Citrix DaaS

Manage machine catalogs

Note:

This article describes how to manage catalogs using Studio and PowerShell commands. If you created the catalog using the Quick Deploy node, and continue using that node to manage the catalog, then follow Manage catalogs in Quick Deploy.

Introduction

You can add or remove machines from a machine catalog, and rename, change the description, or manage a catalog’s Active Directory computer accounts.

Catalog maintenance can also include the tasks of making sure that each machine has the latest OS updates, antivirus software updates, operating system upgrades, or configuration changes.

  • Catalogs containing pooled random machines created using Machine Creation Services (MCS) maintain machines by updating the image used in the catalog and then updating the machines. This method lets you update large numbers of user machines efficiently.
  • For catalogs containing static, permanently assigned machines, you can manage the image or template that those catalogs currently use but only the machines you add to the catalogs later are created using the new image or template.
  • For Remote PC Access catalogs, you manage updates to users’ machines outside of Studio. Perform this task individually or collectively using third-party software distribution tools.

For information about creating and managing connections to host hypervisors and cloud services, see Create and manage connections and resources.

Note:

MCS does not support Windows 10 IoT Core and Windows 10 IoT Enterprise. Refer to the Microsoft site for more information.

About persistent instances

When updating the master image for an MCS catalog containing persistent machines, any new machines added to the catalog use the updated image. Existing machines continue to use the original master image. The process of updating an image is done the same way for any other type of catalog. Consider the following:

  • With persistent disk catalogs, the pre-existing machines are not updated to the new image, but any new machines added to the catalog use the new image.
  • For non-persistent disk catalogs, the machine image is updated the next time only if the machine is restarted within Studio or PowerShell. If the machine is restarted from the hypervisor outside of Studio, the disk is not reset.
  • For catalogs that do not persist, if you want different images for different machines, the images must reside in separate catalogs.

Manage Machine Catalogs

You can manage a machine catalog in two ways:

Use Studio

This section details how you can manage catalogs using Studio:

View catalog details

  1. Use the search function to locate a specific machine catalog. Refer to Search for instances for instructions.
  2. From the search results, select a catalog as necessary.
  3. Refer to the following table for descriptions of the catalog columns.
  4. Click a tab in the bottom details pane for more information about this catalog.
Column Description
Machine Catalog

The name and the allocation type of the catalog. Allocation types include:
  • Random: Machines in the catalog are allocated to a user randomly.
  • Permanent: Machines in the catalog are allocated to a user permanently.
  • Machine Type




    The supported session type of the machines in the catalog. Possible values include:
  • OS type: Multi-session OS (Virtual); User data: Discard.
  • OS type: Multi-session OS (Virtual); User data: On local disk
  • OS type: Single-session OS (Remote PC Access)
  • OS type: Single-session OS (Virtual); User data: Discard
  • OS type: Single-session OS (Virtual); User data: On local disk
  • Machine Count The machine count in the catalog and the provisioning method. Possible provisioning methods include: Machine Creation Services (MCS machine), Manual, and Citrix Provisioning Services.
    Allocated Count The number of machines in the catalog assigned to a delivery group.
    Folder The location of the catalog within the Machine Catalogs tree. It displays the name of the folder that the catalog is in (including the trailing backslash), or - if the catalog is at the root level.
    VDA Upgrade VDA Upgrade State. Possible values include: Not configured, Scheduled, Available, and Up to date.
    Image Status The status of the image update of the catalog. Applicable only to non-persistent machine catalogs. Possible values include: Fully updated, Partially updated, Pending updates, Preparing

    Add machines to a catalog

    Before you start:

    • Make sure the virtualization host (hypervisor or cloud service provider) has sufficient processors, memory, and storage to accommodate the additional machines.
    • Make sure that you have enough unused Active Directory computer accounts. If you are using existing accounts, the number of machines you can add is limited by the number of accounts available.
    • If you use Studio to create Active Directory computer accounts for the additional machines, you must have appropriate domain administrator permission.

    Tip:

    If the Citrix DaaS account used to add machines to the machine catalog has restricted AD permissions, add all Cloud Connectors you intend to use in the Log on to.. screen.

    To add machines to a catalog:

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a machine catalog and then select Add machines in the action bar.
    3. On the Virtual Machines page, select the number of virtual machines to add.
    4. On the Machine Identities page, configure the settings as follows:

      • Select an identity from the list.

      • If applicable, indicate whether to create accounts or use existing ones, and the location (domain) for those accounts.

