Cloning Citrix XenApp 4.5 on VMware ESX 3.5
Pressentation Server 4.5 Infrastructure Build Guide August 1st. 2008, 2:50pmIf you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Though running Citrix XenApp 4.5 - formerly Citrix Presentation Server 4.5 - on XenServer 4.1, the new virtualization platform from Citrix, might be a likely topic for a Citrix Training Center blog, today the Citrix story I have to tell is actually about running XenApp 4.5 on VMware’s Virtual Infrastructure 3 (VI3), because that’s what the customer was doing.
Apparently there’s a new industry coming up that is projected to bloom into a hundred and sixty billion dollar industry, soon, called “infrastructure on demand”.
The task was to create a “button” to press that would provision Citrix server vm’s, apps installed, Citrix software installed, configuration complete and documented, immediately, and while many of my peers approach this from a scripting point of view, with Windows sysprep utility and Enteo software complicating the process, I decided to see if I could get a citrix-vm clone going, having been hanging around training centers for the past 15 years and dealing with ghost issues all this time, having seen an older MetaFrame XP advanced admin course that bulleted a full page with what to watch out for when cloning Citrix servers, and knowing that the current version of the CCIA books say several times that Citrix supports cloning.
I Googled the issue and found very little from Citrix specifically, understandably with their big push for XenServer. Still, there were a few bloggers who’d tried it, and a couple of Powerpoints by VMware and Citrix from a couple of years ago, and I gave the new software a try at the old tricks.
I used Citrix XenApp 4.5 Feature Pack 1 (FP1), on a Windows 2003/R2 base server, in a Windows 2003 AD domain. The VMware box was ESX 3.5 on a powerful Dell box, with Virtual Center 2.5 installed on a vm inside the ESX box, as the cloning feature is exclusive to the Virtual Center, not available on ESX 3.5 being managed directly as a standalone host.
After building the domain controller, TS and Citrix Licensing on that DC, installing SQL Express on the DC, and configuring AD appropriately for Citrix (see blog article on this site….), I built the prototype Citrix server, installing Terminal Services and XenApp 4.5.
That much is standard stuff you’d do on day one of a Citrix class, or day one or two of an implementation. The only modifications here, creating the “golden template” from which all future Citrix servers will be cloned, is that
1) The balloon memory driver feature of vmtools should be left out of the Citrix server image.
2) The Resource Manager feature is de-selected, as EdgeSight will be used to monitor the performance of the Citrix Servers, as well as load test and optimize them. (If Resource Manager were to be left installed, the local resource manager database would need to be deleted before cloning, while the Resource Manager service was stopped.)
3) Each vmdk needs two full gig of RAM,and there should be two vmdk’s, one for the system, at about 10 GB, and another for applications. The page file should go on the second vmdk.
4) The Microsoft utility “UPHClean” should be installed, and any profiles should be cleaned up before cloning - ideally no profiles will ever have been created on the golden template.
5) Several settings in Terminal Services that are relevant to the Citrix implementation can be configured either in GPO’s or in the Terminal Services configuration (TSC) tool on each server. Since in the Windows 2000 days there was no option for Terminal Server GPO’s, and since we’re cloning anyway, out of nostalgia I set the security in the TSC - specifically locking down the RDP listener to admins only (big default security hole!), and configuring disconnect timeouts and shadow settings.
6) The applications installed were Microsoft Office 2003 and the Microsoft CRM client, and Adobe Reader. They were installed using “TRANSFORMS” files from Microsoft, edited in ORCA.
7) Administrators for the farm need to be set as Domain Admins, if that hasn’t already been done; there will be a problem if the domain admin can’t manage the farm.
8 ) With the Platinum license, the Citrix server has to be patched and the new Access Management Console (AMC) has to be downloaded, and the server inside the new AMC has to be set to “Platinum”, about twenty-five minutes of tedious work that can be washed away by the new cloning process, as long as it is endured during the creation of the golden template.
