version is selected by default. If you want a different version, expand the LayerLayer and change your selection.
7. On the Conf irm and Complet eConf irm and Complet e tab, type a comment about this Collection, if needed, and click Creat e Collect ionCreat e Collect ion.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.67https://docs.citrix.com
Collections for Session Hosts
Jun 28 , 2017
Unidesk Session Host Collections are containers for organizing Session Hosts. You'll need to create a Collection before you
can create your first Session Host. A Collection is where you specify the Operating System Layer to use for your Session
Hosts. You can add your Session Hosts to either RDCB or Citrix XenApp, as described below. Before you add Session Hosts
to the broker, you'll need to create all of the Unidesk Session Host Collections, and create a Session Host in each
Collection.
Create Unidesk Collections for Session Hosts
The Session Host module has a Collection tab where you can create the Session Host Collection. For details, see the
following topic:
Create Unidesk Session Host Collections
Create a Session Host in each Collection
If you plan to add your Session Hosts to a connection broker, be sure to create a Session Host in each Collection.
Add your Session Hosts to a connection broker
Once you've created all of your Unidesk Collections, each containing at least one Session Host, you can add your Session
Hosts to a connection broker, either the Microsoft RD Connection Broker (RDCB) or Citrix XenApp. This makes it easier to
manage your Session Hosts.
Add Session Hosts to Microsoft RD Connection Broker
Add Session Hosts to Citrix XenApp
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.68https://docs.citrix.com
Create Collections for Session Hosts
Jun 28 , 2017
Unidesk Session Host Collections are containers for organizing Session Hosts. You'll need to create a Collection before you
can create your first Session Host. A Collection is where you specify the Operating System Layer to use for your Session
Hosts. You can add your Session Hosts to either RDCB or Citrix XenApp, as described below. Before you add Session Hosts
to the broker, you'll need to create all of the Unidesk Session Host Collections, and create a Session Host in each
Collection.
The Session Host module has a Collection tab where you can create the Session Host Collection. For details, see the
following topic:
Create Unidesk Session Host Collections (add link)
If you plan to add your Session Hosts to a connection broker, be sure to create a Session Host in each Collection.
Once you've created all of your Unidesk Collections, each containing at least one Session Host, you can add your Session
Hosts to a connection broker, either the Microsoft RD Connection Broker (RDCB) or Citrix XenApp. This makes it easier to
manage your Session Hosts.
Add Session Hosts to Microsoft RD Connection Broker (add link)
Add Session Hosts to Citrix XenApp (add link)
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.69https://docs.citrix.com
Create Session Hosts
Jun 28 , 2017
A Unidesk Session Host is a virtual machine made up of an Operating System Layer, Application Layers, and a machine
Personalization Layer. You create and select the Operating System and Application Layers, and the Unidesk software
creates the Personalization Layer, where changes made to the Session Host are saved.
When you are ready to create Session Hosts, you can create one or multiple Session Hosts at a time. You can name Session
Hosts individually, or generate the names based on built-in naming conventions that you can edit or augment. A single Azure
subscription is limited to 48 Session Hosts.
Before You Start
As soon as you create your Operating System Layer, ensure this Layer and your Domain Join script are in good working order.
Do this by creating a bare-bones test Session Host, as described in the next section.
Before you can create a Session Host you need a Unidesk Collection [add link], which in turn requires an Operating System
Layer [add link].
Certain Session Host attributes are determined by the Collection in which you create them, and once created, you can
never change these attributes for the Session Host. Currently, this includes the Operating System Layer. You can change
the version of the Operating System Layer assigned to a Session Host, but not the Layer itself.
As stated above, the Collection where you create a Session Host determines its key attributes. If you decide to move a
Session Host to a different Collection, the new Collection must have the same Operating System Layer.
Create a Test Session Host (Recommended)
Before using your new Operating System Layer to create your Session Hosts and Application Layers for production, we
recommend creating a quick, test Session Host to verify that your Operating System Layer and domain join script are in
good working order.
Since you won't deploy this Session Host to production, you just need to select the required settings and accept the
default values for everything else.
1. On the Unidesk menu bar, select Session Host sSession Host s , and then click Creat e Session HostCreat e Session Host . The Creat e Session HostCreat e Session Host
wizard opens.
2. On the Collect ion AssignmentCollect ion Assignment tab, select a Collect ionCollect ion where you want to group the Session Host and choose to
create one Session Host.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.70https://docs.citrix.com
3. Take the default settings for everything else, and on the Conf irm and Complet eConf irm and Complet e tab, confirm that the settings are
correct (see the Visualizat ionVisualizat ion panel to the right), and click Creat e Session Host sCreat e Session Host s to start creating the Session HostSession Host .
A Session Host icon appears with the status displayed in the lower right corner of the icon. The Session Host status cycles
through Stopped, Powering on, Starting, and Running. For more status information, click the Expander tab in the bottom
center of the console to open the Tasks panel. For example, if the Session Host is not successfully added to the
connection broker, a status message appears in the Session Host Details.
1. View the IP address assigned to the Session Host, by hovering over the Session Host icon and clicking the information
icon.
2. Log into the Session Host and verify that it successfully joined the domain.
If your Session Hosts do not successfully join the domain, follow the steps below to identify the issue. Fixing the problem
usually requires an update to the unattend file, and usually you need to create a new version of your Operating System
layer and use the Unidesk unattend builder to correct any issues in the unattend.xml file. The Unidesk unattend builder is
available for download in the Unidesk Download Center. [update link]
About Domain JoinAbout Domain Join
When a Session Host is created in Unidesk it runs through the Microsoft Windows mini-setup process, which uses a file
called unattend.xml to configure a variety of Session Host settings. We recommend that you use the Unidesk Unattend
builder tool to create your unattend file. With the Unattend builder you can specify all of the settings required to join the
Session Host to the domain during creation.
If your Session Host is not joining the domain correctly, here are some common issues and how to solve them.
Keep in mind that while you will look at logs on the Session Host Unattend to identify your problem, you will update the
unattend file in your OS layer or in an application layer to correct it so that newly created Session Hosts will successfully
join your domain.
F irst T hings t o CheckFirst T hings t o Check
The following log file details the progress of the mini-setup process, including a summary line for each domain attempt.
Check this log file for errors:
C:\Windows\Panther\UnattendGC\setupact.log
NoteBe sure you are not looking at the setupact log in C:Windows\Panther. You want the log file that's
in C:Windows\Panther\UnattendGC.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.71https://docs.citrix.com
Search for DJoin.exe to see a log of the domain join operations:
DsGetDCName failed: 0x54b … check your fully qualified domain name
NetJoinDomain attempt failed: 0x89a … check your domain join credentials
NetJoinDomain attempt failed 0x2: check your OU specification
Still stumped? For other log files to check, go to the section on Advanced debugging later in this article.
Check your unat t end file f or common problems and fix any issuesCheck your unat t end file f or common problems and fix any issues
Let’s assume that you have this configuration:
Fully qualif ied domain name: vdidomain.acme.com or vdidomain.local
Short domain name: vdi
OU: acmegrp1
Domain account: Administrator
Open the unattend file on the Session Host and check for some common problems. The unattend file is located in
c:\windows\panther.
Search for the <JoinDomain> tag and check the fully qualified domain name. It should look like one of these examples:
<JoinDomain>vdidomain.local</JoinDomain>
<JoinDomain>vdidomain.acme.com</JoinDomain>
Check the domain specif ication by searching for the Domain tag: <Domain>. The Domain tag must be the short
domain name, not the fully qualif ied domain name.It should look like this:
1.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.72https://docs.citrix.com
Correct: <Domain>vdi<Domain>
Incorrect: <Domain>vdidomain.acme.com<Domain>
Check the Username specif ication. It should look like this:
Correct: <Username>Administrator</Username>
Incorrect:<Username>vdi\Administrator<\Username>
Check the processor architecture
In the component tag, make sure processorArchitecture is correct for your platform, either amd64 or x86.
Fix any issues you find in the unattend.xml, either by editing the file manually, or by re-running the Unattend builder. This
involves creating a new version of your OS layer to update the unattend file:
1. In the Unidesk Management Console, click Operat ing Syst em Layer > Add VersionOperat ing Syst em Layer > Add Version. Allow the Operating System
Layer to boot up in the Install Machine and log in.
2. Once logged in, either edit the unattend.xml f ile, or run the Unattend builder again:
Run Notepad as an Administrator, edit the f ile at C:\Windows\Panther\unattend.xml, and then save the f ile.
3. Finalize the layer.
Deploy a new Session Host with your latest OS version and check for successful domain join.
Check t he Net set up log file f or errorsCheck t he Net set up log file f or errors
One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Look for the section with
today's date to watch the process from the beginning, or go to the bottom of the file to see the last attempt and why it
failed. If an attempt fails, Windows makes another attempt every five seconds, up to 80 times, As a result, your log may
contains many duplicate failure messages.
A successful domain join displays the following message:
2.
3.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.73https://docs.citrix.com
05/01/2012 09:28:01:740 NetpDoDomainJoin: status: 0x0
This line appears at the bottom of the last attempt, and denotes that the domain join process succeeded. Any return
status other than 0x0 denotes a failure. You may also see the following lines above it, which also shows success:
05/01/2012 09:28:01:740 NetpCompleteOfflineDomainJoin: status: 0x0
05/01/2012 9:28:01:740 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
Failure, again, is a non-zero return code:
01/20/2012 10:53:01:232 NetpDoDomainJoin: status: 0x2
One of the most common failures is an error attempting to connect to the IPC$ share on the domain controller. It will look
like this:
05/02/2012 23:14:21:057 NetUseAdd to \\DC1.company.local\IPC$ returned XXXX
Get the returned message (XXXX)and run net helpmsg XXXX from a command prompt to see the specific error. The
following are common domain join errors and solutions to those errors.
Failure 1231
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.74https://docs.citrix.com
07/12/2012 14:38:52:122 NetUseAdd to \\DC1.company.local\IPC$ returned 1231
07/12/2012 14:38:52:122 NetpJoinDomain: status of connecting to dc '\\TDC1.company.local': 0x4cf
07/12/2012 14:38:52:122 NetpJoinDomainOnDs: Function exits with status of: 0x4cf
07/12/2012 14:38:52:122 NetpDoDomainJoin: status: 0x4cf
Pre-1.5 versions of Unidesk had a timing issue that could cause domain joins on Windows 7 x64 to fail randomly. Upgrade to
the latest version of Unidesk if you are using a version earlier than version 1.5.
This error may aslo be the result of mixing layers that were built from different OS layers. Resolve it by deploying with just
the Operating System Layer. Once you can identify which Application Layer is breaking the domain join process, recreate
that layer with the current version of the current OS layer.
If you cannot find conflicting layers, use the PowerShell script for joining the domain:
http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations [add link]
Failure 1326Failure 1326
05/02/2012 23:07:31:696 NetUseAdd to \\DC1.company.local\IPC$ returned 1326
05/02/2012 23:07:31:696 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x52e
05/02/2012 23:07:31:696 NetpJoinDomainOnDs: Function exits with status of: 0x52e
05/02/2012 23:07:31:696 NetpDoDomainJoin: status: 0x52e
Failure 1326 is a straightforward password error, "Logon failure: unknown user name or bad password." Double-check the
username and password in your unattend.xml file.
Failure 1909Failure 1909
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.75https://docs.citrix.com
05/02/2012 23:14:21:057 NetUseAdd to \\DC1.company.local\IPC$ returned 1909
05/02/2012 23:14:21:057 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x775
05/02/2012 23:14:21:057 NetpJoinDomainOnDs: Function exits with status of: 0x775
05/02/2012 23:14:21:057 NetpDoDomainJoin: status: 0x775
A 1909 error means "The referenced account is currently locked out and may not be logged on to." Go to your Active
Directory and unlock the account. You should also determine how the account got locked. Often the account becomes
locked because the unattend.xml has an incorrect password. Attempting to join a domain retries dozens of times. If the
password is incorrect, you might get three password failures and dozens of "account locked" failures.
Bad OU specifiedBad OU specified
01/20/2012 10:53:01:232 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x2
01/20/2012 10:53:01:232 NetpProvisionComputerAccount: LDAP creation failed: 0x2
01/20/2012 10:53:01:232 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported
01/20/2012 10:53:01:232 ldap_unbind status: 0x0
01/20/2012 10:53:01:232 NetpJoinDomainOnDs: Function exits with status of: 0x2
01/20/2012 10:53:01:232 NetpJoinDomainOnDs: status of disconnecting from '\\DC1.company.local': 0x0
01/20/2012 10:53:01:232 NetpDoDomainJoin: status: 0x2
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.76https://docs.citrix.com
The message "Cannot retry downlevel, specifying OU is not supported" means that the specified OU is invalid. This error
could indicate that the OU does not exist within the AD, or that you are attempting to specify the default Computers
container. Windows requires that the default OU be left unspecified, so if you want to put new Session Hosts into the
default Computers OU, you must delete the <MachineObjectOU> line entirely. Look further up the log file for what the
specified OU is:
01/20/2012 10:53:01:123 lpMachineAccountOU: OU=Computers,OU=VDI,DC=company,DC=local
Verify the existence of the specified OU and confirm that it is not the top-level Computers container.
Bad domain specifiedBad domain specified
If the domain name itself is invalid, a domain join makes no entries to NetSetup.log and does not create a log file. In this
situation, look in C:\Windows\Panther\UnattendGC\setupact.log for lines like this:
2012-07-13 16:11:15, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5 seconds...
The error text for 0x54b (1355) is "The specified domain either does not exist or could not be contacted." You can look
further up in the setupact.log to see exactly what domain you were trying to join. Note that this is an error with the
"JoinDomain" tag, not the credentials.
Insuf ficient user right sInsuf ficient user right s
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.77https://docs.citrix.com
07/17/2012 13:26:47:524 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005: SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
07/17/2012 13:26:47:524 NetpModifyComputerObjectInDs: ldap_add_s failed: 0x32 0x5
07/17/2012 13:26:47:524 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
07/17/2012 13:26:47:524 NetpProvisionComputerAccount: LDAP creation failed: 0x5
...
07/17/2012 13:26:47:539 NetpDoDomainJoin: status: 0x5
The user account you specify must have rights to add machine accounts to the domain in the specified OU. This error
appears when you have a valid account with insufficient privileges. Either try a different account or adjust the account
privileges in the domain.
Use anot her approach t o domain join: Add a script t o t he deployment processUse anot her approach t o domain join: Add a script t o t he deployment process
If you are unable to make your domain join work automatically via the unattend file, you can try adding a PowerShell script
to the deployment process to do the domain join. For more information, see this article:
http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations [ADD LINK]
More about how domain join worksMore about how domain join works
The relevant section of the unattend.xml belongs in the 'pass="specialize"' settings block:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.78https://docs.citrix.com
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>company</Domain
<Password>thePassword</Password>
<Username>administrator</Username>
</Credentials>
<JoinDomain>company.local</JoinDomain>
<MachineObjectOU>OU=VDI,OU=lab,DC=company,DC=local</MachineObjectOU>
<DebugJoin>true</DebugJoin>
</Identification>
</component>
There are four elements of block that need to be correct:
1. In the "component" tag, make sure "processorArchitecture" is correct for your platform - either "amd64" or "x86".
2. In the "Identif ication" block, the "Credentials" block must be correct. The "Domain" tag must be the short domain name,
not the FQDN. The "Domain" and "Username" tags are joined to create the account that the Session Host will login to
the domain as in order to create the Machine Account. The account must exist and be a domain administrator or a
service account with suff icient privileges to create Machine Account objects. In this example, "company\administrator"
logs in with password "thePassword". Note that the password is stored in the gold as plain text, but is replaced with the
string "*SENSITIVE*DATA*DELETED*" during deployment to preserve security.
3. The "JoinDomain" tag must contain the full domain as a FQDN. The Session Host logs in to and joins this domain using
the credentials described above earlier.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.79https://docs.citrix.com
4. The "MachineObjectOU" tag must refer to an existing OU. It must not refer to the default Computers container. If you
want your Session Hosts to appear in the default Computers container for your domain, you must delete the entire
MachineObjectOU line. The reason is that the MachineObjectOU field must refer to an OU, but Computers is actually a
CN. You cannot specify a CN there, and if you reference Computers as an OU, it's an error. So to get the default, which
you can't specify, you must not have the line at all. (When using the Unattend Builder from Unidesk, specify the
Computers container by putting nothing in the "OU to Place Session Hosts" f ield.)
Note that if the machine already has a Machine Account in your domain (for instance because you are reusing names from
Session Hosts that have been created and deleted before), the domain reuses the existing Machine Account in whatever
location it is already in, ignoring the one specified in unattend.xml.
One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Review this file after
deployment to determine why the attempt to join the domain failed. Look for the section with today's date to watch the
process from the beginning, or go to the bottom of the file to see the last attempt and why it failed. If an attempt fails,
Windows makes another attempt every five seconds, up to 80 times, As a result, your log may contains many duplicate
failure messages.
A second log, C:\Windows\Panther\UnattendGC\setupact.log, details the progress of mini-setup, including a summary line
for each domain attempt. At least one type of failure (bad domain specified) results in no NetSetup.log being created, so
you would have to see the failure information in setupact.log. If you find no current information in NetSetup.log, or no log
at all, check setupact.log.
Create one or more Session Hosts
In the Unidesk Management Console, select Session Hosts > Create Session Host. This opens the Create Session Host
wizard where you can configure the Session Host(s).
Collect ion AssignmentCollect ion Assignment
Select a Unidesk Collection
Session Host Det ailsSession Host Det ails
Session Host Names - You can use our built-in naming convention to auto-generate Session Host names. Or, you can define
your own custom naming convention using a set of expressions, and change the built-in naming convention.
Generate Name Automatically - This option automatically generates the Session Host names based on a naming
convention. You can select a built-in naming convention or create your own custom naming convention. You must use
automatic name generation if you are creating more than one Session Host. If you don't want the default naming
convention (Collection name and increment), you can make your own naming convention by selecting Custom and
entering an expression.
Enter Session Host Name - If you are creating a single Session Host, deselectGenerate Name Automatically and type in
a Session Host name.
Session Host Naming Requirement sSession Host Naming Requirement s
Session Host names must meet these basic naming requirements, or the Session Host does not start.
Names can include one to 15 of these characters:
Letters a through z, and A through Z
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.80https://docs.citrix.com
Numbers 0 through 9
Hyphen (-) and Underscore (_)
Names cannot include Spaces, the characters / \ * , . " @, or a sequence of two hyphens (--) or underscores (__)
Names cannot start with a number, hyphen (-), or underscore (_)
Names cannot end with a hyphen (-) or an underscore (_)
Applicat ion AssignmentApplicat ion Assignment
Application Layer(s) to add to the Session Host. Expand a Layer to select the version. You can assign up to 13 Application
Layers to each Session Host.
This is where you configure hardware and memory settings for the virtual machine.
CPUs - Number of virtual CPUs to allocate to the Session Host. You can specify any number between 1 and 64. The
default number of CPUs is derived from the greater of the following two values: the number of CPUs on the gold image
or the minimum number of CPUs Unidesk recommends, which is 4. Your infrastructure must be able to support the
number of CPUs you choose.
Starting Memory - Amount of memory (in megabytes) to allocate to the Session Host at startup.
Dynamic Memory - Marking this check box specif ies the use of dynamic memory for the Session Host, while clearing this
check box specif ies that the Session Host's memory use is static. Using dynamic memory enables the Session Host to
contribute or receive memory as a shared resource. When working with multiple Session Hosts, dynamic memory utilizes
the overall available physical memory in a more eff icient way than static memory does.
Not es:Not es:
If you select the Dynamic Memory option, the Starting Memory number must be greater than or equal to the Minimum
RAM number and less than or equal to the Maximum RAM number.
If you upgrade a Session Host that is using dynamic memory, the Dynamic Memory option is no longer enabled following
the upgrade procedure.
A CachePoint that has not been upgraded disregards any dynamic memory settings. Once the CachePoint is upgraded,
the next edit to it invokes the dynamic memory settings.
Minimum RAM - The minimum amount of memory (in megabytes) to allocate to the Session Host after startup. This
number cannot be less than 32 and must be divisible by 2. This option becomes active when the Dynamic Memory option
is selected. The default minimum value for this setting is 8192 MB (8 GB).
Maximum RAM - The maximum amount of memory (in megabytes) to allocate to the Session Host after startup. This
number cannot be greater than 1048576 and must be divisible by 2. This option becomes active when the Dynamic
Memory option is selected. The default value for this option is the greater of the following two values: the Maximum
RAM from the Gold Image, or 16384 MB (16 GB), the minimum recommended by Unidesk.
Buffer Percentage - Specif ies how much memory to add to the Session Host as a buffer. This number is a percentage of
the amount of memory the Session Host actually requires to run applications and services. This percentage cannot be
less than 5 or greater than 2000. This option becomes active when the Dynamic Memory option is selected.
User Data Storage - Space in GB to allow for the machine's personalization settings and data f iles.
Page File Size - Percentage of memory to use for the page f ile size.
NoteThe Page File size is a percentage of the Starting Memory value. On Session Hosts that have Dynamic Memory enabled, and a
Maximum RAM value set greater then the Starting RAM value, Full Core Dumps may not be created successfully, as the Page file
might not be large enough.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.81https://docs.citrix.com
Core Dump Type - The type of core dump file you want the system to create when system problems occur. You can
specify None, Mini (to create a small, or mini-dump file), Kernel (to create a kernel memory dump file), or Full (to create a
full crash dump file). If you select Full, the size for the page f ile must be a minimum of 100%.
Maint enance ScheduleMaint enance Schedule
A maintenance window is a time for Session Host maintenance tasks that require users to be logged off, for example,
adding a new version of a Layer. Unidesk keeps track of the number of users logged into each session host, so that
maintenance can be performed when all users are logged off.
ImportantWhen using XenApp, Session Hosts must be put in Maintenance Mode by using the Desktop Studio Console.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.82https://docs.citrix.com
Add Session Hosts to Microsoft Remote DesktopConnection Broker
Jun 28 , 2017
To simplify Session Host management, you can connect Unidesk with Microsoft RD Connection Broker (RDCB).
Create the Unidesk Operating System Layer
Prepare t he Windows Server 2012 R2 Gold ImagePrepare t he Windows Server 2012 R2 Gold Image
When you prepare the gold image, it 's important to follow the detailed steps for a Windows Server Session Host. This
includes special steps for servers, including:
Running all Microsoft redistributable items
Enabling the RDSH Role on the server
Use the steps to Prepare the gold image [ADD LINK] for your Unidesk Session Hosts.
Import t he gold image int o a new Operat ing Syst em LayerImport t he gold image int o a new Operat ing Syst em Layer
When the gold image is ready, you can import it into a new Operating System Layer, as described here:
Create the Operating System Layer [UPDATE LINK]
Create your Unidesk Collections and Session Hosts
To connect to RD Connection Broker, every Unidesk Session Host must be manually connected to an RDS Collection.
Therefore, you must create the Session Hosts, which in turn require Unidesk Collections. In case this isn't done yet, you can
use the following links:
Create Session Host Collections [ADD LINK]
Create a Session Host [ADD LINK]
Add the Unidesk Session Hosts to RDS Collections
Add Session Host s t o RDSAdd Session Host s t o RDS
1. From Server manager, start at All ServersAll Servers .
2. Right-click and select Add ServersAdd Servers .
3. Type the f irst letter or two of the server name and select the correct server.
When the servers are added, you can add them as RD Session Hosts to new RDS Collections.
Creat e RDS Collect ions t hat correspond t o Unidesk Collect ionsCreat e RDS Collect ions t hat correspond t o Unidesk Collect ions
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.83https://docs.citrix.com
At least one Session Host must have been added for each RD Collection you want to create. See the above step for
details about adding Unidesk Session Hosts to RDS.
1. In Remot e Deskt op ServicesRemot e Deskt op Services , select RD Session Host ServicesRD Session Host Services .
2. In the list of Server PoolsServer Pools , select a server, move it to the Select edSelect ed list, and click OKOK .
This server will now be a managed RD Session host that can be added to existing collections or used to create new
collections.
If the active management broker server fails
What happens when t he act ive management broker server f ailsWhat happens when t he act ive management broker server f ails
If the active management server fails, users can still connect to Desktops via RDWeb, and Unidesk's scheduled maintenance
of those Desktops continues. However, you cannot create new Desktops or edit Collection entitlements until the broker
settings in the Unidesk Management Console are updated with the new active management server.
To update the RD connection broker settings, you can wait for RDS to detect that the server has gone down and change
the active management server, which may take several minutes. Or, you can manually change the active management
servers.
Updat e RD connect ion broker set t ingsUpdat e RD connect ion broker set t ings
When there is a new active management server, connect to the Unidesk Management Appliance and update the server
information.
1. Log on to the Unidesk Management Console (UMC).
2. Click the Syst emSyst em tab and then the Set t ing and Conf igurat ionSet t ing and Conf igurat ion tab.
3. Click EditEdit next to the Broker Set t ingsBroker Set t ings section.
4. Select the broker server from the list and then click the Modif yModif y button.
5. Update the Broker Address to the FQDN of the new active management server and click ApplyApply .
6. Click SaveSave to commit the change.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.84https://docs.citrix.com
Add Session Hosts to Citrix XenApp
Jun 28 , 2017
You can manually connect to Citrix XenApp, so that you can align your Session Host Collections with XenApp. Unlike
integrating with Desktop Brokers, currently you can simply connect, not fully integrate with a broker.
Requirements to integrate Unidesk with XenApp
What you need to connect to Citrix XenApp.
T oT o You needYou need
Get started A supported version [ADD LINK] of the Citrix XenApp software.
Create a XenApp Group
XenDesktop Catalog(s) with a machine type of Existing.
At least one valid Directory Junction.
An Operating System Layer for the Session Hosts.
Create the Unidesk Operating System Layer
Prepare t he Windows Server 2012 Gold ImagePrepare t he Windows Server 2012 Gold Image
When you prepare the gold image, it 's important to follow the detailed steps for a Windows Server Session Host. This
includes special steps for servers, including:
Running all Microsoft redistributable items
Enabling the RDSH Role on the server
Use the steps to Prepare the gold image [ADD LINK] for your Unidesk Session Hosts.
Import t he gold image int o a new Operat ing Syst em LayerImport t he gold image int o a new Operat ing Syst em Layer
When the gold image is ready, you can import it into a new Operating System Layer, as described here:
Create the Operating System Layer [ADD LINK]
Install the XenApp agent on a Unidesk Layer
Layer requirement s f or XenAppLayer requirement s f or XenApp
The XenApp VDA can be installed into a new version of the Unidesk Operating System Layer, or if you do not need
Microsoft App-V integration, in an Application Layer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.85https://docs.citrix.com
ImportantThe installation process will attempt to create a user account. This account is used to deliver App-V packages. If this App-V
functionality is not required, then the XenApp VDA can be installed in an Application Layer. If the App-V functionality is required, than
the VDA must be installed into a new version of the Operating System Layer.
Inst all and configure t he XenApp client on t he Inst allat ion MachineInst all and configure t he XenApp client on t he Inst allat ion Machine
Follow these steps to install and configure the XenApp client.
1. Attach the XenApp .iso and auto-run it. The installer opens.
2. Click the XenApp St artXenApp St art button.
3. On the next screen, click Prepare Machines and ImagesPrepare Machines and Images.
4. For the EnvironmentEnvironment , select Enable connect ions t o a server machine Enable connect ions t o a server machine .
5. For the Core Component sCore Component s , select Cit rix ReceiverCit rix Receiver.
6. For the Delivery Cont rollerDelivery Cont roller, select Do it manuallyDo it manually , then in the Cont rollerCont roller address f ield, add the FQDN (not the IP
address) of the Delivery Controller. Test the connection and when successful, add the connection and continue.
7. For Feat uresFeat ures, you can leave all items selected.
8. The Firewall is configured automatically.
9. Review the SummarySummary , and f ix any issues with your selections.
10. On the Inst allInst all tab, click Inst allInst all.
11. If you are prompted to restart the machine, allow the restart and then sign back in as administrator once the machine is
back up. The installation continues.
12. When the post installation task (Component Initialization) is complete, allow the machine to restart again.
Expedit e Microsof t NGen operat ionsExpedit e Microsof t NGen operat ions
After certain applications are installed, the operating system will have outstanding Microsoft NGEN operations for its .NET
components. You can take steps to expedite the completion of the queued NGEN items, as described in this section.
Layer int egrit y checkLayer int egrit y check
When finalizing a Layer, Unidesk checks to see if the Layer is ready. If any tasks remain to be completed, for example
Microsoft NGen or other Windows operations, it waits until all Windows operations that are in progress on the Installation
Machine have completed before finalizing the Layer. Otherwise, the new Layer or Layer version that uses this Installation
Machine would have issues. A Layer integrity message, lets you know what you can do to expedite the completion of
queued tasks that must be completed before a Layer is finalized.
Layer Integrity Message: The new version [version-name] of Layer [layer name] on Installation Machine (IM) [im-name] can
only be finalized when the following conditions are addressed:
A restart is pending to update drivers on the boot disk - please check and restart the IM.
A post-installation restart is pending - please check and restart the IM.
A Microsoft NGen operation is in progress in the background - (Click here for help with this condition).
An MSI install operation is in progress - please check the IM.
See if you can expedit e Microsof t NGen operat ionsSee if you can expedit e Microsof t NGen operat ions
About Microsof t NGen operat ionsAbout Microsof t NGen operat ions
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.86https://docs.citrix.com
NGen is the Microsoft "Native Image Generator". It is part of the .NET system, and basically re-compiles .NET byte code
into native images and constructs the registry entries to manage them. Windows will decide when to run NGen, based on
what is being installed and what Windows detects in the configuration. When NGen is running, you must let it complete. An
interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.
You have the choice of waiting for the NGen to complete in the background or you can force the NGen to the foreground.
Forcing the NGen to the foreground will allow you to view the progress and once the output has completed you should be
able to finalize the layer.
Force an NGen operat ion t o t he f oregroundForce an NGen operat ion t o t he f oreground
Normally, NGen is a background operation and will pause if there is foreground activity. Bringing the task into the
foreground can help the task to complete as quickly as possible.
Open a command prompt as Administrator.
Go to the Microsoft .NET Framework directory for the version currently in use:
cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
Enter the NGen command to execute the queued items:
ngen update /force
This brings the NGen task to the foreground in the command prompt, and lists the assemblies being compiled.
NoteIt’s okay if you see several compilation failed messages.
Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or
run the command ngen update /force again. Do not restart to stop the task. You must allow it to complete.
Check t he st at us of an NGen operat ionCheck t he st at us of an NGen operat ion
If you would prefer to wait for the NGen to complete you can check the status as described here. However, every time you
check the queue status, you are creating foreground activity, which might cause the background processing to temporarily
1.
2.
3.
4.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.87https://docs.citrix.com
pause.
Open a command prompt as Administrator.
Check status by running this command:
ngen queue status
When you receive the following status, the NGen is complete, and you can finalize the Layer.
The .NET Runtime Optimization Service is stopped.
Create your Unidesk Collections and Session Hosts
To connect to XenApp, every Unidesk Session Host must be manually connected to a XenApp Delivery Group. Therefore,
you must create the Session Hosts, which in turn require Unidesk Collections. In case this isn't done yet, you can use the
following links:
Create Session Host Collections [ADD LINK]
Create a Session Host [ADD LINK]
Add the Unidesk Session Hosts to XenApp DeliveryGroups
When your Session Hosts are available in Unidesk, you can add them to Citrix Machine Catalogs and Delivery Groups.
Creat e XenApp Delivery Groups t hat correspond t o your Unidesk Collect ionsCreat e XenApp Delivery Groups t hat correspond t o your Unidesk Collect ions
Use Citrix Studio to create the Delivery Groups for your Unidesk Session Hosts. Citrix recommends using the same names for
your Delivery Groups as you did for the Unidesk Collections.
Configure t he Machine Cat alogs and Delivery GroupsConfigure t he Machine Cat alogs and Delivery Groups
To add Unidesk managed Session Hosts to the XenApp environment, follow the usual steps for adding a physical machine
to a XenApp Machine Catalog.
1.
2.
3.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.88https://docs.citrix.com
1. In Citrix Studio, select Machine Cat alog Set upMachine Cat alog Set up.
2. On the Operat ing Syst emOperat ing Syst em tab, select Windows Server OSWindows Server OS and then select NextNext .
3. On the Machine ManagementMachine Management tab, select Anot her service or T echnologyAnot her service or T echnology .
4. On the MachinesMachines tab, select Add Comput ersAdd Comput ers and search for the name of the XenApp server you just deployed.
Configure t he Delivery GroupsConfigure t he Delivery Groups
Delivery groups are collections of machines. These groups define who is authorized to use the Applications hosted on those
machines. Create a new Delivery Group and add the previously created Session Host to this group.
1. In Citrix Studio, select Creat e Delivery GroupCreat e Delivery Group.
2. On the MachinesMachines tab, select the Cat alogCat alog you just created, and click NextNext .
3. On the Delivery T ypeDelivery T ype tab, select Applicat ionsApplicat ions and click NextNext .
4. On the UsersUsers tab, add users you want to entitle in this delivery group.
5. On the Applicat ionsApplicat ions tab, publish an application. This can be done by typing the path to the executable or by browsing
applications. It can take some time before the list is generated, as it requires communication with the XenApp Virtual
Delivery Agent.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.89https://docs.citrix.com
Desktops and Session Hosts
Jun 28 , 2017
A Unidesk Machine (Desktop or Session Host) is a virtual machine composed of an Operating System layer and Application
Layers. A Unidesk Machine also includes a Personalization Layer. You create and select the OS Layer and Application Layers
and for Unidesk Machines, Unidesk creates the Personalization Layer.
In a Persistent Desktop or Session Host, the Personalization Layer stores all changes made to the Machine, including files
and installed applications. In a Non-persistent Desktop the Personalization Layer is cleared on each Desktop restart or log
off, unless you are using RDS in which case it is cleared only on a log off. Unidesk Machines can be deployed to a
connection broker such as Microsoft’s RDCB or can simply be deployed to the virtual infrastructure and accessed via a
connection client like RDP.
Once you have Collections, Citrix recommends connecting to your directory service so you can easily create Desktops and
assign roles to Directory Service users.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.90https://docs.citrix.com
Connect to a directory service
Jun 28 , 2017
Once you configure Unidesk to connect to your directory service, for example Active Directory, Unidesk associates the
Unidesk Machines (Desktops or Session Hosts) you create with users and groups in your directory service (supported
directory services).
When you connect to your directory service, you will create one or more Directory Junctions to access specific domains or
OUs. Unidesk reads from your directory service to create an association between users and Unidesk Machines. If you are
using a broker, the user association will also be configured in the broker.
Your directory service is not modified by Unidesk.
About connecting Unidesk to a directory service
Overlapping Directory Junctions
Overlapping (or nested) Directory Junctions occur when you create multiple Directory Junctions that contain the same users
and then import the users into the Unidesk directory tree. When overlapping occurs, each Directory Junction contains its
own copy of the duplicate users.
Assume you create Directory Junction A that starts at the Marketing folder in a directory service tree. Next, you create
Directory Junction B which starts at a folder above the Marketing folder. If you browse both Directory Junctions, you can
see the Marketing users in both folders.
User attributes are imported from the directory service
The Unidesk software imports and caches user and group attributes from your directory service when:
You assign a Unidesk Machine to a user or group.
You assign administrator privileges to a user.
The values of the attributes change in the directory service.
The attributes that the Unidesk software caches are read only. All changes to the attributes for directory service users
come from the directory server.
The Unidesk software synchronizes the information it caches for directory service users with the directory service every 12
hours. If the software discovers that a user is no longer an object in the directory service, it classifies the user as abandoned
(you can view this information in the Information view for the user). You can continue to assign Unidesk Machines to this
user; however, the attributes that the software originally obtained from the directory service are not updated unless you
change them manually in the Unidesk Management Console. In this case, the directory user is equivalent to a local user.
Directory service user name changes and assigned Unidesk Machine owners
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.91https://docs.citrix.com
After you assign a directory service user to a Unidesk Machine, changing the name in the directory service has no effect on
the assigned owner of the machine. Unidesk continues to display the original user name as the owner of the machine.
Create a directory junction
Before you start
Create the folders where you want to place the Directory Junctions or decide which existing folder you want to use. You
can add a Directory Junction folder to any existing folder in the Unidesk Management Console directory tree.
Best Pract ice:Best Pract ice: Avoid creating overlapping Directory Junctions, if possible. In some circumstances, deleting an overlapping
Directory Junction can affect your ability to delete another Directory Junction that contains the same users. You can,
however, browse and assign Unidesk Machines to users that belong to overlapping Directory Junctions.
Create a directory junction
Select Users > Direct ory ServiceUsers > Direct ory Service .
Select Creat e Direct ory Junct ionCreat e Direct ory Junct ion in the Act ionAct ion bar.
The Create Directory Junction wizard opens.
On the Connect ion Det ailsConnect ion Det ails tab, specify the details for the directory server.
Name f or t he Direct ory Junct ionName f or t he Direct ory Junct ion - This name becomes the name of the folder that you see in the Unidesk
Management Console tree view. You can use any name, including the name of a domain in your directory service tree.
IP address or DNS nameIP address or DNS name - This is the name for the server you will use for the directory service.
Port numberPort number - Specify the port for communicating with the directory server.
SSL check boxSSL check box - Select this if you want to use Secure Sockets Layer (SSL) communication.
If certif icate errors occur, the wizard displays a list of these errors. If you know it is safe to ignore them, select Ignore
Certif icate Errors.
T est Connect ionT est Connect ion - Click to verify that the Management Appliance can connect to the directory service.
On the Aut hent icat ion Det ailsAut hent icat ion Det ails tab, enter the authentication details for a user who has permissions to search the
directory service.
ID, user name, or Dist inguished NameID, user name, or Dist inguished Name - This ID is referred to as the Bind Distinguished Name (DN).
To determine the correct syntax for the Bind DN or user name, see the documentation for your directory service.
Examples:Examples: The following examples shows some of the ways you can specify a user for the directory service:
domain\username or [email protected].
PasswordPassword for the Bind DN
T est Aut hent icat ionT est Aut hent icat ion - Click to verify that the connection to the directory server is valid.
On the Dist inguished Name Det ailsDist inguished Name Det ails tab, specify where you want the software to start searching for users and
groups in the remote directory service.
Base Dist inguished Name (DN)Base Dist inguished Name (DN) - The software starts searching for users and groups in the remote directory
service. Once you establish a connection to the server for the directory service, the wizard displays a list of available
DNs. You can select a DN from the list or enter the DN directly in the box.
1.
2.
3.
4.
5.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.92https://docs.citrix.com
Example:Example: Assume that you want to start the search at the Marketing Organizational Unit at the root of a domain.
You would enter the following Base DN:
OU=marketing, DC=root,DC=mydomain DC=com
Click T est Base DNT est Base DN to verify that the Base DN you specif ied is valid.
On the Folder Locat ionFolder Locat ion tab, select the folder in the Unidesk tree where you want to add the directory junction for the
remote directory service.