        If there are insufficient existing Active Directory accounts for the number of VMs you are adding, select the domain and location where the accounts are created.

        If you use existing Active Directory accounts, browse to the accounts or select Import and specify a .csv file containing account names. Make sure that there are enough accounts for all the machines you are adding. Studio manages these accounts. Allow that interface to reset the passwords for all the accounts, or specify the account password, which must be the same for all accounts.

      • If this identity pool is used by other catalogs, you can’t change it to a different pool using Studio. Instead, use the Set-ProvScheme PowerShell cmdlet. For more information, see the Citrix Virtual Apps and Desktops SDK Documentation.

      • Specify an account naming scheme, using hash marks to indicate where sequential numbers or letters appear. For example, a naming scheme of PC-Sales-## (with 0-9 selected) results in computer accounts named PC-Sales-01, PC-Sales-02, PC-Sales-03, and so on.

      • Optionally, you can specify what the account names start with.

        When specifying what the account names start with, be aware of the following scenario: If the starting numbers or letters are already in use, the first account created is named using the nearest unused numbers or letters thereafter.

        See Manage the sequence number of the machine name to customize the sequence number of machines, which are deployed using MCS, through PowerShell commands.

    5. On the Domain Credentials page, select Enter credentials and enter user credentials with sufficient permissions to create machine accounts.

    The machines are created as a background process, and can take much time when creating many machines. Machine creation continues even if you close the Studio.

    Use CSV files to bulk add machines to a catalog

    You can bulk add machines by using CSV files. The feature is available for all catalogs except catalogs provisioned through MCS.

    To bulk add machines to a catalog, complete the following steps:

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a machine catalog and then select Add Machines in the action bar. The Add Machines window appears.
    3. Select Add CSV File. The Add Machines in Bulk window appears.
    4. Select Download CSV Template.
    5. Fill out the template file.
    6. Drag or browse to the file to upload it.
    7. Select Validate to perform validation checks on your import.
    8. Select Import to complete the process.

    Considerations when using CSV files to add machines

    Note:

    • For non-Active Directory users, you must type their names in this format: <identity provider>:<user name>. Example: AzureAD:username.
    • VM names are case sensitive. When entering VM paths, make sure that you enter the VM names correctly.

    When editing the CSV template file, keep the following in mind:

    • The feature gives you more flexibility to bulk add machines through a CSV file. In the file, you can add only machines (for use with user auto-assignments) or add machines along with user assignments. Type your data in the following format:

      • For machine account and user name (samName) pairs:

      • Domain\ComputerName1, Domain\Username1
      • Domain\ComputerName2, Domain\Username1;Domain\Username2
      • Domain\ComputerName3, AzureAD:username

      • For machine accounts only:

      • Domain\ComputerName1
      • Domain\ComputerName2

      • For VM and user name pairs:

      • XDHyp:\Connections\ConnectionName\RegionName\vm.folder\VMName1.vm,Domain\ComputerName1,Domain\Username1
      • XDHyp:\Connections\ConnectionName\RegionName\vm.folder\VMName2.vm,Domain\ComputerName2,Domain\Username2

      • For VMs only:

      • XDHyp:\Connections\ConnectionName\RegionName\vm.folder\VMName1.vm,Domain\ComputerName1
      • XDHyp:\Connections\ConnectionName\RegionName\vm.folder\VMName2.vm,Domain\ComputerName2

        For example: XDHyp:\Connections\xpace-scale\East US.region\vm.folder\wsvdaV3-2.vm

        where,

      • xpace-scale is the ConnectionName: The name of the connection that you entered in Hosting > Add Connections and Resources. For more information, see Create a connection and resources.
      • East US.region is the RegionName: The name of the region with .region as extension.
      • wsvdaV3-2.vm is the VMName: The name of the virtual machine with .vm as extension.
    • The maximum number of machines that a file can contain is 1,000. To import more than 1,000 machines, spread them across different files and then import those files one by one. We recommend that you import no more than 1,000 machines. Otherwise, catalog creation can take a long time to complete.

    You can also export machines from a catalog on the same Add Machines page. The exported CSV of machines can then be used as a template when adding machines in bulk. To export machines:

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a machine catalog and then select Add Machines in the action bar. The Add Machines window appears.
    3. Select Export to CSV file. A CSV file containing a list of the machines is downloaded.
    4. Open the CSV file to add or edit machines as needed. To add machines in bulk using the saved CSV file, see the previous section, Use CSV files to bulk add machines to a catalog.

    Note:

    • This feature is not available for Remote PC Access and MCS-provisioned catalogs.