9) One more thing on the golden template - the “newsid” utility from Microsoft should be easily accessible on the local hard drive, because there will need to be a rename of the server before it hits the network. The “querydc” utility is also quite useful (see the blog on advanced IMA) and so might as well be included in the template as well. Any other custom utilities should be added at this point.
When the golden template is finally perfect, and has been tested, any WebInterface or pnagent site should be deleted, as it can be re-created much more easily than all those others in the clones can be deleted.
Finally in the Virtual Infrastructure client, in the virtual Center “data center”, the XenApp server can be “cloned to template”.
To see the template, switch to the “Virtual Machines and Templates” view in the Inventory of the Virtual Infrastructure Client (VIC). Right clicking on the template object offers either cloning, or “deploying” a virtual machine from a template. The “deploy” is the common option used in vmware, and requires sysprep files copied to the vmware virtual center server, and a customization wizard with ten screens full of questions. The purpose of this exercise was to get the job done as fast as possible. So the other option, “clone”, is like the old ghost technology. It just makes a copy of the original, and you are on your own as far as customizing it properly.
The clock, so to speak, starts ticking when I click “clone”. I take all the potential issues into account. I tested my server in a test lab and then production, and the test results held up. The design scaled well, with the template converted to a vm temporarily to get updates to the CRM client before going back into the “Templates” view. The clock starts ticking now, and the clock ends when I have a second server in the farm, apps installed, best practices configured, and in the domain properly, in a scalable model, which happens to be about twenty five minutes later.
First, I disable the NIC, logged into the console of the new server in Virtual Center. Can’t have this thing on the network yet.
Second, I run “newsid” from the local hard drive of the new clone. While getting a new sid, it also renames the computer to whatever we want - here we name it the same as the name in virtual center.
When the virtual center server reboots after newsid, log in as the local administrator and change to a workgroup, from the domain. Then enable the NIC, change the IP address and configure IP, then re-join the domain.
Log in as the domain admin now, launch a command prompt, and invoke the “change farm” utility, by typing “chfarm”. This will allow the server to be (temporarily) placed in a stand-alone “test” farm with a local MS Access database.
When the IMA service starts successfully - about two minutes later - then restart the change farm utility, this time joining the production farm as if for the first time.
The final catch, though, is that the super-critical-for-printing system account that’s supposed to be local to every Citrix 4.5 server. The “ctx-cpsvcuser” account, is corrupt. One way to fix this is to go in to the printers and drivers section of the windows server, remove the Citrix Universal Printer, and delete the corrupted account from the permissions tab in the TSC under the ICA listener.
Then go to “Add/Remove” programs, click on the “Citrix Presentation Server 4.5″ entry, and click “change/remove”. On the following screen, faced with “Modify, repair, or remove”, choose “repair”. Browse to the MSI on the Citrix server CD, and wait. Seven or Eight minutes can go by, but when it’s over, the driver AND the user account are fixed.
The apps need to be modified to run on the new server as well, and the custom load evaluator has to be applied to the new server manually.
Finally, the Citrix server is moved into the appropriate Organizational Unit (OU) in the domain, applying all security and profile optimization settings.
And we have a new workhorse in the farm, hitting the ground running, about twenty five minutes after the clock started running.
Was this information helpful? Feel free to share your comments/experiences below.
August 4th, 2008 at 6:14 am
Very nice article…
I have 2 remarks about the article:
With Virtual Center 3.5 I think you are pointing to VC 2.5?
In Step 3 i think you mean vmdk instead of vm..?
August 4th, 2008 at 5:44 pm
Thanks for the comment, I will make the changes.
August 6th, 2008 at 5:16 am
Do not use Newsid as it will indeed screw up the “ctx-cpsvcuser”. Use Sysprep instead, this will not lead to curruption of this account. I do not understand why you have to use the Changefarm command twice? I always make the server member of the correct farm and then just disable some of the Citrix services (e.g. IMA). Always do “dsmaint recreatelhc” and “dsmaint recreaterade”as well. After the cloning proces, just start the services (set to automatic) and the server will be a member of the farm with it’s new name. There are some other steps involved, but these are the important ones.