On the At t ribut e MappingAt t ribut e Mapping tab, enter the names of directory service attributes that you want to map to the local
attributes or use the default settings.
To change the mapping from local attributes back to default mappings, click Use Def ault sUse Def ault s .
On the Confirm and Complet eConfirm and Complet e tab, verify the Directory Junction settings, enter a comment if required, and click
Updat e Direct ory Junct ionUpdat e Direct ory Junct ion.
If you enter comments, they appear in the Information view Audit History.
To ensure that the Unidesk software can find user, group, and folder entities in a directory service, you can map
attributes that the directory service uses to the attributes that the Unidesk software uses.
When you enter attribute values, use the following syntax. The software searches for the first attribute. If it cannot find
the first attribute, it searches for the second one.
attribute:attribute
The following tables describe the local attributes that you can map to directory service attributes.
6.
7.
8.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.93https://docs.citrix.com
LocalLocalattributeattribute
Des criptionDes cription
GUIDThe Globally Unique Identifier for the user. If the user entity's location in the directory service changes, the Unidesk
software uses this attribute to locate it and retrieve its values.
Display
NameA name associated with the user.
First
NameThe first name of the user.
Last
NameThe last name of the user.
T itle A title associated with the user (for example Vice-President of Sales).
Logon
NameThe user name for authentication.
Email The email address associated with the user.
Phone The telephone number associated with the user.
Address 1 The first line of the user's street address.
Address 2 The second line of the user's street address.
City The city associated with the user's street address.
State The state associated with the user's street address.
Postal
codeThe postal or ZIP code associated with the user's street address.
Country The country associated wit the user's street address.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.94https://docs.citrix.com
LocalLocalattributeattribute
Des criptionDes cription
GUIDThe Globally Unique Identifier for a group. If the group entity's location in the directory service changes, the Unidesk
software uses this attribute to locate it and retrieve its values.
Display
NameA name associated with the group.
Description A description of the group.
Members The name of the groups in which this group has membership.
LocalLocalattributeattribute
Des criptionDes cription
GUIDThe Globally Unique Identifier for a folder. If the folder entity's location in the directory service changes, the Unidesk
software uses this attribute to locate it and retrieve its values.
Display
NameThe name of the folder.
Description A description of the folder.
Local attributeLocal attribute Des criptionDes cription
UserA search string that looks for users.
The default value searches for users based on their last names.
GroupA search string that looks for groups.
The default value searches for group names, including the names of groups that are members of other groups.
FolderA search string that looks for specific contents in organizational units.
The default value searches organization units that are likely to contain users and groups.
Connect to a directory service
Select an existing folder or use the Creat e FolderCreat e Folder action to create folders in the Unidesk directory tree structure
where you want to place connections to a directory service.
1.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.95https://docs.citrix.com
Select Creat e Direct ory Junct ionCreat e Direct ory Junct ion and specify:
Bind Distinguished Name - The Distinguished Name or ID for a user who has the permissions required to search the
directory service tree.
Base Distinguished Name - The starting point that the software uses when searching for users and groups in the
directory service tree.
Now you can assign Unidesk Machines to the users, or assign administrator privileges to them. The Unidesk software
caches the attributes for each directory service entry, so that if the connection to the directory service is lost
temporarily, the software can use the cached information for management tasks.
2.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.96https://docs.citrix.com
Create desktops
Jun 28 , 2017
A Unidesk Desktop is a virtual machine made up of an Operating System Layer, Application Layers, and a user
Personalization Layer. You create and select the Operating System and Application Layers, and the Unidesk software
creates the Personalization Layer.
About Unidesk Desktops
Persist ent and Non-persist ent Deskt opsPersist ent and Non-persist ent Deskt ops
On a Persistent Desktop, the Personalization Layer stores all changes made by the Desktop’s user, including files and
installed applications. On a Non-persistent Desktop the Personalization Layer is cleared on each Desktop reboot or log off,
unless you are using RDS in which case it is cleared only on a log off. Desktops can be deployed to a connection broker
such as Microsoft’s RD Connection Broker or Citrix XenDesktop, or can simply be deployed to the virtual infrastructure and
accessed via a connection client like RDP.
Creat ing a t est Deskt op t o verif y your Operat ing Syst em LayerCreat ing a t est Deskt op t o verif y your Operat ing Syst em Layer
The first Desktop you create will be a test Desktop, and it will give you an idea of the broad range of settings available for
your users, though you don't need to concern yourself with the majority of settings until you are ready to create them for
real users.
Creat ing mult iple Deskt ops at onceCreat ing mult iple Deskt ops at once
When you are ready to create Desktops for real users, you can create one Desktop at a time, or as many as you want at
once. You can name Desktops individually, or generate the names based on built-in naming conventions that you can edit or
augment.
Before You Start
Desktop Requirements
As soon as you create your Operating System Layer, you should make sure this Layer and your Domain Join script are in
good working order. Do this by creating a bare-bones test Desktop, as described in the next section.
Before you can create a Desktop you need:
A Unidesk Collection, which in turn requires an Operating System Layer
Users (available in Unidesk via a connection to your directory service)
A cluster or host that you set up when installing Unidesk appliances
Access to the network where the cluster or host is running
Desktop attributes you can never change
Certain Desktop attributes are determined by the Collection in which you create them, and once created, you can never
change these attributes for the Desktop:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.97https://docs.citrix.com
Desktop Type - The Desktop Type can be either Persistent or Non-Persistent. A Persistent Desktop retains all user
customizations, including settings and data f iles, while a Nonpersistent Desktop returns to its original state when the
user logs off . The Desktop Type is determined by the type of Collection in which is created.
Connection Broker - You can upgrade the version of the broker used for a Desktop, but cannot move the Desktop to a
different broker.
Operating System Layer - You can change the version of the Operating System Layer assigned to a Desktop, but not
the Layer itself .
Desktops and the Collections to Which They Belong
As stated previously, the Collection where you create a Desktop determines its key attributes. If you decide to move a
Desktop to a different Collection, the new Collection must have the same key attributes, Broker, Desktop Type, and
Operating System Layer.
Create a Test Desktop (Recommended)
Before using your new Operating System Layer to create your Desktops and Application Layers for production,
Citrix recommends creating a test Desktop to verify that your Operating System Layer and domain join script work.
Create a Test Desktop to Verify Your Operating System Layer and Domain JoinSettings
Since you won't deploy this Desktop to production, select the required settings only and accept the default values for
everything else.
1. In the Unidesk menu bar select Deskt opsDeskt ops and then click Creat e Deskt opCreat e Deskt op.
The Creat e Deskt opCreat e Deskt op wizard opens.
2. On the Collect ion AssignmentCollect ion Assignment tab, select a Collection where you want to group the Desktop with other Desktops,
then browse your directory service tree and select a user. This step creates an association in Unidesk between the user
and the Desktop. It also configures your broker to associate the Desktop with the selected user. Your directory service is
not modif ied.
3. On the Deskt op Det ailsDeskt op Det ails tab, select a cluster or host, a network, and a VLAN Tag (if necessary).
Use the default settings for everything else.
4. On the Conf irm and Complet eConf irm and Complet e tab, confirm that the settings are correct in the Deskt op Visualizat ion Deskt op Visualizat ion panel on the
right.
5. Click Creat e Deskt opsCreat e Deskt ops to start creating the Desktop.
A Desktop icon appears with the status displayed in the lower right corner of the icon. The Desktop status cycles
through Stopped, Powering on, Starting, and Running. For more status information, click the ExpanderExpander tab in the
bottom center of the console to open the T asksT asks panel. For example, if the Desktop is not successfully added to the
connection broker, a status messages are displayed in the Desktop Details.
6. View the IP address assigned to the Desktop, by hovering over the Desktop icon and clicking the information icon.
7. Log into the Desktop and verify that the Desktop successfully joined the domain.
Troubleshoot Domain Join Issues (Windows 7, Windows 8.1)
If your Desktops are not successfully joining the domain, follow the steps below to identify the issue. Fixing the problem
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.98https://docs.citrix.com
usually requires an update to the unattend file. Then you need to create a new version of your Operating System layer. Use
the Unidesk unattend builder to correct any issues in the unattend.xml file. The Unidesk unattend builder is available for
download in the Unidesk Download Center. [ADD LINK]
When a Windows 7 or Windows 8.1 Desktop is created in Unidesk it runs through the Microsoft Windows mini-setup
process, which uses a file called unattend.xml to configure a variety of Desktop settings. We recommend that you use the
Unidesk Unattend builder tool to create your unattend file. With the Unattend builder you can specify all of the settings
required to join the Desktop to the domain during creation.
If your Desktop is not joining the domain correctly, here are some common issues and how to solve them.
Keep in mind that while you will look at logs on the Desktop Unattend to identify your problem, you will update the
unattend file in your OS layer or in an application layer to correct it so that newly created Desktops will successfully join
your domain.
Check t he Set upact log on t he Deskt op f or errorsCheck t he Set upact log on t he Deskt op f or errors
The following log file details the progress of the mini-setup process, including a summary line for each domain attempt.
Check this log file for errors:
C:\Windows\Panther\UnattendGC\setupact.log
NoteEnsure you are looking at the setupact log in C:Windows\Panther\UnattendGC. The log file is not in the directory
path C:Windows\Panther.
Search for DJoin.exe to see a log of the domain join operations:
DsGetDCName failed: 0x54b … check your fully qualified domain name
NetJoinDomain attempt failed: 0x89a … check your domain join credentials
NetJoinDomain attempt failed 0x2: check your OU specification
Still stumped? For other log files to check, go to the section on Advanced debugging later in this article.
Check your unat t end file f or common problems and fix any issuesCheck your unat t end file f or common problems and fix any issues
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.99https://docs.citrix.com
Let’s assume that you have this configuration:
Fully qualif ied domain nameFully qualif ied domain name: vdidomain.acme.com or vdidomain.local
Short domain nameShort domain name: vdi
OUOU: acmegrp1
Domain accountDomain account : Administrator
To check your unat t end fileTo check your unat t end file
Open the unattend file on the Desktop and check for some common problems. The unattend file is located in
c:\windows\panther.
Search for the <JoinDomain> tag and check the fully qualif ied domain name, as shown in one of these examples:
<JoinDomain>vdidomain.local</JoinDomain>
<JoinDomain>vdidomain.acme.com</JoinDomain>
Check the domain specification by searching for the Domain tag: <Domain>. The Domain tag must be the short domain
name, not the fully qualified domain name. An example is:
Correct: <Domain>vdi<Domain>
Incorrect: <Domain>vdidomain.acme.com<Domain>
Check the Username specif ication. An example is:
1.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.100https://docs.citrix.com
Correct: <Username>Administrator</Username>
Incorrect:<Username>vdi\Administrator<\Username>
Check the processor architecture.
In the component tag, make sure the processorArchitecture is correct for your platform, either amd64 or x86.
Fix any issues you find in the unattend.xml, either by editing the file manually, or by running the Unattend builder again.
This involves creating a new version of your OS layer to update the unattend file:
1. In the Unidesk Management Console, click Operat ing Syst em Layer > Add Version Operat ing Syst em Layer > Add Version.
Allow the Operating System Layer to start up in the Install Machine and then log on.
2. Once logged on, either edit unattend.xml or run the Unattend builder:
Run Notepad as Administrator, edit C:\Windows\Panther\unattend.xml, and then save the f ile.
3. Finalize the layer.
Deploy a new Desktop with your latest OS version and check for successful domain join.
One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Look for the section with
today's date to watch the process from the beginning, or go to the bottom of the file to see the last attempt and why it
failed. If an attempt fails, Windows makes another attempt every five seconds, up to 80 times, As a result, your log may
contains many duplicate failure messages.
A successful domain join displays the following message:
05/01/2012 09:28:01:740 NetpDoDomainJoin: status: 0x0
This line appears at the bottom of the last attempt and denotes that the domain join process is successful. Any return
status other than 0x0 denotes a failure. You may also see the following lines above it, which also show success:
05/01/2012 09:28:01:740 NetpCompleteOfflineDomainJoin: status: 0x0
05/01/2012 9:28:01:740 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
Failure, again, is a non-zero return code:
01/20/2012 10:53:01:232 NetpDoDomainJoin: status: 0x2
One of the most common failures is an error attempting to connect to the IPC$ share on the domain controller. It will look
like this:
05/02/2012 23:14:21:057 NetUseAdd to \\DC1.company.local\IPC$ returned XXXX
Get the returned message (XXXX)and run net helpmsg XXXX from a command prompt to see the specific error. The
following are common domain join errors and solutions to those errors.
2.
3.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.101https://docs.citrix.com
Failure 1231Failure 1231
07/12/2012 14:38:52:122 NetUseAdd to \\DC1.company.local\IPC$ returned 1231
07/12/2012 14:38:52:122 NetpJoinDomain: status of connecting to dc '\\TDC1.company.local': 0x4cf
07/12/2012 14:38:52:122 NetpJoinDomainOnDs: Function exits with status of : 0x4cf
07/12/2012 14:38:52:122 NetpDoDomainJoin: status: 0x4cf
Pre-1.5 versions of Unidesk had a timing issue that could cause domain joins on Windows 7 x64 to fail randomly. Upgrade to
the latest version of Unidesk if you are using a version earlier than version 1.5.
This error may also be the result of mixing layers that were built from different OS layers. Resolve it by deploying with just
the Operating System Layer. Once you can identify which Application Layer is breaking the domain join process, recreate
that layer with the current version of the current OS layer.
If you cannot find conflicting layers, use the PowerShell script for joining the domain:
http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations
Failure 1326Failure 1326
05/02/2012 23:07:31:696 NetUseAdd to \\DC1.company.local\IPC$ returned 1326
05/02/2012 23:07:31:696 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x52e
05/02/2012 23:07:31:696 NetpJoinDomainOnDs: Function exits with status of : 0x52e
05/02/2012 23:07:31:696 NetpDoDomainJoin: status: 0x52e
Failure 1326 is a straightforward password error, "Logon failure: unknown user name or bad password." Double-check the
username and password in your unattend.xml file.
Failure 1909Failure 1909
05/02/2012 23:14:21:057 NetUseAdd to \\DC1.company.local\IPC$ returned 1909
05/02/2012 23:14:21:057 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x775
05/02/2012 23:14:21:057 NetpJoinDomainOnDs: Function exits with status of : 0x775
05/02/2012 23:14:21:057 NetpDoDomainJoin: status: 0x775
A 1909 error means "The referenced account is currently locked out and may not be logged on to." Go to your Active
Directory and unlock the account. You should also determine how the account got locked. Often the account becomes
locked because the unattend.xml has an incorrect password. Attempting to join a domain retries dozens of times. If the
password is incorrect, you might get three password failures and dozens of "account locked" failures.
Bad OU specifiedBad OU specified
01/20/2012 10:53:01:232 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x2
01/20/2012 10:53:01:232 NetpProvisionComputerAccount: LDAP creation failed: 0x2
01/20/2012 10:53:01:232 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported
01/20/2012 10:53:01:232 ldap_unbind status: 0x0
01/20/2012 10:53:01:232 NetpJoinDomainOnDs: Function exits with status of : 0x2
01/20/2012 10:53:01:232 NetpJoinDomainOnDs: status of disconnecting from '\\DC1.company.local': 0x0
01/20/2012 10:53:01:232 NetpDoDomainJoin: status: 0x2
The message "Cannot retry downlevel, specifying OU is not supported" means that the specified OU is invalid. This error
could indicate that the OU does not exist within the AD, or that you are attempting to specify the default Computers
container. Windows requires that the default OU be left unspecified, so if you want to put new Desktops into the default
Computers OU, you must delete the <MachineObjectOU> line entirely. Look further up the log file for what the specified
OU is:
01/20/2012 10:53:01:123 lpMachineAccountOU: OU=Computers,OU=VDI,DC=company,DC=local
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.102https://docs.citrix.com
Verify the existence of the specified OU and confirm that it is not the top-level Computers container.
Bad domain specifiedBad domain specified
If the domain name itself is invalid, a domain join makes no entries to NetSetup.log and does not create a log file. In this
situation, look in C:\Windows\Panther\UnattendGC\setupact.log for lines like this:
2012-07-13 16:11:15, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5
seconds...
The error text for 0x54b (1355) is "The specified domain either does not exist or could not be contacted." You can look
further up in the setupact.log to see exactly what domain you were trying to join. Note that this is an error with the
"JoinDomain" tag, not the credentials.
Insuf ficient user right sInsuf ficient user right s
07/17/2012 13:26:47:524 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005:
SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
07/17/2012 13:26:47:524 NetpModifyComputerObjectInDs: ldap_add_s failed: 0x32 0x5
07/17/2012 13:26:47:524 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
07/17/2012 13:26:47:524 NetpProvisionComputerAccount: LDAP creation failed: 0x5
...
07/17/2012 13:26:47:539 NetpDoDomainJoin: status: 0x5
The user account you specify must have rights to add machine accounts to the domain in the specified OU. This error
appears when you have a valid account with insufficient privileges. Either try a different account or adjust the account
privileges in the domain.
If you are unable to make your domain join work automatically via the unattend file, you can try adding a PowerShell script
to the deployment process to do the domain join. For more information, see this article:
http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations [CHANGE LINK]
The relevant section of the unattend.xml belongs in the 'pass="specialize"' settings block:
<settings pass="specialize" wasPassProcessed="true">
The UnattendedJoin block within it looks like this.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.103https://docs.citrix.com
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<Identification>
<Credentials>
<Domain>company</Domain
<Password>thePassword</Password>
<Username>administrator</Username>
</Credentials>
<JoinDomain>company.local</JoinDomain>
<MachineObjectOU>OU=VDI,OU=lab,DC=company,DC=local</MachineObjectOU>
<DebugJoin>true</DebugJoin>
</Identification>
</component>
There are four elements of block that need to be correct:
1. In the "component" tag, make sure "processorArchitecture" is correct for your platform - either "amd64" or "x86".
2. In the "Identif ication" block, the "Credentials" block must be correct. The "Domain" tag must be the short domain name,
not the FQDN. The "Domain" and "Username" tags are joined to create the account that the Desktop will login to the
domain as in order to create the Machine Account. The account must exist and be a domain administrator or a service
account with suff icient privileges to create Machine Account objects. In this example, "company\administrator" logs in
with password "thePassword". Note that the password is stored in the gold as plain text, but is replaced with the string
"*SENSITIVE*DATA*DELETED*" during deployment to preserve security.
3. The "JoinDomain" tag must contain the full domain as a FQDN. The Desktop logs in to and joins this domain using the
credentials described above earlier.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.104https://docs.citrix.com
4. The "MachineObjectOU" tag must refer to an existing OU. It must not refer to the default Computers container. If you
want your Desktops to appear in the default Computers container for your domain, you must delete the entire
MachineObjectOU line. The reason is that the MachineObjectOU field must refer to an OU, but Computers is actually a
CN. You cannot specify a CN there, and if you reference Computers as an OU, it's an error. So to get the default, which
you can't specify, you must not have the line at all. (When using the Unattend Builder from Unidesk, specify the
Computers container by putting nothing in the "OU to Place Desktops" f ield.)
Note that if the machine already has a Machine Account in your domain (for instance because you are reusing names from
Desktops that have been created and deleted before), the domain reuses the existing Machine Account in whatever
location it is already in, ignoring the one specified in unattend.xml.
One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Review this file after
deployment to determine why the attempt to join the domain failed. Look for the section with today's date to watch the
process from the beginning, or go to the bottom of the file to see the last attempt and why it failed. If an attempt fails,
Windows makes another attempt every five seconds, up to 80 times, As a result, your log may contains many duplicate
failure messages.
A second log, C:\Windows\Panther\UnattendGC\setupact.log, details the progress of mini-setup, including a summary line
for each domain attempt. At least one type of failure (bad domain specified) results in no NetSetup.log being created, so
you would have to see the failure information in setupact.log. If you find no current information in NetSetup.log, or no log
at all, check setupact.log.
Create One or More Desktops
In the Unidesk Management Console, select Deskt ops > Creat e Deskt op Deskt ops > Creat e Deskt op. The Create Desktop wizard opens where you
can configure the Desktop(s).
Collection Assignment
Select a Unidesk Collection, and individual users or a group. If you select a group, Desktops will be created for all users in the
group. Collection assignment creates an association in Unidesk between the user and the Desktop, and will also configure
your broker to associate the Desktop with that user. Your directory service is not modified.
Not esNot es
If the Desktop is not successfully added to the connection broker, a status message appears in the Desktop Details. To
see the broker or a status message about the Desktop being added to the broker, click the information symbol on the
Desktop icon.
In an RD Connection Broker (RDCB) collection, a user can have only one Desktop. If you attempt to create a Desktop in
an RDCB collection where there is already a Desktop owned by that user, the Desktop will not be created.
Desktop Details
Cluster or Host - Choose the cluster or server to host the Desktop(s) from the choices you configured when setting up the
UnideskManagement Appliance. If the cluster or host is missing, verify that it has been enabled for the Management
Appliance and CachePoint. Note that the Management Appliance must be restarted if hosts are added or removed from a
cluster.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.105https://docs.citrix.com
Desktop Names - You can use one of our built-in naming conventions to auto-generate Desktop names. Or, you can define
your own custom naming convention using a set of expressions, and change the built-in naming convention.
Generate Name Automatically - This option automatically generates the Desktop names based on a naming convention.
You can select a built-in naming convention or create your own custom naming convention. You must use automatic
name generation if you are creating more than one Desktop. If you don't want the default naming convention
(FirstnameLastname), you can make your own naming convention by selecting Custom and entering an expression.
Enter Desktop Name - If you are creating a single Desktop, deselectGenerate Name Automatically and type in a
Desktop name.
Desktop names must meet the following basic naming requirements or the Desktop will not start.
Names can include one to 15 of these characters:
Letters a through z, and A through Z
Numbers 0 through 9
Hyphen (-) and Underscore (_)
Names cannot include Spaces, the characters / \ * , . " @, or a sequence of two hyphens (--) or underscores (__)
Names cannot start with a number, hyphen (-), or underscore (_)
Names cannot end with a hyphen (-) or an underscore (_)
NoteIf you use non-alphanumeric characters in the Desktop name, Unidesk substitutes an underscore for each non-alphanumeric
character in the corresponding folder name.
When you create more than one Desktop at a time, the system generates the names for you. You can also choose to have
the system generate a name for an individual Desktop. You can either use the built-in naming conventions, or create a
custom naming convention. The built-in naming conventions available are based on whether the Collection is for Persistent
or Non-persistent Desktops.
When creating Desktops, you can ensure that naming is consistent by choosing one of the built-in naming conventions, or
by defining (and then choosing) a naming convention of your own.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.106https://docs.citrix.com
T his conventionT his convention Creates a name that contains theCreates a name that contains the ExampleExample
FirstnameLastname First name and last name of the selected user. JohnDoe
LastnameFirstInitial Last name and first initial of the selected user. DoeJ
FirstInitialLastname First initial and last name of the selected user. JDoe
CollectionIncrementSelected Collection. Also appends a sequential numeric value to the end of each Desktop
name.
Support1,
Support2
1. Select Syst em > Set t ings and Conf igurat ion Syst em > Set t ings and Conf igurat ion.
2. Select Deskt op Naming Convent ion Set t ingsDeskt op Naming Convent ion Set t ings and then click EditEdit .
3. In the Expression box for the naming convention that you want to change, edit the displayed expression.
In addition to using the naming expressions, you can enter additional characters as long at they follow the host naming
standards.
Example: If you wanted Desktop names to use a format such as, MKTG-FirstnameLastname, you could enter an
expression similar to the following one:
MKTG-%F%L
4. Click SaveSave .
1. Select Syst em > Set t ings and Conf igurat ionSyst em > Set t ings and Conf igurat ion.
2. Select Deskt op Naming Convent ion Set t ingsDeskt op Naming Convent ion Set t ings and then click EditEdit .
3. Click Add Naming Convent ionAdd Naming Convent ion.
4. In the Convent ion NameConvent ion Name box, enter a name that you want to associate with the naming convention. The Create
Desktop wizard displays this name as a selection in the Desktop Assignment tab.
5. Enter an expression that defines the syntax for the name. In addition to using the built-in naming expressions, you can
enter additional characters as long at they follow the host naming standards.
6. Click AddAdd and then click SaveSave .
Naming convention expressions define how the system displays the naming conventions. The following table describes the
syntax for the valid expressions that the system uses to generate names.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.107https://docs.citrix.com
Us eUs e T o includeT o include ExamplesExamples
%
[n]F
The first name of the selected user.
The n variable indicates the number of characters to include.
If you do not specify a character length, the software uses the full name.
%F = Joey
%3F = Joe
%
[n]L
The last name of the selected user.
The n variable indicates the number of characters to include.
If you do not specify a character length, the software uses the full name.
%L =
Hartley
%4L = Hart
%
[n]C
The name of a selected group.
The n variable indicates the number of characters to include.
If you do not specify a character length, the software uses the full name.
%C =
Marketing
%3C =Mar
[%I]
A unique number at the end of a generated name. The number starts at 1 and increments sequentially for each
Desktop that the software creates. The software applies this expression if the generated name is not unique and if
you include it in a custom expression.
%3C%I =
Mar1,
Mar2,
Mar3, ...
Network - Choose a network. The list displays all networks available to the selected host or cluster.
Application Assignment
Application Layer(s) to add to the Desktop. Expand a Layer to select the version.
Desktop Settings
This is where you configure hardware and memory settings for the virtual machine.
CPUs - Number of virtual CPUs to allocate to the Desktop. You can specify any number from 1 to 64. The default
number of CPUs is derived from the greater of the following two values: the number of CPUs that was imported for the
gold image or the minimum number of CPUs Unidesk has defined.
Starting Memory - Amount of memory (in megabytes) to allocate to the Desktop at startup. The default setting is
derived from the greater of the following two values: the Starting Memory that was imported for the gold image or the
minimum amount of starting memory Unidesk has defined.
Dynamic Memory - Specif ies the use of dynamic memory for the Desktop; otherwise, the Desktop's memory use is
static. Using dynamic memory enables the Desktop to contribute or receive memory as a shared resource. When working
with multiple Desktops, dynamic memory uses the overall available physical memory in a more eff icient way than static
memory does.
If you select the Dynamic Memory option, the Starting Memory number must be greater than or equal to the
Minimum RAM number and less than or equal to the Maximum RAM number.
If you upgrade a Desktop that is using dynamic memory, the Dynamic Memory option is no longer enabled following
the upgrade procedure.
A CachePoint that has not been upgraded disregards any Dynamic Memory settings. Once the CachePoint is
upgraded, the next edit to it invokes the Dynamic Memory settings.
Minimum RAM - The minimum amount of memory (in megabytes) to allocate to the Desktop after startup. This number
cannot be less than 32 and must be divisible by 2. This option becomes active when the Dynamic Memory option is
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.108https://docs.citrix.com
selected.
Maximum RAM - The maximum amount of memory (in megabytes) to allocate to the Desktop after startup. This number
cannot be greater than 1048576 and must be divisible by 2. This option becomes active when the Dynamic Memory
option is selected.
Buffer Percentage - Specif ies how much memory to add to the Desktop as a buffer. This number is a percentage of the
amount of memory the Desktop actually requires to run applications and services. This percentage cannot be less than 5
nor greater than 2000. This option becomes active when the Dynamic Memory option is selected.
User Data Storage - Space in GB to allow for the machine's personalization settings and data f iles.
Page File Size - Percentage of memory to use for the page f ile size.
The Page File size is a percentage of the Starting Memory value. On Desktops that have Dynamic Memory enabled, and
a Maximum RAM value set greater then the Starting RAM value, Full Core Dumps may not be created successfully, as the
Page f ile might not be large enough.
Core Dump Type - The type of core dump file you want the system to create when system problems occur. You can
specify None, Mini (to create a small, or mini-dump file), Kernel (to create a kernel memory dump file), or Full (to create a
full crash dump file). If you select Full, the size for the page f ile must be a minimum of 100%.
Maintenance Schedule
A maintenance window is a time set aside for Desktop maintenance tasks that require the user to log off, for example,
adding a new version of a Layer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.109https://docs.citrix.com
Create session hosts
Jun 28 , 2017
A Unidesk Session Host is a virtual machine made up of an Operating System Layer, Application Layers, and a machine
Personalization Layer. You create and select the Operating System and Application Layers, and the Unidesk software
creates the Personalization Layer, where changes made to the Session Host are saved.
When you are ready to create Session Hosts, you can create one or multiple Session Hosts at a time. You can name Session
Hosts individually, or generate the names based on built-in naming conventions that you can edit or augment. A single Azure
subscription is limited to 48 Session Hosts.
Before you start
Session Host Requirements
As soon as you create your Operating System Layer, you should make sure this Layer and your Domain Join script are in
good working order. Do this by creating a bare-bones test Session Host, as described in the next section.
Before you can create a Session Host you need:
A Unidesk Collection, which in turn requires an Operating System Layer
Session Host attributes you can never change
Certain Session Host attributes are determined by the Collection in which you create them, and once created, you can
never change these attributes for the Session Host. Currently, this includes:
Operating System Layer - You can change the version of the Operating System Layer assigned to a Session Host, but
not the Layer itself .
Session Hosts and the Collections they belong to
As stated above, the Collection where you create a Session Host determines its key attributes. So, if you decide to move a
Session Host to a different Collection, the new Collection must have the same Operating System Layer.
Create a test Session Host (Recommended)
Before using your new Operating System Layer to create your Session Hosts and Application Layers for production, we
recommend creating a quick, test Session Host to verify that your Operating System Layer and domain join script are in
good working order.
Create a test Session Host to verify your Operating System Layer and domain join settings
Since you won't deploy this Session Host to production, you just need to select the required settings, and accept the
default values for everything else.
1. On the Unidesk menu bar select Session Host s Session Host s , then click Creat e Session HostCreat e Session Host . This opens the Create Session Host
wizard.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.110https://docs.citrix.com
2. On the Collection Assignment tab, select a Collection where you want the Session Host to be grouped, and choose to
create 1 Session Host.
3. Take the default settings for everything else, and on the Confirm and Complete tab, confirm that the settings are
correct (see the Visualization panel to the right), and click Creat e Session Host sCreat e Session Host s to start creating the Session Host.
A Session Host icon appears, its status displayed in the lower right corner of the icon. The Session Host status cycles
through Stopped, Powering on, Starting, and Running. For more status information, click the Expander tab in the bottom
center of the console to open the Tasks panel. For example, if the Session Host is not successfully added to the
connection broker, a status messages is displayed in the Session Host Details.
1. View the IP address assigned to the Session Host, by hovering over the Session Host icon and clicking the information
icon .
2. Log into the Session Host and verify that t has successfully joined the domain.
Troubleshoot domain join issues
If your Session Hosts are not successfully joining the domain, follow the steps below to identify the issue. Fixing the
problem usually requires an update to the unattend file, and usually you need to create a new version of your Operating
System layer and use the Unidesk unattend builder to correct any issues in the unattend.xml file. The Unidesk unattend
builder is available for download in the Unidesk Download Center.
About domain join
When a Session Host is created in Unidesk it runs through the Microsoft Windows mini-setup process, which uses a file
called unattend.xml to configure a variety of Session Host settings. We recommend that you use the Unidesk Unattend
builder tool to create your unattend file. With the Unattend builder you can specify all of the settings required to join the
Session Host to the domain during creation.
If your Session Host is not joining the domain correctly, here are some common issues and how to solve them.
Keep in mind that while you will look at logs on the Session Host Unattend to identify your problem, you will update the
unattend file in your OS layer or in an application layer to correct it so that newly created Session Hosts will successfully
join your domain.
First things to check
The following log file details the progress of the mini-setup process, including a summary line for each domain attempt.
Check this log file for errors:
C:\Windows\Panther\UnattendGC\setupact.log
Note: Be sure you are not looking at the setupact log in C:Windows\Panther. You want the log file that's
in C:Windows\Panther\UnattendGC.
Search for DJoin.exe to see a log of the domain join operations:
DsGetDCName failed: 0x54b … check your fully qualified domain name
NetJoinDomain attempt failed: 0x89a … check your domain join credentials
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.111https://docs.citrix.com
NetJoinDomain attempt failed 0x2: check your OU specification
Still stumped? For other log files to check, go to the section on Advanced debugging later in this article.
Let’s assume that you have this configuration:
f ully qualif ied domain namef ully qualif ied domain name: vdidomain.acme.com or vdidomain.localshort domain nameshort domain name: vdiOU:OU: acmegrp1Domain accounDomain account: Administrator
1. Open the unattend file on the Session Host and check for some common problems. The unattend file is located in
c:\windows\panther.
Search for the <JoinDomain> tag and check the fully qualified domain name. It should look like one of these examples:
<JoinDomain>vdidomain.local</JoinDomain>
<JoinDomain>vdidomain.acme.com</JoinDomain>
Check the domain specification by searching for the Domain tag: <Domain>. The Domain tag must be the short
domain name, not the fully qualified domain name.It should look like this:
Correct: <Domain>vdi<Domain>
Incorrect: <Domain>vdidomain.acme.com<Domain>
Check the Username specification. It should look like this:
Correct: <Username>Administrator</Username>
Incorrect:<Username>vdi\Administrator<\Username>
Check the processor architecture
In the component tag, make sure processorArchitecture is correct for your platform, either amd64 or x86.
2. Fix any issues you f ind in the unattend.xml, either by editing the f ile manually, or by re-running the Unattend builder. This
involves creating a new version of your OS layer to update the unattend f ile:
1. In the Unidesk Management Console, click Operating System Layer > Add Version. Allow the Operating System Layer
to boot up in the Install Machine, and log in.
2. Once logged in, either edit unattend.xml, or re-run the Unattend builder:
Run Notepad as Administrator, edit C:\Windows\Panther\unattend.xml, and save the f ile.
3. Finalize the layer
3. Deploy a new Session Host with your latest OS version and check for successful domain join.
Check the Netsetup log file for errors
One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Look for the section with
today's date to watch the process from the beginning, or go to the bottom of the file to see the last attempt and why it
failed. If an attempt fails, Windows makes another attempt every five seconds, up to 80 times, As a result, your log may
contains many duplicate failure messages.
A successful domain join displays the following message:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.112https://docs.citrix.com
05/01/2012 09:28:01:740 NetpDoDomainJoin: status: 0x0
This line appears at the bottom of the last attempt, and denotes that the domain join process succeeded. Any return
status other than 0x0 denotes a failure. You may also see the following lines above it, which also show success:
05/01/2012 09:28:01:740 NetpCompleteOfflineDomainJoin: status: 0x0
05/01/2012 9:28:01:740 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
Failure, again, is a non-zero return code:
01/20/2012 10:53:01:232 NetpDoDomainJoin: status: 0x2
One of the most common failures is an error attempting to connect to the IPC$ share on the domain controller. It will look
like this:
05/02/2012 23:14:21:057 NetUseAdd to \\DC1.company.local\IPC$ returned XXXX
Get the returned message (XXXX)and run net helpmsg XXXX from a command prompt to see the specific error. The
following are common domain join errors and solutions to those errors.
07/12/2012 14:38:52:122 NetUseAdd to \\DC1.company.local\IPC$ returned 1231
07/12/2012 14:38:52:122 NetpJoinDomain: status of connecting to dc '\\TDC1.company.local': 0x4cf
07/12/2012 14:38:52:122 NetpJoinDomainOnDs: Function exits with status of : 0x4cf
07/12/2012 14:38:52:122 NetpDoDomainJoin: status: 0x4cf
Pre-1.5 versions of Unidesk had a timing issue that could cause domain joins on Windows 7 x64 to fail randomly. Upgrade to
the latest version of Unidesk if you are using a version earlier than version 1.5.
This error may aslo be the result of mixing layers that were built from different OS layers. Resolve it by deploying with just
the Operating System Layer. Once you can identify which Application Layer is breaking the domain join process, recreate
that layer with the current version of the current OS layer.
If you cannot find conflicting layers, use the PowerShell script for joining the domain:
http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations
05/02/2012 23:07:31:696 NetUseAdd to \\DC1.company.local\IPC$ returned 1326
05/02/2012 23:07:31:696 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x52e
05/02/2012 23:07:31:696 NetpJoinDomainOnDs: Function exits with status of : 0x52e
05/02/2012 23:07:31:696 NetpDoDomainJoin: status: 0x52e
Failure 1326 is a straightforward password error, "Logon failure: unknown user name or bad password." Double-check the
username and password in your unattend.xml file.
05/02/2012 23:14:21:057 NetUseAdd to \\DC1.company.local\IPC$ returned 1909
05/02/2012 23:14:21:057 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x775
05/02/2012 23:14:21:057 NetpJoinDomainOnDs: Function exits with status of : 0x775
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.113https://docs.citrix.com
05/02/2012 23:14:21:057 NetpDoDomainJoin: status: 0x775
A 1909 error means "The referenced account is currently locked out and may not be logged on to." Go to your Active
Directory and unlock the account. You should also determine how the account got locked. Often the account becomes
locked because the unattend.xml has an incorrect password. Attempting to join a domain retries dozens of times. If the
password is incorrect, you might get three password failures and dozens of "account locked" failures.
01/20/2012 10:53:01:232 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x2
01/20/2012 10:53:01:232 NetpProvisionComputerAccount: LDAP creation failed: 0x2
01/20/2012 10:53:01:232 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported
01/20/2012 10:53:01:232 ldap_unbind status: 0x0
01/20/2012 10:53:01:232 NetpJoinDomainOnDs: Function exits with status of : 0x2
01/20/2012 10:53:01:232 NetpJoinDomainOnDs: status of disconnecting from '\\DC1.company.local': 0x0
01/20/2012 10:53:01:232 NetpDoDomainJoin: status: 0x2
The message "Cannot retry downlevel, specifying OU is not supported" means that the specified OU is invalid. This error
could indicate that the OU does not exist within the AD, or that you are attempting to specify the default Computers
container. Windows requires that the default OU be left unspecified, so if you want to put new Session Hosts into the
default Computers OU, you must delete the <MachineObjectOU> line entirely. Look further up the log file for what the
specified OU is:
01/20/2012 10:53:01:123 lpMachineAccountOU: OU=Computers,OU=VDI,DC=company,DC=local
Verify the existence of the specified OU and confirm that it is not the top-level Computers container.
If the domain name itself is invalid, a domain join makes no entries to NetSetup.log and does not create a log file. In this
situation, look in C:\Windows\Panther\UnattendGC\setupact.log for lines like this:
2012-07-13 16:11:15, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5
seconds...
The error text for 0x54b (1355) is "The specified domain either does not exist or could not be contacted." You can look
further up in the setupact.log to see exactly what domain you were trying to join. Note that this is an error with the
"JoinDomain" tag, not the credentials.
07/17/2012 13:26:47:524 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005:
SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
07/17/2012 13:26:47:524 NetpModifyComputerObjectInDs: ldap_add_s failed: 0x32 0x5
07/17/2012 13:26:47:524 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
07/17/2012 13:26:47:524 NetpProvisionComputerAccount: LDAP creation failed: 0x5
...