    • Export and import of machines in CSV files is only supported between catalogs of the same type.

    Enroll machines to catalogs using the WebSocket VDA enrollment tool

    The WebSocket VDA enrollment tool facilitates token-based enrollment for VDA machines. This tool helps you convert a connection to a WebSocket connection by adding the VDA to the machine catalog using the enrollment token.

    Note:

    This tool is designed to enroll VDA machines that haven’t been enrolled in any machine catalog.

    Follow the instructions to run the enrollment tool:

    1. Log in to the VDA.
    2. Locate the tool EnrollMachine.exe, in C:\Program Files\Citrix\Virtual Desktop Agent\Web Socket Vda Enrollment Tool.
    3. Run the tool with the appropriate input parameters. For example, EnrollMachine.exe -websocket_token_string:xxxxxxxxx

    The following table describes the input parameters of the enrollment tool:

    Parameter Name Required Description Example
    -websocket_token_stdin Yes

    Reads the enrollment token. .\EnrollMachine.exe -websocket_token_stdin
    -websocket_token_string Reads the enrollment token directly from the command line parameter. .\EnrollMachine.exe -websocket_token_string:<token>
    -websocket_token_file:[token-file-path] Reads the enrollment token from the path provided. .\EnrollMachine.exe -websocket_token_file:C:\token\test2.txt
    log:[log-file-path] No Shows the Enrollment tool logs. .\EnrollMachine.exe log:[C:\ProgramData\Citrix\EnrollMachine\EnrollMachine.txt]
    -help No Shows a brief help text. .\EnrollMachine.exe -help

    After successful enrollment, you will receive a success message on the tool and in the logs. Ensure to sign in to Studio to verify that the VDA machine is added to the catalog and that the status of the machine is registered.

    Troubleshooting

    By default, you can find the logs of the enrollment tool at:

    C:\ProgramData\Citrix\EnrollMachine\EnrollMachine.txt

    If you have specified a different path for the logs, you can use log:[log-file-path] to retrieve your logs.

    The following table lists the codes returned by the enrollment tool:

    Code String Description
    0 Success VDA is successfully added to the machine catalog.
    -1 InvalidArgument The input parameter in the enrollment token is invalid.
    -2 BrokerAgentNotFound The broker agent service is not found.
    -3 TokenInvalid The token entered is invalid.
    -4 TokenMissingRequiredClaims The required claims for the token are missing, for example, CustomerId, or Enrollment URIs.
    -5 InternalError A general error has occurred.
    -6 TimedOut The task has timed out.
    -7 FailedToDetermineMachineADJoinedStatus The service that returns the machine AD joined status failed.
    -8 ADMachineFailedToFindSid The service that returns the AD machine Sid failed.
    -9 EnrollRequestFailed The request failed due to an HTTP error.
    -10 EnrollResponseMissingRequiredFields The enrollment tool response is missing the parameter VirtualSiteId.
    -11 InsufficientPermission You do not have the required permission to run the task.
    -12 FailedToDetermineMachineAadJoinedStatus The service that checks the machine AD join status throws an error.
    -13 AadMachineFailedToFindDeviceId The additional parameter AAD device id added by the system is empty.
    -14 AadDeviceIdNotValid The additional parameter AAD device id added by the system is not a valid guid.
    -15 NoValidMacAddress Invalid MAC address.
    -16 FailedToGetComputerHostNameForVdaInstanceName Failed to get the computer host name to set the additional parameter VdaInstanceName.
    -17 VirtualDesktopAgentRegistryKeyFailedToOpen Failed to open the VDA registry key to write the list of Delivery controllers.
    -18 Failed Token reached the max count Failed Token reached the max count.

    Delete machines from a catalog

    After you delete a machine from a machine catalog, users can no longer access it, so before deleting a machine, ensure that:

    • User data is backed up or no longer required.
    • All users are logged off. Turning on maintenance mode stops new connections from being made to a machine.
    • Machines are powered off.

    To delete machines from a catalog:

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a catalog and then select View Machines in the action bar.
    3. Select one or more machines and then select Delete in the action bar.
    4. If you are deleting persistent machines from the catalog, choose whether to delete them from the hypervisor or cloud service as well. If you choose to delete them, indicate whether to retain, disable, or delete their Active Directory accounts.

    When you delete persistent machines from an Azure Resource Manager catalog, the machines and associated resource groups are deleted from Azure, even if you choose to retain them.

    When you delete non-persistent machines from a catalog, they are automatically deleted from the hypervisor or cloud service.