August 7th, 2008 at 4:20 am
Nice post, but that seems harder than it should be. I personally would have used the Guest Customization script capability in VCS to deploy the XenApp guest from template. This will give you options answer all the questions that sysprep needs to do it’s thing, but you can also have scripts called after the XenApp guest is deployed that could finish the clean-up.
Most importantly, you can save and re-use the guest cust script so that each XenApp server can be deployed with a few clicks. True 1-touch deployment might might be possible if we create a Perl script that triggers the whole process by interacting with VCS SDK, but I digress.
September 15th, 2008 at 3:20 pm
I’m curious why you say to disable the memory control driver in the VM tools. What problems have you found with that driver and Citrix?
September 25th, 2008 at 2:17 pm
There is so much wrong with this method, its hard to know where to start. Knowing Mr. C, makes it even harder. While Mr. C is a competant instructor, his real world knowledge of VMware is VERY lacking and Citrix knowledge is basic. Note I said real world.
Here are somethings for you to research Mr. C and anyone who actually tries the above method.
Do a registry search for your old server name after the clone, you will see several issues right off the bat.
What about anti Virus such as mcafee and netbackup? They depend on the server name - see above.
DONT use newsid, Mr C most likely got that from a blog, if anything use the sysprep and VMware method. Personally, the whole clone thing is slow and clunky for most real world citrix server configs. Further try doing the above if you already have service packs installed (note - reinstall of citrix breaks citrix best practice of uninstall sp, then repair, reinstall sp + hotfix).
When you use the citrix and pro blog method of cloning, you may find that you have WMI errors which creap up, the best part about his article is the resource manager item, the rest STAY away from.
Last, how should you consider doing it? I recommend a clone process for 2003 with apps installed (not the ones you will find that use the server name to operate), after the clone, add to domain, add antivirus, backup soft, monitor software and SCRIPT the install of Citrix. Its easy, its FAST and it works. Ill race the above install method any day and will have a installed, operational, supportable server on each clone. No mess, no old stuff. Here is the hint - search Stealthpuppy, he is the man.
And btw - want to learn about Citrix, Unitek is where Mr. C works in Fremont. If you have experience avoid, if you need to learn Citrix Mr. C does a good job, just take it with a grain of salt. Also be sure to bring your tea bags to class.
March 1st, 2009 at 3:07 pm
haha ^^ nice, is there a section to follow the RSS feed
April 18th, 2009 at 8:56 am
thank you, finally, found the instructions!
September 29th, 2009 at 7:27 am
Charlie Tea:
I think you are being a little too harsh in your comments. In fact you come across like like a real jag off, a braggart, and a fool who thinks his shit doesn’t stink. Take my advice and keep your mouth shut if you are going to throw around attitude like that.
February 2nd, 2010 at 3:01 pm
Was looking around..saw “Virtualization Guru” reply. Who is actually the instructor for the course. He is ( I believe) no longer employed do to a multitude of issues. But I will be the first to say, Charlie was very good at reading from the book, doing his own research and trying to instruct. As I said earlier, more than competent to train a new student. However a lack of real world experience is what motivated myself and many others to avoid his classes. Anyone who is experienced and who took classes feel the same way. This is not to bash him (although it sure feels that way..) but to advise you before spending the money or taking his advice at face value. Just remember the old saying about those who cant do..teach. But to be fair its that way on all instructors, to prepare for classes it takes a lot of time, and to be able to get the experience you need to actual teach at a high level is rare. I once knew an instructor who only taught twice a year, its the only time he could get off his real job, he was the best and made a lot of money. But the monthly instructors do good work - I just keep coming back to the issue that it should not all be taken at face value.