07/17/2012 13:26:47:539 NetpDoDomainJoin: status: 0x5
The user account you specify must have rights to add machine accounts to the domain in the specified OU. This error
appears when you have a valid account with insufficient privileges. Either try a different account or adjust the account
privileges in the domain.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.114https://docs.citrix.com
Use another approach to domain join: Add a script to the deployment process
If you are unable to make your domain join work automatically via the unattend file, you can try adding a PowerShell script
to the deployment process to do the domain join. For more information, see this article:
http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations
More about how domain join works
The relevant section of the unattend.xml belongs in the 'pass="specialize"' settings block:
<settings pass="specialize" wasPassProcessed="true">
And the UnattendedJoin block within it looks like this.
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance">
<Identification>
<Credentials>
<Domain>company</Domain
<Password>thePassword</Password>
<Username>administrator</Username>
</Credentials>
<JoinDomain>company.local</JoinDomain>
<MachineObjectOU>OU=VDI,OU=lab,DC=company,DC=local</MachineObjectOU>
<DebugJoin>true</DebugJoin>
</Identification>
</component>
There are four elements of block that need to be correct:
1. In the "component" tag, make sure "processorArchitecture" is correct for your platform - either "amd64" or "x86".
2. In the "Identif ication" block, the "Credentials" block must be correct. The "Domain" tag must be the short domain name,
not the FQDN. The "Domain" and "Username" tags are joined to create the account that the Session Host will login to
the domain as in order to create the Machine Account. The account must exist and be a domain administrator or a
service account with suff icient privileges to create Machine Account objects. In this example, "company\administrator"
logs in with password "thePassword". Note that the password is stored in the gold as plain text, but is replaced with the
string "*SENSITIVE*DATA*DELETED*" during deployment to preserve security.
3. The "JoinDomain" tag must contain the full domain as a FQDN. The Session Host logs in to and joins this domain using
the credentials described above earlier.
4. The "MachineObjectOU" tag must refer to an existing OU. It must not refer to the default Computers container. If you
want your Session Hosts to appear in the default Computers container for your domain, you must delete the entire
MachineObjectOU line. The reason is that the MachineObjectOU field must refer to an OU, but Computers is actually a
CN. You cannot specify a CN there, and if you reference Computers as an OU, it's an error. So to get the default, which
you can't specify, you must not have the line at all. (When using the Unattend Builder from Unidesk, specify the
Computers container by putting nothing in the "OU to Place Session Hosts" f ield.)
Note that if the machine already has a Machine Account in your domain (for instance because you are reusing names from
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.115https://docs.citrix.com
Session Hosts that have been created and deleted before), the domain reuses the existing Machine Account in whatever
location it is already in, ignoring the one specified in unattend.xml.
One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Review this file after
deployment to determine why the attempt to join the domain failed. Look for the section with today's date to watch the
process from the beginning, or go to the bottom of the file to see the last attempt and why it failed. If an attempt fails,
Windows makes another attempt every five seconds, up to 80 times, As a result, your log may contains many duplicate
failure messages.
A second log, C:\Windows\Panther\UnattendGC\setupact.log, details the progress of mini-setup, including a summary line
for each domain attempt. At least one type of failure (bad domain specified) results in no NetSetup.log being created, so
you would have to see the failure information in setupact.log. If you find no current information in NetSetup.log, or no log
at all, check setupact.log.
Create one or more Session Hosts
In the Unidesk Management Console, select Session Host sSession Host s > Creat e Session HostCreat e Session Host . This opens the Create Session Host
wizard where you can configure the Session Host(s).
Collection Assignment
Select a Unidesk Collection
Session Host Details
Session Host Names - You can use our built-in naming convention to auto-generate Session Host names. Or, you can define
your own custom naming convention using a set of expressions, and change the built-in naming convention.
Generate Name Automatically - This option automatically generates the Session Host names based on a naming
convention. You can select a built-in naming convention or create your own custom naming convention. You must use
automatic name generation if you are creating more than one Session Host. If you don't want the default naming
convention (Collection name and increment), you can make your own naming convention by selecting Cust omCust om and
entering an expression.
Enter Session Host Name - If you are creating a single Session Host, deselect Generat e Name Aut omat icallyGenerat e Name Aut omat ically and
type in a Session Host name.
Session Host naming requirements
Session Host names must meet the these basic naming requirements, or the Session Host will not start.
Names can include one to 15 of these characters:
Letters a through z, and A through Z
Numbers 0 through 9
Hyphen (-) and Underscore (_)
Names cannot include Spaces, the characters / \ * , . " @, or a sequence of two hyphens (--) or underscores (__)
Names cannot start with a number, hyphen (-), or underscore (_)
Names cannot end with a hyphen (-) or an underscore (_)
Application Assignment
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.116https://docs.citrix.com
Application Layer(s) to add to the Session Host. Expand a Layer to select the version. You can assign up to 13 Application
Layers to each Session Host.
This is where you configure hardware and memory settings for the virtual machine.
CPUs - Number of virtual CPUs to allocate to the Session Host. You can specify any number between 1 and 64. The
default number of CPUs is derived from the greater of the following two values: the number of CPUs on the gold image
or the minimum number of CPUs Unidesk recommends, which is 4. Your infrastructure must be able to support the
number of CPUs you choose.
Starting Memory - Amount of memory (in megabytes) to allocate to the Session Host at startup.
Dynamic Memory - Marking this check box specif ies the use of dynamic memory for the Session Host, while clearing this
check box specif ies that the Session Host's memory use is static. Using dynamic memory enables the Session Host to
contribute or receive memory as a shared resource. When working with multiple Session Hosts, dynamic memory utilizes
the overall available physical memory in a more eff icient way than static memory does.
If you select the Dynamic Memory option, the Starting Memory number must be greater than or equal to the
Minimum RAM number and less than or equal to the Maximum RAM number.
If you upgrade a Session Host that is using dynamic memory, the Dynamic Memory option is no longer enabled
following the upgrade procedure.
A CachePoint that has not been upgraded disregards any dynamic memory settings. Once the CachePoint is
upgraded, the next edit to it invokes the dynamic memory settings.
Not es:Not es:
Minimum RAM - The minimum amount of memory (in megabytes) to allocate to the Session Host after startup. This
number cannot be less than 32 and must be divisible by 2. This option becomes active when the Dynamic Memory option
is selected. The default minimum value for this setting is 8192 MB (8 GB).
Maximum RAM - The maximum amount of memory (in megabytes) to allocate to the Session Host after startup. This
number cannot be greater than 1048576 and must be divisible by 2. This option becomes active when the Dynamic
Memory option is selected. The default value for this option is the greater of the following two values: the Maximum
RAM from the Gold Image, or 16384 MB (16 GB), the minimum recommended by Unidesk.
Buffer Percentage - Specif ies how much memory to add to the Session Host as a buffer. This number is a percentage of
the amount of memory the Session Host actually requires to run applications and services. This percentage cannot be
less than 5 or greater than 2000. This option becomes active when the Dynamic Memory option is selected.
User Data Storage - Space in GB to allow for the machine's personalization settings and data f iles.
Page File Size - Percentage of memory to use for the page f ile size.
Not e:Not e: The Page File size is a percentage of the Starting Memory value. On Session Hosts that have Dynamic Memory
enabled, and a Maximum RAM value set greater then the Starting RAM value, Full Core Dumps may not be created
successfully, as the Page file might not be large enough.
Core Dump Type - The type of core dump file you want the system to create when system problems occur. You can
specify None, Mini (to create a small, or mini-dump file), Kernel (to create a kernel memory dump file), or Full (to create a
full crash dump file). If you select Full, the size for the page f ile must be a minimum of 100%.
Maintenance Schedule
A maintenance window is a time for Session Host maintenance tasks that require users to be logged off, for example,
adding a new version of a Layer. Unidesk keeps track of the number of users logged into each session host, so that
maintenance can be performed when all users are logged off.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.117https://docs.citrix.com
IMPORTANTIMPORTANT : When using XenApp, Session Hosts must be put in Maintenance Mode using the Desktop Studio Console.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.118https://docs.citrix.com
Application Layers
Jun 28 , 2017
Create Application Layers
You can create any number of Application Layers and assign them to Unidesk Machines (Desktops or Session Hosts). You'll
need a staging area, called an Installation Machine (IM) where you'll create the Layers. Then you can assign them
to Unidesk Machines that use the same Operating System Layer as the IM.
Refer to these detailed steps for creating an Installation Machine, creating an Application Layer, and assigning the
Application Layer to Unidesk Unidesk Machines.
Create an Installation Machine, a staging area for your Layers
Create Application Layers
Assign Layers to your Unidesk Machines
Application Layering tips
Tips to deploy Anti-virus applications in Layers
Tips to deploy Windows 8.1 applications in Layers
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.119https://docs.citrix.com
Create an installation machine
Jun 28 , 2017
An Installation Machine is a virtual machine that you provision with the software needed for new Application Layers and
new versions of Operating System and Application Layers. You will need at least one installation machine for
each Operating System Layer in your Unidesk deployment.
About Installation Machines
When to use an Installation Machine
You'll need an Installation Machine whenever you want to create a new Application Layer or when you add a new Version
to an existing Application or Operating System Layer. You do not need an Installation Machine for the initial creation of
an Operating System Layer, just for any Layer Versions you add to it.
The role of an Installation Machine in Layer creation
The Installation Machine is a virtual machine that you use as a staging area for the application(s) you want to put in a
Layer. Before creating a Layer or a new version of a Layer, you'll set up the new software on an Installation Machine.
Before you start
Determine the configuration for memory, CPUs, and network adapters that the application(s) need on the Installation
Machine. For example, if you plan to create Application Layers that require two CPUs, ensure you provision an Installation
Machine with this setting.
Create the Installation Machine (IM)
You must create at least one Installation Machine for each Operating System Layer that you are using in your environment.
Once you create an Installation Machine, you cannot change its Virtual Machine settings, including the Operating System
Layer.
1. Select Syst em Syst em > Inst allat ion MachineInst allat ion Machine > Create Installation Machine. This opens the Create Installation
Machine wizard.
2. In the General Settings tab, specify the virtual machine settings for the Installation Machine, including:
Installation
Machine Name
The Installation Machine name (IM Name) should be 15 characters or less, and unique on the
Master CachePoint Appliance. Valid characters include the letters a - z and A - Z; the numbers 0 - 9;
underscores (_) and hyphens (-). Names cannot start or end with a hyphen or an underscore, nor can
two hyphens or underscores be used consecutively.
Associated OS
LayerThe Operating System Layer associated with this IM.
Amount of memory (in megabytes) to allocate to the Installation Machine We suggest a minimum
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.120https://docs.citrix.com
Memory of 4096 MB for Windows updates. By default, this f ield is pre-populated with the same amount of
memory that was allocated to the associated gold image.
CPUs
Number of virtual CPUs to allocate to the Installation Machine. This value can be any number
between 1 and 64. By default, this f ield is pre-populated with the same number of CPUs that were
allocated to the associated gold image.
Virtual Switch The network that the Installation Machine will use to communicate with Unidesk appliances.
VLAN TagThe VLAN tag inserted into packet headers, indicating which logical network to use for this virtual
machine. If you need to add new VLAN Tags, click the Manage button and use the wizard to do so.
3. In the Confirm and Complete tab, you can enter a comment that describes the Installation Machine for the Audit
History.
4. Click Create Installation Machine.If you enter comments, they appear in the Information view Audit History.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.121https://docs.citrix.com
Create an application layer
Jun 28 , 2017
An Application Layer includes one or more applications that you can assign to Unidesk Machines (Desktops or Session
Hosts). You can create any number of Application Layers to deliver applications to your Unidesk Machines.
Creating an Application Layer takes just a few steps. You’ll use a virtual machine, called an Installation Machine (IM) to install
the application, tell Unidesk when you’re done, and Unidesk will create the Layer. You can install as many applications as you
want in a single Application Layer. See the application recipes section on the forum for some useful hints about Application
Layers
About creating an Application Layer
Overview of the steps to create an Application Layer
Creat e an Creat e an Installation Machine - Do the initial creation of the Installation Machine using the Unidesk Management
Console.
Creat e an Creat e an Application Layer, or a new version of a Layer, or a new version of a Layer - Create an Application Layer, selecting the version of
the Operating System Layer that you want to run on your Installation Machine. The Unidesk software boots
the Installation Machine VM with the selected Operating System.
Inst all applicat ions on t he Inst all applicat ions on t he Installation Machine - After the Unidesk software boots the Installation Machine, the
software prompts you to install applications on the Installation Machine. You log into the Installation Machine (using
your virtual infrastructure management software or a remote Desktop connection) and install the applications or
OS update for the Layer or Layer Version you are creating.
F inalize t he Layer or new Layer VersionFinalize t he Layer or new Layer Version - Finalize the layer. You select the Layer and the software creates the
application image and adds it to the layer. It also shuts down the Installation Machine. The Installation Machine is
powered off and returns to a non-bootable state.
Application Layer requirements
To create an Application Layer, you need:
Your gold image
The installer software for the application(s) you're including in the Layer.
An available Installation Machine.
Any prerequisite Application Layers.I f applications require other programs (for example, Java versions, Web browsers, or
.NET framework), make sure that these Prerequisite Layers are available to select when creating the Layer, and also
deployed to the Unidesk Machine before you deploy the Layer.
Special considerations for Windows 8.1 Applications
To deliver applications on Windows 8.1 via Unidesk Layers, you need to build the applications so they can be centrally
managed. This is because Windows Store Apps are managed via each user's profile and can only be deployed to one user.
Regular Windows Store apps, like Bing Finance and Weather, cannot be sideloaded or layered. You can, however, deliver
centrally managed applications on Windows 8.1 by sideloading Enterprise applications, also called Line of Business (LoB)
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.122https://docs.citrix.com
applications. For details, please see Sideloading Line of Business applications.
Create an Application layer
1. Select Layers > Applicat ion LayersLayers > Applicat ion Layersand select Creat e LayerCreat e Layer in the Action bar. This opens the Create Layer wizard.
2. In the Layer Details tab,specify the following about the Layer.
1. Enter a name for the Application Layer.
2. (Optional) Enter a description of the Layer
3. Enter a version. This can be the version of the application or a version you assign to the Layer. This value is displayed in
the Details view of the Layer.
4. (Optional) Enter a description of the version.
5. (Optional) Enter the path for a custom script that runs once after the Unidesk Machine restarts.
6. Specify the default size for the Layer, in gigabytes. Since Layers are thin provisioned, this value represents the
maximum Layer size. Layers will grow as space is used, up to the maximum size. The default value is 10 gigabytes. If the
application you are installing could eventually require more space, change this value accordingly.
3. In the Installation Machine Details tab, specify the operating system and the Installation Machine. The Application Layer
becomes associated with the Operating System Layer that you use to create it. .
1. Select an Operating System Layer. The layer defaults to the most current version. To select an earlier version, you can
expand the layer to display all versions.
2. Select an Installation Machine
4. In the Prerequisite Layers tab, select one or more layers from the displayed list, if required. Only applications created from
the specified Operating System Layer are available.
1. Select an Application Layer in the Prerequisite Layers box.
2. Select the version of the Application Layer in the Application Details box.
3. Click Add LayerAdd Layer
5. In the Icon Assignment tab, select an icon to assign to the layer. This layer displays this image in the Icon and List views
of the Layers Module.
To use an existing image, select an image in the image box.
To import a new image, click Browse and select an image in PNG or JPG format. For additional information about
uploaded images, see the article about how to Assign icons.
6. In the Confirm and Complete tab, review the details of the Application Layer, enter a comment if required, and
click Creat e LayerCreat e Layer.If you enter comments, they appear in the Information view Audit History.
7. When prompted to do so in the Tasks bar, install the application and the prerequisite applications on the Installation
Machine.
Install the application(s) on the Installation Machine
During the creation process for Application Layers, the software prompts you to install the applications you want to use in
the Layer on the selected Installation Machine. Keep in mind that the state of the Installation Machine before you finalize
a layer is what users experience when they access the Unidesk Machine.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.123https://docs.citrix.com
To install the applications on the Installation Machine:
1. Log in to the Installation Machine.
2. Install the applications, along with any drivers, boot-level applications, or files that the user will need with it.
If an application installation requires a system restart, restart it manually. The Installation Machine does not restart
automatically.
3. Make sure the Installation Machine is in the state you want it to be for the user:
If the applications you install require any post-installation setup or application registration, complete these steps now.
Remove any settings, configurations, f iles, mapped drives, or applications that you do not want to include on the Unidesk
Machine.
Finalize the Application Layer
It is not necessary to log off or disconnect from the Installation Machine before you finalize the Application Layer. During
the finalization step, the software will shut down the Installation Machine properly.
After installing the applications on the Installation Machine, complete the following steps:
1. Return to the Unidesk Management Console
2. Select the Application Layer in the Layers module.
3. Select Finalize in the Action bar.
4. Monitor the Task bar to verify that the action completes successfully and that the Application Layer is deployable.
Layer integrity check
When finalizing a Layer, Unidesk checks to see if the Layer is ready. If any tasks remain to be completed, for example
Microsoft NGen or other Windows operations, it waits until all Windows operations that are in progress on the Installation
Machine have completed before finalizing the Layer. Otherwise, the new Layer or Layer version that uses this Installation
Machine would have issues. A Layer integrity message, lets you know what you can do to expedite the completion of
queued tasks that must be completed before a Layer is finalized.
Layer Int egrit y Message:Layer Int egrit y Message: The new version version-name of Layer layer-name on Installation Machine (IM) im-name can
only be finalized when the following conditions have been addressed:
A reboot is pending to update drivers on the boot disk - please check and reboot the IM.
A post-installation reboot is pending - please check and reboot the IM.
A Microsoft NGen operation is in progress in the background.
An MSI install operation is in progress - please check the IM.
See if you can expedite Microsoft NGen operations
About Microsoft NGen operations
NGen is the Microsoft "Native Image Generator". It is part of the .NET system, and basically re-compiles .NET byte code
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.124https://docs.citrix.com
into native images and constructs the registry entries to manage them. Windows will decide when to run NGen, based on
what is being installed and what Windows detects in the configuration. When NGen is running, you must let it complete. An
interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.
You have the choice of waiting for the NGen to complete in the background or you can force the NGen to the foreground.
Forcing the NGen to the foreground will allow you to view the progress and once the output has completed you should be
able to finalize the layer.
Force an NGen operation to the foreground
Normally, NGen is a background operation and will pause if there is foreground activity. Bringing the task into the
foreground can help the task to complete as quickly as possible.
1. Open a command prompt as Administrator.
2. Go to the Microsoft .NET Framework directory for the version currently in use:
cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
3. Enter the NGen command to execute the queued items:
ngen update /force
This brings the NGen task to the foreground in the command prompt, and lists the assemblies being compiled.
Not e:Not e: It’s okay if you see several compilation failed messages!
4. Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or
re-run ngen update /force. Do not reboot to stop the task. You must allow it to complete.
Check the status of an NGen operation
If you would prefer to wait for the NGen to complete you can check the status as described here. However, every time you
check the queue status, you are creating foreground activity, which might cause the background processing to temporarily
pause.
1. Open a command prompt as Administrator.
2. Check status by running this command:
ngen queue status
3. When you receive the following status, the NGen is complete, and you can finalize the Layer.
The .NET Runtime Optimization Service is stopped
Considerations
If applications affect boot-level components
Installing applications such as service packs, hot fixes, and antivirus applications can affect boot-level components, which
means you'll need to restart the Installation Machine. This will generate a system task to rebuild the Unidesk Machine's
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.125https://docs.citrix.com
boot image. Once Unidesk rebuilds the boot image, it shuts down the Installation Machine copies the boot-level
components to the boot volume, and restarts the Installation Machine. You can then finalize the layer or version.
Not eNot e : If the Installation Machine restarts before the boot image rebuild is complete, you will see a STOP message screen.
This is temporary.
About setting a script to run the first time the user logs in
When you create a Layer or Layer Version, you can specify a .cmd or .bat script to run the first time the Unidesk Machine
(Desktop or Session Host) is deployed. For example, you can use a script to complete the setup for an application.
The .cmd or .bat file is installed on the Installation Machine.
New Layer VersionsNew Layer Versions - When you create a new Layer Version, the new Version does not inherit the script from the
original Layer. If you want to include the script from the original Layer, you need to set the script for the Layer Version.
How to set a script
To set a script for a Layer or Layer Version:
1. Add the script file to the Installation Machine you are using to create the Layer or Layer Version.
Not e:Not e: To see whether a Layer Version already has a script configured, check by opening the Layer's Information view
and expand the Version entries.
2. Enter the script's path in the Layer or Layer Version's Script Path field. For example, enter C:\Scripts\SpecialScript.bat in
the Script Path field.
Once the script runs on a Unidesk Machine, it will not run again because the scripts are executed only once.
How to set a script to run more than once
To run a script more than once, you can:
Remove the Layer from the Unidesk Machine and then re-add it.
Click Deskt op > Edit Deskt opDeskt op > Edit Deskt op or Session Host > Edit Session HostSession Host > Edit Session Host , select the Applicat ion AssignmentApplicat ion Assignment tab, and
select RepairRepair for the layer.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.126https://docs.citrix.com
Assign applications to a desktop or session host
Jun 28 , 2017
Each Desktop and Session Host includes the applications that users require for their work. The Unidesk Management
Console lets you add, remove, or reinstall applications on deployable Desktops and Session Hosts.
Before you start
Check the Layers module to make sure that the required Application Layers are available.
Assign applications
1. Select Deskt ops > Deskt opsDeskt ops > Deskt ops or Session Host s > Session Host sSession Host s > Session Host s and select one or more of them.
2. Select the EditEdit action. This opens the Edit Desktop or Session Host wizard.
3. In the Application Assignment tab, select one or more applications from the Available LayersAvailable Layers list. By default, the
software selects the most recent version. To add or remove a specif ic version, complete the following steps:
1. Expand an application to view the available versions.
2. Select the box next to a version you want to use.
3. Clear the box next to a version that you want to remove.
4. If you want to reinstall a previously-assigned application, select Reinstall.
4. In the Maintenance Schedule tab, select a method for deployment of the configuration changes. You can deploy them
in any of the following ways:
Select or create a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame.
As soon as possible. This option deploys the configuration changes after you shut down the Desktops or Session
Hosts. Selecting this option overrides the current maintenance schedule.
Defer deployment until a specif ied date and time. This option defers deployment of configuration changes until the
specif ied time elapses. At that time, Unidesk deploys the configuration changes if the Desktops or Session Hosts are
shut down. Selecting this option overrides the current maintenance schedule.
When t he user logs out or reboot s t he Deskt op or Session Host s.When t he user logs out or reboot s t he Deskt op or Session Host s. This option defers deployment until the
user logs out or reboots.
5. In the Confirm and Complete tab, verify that the application assignment details are correct, and click Updat eUpdat e
Deskt op/Session HostDeskt op/Session Host . Unidesk deploys the configuration changes as specified by your Maintenance Schedule
selection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.127https://docs.citrix.com
Deploy anti-virus software
Jun 28 , 2017
You can deploy some of the most commonly-used anti-virus products in a Unidesk environment, including products from
Symantec, McAfee, Trend Micro, Sophos, Kaspersky, and AVG.
Not e:Not e: Some anti-virus products do not yet fully support Windows 10. Before implementing a Windows 10 layer, please
check the documentation for your anti-virus package to ensure that Windows 10 is supported.
General Guidelines
Anti-virus software update options
When deploying anti-virus software in a Unidesk layer, one of the considerations is how to handle the anti-virus updates.
You can either:
Turn on auto updates, and let the updates get stored in the user's Personalization Layer. If auto updates happen daily,
this might be the most convenient approach. Note that whenever there is a major product update, you'll need to reinstall
on the UEP by redeploying the layer to the Desktop with the Reinst all t he layerReinst all t he layer checkbox selected.
Turn off auto updates, and redeploy the layer for each update. This requires updating the layer whenever you want to
push out new updates.
We generally recommend using the method with which you're most comfortable. This probably means continuing to do
whatever you've been doing.
Before you start
When deploying any anti-virus software package in the Unidesk environment, you may need to:
Start the Remote Registry Service for any of the remote installations.
Disable the f irewall on the Desktop before installing to allow the products to install.
Disable Simple File sharing.
Enable/disable User Account Control (UAC).
Read the installation instructions for Virtual Desktop Infrastructure (VDI) deployments on the web site for the product
you are installing.
AVG software
About deploying AVG in a Unidesk environment
You can use a gold image or an Application Layer to deploy the AVG Business Edition anti-virus software in
the Unideskenvironment.
Use either of the following methods to deploy the AVG anti-virus software:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.128https://docs.citrix.com
Install the software on a gold image and import it to a new Operating System Layer.
Install the software on an Application Layer and assign the layer to new or existing Desktops.
The following version of AVG anti-virus software has been tested:
AVG 2013 Business Edition.
Install the software on a gold image
To deploy AVG software on a gold image:
1. Install the AVG software on the gold image.
2. Open the AVG application and select Option > Advanced Settings.
3. Select Temporarily Disable AVG Protection.
4. Click Temporarily Disable AVG Protection, and click OKOK to confirm.
5. Delete the following cache files:
C:\ProgramData\AVG2013\Chjw\*.*
6. Click Enable AVG Prot ect ionEnable AVG Prot ect ion.
7. Shut down the gold image.
8. Create an Operating System Layer using this gold image.
9. On newly deployed Desktops, it is recommended that you enable the Caching option again. You can do this
automatically through integration with AVG Remote Administrator.
Install the software on an Application Layer
1. Install the AVG software on the Application Layer.
2. Deploy the AVG layer to Desktops.
Kaspersky anti-virus software
About deploying Kaspersky software in a Unidesk environment
This section provides Kaspersky installation information that is specific to the Unidesk environment. See the Kaspersky
documentation for additional instructions about deploying the software in a VDI environment. And, for details about using
Kaspersky for non-persistent Desktops in a VDI environment, please read the section on Dynamic VDI Support in this
Kaspersky article.
Use the following methods to deploy the Kaspersky anti-virus software:
Install the software on an Application Layer or Application Layer revision.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.129https://docs.citrix.com
Install the software on the gold image you import into an Operating System Layer.
Install the software on an Operating System Layer revision.
The following versions of Kaspersky Endpoint Security for Business have been tested.
Kaspersky Security Center 10.2.434.
Kaspersky Endpoint Security 10 for Windows 10.2.1.23 (a).
Note: Encryption with Kaspersky 10.2 is not supported. Kaspersky 10.2 Encryption uses a form of disk virtualization that
bypasses the Unidesk virtualization, and as such is incompatible with Unidesk. When deploying Kaspersky 10.2 make sure
to deselect the Encryption options before deploying the application.
If you plan to use a new Operating System Layer to deploy the Kaspersky software, install the software on the gold
image BEFORE you install the Unidesk Tools.
If you plan to use the Kaspersky Administration Server to manage the Desktop, install both Kaspersky Anti-Virus for
Workstations and Kaspersky NetAgent on the Installation Machine (for Application Layers or layer revisions) or on a gold
image (for a new Operating System Layer).
If you do not plan to use the Kaspersky Administration Server, install Kaspersky Anti-Virus for Workstations only on
the Installation Machine or the gold image.
When you install the Kaspersky NetAgent, clear the selection for the start application during install option.
When you install the Kaspersky Anti-Virus for Workstations in a stand-alone configuration, do not enable password
protection for any of the administrative options. The password you enter on the Installation Machine or gold image
does not work on the Desktop after you deploy the software.
After you install the Kaspersky software on an Installation Machine (for Application Layers or layer revisions), a system
restart (and Desktop image rebuild) is required.
Kaspersky 10.1 special requirement
Before adding Kaspersky 10.1 to either the gold image or to a layer, you need to add a value to the Unifltr service in the
registry. Here's how:
1. Run regedit.
2. Navigate to the HKLM\Syst em\Current Cont rolSet \Services\Unif lt rHKLM\Syst em\Current Cont rolSet \Services\Unif lt r key.
3. Right click in the right hand pane and a DWORD value.
4. Set the name of the value to MiniFilt erBypassMiniFilt erBypass .
5. Set the value to 11.
6. Exit regedit.
7. Reboot the machine, as the setting is only read at boot time.
Special steps for installing the software on an Application Layer
Complete the following steps when you install the Kaspersky software on an Application Layer:
1. Install the Kaspersky software on the Installation Machine.
Note: If you will be deploying non-persistent Desktops running Kaspersky, you need to mark the image as a Dynamic VDI
so that the Kaspersky Administration Server considers the clones of this image dynamic, and when a clone is turned off,
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.130https://docs.citrix.com
its information is automatically deleted from the database. To mark the image of a dynamic VDI, install the Kaspersky
Network Agent with the Enable dynamic mode f or VDIEnable dynamic mode f or VDI parameter enabled. For details, see the section of this article
on Dynamic VDI Support.
2. Restart the Installation Machine using the Hyper-V client.
3. Finalize the layer in the usual way.
If you assign the Application Layer with the Kaspersky software to a Desktop when you create it, the Kaspersky NetAgent
might not start the first time a user logs in to the Desktop. Restart the Desktop to start the NetAgent software.
Possible issues
The following interoperability issues can occur on Unidesk Desktops that have Kaspersky anti-virus software installed.
Kasperky NetAgent startup
If you use an Application Layer to deploy the Kaspersky NetAgent software to a Desktop, the NetAgent software might
not start the first time the Desktops restarts. When this occurs, the Windows Event Viewer might display the following
error:
#1266 (0) Transport level error while connection to : authentication failure
If the NetAgent software doesn't start, restart the Desktop. The NetAgent software should start properly at that time.
Kasperky 10 - End-user Pause causes Network Attack Blocker to stop working
When using Kaspersky 10, the end-user Pause causes the Network Attack Blocker to stop working. To fix this issue, restart
the Kaspersky software. The Network Attack Blocker will continue running as expected.
McAfee anti-virus software
About deploying McAfee in a Unidesk environment
The following procedures describe how to use an Operating System Layer or an Application Layer to deploy the McAfee
anti-virus software in a Unidesk environment. These procedures are based on the McAfee Product Guides.
You can find McAfee documentation at the following locations:
ePolicy Orchestrator 4.6:
https://kc.mcafee.com/corporate/index?page=content&id=KB71037
Install the software on a gold image that you import into an Operating System Layer.
Install the software on an OS Layer version.
Install the software on an Application Layer and assign the layer to new or existing Desktops.
The following versions of McAfee anti-virus software have been tested:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.131https://docs.citrix.com
ePolicy Orchestrator (ePO), version 4.6.305.0.
McAfee Agent, version 4.8.0.1500.
VirusScan Enterprise, version 8.8.0.1247.
Not e:Not e: The ePolicy Orchestrator server was used to create the McAfee Agent installation package, as described in
"Creating custom agent installation packages" in the McAfee ePolicy Orchestrator Product Guide.
The requirements for installing the McAfee anti-virus software in a Unidesk gold image or Application Layer are the same as
those for Including the agent on an image outlined in the McAfee ePO product guide.
Depending on the McAfee version, you might need to remove the Globally Unique Identifier (GUID) for the McAfee Agent
after you install it . Refer to the McAfee documentation for the version of the software you are using to determine if this
step is recommended or required.
Install the software on a gold image
Use this procedure if you plan to use an Operating System Layer to deploy the McAfee anti-virus software
on UnideskDesktops.
1. Install the McAfee Agent software on the gold image. The gold image becomes visible in the ePolicy Orchestrator
System Tree systems list.
2. Install the McAfee VirusScan Enterprise software on the gold image:
1. When prompted to remove Windows Defender, click Yes.
2. Allow the McAfee Agent Updater to complete an update. This step can take several minutes to complete.
3. Click Finish to complete the installation.
3. When the installation completes, the f irst scan begins. Allow the scan to complete.
4. Change the McAfee Start value:
1. Open the McAfee VirusScan Console, and disable the AccessProtection.
2. Open the registry editor (regedit), go to [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mfehidk], and
change the St artSt art value from 00to a 11.
3. Back in the McAfee VirusScan Console, re-enable the AccessProtection.
5. If McAfee requires it for your VDI setup, remove the GUID for the Agent (check the McAfee documentation to
determine if this step is necessary):
1. Open the registry editor (regedit).
2. Locate the following registry key and delete it:
64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432Node\Network Associates\ePolicy
Orchestrator\Agent\AgentGUID
6. Shut down the gold image and import it in to an Operating System Layer.
Install the software on an Application Layer
Use this procedure if you plan to use a layer to deploy the McAfee anti-virus software on Unidesk Desktops.
1. In the Unidesk Management Console, complete the Create Layer wizard.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.132https://docs.citrix.com
2. If you are layering McAfee on the Windows 8.1 OS, turn off Windows Defender.
3. When prompted to install the software, install the McAfee Agent software on the Installation Machine. After this
installation completes, the Installation Machine is visible in the ePolicy Orchestrator System Tree systems list.
This installation causes a system task to start, indicating that a rebuild of the boot image for the Installation Machineis
required.
4. Install the McAfee VirusScan Enterprise (VSE) software on the Installation Machine.
1. If prompted to remove Windows Defender, click Yes.
2. If layering McAfee on Windows 8.1, re-install the VSE software on the Installation Machine using f iles from the
McAfee EPO server. Otherwise, allow the McAfee Agent Updater to complete an update. This step can take several
minutes to complete.
3. Click Finish to complete the installation.
5. Change the McAfee Start value:
1. Open the McAfee VirusScan Console, and disable the AccessProtection.
2. Open the registry editor (regedit), go to [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mfehidk], and
change the St artSt art value from 00to a 11.
3. Back in the McAfee VirusScan Console, re-enable the AccessProtection.
6. If McAfee requires it for your VDI setup, remove the GUID for the Agent (check the McAfee documentation to
determine if this step is necessary):
1. Open the registry editor (regedit).
2. Locate the following registry key and delete it:
64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\WoW6432Node\Network Associates\ePolicy
Orchestrator\Agent\AgentGUID
7. Finalize the Application Layer and deploy the Layer in the usual way.
Possible interoperability issues
The following interoperability issues can occur on Unidesk Desktops that have McAfee anti-virus software installed.
If the McAfee anti-virus software on a Unidesk Desktop is configured to scan script files, you can experience long delays
when you try to open video files in the Microsoft Internet Explorer web browser.
When you try to open these files, the McAfee software and Unidesk try to perform operations on these files at the same
time. This conflict causes a delay in running the video file. All other windows and applications continue to function normally.
If you encounter this type of delay, wait for the video file to run. Eventually, the McAfee operation times out and
the Unideskoperation completes.
This issue has no affect on the ability of the anti-virus software to check the video files for viruses.
If Desktops with a McAfee layer are not visible from ePolicy Orchestrator, you can fix the issue by using the steps outlined
in the following McAfee knowledge base article:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.133https://docs.citrix.com
https://kc.mcafee.com/corporate/index?page=content&id=KB56086
McAfee MOVE AntiVirus software
About deploying McAfee MOVE AntiVirus software in a Unidesk environment
The following procedures describe describes how to deploy the McAfee MOVE AntiVirus software in a Unidesk
environment.
Not e:Not e: These instructions assume that you have installed and configured McAfee MOVE AntiVirus software on McAfee
ePolicy Orchestrator (ePO).
Use the following method to deploy the McAfee MOVE AntiVirus software.
Install the software on an Application Layer and assign the layer to existing desktops.
The following versions of McAfee MOVE AntiVirus software have been tested:
McAfee Agent for Windows, version 4.8.0.1938
McAfee AV MOVE Multi-Platform client, version 3.6.0.347
McAfee VirusScan Enterprise, version 8.8.0.1247
McAfee AV MOVE Multi-Platform Offload Scan Server, version 3.6.0.347
Ensure that the following condition is met before deploying McAfee MOVE AntiVirus software.
For Windows 7 and 8.1: Windows Defender is turned off .
Create a McAfee Agent MOVE AV CLIENT Application layer
Use these steps to create a McAfee Agent MOVE AV CLIENT Application layer in Unidesk.
1. In the Unidesk Management Console (UMC), select Layers > Application Layer > Create Layer. The Create Layer Wizard
appears.
2. Complete the Create Layer Wizard and click Create Layer on the Confirm and Complete tab.
3. View the current tasks in the UMC. At f irst, the Create Application Layer <layer_name> task has a "Running" status.
When the status of the Create Application Layer <layer_name> task changes to 'Action Required', log in to the
Installation Machine (IM) as Administrator.
4. Push the McAfee Agent software to the IM using the McAfee ePolicy Orchestrator. The IM becomes visible in the ePO
System Tree list and the McAfee icon appears in the taskbar of the IM.
5. Use the Product Deployment task on the ePO to install the McAfee MOVE AV [Multi-Platform] Client on the IM.
6. Restart the IM and log in to it again as Administrator.
7. On the IM, delete the value for the registry key named AgentGUID from one of the following locations, depending on
your Windows operating system:
1. 32-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\ePolicy Orchestrator\Agent
2. 64-bit: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Network Associates\ePolicy Orchestrator\Agent
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.134https://docs.citrix.com
8. Shut down the IM.
9. Finalize the Application layer.
Microsoft Security Essentials
About deploying Microsoft Security Essentials in a Unidesk environment
The following procedures describe how to use an Operating System Layer or an Application Layer to deploy the Microsoft
Security Essentials anti-virus software in a Unidesk environment.
Use one of the following methods to deploy the Microsoft Security Essentials anti-virus software:
Install the software on a gold image that you import into an Operating System Layer.
Install the software on an OS Layer Version.
Install the software on an Application Layer.
The following version of Microsoft Security Essentials anti-virus software has been tested:
Microsoft Security Essentials 2012, version 4.6.305.0
The Microsoft Security Essentials anti-virus software in a Unidesk gold image, Operating System Layer Version,
or Application Layer.
You must enable the Windows Update service, but do not use the windows updates themselves. The updates themselvesmust remain disabled.
Configure Microsoft Security Essentials for Windows 7 on a Unidesk Layer Version
Use these steps to configure Microsoft Security Essentials on Windows 7 (32- or 64-bit).
By default, the Windows Update service is disabled by the Unidesk Optimization scripts, so to correctly deploy Microsoft
Security Essentials as either an Operating System or Application Layer on Windows 7, you must do the following.
1. Create a new Operating System or Application Layer version.
2. Go to C:\windows\setup\scripts and re-run the Unidesk Optimization Script Builder (if it was deleted, download it again).
3. In the Unidesk Optimization Script Builder, deselect Disable Windows Updat e ServiceDisable Windows Updat e Service .
4. Finalize the Layer.
The Update service startup type will change from Disabled to Manual. Windows updates will not be enable, which is a
Unidesk requirement.
During installation, check services.mscservices.msc and make sure that the Windows Update Service startup type is set to Manual. Ifit’s not, changethe Windows Update Service startup type to ManualManual and restart Windows.
Troubleshooting failed Microsoft Windows Essentials updates
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.135https://docs.citrix.com
If the Microsoft Security Essentials update fails on a Desktop because Windows updates are turned off, try the following.