    Edit a catalog

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a catalog and then select Edit Machine Catalog in the action bar.
    3. On the Scopes page, change the scopes.
    4. On the NIC page, perform the following actions:

      • To change the subnet mapping of an NIC, select a network from the Associated Network field.
      • To add a subnet mapping, select Add NIC, select a network from the Associated Network field, and click Save.

      Only those subnets present in the host associated with the catalog appear in the Associated Network field.

      You can only add NIC to Azure machine catalogs without machine profiles.

      Note:

      • For AWS machine catalogs, you cannot map the same subnet to more than one NIC.
      • For machine catalogs with machine profiles, the number of NICs on the catalog must be equal to the number of NICs on the machine profile.
      • This feature is not supported for IBM Cloud hypervisors.
      • This feature is supported only for Nutanix Prism Element in Nutanix hypervisors.
    5. On the VDA Upgrade page, change or select the VDA version to upgrade to. For more information, see VDA upgrade.
    6. You might see additional pages depending on the catalog type.

      For catalogs created using an Azure Resource Manager image, the following pages are visible. Keep in mind that the changes you make apply only to machines you add to the catalog later. Existing machines remain unchanged.

      • On the Virtual Machines page, change the machine size and availability zones where you want to create machines.

        Note:

        • Only the machine sizes that the catalog supports are shown.
        • If necessary, select Show only machine sizes used in other machine catalogs to filter the machine size list.
      • On the Machine Profile page, choose whether to use or change a machine profile.

      • (Only when the catalog is configured with a dedicated group host) On the Dedicated host group page, choose whether to change a host group.

      • On the Storage and License Types page, choose whether to change the storage type, license type, and Azure Computer Gallery settings (available only when Place prepared image in Azure Gallery is in use).

        Note:

        If the newly selected setting doesn’t support the current machine size, a warning dialog box appears, informing you that changing the setting, resets the machine size setting. If you choose to continue, a red dot appears next to the Virtual Machines menu, prompting you to select a new machine size.

      For more information about settings available on the pages, see Create a machine catalog using an Azure Resource Manager image.

      For Remote PC Access catalogs, the following pages are visible:

      • On the Power Management page, change the power management settings and select a power management connection.
      • On the Organizational Units page, add or remove Active Directory OUs.
    7. On the Description page, change the catalog description.
    8. Click Apply to apply the changes you made and click Save to exit.

    Rename a catalog

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a catalog and then select Rename Machine Catalog in the action bar.
    3. Enter the new name.

    Delete a catalog

    Before deleting a catalog, ensure that:

    • All users are logged off and no disconnected sessions are running.
    • Maintenance mode is turned on for all machines in the catalog so that new connections cannot be made.
    • All machines in the catalog are powered off.
    • The catalog is not associated with a delivery group. In other words, the delivery group does not contain machines from the catalog.

    To delete a catalog:

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a catalog and then select Delete Machine Catalog in the action bar.
    3. If the catalog contains persistent machines, indicate whether to delete those machines from the hypervisor or cloud service as well. If you choose to do so, choose whether to retain, disable, or delete their Active Directory computer accounts.
    4. If necessary, select Hide progress to run the deletion in the background.

    Note:

    • When you delete an Azure Resource Manager catalog, the associated machines and resource groups are deleted from Azure, even if you choose to retain them.
    • When you delete a catalog containing non-persistent machines, those machines are deleted from the hypervisor or cloud service.
    • When the hypervisor or cloud service is unreachable during catalog deletion, both catalog and VM deletion fail. If needed, you can choose to delete the VM records only from your Citrix site database. To do so, select the machine catalog in the Machine Catalogs node, and then perform the deletion shown on the Troubleshoot tab. Keep in mind that this action leaves the VMs intact on the host.

    Manage Active Directory computer accounts in a catalog

    To manage Active Directory accounts in a machine catalog, you can:

    • Free unused machine accounts by removing Active Directory computer accounts from single-session and multi-session catalogs. Those accounts can then be used for other machines.
    • Add accounts so that when more machines are added to the catalog, the computer accounts are already in place. Do not use a forward slash (/) in an OU name.

    To manage Active Directory accounts:

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a catalog and then select Manage AD accounts in the action bar.
    3. Choose whether to add or delete computer accounts. If you add accounts, specify what to do with the account passwords: either reset them all or enter a password that applies to all accounts.

      You might reset passwords if you do not know the current account passwords; you must have permission to perform a password reset. If you enter a password, the password is changed on the accounts as they are imported. If you delete an account, choose whether the account in an Active Directory is to be kept, disabled, or deleted.