Unless you have disabled Windows Updates using the Local Group Policy Editor, turn Windows Updates on using the
Control Panel. This allows Microsoft Security Essentials to update on the Desktop.
If you disabled Windows Updates using the Local Group Policy Editor, you need to:
1. Run regeditregedit and remove the Local Group Policy.
2. Reboot the machine.
3. Enable Windows Updates from Control Panel.
Sophos Cloud Anti-Virus - All supported OperatingSystems
Before you start
Create and activate your Sophos Cloud 11.0 account, as described in the Sophos documentation:
https://www.sophos.com/en-us/products/cloud.aspx
Install the Sophos Cloud software on a new version of the Operating System Layer
1. In the Unidesk Management Console, select Layers > OS Layers > Add VersionLayers > OS Layers > Add Version.
2. When the task status changes to Action Required, .prepare your Installation Machine (IM) according to the General
Guidelines for deploying anti-virus software.
3. Join the Installation Machine to the domain.
Note: The Sophos installer creates Groups and puts users to them, so the Installation Machine must be in the domain..
4. On the Installation Machine, log into your Sophos Cloud console (https://cloud.sophos.com/login ).
5. Download SophosInstall.exe from your Sophos Cloud account.
Import ant :Import ant : Do not use the emailed installer for this installation.
6. Install the Sophos Cloud software onto the Installation Machine.
7. When the task to install Sophos has completed (or indicates that an Action is required), restart the Installation Machine.
8. In your Sophos Cloud console, click Report s > Event sReport s > Event s and ensure that the computer is managed in Sophos Cloud and
up-to-date before continuing.
9. Stop and disable the following Windows services:
Sophos MCS Client
Sophos MCS Agent
10. Delete the following f iles:
Windows 7 | Windows 8.1
C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\Credentials
C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\EndpointIdentity.txt
C:\ProgramData\Sophos\Management Communications System\Endpoint\Persist\*.xml
C:\ProgramData\Sophos\AutoUpdate\data\machine_ID
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.136https://docs.citrix.com
11. Edit the Sophos configuration:
1. Navigate to the Sophos configuration folder for your operating system:
Windows 7 | Windows 8.1
C:\ProgramData\Sophos\Management Communications System\Endpoint\Config\
2. Create or open a file called registration.txt, and add the following lines to this file:
[McsClient]
Token=value_of_MCS_REGISTRATION_TOKEN
where value_of_MCS_REGISTRATION_TOKEN is the value of the MCS_REGISTRATION_TOKEN, which identifies
your Sophos Cloud account. You must extract the value of this token from SophosInstall.exe, as described in Sophos
Article ID: 119699.
12. Edit the Sophos setup f ile:
1. In the folder listed below, create a file called SophosSetup.cmd.
Windows 7 | Windows 8.1
C:\Windows\Setup\scripts\kmsdir
2. Add the following lines to this file, including the double quotes:
sc config "Sophos MCS Client" start= auto
sc config "Sophos MCS Agent" start= auto
net start "Sophos MCS Client"
net start "Sophos MCS Agent"
13. Edit the commands to run each time Sophos is started:
Windows 7 | Windows 8.1
1. Edit the f ile c:\Windows\Setup\scripts\kmsdir\kmssetup.cmd.
2. Add the following script to the section labeled, Commands to run every boot. This script runs the SophosSetup.cmd
file. Script details:
REM Change Sophos Service to Automatic - once
If EXIST SophosSetup.cmd (
echo !date!-!time!-kmssetup.cmd:Call SophosSetup.cmd >> SophosSetuplog.txt
Call SophosSetup.cmd >> SophosSetuplog.txt
Copy SophosSetup.cmd SophosSetupCMD.txt >> SophosSetuplog.txt
Del SophosSetup.cmd >> SophosSetuplog.txt
)
14. Join the Installation Machine back to the workgroup.
15. Finalize the Operating System Layer in usual way.
16. To become protected, Persistent Desktops need to be restarted an extra time, Use the Unidesk Management Console
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.137https://docs.citrix.com
to restart the Desktop.
Sophos Cloud net work icon st at us:Sophos Cloud net work icon st at us: On Windows 7 Desktops, the Sophos Network icon shows status as disconnected,
when in fact the connection is working fine.
Sophos Anti-Virus - Windows 7 and Windows 8.1Desktops
About deploying Sophos to new Windows 7 Desktops
This section explains how to deploy the Sophos anti-virus software on new or existing Desktops. You can add Sophos Anti-
virus to either the gold image or to a Version of the Operating System Layer.
These procedures are based on the Sophos knowledge base article that describes how to configure a Desktop to
communicate with the Enterprise Console when the Desktops are used in a VDI environment.
You must always use a gold image or an Operating System Layer Version to deploy Sophos software. You cannot deploy
Sophos software as an Application layer. This is because Sophos creates a user account that it uses for updates on the
Desktops it manages, and Unidesk supports these user accounts in the gold image or Operating System Layer Version.
The following version of Sophos anti-virus software has been installed:
Sophos Enterprise Console version 5.2.2.
Sophos Endpoint Security and Control version 10.3.
Note: If Sophos is unable to update the Sophos Auto Update module, all virus signature updates will also fail. To allow
Sophos to update its own updater, edit your OS Layer and delete this directory:
C:\ProgramData\Sophos\AutoUpdate\Cache\sau
Configure the gold image or the Operating System Layer Version
To deploy Sophos in the Unidesk environment:
1. Install the Sophos software on the gold image or Operating System Layer Version.
2. If using a gold image, make sure the Unidesk Tools are installed on the image. If using an Operating System Layer Version,
you can skip this step.
When prompted, allow the system to restart, but do not shut down the gold image after installation finishes. Instead,
complete the rest of this procedure first.
3. Stop and disable only the Sophos services listed in this step. When you deploy the Desktops, a Mini-Setup runs. Disabling
the specif ied services ensures that the Sophos services do not start until the Mini-Setup completes.
Sophos Agent
Sophos AutoUpdate Service
Sophos Message Router
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.138https://docs.citrix.com
4. Open the registry editor (using regedit) and delete the pkc and pkp values for the following keys:
Windows 32-bit systems
HKLM\Software\Sophos\Messaging System\Router\Private\
HKLM\Software\Sophos\Remote Management System\ManagementAgent\Private\
Windows 64-bit systems
HKLM\Software\Wow6432Node\Sophos\Messaging System\Router\Private\
HKLM\Software\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private\
5. Delete the following files:
C:\ProgramData\Sophos\AutoUpdate\data\machine_ID.txt
C:\ProgramData\Sophos\AutoUpdate\data\status\status.xml
6. Rename the directories:
From: C:\ProgramData\Sophos\AutoUpdate\Cache\savxp
To: C:\ProgramData\Sophos\AutoUpdate\Cache\savxp.copy
From: C:\ProgramData\Sophos\AutoUpdate\Cache\rms
To: C:\ProgramData\Sophos\AutoUpdate\Cache\rms.copy
This step is required because Unidesk blocks attempts to rename directories that exist on a gold image and the Sophos
update requires it to rename these directories.
7. Create a file named SophosSetup.cmd and place it in the C:\Windows\Setup\scripts\kmsdir folder. (If the folder doesn't
exist, create it).
8. Add the following lines to SophosSetup.cmd (include the double quotes as shown below):
cd "c:\ProgramData\Sophos\AutoUpdate\Cache"
xcopy savxp.copy\*.* savxp\*.* /s/y
xcopy rms.copy\*.* rms\*.* /s/y
sc config "Sophos Agent" start= auto
sc config "Sophos AutoUpdate Service" start= auto
sc config "Sophos Message Router" start= auto
net start "Sophos Agent"
net start "Sophos AutoUpdate Service"
net start "Sophos Message Router"
9. Edit the c:\Windows\Setup\scripts\kmsdir\kmssetup.cmd file, and add the following script to the section labeled,
'Commands to run every boot'. This script runs the SophosSetup.cmd file.
Script details: The script checks for theSophosSetup.cmd file, and if it 's there, runs it. It then copies
the SophosSetup.cmd file to document it, and deletes the file so it only runs once. If the Layer is ever reinstalled, then
the SophosSetup.cmd file will come back, and the script will be run again. On a Non-persistent Desktop the script will be
run before the Non-persistent disk conversion.
Example of kmssetup.cmd with Sophos script
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.139https://docs.citrix.com
REM Change Sophos Service to Automatic - once
If EXIST SophosSetup.cmd (
echo !date!-!time!-kmssetup.cmd:Call SophosSetup.cmd >> SophosSetuplog.txt
Call SophosSetup.cmd >> SophosSetuplog.txt
Del SophosSetupCMD.txt >> SophosSetuplog.txt
Copy SophosSetup.cmd SophosSetupCMD.txt >> SophosSetuplog.txt
Del SophosSetup.cmd >> SophosSetuplog.txt
)
10. If you are using a gold image, shut down the gold image, and use the Unidesk Management Console to create a new
Operating System Layer. This imports the gold image into the new Operating System Layer.
If you are using an Operating System Layer Version, finalize the version in the usual way.
11. To become protected, Persistent Desktops need to be restarted an extra time. Use the Unidesk Management Console
to restart the Desktop.
Optional: Adjust the security identifier
After importing the gold into an Operating System Layer, you might need to create a new version for the Operating System
Layer to update the security identifier (SID) values in one of the Sophos configuration files. The following Sophos
knowledge base article explains how to update the security identifier (SID) values in one of the Sophos configuration files.
When do I need to adjust the SID?
If you deploy a Desktop using the Operating System Layer with the Sophos software and the user cannot open the
Sophos Endpoint Security and Control user interface, you need to adjust the SID.
SID adjustment procedure
You can do these steps either before or after importing the gold image into the Unidesk environment. Before you have
imported the gold image into the Unidesk environment, you can do these steps on the gold image. If you have already
imported the gold image, you may do these steps by either editing the latest Operating System Layer revision, or by
creating a new revision of the Operating System Layer.
1. Download the script f ile called UpdateSID.vbs from the Sophos web site. Place this f ile in
the C:\Windows\Setup\Scripts directory. This script is required to f ix the machine ID after a Desktop has been deployed.
2. Edit the C:\Windows\Setup\Scripts\SophosSetup.cmd file, and add the following two lines to the end of the file:
cd \Windows\setup\scripts
cscript.exe UpdateSID.vbs //B
3. If this is a an OS layer version, finalize the version in the usual way.
You can now create Desktops using this version of the Operating System Layer. The Desktops should be able to connect
to the Enterprise Console, register, and update according to the update schedule.
Symantec Endpoint Protection software
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.140https://docs.citrix.com
About deploying Symantec Endpoint Protection software in a Unidesk environment
You can deploy the Symantec™ Endpoint Protection application using any of the following methods.
Install the application on a gold image, then import the gold image into an Operating System Layer.
Install the application as an OS Layer version.
Install the application as part of an Application Layer.
Not e:Not e: On-access scanning is recommended in Unidesk Deployments. You can use the Symantec Shared Insight Cache to
improve performance by avoiding the rescan of files in a Layer after the files have been marked 'clean.'
The following table describes virus scan behavior on Unidesk Desktops.
ScanScant ypet ype
BehaviorBehavior
On-access
Microsoft Windows 7: On-access scans work as expected on all Unidesk Desktops.
ManualMicrosoft Windows 7: If you turn off User Account Control (UAC), a manual virus scan examines only the files
on the virtual machine's boot volume. You should keep UAC enabled when you install the software.
Symantec Endpoint Protection Client and Manager support:
v 12.1.5 (12.1 RU5 build 5337, 12.1.5337.5000)
Install software using Symantec Endpoint Protection Manager
If you are using the Symantec Endpoint Protection Manager to install the Symantec Endpoint Protection Client onto a
gold image or an Installation Machine, follow these steps.
This procedure uses Computer Mode as the deployment method.
1. In the Symantec Endpoint Protection Manager, locate the gold image (if you are using an Operating System Layer) or
the Installation Machine (if you are using an Application Layer or layer revision).
1. Select Clients > Find Unmanaged Computers.
2. Enter the appropriate search criteria in the displayed window.
3. Install the software.
2. Log into the Installation Machine and turn T amper Prot ect ionT amper Prot ect ion off .
3. Turn off the registry entry for “Stealth” protection (shown below). This allows scanning to work even if User Account
Control (UAC) is turned on.
For 32-bit machines:
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Common]
"ScanStealthFiles" = (REG_DWORD) 0
For 64-bit machines:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.141https://docs.citrix.com
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Common]
"ScanStealthFiles" = (REG_DWORD) 0
4. Using regedit, change the Group and Tag values for each ccSettings GUID.
1. Go to [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ccSettings_{GUID}]. If there is more than one
ccSettings_{GUID}, start with the first one.
Not e:Not e: When you first install Symantec, there is one ccSettings_{GUID}, and each time you upgrade the application,
another GUID is added.
2. For each ccSettings_{GUID}, change the GroupGroup value from FSFilt er Bot t omFSFilt er Bot t om to FSFilt er Virt ualizat ionFSFilt er Virt ualizat ion.
3. Then change the TagTag value to an 88 for the first GUID, and add 11 to the value for each succeeding GUID. So, for the
next GUID the value will be 99, the one after that will be 1010, etc.
5. Restart the Installation Machine or Gold image, then restart the Installation Machine as often as necessary until the
post-installation reboot request no longer appears in the Unidesk Manager Console.
6. Turn T amper Prot ect ionT amper Prot ect ion back on.
7. For SEP 12.1.x, use the instructions in the following knowledge base article to prepare the machines to deploy the
software in a VDI environment.
How to prepare a Symantec Endpoint Protection 12.1 client for cloning:
http://www.symantec.com/docs/HOWTO54706
8. Shut down the Gold image and import it in to an Operating System Layer or Finalize IM.
Installation considerations
When you deploy the Symantec Endpoint Protection application, the Unidesk software needs to rebuild the Desktop or
Installation Machine image several times during deployment (depending on how you deploy this application). This behavior is
expected, as the Symantec Endpoint Protection software does not complete the full configuration of boot-level
components during the initial installation.
The Symantec Endpoint Protection software:
Installs some of the required drivers and restarts the Desktop or Installation Machine.
Updates additional components and restarts the Desktop or Installation Machine again.
Completes the installation and restarts the Desktop or Installation Machine one more time.
You will need to manually reboot the machine after the Symantec Endpoint Protection software completes each of the
remaining configuration tasks, which include:
Installation of the required drivers.
Update of additional components required on the boot partition.
Completion of the installation.
You will need to log into the machine and watch the Unidesk Console for System tasks assigned to the Desktop or
Installation Machine. To see these System tasks, expand the Task bar, and click Show Hidden TasksShow Hidden Tasks. Each time a system
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.142https://docs.citrix.com
task appears for the Desktop or installation machine, manually reboot the machine.
To complete the installation, repeat this process until system tasks no longer appear. If installing on an installation machine,
you are ready to finalize the package.
If you are deploying the Symantec software to Non-persistent Desktops, it must be included when creating the Desktop.
If you add an Application Layer containing Symantec Endpoint Protection to an existing Non-persistent Desktop, two
entries per Desktop will show up in the Symantec Endpoint Protection Manager.
1. In the SEPM console, go to the AdminAdmin page, and select DomainsDomains.
2. Under T asksT asks, select Edit Domain Propert iesEdit Domain Propert ies .
3. In the Edit Domain Properties window, on the default General tab, note the option to Delet e client s t hat have notDelet e client s t hat have not
connect ed f or specif ied t imeconnect ed f or specif ied t ime. A recommended value for large enterprise environments would be 7 to 14 days.
4. For details, see Solution 2 in this SEP article.
If you plan to deploy Symantec Endpoint Protection in a layer please note that the Symantec Help (SymHelp) diagnostic
tool requires that 2 files be placed in the UEP. In order to do, create a script with the following lines and place the path to it
in a script path when applying the Symantec layer.
pushd "C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\IRON"
copy Iron.db Iron.db.save
copy Iron.db.save Iron.db /y
copy RepuSeed.irn RepuSeed.irn.save
copy RepuSeed.irn.save RepuSeed.irn /y
popd
Trend Micro OfficeScan anti-virus software
About deploying Trend Micro OfficeScan software in a Unidesk environment
The following procedures describe how to use an Operating System Layer or an Application Layer to deploy the Trend
Micro™ OfficeScan anti-virus software in the Unidesk environment. These procedures are based on the Trend Micro
documentation for deploying Desktops in a VDI environment.
Please refer to the following Trend Micro document, as it is important to understand their recommendations when
installing the software:
http://esupport.trendmicro.com/solution/en-us/1056314.aspx
For Knowledge base articles and Forum discussions on other Trend Micro products, search the Unidesk site.
Use any of the following methods to deploy the Trend Micro anti-virus software:
Install the software on a gold image and import it to a new Operating System Layer.
Install the software on an OS Layer version.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.143https://docs.citrix.com
Install the software on an Application Layer and assign the layer to new or existing Desktops.
Important
If you install Trend Micro OfficeScan on a gold image or OS Layer version, you must run the OfficeScan TCacheGen.exe file
on the gold image or Operating System Layer, and on every Application Layer that uses that gold image or Operating
System Layer.
In addition, whenever you create an Application Layer or layer version, you must run TCacheGen.exe again on every layer
that uses the Operating System Layer containing Trend Micro OfficeScan.
Once you run TCacheGen.exe, do not run the Installation Machine again.
You can copy TCacheGen.exe from the OfficeScan server, as specified in the Trend Micro documentation. Typically, this file
is located in the \\<TrendServerName>\ofcscan\Admin\Utility\TCacheGen folder.
The following version of Trend Micro anti virus has been tested:
Trend Micro OfficeScan Client and Server version 11.
Trend Micro OfficeScan Client and Server version 10.6.
Install the software on a gold image
1. Install the Unidesk Tools on the gold image.
This procedure requires that the Globally Unique Identifier (GUID) for the Trend Micro software is removed before you
import the gold image in to an Operating System Layer (see step 4). When you install the Unidesk Tools, a system restart
is required, which creates a new GUID. Therefore, you must install the Unidesk Tools first, allow the installation to restart
the machine, and then remove the GUID that the restart created.
2. For OfficeScan 11, Unauthorized Change Prevention service is not supported by Unidesk. Therefore, this service has to be
disabled for whole OfficeScan Server:
1. In the web console, go to Agent s > Agent ManagementAgent s > Agent Management .
2. Select Of f iceScan ServerOf f iceScan Server. Right-click Of f iceScan ServerOf f iceScan Server and go to Set t ings > Addit ional service set t ingsSet t ings > Addit ional service set t ings. An
Additional service settings window appears.
3. Clear the check box Enable service on t he f ollowing operat ing syst emsEnable service on t he f ollowing operat ing syst ems for Unaut horized ChangeUnaut horized Change
Prevent ion servicePrevent ion service .
3. Install the Trend Micro Micro OfficeScan Client on the Installation Machine. If prompted, restart the Installation
Machine to allow the boot image to rebuild.
4. Copy the TCacheGen.exe file from the OfficeScan server, as documented in step 1 in the Trend Micro documentation.
Typically, this file is located in the \\<TrendServerName>\ofcscan\Admin\Utility\TCacheGen folder.
5. Run the TCacheGen.exe as described in Step 2 of the Trend Micro documentation.
6. Click Remove GUID from the Template and click OK.
7. Shut down the gold image.
8. Create an Operating System Layer using the gold image in the usual way.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.144https://docs.citrix.com
Important: Any time you add a version to this layer, you must run the TCacheGen.exe and remove the GUID again. This
ensures that the Desktops that use this layer operate correctly.
Install the software on an Application Layer
1. In the Unidesk Management Console, complete the Create Layer Wizard in usual way.
2. For OfficeScan 11, Unauthorized Change Prevention service is not supported by Unidesk. Therefore this service has to be
disable for whole OfficeScan Server:
1. In the web console, go to Agent s > Agent ManagementAgent s > Agent Management .
2. Select Of f iceScan ServerOf f iceScan Server. Right-click Of f iceScan ServerOf f iceScan Server and go to Set t ings > Addit ional service set t ingsSet t ings > Addit ional service set t ings. An
Additional service settings window appears.
3. Clear the check box Enable service on t he f ollowing operat ing syst emsEnable service on t he f ollowing operat ing syst ems for Unaut horized ChangeUnaut horized Change
Prevent ion servicePrevent ion service .
3. Install the Trend Micro OfficeScan Client on the Installation Machine. If prompted, restart the Installation Machine to
allow the boot image to rebuild.
4. After the Installation Machine restarts, copy the TCacheGen.exe file from the OfficeScan server, as documented in step
1 in the Trend Micro documentation. Typically, this file is located in the \\
<TrendServerName>\ofcscan\Admin\Utility\TCacheGen folder.
5. Run the TCacheGen.exe as detailed in Step 2 of the Trend Micro documentation.
6. Click Remove GUID from the Template and click OK.
7. Finalize the layer.
Important: Any time you add a version to this layer, you must run the TCacheGen.exe and remove the GUID again. This
ensures that the Desktops that use this layer operate correctly.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.145https://docs.citrix.com
Deploy Windows 8.1 applications in Layers
Jun 28 , 2017
To deliver applications on Windows 8.1 via Unidesk Layers, you need to build the applications so they can be centrally
managed. This is because Windows Store Apps are managed via each user's profile and can only be deployed to one user.
Regular Windows Store apps, like Bing Finance and Weather, cannot be sideloaded or layered. You can, however, deliver
centrally managed applications on Windows 8.1 by sideloading Enterprise applications, also called Line of Business (LoB)
applications.
Requirements to run Windows 8.1 Enterprise Line of Business (LoB) apps include:
Apply a Security Certif icate.
(Manual or automatic) During the creation of the application, a security certif icate .cer f ile is created (building a test app
creates a simple certif icate, actual enterprise apps will use more robust certif icates that are applied through GPOs) and
needs to be applied before the app is applied. Install Root Certif icate for LoB apps.
Enable app Sideloading.
Enable Allow all t rust ed apps t o inst allAllow all t rust ed apps t o inst all. This policy setting is under Computer Configuration\Policies\Administrative
Templates\Windows Components\App Package Deployment.
Join a domain.
Make sure the system is in a domain.
Microsoft provides several resources for building Windows Store LoB apps, including:
Design case study: Enterprise line of business Windows Runtime app
Building Windows Store Line-of-Business Applications
Building Windows 8 Line of Business Apps
Microsoft lets you deploy an LoB app by sideloading it for all users or for one user, and you can do either with Unidesk.
Sideloading an app is done by running a few commands in Windows PowerShell.
Sideload the app for all users
You can sideload an app for all users by using the Deployment Image Servicing and Management (DISM) tool. DISM is a
command-line tool that you can use to service a Windows image, either online or offline. You can use DISM to provision a
Windows Store app in an online Windows image for all users who share the computer. To do that, you use the DISM Add-
ProvisionedAppxPackage option, as follows:
1. Log on using an account with administrative privileges on the computer. You must use an administrator account here,
because you are provisioning an app in the image.
2. On the Start screen, type PowerShellPowerShell and press Ct rl/Shif t /Ent erCt rl/Shif t /Ent er.
3. On the User Account Control dialog box, click YesYes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.146https://docs.citrix.com
4. At the Windows PowerShell prompt, run the following command, where SampleApp is the path and file name of the
package file you created (e.g., c:\myapps\MySample_1.0.0.0_AnyCPU_Debug.appx):
DISM /Online /Add-ProvisionedAppxPackage /PackagePath:“SampleApp” /skiplicense
5. Monitor the installation, and close the Windows PowerShell window after it finishes.
For more about DISM, see the Microsoft Deployment Image Servicing and Management Technical Reference.
Sideload the app for a user
You can sideload the app for the current user account. If another user were to log onto the computer, the app would not
be available to them.
Here are the steps to sideload an app for a user:
1. Log onto the domain using the target account, because you cannot run the sample app by using the built-in local or
domain Administrator account. You can use a standard user account.
2. On the Start screen, type PowerShell and press Enter.
3. At the Windows PowerShell prompt, run the following commands, where SampleApp is the path and name of the
package file you created (e.g., c:\myapps\MySample_1.0.0.0_AnyCPU_Debug.appx):
import-module appx
add-appxpackage “SampleApp”
4. Monitor the installation, and close the Windows PowerShell window after it finishes.
Launch the LoB app
On the Start screen, click the app's tile. You will find it on the far right side of the Start screen. You can also type the app’s
name, and click the tile.
For example, we named our app MySample. On the Start screen, we just type MySample, and then click the MySample tile.
Of course, there is not much to the app, but you have successfully sideloaded it, and sideloading other Windows Store apps
works the same way.
Remove an LoB app from a Unidesk Application Layer
If installed as an Application Layer, removing the Layer from a Desktop will cause the LoB app to stop working, but will still
appear on the start page. When the Layer is removed, the app will no longer be applied to new users, since the DISM action
is no longer executing.
If installed on an Operating System Layer Version:
1. Use the usual provisionapp removal procedures, for example:
Remove-AppxProvisionedPackage -Online -PackageName MyAppxPkg
Or, at a command prompt, type:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.147https://docs.citrix.com
DISM.exe /Online /Remove-ProvisionedAppxPackage /PackageName:microsoft.app1_1.0.0.0_neutral_en-
us_ac4zc6fex2zjp
Try It Out: Sideload Windows Store Apps
Sideload Apps with DISM
Packaging your Windows Store app using Visual Studio 2012
Create an app package
Managing apps
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.148https://docs.citrix.com
Administer
Jun 28 , 2017
Unidesk Management Console
Unidesk Layers
Desktops, Session Hosts, and Collections
Hosts and appliances
Appliance health
Brokers
Users
Troubleshoot
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.149https://docs.citrix.com
Unidesk Management Console
Jun 28 , 2017
The Unidesk Management Console is a Web-based management application on the Management Appliance that you use
to manage the Unidesk environment. The Unidesk Management Console lets you:
Create and manage virtual Unidesk Machines (Desktops or Session Hosts) for users.
Create and manage operating system and application layers.
Shut down and restart virtual Unidesk Machines.
Manage users and groups who you can assign to Unidesk Machines.
Manage system settings.
Unidesk Management Console basics
To manage items in the Unidesk system, you navigate between different modules in the Unidesk Management Console and
select the appropriate actions. This topic explains how to do the following tasks:
Select modules
To manage the items in a module, select the module in the menu bar. You can select the following modules:
Desktops - allows you to manage Desktops. A Desktop is a virtual machine that a user interacts with on their local
computer.
Session Hosts - allows you to manage Session Hosts. A Session Host is a virtual machine that multiple users interact with
on their local computers.
Layers - allows you to manage Operating System and Application Layers. Operating System and Application Layers are
components in a Unidesk Machine.
Users - allows you to manage local and directory service users, including administrators, in the Unidesk system. It also
allows you to organize users into groups.
System - allows you to perform tasks related to managing and using the Unidesk system.
The following image shows an example of the items in the menu bar.
Select actions
After selecting a module, the Action bar displays the actions associated with the selected module and selected objects. If
you do not select an object, only the Create actions are enabled.
To select an action, complete either of the following tasks:
To create a new item, select the create action in the Action bar.
To modify or manage an existing item, select it and select the appropriate action in the Action bar.
The following image shows an example of the Action bar when the Layers module is the selected module and a layer is
selected. In this example, you can create a layer, modify the selected item, add a version to it, or delete a version. The
Finalize action is not active because you need to start to create an Application Layer or add a version first.
Change Unidesk Management Console views
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.150https://docs.citrix.com
Change the administrator password
Jun 28 , 2017
Use these steps to change the password for the original Administrator account created for the Unidesk Management
Console.
1. Log into the Unidesk Management Console.
2. Select User > Administrators.
3. In the list of Administrators select Administrator and click Edit Properties.
4. Enter the new password and type it again in the Conf irm Password f ield.
5. On the Confirm and Complete tab, click Update User.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.151https://docs.citrix.com
Change the session timeout
Jun 28 , 2017
You can set a timeout for the Unidesk Management Console so that if there is no user-initiated activity for a specified
length of time, the console ends the session.
Session activity includes user interaction with the console, for example, starting tasks and editing settings. Tasks in progress
will not keep a session from timing out, nor will simply selecting an object or clicking inside the console window.
If you have just installed Unidesk software, the Session Timeout is set to 15 minutes by default. If you have upgraded from
an earlier version of Unidesk, the Session Timeout will be set to zero (0) by default, effectively leaving this function turned
off.
To set a session timeout
1. Select System > Settings and Conf iguration.
2. Scroll to Security Settings.
3. Select Session Timeout , and click the Edit button.
4. Enter the number of minutes after which the session will timeout. Valid values include numbers from 0 - 10000. (A value
of 0 turns off this feature.)
5. Click Save.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.152https://docs.citrix.com
Manage your license and software version
Jun 28 , 2017
You can access your Unidesk Version and License information in the About box for the Unidesk Management Console.
There you can see the Unidesk version installed on the Management Appliance, and the details about your license. You can
also opt in or out of generic usage statistics gathering designed to provide you with a better support experience.
View your license and MA software version
To view the License for your deployment:
1. Log into the Unidesk Management Console.
2. To view the License details, click About in the upper right corner. The license information is displayed.
3. To view the software version installed on the Management Appliance, click the Version tab. The MA Software Version is
displayed.
Update your Unidesk license (MA has web access)
If you receive a message that your license needs updating, and your Management Appliance has web access:
1. In the License Expired message, click License. This opens the Update License wizard.
2. Select the f irst choice, Download your license f rom the Unidesk website.
3. Enter your credentials for the Unidesk website.
4. On the Conf irm Your License tab, click Finish.
5. You can return to the Licensing wizard at any time by logging into the Unidesk Management Console and clicking About ,
and then the License tab.
Update your Unidesk license (MA does not have web access)
If you receive a message that your license needs updating, and your Management Appliance does not have web access:
1. Obtain a license f ile from Unidesk Sales or Support, and move the f ile to a drive that the Management Appliance can
access.
2. If the License Expired message, is still open, click License in the message. If not, click About , then the Update Licensebutton. This opens the Update License wizard.
3. Select the second choice, Upload your license f ile f rom a local drive.
4. Click Browse, and select the license f ile.
5. On the Confirm Your License tab, click Finish.
6. You can return to the Licensing wizard at any time by logging into the Unidesk Management Console and clicking About ,
and then the License tab.
Opt in or out of usage statistics for Support
You can opt in or out of allowing generic usage statistics to be sent to Unidesk Support. We strongly recommend getting
more information from Support before opting out. This generic information is used solely to give you the best possible user
experience.
1. Log into the Unidesk Management Console.
2. Click About in the upper right corner. The About box is displayed.
3. To opt in, make sure the checkbox to Allow usage statistics to be sent to Unidesk is selected.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.153https://docs.citrix.com
4. To opt out, deselect the checkbox to Allow usage statistics to be sent to Unidesk.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.154https://docs.citrix.com
Manage Unidesk tasks
Jun 28 , 2017
Every time you complete an action that affects the contents or state of a Desktop, Session Host, or layer, you initiate a
task that you can monitor in the Task bar. For example, if you add a version to a layer or shut down a Desktop, the Task bar
displays a task for that action.
Task type Description
User tasksMost tasks are tasks that an administrator initiates. You can filter the Task view to see only the tasks that the currently
logged-in user initiated or you can view tasks that all users initiated.
System
tasks
Tasks that occur automatically, for example, synchronization with a directory service, are system tasks. Because a system
task is not a task that the current user initiates, you must display the All Users view to see these tasks in the Task bar.
Stalled
tasks
Tasks that have been running longer than it normally would take to complete. If you think a stalled task will not finish, you
can cancel it.
Interrupted
tasks
If a system or connectivity occurs, the software maintains information about the state of active tasks before the
interruption occurred. When the problem resolves, the software tries to complete all interrupted tasks.
Use the Task bar to track progress
The Task bar displays information about the status of tasks. This includes tasks that are running, and those that have
completed; tasks initiated by the logged in user, or tasks belonging to all users, including the system. System tasks are tasks
that result from scheduled maintenance.
Task status bar, minimized
A minimized Task status bar is displayed across the bottom of the console.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.155https://docs.citrix.com
Taskstatusbar
Description
Task in
progressA rolling marquee of recently completed tasks.
Status
indicator
The color icon next to each task indicates whether the task is progressing or completed normally, or if there are issues
with it. For details, see the Status Indicator table below.
Expander
barOpens and closes the expanded view of Task status.
Task status bar, expanded
When you click the Expander tab to open the Task status bar, a list of the tasks in progress and recently completed is
displayed. By default, this includes tasks for all users, including the system. Tasks owned by the system include scheduled
maintenance tasks.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.156https://docs.citrix.com
You can change the Task listing by sorting, filtering, and hiding the tasks included in the grid.
Sorting: Click any column title to display tasks based on that category in ascending or descending order.
Filters: Select a Tasks f ilter and a Users f ilter to control which tasks are displayed. For Filter details, see the table below.
Show Hidden Tasks: Hidden tasks are any running tasks whose Hide check boxes are selected. By default, all system
tasks are marked Hide. When you deselect the Show Hidden Tasks checkbox, any tasks marked Hide are excluded from
the list.
Filters on the Task status bar
Task status details
To see more information about a task, for example, what is happening during a Desktop rebuild, you can open a detailed
status window on the task.
Click the Info button next to the task to open a window with details on Task status.
The task status details window lists any subtasks required to complete a task. Like the Task status bar, you can reorganize
the list by clicking any of the column titles.
Cancel subtasks
You can cancel subtasks individually or all at once:
Click x to cancel individual subtasks.
Click Cancel All to cancel all subtasks that are not yet completed.
Cancel tasks
Most tasks include one or more subtasks. While a task is in progress, you can cancel one or more subtasks, for example, if a
system problem occurs and the subtask is unlikely to complete.
1. Open the Task bar and view the active tasks.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.157https://docs.citrix.com
2. Click i to open the information view for a task.
3. Click x next to the subtask you want to cancel (in some cases, the information view displays more than one subtask).
4. When the subtask stops, the Task bar changes its status to Canceled.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.158https://docs.citrix.com
Unidesk Layers
Jun 28 , 2017
Layer are components that the Unidesk software uses to deliver a complete virtual machine to an end user. You can create
and manage the following types of layers:
Operating System Layer - The Operating System Layer contains the operating system that the software imports from
a gold image. It can also include configuration settings, printer settings, applications (for example, anti-virus software),
and all other aspects of the gold image at the time of import.
Application Layers - Application Layers contain software programs that you can deploy to any Unidesk Machine
(Desktop or Session Host) with the compatible operating system. A Layer can also include patches or plug-ins for
programs.
Personalization Layer - The Personalization Layer contains a user's personalized data; applications, configuration
settings, and data. When you create a Unidesk Machine, the software creates this layer. As users modify their Unidesk
Machine, the Unidesk Machine stores all of their changes in the Personalization Layer associated with their Desktop or
Session Host.
Creating an Operating System Layer
The following table provides details about each phase in the creation process for Operating System Layers.
Phase Description
Prepare
the
gold
image
You prepare a gold image that is optimized for the Unidesk environment and includes an answer file for unattended setup on
each Unidesk Machine.
Create
the
Layer
You use the Create Operating System Layer wizard to create the Operating System Layer, specify the gold image, and
associate an icon with the Layer. The Boot image is created. The Unidesk software imports the operating system,
configuration settings, and applications from the specified gold image and uses them to create a bootable image.
Creating an Application Layer
The following table provides details about each phase in the creation process for Application Layers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.159https://docs.citrix.com
Phase Description
Not
deployable
The layer is not ready for assignment to Unidesk Machines.
Either the software is in the process of preparing the layer for deployment or a system problem occurred that is
preventing the layer from becoming deployable.
Check the status in the Task bar and in the layer's information view for additional information about the layer's status.
Editing
The software is in the process of creating or changing the layer.
If you are creating an Application Layer, this status usually indicates that the system is waiting for you to install the
application on an Installation Machine and finalize the layer.
Deployable The layer is ready for assignment to Unidesk Machines.
Layer version status description
The following table describes the status messages for layer versions. To see these status messages, open the Information
view for the layer.
Status Description
Editing
One of these conditions exist:
Application Layers - The software is preparing the Installation Machine for installation of the application.
Operating System Layers - The software is importing the files from a gold image before it creates the bootable
image.
This status applies to new Application Layers and all layer versions that you add. The software is waiting for an
administrator to install the software on an Installation Machine. The software then imports the application software into
the layer.
Deployable The layer is available for use when you create Desktops and Application Layers.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.160https://docs.citrix.com
Assign the new version of an OS Layer to a collectionand its desktops or session hosts
Jun 28 , 2017
You can assign the new version of an Operating System Layer to a Collection and the Unidesk Machines (Desktops or
Session Hosts) in it, as described below.
NoteUnidesk Machines are locked to the OS layer on which they were created. You cannot switch a Unidesk Machine to a different
Operating System Layer, even if the Layer has the same OS as the one on which the Unidesk Machine was created. So, although you
can move a Unidesk Machine to a new Collection, the new Collection must use the same Operating System Layer as the current
Collection.
To deploy the new Operating System Version to a Collection and its Unidesk Machines:
1. Add the version you want to deploy to an existing Operating System Layer.
2. In the Unidesk Management Console, click Desktops > Collections or Session Hosts > Collections.
3. Select the Collection and click Edit Collection in the Action bar. This opens the Edit Collection wizard.
4. In the OS Assignment tab, select the operating system version that you want to assign to the Collection and its Unidesk
Machines.
5. In the Confirm and Complete tab, verify that the details are correct, enter a comment if required, and click UpdateCollection. If you enter comments, they appear in the Information view Audit History.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.161https://docs.citrix.com
Update an OS layer with a new version
Jun 28 , 2017
To upgrade an operating system, add a new version to the Operating System Layer. When you assign the Operating System
Layer to a Unidesk Machine (Desktop or Session Host), you can select the new version that you created.
Before you start
Ensure that the following items are available:
An Installation Machine.
The installation program for the service pack or operating system upgrade.
Optionally, shut down the Unidesk Machine you are changing. Changing the operating system requires the software to
create a new bootable image for the Unidesk Machine. The Unidesk Machine must be in a stopped state for this task to
complete. You can choose to restart the Unidesk Machines after you finish the application assignment.
Add a new version to a layer
1. Select Layers > OS Layers and then select the Operating System Layer for which you are adding a new Version.
2. Select Add Version in the Action bar. This opens the Create OS Version Wizard.
3. In the Version Details tab, enter a version identif ier and select an Installation Machine.
4. If you want a script to run when the Unidesk Machine starts for a user running this operating system version, enter a
version description and a path for the script.
5. In the Conf irm and Complete tab, review the version details, enter a comment if required, and click Create Version. If
you enter comments, they appear in the Information view Audit History.
6. Monitor this task in the Task bar. When prompted to do so, install the new operating system service pack or upgrade on
the Installation Machine.
7. After installing the service pack or upgrade, select the Operating System Layer and select Finalize in the Action bar.
After you create the new version of the Layer, assign it to the Unidesk Machines that require the operating system
upgrade. You must restart the Unidesk Machines before the changes take effect.
Layer integrity check
When finalizing a Layer, Unidesk checks to see if the Layer is ready. If any tasks remain to be completed, for example,
Microsoft NGen or other Windows operations, it waits until all Windows operations that are in progress on the Installation
Machine have completed before finalizing the Layer. Otherwise, the new Layer or Layer version that uses this Installation
Machine would have issues. A Layer integrity message, lets you know what you can do to expedite the completion of
queued tasks that must be completed before a Layer is finalized.
Layer Integrity Message: The new version version-name of Layer layer-name on Installation Machine (IM) im-name can
only be finalized when the following conditions have been addressed:
A reboot is pending to update drivers on the boot disk - please check and reboot the IM.
A post-installation reboot is pending - please check and reboot the IM.
A Microsoft NGen operation is in progress in the background - (Click here for help with this condition).
An MSI install operation is in progress - please check the IM.
See if you can expedite Microsoft NGen operations
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.162https://docs.citrix.com
About Microsoft NGen operations
NGen is the Microsoft "Native Image Generator". It is part of the .NET system, and basically re-compiles .NET byte code
into native images and constructs the registry entries to manage them. Windows will decide when to run NGen, based on
what is being installed and what Windows detects in the configuration. When NGen is running, you must let it complete. An
interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.
You have the choice of waiting for the NGen to complete in the background or you can force the NGen to the foreground.
Forcing the NGen to the foreground will allow you to view the progress and once the output has completed you should be
able to finalize the layer.
Force an NGen operation to the foreground
Normally, NGen is a background operation and will pause if there is foreground activity. Bringing the task into the
foreground can help the task to complete as quickly as possible.
Open a command prompt as Administrator.
Go to the Microsoft .NET Framework directory for the version currently in use:
cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
Enter the NGen command to execute the queued items:
ngen update /force
This brings the NGen task to the foreground in the command prompt and lists the assemblies being compiled.
NoteIt’s okay if you see several compilation failed messages
Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or
re-run ngen update /force. Do not reboot to stop the task. You must allow it to complete.
Check the status of an NGen operation
1.
2.
Command COPY
3.
Status COPY
4.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.163https://docs.citrix.com
If you would prefer to wait for the NGen to complete you can check the status as described here. However, every time you
check the queue status, you are creating foreground activity, which might cause the background processing to temporarily
pause.
Open a command prompt as Administrator.
Check status by running this command:
ngen queue status
When you receive the following status, the NGen is complete, and you can finalize the Layer.
The .NET Runtime Optimization Service is stopped
Run Scripts
When you create a Layer or Layer Version, you can specify a .cmd or .bat script to run the first time the Unidesk Machine
(Desktop or Session Host) is deployed. For example, you can use a script to complete the setup for an application. The .cmd
or .bat file is installed on the Installation Machine.
New Layer Versions - When you create a new Layer Version, the new Version does not inherit the script from the
original Layer. If you want to include the script from the original Layer, you need to set the script for the Layer Version.
To set a script for a Layer or Layer Version:
1. Add the script f ile to the Installation Machine you are using to create the Layer or Layer Version.
Note: To see whether a Layer Version already has a script configured, check by opening the Layer's Information view and
expand the Version entries.
2. Enter the script's path in the Layer or Layer Version's Script Path f ield. For example, enter C:\Scripts\SpecialScript.bat in
the Script Path f ield.
Once the script runs on a Unidesk Machine, it will not run again because the scripts are executed only once.
To run a script more than once, you can:
Remove the Layer from the Unidesk Machine and then re-add it.
Click Desktop > Edit Desktop or Session Host > Edit Session Host , select the Application Assignment tab, and
select Repair for the layer.
1.
2.
Command COPY
3.
Status COPY
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.164https://docs.citrix.com
Upgrade an application
Jun 28 , 2017
You can upgrade an application by installing a new version of it on a new Version of an Application Layer. An Application
Layer can include several Layer Versions, each containing a different application version. You can deploy different Layer
Versions to selected Unidesk Machines (Desktops or Session Hosts).
Before you start
You'll need:
A compatible Installation Machine.
The installation program for the new version of the application.
Application Layers that the new version requires (prerequisite Layers).
If applications af fect boot-level components
Installing applications such as service packs, hot fixes, and antivirus applications can affect boot-level components, which
means you'll need to restart the Installation Machine. This will generate a system task to rebuild the Unidesk Machine's
boot image. Once Unidesk rebuilds the boot image, it shuts down the Installation Machine copies the boot-level
components to the boot volume, and restarts the Installation Machine. You can then finalize the layer or version.
NoteIf the Installation Machine restarts before the boot image rebuild is complete, you will see a STOP message screen. This is
temporary.
About setting a script to run the first t ime the user logs in
When you create a Layer or Layer Version, you can specify a .cmd or .bat script to run the first time the Unidesk Machine
(Desktop or Session Host) is deployed. For example, you can use a script to complete the setup for an application. The .cmd
or .bat file is installed on the Installation Machine.
New Layer Versions - When you create a new Layer Version, the new Version does not inherit the script from the
original Layer. If you want to include the script from the original Layer, you need to set the script for the Layer Version.
How to set a script
To set a script for a Layer or Layer Version:
1. Add the script f ile to the Installation Machine you are using to create the Layer or Layer Version.
Note: To see whether a Layer Version already has a script configured, check by opening the Layer's Information view and
expand the Version entries.
2. Enter the script's path in the Layer or Layer Version's Script Path f ield. For example, enter C:\Scripts\SpecialScript.bat in
the Script Path f ield.
Once the script runs on a Unidesk Machine, it will not run again because the scripts are executed only once.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.165https://docs.citrix.com
How to set a script to run more than once
To run a script more than once, you can:
1. Remove the Layer from the Unidesk Machine and then re-add it.
2. Click Desktop > Edit Desktop or Session Host > Edit Session Host , select the Application Assignment tab, and select
Repair for the layer.
Upgrade an application
1. Select Layers > Application Layers and select an Application Layer.
2. Select Add Version in the Action bar. This opens the Create Application Version wizard.
3. In the Version Details tab, enter a version identif ier. This can be the application version, or anything you choose.
4. (Optional) Type a description of the version.
5. In the OS Layer tab, select the Operating System Layer. The Operating System Layer that is used to create the
Application Layer appears.
6. Select any version of the Operating System Layer.
7. Select an Installation Machine.
8. In the Prerequisite Layers tab, select any Layers required to install the new Application Layer Version.
9. In the Confirm and Complete tab, verify your choices, and click Create Version.
10. Monitor this task in the Task bar. When prompted to do so, install the new operating system service pack or upgrade on
the Installation Machine.
11. After installing the upgrade, select the Application Layer and select Finalize.
When the task is done, you can deploy the new Application Layer Version to Unidesk Machines that have a compatible
Operating System Layer.
Layer integrity check
When finalizing a Layer, Unidesk checks to see if the Layer is ready. If any tasks remain to be completed, for example
Microsoft NGen or other Windows operations, it waits until all Windows operations that are in progress on the Installation
Machine have completed before finalizing the Layer. Otherwise, the new Layer or Layer version that uses this Installation
Machine would have issues. A Layer integrity message, lets you know what you can do to expedite the completion of
queued tasks that must be completed before a Layer is finalized.
Layer Integrity Message: The new version version-name of Layer layer-name on Installation Machine (IM) im-name can
only be finalized when the following conditions have been addressed:
A reboot is pending to update drivers on the boot disk - please check and reboot the IM.
A post-installation reboot is pending - please check and reboot the IM.
A Microsoft NGen operation is in progress in the background - (Click here for help with this condition).
An MSI install operation is in progress - please check the IM.
See if you can expedite Microsoft NGen operations
About Microsoft NGen operations
NGen is the Microsoft "Native Image Generator". It is part of the .NET system, and basically re-compiles .NET byte code
into native images and constructs the registry entries to manage them. Windows will decide when to run NGen, based on
what is being installed and what Windows detects in the configuration. When NGen is running, you must let it complete. An
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.166https://docs.citrix.com
interrupted NGen operation can leave you with non-functioning .NET assemblies or other problems in the .NET system.
You have the choice of waiting for the NGen to complete in the background or you can force the NGen to the foreground.
Forcing the NGen to the foreground will allow you to view the progress and once the output has completed you should be
able to finalize the layer.
Force an NGen operation to the foreground
Normally, NGen is a background operation and will pause if there is foreground activity. Bringing the task into the
foreground can help the task to complete as quickly as possible.
1. Open a command prompt as Administrator.
2. Go to the Microsoft .NET Framework directory for the version currently in use:
Open a command prompt as an Administrator.
Go to the Microsoft .NET Framework directory for the version currently in use:
cd C:\Windows\Microsoft.NET\FrameworkNN\vX.X.XXXXX
Enter the NGen command to execute the queued items:
ngen update /force
This brings the NGen task to the foreground in the command prompt, and lists the assemblies being compiled.
NoteIt’s okay if you see several compilation failed messages
Look in the Task Manager to see if an instance of MSCORSVW.EXE is running. If it is, you must allow it to complete, or
re-run ngen update /force. Do not reboot to stop the task. You must allow it to complete.
Check the status of an NGen operation
If you would prefer to wait for the NGen to complete you can check the status as described here. However, every time you
1.
2.
Command COPY
3.
Command COPY
4.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.167https://docs.citrix.com
check the queue status, you are creating foreground activity, which might cause the background processing to temporarily
pause.
Open a command prompt as Administrator.
Check status by running this command:
ngen queue status
When you receive the following status, the NGen is complete, and you can finalize the Layer.
The .NET Runtime Optimization Service is stopped
1.
2.
Command COPY
3.
Status COPY
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.168https://docs.citrix.com
Edit Layer properties
Jun 28 , 2017
You can change the following properties for an Operating System or Application Layer, including:
The name of the Layer.
The description of the Layer.
The icon associated with the Layer.
To edit Layer properties:
1. Select Layers and select the Operating System or Application Layer that you want to edit.
2. Select Edit Properties. This opens the Edit Layer wizard.
3. In the Layer Details tab, change the name or the description of the Layer.
4. In the Icon Assignment tab, select a new icon from the Layer Icon box or upload a new one.
5. In the Conf irm and Complete tab, enter a comment, if required, and click Update Layer. If you enter comments, they
appear in the Information view Audit History.
The Unidesk Machines (Desktops or Session Hosts) that include this Layer must restart before the changes can take effect.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.169https://docs.citrix.com
Assign icons to Layers of Collections
Jun 28 , 2017
When you create or edit an Operating System Layer, Application Layer, or Collection, you can assign an icon to it. Icons help
to identify these items in the Unidesk Management Console.
About editing and assigning icons
When using the Create or Edit wizard for any Layer or Collection, the Icon Assignment tab gives you the opportunity to:
Choose an icon: Use the default icon, choose another icon from the included samples, or upload a custom icon.
Delete an icon you no longer need.
NoteIcons are automatically assigned to Session Hosts and Installation Machines from the appropriate Collection or OS Layer,
respectively.
Default icon
Unidesk uses the following icon by default when you create a Layer or Collection, or delete an icon that is in use.
Recommended icon specifications
The following image specifications are recommended for Unidesk icons. Although other sizes and resolutions are supported,
the file type must be PNG or JPG.
Specif ication Details
File Type PNG or JPG
Size 64 x 64 pixels
Resolution 96 DPI
Preview icon
You can preview a custom icon before applying it:
1. For best results, adjust your icon image to conform to the Recommended icon specif ications above.
2. In the Icon Assignment tab, click Browse.
3. Select the icon image you want to upload and click Open. The image appears along with the other icons, and a preview
is displayed on the right.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.170https://docs.citrix.com
Upload an icon
You can upload a custom icon to add to your collection:
1. Adjust your icon image to conform to these Recommended icon specif ications above.
2. In the Icon Assignment tab, click Browse.
3. Select the icon image you want to upload, and click Open. The image appears in the icon collection, and a preview of the
icon as it will appear on the selected Layer is displayed on the right.
Note: If you browse and select an icon, but then choose a different one for your Layer, the f irst one you had selected
will not be uploaded. The icon is only uploaded once you have f inalized the Conf irm and Complete tab.
4. To complete the upload, use the Conf irm and Complete tab to f inalize the wizard.
Delete an icon
You can delete an icon, and it will be removed from the database.
Note: The software does not let you delete the following icons shipped with the system:
If the icon is in use by any Layer or Collection, you will receive a warning, and the default icon will be used in its place.
To delete an icon, do the following:
1. In the Icon Assignment tab, select the icon you want to delete.
2. Click the Delete button. This immediately removes the icon from the database, even if you do not complete the wizard.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.171https://docs.citrix.com
Manage an Installation Machine
Jun 28 , 2017
An Installation Machine is a virtual machine that acts as a staging area for the creation of Layers and new Layer Versions.
You need an Installation Machine to create an Application Layer, a new Version of an Application Layer, or an Operating
System Layer Version. The Master CachePoint Appliance hosts all Installation Machines.
When you first create an Installation Machine, it is powered off. When you select an Installation Machine to use in creating
an Application Layer, the Installation Machine is powered on and you can use RDP to log into it and install the Applications
you want to include in the Application Layer.
Log into an Installation Machine
To log into an Installation Machine:
1. Select System > Installation Machines.
2. Hover over the Installation Machine you want to log into and click the i icon. Use the IP Address displayed to connect to
the IM using RDP. The Hyper-V authentication window opens.
3. Enter your directory service credentials. The Windows login screen appears.
4. Enter your Windows Administrator password.
You can now install applications on the Installation Machine.
Delete an Installation Machine
You can delete an Installation Machine from the virtual infrastructure. The Delete action is only active if the Installation
Machine is not in use.
1. Select System > Installation Machines.
2. Select one or more Installation Machines to delete and select Delete from the Action bar.
Result: This action opens the Delete Installation Machines wizard.
3. In the Conf irm and Delete tab, verify that you selected the correct Installation Machines, enter a comment if required,
and click Delete Installation Machines.
NoteIf you delete an OS layer, all associated are deleted as well.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.172https://docs.citrix.com
Repair an application
Jun 28 , 2017
As users customize their Unidesk Machines (Desktops or Session Hosts), they can change or remove files that affect how
an application functions. Or, users may uninstall applications that need to be part of the Unidesk Machine, based on
corporate requirements.
To resolve these issues, you can repair the original application as it is configured in an Application Layer.
What happens when you repair an application?
The Edit Desktop and Edit Session Host wizards let you specify applications to repair for one or more selected Unidesk
Machines.
If you select Repair in the Edit Desktop or Edit Session Host wizard's Application Assignment tab, the following actions
occur the next time the Desktop shuts down:
1. The software removes all of the changes for the selected applications from the Personalization Layer, with the
exception of changes made to the Registry hive HKEY_LOCAL_MACHINE\SYSTEM.
2. The software creates a new bootable image for the Unidesk Machine that contains the selected application versions.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.173https://docs.citrix.com
Search
Jun 28 , 2017
The Search feature lets you find Desktops, Session Hosts, users, or layers:
Desktops Select the Desktops module or the System > Installation Machines module.
Session Hosts Select the Session Hosts module.
Users
Select the Desktops module.
Use the search feature in the User Assignment tab of the Create or Edit Desktop wizard.
Select the Users module.
Layers Select the Layers > OS Layers or Layers > Application Layers module.
Using the Search box
The Search box is located in the Display tool bar in the Desktops, Session Hosts, Layers, and System > InstallationMachines modules.
To start a search, enter a letter, a word, or a phrase in the Search box and click Search. The Unidesk Management
Console displays the search results in the selected icon or list view.
To refine the search results, use Search for Desktops, Session Hosts, Layers, or users. Avoid using the Search keywords in
the names of any Unidesk object. Using these keywords in names can cause inaccurate search results.
To use advanced search, select the arrow next to the Search box. Advanced search is available in the Unidesk Machines
(Desktops or Session Hosts) modules only. To clear the search result and redisplay the default display click x next to the
Search box.
Search criteria
When you search for items, the search results match the text and keywords that you enter in the Search box.
The following table provides information about the search criteria for each module.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.174https://docs.citrix.com
For this module: Your search criteria can match any of these properties:
Desktop or Session Host
Unidesk Machine name.
The login or domain name for the user logged into the Unidesk Machine.
First or Last name of the user assigned to the Unidesk Machine.
Phone number of the user assigned to the Unidesk Machine.
Email address of the user assigned to the Unidesk Machine.
Name of a layer assigned to the Unidesk Machine.
Maintenance schedule that the Unidesk Machine is using.
Name of the CachePoint Appliance assigned to the Unidesk Machine.
Name of a Collection that the Unidesk Machine is assigned to.
Layer (OS and Applications) Layer name.
System > Installation Machine Installation Machine name.
Search rules
The following table provides information about the search rules.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.175https://docs.citrix.com
Rule Example
All searches are case-insensitive, including words or phrases enclosed in double
quotes (" ").
Searching for Firefox or firefox displays all items
whose names contain either word.
Searching for words or phrases enclosed in double quotes results in an exact
match.
Searching for "MS Word," displays items whose
names include the words MS Word but not WordPad.
If, in a keyword search, you specify a name that includes words separated by
spaces, search finds only the items whose names include the same words
separated by spaces.
If you specify a name that includes words separated by spaces and then enclose
any part of the name in double quotes, search finds only the items whose
names include the same words separated by spaces as long as they also include
the double quotes.
Searching for Layer: antivirus t displays items whose
names include the words antivirus test and antivirus
trial, but not antivirustest.
Searching for Layer:"antivirus" test displays items
whose names include the words "antivirus" test but
not antivirus test.
AND is implied in all searches except for those enclosed in double quotes.
Searching for Windows Server, the search looks for
words or phrases that include Windows AND Server.
Therefore, the search results could include the
following layers:
Windows Server 2012
Windows Server 2008
Windows Nano Server
The search results would not include a layer named
Windows for Finance because its name does not
include "Server."
Search uses an implied wildcard at the beginning and end of the words you enter
in the Search box.
Searching for Word displays all items whose names
include MS Word, Word for Windows, and WordPad.
Search keywords
You can use one or more keywords to refine the search results for Desktops or Session Hosts. To enter multiple keywords,
separate each keyword and value with a space, as shown in the following example:
layer:chrome group:sales
In this example, the search results display all of the machines that are using the layer, chrome, and have owners that are
members of the group, sales.
The following table provides information about the supported keywords.
Use... To search for...
CachePoint:<text>
Unidesk Machines that are assigned to a CachePoint Appliance with a name that includes the specified text.
Example: Searching for CachePoint:NYO displays Unidesk Machines (Desktops or Session Hosts) assigned to
any of the following CachePoint Appliances: Master-CP-NYO, CP1-NYO, and CP2-NYO.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.176https://docs.citrix.com
CachePoint:<"text">
Desktops or Session Hosts that are assigned to a CachePoint Appliance with a name that matches the
specified text exactly.
Example: Searching for CachePoint:"CP1-NYO" displays Unidesk Machines that are assigned to a CachePoint
Appliance named CP1-NYO.
Layer:<text>
Unidesk Machines that have an assigned layer with a name that includes the specified text.
Example: Searching for Layer:SQL displays Unidesk Machines that have any of the following layers assigned to
them: MySQL, OracleSQL, SQL Server.
Layer:<text>;<version>
Unidesk Machines that have an assigned layer with a name that includes the specified text or version number.
You can enter any type of version number, for example, 5, 5.1, or 5.1.4.
Example: Searching for Layer:SQL;5.displays Unidesk Machines that have any of the following layers assigned
to them: MySQL, version 5, OracleSQL, version 15, SQL Server 5.1.
Layer:<"text">;
<"version">
Unidesk Machines that have an assigned layer with a name that matches the specified text or version exactly.
Example: Searching for Layer:"SQL";5.5 displays Unidesk Machines that have the following layer version
assigned to them: SQL, version 5.5.
Group:<text>
(Desktop modules only)
Desktops that have owners who are members of a group with a name that includes the specified text.
Example: Searching for Group:Sales displays Unidesk Machines whose owners belong to any of the following
groups: Sales-NorthAmerica or Sales-Europe.
Group: <"text">
(Desktop modules only)
Desktops that have owners who are members of a group with a name that matches the specified text exactly.
Example: Searching for Group:"Sales-Asia" displays Unidesk Machines whose owners belong to the Sales-Asia
group.
MaintenanceSchedule:
<text>
Unidesk Machines that are using a maintenance schedule with a name that includes the specified text.
Example: Searching for MaintenanceSchedule:weekend displays Unidesk Machines that are using any of the
following maintenance schedules: weekend-marketing, weekend-accounting.
MaintenanceSchedule:
<"text">
Unidesk Machines that are using a maintenance schedule with a name that matches the specified text exactly.
Example: Searching for MaintenanceSchedule:"weekend-management" displays Unidesk Machines that are
using a maintenance schedule named weekend-management.
ChangesPending:<yes
| no>
Unidesk Machines that have configuration changes pending and need to restart to have the changes take
effect.
The values for this keyword include:
1, true, yes, or y.
0, false, no, or n.
Examples: Searching for any of the following keywords displays Unidesk Machines that have pending
configuration changes and need to restart:
ChangesPending:1
ChangesPending:true
ChangesPending:yes
ChangesPending:y
Searching for any of the following keywords displays Unidesk Machines that do not need to restart (no
configuration changes are pending):
ChangesPending:0
ChangesPending:false
ChangesPending:no
Use... To search for...
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.177https://docs.citrix.com
ChangesPending:no
ChangesPending:n
Use... To search for...
Search filters
To refine the search display, use any or all of the following filters:
Filter list: The Filter list allows you to select a category that defines the type of items the Unidesk Management
Console displays when a search matches your search criteria. The options in the Filter list change depending on the
displayed page.
View Flagged Items: If you select View Flagged Items before starting a search, the search displays only those items that
match the search criteria and are also f lagged items.
Advanced search
The Desktop and Session Host modules include Advanced search that lets you locate Unidesk Machines using complex
search queries.
Search criteria
Advanced search lets you to find Unidesk Machines using one or more of the criteria described in the table below. If you
specify more than one criteria, the search will be treated as an AND.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.178https://docs.citrix.com
Advancedsearch criteria
Description
Contain these
words
One or more words (or partial words) included in any of the Unidesk Machines search properties.
To match a specific word or phrase exactly, enclose the value in double quotes (" ").
Have owners in
this group
(Desktop modules only)
Full or partial name of the group that includes the Desktop owners. If you type a portion of the name, all groups
containing this string will be included in the results, whether they are local Unidesk or LDAP groups. For example, if
you search on CHI, Desktops with owners in both the LDAP group CHIGROUP and the Unidesk group ICHI will be
included in the results.
You can use the Browse button to select the group. If you select an LDAP group, the group's Distinguished Name
appears in the field. For example, if you select CHIGROUP, a name like the following would appear in the field:
CN=CHIGROUP,OU=CHI,DC=mycompanydom3,DC=local
Are hosted
on CachePointFull or partial name of the CachePoint Appliance assigned to the Unidesk Machine.
Use
this maintenance
schedule
Full or partial name of a maintenance schedule.
Are using this
CollectionFull or partial name of a Collection.
Are using this
layer
Full or partial name of a layer. You can specify a version.
To add more layers to the query, click And.
When you specify multiple layers, the search results display the Unidesk Machines that contain ALL of the specified
layers.
Have pending
configuration
changes
Yes - finds Unidesk Machines that need to restart because they have pending configuration changes.
No - finds Unidesk Machines that do not have pending configuration changes.
N/A - this criteria is not applicable to your search.
Using advanced search
1. In the Desktop or Session Host module, click the down arrow next to the Search box.
2. Specify values for any or all of the advanced search criteria.
3. Click Search.
Example
Assume that you've assigned new versions of the QuickQuote and AddUp Application Layers to all of the Sales Unidesk
Machines in the New York territory. You want to find the Unidesk Machines that have not yet restarted and received the
new configuration.
To find these Unidesk Machines only, you specify the following advanced search criteria:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.179https://docs.citrix.com
For this search criteria: You enter...
Contain these words Sales-
Are hosted on CachePoint NYO
Use this layerQuickquote Version 2
Addup Version 2
Have pending configuration changes Yes
This search query finds all of the Unidesk Machines that:
Have the word, Sales- in their name. For example, Sales-BobWilson and Sales-SallySeashell.
Are hosted on CachePoint Appliances that have NYO in their names. For example, NYO-CP-Master and NYO-CP1.
Use version 2 of the layers, QuickQuote and AddUp.
Have pending configuration changes and need to restart — that is, the Unidesk Machines have not yet restarted after
you assigned new layers to them.
Search query example
The following example shows how Unidesk constructs a search query based on the search criteria specified in the advanced
search example.
Sales- CachePoint:NYO Layer:quickquote;C=Version:2 Layer:addup;Version:2 NeedsRestart:yes
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.180https://docs.citrix.com
Desktops, Session Hosts, and Collections
Jun 28 , 2017
A Unidesk Desktop or Session Host is a virtual machine composed of an Operating System layer and Application Layers. You
create the Operating System Layer and Application Layers, and assign them to Desktops and Session Hosts, as needed.
A Desktop also includes a User Personalization Layer. Unidesk creates the Personalization Layer, one for each Desktop, and
you can create two types of Desktops, Persistent or Non-persistent. In the case of a Persistent Desktop, the
Personalization Layer stores all changes made by the Desktop’s user, including files and installed applications. In a Non-persistent Desktop, the Personalization Layer is cleared on each Desktop reboot or log off, unless you are using RDS in
which case it is cleared only on a log off. Desktops can be deployed to a connection broker such as Microsoft’s RDCB or
can simply be deployed to the virtual infrastructure and accessed via a connection client like RDP.
How it works
The Unidesk software lets you make the following choices when deploying new Desktops and Session Hosts:
Choose a Unidesk Collection, and:
For Desktops, choose a user or group.
For Session Hosts, choose the number of them to create.
Specify a cluster or server where the Desktops or Session Hosts will be hosted, and a Virtual Switch (network).
NoteYou can now create Unidesk Desktops on clustered hosts that do not have active CachePoints, as long as there is one host in the
cluster with an active CachePoint. This minimizes both the storage requirements and the need for more resources, allowing you to
create Desktops across multiple hosts using fewer CachePoints.
Assign an Operating System Layer.
Assign one or more Application Layers.
Specify Desktop or Session Host settings, for example, CPUs, memory, storage allowance for user data, page f ile size,
and core dump type.
Maintenance schedule for updating Layers and other tasks that may require rebooting the Desktop or Session Hosts.
A Desktop or Session Host behaves in the same manner as any other Desktop virtual machine or Session Host, with the
following exceptions:
When changes to the configuration result in the need to rebuild the bootable image, Unidesk places the Desktop or
Session Host in Maintenance Mode while the rebuild is in progress.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.181https://docs.citrix.com
Manage Desktops
Jun 28 , 2017
About changing Desktop Layers and attributes
About managing a Desktop's bootable image
The components that comprise a Desktop come from a variety of Layers. For example:
An Operating System Layer includes the operating system that the software imports from a gold image. The gold image
might include applications, as well.
Individual Application Layers include applications that you create as separate components.
When you create a Desktop, you specify virtual machine settings for CPUs, memory, network adapters and disk storage.
Each Desktop has a configuration associated with it. The configuration references all of the components and versions that
define what end users interact with when they use the Desktops. If the configuration changes, the software needs to
create a new bootable image that matches the new configuration.
A Desktop receives new bootable image when it is shut down or during a restart. The Unidesk software uses the new
configuration to create a new bootable image.
Changes that affect the Desktop bootable image
Any time a user makes a change to a Desktop, the Desktop sends this information to the server or cluster that is hosting it.
Based on the content of the messages it receives, the server or cluster determines whether it needs to create a new
bootable image for the Desktop.
A Desktop requires a new bootable image when you change the configuration, or when a change to the Desktop affects
system-level files, for example, when adding new services, changing services to start automatically, or modifying system
boot files.
Note: Typically, changes to keys in the HTLM\SYSTEM\CurrentControlSet\Services key cause the Desktop to receive a new
bootable image.
The configuration for a Desktop changes when any of the following events occur:
Changes to the Desktop affect system-level f iles. (for example, adding new services, changing services to start
automatically, or modifying system boot f iles).
You assign a new application to a Desktop.
You remove an application from a Desktop.
You add a new version of an existing application.
You update a version of an existing application or the operating system.
You change the priority order of applications assigned to one or more Desktops.
Changes implemented during a Desktop shut down
If a Desktop requires a new bootable image, the Desktop must remain in a shut down state while the CachePoint
Appliancecreates the image. If a user initiates a system restart and the Desktop requires a new bootable image, the
Desktop remains in a shut down state until the CachePoint Appliance finishes creating the bootable image. While this
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.182https://docs.citrix.com
action is in progress, users can experience a one minute delay in the system restart. They may also notice that the Desktop
is in a powered-off state during this time.
It is important that no one attempts to power on the Desktop while the CachePoint Appliance is creating the bootable
image.Attempting to start the Desktop while the CachePoint Appliance is creating the image can result in the Desktop not
being able to restart.
Example
A user installs a new application on the Desktop. The installation program prompts the user to restart the computer to
complete the installation. After the user clicks OK to restart the computer, she watches the Desktop shut down and
restart. During the restart, the screen is blank. When the screen remains blank longer than usual, the user contacts the
Desktop administrator.
The Desktop administrator logs in to the Unidesk Management Console and notices that status of the Desktop
is Creating image, indicating that the Desktop needs a new bootable image. The administrator asks the user to wait for
a few minutes and explains that changes to the Desktop resulted in the need to create a new system image.
After a short wait, the Desktop restarts normally.
IP address assignment for Desktops
When you create a Desktop, the software uses DHCP to acquire an IP address for it. If you look at the settings for the
Desktop, however, the Internet Protocol settings for the Desktop show that a specific IP address is assigned to it, as
shown in the following illustration. This assignment is normal behavior. Do not change these settings.
How Desktops obtain IP addresses
Each time a Desktop boots, a custom DHCP client runs during the early stages of the start-up process. This client is
responsible for renewing or rebinding the current IP address, if possible. If the current IP address is not available, the custom
DHCP client obtains a new address for the Desktop. There is no need for you to change any of the Internet Protocol
properties.
Because the software uses an internal ID, not the IP address, to identify the Desktop, communication is not affected if
the Desktop's IP address changes.
View the Desktop's configuration
Desktop visualization panel
The Desktop Visualization panel provides a graphic display of a desktop configuration while you create and edit a desktop.
As you select layers and settings for the desktop configuration, the Desktop Visualization panel displays the layers, in order
of priority, and all of the desktop settings.
The priority order for layers is the order in which the desktop deployment process applies the layer, from the highest priority
(applied last) to the lowest.
Desktop views
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.183https://docs.citrix.com
If you select multiple Desktops for editing, you can choose which one to display in the Desktop Visualization panel. Just
expand the list at the top of the panel and select a Desktop.
Update a Desktop's applications
Before you start
If you are adding applications to the Desktops, make sure the Application Layers you need are available in the Layers
> Application Layers module, and that they use the same OS Layer as the Desktops to which you want to assign them.
Assign a new Operating System Layer Version to Desktops
You can update the operating system assigned to one or more Desktops by creating a new Layer version containing the
operating system update and assigning the new version of the Layer to the Desktop's Collection. As part of this process,
the Unidesk software creates a new bootable image for the Desktop. The Desktop must be stopped for this task to
complete.
The new Layer version is assigned to the Desktop based on the Desktop's maintenance schedule. To view and edit the
Desktop's maintenance schedule:
1. In the Unidesk Management Console, click Desktops > Desktops and select the Desktop.
2. Select Edit Desktops in the Action bar.
3. In the Maintenance Schedule tab, you can view and edit the deployment method for Desktop changes.
Select or create a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame. For
more about maintenance schedules, click here.
As soon as possible. This option deploys the configuration changes after you shut down the Desktops. Selecting this
option overrides the current maintenance schedule.
Defer deployment until a specified date and time. This option defers deployment of configuration changes until the
specified time elapses. At that time, Unidesk deploys the configuration changes if the Desktops are shut down.
Selecting this option overrides the current maintenance schedule.
4. In the Confirm and Complete tab, enter a comment about the upgrade, if required, and click Update Desktop.If you
enter comments, they appear in the Information view Audit History. Unidesk deploys the configuration changes as
specified by your Maintenance Schedule selection.
Assign new applications or updates to Desktops
You can Edit Desktops from the Desktop module or by selecting the Desktops' Collection in the Collections module. The
changes will be applied in accordance with the selected maintenance schedule option. Desktops are always restarted
during updates.
1. Create a new Application Layer or Layer Version.
2. Select the Desktops that you want to edit from the Desktops module, or right-click the Desktops' Collection in the
Collections module to update all machines at one time.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.184https://docs.citrix.com
3. Select Edit Desktops in the Action bar.
4. In the Application Assignment tab, expand the item for the application that you want to upgrade and select the
appropriate version.
5. In the Maintenance Schedule tab, select a deployment method for the configuration changes. You can deploy them in
any of the following ways:
Select a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame. For more
about maintenance schedules, click here.
As soon as possible. This option deploys the configuration changes after you shut down the Desktops.
Selecting this option overrides the current maintenance schedule.
Defer deployment until a specified date and time. This option defers deployment of configuration changes until the
specified time elapses. At that time, Unidesk deploys the configuration changes if the Desktops are shut down.
Selecting this option overrides the current maintenance schedule.
Defer deployment until the user logs out or reboots. A maintenance schedule deploys changes when the user logs out
or reboots the Desktop.
6. In the Confirm and Complete tab, enter a comment about the upgrade, if required, and click Update Desktop.If you
enter comments, they appear in the Information view Audit History. Unidesk deploys the configuration changes as
specified by your Maintenance Schedule selection.
Edit Desktop attributes
Desktop settings you cannot change
You cannot change the following settings when you modify a Desktop:
Size of the storage for user data (the Personalization Layer)
Desktop type, Persistent or Non-persistent
Connection broker
Operating System Layer
Move the Desktop to a different Collection
Requirements
You can move a Desktop to a different Collection as long as the new Collection has the following settings in common with
the Desktop's current Collection:
Connection broker, if one is selected
Collection Type, Persistent or Non-persistent
Operating System Layer
Note: In an RD Connection Broker (RDCB) collection, a user can have only one Desktop. If you attempt to move a Desktop
into an RDCB collection where there is already a Desktop owned by that user, the Desktop will not be moved.
You can Edit Desktops from the Desktop module. The changes will be applied in accordance with the selected maintenance
schedule option. Desktops are always restarted during update. As with any other Desktop edit, selecting a new Collection
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.185https://docs.citrix.com
creates a task that will rebuild the Desktop and move it into the new Collection at the next Maintenance Window.
Change the Desktop name
When you create Desktops, you either enter a name for it or allow the system to generate names for you. The Desktop
name must be unique to the host that is storing it and adhere to the following standards: When the software creates the
Desktop, it uses the specified or generated name as follows:
Uses the name for the Desktop that the Unidesk Management Console displays.
Creates a virtual machine with the specif ied name.
Uses the name as the DNS name assigned to the virtual machine in the virtual infrastructure.
Uses the name as the Windows machine name.
If you change the name of a Desktop after you create it, the change affects only the name that the Unidesk
Management Console displays. The virtual machine name, the DNS name associated with the Desktop, and the Windows
machine name do not change. If you want the names to match, you must change the names manually.
To change the name of a Desktop:
1. You can Edit Desktops from the Desktop module or by selecting the Desktops' Collection in the Collections module.
2. Select the Desktop Details tab, and change the Desktop Name.
3. Select the Conf irm and Complete tab, and click Update Desktop.
Configure a network connection for Desktops
By default, the setting for a Desktop's network connection is the same as the network assigned to the gold image that
you used to create the Operating System Layer.
Depending on the organization of your virtual infrastructure, you may want to configure specific Desktops to use different
network connections.
You can set the network connection when you create Desktops or you can change the network connection for deployed
Desktops.
1. You can Edit Desktops from the Desktop module or by selecting the Desktops' Collection in the Collections module.
2. In the Desktop Details tab, select different values for the Virtual Switch and VLAN Tags, as needed. If you need to add
new VLAN Tags, click the Manage button and use the wizard to do so.
3. Complete the create or edit task.
4. If you modif ied an existing Desktop, restart it to ensure the changes take effect.
Change the Physical Attributes of a Desktop
You can change the physical settings of the virtual Desktop at any time. For example, if you are installing an application
that requires additional memory, you can adjust these settings, as required.
1. You can Edit Desktops from the Desktop module or by selecting the Desktops' Collection in the Collections module.
2. Select Edit in the Action bar. The Edit Desktop wizard opens.
3. Select the Desktop Settings tab and change the settings as necessary.
Non-persistent Desktop - Delay before shutdown
When you shut down a Non-persistent Desktop, there is a 5-second delay to ensure that the logoff message makes it
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.186https://docs.citrix.com
through the RDS integration services. You can change the length of the delay by editing the Registry
value System\CurrentControlSet\Services\Uniservice\ShutdownDelayMS.You must make this change in the Operating
System Layer or in an Application Layer.
Restart or shut down a Desktop
Restart Desktops
Use the Restart/Shut Down action in the Desktops module to start a Desktop that is shut down or to have changes to
the Desktop take effect.
During the restart process, the Unidesk software instructs the virtual infrastructure to perform a clean shut down of the
virtual machine, if it is still running, and then starts it again.
Before you start
Before restarting a Desktop, verify that the screen saver is disabled. The Desktop does not shut down properly if the
screen saver is enabled.
During a restart
If you make changes to a Desktop while it is running (for example, you change the application assignment), the software
will wait for the Desktop to shut down before completing the tasks required to rebuild the Desktop.
When you initiate a restart of a Desktop, the software deploys the queued changes once the Desktop shuts down. The
desktop is restarted after it the rebuild is complete.
You can monitor the detailed view of the Restart task in the Task bar to see the sub tasks related to creating the new
bootable image.
Steps
1. Select Desktops and select one or more Desktops.
2. Select Restart/Shut Down in the Action bar. This opens the Shut Down wizard.
3. In the Restart or Shutdown tab, select the Restart option.
4. In the Confirm and Complete tab, enter a comment that explains why the restart is necessary, if required.If you enter
comments, they appear in the Information view Audit History.
5. Click Restart/Shut Down Desktop. The Unidesk software causes the virtual infrastructure to restart the appropriate
virtual machines.
6. Monitor the Task bar to see when this task completes. If the software needs to create a new bootable image for the
Desktop, the restart takes a few extra minutes to complete.
7. When the restart task completes, notify the end users that their Desktops are available for use.
Shut down Desktops
Use the Restart/Shut Down action in the Desktops module to shut down a Desktop.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.187https://docs.citrix.com
You may need to shut down Desktops for maintenance purposes, to update a Desktop's configuration, or to prevent end
users from selecting a specific Desktop.
Before you start
Before shutting down a Desktop, verify that the screen saver is disabled. The Desktop does not shut down properly if the
screen saver is enabled.
Steps
1. Click Desktops , select the Desktops you want to shut down, and click Restart/Shut Down. This opens the Shutdown
Wizard
2. In the Restart or Shutdown tab, select Shut Down. If the selected Desktops are integrated with a connection broker,
the Put in Maintenance Mode option becomes active.
3. If you do not want to put the Desktops in Maintenance Mode, clear Put in Maintenance Mode.
4. If needed, enter a comment that describes why the shutdown is necessary. If you enter comments, they appear in the
Information view Audit History.
5. Click Restart/Shut Down Desktop.
During a shutdown
If you make changes to a Desktop while it is running (for example, you change the application assignment), the software
will wait for the Desktop to shut down before completing the tasks required to create a new bootable image for the
Desktop.
When you initiate a shutdown of a Desktop, the software deploys the queued changes once the Desktop shuts down. You
can monitor the detailed view of the Shut Down task in the Task bar to see the sub tasks related to creating the new
bootable image.
Improve Windows 8.1 Desktop login times
If you want to speed up login times for Windows 8.1 Desktops, you can disable some of the more costly and less necessary
GUI actions.
Turn off new user arrows
You can turn off new user arrows, by making the following Registry edits:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\EdgeUI
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\EdgeUI
DisableHelpSticker DWORD
0 = Enable help tips
1 = Disable help tips
Turn off startup animation
You can turn off startup animation with these Registry edits:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.188https://docs.citrix.com
EnableFirstLogonAnimation DWORD
0 = Disable first sign-in animation
1 = Enable first sign-in animation
Disable bootlog and boot animation
You can disable bootlog and boot animation.
1. Open a command window.
2. Enter these commands:
bcdedit /set {default} bootlog no
bcdedit /set {default} quietboot yes
Disable lock screen
Disable lock screen:
1. Open the Group Policy Editor by right-clicking Computer.
2. Select Conf iguration > Administrative Templates > Control Panel > Personalization3. Set Do not display the lock screen to Enabled.
If you prefer to make this change by editing the Registry:
1. In the Registry, under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Personalizationcreate a new
DWORD (32-bit) Value named NoLockScreen with a value of 1.
2. Restart the system.
Troubleshooting Desktops
What if a Desktop doesn't start?
If a user reports that a Desktop is not starting as expected, log in to the Unidesk Management Console and check the
status of the Desktop.
If the status indicates the creation of a new bootable image is in progress, ask the user to wait for a few minutes. A
bootable image can take 5 - 30 minutes to rebuild. Do not try to power on the machine or take any other action in the
virtual infrastructure.
If the Desktop does not restart within a reasonable amount of time, contact Technical Support.
Delete a Desktop
Delete one or more Desktops
1. Select the Desktops tab, and then the Desktops subtab.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.189https://docs.citrix.com
2. Select one or more Desktops.
3. Select Delete in the Action bar. This opens the Delete Desktop wizard.
4. In the Confirm and Complete tab, verify that the list of selected Desktops is correct.
5. Enter a comment that explains why the deletion is necessary, if required.
6. Click Delete Desktops. The Desktops are deleted.
7. Monitor the Task bar to see when this task completes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.190https://docs.citrix.com
Manage Session Hosts
Jun 28 , 2017
About changing Session Host Layers and attributes
About managing a Session Host's bootable image
The components that comprise a Session Host come from a variety of Layers. For example:
An Operating System Layer includes the operating system that the software imports from a gold image. The gold image
might include applications, as well.
Individual Application Layers include applications that you create as separate components.
When you create a Session Host, you specify virtual machine settings for CPUs, memory, network adapters and disk
storage.
Each Session Host has a configuration associated with it. The configuration references all of the components and versions
that define what end users interact with when they use the Session Hosts. If the configuration changes, the software
needs to create a new bootable image that matches the new configuration.
A Session Host receives new bootable image when it is shut down or during a restart. The Unidesk software uses the new
configuration to create a new bootable image.
Changes that affect the Session Host bootable image
Any time a user makes a change to a Session Host, the Session Host sends this information to the server or cluster that is
hosting it. Based on the content of the messages it receives, the server or cluster determines whether it needs to create a
new bootable image for the Session Host.
A Session Host requires a new bootable image when you change the configuration, or when a change to the Session Host
affects system-level files, for example, when adding new services, changing services to start automatically, or modifying
system boot files.
Note: Typically, changes to keys in the HTLM\SYSTEM\CurrentControlSet\Services key cause the Session Host to receive a
new bootable image.
The configuration for a Session Host changes when any of the following events occur:
Changes to the Session Host affect system-level f iles. (for example, adding new services, changing services to start
automatically, or modifying system boot f iles).
You assign a new application to a Session Host.
You remove an application from a Session Host.
You add a new version of an existing application.
You update a version of an existing application or the operating system.
You change the priority order of applications assigned to one or more Session Hosts.
Changes implemented during a Session Host shut down
If a Session Host requires a new bootable image, the Session Host must remain in a shut down state while the CachePoint
Appliance creates the image. If a user initiates a system restart and the Session Host requires a new bootable image, the
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.191https://docs.citrix.com
Session Host remains in a shut down state until the CachePoint Appliance finishes creating the bootable image. While this
action is in progress, users can experience a one minute delay in the system restart. They may also notice that the Session
Host is in a powered-off state during this time.
It is important that no one attempts to power on the Session Host while the CachePoint Appliance is creating the
bootable image. Attempting to start the Session Host while the CachePoint Appliance is creating the image can result in
the Session Host not being able to restart.
Example
A user installs a new application on the Session Host. The installation program prompts the user to restart the computer
to complete the installation. After the user clicks OK to restart the computer, she watches the Session Host shut down
and restart. During the restart, the screen is blank. When the screen remains blank longer than usual, the user contacts
the Session Host administrator.
The Session Host administrator logs in to the Unidesk Management Console and notices that status of the Session
Host is Creating image, indicating that the Session Host needs a new bootable image. The administrator asks the user to
wait for a few minutes and explains that changes to the Session Host resulted in the need to create a new system
image.
After a short wait, the Session Host restarts normally.
IP address assignment for Session Hosts
When you create a Session Host, the software uses DHCP to acquire an IP address for it. If you look at the settings for
the Session Host, however, the Internet Protocol settings for the Session Host show that a specific IP address is assigned
to it, as shown in the following illustration. This assignment is normal behavior. Do not change these settings.
How Session Hosts obtain IP addresses
Each time a Session Host boots, a custom DHCP client runs during the early stages of the start-up process. This client is
responsible for renewing or rebinding the current IP address, if possible. If the current IP address is not available, the custom
DHCP client obtains a new address for the Session Host. There is no need for you to change any of the Internet Protocol
properties.
Because the software uses an internal ID, not the IP address, to identify the Session Host, communication is not affected
if the Session Host's IP address changes.
View the Session Host's configuration
Session Host visualization panel
The Session Host Visualization panel provides a graphic display of a Session Host configuration while you create and edit a
Session Host.
As you select layers and settings for the Session Host configuration, the Session Host Visualization panel displays the
layers, in order of priority, and all of the Session Host settings.
The priority order for layers is the order in which the Session Host deployment process applies the layer, from the highest
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.192https://docs.citrix.com
priority (applied last) to the lowest.
Session Host views
If you select multiple Session Hosts for editing, you can choose which one to display in the Session Host Visualization panel
of the Unidesk Management Console. Just expand the list at the top of the panel and select a Session Host.
Update a Session Host's applications
Before you start
If you are adding applications to the Session Hosts, make sure the Application Layers you need are available in the Layers
> Application Layers module, and that they use the same OS Layer as the Session Hosts to which you want to assign
them.
Changing a Session Host's properties will create a new bootable image for the Session Host, and it must be in a stopped
state for this task to complete. You can shut down the Session Hosts either before you start editing their properties, or
restart the Session Hosts after you select the new properties.
Assign a new Operating System Layer Version to Session Hosts
You can update the operating system assigned to one or more Session Hosts by creating a new Layer version containing
the operating system update and assigning the new version of the Layer to the Session Host's Collection. As part of this
process, the Unidesk software creates a new bootable image for the Session Host. The Session Host must be stopped for
this task to complete.
The new Layer version is assigned to the Session Host based on the Session Host's maintenance schedule. To view and edit
the Session Host's maintenance schedule:
1. In the Unidesk Management Console, click Session Hosts > Session Hosts and select the Session Host. Or, right-click the
Collection in the Collections module to update all machines in the Collection at one time.
Or, click the Collection to select all Session Hosts in the Collection.
2. Select Edit Session Hosts in the Action bar.
3. In the Maintenance Schedule tab, you can view and edit the deployment method for Session Host changes.
Select or create a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame. For
more about maintenance schedules, click here.
As soon as possible. This option deploys the configuration changes after you shut down the Session Hosts. Selecting
this option overrides the current maintenance schedule.
Defer deployment until a specified date and time. This option defers deployment of configuration changes until the
specified time elapses. At that time, Unidesk deploys the configuration changes if the Session Hosts are shut down.
Selecting this option overrides the current maintenance schedule.
4. In the Confirm and Complete tab, enter a comment about the upgrade, if required, and click Update Session Host.If
you enter comments, they appear in the Information view Audit History. Unidesk deploys the configuration changes as
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.193https://docs.citrix.com
specified by your Maintenance Schedule selection.
Assign new applications or updates to Session Hosts
You can edit Session Hosts from the Session Host module, or by selecting the Session Hosts' Collection in the Collections
module. The changes will be applied in accordance with the selected maintenance schedule option. Session Hosts are
always restarted during update.
1. Create a new Application Layer or Layer Version.
2. Select the Session Hosts that you want to edit from the Session Hosts module or by selecting the Session Hosts'
Collection in the Collections module.
3. Select Edit Session Hosts in the Action bar.
4. In the Application Assignment tab, expand the item for the application that you want to upgrade and select the
appropriate version.
5. In the Maintenance Schedule tab, select a deployment method for the configuration changes. You can deploy them in
any of the following ways:
Select a maintenance schedule. A maintenance schedule deploys changes during a specif ied time frame. For more
about maintenance schedules, click here.
As soon as possible. This option deploys the configuration changes after you shut down the Session Hosts.
Selecting this option overrides the current maintenance schedule.
Defer deployment until a specified date and time. This option defers deployment of configuration changes until the
specified time elapses. At that time, Unidesk deploys the configuration changes if the Session Hosts are shut down.
Selecting this option overrides the current maintenance schedule.
Defer deployment until there are no more sessions or the Session Host is rebooted. A maintenance schedule deploys
changes when the session count becomes zero or when the Session Host is rebooted.
6. In the Confirm and Complete tab, enter a comment about the upgrade, if required, and click Update Session Host.If
you enter comments, they appear in the Information view Audit History. Unidesk deploys the configuration changes as
specified by your Maintenance Schedule selection.
Edit other Session Host attributes
Before you start
Modifying Session Host properties requires the software to create a new bootable image for the Session Host, and the
Session Host must be in a stopped state for this task to complete. You can either shut down the Session Hosts you are
planning to modify before you start editing their properties, or you can choose to restart the Session Hosts after you
select the new properties.
Session Host settings you cannot change
You cannot change the following settings when you modify a Session Host:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.194https://docs.citrix.com
Operating System Layer
User Data Storage size
Move the Session Host to a different Collection
Requirements
You can move a Session Host to a different Collection as long as the new Collection has the following settings in common
with the Session Host's current Collection:
Operating System Layer
Select a different Collection for the Session Host
1. In the Unidesk Management Console, select the Session Hosts that you want to edit from the Session Hostsmodule.
2. Click Edit Session Hosts.
3. Select the Collection Reassignment tab, and choose an eligible Collection from the list.
4. Select the Conf irm and Complete tab, and click Update Session Host .
As with any other Session Host edit, selecting a new Collection creates a task that will rebuild the Session Host and move it
into the new Collection at the next Maintenance Window.
Change the Session Host name
When you create Session Hosts, you either enter a name for it or allow the system to generate names for you. The Session
Host name must be unique to the host that is storing it and adhere to the following standards: When the software creates
the Session Host, it uses the specified or generated name as follows:
Uses the name for the Session Host that the Unidesk Management Console displays.
Creates a virtual machine with the specif ied name.
Uses the name as the DNS name assigned to the virtual machine in the virtual infrastructure.
Uses the name as the Windows machine name.
If you change the name of a Session Host after you create it, the change affects only the name that the Unidesk
Management Console displays. The virtual machine name, the DNS name associated with the Session Host, and the
Windows machine name do not change. If you want the names to match, you must change the names manually.
To change the name of a Session Host:
1. In the Unidesk Management Console, select the Session Hosts that you want to edit from the Session Hostsmodule.
2. Click Edit Session Hosts.
3. Select the Session Host Details tab, and change the Session Host Name.
4. Select the Conf irm and Complete tab, and click Update Session Host .
Configure a network connection for Session Hosts
By default, the setting for a Session Host's network connection is the same as the network assigned to the gold image
that you used to create the Operating System Layer.
Depending on the organization of your virtual infrastructure, you may want to configure specific Session Hosts to use
different network connections.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.195https://docs.citrix.com
You can set the network connection when you create Session Hosts or you can change the network connection for
deployed Session Hosts.
1. In the Unidesk Management Console, select the Session Hosts that you want to edit from the Session Hostsmodule or
by selecting the Session Hosts' Collection in the Collections module and click Edit .
2. In the Session Host Details tab, select different values for the Virtual Switch and VLAN Tags, as needed. If you need to
add new VLAN Tags, click the Manage button and use the wizard to do so.
3. Complete the create or edit task.
4. If you modif ied an existing Session Host, restart it to ensure the changes take effect.
Change the Physical Attributes of a Session Host
You can change the physical settings of the virtual Session Host at any time. For example, if you are installing an application
that requires additional memory, you can adjust these settings, as required.
1. In the Unidesk Management Console, select the Session Hosts that you want to edit from the Session Hostsmodule or
by selecting the Session Hosts' Collection in the Collections module.
2. Select Edit in the Action bar. The Edit Session Host wizard opens.
3. Select the Session Host Settings tab and change the settings as necessary.
Restart or shut down a Session Host
Restart Session Hosts
Use the Restart/Shut Down action in the Session Hosts module to start a Session Host that is shut down or to have
changes to the Session Host take effect.
During the restart process, the Unidesk software instructs the virtual infrastructure to perform a clean shut down of the
virtual machine, if it is still running, and then starts it again.
Before you start
Before restarting a Session Host, verify that the screen saver is disabled. The Session Host does not shut down properly if
the screen saver is enabled.
During a restart
If you make changes to a Session Host while it is running (for example, you change the application assignment), the
software will wait for the Session Host to shut down before completing the tasks required to create a new bootable
image for the Session Host.
When you initiate a restart of a Session Host, the software deploys the queued changes once the Session Host shuts
down. After building the new bootable image, the software initiates the restart.
You can monitor the detailed view of the Restart task in the Task bar to see the sub tasks related to creating the new
bootable image.
Steps
1. Select Session Hosts and select one or more Session Hosts.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.196https://docs.citrix.com
2. Select Restart/Shut Down in the Action bar. This opens the Shut Down wizard.
3. In the Restart or Shutdown tab, select the Restart option.
4. In the Confirm and Complete tab, enter a comment that explains why the restart is necessary, if required.If you enter
comments, they appear in the Information view Audit History.
5. Click Restart/Shutdown Session Host . The Unidesk software causes the virtual infrastructure to restart the
appropriate virtual machines.
6. Monitor the Task bar to see when this task completes. If the software needs to create a new bootable image for the
Session Host, the restart takes a few extra minutes to complete.
7. When the restart task completes, notify the end users that their Session Hosts are available for use.
Shut down Session Hosts
Use the Restart/Shut Down action in the Session Hosts module to shut down a Session Host.
You may need to shut down Session Hosts for maintenance purposes, to update a Session Host's configuration, or to
prevent end users from selecting a specific Session Host.
Before you start
Before shutting down a Session Host, verify that the screen saver is disabled. The Session Host does not shut down
properly if the screen saver is enabled.
Steps
1. Click Session Hosts , select the Session Hosts you want to shut down, and click Restart/Shut Down. This opens the
Shut Down wizard
2. In the Restart or Shutdown tab, select Shut Down. If the selected Session Hosts are integrated with a connection
broker, the Put in Maintenance Mode option becomes active.
3. If you do not want to put the Session Hosts in Maintenance Mode, clear Put in Maintenance Mode.
4. If needed, enter a comment that describes why the shutdown is necessary. If you enter comments, they appear in the
Information view Audit History.
5. Click Restart/Shut Down Session Host .
During a shutdown
If you make changes to a Session Host while it is running (for example, you change the application assignment), the
software will wait for the Session Host to shut down before completing the tasks required to create a new bootable
image for the Session Host.
When you initiate a shutdown of a Session Host, the software deploys the queued changes once the Session Host shuts
down. You can monitor the detailed view of the Shut Down task in the Task bar to see the sub tasks related to creating
the new bootable image.
Delete a Session Host
Delete one or more Session Hosts
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.197https://docs.citrix.com
1. Select the Session Hosts tab, and then the Session Hosts subtab.
2. Select one or more Session Hosts.
3. Select Delete in the Action bar. This opens the Delete Session Host wizard.
4. In the Confirm and Complete tab, verify that the list of selected Session Hosts is correct.
5. Enter a comment that explains why the deletion is necessary, if required.
6. Click Delete Session Hosts. The Session Hosts are deleted.
7. Monitor the Task bar to see when this task completes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.198https://docs.citrix.com
Manage Unidesk Collections
Jun 28 , 2017
You can browse and search, edit, or delete Collections.
Browse and search Unidesk Collections
Search for Collections
1. In the Unidesk Management Console, select Desktops > Collections or Session Hosts > Collections.
2. Search by a word in the Collection name:
1. Type a word in the Search box and click Search.
3. Search by a specif ic Operating System Layer and Version
1. Click the Down-arrow next to the Search button to open the Advanced Search window.
2. Enter the Operating System Layer name.
3. Enter the Layer version (optional).
4. Click Search.
View the Unidesk Machines (Desktops or Session Hosts) in one or more Collections
You can quickly see which Unidesk Machines are in one or more Collections. This is especially helpful when you have large
numbers of Unidesk Machines and Collections, and you want to browse or search on a more manageable number
of Unidesk Machines.
To view the Unidesk Machines in one or more Collections:
1. In the Unidesk Management Console, select Desktops > Collections or Session Hosts > Collections.
2. Select the Collection whose Unidesk Machines you want to see, and click View Desktops or View Session Hosts. To
select more than one Collection, use CTRL-Click. This displays the Desktops or Session Hosts tab with only the Unidesk
Machines belonging to the selected Collection(s).
View and Edit Unidesk Collection Details
View Unidesk Collection Details
You can view detailed information about a Collection, including the Collection Name, broker, Collection Type, description,
Desktop or Session Host count, and Audit History.
1. In the Unidesk Management Console, select Desktops > Collections or Session Hosts > Collections.
2. Click the i on the Collection icon to see the details.
Edit a Unidesk Collection
You can change the settings for a Unidesk Collection by editing it.
To edit a Unidesk Collection:
1. In the Unidesk Management Console, select Desktops > Collections or Session Hosts > Collections.
2. Select the Collection, click Edit Collection, and change the following settings, as needed.
Name and Description tab - Edit the description. Select a different icon for the Collection.
Broker and Entitlements - Change the Groups and Users entitled to access this collection. To see a list of entitled
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.199https://docs.citrix.com
users and groups, check the Visualization panel to the right.
OS Assignment - Choose a different version of the Operating Layer for this collection. (You cannot change
the Operating System Layer itself , just the version.) Expand the Layer to see the versions that have been added.
3. On the Confirm and Complete tab, click Update Collection.
Delete a Unidesk Collection
Before you start
Before you can delete a Unidesk Collection, the Collection must not contain any Desktops or Session Hosts. If there are
any Desktops or Session Hosts in the Collection you must remove them.
Delete a Unidesk Collection
To delete a Unidesk Collection:
1. In the Unidesk Management Console, select Desktops > Collections or Session Hosts > Collections.
2. Select the Collection and click Delete.
3. On the Confirm and Complete tab, verify that you've selected the correct Collection, and type a comment (optional).
4. Click Delete Collection.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.200https://docs.citrix.com
Use Windows Remote Assistance to manageDesktops
Jun 28 , 2017
Windows Remote Assistance provides a mechanism included with Microsoft Windows to provide help desk, remote control
support for Windows Desktops. Remote Assistance is enabled using Group Policy Objects and the client is accessed from
Windows Help. In this article we will outline options for designing the Remote Assistance process as well as the steps
requires to deploy and use Remote Assistance in your organization.
To learn more about the Windows Remote Assistance feature, see these Microsoft articles:
Offering Remote Assistance
Step by Step Guide to Remote Assistance
Turn Remote Assistance On
Remote Assistance is enabled by configuring the Remote Assistance Policies found in ComputerConfiguration>Administrative Templates>System>Remote Assistance. The configurable policies are:
1. Allow only Vista or later connections
2. Turn on session logging
3. Turn on bandwidth optimization
4. Customize warning messages
5. Solicited remote Assistance
6. Offer remote Assistance
The two settings that are required are 5 and 6.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.201https://docs.citrix.com
These settings can be defined in the OS Layer or an application Layer or as a Domain GPO. I would recommend using email
if using 5- Solicit or Easy Connect if using 6-Offer.
Solicited Remote Assistance
With solicited Remote Assistance the user initiates the session. This can be performed using email or by saving a file to a
share. Email is probably the best method to transport the invitation file. to the support representative. To configure
Solicited Remote Assistance via email update the GPO settings as seen below:
Unsolicited Remote Assistance
Most organizations will likely want to enable unsolicited remote assistance. In this model, the support representative enters
the computer name into the Remote Assistance tool and it connects directly to the Desktop. The user must accept
assistance and accept remote control if that is desired.
To enable unsolicited Remote Assistance, modify the Offer Remote Assistance GPO settings as seen below:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.202https://docs.citrix.com
Remember to add your "Help Desk" Active Directory group into the helpers dialogue. Click 'Show" next to Helpers and enter
Domain\Group.
Use Remote Assistance to manage Windows 7 Desktops
Remote Assistance is very easy to use. However initiating the connection from the user side is much harder than doing so
from the support side. Both methods are discussed here. Administrators will want to create shortcuts with the appropriate
command line to make it easy to initiate a session.
Solicited Remote Assistance
The process to initiate a session from the user side is as follows:
1. User opens the Remote Assistance shortcut
2. This open an email with the invitation attached
3. User adds the support representative email address and sends email
4. Support rep receives email and opens invitation
5. User reads password to support rep
6. Support rep type password into utility
7. User accepts the connection
8. Support rep requests control as desired
9. User assents to control
You can see this method has many steps.
To keep it this short, you must create a shortcut to run the Remote Assistance utility directly jumping to the email
attachment. To do this, create a shortcut in the desired location with a command line of "msra.exe /email". When opened
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.203https://docs.citrix.com
this will directly create the invitation opened in an email. The shortcut should be installed in the same Layer where you add
the GPO settings if using a Layer, or just on the Operating System Layer if using a Domain GPO.
Unsolicited Remote Assistance
This is by far the easier method. The process to initiate a session from the user side is as follows:
1. Support rep opens the Remote Assistance utility
2. Support rep types in the users computer name
3. The user accepts the connection
4. Support rep requests control as desired
5. User assents to control
To keep it this short you must create a shortcut to run the Remote Assistance utility on the support reps computer directly
opening the Remote Administration utility to the request computer name form.. To do this create a shortcut in the desired
location with a command line of "msra.exe /offerRA".
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.204https://docs.citrix.com
Edit Layer and Collection icons
Jun 28 , 2017
When you create or edit an Operating System Layer, Application Layer, or Collection, you can assign an icon to it. Icons help
to identify these items in the Unidesk Management Console.
About editing and assigning icons
When using the Create or Edit wizard for any Layer or Collection, the Icon Assignment tab gives you the opportunity to:
Choose an icon: Use the default icon, choose another icon from the included samples, or upload a custom icon.
Delete an icon you no longer need.
NoteIcons are automatically assigned to Session Hosts and Installation Machines from the appropriate Collection or OS Layer,
respectively.
Default icon
Unidesk uses the following icon by default when you create a Layer or Collection, or delete an icon that is in use.
Recommended icon specifications
The following image specifications are recommended for Unidesk icons. Although other sizes and resolutions are supported,
the file type must be PNG or JPG.
Specif ication Details
File type PNG or JPG
Size 64 x 64 pixels
Resolution 96 DPI
Assign or delete an icon
Preview an icon
You can preview a custom icon before applying it:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.205https://docs.citrix.com
For best results, adjust your icon image to conform to the Recommended icon specifications above.
1. In the Icon Assignment tab, click Browse.
2. Select the icon image you want to upload and click Open. The image appears along with the other icons, and a preview
is displayed on the right.
Upload an icon
You can upload a custom icon to add to your collection:
1. Adjust your icon image to conform to the Recommended icon specif ications above.
2. In the Icon Assignment tab, click Browse.
3. Select the icon image you want to upload, and click Open. The image appears in the icon collection, and a preview of the
icon as it will appear on the selected Layer is displayed on the right.
Note: If you browse and select an icon, but then choose a different one for your Layer, the f irst one you had selected
will not be uploaded. The icon is only uploaded once you have f inalized the Confirm and Complete tab.
4. To complete the upload, use the Confirm and Complete tab to f inalize the wizard.
Delete an icon
You can delete an icon, and it will be removed from the database.
Note: The software does not let you delete the following icons shipped with the system:
If the icon is in use by any Layer or Collection, you will receive a warning, and the default icon will be used in its place.
1. In the Icon Assignment tab, select the icon you want to delete.
2. Click the Delete button. This immediately removes the icon from the database, even if you do not complete the wizard.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.206https://docs.citrix.com
Schedule Desktop or Session Host maintenance
Jun 28 , 2017
A maintenance schedule controls when a Unidesk administrator deploys layer assignment changes or configuration changes
that require a rebuild of the bootable image. A maintenance schedule includes one or more maintenance windows, or time
periods, within which Unidesk can shut down Desktops or Session Hosts and deploy configuration changes to them. When
configuring this window, you can specify whether or not to wait for users to log off before shutting down the Desktops or
Session Hosts.
About maintenance schedules
Unless you configure the settings, Unidesk assigns a default maintenance schedule to all Desktops or Session Hosts when
you create them. You can modify the system default maintenance schedule but you cannot delete it. If you don't want to
use the default maintenance schedule, you can create custom maintenance schedules and use them instead.
You create or edit maintenance schedules using the System > Settings and Configuration options. Once you have
created a maintenance schedule, you can assign it to any Desktop or Session Host when you create or edit the Desktop or
Session Host.
NoteThe time that maintenance schedules use is based on the system clock of the Management Appliance. The system clock on
Desktops, Session Hosts, or CachePoint Appliances does not affect maintenance schedules.
What happens during a maintenance window?
During a maintenance window, Unidesk:
Determines whether any of the Desktops or Session Hosts using the maintenance schedule have outstanding
configuration changes.
Unidesk includes all outstanding configuration changes when it rebuilds the Desktop's or Session Host's bootable image.
Therefore, if you edit the Desktop or Session Host multiple times before a maintenance window occurs, Unidesk
incorporates all of these changes into the new bootable image.
Starts to shut down these Desktops or Session Hosts (if they are not already shut down) and rebuild their bootable
images.
Unidesk shuts down four Desktops or Session Hosts at a time on each CachePoint Appliance and starts rebuilding the
bootable images for these Desktops or Session Hosts. As one rebuild completes, Unidesk shuts down the next Desktop
or Session Host in its queue and starts to rebuild its bootable image.
When a maintenance window ends, deployment tasks that are already in progress continue until complete. If Unidesk did
not have sufficient time to start all of the outstanding deployment tasks, it waits until the next maintenance
window occurs and starts those tasks during that time.
Maintenance schedule overrides
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.207https://docs.citrix.com
You can override a maintenance schedule in the following ways:
Deploy changes as soon as possible.
Unidesk tries to start the deployment tasks as soon as it can, instead of waiting for a maintenance window to
occur.Unidesk shuts down the Desktops or Session Hosts and deploys the configuration changes, even if users are still
logged on to the Desktops or Session Hosts.
Deploy changes at a specified time.
Unidesk deploys the changes after the specified time occurs instead of waiting for a maintenance window to occur. At
that time, Unidesk shuts down the Desktops or Session Hosts and deploys the configuration changes, even if users are
still logged on to the Desktops or Session Hosts.
Deploy changes after the user logs off or restarts a Desktop or Session Host.
This option allows the user to control when Unidesk deploys configuration changes. Unidesk waits for the first time
when a user logs off or restarts the Desktop or Session Host, instead of waiting for a maintenance window to
occur.Unidesk deploys the configuration changes as soon as the user logs off or restarts the Desktop or Session Host.
After you select a maintenance schedule override, it remains in effect until the next time Unidesk rebuilds the bootable
images for the Desktops or Session Hosts. Afterward, the selected maintenance schedule applies to future changes.
Effect of shutting down Desktops or Session Hosts outside of a maintenance schedule
If you shut down Desktops or Session Hosts outside of the time periods specified in a maintenance schedule, Unidesk does
not deploy pending configuration changes unless you select one of the maintenance schedule override options.
Instead, Unidesk waits until the next maintenance window in the schedule occurs before starting the deployment tasks.
For example, if the maintenance schedule for a Desktop specifies that deployment tasks should occur between 6 PM and
11 PM and you shut down the Desktop at 5 PM, Unidesk waits until 6 PM occurs before starting deployment tasks for that
Desktop.
Configure maintenance schedules and windows
Create a maintenance schedule
You can create or edit maintenance schedules by using System > Settings and Configuration. Once the maintenance
schedule has been created, you can assign the new maintenance schedule to Desktops or Session Hosts when you create
or edit them.
To create a maintenance schedule.
1. Select System > Settings and Conf iguration and scroll to the Maintenance Schedule Configuration options, and click
Add. This opens the Create Maintenance Schedule window.
2. Enter a name for the schedule.
3. Add a maintenance window.
1. Click Add below the Maintenance Windows box.
2. Select the start and end day for the maintenance window. If you want to constrain the maintenance window to a
single day, select that day as both the start and end day. For example, selecting Monday through Monday defines a
maintenance window for that day only.
3. Select the start and end time for each day in the maintenance window.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.208https://docs.citrix.com
4. Click Apply.
5. Repeat these steps to add additional maintenance windows.
4. For Desktops, specify when you want Unidesk to deploy configuration changes during a maintenance window (not
applicable for Session Hosts):
After the user is logged off for at least 10 minutes: If you select this option, logged-on users must log off and
remain logged off for at least 10 minutes before Unidesk deploys configuration changes to those Desktops or
Session Hosts. If a user remains logged in, Unidesk waits for the next maintenance window before it tries to deploy
the configuration changes. Unidesk deploys configuration changes to any selected Desktop that has no active users.
As soon as possible: If you select this option, Unidesk shuts down Desktops or Session Hosts and deploys the
changes, even if users are still logged on.
5. Click Create.
6. Complete the wizard to save the new maintenance schedule.
Specify a custom maintenance schedule for selected Desktops or Session Hosts
Use the System > Settings and Configuration module to create a custom maintenance schedule. After you create a
custom maintenance schedule, you can assign it to any Desktop or Session Host in the Unidesk environment.
To assign a custom maintenance schedule to a Desktop or Session Host, do the following:
1. Create a new maintenance schedule using the System > Settings and Conf iguration options as described in Create a
maintenance schedule.
2. When creating or editing a Desktop or Session Host, select the Maintenance Schedule tab.
3. On the Maintenance Schedule tab, select the new maintenance schedule from the list.
4. Complete the wizard to save the new maintenance schedule. The wizard does not save the new maintenance schedule
until you complete the wizard.
View maintenance schedules
1. Select System > Settings and Conf iguration.
2. Navigate to Maintenance Schedule Configuration.
3. Select a maintenance schedule from the list. The schedule displays the Maintenance schedule name and the
Maintenance windows.
Schedule Desktop or Session Host maintenance
Once created, you can assign a maintenance schedule to any Desktop or Session Host, and manage the schedule using
System > Settings and Configuration.
Modify a maintenance schedule
Use the following procedure to modify the maintenance windows in a maintenance schedule.
1. Select System > Settings and Conf iguration, scroll to the Maintenance Schedule Configuration options and select
the schedule you want to modify from the schedule list.
2. Click Edit .
3. Click Modify. This action opens the Modify Maintenance Schedule window.
4. If you want to change the name for the schedule, enter a new name for the schedule.
5. Select a maintenance window that you want to change and click Modify.
6. Select the days of the week and the time frame for the maintenance window. If you want to constrain the
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.209https://docs.citrix.com
maintenance window to a single day, select that day in both day lists. For example, selecting Monday through Monday
defines a maintenance window for that day only.
7. Click Apply.
8. Click Save.
Add maintenance windows to a maintenance schedule
Use the following procedure to add maintenance windows to a maintenance schedule.
1. Select System > Settings and Conf iguration, scroll to the Maintenance Schedule Configuration options and select a
schedule from the schedule list.
2. Click Edit .
3. Click Modify. This action opens the Modify Maintenance Schedule window.
4. Click Add.
5. Select the days of the week and the time frame for the new maintenance window. If you want to constrain the
maintenance window to a single day, select that day in both day lists. For example, selecting Monday through Monday
defines a maintenance window for that day only.
6. Click Apply.
7. Click Save.
Delete a maintenance window in a maintenance schedule
Use the following procedure to delete a maintenance window in a maintenance schedule.
1. Select System > Settings and Conf iguration, scroll to the Maintenance Schedule Configuration options and select a
schedule from the schedule list.
2. Click Edit .
3. Click Modify.
4. Select one or more maintenance window windows and click Delete.
5. When prompted to confirm whether you want to delete the selected windows, click Save.
6. Complete the wizard to save the changes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.210https://docs.citrix.com
Unidesk for Hyper-V Backup and Recovery
Jun 28 , 2017
This document explains how to back up and recover Unidesk appliances and Persistent Desktops.
Backups for the Management Appliance and Master CachePoint Appliance
Basic recovery for these components can be achieved by creating backups of the files that make up the Management
Appliance and Master CachePoint Appliance on the Hyper-V host where they were installed using a frequency that is based
on the desired RPO. The Management Appliance is fairly small and easy to back up. The size of a Master CachePoint
Appliance can be between 120 GB and 250 GB or more. Creating full backups for CachePoint Appliances takes longer than
backing up the Management Appliance.
There are many options for backing up by using backup products designed for Windows Server 2012 R2. You can use
Windows Server Backup which is included with Server 2013 R2. Of course, you can also use third party products like VEEAM
to do your backups with more options but beware many virtual machine backup products may not be suited to backup
layer disks used by Unidesk because they are not uniquely attached to a virtual machine.
Management Appliance Backup
The management appliance is a normal virtual machine, it can be backed up by backing up the file system of the Hyper-V
server it is installed on or using a VM image backup.
Master CachePoint Appliance Backup
The Master CachePoint Appliance is a normal virtual machine but it also manages the master copy of all the layer disks in
Unidesk. Therefore to properly backup the MCP you must also backup these extra disk files.
Backup File Structure
Looking at the drive used for Unidesk in Hyper-V. First under the MCP Name is the appliance virtual machine.
Then, under the UnideskLayers folder we have all of the layer disks for that CP and in the case of the MCP it is the master
copy of all the layer disks.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.211https://docs.citrix.com
To properly backup the MCP you must back up both of these. The easiest way to do this is to back up the file system
rather than backing up the MCP as a VM and then adding in the UnideskLayers folders from the file system though that is
possible.
Backups for secondary CachePoint Appliances
How you decide to back up desktops and CachePoint Appliances depends a great deal on your RTO and whether you can
provide a recovery desktop immediately while you recover the user’s normal desktops.
Recovery of a CachePoint Appliance
In order to recover a CP appliance and the desktops managed by that appliance in Hyper-V you must make regular backups
of the appliance and the User folders. The OS and App layers can be copied from the MCP if necessary but you will want
to document which layers you need. Unidesk has reporting tools to help with this.
Recovery of a CachePoint Appliance and Its Desktops using SAN snapshots
If your organization’s RTO is very short (for example, one hour), recovering an entire CachePoint Appliance and its desktops
from a backup is impossible. In this case, the only viable option is to use SAN-based snapshot technology for the
CachePoint appliance and its CP and Boot Volumes/Folders. This approach allows you to recover back to the latest
snapshot very quickly. Just remember that the Management Appliance database must be in sync with the snapshot. You
should create snapshots on a frequent enough basis to ensure that you don't have to use a very old snapshot, ensuring
that Management Appliance database will still match the database on the CachePoint Appliance after it is restored.
If you lose desktops from the CachePoint Appliance after completing a snapshot restore you should be able to delete the
object in the UMC and then recreate the desktops.
Unidesk Persistent Desktop and Session Host Backups
To back up Unidesk Persistent Desktops or Session Hosts, there are two separate disks that should be backed up for each
Desktop or Session Host; the boot disk and each UEP disk. These disks are located in two places. Boot disks are located
the folder you defined for boot disks and the UEP disk is stored under UnideskLayers\User folder structure as seen below.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.212https://docs.citrix.com
NoteYou should not use Hyper-V checkpoints to save the state of a Persistent Desktop or Session Host, either manually or via a backup
product. Starting in 3.1, when a Persistent Desktop or Session Host is edited, all checkpoints will be deleted, and the changes they
contain will be merged into the machine's Personalization Layer.
Recovery of a single Desktop or Session Host
Recovery of a single Desktop or Session Host is easy as long as it is still available in the UMC. Just restore the two vhdx files
that make up the writable portion of the Desktop or Session Host (see the beginning of this section), then REBIC the
Desktop or Session Host.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.213https://docs.citrix.com
Backup Example Using Windows Server Backup
Jun 28 , 2017
Windows Server Backup (WSB) is an included product with Server 2012 R2. WSB offers the ability to backup the Windows
Server itself as well as the Unidesk virtual appliances and virtual desktops. If a low RTO is desired consider backing up the
entire Windows server as well as the Unidesk appliance and desktop components.
If you only need backups in order to recreate virtual desktops without redoing all the work done to create the
infrastructure and layers you can choose to just backup the Unidesk Management Appliance and MasterCachePoint
including the UnideskLayers folder. This would allow you to restore these files on a new Hyper-V host, import the
appliances and then create and manage new or existing Desktops or Session Hosts if they are on hosts/storage that did
not fail.
WSB can be configured to write to a locally mounted volume or a network share. When using a locally attached volume
there are two operational modes possible; one where backup owns the entire volume and one where the backup shares
the volume. If the backup is allowed to own the volume then block level incremental backups are possible so that you can
restore back to any previous backup. If the entire volume is not dedicated to backup then only a single backup is retained.
If you choose to backup to a Windows Share only a single backup is retained as well.
Installing Windows Server Backup
There are two ways to install the backup utility. You can add the Windows Server Essentials Experience Role, then add the
Windows Server Backup feature or you can use PowerShell to just install Windows Server Backup directly.
The PowerShell command is: Install-WindowsFeature Windows-Server-Backup.
Setting up the backup
The first step in setting up the backup after installing the software is to create a volume or share to backup to. In my lab I
created a new LUN and masked the LUN to my Hyper-V host. I then opened Windows Server Backup and clicked on
Backup Schedule to define the backup.
On the first screen choose custom
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.214https://docs.citrix.com
Then in select items for backup choose the folders for the MA and MCP if you are backing up only the MA and MCP. If you
are backing up a Secondary CP choose the folders for the CP Appliance which will include the CP itself and all of the layers
and include the boot drive location you defined when you created the CP. This will of course backup the boot disks. If you
do not want to back up the APP and OS layers for a secondary CP you can add exclusions for these folders in the
advanced settings tab of the selection dialog.
First select the items to back up
If you are backing up an SCP and you decide not to backup the layers then you must do two things. First document which
layers have been deployed to the CP on a regular basis and add an exclusion to not back up the layers.
To add an exclusion click on advance settings then Exclusions and Add Exclusion.
Then choose backup times. Here you can choose once a day or multiple times a day. If you want to backup the MA and
MCP less frequently choose once a day and then edit the scheduled task created for the backup after completing the
process.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.215https://docs.citrix.com
Next you specify the location type that matches your plan. The first option dedicates the entire LUN or drive to backups
and allows for multiple backups to be kept. The second choice works the same way but it can share the drive. The second
option runs slower. The third option is for storing backups on a file share. Using this option you will only have one copy of a
backup.
If using a volume you will see
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.216https://docs.citrix.com
That’s it. Now wait for a backup to run and check the status.
Recover the MA, MCP or a Secondary CP
How you approach recovery of the MA and MCP depend on the failure scenario. If for some reason the appliance
becomes corrupted you can just restore the files from backup. If you have to recover the entire host. You will first recreate
or recover the host. If you have used bare metal backup and have restored everything on the C drive including the Hyper-V
configuration then you can restore the files for the MA and MCP and everything will work. If you are backing up Secondary
CPs you will want to use this option otherwise adding all the desktops back in to Hyper-V will be very difficult.
If you are creating a new Hyper-V host and installing Hyper-V from scratch then you will also install the Unidesk Hyper-V
Agent (setup_Unidesk_Hyper-V_Agent.exe) from the Unidesk Installation media and then restore the MA and MCP from
backup. Then import both appliances back into Hyper-V.
If you have restored the entire host or created a new host and need to import a secondary CP and its desktops, we provide
a utility called the “Unidesk Hyper-V Load Utility”. This utility will read throught the boot drive folder and add import all the
desktops it finds into Hyper-V.
To restore the MA and MCP from backup follow this procedure.
Select Recover.
Choose this server.
Caricature
Choose the desired date and time of the backup if you have a choice.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.217https://docs.citrix.com
Select Files and Folders.
Here you can specify the folder for the MA or the MCP or the root of both to restore both.
Then choose to overwrite the existing files in the original location.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.218https://docs.citrix.com
Make sure that the selected paths are correct and perform the recovery operation. Remember to also create the boot disk
folder if this was not included in the backup/recovery path.
Recover a Desktop or Session Host
To recover a single Desktop or Session Host from backup you will be restoring just the three disks that make up the
writable portion of a desktop. These are the boot disk and the personalization disk. This assumes the Desktop or Session
Host is still defined in Hyper-V and all we want to do is to roll back to an earlier version of the machine.
Note to perform this operation, you must backup the Desktop or Session Host servers and Secondary CPs.
Select Recover.
Choose this server.
Choose the desired date and time of the backup if you have a choice.
Select Files and Folders
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.219https://docs.citrix.com
Under Items to recover first select the UEP disk under UnideskLayers\User
Then choose to overwrite the existing files in the original location
Ensure the confirmation screen looks correct then recover the UEP disk.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.220https://docs.citrix.com
Now perform the process again for the boot disk.
Then you can start the desktop, log in, and test.
Unidesk Hyper-V Load Utility
If you have a whole host failure and you do not keep bare-metal backups to recover from, you can still recover the Unidesk
MA, CP and Desktops from backup. Create a new Hyper-V host. Use the same hostname as the failed host. Install the
Unidesk Hyper-V agent. Restore the Boot folder and CP appliance folder from backup. Then use the Unidesk Hyper-V Load
Utility to import the applances and desktops from the storage folders.
To install the utility download the zip and first check its properties to “unblock” the file if it is blocked.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.221https://docs.citrix.com
On the Hyper-V server that you will restore on, create a folder off the root of the C drive with no spaces in the name and
unpack the zip file into that folder.
Then run the utility as administrator (LoadDesktops.exe).
Choose get for the desired folders then click save to save this information to the files used by the scripts. Then you can
either test or run. Test will create a log of what the utility would do if it were run but it will not import any VMs. Press run
when you are ready to import the appliances and desktops.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.222https://docs.citrix.com
Hosts and appliances
Jun 28 , 2017
Manage Hyper-V hosts
Manage appliances
Manage network storage
Open firewall ports for Unidesk
Unidesk for Hyper-V Backup and Recovery
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.223https://docs.citrix.com
Manage Hyper-V hosts
Jun 28 , 2017
You can add a Hyper-V host to the Unidesk environment, and then configure your CachePoint Appliances to use the new
host. If this is a new Unidesk deployment, follow the instructions for Installing Unidesk appliances.
Before you start
Unidesk requirements
Once you have the required hardware in place, please be sure to meet the following detailed requirements before running
the Unidesk Installer.
Windows Server 2012 R2 system (with Hyper-V Role enabled), or Hyper-V Server 2012 R2.
The .NET Framework 4.5 Features selected on the server.
Credentials required
You need the credentials for the server Administrator. You can either log in as Administrator or as a User with Administrator
privileges.
Port opened by the Unidesk Installer
The Unidesk Installer opens a port on the local server's firewall for the TCP protocol. This port is used for communications
between the Hyper-V Agent service and the Unidesk Appliances. By default this is port 8014, but you can change the port
number during installation.
Use host names in the Unidesk environment
You can set up your environment to use host names in addition to IP addresses so that a change in an IP address will not
affect communications between the Management Appliance and its CachePoint Appliances.
If you set the host name on your Hyper-V server, Unidesk will automatically use it instead of the IP address. Then the IP
address can change without causing any problems, as long as the host name does not change.
Similarly, if you set a host name for you MA and use it when you register the host (via the Unidesk installer, or manually as
described next) then you can change the IP address of the MA without issues, as long as the host name does not change.
Add and remove Hyper-V hosts
Add a new host to the environment
You can add a new host to the environment by installing the Unidesk Hyper-V Agent on the server, and registering the host
with your Management Appliance.
1. Download the Hyper-V Agent Installer from the Unidesk Hyper-V Download Center onto one of the local drives on your
new Hyper-V server.
2. Run the installer and when prompted, enter the host name or IP address of your Management Appliance. This installs the
Hyper-V agent on the host, and registers the host with the Management Appliance.
3. If the host is being added to a cluster, the Unidesk Management Appliance must be restarted to recognize the cluster
configuration change.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.224https://docs.citrix.com
Remove a host f rom the environment
Requirement
Before you can delete a host, any appliances or Unidesk Machines (Desktops or Session Hosts) running on it must be
removed.
Delete a host
1. Log into the Unidesk Management Console, and select System > Manage Appliances.
2. Click Remove Hosts. Hosts that are not in use for Unidesk appliances or Unidesk Machines are active on the list. Others
are crossed off .
3. Select the host(s) to delete and click Remove.
4. On the Conf irm and Complete tab, verify the selected hosts, and click Remove Hosts.
5. If the host is being removed from a cluster, the Management Appliance must be restarted to recognize the cluster
changes.
Manage host IP address changes
Troubleshooting issues due to host IP address changes
If the Management Appliance IP address changes
Issue: Things will continue to operate, but you may not see some updates from the Hyper-V agent, for example,
updates about storage being added or removed.
Solution: To avoid problems, simply restart the Management Appliance.
If the Agent IP address changes
Issue: The Management Appliance will not be able to communicate with the agent, so it won’t be able to deploy or edit
Unidesk Machines among other issues.
Solution: Restart the Agent (or reboot the Hyper-V server).
If both the Management Appliance and Agent IP addresses change
Issue: The Management Appliance will not be able to communicate with the agent, so it won’t be able to deploy or edit
Unidesk Machines among other issues.
Solution: Re-register the Agent with the Management Appliance, as described below.
Re-register a host with the Management Appliance, if needed
You can avoid the need to re-register hosts with the Management Appliance by setting up your environment to use host
names, as described earlier in this topic. If you are not using host names, and the Unidesk Hyper-V Agent loses
communication with the Management Appliance, you can recover communications. The way to do this depends on which
IP address changes.
If both the Management Appliance and Agent IP addresses change, you can re-register the host with the Management
Appliance.
Open a new command prompt as Administrator.
Change to the directory:
1.
2.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.225https://docs.citrix.com
C:\Program Files (x86)\Unidesk\Hyper-V Agent
Run the command:
Uni.HyperVAgent.exe register /m:MA-IP-address /u:username-for-UMC /i
Where username-for-UMC is the name of a Unidesk Management Console user.
Enter the UMC password for the specified user when prompted.
Command COPY
3.
Command COPY
4.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.226https://docs.citrix.com
Manage appliances
Jun 28 , 2017
After you deploy and power on the Management Appliance and CachePoint Appliances, you can edit settings for each of
them, mainly using the Linux command line. If you are not comfortable using this command line, please contact Support for
assistance. For CachePoint Appliances, you can also edit the name and boot image location where new Unidesk Machines
(Desktops or Session Hosts) will be created.
Configure log file retention
You can configure the retention settings for the virtual appliance Log files.
1. Select System > Settings and Conf iguration.
2. In the Log File RetentionSettings box, click Edit .
3. Enter the number of days to retain logs on the system.
4. Enter the maximum disk space size, in MB, for all logs.
5. Optionally, enter a comment that describes the changes you made. If you enter comments, they appear in the
Information view Audit History.
6. Click Save to save the new changes or click Cancel to exit Edit mode without saving any changes.
Monitor the Health of your Unidesk Appliances
View the status of your Unidesk appliances
1. Select System > Manage Appliances to monitor the status and health of the Unidesk virtual appliances.
2. Click i next to the name of the Management Appliance to view appliance details.
CachePoint Appliance status messages
The following table provides information about the status messages for the CachePoint Appliance.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.227https://docs.citrix.com
Status Description
Not
provisioned
A virtual appliance does not exist yet. This status indicates that a configuration issue may exist.
This condition can occur on the Master CachePoint Appliance the first time you log in to the Unidesk Management
Console if the initial provisioning tasks are still in progress.
It can also occur if the task that creates the virtual appliance fails. In that situation, you need to edit the CachePoint
Appliance to finish provisioning it.
Never
started
A virtual appliance exists but provisioning is not complete and the virtual appliance is not running. This status indicates
that the final provisioning steps are not complete or an operational issue may exist.
This condition can occur during provisioning while the CachePoint Appliance is formatting its cache and preparing to
start for the first time.
Started, no
health status
The CachePoint Appliance was running for less than three hours, which is not enough time to collect and report
meaningful performance information.
RunningPerformance for this CachePoint Appliance is within acceptable operational limits. You can continue to assign Unidesk
Machines to it.
Not
operational
The CachePoint Appliance is powered off or completely nonfunctional. No other Unidesk components can
communicate with it.
Manage a CachePoint Appliance
Edit CachePoint Appliance properties
CachePoint name - Changing the name of the CachePoint will also update the name of the CachePoint virtual machine, as
it appears in the Hyper-V manager, but it will not change the location of the CachePoint virtual machine files and Layers.
Boot image location - Changing the location of the boot image will change the location in which all future Unidesk
Machines are created. Changing the boot image location does not alter the location of existing Unidesk Machines. Unidesk
Machines created using the previous location will continue to be manageable by Unidesk.
To edit CachePoint properties, do the following:
1. Log in to the Unidesk Management Console.
2. Select System > Manage Appliances.
3. Select the CachePoint Appliance to edit, and select Edit Properties. This opens the Edit CachePoint wizard.
4. Change the name as needed.
5. Choose a new location for Unidesk Machines boot images, as needed.
6. In the Confirm and Complete tab review the settings that you have specif ied and if you would like, enter a comment for
the Audit History. Click Update CachePoint .
Change CachePoint Appliance settings
You can change the following CachePoint settings as described.
IP Address
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.228https://docs.citrix.com
1. In Hyper-V, select the CachePoint Appliance, and if it is not running, power it on.
2. Using either the Hyper-V console or SSH, log into the appliance as administrator (default password Unidesk1) This opens
the Setup Utility.
3. At the Setup utility's Action prompt, enter C (for Configure Networking), and press Return.
4. At the next prompt, type D for Dynamic (DHCP) or S for Static. If you choose Static, you will need to provide the IP
address, subnet mask, and default gateway.
5. When prompted, enter Y to save settings.
6. At the Action prompt, enter Q to quit.
7. Restart the appliance.
CachePoint's IP Address for its MA
If the IP address for the Management Appliance changes, run this procedure on each CachePoint Appliance so it can
communicate with the Management Appliance again.
1. In Hyper-V, select the CachePoint and power it on.
2. Using either the Hyper-V console or SSH, log into the appliance as administrator (default password Unidesk1) This opens
the Setup Utility.
3. In the Setup utility enter M for Modify.
4. Enter the MA's IP address, and then Y to confirm it.
5. Enter Y to exit the Setup utility.
Administrator password
1. In Hyper-V, select the appliance, and if it is not running, power it on.
2. Using either the Hyper-V console or SSH, log into the appliance as administrator (default password Unidesk1) This opens
the Setup Utility.
3. At the Setup utility's Action prompt, enter P (for Password change), and press Return.
4. When prompted, enter the new password, and then confirm the password. A message confirms that the ** Passwordchanged successfully.
5. Press the Enter key to continue.
6. At the Action prompt, enter Q to quit.
root password*
If you are comfortable using Linux, use SSH to log into the appliance as root (for the default password, please contact
Support), and enter Linux commands to change the root password. If you need the root password or are not used to
changing the root password via Linux commands, the Unidesk Support team would be happy to help.
NTP configuration*
Using the Hyper-V console or SSH, log into the appliance as root (for the default password, please contact Support). This
brings you to the Linux command line.
Open the NTP configuration file for editing.
Disable or enable the NTP daemon, by changing which command is commented out. This example enables NTP.
1.
2.
3.
Command COPY
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.229https://docs.citrix.com
# chkconfig ntpd off
chkconfig ntpd on
Edit the NTP clock server(s) to use by adding and subtracting servers.
# Use public servers from the pool.ntp.org project
# Please consider joining the pool
(http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
Type Ctrl-X, and choose Y to save the file, then reboot the appliance.
For more about configuring NTP
1. Register with the Redhat Customer Portal.
2. See the RedHat NTP documentation.
Time and Date*
1. Using the Hyper-V console or SSH, log into the appliance as root (for the default password, please contact Support). This
brings you to the Linux command line.
2. Enter the date command. For example:
4.
Code COPY
5.
Command COPY
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.230https://docs.citrix.com
# date 03271327
* This procedure requires you to log into the appliance as root, use the Linux command line, and/or edit a Linux .config file.
If you are not familiar with Linux, our Support team will be happy to do this for you.
Configure a Management Appliance
Change Management Appliance settings
You cannot edit Management Appliance properties, but you can change the following Management Appliance settings as
described.
ImportantIf you change the Management Appliance's IP address, you must also log into each CachePoint and change the address that
the CachePoint has for the Management Appliance.
You can change the following CachePoint settings as described below.
IP Address
1. In Hyper-V, select the CachePoint Appliance, and if it is not running, power it on.
2. Using either the Hyper-V console or SSH, log into the appliance as administrator (default password Unidesk1) This opens
the Setup Utility.
3. At the Setup utility's Action prompt, enter C (for Configure Networking), and press Return.
4. At the next prompt, type D for Dynamic (DHCP) or S for Static. If you choose Static, you will need to provide the IP
address, subnet mask, and default gateway.
5. When prompted, enter Y to save settings.
6. At the Action prompt, enter Q to quit.
7. Restart the appliance.
8. Change the MA IP address on each CachePoint. (See below.)
Administrator password
1. In Hyper-V, select the appliance, and if it is not running, power it on.
2. Using either the Hyper-V console or SSH, log into the appliance as administrator (default password Unidesk1) This opens
the Setup Utility.
3. At the Setup utility's Action prompt, enter P (for Password change), and press Return.
4. When prompted, enter the new password, and then confirm the password. A message confirms that the ** Passwordchanged successfully.
5. Press the Enter key to continue.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.231https://docs.citrix.com
6. At the Action prompt, enter Q to quit.
NTP configuration*
Using the Hyper-V console or SSH, log into the appliance as root (for the default password, please contact Support). This
brings you to the Linux command line.
Disable or enable the NTP daemon, by running the chkconfig ntpd command with the value set to off or on. For
example, this command enables the NTP daemon:
# chkconfig ntpd on
Open the NTP configuration file (/etc/ntp.conf) for editing using either emacs or vi. For example:
# emacs /etc/ntp.conf
Edit the NTP clock server(s) to use by adding and subtracting servers in the list at the bottom of the configuration file.
1.
2.
Command COPY
3.
Command COPY
4.
Command COPY
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.232https://docs.citrix.com
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool
(http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org
server 1.centos.pool.ntp.org
server 2.centos.pool.ntp.org
Type Ctrl-XCtrl-C, and choose Y to save the file.
Reboot the appliance.
For more about configuring NTP
1. Register with the Redhat Customer Portal.
2. See the RedHat NTP documentation.
Time and Date*
1. Using the Hyper-V console or SSH, log into the appliance as root (for the default password, please contact Support). This
brings you to the Linux command line.
2. Enter the date command. For example:
# date 03271327
* This procedure requires you to log into the appliance as root, use the Linux command line, and/or edit a Linux .config file.
If you are not familiar with Linux, our Support team will be happy to do this for you.
5.
6.
Command COPY
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.233https://docs.citrix.com
Manage network storage
Jun 28 , 2017
You can make network storage locations that have been set up in your environment available to Unidesk Appliances using
HyperV clusters and hosts. You can also remove or change the availability of these storage locations in the Unidesk
environment.
View network storage
You can see all storage locations available to hosts registered with the Unidesk Management Appliance.
1. Select System > Manage Appliances.
2. Click the i next to the Management Appliance, and scroll to the list of Hosts and Storage.
3. Expand each cluster and host to see which network shares are assigned to each.
Add a network share to the Unidesk environment
To add network storage locations to the Unidesk environment:
Select System > Manage Appliances.
Click Manage Network Storage on the action bar. This opens the Manage Network Host wizard.
Click New, and type the name of the network storage location, in the format:
\\server.example.com\share
Click Add. By default, the share is assigned to all hosts registered with the Management Appliance.
Move (migrate) storage
Moving a Unidesk CachePoint (CP) from one database to another using standard Hyper-V tools is problematic because the
layers created by the CP are independent disks and not attached to the CP appliance. If the CP is moved with a storage
Move using the Hyper-V manager or SCVMM, the layers will be left behind. All the desktops using the CP will have the
wrong path to the layer files since the layers will no longer reside under the CP.
If you want to change your storage, create a new CP on the destination storage and create new, Non-Persistent
desktops.
Change network share host assignments
By default, when you add a network share to the Unidesk environment, all hosts that are registered with the Management
Appliance have access to it. You can deselect specific hosts so they no longer have access to the share.
1. Select System > Manage Appliances.
1.
2.
3.
Code COPY
4.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.234https://docs.citrix.com
2. Click Manage Network Storage on the action bar. This opens the Manage Network Host wizard.
3. In the Storage Assignments tab, expand the share so you can see all clusters and hosts with access to the share.
4. Deselect any hosts that you do not want to access the share.
5. Click the Next arrow, and click Submit Network Storage Changes.
Remove a network share from the Unidesk environment
You can remove a network share from the Unidesk environment, as long as the storage location is not in use by any Unidesk
Desktops, Session Hosts, or CachePoints. To remove a network share from the Unidesk environment:
1. Select System > Manage Appliances.
2. Click Manage Network Storage on the action bar. This opens the Manage Network Host wizard.
3. Select the storage location, and click Remove. The network storage location is crossed off , but not yet removed.
4. If you decide not to remove the storage location, click the Restore button.
5. To save any changes, click Submit Network Storage Changes.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.235https://docs.citrix.com
Open firewall ports for Unidesk
Jun 28 , 2017
When setting up the Unidesk environment, you need to open the following ports in your firewall for internal connections,
including those between:
The Unidesk Admin User and the management consoles you'll use.
Each virtual appliance and the various appliances and services with which it needs to communicate.
Admin User
Open the following ports in your firewall for the Unidesk Admin User to use when connecting to the Unidesk Management
console.
Destination Activity Protocol Ports
Any Unidesk appliance VMware Studio Console (Ships with Unidesk. Lets you manage appliance settings.) TCP 5480
Management Appliance Unidesk Management Console TCP 80, 443
Management Appliance
Open the following ports in your firewall for internal connections between the Unidesk Management Appliance and each
of the destinations listed below.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.236https://docs.citrix.com
Destination Activity Protocol Ports
CachePoint Appliance ActiveMQ Service TCP 61616
CachePoint Appliance NFS TCP, UDP 111, 2049, 892, 662
NFS TCP 32803
NFS UDP 32769
Management Appliance ActiveMQ Console TCP 8161
Management Appliance Log deliveries from Unidesk Hyper-V Agent and Broker Agent TCP 8787
Management Appliance Log deliveries from users TCP 8888
Unidesk Hyper-V Agent Communication TCP8014*14243**
Unidesk Broker Agent Communication TCP 8015*
AD-DC/LDAP LDAP TCP 389, 636
* The agent installer enables this port by default. When installing the Unidesk Broker Agent, if you specify a different port,
you must remember to use the new port number when configuring the Broker settings in the Unidesk Management
Appliance (System > Settings and Configuration).
** This port must be opened manually before installing the agent, and it is not configurable.
CachePoint Appliance
Open the following ports in your firewall for internal connections between each CachePoint and the destinations listed
below.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.237https://docs.citrix.com
Destination Activity Protocol Ports
Management Appliance ActiveMQ Service TCP 61616
Management Appliance NFS TCP, UDP 111, 2049, 892, 662
NFS TCP 32803
NFS UDP 32769
CachePoint Appliance ActiveMQ Console TCP 8161
Log Delivery TCP 8888
Unidesk Hyper-V Agent Communication TCP 8014*
Unidesk Broker Agent Communication TCP8014*14243**
* The agent installer enables this port by default. When installing the Unidesk Broker Agent, if you specify a different port,
you must remember to use the new port number when configuring the Broker settings in the Unidesk Management
Appliance (System > Settings and Configuration).
** This port must be opened manually before installing the agent, and it is not configurable.
Gold Image virtual machine
Open the following port in your firewall for internal connections between the Unidesk Gold Image virtual machine and the
Unidesk Management Appliance.
Destination Activity Protocol Ports
Management Appliance Unidesk Tools TCP 80
Desktop
Open the following port in your firewall for internal connections between each Unidesk Desktop and the
destination Management Appliance and CachePoint Appliances.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.238https://docs.citrix.com
Destination Activity Protocol Ports
CachePoint Appliance, Management Appliance uniservice TCP 61616
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.239https://docs.citrix.com
Unidesk for Hyper-V Backup and Recovery
Jun 28 , 2017
This document explains how to back up and recover Unidesk appliances and Persistent Desktops.
Backups for the Management Appliance and Master CachePoint Appliance
Basic recovery for these components can be achieved by creating backups of the files that make up the Management
Appliance and Master CachePoint Appliance on the Hyper-V host where they were installed using a frequency that is based
on the desired RPO. The Management Appliance is fairly small and easy to back up. The size of a Master CachePoint
Appliance can be between 120 GB and 250 GB or more. Creating full backups for CachePoint Appliances takes longer than
backing up the Management Appliance.
There are many options for backing up by using backup products designed for Windows Server 2012 R2. You can use
Windows Server Backup which is included with Server 2013 R2. Of course, you can also use third party products like VEEAM
to do your backups with more options but beware many virtual machine backup products may not be suited to backup
layer disks used by Unidesk because they are not uniquely attached to a virtual machine.
Management Appliance Backup
The management appliance is a normal virtual machine, it can be backed up by backing up the file system of the Hyper-V
server it is installed on or using a VM image backup.
Master CachePoint Appliance Backup
The Master CachePoint Appliance is a normal virtual machine but it also manages the master copy of all the layer disks in
Unidesk. Therefore to properly backup the MCP you must also backup these extra disk files.
Backup File Structure
Looking at the drive used for Unidesk in Hyper-V. First under the MCP Name is the appliance virtual machine.
Then, under the UnideskLayers folder we have all of the layer disks for that CP and in the case of the MCP it is the master
copy of all the layer disks.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.240https://docs.citrix.com
To properly backup the MCP you must back up both of these. The easiest way to do this is to back up the file system
rather than backing up the MCP as a VM and then adding in the UnideskLayers folders from the file system though that is
possible.
Backups for secondary CachePoint Appliances
How you decide to back up desktops and CachePoint Appliances depends a great deal on your RTO and whether you can
provide a recovery desktop immediately while you recover the user’s normal desktops.
Recovery of a CachePoint Appliance
In order to recover a CP appliance and the desktops managed by that appliance in Hyper-V you must make regular backups
of the appliance and the User folders. The OS and App layers can be copied from the MCP if necessary but you will want
to document which layers you need. Unidesk has reporting tools to help with this.
Recovery of a CachePoint Appliance and Its Desktops using SAN snapshots
If your organization’s RTO is very short (for example, one hour), recovering an entire CachePoint Appliance and its desktops
from a backup is impossible. In this case, the only viable option is to use SAN-based snapshot technology for the
CachePoint appliance and its CP and Boot Volumes/Folders. This approach allows you to recover back to the latest
snapshot very quickly. Just remember that the Management Appliance database must be in sync with the snapshot. You
should create snapshots on a frequent enough basis to ensure that you don't have to use a very old snapshot, ensuring
that Management Appliance database will still match the database on the CachePoint Appliance after it is restored.
If you lose desktops from the CachePoint Appliance after completing a snapshot restore you should be able to delete the
object in the UMC and then recreate the desktops.
Unidesk Persistent Desktop and Session Host Backups
To back up Unidesk Persistent Desktops or Session Hosts, there are two separate disks that should be backed up for each
Desktop or Session Host; the boot disk and each UEP disk. These disks are located in two places. Boot disks are located
the folder you defined for boot disks and the UEP disk is stored under UnideskLayers\User folder structure as seen below.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.241https://docs.citrix.com
NoteYou should not use Hyper-V checkpoints to save the state of a Persistent Desktop or Session Host, either manually or via a backup
product. Starting in 3.1, when a Persistent Desktop or Session Host is edited, all checkpoints will be deleted, and the changes they
contain will be merged into the machine's Personalization Layer.
Recovery of a single Desktop or Session Host
Recovery of a single Desktop or Session Host is easy as long as it is still available in the UMC. Just restore the two vhdx files
that make up the writable portion of the Desktop or Session Host (see the beginning of this section), then REBIC the
Desktop or Session Host.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.242https://docs.citrix.com
Backup Example Using Windows Server Backup
Jun 28 , 2017
Windows Server Backup (WSB) is an included product with Server 2012 R2. WSB offers the ability to backup the Windows
Server itself as well as the Unidesk virtual appliances and virtual desktops. If a low RTO is desired consider backing up the
entire Windows server as well as the Unidesk appliance and desktop components.
If you only need backups in order to recreate virtual desktops without redoing all the work done to create the
infrastructure and layers you can choose to just backup the Unidesk Management Appliance and MasterCachePoint
including the UnideskLayers folder. This would allow you to restore these files on a new Hyper-V host, import the
appliances and then create and manage new or existing Desktops or Session Hosts if they are on hosts/storage that did
not fail.
WSB can be configured to write to a locally mounted volume or a network share. When using a locally attached volume
there are two operational modes possible; one where backup owns the entire volume and one where the backup shares
the volume. If the backup is allowed to own the volume then block level incremental backups are possible so that you can
restore back to any previous backup. If the entire volume is not dedicated to backup then only a single backup is retained.
If you choose to backup to a Windows Share only a single backup is retained as well.
Installing Windows Server Backup
There are two ways to install the backup utility. You can add the Windows Server Essentials Experience Role, then add the
Windows Server Backup feature or you can use PowerShell to just install Windows Server Backup directly.
The PowerShell command is: Install-WindowsFeature Windows-Server-Backup.
Setting up the backup
The first step in setting up the backup after installing the software is to create a volume or share to backup to. In my lab I
created a new LUN and masked the LUN to my Hyper-V host. I then opened Windows Server Backup and clicked on
Backup Schedule to define the backup.
On the first screen choose custom
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.243https://docs.citrix.com
Then in select items for backup choose the folders for the MA and MCP if you are backing up only the MA and MCP. If you
are backing up a Secondary CP choose the folders for the CP Appliance which will include the CP itself and all of the layers
and include the boot drive location you defined when you created the CP. This will of course backup the boot disks. If you
do not want to back up the APP and OS layers for a secondary CP you can add exclusions for these folders in the
advanced settings tab of the selection dialog.
First select the items to back up
If you are backing up an SCP and you decide not to backup the layers then you must do two things. First document which
layers have been deployed to the CP on a regular basis and add an exclusion to not back up the layers.
To add an exclusion click on advance settings then Exclusions and Add Exclusion.
Then choose backup times. Here you can choose once a day or multiple times a day. If you want to backup the MA and
MCP less frequently choose once a day and then edit the scheduled task created for the backup after completing the
process.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.244https://docs.citrix.com
Next you specify the location type that matches your plan. The first option dedicates the entire LUN or drive to backups
and allows for multiple backups to be kept. The second choice works the same way but it can share the drive. The second
option runs slower. The third option is for storing backups on a file share. Using this option you will only have one copy of a
backup.
If using a volume you will see
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.245https://docs.citrix.com
That’s it. Now wait for a backup to run and check the status.
Recover the MA, MCP or a Secondary CP
How you approach recovery of the MA and MCP depend on the failure scenario. If for some reason the appliance
becomes corrupted you can just restore the files from backup. If you have to recover the entire host. You will first recreate
or recover the host. If you have used bare metal backup and have restored everything on the C drive including the Hyper-V
configuration then you can restore the files for the MA and MCP and everything will work. If you are backing up Secondary
CPs you will want to use this option otherwise adding all the desktops back in to Hyper-V will be very difficult.
If you are creating a new Hyper-V host and installing Hyper-V from scratch then you will also install the Unidesk Hyper-V
Agent (setup_Unidesk_Hyper-V_Agent.exe) from the Unidesk Installation media and then restore the MA and MCP from
backup. Then import both appliances back into Hyper-V.
If you have restored the entire host or created a new host and need to import a secondary CP and its desktops, we provide
a utility called the “Unidesk Hyper-V Load Utility”. This utility will read throught the boot drive folder and add import all the
desktops it finds into Hyper-V.
To restore the MA and MCP from backup follow this procedure.
Select Recover.
Choose this server.
Caricature
Choose the desired date and time of the backup if you have a choice.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.246https://docs.citrix.com
Select Files and Folders.
Here you can specify the folder for the MA or the MCP or the root of both to restore both.
Then choose to overwrite the existing files in the original location.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.247https://docs.citrix.com
Make sure that the selected paths are correct and perform the recovery operation. Remember to also create the boot disk
folder if this was not included in the backup/recovery path.
Recover a Desktop or Session Host
To recover a single Desktop or Session Host from backup you will be restoring just the three disks that make up the
writable portion of a desktop. These are the boot disk and the personalization disk. This assumes the Desktop or Session
Host is still defined in Hyper-V and all we want to do is to roll back to an earlier version of the machine.
Note to perform this operation, you must backup the Desktop or Session Host servers and Secondary CPs.
Select Recover.
Choose this server.
Choose the desired date and time of the backup if you have a choice.
Select Files and Folders
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.248https://docs.citrix.com
Under Items to recover first select the UEP disk under UnideskLayers\User
Then choose to overwrite the existing files in the original location
Ensure the confirmation screen looks correct then recover the UEP disk.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.249https://docs.citrix.com
Now perform the process again for the boot disk.
Then you can start the desktop, log in, and test.
Unidesk Hyper-V Load Utility
If you have a whole host failure and you do not keep bare-metal backups to recover from, you can still recover the Unidesk
MA, CP and Desktops from backup. Create a new Hyper-V host. Use the same hostname as the failed host. Install the
Unidesk Hyper-V agent. Restore the Boot folder and CP appliance folder from backup. Then use the Unidesk Hyper-V Load
Utility to import the applances and desktops from the storage folders.
To install the utility download the zip and first check its properties to “unblock” the file if it is blocked.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.250https://docs.citrix.com
On the Hyper-V server that you will restore on, create a folder off the root of the C drive with no spaces in the name and
unpack the zip file into that folder.
Then run the utility as administrator (LoadDesktops.exe).
Choose get for the desired folders then click save to save this information to the files used by the scripts. Then you can
either test or run. Test will create a log of what the utility would do if it were run but it will not import any VMs. Press run
when you are ready to import the appliances and desktops.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.251https://docs.citrix.com
Appliance health
Jun 28 , 2017
Unidesk checks Appliance Status each hour, and updates the Status column on the System > Manage Appliances page.
Every three hours Unidesk also checks to see if any appliance's health has changed, and if so, sends an email to
administrators.
Unidesk appliances run a service to evaluate their own health and report health status. The results indicate whether an
appliance might be in need of attention.
Check appliance status
To see the status of your appliances:
1. Select System > Manage Appliances. The Status column lists the status of each virtual appliance.
2. If the Status is Needs Attention, you can learn more about why the appliance has been f lagged by clicking the next to
the appliance name. Click Needs Attention status for more about what can cause this status.
Appliance status conditions
Here are the possible appliance conditions:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.252https://docs.citrix.com
Status Description
Not
provisioned
A virtual appliance does not exist yet, and there may be a configuration issue.
This status can occur for the following reasons:
The first time you log into the Unidesk Management Console, the initial provisioning tasks for the Master CachePoint
Appliance are still in progress.
The task that creates the virtual appliance fails. In that situation, you need to edit the CachePoint Appliance to finish
provisioning it.
Never
started
A virtual appliance exists but provisioning is not complete and the virtual appliance is not running. This status indicates
that the final provisioning steps are not complete or an operational issue may exist.
This condition can occur during provisioning while the CachePoint Appliance is formatting its cache and preparing to start
for the first time.
Started, no
health
status
The CachePoint Appliance was running for less than three hours, which is not enough time to collect and report
meaningful performance information.
Running Performance for this Appliance is within acceptable operational limits.
Needs
attention
Any of the following appliance health factors indicate that the appliance may need attention:
High swap memory usage - If an appliance is using more than 50% of its swap memory, the appliance is flagged
as Needs attention. For help with this issue, contact Unidesk Support.
Low disk space - If an appliance has less than 5% of its disk space free, its Status is listed as Needs attention. For help
with this issue, contact Unidesk Support.
Connectivity failure - Unidesk evaluates connectivity between the Management Appliance and your CachePoints every
five minutes, and if there is a failure, changes the Status to Needs attention.
If one CachePoint is having a connectivity issue, reboot the appliance. If all of your CachePoints are having connectivity
issues, reboot the Management Appliance. If the problem persists, contact Unidesk Support.
Powered
OffThe CachePoint Appliance is powered off or nonfunctional. No other Unidesk components can communicate with it.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.253https://docs.citrix.com
Monitor Unidesk virtual appliances
Jun 28 , 2017
Unidesk checks Appliance Status each hour, and updates the Status column on the System > Manage Appliances page.
Every three hoursUnidesk also checks to see if any appliance's health has changed, and if so, sends an email to
administrators.
Unidesk appliances run a service to evaluate their own health and report health status. The results indicate whether an
appliance might be in need of attention.
Check appliance status
To see the status of your appliances:
1. Select System > Manage Appliances. The Status column lists the status of each virtual appliance.
2. If the Status is Needs Attention, you can learn more about why the appliance has been f lagged by clicking the i next to
the appliance name. Click Needs Attention status for more about what can cause this status.
Appliance status conditions
Here are the possible appliance conditions:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.254https://docs.citrix.com
Status Description
Not
provisioned
A virtual appliance does not exist yet, and there may be a configuration issue.
This status can occur for the following reasons:
The first time you log into the Unidesk Management Console, the initial provisioning tasks for the Master CachePoint
Appliance are still in progress.
The task that creates the virtual appliance fails. In that situation, you need to edit the CachePoint Appliance to finish
provisioning it.
Never
started
A virtual appliance exists but provisioning is not complete and the virtual appliance is not running. This status indicates
that the final provisioning steps are not complete or an operational issue may exist.
This condition can occur during provisioning while the CachePoint Appliance is formatting its cache and preparing to start
for the first time.
Started, no
health
status
The CachePoint Appliance was running for less than three hours, which is not enough time to collect and report
meaningful performance information.
Running Performance for this Appliance is within acceptable operational limits.
Needs
attention
Any of the following appliance health factors indicate that the appliance may need attention:
High swap memory usage - If an appliance is using more than 50% of its swap memory, the appliance is flagged
as Needs attention. For help with this issue, contact Unidesk Support.
Low disk space - If an appliance has less than 5% of its disk space free, its Status is listed as Needs attention. For help
with this issue, contact Unidesk Support.
Connectivity failure - Unidesk evaluates connectivity between the Management Appliance and your CachePoints every
five minutes, and if there is a failure, changes the Status to Needs attention.
If one CachePoint is having a connectivity issue, reboot the appliance. If all of your CachePoints are having connectivity
issues, reboot the Management Appliance. If the problem persists, contact Unidesk Support.
Powered
OffThe CachePoint Appliance is powered off or nonfunctional. No other Unidesk components can communicate with it.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.255https://docs.citrix.com
Emails about CachePoint service issues
Jun 28 , 2017
You can receive email messages regarding issues with a CachePoint Appliance by configuring email notifications in
the Unidesk Management Console. The Management Appliance then sends emails to the list of addressees if an
internal CachePoint Appliance service failure causes desktops to become unusable. The affected CachePoint
Appliance initiates a restart of the affected service.
If the service continues to fail, the CachePoint Appliance initiates a complete restart of the virtual appliance. In most cases,
restarting the service or the affected CachePoint Appliance is sufficient.
The CachePoint Appliance tries to restart the service three times during a 60-minute time frame. If the service continues to
fail, the CachePoint Appliance tries to restart itself. If the restarts do not resolve the issue, you receive an email notification
indicating that an issue still exists.
Configure the Management Appliance to send email notices
To receive these messages, configure the Management Appliance to send email messages to the designated addresses
whenever there is an issue with a CachePoint service. You can configure email notifications to inform you in case there are
issues with services running on your CachePoint Appliances.
Events that can trigger an email notice
When you configure email notifications, you will receive an email for any of the following events:
Tests of the email notif ication connection.
An internal failure occurs on a CachePoint Appliance that requires an automatic restart.
Log f iles are exported.
Connection issues between Desktops or Session Hosts and CachePoint Appliances occur.
Types of email notifications
Emailnotif ication
Description
CachePoint service
failures
The Management Appliance sends an email message to the designated addresses when an internal service
failure occurs and the affected CachePoint Appliance tries to restart the service or the CachePoint Appliance.
Exporting log filesWhen you export logs for Desktops or the virtual appliances, the software sends the specified recipients an email
notification that includes a link to the log files. For details, click here.
Connection issues
If a Desktop or Session Host loses its connection to its assigned CachePoint Appliance, the Desktop or Session
Host contacts the Management Appliance to either obtain a new IP address for the CachePoint Appliance or to
confirm that it has the correct IP address.
If the Desktop or Session Host has the correct address but cannot communicate with its CachePoint Appliance,
the Management Appliance sends an email notification the first time it tries to communicate with the CachePoint
Appliance.
When you receive this message, verify that the CachePoint Appliance is operational and available on the network.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.256https://docs.citrix.com
Configure email notifications
To setup email notifications, do the following:
1. Select System > Settings and Conf iguration.
2. Navigate to Notif ications Settings and click Edit .
3. In the Mail Server box, enter the name of your email server or the name of the SMTP relay server.
4. In the Mail Server port, enter the number of the port that the email server uses for communication.
5. In the User Name box, enter the username for the email account you want to use for sending notif ications. For example,
6. In the Password box, enter the password for the email account.
7. In the From box, enter an email address to identify the source of the email message. For example, if you enter
[email protected], the email message displays the following in the From box of the received notif ication:
Unidesk Management Appliance [[email protected]]
8. In the Recipient List box, enter the email addresses that should receive notif ications. Use a comma or semicolon to
separate the email addresses.
9. Click Test Email Conf iguration to verify that the settings for the email server and account work correctly. If the test
succeeds, the software displays a success message and sends the recipients a confirmation email.
10. Enter a comment, if necessary, and click Save to save the email settings. If you enter comments, they appear in the
Information view Audit History.
CachePoint Appliance Notifications
Messages sent
The CachePoint Appliance sends the following types of email notifications for service failures:
Internal CachePoint Appliance failure — When an internal service failure on one or more CachePoint Appliances occurs,
an email notif ication alerts you to the problem and informs you that a restart of the service or CachePoint Appliance is
going to occur.
Restart completion — After the restart completes, an email notif ication informs you that the restart of the affected
service or CachePoint Appliance completed successfully.
Restart failed — If the service or CachePoint Appliance restarts do not resolve the issue, an email notif ication alerts you
that the issue still exists and human intervention is required to resolve it.
Actions to take
After being notif ied about a restart, monitor the CachePoint Appliances in the Unidesk Management Console and the
virtual infrastructure to verify that the CachePoint Appliances are operational before trying to access the affected
desktops.
If you encounter any problems with one or more desktops after the restart completes, use the Desktops > Restore
action in the Unidesk Management Console to return the desktop to a previous, operational state.
If you want to change the number of times the Management Appliance tries to restart the CachePoint Appliances,
contact Technical Support.
If the service or CachePoint Appliances restarts fail to resolve the issue, contact Technical Support for assistance.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.257https://docs.citrix.com
Monitor tasks
Jun 28 , 2017
Use the Task bar to monitor Unidesk management tasks. You can:
View the status of completed tasks and tasks requiring user action.
View tasks and subtasks.
Hide tasks.
Cancel subtasks.
The Taskbar updates status information every 10 seconds. You can also update status by clicking the Refresh icon.
Task status indicators
The Task bar uses the following status indicators.
NoteThe stalled status icon indicates that at least one task or subtask did not complete. If you think that a given task with this status will
not complete, you should manually cancel the task (as described later in this topic) and then retry the operation. If the problem
persists, contact Technical Support.
View tasks and subtasks
The following table describes the different ways you use the Task bar to view tasks and subtasks.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.258https://docs.citrix.com
To do this: Use this:
View the status of completed
tasks or tasks requiring user
action.
Task status bar.
The software displays tasks when they complete or when user action is required in the status area at
the top of the Task bar.
If more than one message is available, use the arrow keys on the right side of the task bar to scroll
through the messages.
Click a message to clear the display. This action removes all messages in the Task status bar.
View a list of all tasks,
completed and active.
Main task view.
The software displays all tasks in the Main task view.
Expand the Task bar to view a list of tasks.
Use the filters to refine the display results.
To view additional details about the subtasks in a task, click the i icon.
View a list of subtasks for a
specific task.
Subtask view.
Click i next to a task in the Main task view to open the Subtask view.
Each entry (or row) in the Information view represents a subtask for the selected task.
Hide active tasks
You can hide tasks for the current session, for example if a large number of tasks are active, or if there
is one that will take a long time. Once you log out and log back in, the Task bar displays all tasks again.
To hide a task, select Hide next to the task.
To display all hidden tasks, select View Hidden Tasks at the top of the Tasks bar. To hide these
tasks again, clear View Hidden Tasks.
To change a task from hidden to displayed, select View Hidden Tasks to display hidden tasks and
clear the Hide checkbox next to the task.
Cancel tasks
Most tasks include one or more subtasks. While a task is active you can cancel one or more of the subtasks that are still in
progress. The main task remains active until all subtasks are completed or canceled.
For example, you might want to cancel a task if a system problem occurs and the task is unlikely to complete successfully.
1. Open the Task bar and view the active tasks.
2. Open the Subtask view for a task (click i).3. Select a subtask and click x .
4. When the subtask stops, the Task bar changes the status of the subtask to Canceled by user.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.259https://docs.citrix.com
Brokers
Jun 28 , 2017
You can change the port number for Unidesk Broker Agent, but you'll need to change the setting in two places: On the
broker server, for example, the RDCB server, and in the Unidesk Management Console.
Log in to the Remote Desktop Service system where you installed the Unidesk Broker Agent.
Using regedit, change the value of the following registry entry from the default value of 8015 to the new port number:
\HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\UnideskBrokerAgent\Parameters\ListeningPort
In the Unidesk Management Console, select System > Settings and Configuration.
Click Edit next to the Broker Settings
In the list of Brokers, select the broker server, and click Modify.
Change the Broker Port to match the value you just set it to in the Registry on the server.
Click Test Connection to verify that the new port is working, and click Apply, then Save.
1.
2.
Code COPY
3.
4.
5.
6.
7.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.260https://docs.citrix.com
Users
Jun 28 , 2017
The Unidesk environment can include directory service users and groups, and local Administrators that you create using
the Unidesk Management Console.
Directory service users and groups
The software retrieves information about these users and groups from a remote directory service. To add these users and
groups to the Unidesk directory tree, establish a connection (referred to as a Directory Junction) to a directory server. After
establishing this connection, you can assign Desktops or Session Hosts to the directory service users and groups, add them
to local groups, or assign Administrative roles to users. If you want to change any of the attributes for these users and
groups, you must do so on the directory server.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.261https://docs.citrix.com
Manage users and groups
Jun 28 , 2017
Edit users
The only change you can make for a directory service user is assigning or removing roles. To change all other user attributes,
edit them on the remote directory server.
Delete users
To delete a directory service user, remove them from directory server. You cannot use the Unidesk Management Console to
delete directory service users.
Edit a directory junction
To change the settings for a directory junction:
1. Select Users > Directory Service.
2. Select Edit Properties. This opens the Edit Directory Junction wizard.
3. In the Connection Details tab, change any of the connection details for the directory server.
1. Change the name for the Directory Junction. This name becomes the name of the folder that you see in the Unidesk
directory tree view.
2. Change the IP address for the directory server.
3. Change the number of the port that allows communication with the directory server.
4. If you want to use Secure Sockets Layer (SSL) communication, select the SSL checkbox.
5. Click Test Connection to verify that the connection to the directory server is valid. If you chose to use an SSL
connection and certif icate errors occur, the wizard prompts you to confirm whether you want to accept or reject the
certif icate.
4. In the Authentication Details tab, change the credentials for a user who has permissions to search the directory server.
Display the steps.
1. Enter the ID or distinguished name for a user who has permissions to search the directory server. This ID is the Bind
distinguished name (DN). To determine the correct syntax for the Bind DN, see the documentation for your directory
service.
2. Enter the password for Bind DN.
3. Click Test Authentication to verify that you entered the correct values.
5. In the Attribute Mapping tab, enter the names of directory service attributes that you want to map to local attributes.
6. In the Conf irm and Delete tab, verify the Directory Junction settings are correct, enter a comment if required, and click
Update Directory Junction.
If you enter comments, they appear in the Information view Audit History.
Delete a directory junction
Deleting a Directory Junction deletes all of the cached information in the local database that the software retrieved from
the remote directory service.
Conditions for deletion
You can delete a Directory Junction if :
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.262https://docs.citrix.com
The Directory Junction does not contain any directory service objects that are imported into the Unidesk directory tree.
No Desktops are assigned to any of the directory service users.
The Directory Junction overlaps another Directory Junction (that is, the same users exist in multiple Directory Junctions). In
this case, you can delete the Directory Junction even if the users are imported or have assigned Desktops as long as they
still exist in another Directory Junction.
NoteIf a user who has been imported, assigned a Desktop, or assigned a role exists in the Directory Junction that is being deleted, and
that user does not exist in another Directory Junction, you will not be able to delete the Directory Junction until that user has been
removed.
When you delete an overlapping Directory Junction, you continue to see the imported users if they exist in other Directory Junctions.
Delete a directory junction
Delete all directory service objects that are members of the Unidesk directory tree. Deleting these objects from
the Unidesk directory tree does not affect the objects in the directory service tree.
Use the following icons to identify these objects:
Select Users > Directory Service.
Select a Directory Junction and select Delete in the Action bar. This opens the Delete wizard.
In the Confirm and Complete tab, verify that the correct directory junction is selected, and click Delete DirectoryJunction.
1.
2.
3.
4.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.263https://docs.citrix.com
Change the Administrator password
Jun 28 , 2017
Use these steps to change the password for the original Administrator account created for the Unidesk Management
Console.
1. Log into the Unidesk Management Console.
2. Select User > Administrators.
3. In the list of Administrators select Administrator and click Edit Properties.
4. Enter the new password and type it again in the Conf irm Password f ield.
5. On the Conf irm and Complete tab, click Update User.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.264https://docs.citrix.com
Manage Administrator roles
Jun 28 , 2017
Assigning a role to a user in the Unidesk Management Console allows you to control which Unidesk objects an administrator
can manage.
User roles
The user roles include:
None - These users can use Desktops assigned to them; they cannot log in to the Unidesk Management Console.
Desktop Administrator - These users can log in to the Unidesk Management Console and have limited access to Unidesk
objects.
Administrator - These users can log in to the Unidesk Management Console and can manage all of the Unidesk objects.
If an administrator does not have access to specific modules in the Unidesk Management Console, these modules still
appear in the user interface but the user cannot select any of the actions in these modules.
Permissions for each user role
Roles Module Access
Desktops Layers Users System
None No No No No
Desktop Administrator Yes Yes No Installation Machine
module only
Administrator Yes Yes Yes Yes
Manage Administrator Roles
You can change a user's role if you are logged in as an administrator who has greater permissions than the user's role that
you want to change. If you are logged in as an Administrator, you cannot change the role for the logged-in user.
About assigning roles
The roles that you assign to users control whether they can log into the Unidesk Management Console and manage some
or all of the components in the Unidesk environment.
Assign user roles
1. Select Users > Users.
2. Select a user and select Edit Properties. This opens the Edit wizard.
3. Select one of the following roles from the list:
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.265https://docs.citrix.com
None - These users can use Desktops assigned to them. They have no management permissions and cannot log into
the Unidesk Management Console.
Desktop Administrator - These users have limited access to management tasks in the Unidesk Management
Console.
Administrator - These users have full access to all management tasks in the Unidesk Management Console.
4. You cannot specify a username and password. When you assign roles to directory service users, they use their login
credentials from the directory service to log into the Unidesk Management Console.
5. In the Confirm and Complete tab, click Create User. If you enter comments, they appear in the Information view Audit
History.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.266https://docs.citrix.com
Search for users assigned to Desktops
Jun 28 , 2017
The user assignment search feature is available in the Create Desktops and the Edit Desktop wizards.
1. To use the search feature, enter a full or partial name in the Search box in either of the following locations..
a. The Collect ion AssignmentCollect ion Assignment tab in the Create Desktop wizard.
b. The Collect ion ReassignmentCollect ion Reassignment tab in the Edit Desktop wizard.
2. Click the play icon to start the search. The tree view displays the objects that match your search criteria. You may need
to expand an item in the search results to f ind or select the user, group, or folder that you want.
3. To clear the search result and redisplay the default display that you can browse, click xx next to the Search box to clear it.
The user assignment search feature allows you to search for the name of a user, group, or folder.
You can enter a full or partial name for local objects that you created using the Unidesk Management Console or directory
service objects that are members of a Directory Junction.
You can use the search filter to display only specific types of objects in the search results. Using a filter is useful if you have
a large number of users, groups or folders to search. To use the search filter:
1. Enter the search criteria in the main Search box.
2. Click >> next to the Search box.
3. In the displayed list, select the object type: user, group, or folder. All items are selected by default.
4. Click the play icon to start the search. The wizard displays the objects that match your search criteria AND the selected
filter.
5. To close the f ilter menu, click the down arrow next to the Search box.
When you search for items, the search results match any of the search criteria that you enter in the Search box. The
following table provides information about the search criteria for user assignment searches.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.267https://docs.citrix.com
RuleRule ExampleExample
All searches are case-insensitive, including
words or phrases enclosed in double
quotes (" ").
Searching for Roberts or roberts displays all items that contain either word.
Searching for words or phrases enclosed in
double quotes results in an exact match.
Searching for "Marketing Europe" displays items that include the words Marketing Europe
but not Marketing-Europe.
AND is implied in all searches except for
those enclosed in double quotes.
Searching for Accounting Department, the search looks for words or phrases that
include Accounting AND Department. Therefore, the search results could include both of
the following groups:
Accounting Department Chicago
Accounting Department London
The search results would not include an item named Accounting Management because
its name does not include "Department."
Search uses an implied wildcard at the
beginning and end of the words you enter in
the Search box.
Searching for Smith displays all items that include Smith in their names. For example, the
search result could display entries for Robert Smith, John Smith, and Mary Smith.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.268https://docs.citrix.com
Troubleshoot
Jun 28 , 2017
Export log files to send to Support
Troubleshoot Application Layers
Troubleshoot Doman join issues
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.269https://docs.citrix.com
Export log files and send to Support
Jun 28 , 2017
You can export logs for your Unidesk appliances, and send them to the Unidesk Support team via HTTPS or to yourself and
others by email. You can also export logs for an individual Unidesk Machine(Desktop, Session Host, or Installation Machine).
This topic explains what log files are available for export, and which log files are useful for what kinds of issues. It then
explains how to export each of the logs.
Unidesk log files are text files that contain useful information for the Unidesk Support Team when helping you to resolve an
issue. The log files contain details about the operation of each Unidesk virtual machine (VM) and its communication with
other VMs in the Unidesk environment. The exported logs are stripped of any passwords and encryption keys, so none of
your credentials can be compromised.
What virt ual machine files are export ed?What virt ual machine files are export ed?
Each export includes the logs for the selected VM, along with the MA logs. The Database Crash Dump file export is
optional. When you export logs, the Unidesk software creates a gzipped tar file (.tgz) containing the log files for the
selected VM. A task with the URL for each tar file appears in the Task bar.
Virtual MachineVirtual Machine Exported filesExported files
Management Appliance (MA)
The gzipped tar file (.tgz) with:
MA logs
Crash Dump files (optional)
CachePoint Appliance
The gzipped tar file (.tgz) with:
CachePoint logs
Crash Dump files (optional)
MA logs
Desktop or Session Host
The gzipped tar file (.tgz) with:
Machine logs
Crash Dump files (optional)
MA logs
Installation Machine (IM)
The gzipped tar file (.tgz) with:
IM logs
Crash Dump files (optional)
MA logs and database dump
To view the log files, download them and extract them using a file compression utility such as the WinZip® product.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.270https://docs.citrix.com
What logs should I export f or which issues?What logs should I export f or which issues?
The MA logs are included in the export for any CachePoint(s) or Unidesk Machines because no matter what problem you're
having, you'll need them. When you export logs, you can choose to send them to Unidesk Support and/or to an email
recipient.
For is s ues with.. .For is s ues with.. . Export logs for the.. .Export logs for the.. .
One Desktop or Session Host Desktop or Session Host
Multiple Desktops or Session Hosts CachePoint Appliance(s) for the problem Machines only
Building a Layer Installation Machine (IM)
Management Appliance or database Management Appliance (MA)
Bef ore you st artBef ore you st art
Before you can.. .Before you can.. . You mus t.. .You mus t.. .
Send logs to Unidesk
SupportHave an open Support Case. Create a Support Case explaining the issue you're seeing.
Send email notices Specify your email server in the System > Settings and Configuration > Notifications Settings box.
Export logsMake sure the Log File Retention Settings are configured to keep the logs you need for the length of time
you need.
Export and send CachePoint Appliance andManagement Appliance logs
When you have a problem with more than one Unidesk Machine, you'll need the logs from the CachePoint(s) that they're
on. If you have several CachePoints, don't export them all, as they are large and only the ones with the problem Machines
will be helpful. The MA logs that you need will automatically be exported with the CachePoint logs.
When configuring an export, you can choose to send a copy of the logs to Unidesk Support via HTTPS, or to yourself or
others who need access to the logs via email.
1. In the Unidesk Management Console, select Syst em > Manage AppliancesSyst em > Manage Appliances and click Export Logs. The Export Logs
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.271https://docs.citrix.com
Wizard opens to the Send Options tab.
2. If you want to send the logs to Unidesk via HTTPS and you have a Unidesk Support Case open, click Send t o UnideskSend t o Unidesk
SupportSupport , choose the support case, and type a description in the Contents f ield.
Not eNot e : This option is only available if you have an open Support Case. You can open one and come back to this screen to
select the option.
3. If you want to send the f iles to yourself or others who need access to the logs, select the Email Email check box and type
the addresses in the Recipients f ield. (Use a comma (,) or semi-colon (;) between addresses.
Not eNot e : This f ield is only active if you've configured an email Notif ication in the System > Settings and Configuration >
Notif ications Settings box.
4. In the Log Selection tab, the MA is selected by default. Select only the CachePoint(s) that have problem Machines, and if
you need to include the Crash Dump Files, select the check box to include those.
Shortcut: If you need to select all or most of the appliances in the list, select the f irst one and press CTRL-A, then
deselect the ones you don't need. However, we recommend selecting only the relevant CachePoints.
5. In the Confirm and Complete tab, click Export Logs to start the export process. The software locates the log f iles on
each of the selected appliances and exports them to a gzipped archive f ile (*.tgz) on the appliance.
Export Desktop logs
If you are having an issue with a Desktop, you can export the log f iles from it. If you are having the same issue with morethan one Desktop, you can save time by exporting the logs for the CachePoint(s) involved instead.1. Select Deskt opsDeskt ops and the Desktop whose log f iles you want to export.
2. Select Rest art /Shut DownRest art /Shut Down and the Shut downShut down option.
3. Select the Desktop and select Desktop Diagnostics in the Action bar. This opens the Desktop Diagnostics wizard.
4. In the Diagnostic Selection tab, select Export Desktop Logs. The options for sending the logs are displayed.
5. If you want to send the logs to Unidesk via HTTPS and you have a Unidesk Support Case open, click Send t o UnideskSend t o Unidesk
SupportSupport , choose the support case, and type a description in the Contents f ield.
Not eNot e : This option is only available if you have an open Support Case. You can open one and come back to this screen to
select the option.
6. If you want to send the f iles to yourself or others who need access to the logs, select the EmailEmail check box and type
the addresses in the Recipients f ield. (Use a comma (,) or semi-colon (;) between addresses.)
Not eNot e : This f ield is only active if you've configured an email Notif ication.
7. In the Confirm and Complete tab, click Export Logs. The software locates the log f iles from the desktop and the
Management Appliance and exports them to a gzipped archive f ile (*.tgz).
Export Session Host logs
If you are having an issue with a Session Host, you can export the log files from it. If you are having the same issue with
more than one Session Host, you can save time by exporting the logs for the CachePoint(s) involved instead.
1. Select Session Host Session Host and the Session Host whose log f iles you want to export.
2. Select Rest art /Shut DownRest art /Shut Down and the Shut downShut down option.
3. In the Diagnostic Selection tab, select Export Session Host Logs. The options for sending the logs are displayed.
4. If you want to send the logs to Unidesk via HTTPS and you have a Unidesk Support Case open, click Send t o UnideskSend t o Unidesk
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.272https://docs.citrix.com
SupportSupport , choose the support case, and type a description in the Contents f ield.
Not eNot e : This option is only available if you have an open Support Case. You can open one and come back to this screen to
select the option.
5. If you want to send the f iles to yourself or others who need access to the logs, select the Email Email check box and type
the addresses in the Recipients f ield. (Use a comma (,) or semi-colon (;) between addresses.)
Not eNot e : This f ield is only active if you've configured an email Notif ication.
6. In the Confirm and Complete tab, click Export Logs. The software locates the log f iles from the desktop and the
Management Appliance and exports them to a gzipped archive f ile (*.tgz).
Export Installation Machine (IM) logs
If you are having issues creating a Layer, export the logs from the IM you're using.
Bef ore you st artBef ore you st art : You must be using the IM to create a Layer, and the IM must be in a Running state.
1. Select the IM and click Inst all Machine Diagnost ics Inst all Machine Diagnost ics .
2. In the Diagnostic Selection tab, select Export Installation Machine Logs. The options for sending the logs are displayed.
3. If you want to send the logs to Unidesk via HTTPS and you have a Unidesk Support Case open, click Send t o UnideskSend t o Unidesk
SupportSupport , choose the support case, and type a description in the Contents f ield.
Not eNot e : This option is only available if you have an open Support Case. You can open one and come back to this screen to
select the option.
4. If you want to send the f iles to yourself or others who need access to the logs, select the Email Email check box and type
the addresses in the Recipients f ield. (Use a comma (,) or semi-colon (;) between addresses.)
Not eNot e : This f ield is only active if you've configured an email Notif ication.
5. In the Confirm and Complete tab, enter a comment, if necessary, and click Export Logs. The software locates the log
files from the Installation Machine and the Management Appliance and exports them to a gzipped archive f ile (*.tgz).
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.273https://docs.citrix.com
Troubleshoot Application Layers
Jun 28 , 2017
This article explains how to troubleshoot typical issues with Application Layers.
Quick review of t he basicsQuick review of t he basics
When a user opens a file on their Unidesk Desktop, the Unidesk software directs Microsoft Windows to open the file from
the Layer with the highest priority. The Personalization Layer, which contains files created or modified on the Desktop, is
always highest priority, so Windows will be directed to the Personalization Layer as the source for those files. If the file isn't
found in the User Layer, the Unidesk software looks for it in the Application Layers. If Windows finds the file in an more than
one Application Layer or Layer Version, it uses the file in the most recently created Application Layer Version. Finally, if
neither the User Layer nor an Application Layer has the file, Unidesk uses the version of the file that’s in the Operating
System Layer, the Layer with the lowest priority.
Note: By default, Application Layer priority is determined by the Layer/Version creation date or modification date. There are
ways override the default priority, as explained later in this article. However, in most cases, this prioritization works well.
Imagine a scenario where the user has installed an application on their Desktop. Because the application is user-installed, it
is stored in the person's Personalization Layer. The application has an old version of foo.dll. If an IT-delivered application (in
an Application Layer) needs a later version of that same dll (foo.dll), the IT-delivered application will not work correctly on
that user’s Desktop. That's because Windows finds the Personalization Layer version of the file and uses that one instead
of the newer version in the Application Layer. The good news is that you can fix an issue like this, as Unidesk gives you a few
ways to control where a file will be delivered from.
When I creat e a new Deskt op, one or more applicat ions do not work correct lyWhen I creat e a new Deskt op, one or more applicat ions do not work correct ly
Administrators often create all of the Application Layers and just start deploying new Desktops with all of the layers. This
can work fine but if it doesn’t, step back and take an incremental approach to isolate the issue.
Can you create a Desktop with just the Operating System Layer and the failing Application Layer? If that doesn’t work
then you have an issue with that particular application. Check the Application Layer Recipes page for details on specif ic
applications. Iif you don’t see your application in the recipes, open a support case.
If you have a clear conflict between 2 layers you have several choices for resolving that conflict. You can:
Combine the conflicting applications in a single Layer, often the simplest solution.
Create one of the Layers using the conflicting Layer as a prerequisite Layer. This is best in case where you need to
deploy and update the applications separately. When you specify a prerequisite layer, the Installation Machine will be
created with both the specif ied OS and the prerequisite Layer installed. You will need to remember to always include
that prerequisite Layer when you update your application.
An applicat ion is not working correct ly on an exist ing Deskt opAn applicat ion is not working correct ly on an exist ing Deskt op
If the application used to work on the Desktop and now it isn’t the solution is often a simple reinstall. Editing the Desktop
and selecting the reinstall checkbox for the failing application simply removes any files from the user layer that are part of
the application layer.
When I deploy a new version of an applicat ion t o a Deskt op it does not work correct ly.When I deploy a new version of an applicat ion t o a Deskt op it does not work correct ly.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.274https://docs.citrix.com
Try a reinstall of the application; edit the Desktop and check the reinstall flag on the application that is not working. If that
works this was due to some change on the user Desktop that is incompatible with the new application version. Ask the user
to check that all of their self installed applications are working.
If reinstall did not work, the issue is probably not specific to that user’s Desktop. (Keep in mind that you can roll the
Desktop back to an earlier version of the application to keep the user productive while you do furt. Try deploying the new
version of the application to a newly created Desktop. If it works in the newly created Desktop then you know there is
some conflict with another application layer that was deployed on the user’s Desktop or possibly with something that the
user has installed themselves.
When creat ing a new layer version t he inst all machine says t hat Windows needs t o be act ivat edWhen creat ing a new layer version t he inst all machine says t hat Windows needs t o be act ivat ed
If this is not impacting your layer update, just ignore it! Microsoft is detecting a change in the activation information of the
OS layer and of the application layer that you are updating. This will not have any impact when the application is deployed
to a Desktop because the activation information is in the user layer on the Desktop. If you do require activation to
complete your new layer version (possible if you are installing MSFT patches) then go ahead and activate in the install
machine.
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.275https://docs.citrix.com
Troubleshoot Domain join issues
Jun 28 , 2017
Debug domain join issues
When a Windows Desktop is created in Unidesk it runs through the Microsoft Windows mini-setup process, which uses a
file called unattend.xml to configure a variety of Desktop settings. We recommend that you use the Unidesk Unattend
builder tool to create your unattend file. With the Unattend builder you can specify all of the settings required to join the
Desktop to the domain during creation.
If your Desktop is not joining the domain correctly, here are some common issues and how to solve them.
Keep in mind that while you will look at logs on the Desktop Unattend to identify your problem, you will update the
unattend file in your OS layer or in an application layer to correct it so that newly created Desktops will successfully join
your domain.
First things to check
Check t he Set upact log on t he Deskt op f or errorsCheck t he Set upact log on t he Deskt op f or errorsCheck t he Set upact log on t he Deskt op f or errorsCheck t he Set upact log on t he Deskt op f or errors
The following log file details the progress of the mini-setup process, including a summary line for each domain attempt.
Check this log file for errors:
C:\Windows\Panther\UnattendGC\setupact.log
Note: Be sure you are not looking at the setupact log in C:Windows\Panther. You want the log file that's in
C:Windows\Panther\UnattendGC.
Search for DJoin.exe to see a log of the domain join operations:
DsGetDCName failed: 0x54b … check your fully qualified domain name
NetJoinDomain attempt failed: 0x89a … check your domain join credentials
NetJoinDomain attempt failed 0x2: check your OU specification
Still stumped? For other log files to check, go to the section on Advanced debugging later in this article.
Check your unat t end file f or common problems and fix any issuesCheck your unat t end file f or common problems and fix any issues
Let’s assume that you have this configuration:
f ully qualif ied domain namef ully qualif ied domain name: vdidomain.acme.com or vdidomain.localshort domain nameshort domain name: vdiOUOU: acmegrp1Domain accountDomain account : Administrator
1. Open the unattend f ile on the Desktop and check for some common problems. The unattend f ile is located in
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.276https://docs.citrix.com
c:\windows\panther.
Search for the <JoinDomain> tag and check the fully qualif ied domain name. It should look like one of these examples:
<JoinDomain>vdidomain.local</JoinDomain>
<JoinDomain>vdidomain.acme.com</JoinDomain>
Check the domain specif ication by searching for the Domain tag: <Domain>. The Domain tag must be the short domain
name, not the fully qualif ied domain name.It should look like this:
Correct: <Domain>vdi<Domain>
Incorrect: <Domain>vdidomain.acme.com<Domain>
Check the Username specif ication. It should look like this:
Correct: <Username>Administrator</Username>
Incorrect:<Username>vdi\Administrator<\Username>
Check the processor architecture
In the component tag, make sure processorArchitecture is correct for your platform, either amd64 or x86.
2. Fix any issues you f ind in the unattend.xml, either by editing the f ile manually, or by re-running the Unattend builder. This
involves creating a new version of your OS layer to update the unattend f ile:
a. In the Unidesk Management Console, click Operating System Layer > Add Version. Allow the Operating System Layer
to boot up in the Install Machine, and log in.
b. Once logged in, either edit unattend.xml, or re-run the Unattend builder:
Run Notepad as Administrator, edit C:\Windows\Panther\unattend.xml, and save the f ile.
c. Finalize the layer
3. Deploy a new Desktop with your latest OS version and check for successful domain join.
Check the Netsetup log file for errors
One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Look for the section with
today's date to watch the process from the beginning, or go to the bottom of the file to see the last attempt and why it
failed. If an attempt fails, Windows makes another attempt every five seconds, up to 80 times, As a result, your log may
contains many duplicate failure messages.
A successful domain join displays the following message:
05/01/2012 09:28:01:740 NetpDoDomainJoin: status: 0x0
This line appears at the bottom of the last attempt, and denotes that the domain join process succeeded. Any return
status other than 0x0 denotes a failure. You may also see the following lines above it, which also show success:
05/01/2012 09:28:01:740 NetpCompleteOfflineDomainJoin: status: 0x0
05/01/2012 9:28:01:740 NetpJoinDomain: NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.277https://docs.citrix.com
Failure, again, is a non-zero return code:
01/20/2012 10:53:01:232 NetpDoDomainJoin: status: 0x2
One of the most common failures is an error attempting to connect to the IPC$ share on the domain controller. It will look
like this:
05/02/2012 23:14:21:057 NetUseAdd to \\DC1.company.local\IPC$ returned XXXX
Get the returned message (XXXX)and run net helpmsg XXXX from a command prompt to see the specific error. The
following are common domain join errors and solutions to those errors.
Failure 1231Failure 1231
07/12/2012 14:38:52:122 NetUseAdd to \\DC1.company.local\IPC$ returned 1231
07/12/2012 14:38:52:122 NetpJoinDomain: status of connecting to dc '\\TDC1.company.local': 0x4cf
07/12/2012 14:38:52:122 NetpJoinDomainOnDs: Function exits with status of : 0x4cf
07/12/2012 14:38:52:122 NetpDoDomainJoin: status: 0x4cf
Pre-1.5 versions of Unidesk had a timing issue that could cause domain joins on Windows 7 x64 to fail randomly. Upgrade to
the latest version of Unidesk if you are using a version earlier than version 1.5.
This error may aslo be the result of mixing layers that were built from different OS layers. Resolve it by deploying with just
the Operating System Layer. Once you can identify which Application Layer is breaking the domain join process, recreate
that layer with the current version of the current OS layer.
If you cannot find conflicting layers, use the PowerShell script for joining the domain:
http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations
Failure 1326Failure 1326
05/02/2012 23:07:31:696 NetUseAdd to \\DC1.company.local\IPC$ returned 1326
05/02/2012 23:07:31:696 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x52e
05/02/2012 23:07:31:696 NetpJoinDomainOnDs: Function exits with status of : 0x52e
05/02/2012 23:07:31:696 NetpDoDomainJoin: status: 0x52e
Failure 1326 is a straightforward password error, "Logon failure: unknown user name or bad password." Double-check the
username and password in your unattend.xml file.
Failure 1909Failure 1909
05/02/2012 23:14:21:057 NetUseAdd to \\DC1.company.local\IPC$ returned 1909
05/02/2012 23:14:21:057 NetpJoinDomain: status of connecting to dc '\\DC1.company.local': 0x775
05/02/2012 23:14:21:057 NetpJoinDomainOnDs: Function exits with status of : 0x775
05/02/2012 23:14:21:057 NetpDoDomainJoin: status: 0x775
A 1909 error means "The referenced account is currently locked out and may not be logged on to." Go to your Active
Directory and unlock the account. You should also determine how the account got locked. Often the account becomes
locked because the unattend.xml has an incorrect password. Attempting to join a domain retries dozens of times. If the
password is incorrect, you might get three password failures and dozens of "account locked" failures.
Bad OU specifiedBad OU specified
01/20/2012 10:53:01:232 NetpCreateComputerObjectInDs: NetpGetComputerObjectDn failed: 0x2
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.278https://docs.citrix.com
01/20/2012 10:53:01:232 NetpProvisionComputerAccount: LDAP creation failed: 0x2
01/20/2012 10:53:01:232 NetpProvisionComputerAccount: Cannot retry downlevel, specifying OU is not supported
01/20/2012 10:53:01:232 ldap_unbind status: 0x0
01/20/2012 10:53:01:232 NetpJoinDomainOnDs: Function exits with status of : 0x2
01/20/2012 10:53:01:232 NetpJoinDomainOnDs: status of disconnecting from '\\DC1.company.local': 0x0
01/20/2012 10:53:01:232 NetpDoDomainJoin: status: 0x2
The message "Cannot retry downlevel, specifying OU is not supported" means that the specified OU is invalid. This error
could indicate that the OU does not exist within the AD, or that you are attempting to specify the default Computers
container. Windows requires that the default OU be left unspecified, so if you want to put new Desktops into the default
Computers OU, you must delete the <MachineObjectOU> line entirely. Look further up the log file for what the specified
OU is:
01/20/2012 10:53:01:123 lpMachineAccountOU: OU=Computers,OU=VDI,DC=company,DC=local
Verify the existence of the specified OU and confirm that it is not the top-level Computers container.
Bad domain specified
If the domain name itself is invalid, a domain join makes no entries to NetSetup.log and does not create a log file. In this
situation, look in C:\Windows\Panther\UnattendGC\setupact.log for lines like this:
2012-07-13 16:11:15, Warning [DJOIN.EXE] Unattended Join: DsGetDcName failed: 0x54b, last error is 0x0, will retry in 5
seconds...
The error text for 0x54b (1355) is "The specified domain either does not exist or could not be contacted." You can look
further up in the setupact.log to see exactly what domain you were trying to join. Note that this is an error with the
"JoinDomain" tag, not the credentials.
Insufficient user rights
07/17/2012 13:26:47:524 NetpMapGetLdapExtendedError: Parsed [0x5] from server extended error string: 00000005:
SecErr: DSID-03152492, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
07/17/2012 13:26:47:524 NetpModifyComputerObjectInDs: ldap_add_s failed: 0x32 0x5
07/17/2012 13:26:47:524 NetpCreateComputerObjectInDs: NetpModifyComputerObjectInDs failed: 0x5
07/17/2012 13:26:47:524 NetpProvisionComputerAccount: LDAP creation failed: 0x5
...
07/17/2012 13:26:47:539 NetpDoDomainJoin: status: 0x5
The user account you specify must have rights to add machine accounts to the domain in the specified OU. This error
appears when you have a valid account with insufficient privileges. Either try a different account or adjust the account
privileges in the domain.
Use another approach to domain join: Add a script tothe deployment process
If you are unable to make your domain join work automatically via the unattend file, you can try adding a PowerShell script
to the deployment process to do the domain join. For more information, see this article
http://www.unidesk.com/support/kb/using-powershell-advanced-domain-join-operations
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.279https://docs.citrix.com
More about how domain join works
The relevant section of the unattend.xml belongs in the 'pass="specialize"' settings block:
<settings pass="specialize" wasPassProcessed="true">
And the UnattendedJoin block within it looks like this.
<component name="Microsoft-Windows-UnattendedJoin" processorArchitecture="amd64"
publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS"
xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance">
<Identification>
<Credentials>
<Domain>company</Domain
<Password>thePassword</Password>
<Username>administrator</Username>
</Credentials>
<JoinDomain>company.local</JoinDomain>
<MachineObjectOU>OU=VDI,OU=lab,DC=company,DC=local</MachineObjectOU>
<DebugJoin>true</DebugJoin>
</Identification>
</component>
T here are f our element s of block t hat need t o be correct :T here are f our element s of block t hat need t o be correct :
1. In the "component" tag, make sure "processorArchitecture" is correct for your platform - either "amd64" or "x86".
2. In the "Identif ication" block, the "Credentials" block must be correct. The "Domain" tag must be the short domain name,
not the FQDN. The "Domain" and "Username" tags are joined to create the account that the Desktop will login to the
domain as in order to create the Machine Account. The account must exist and be a domain administrator or a service
account with suff icient privileges to create Machine Account objects. In this example, "company\administrator" logs in
with password "thePassword". Note that the password is stored in the gold as plain text, but is replaced with the string
"*SENSITIVE*DATA*DELETED*" during deployment to preserve security.
3. The "JoinDomain" tag must contain the full domain as a FQDN. The Desktop logs in to and joins this domain using the
credentials described above earlier.
4. The "MachineObjectOU" tag must refer to an existing OU. It must not refer to the default Computers container. If you
want your Desktops to appear in the default Computers container for your domain, you must delete the entire
MachineObjectOU line. The reason is that the MachineObjectOU field must refer to an OU, but Computers is actually a
CN. You cannot specify a CN there, and if you reference Computers as an OU, it's an error. So to get the default, which
you can't specify, you must not have the line at all. (When using the Unattend Builder from Unidesk, specify the
Computers container by putting nothing in the "OU to Place Desktops" f ield.)
Note that if the machine already has a Machine Account in your domain (for instance because you are reusing names from
Desktops that have been created and deleted before), the domain reuses the existing Machine Account in whatever
location it is already in, ignoring the one specified in unattend.xml.
One log file details the entire process of joining the domain: C:\Windows\debug\NetSetup.log. Review this file after
© 1999-2017 Citrix Systems, Inc. All rights reserved. p.280https://docs.citrix.com
deployment to determine why the attempt to join the domain failed. Look for the section with today's date to watch the
process from the beginning, or go to the bottom of the file to see the last attempt and why it failed. If an attempt fails,
Windows makes another attempt every five seconds, up to 80 times, As a result, your log may contains many duplicate
failure messages.
A second log, C:\Windows\Panther\UnattendGC\setupact.log, details the progress of mini-setup, including a summary line
for each domain attempt. At least one type of failure (bad domain specified) results in no NetSetup.log being created, so
you would have to see the failure information in setupact.log. If you find no current information in NetSetup.log, or no log
at all, check setupact.log.