    You can also indicate whether Active Directory accounts are to be retained, disabled, or deleted when you remove machines from a catalog or delete a catalog.

    Change the master image for a catalog

    We recommend that you save copies or snapshots of images before you change the master image for a catalog. The database keeps a historical record of the images used with each machine catalog. If users encounter problems with the new image you deployed to their desktops, you can roll it back to the previous version, minimizing user downtime. Do not delete, move, or rename images. Otherwise, you cannot roll back the master image.

    Important:

    When changing the master image for a persistent catalog, consider the following: only machines you add to the catalog later are created using the new image. We do not roll out the new image to existing machines in the catalog.

    After a machine is updated, it restarts automatically.

    Update or create an image

    Before you change the master image for a catalog, prepare a new image on your host hypervisor by either updating an existing image or creating one.

    1. On your hypervisor or cloud service provider, take a snapshot of the current VM and give the snapshot a meaningful name. This snapshot can be used to roll back the master image.
    2. If necessary, power on the image, and log on.
    3. Install updates or make any required changes to the image.
    4. If the image uses a Personal vDisk, update the inventory.
    5. Power off the VM.
    6. Take a snapshot of the VM, and give the snapshot a meaningful name that is recognized when you change the master image.

    Note:

    Although you can create a snapshot using the management interface, we recommend that you create a snapshot using the hypervisor management console, and then select that snapshot in Studio. This enables you to provide a meaningful name and description rather than an automatically generated name. For GPU images, you can change the image only through the XenServer XenCenter console.

    Change the master image

    To roll out a new master image to all machines in a catalog:

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a catalog and then select Change Master Image in the action bar.
    3. On the Image page, select the host and the image you want to roll out.

      Tip:

      For an MCS-created catalog, you can annotate its image by adding a note for the image. A note can contain up to 500 characters. Each time you change the master image, a note-related entry is created whether you add a note. If you update a catalog without adding a note, the entry appears as null (-). To view note history for the image, select the catalog, click Template Properties in the low pane, and then click View note history.

    4. On the Rollout Strategy page, choose when the machines in the machine catalog are changed with the new image: on the next shutdown or immediately.

      Note:

      The Rollout Strategy page is not available for persistent VMs because rollout is only applicable to non-persistent VMs.

    5. Verify the information on the Summary page and then select Finish. Each machine restarts automatically after it is updated.

      To track the progress of the update, locate the catalog in Machine Catalogs to view the inline progress bar and the step-by-step progress graph. For a non-persistent catalog, you can track its image update statuses through the Image Update column, including Fully updated, Partially updated, Pending update, and Preparing image.

      Tip:

      To show the Image Update column, select the Columns to Display icon in the action bar, select Machine Catalog > Image Status, and then click Save.

    If you are updating a catalog using the PowerShell SDK, you can specify a hypervisor template (VMTemplates), as an alternative to an image or a snapshot of an image.

    Rollout strategy

    Changing the image on the next shutdown will immediately affect any machines not currently in use, that is, machines that do not have an active user session. A system that is in use receives the update when the current active session ends.

    Note:

    Rollout strategy is only applicable to non-persistent VMs.

    Consider the following:

    • New sessions cannot be launched until the update has completed on applicable machines.
    • For single-session machines, machines are immediately updated when the machine is not in use, or when users are not logged in.
    • For a multi-session OS with child machines, restarts don’t occur automatically. To apply the updated master image, restart the machines using Studio, PowerShell, or Workspace. Restarting from the machines or the hypervisors doesn’t apply the update.

    Tip:

    Limit the number of machines being rebooted by using the advanced settings for a host connection. Use these settings to modify the actions taken for a given catalog; advanced settings vary depending on the hypervisor.

    Roll back the master image

    After you roll out an updated or new image, you can roll it back. This might be necessary if issues occur with the newly updated machines. When you roll back, machines in the catalog are rolled back to the last working image. Any new features that require the newer image are no longer available. As with the rollout, rolling back a machine includes a restart.

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select the catalog and then select Roll Back Master Image in the action bar.
    3. Specify when to apply the earlier image to machines, as described for the rollout operation.

    The rollback is applied only to machines that need to be reverted. For machines that have not been changed to the new or updated image (for example, machines with users who have not logged off), users do not receive notification messages and are not forced to log off.

    To track the rollback progress, locate the catalog in Machine Catalogs to view the inline progress bar and the step-by-step progress graph.

    You cannot roll back in certain scenarios, including the following. (The Roll Back Master Image option is not visible).

    • You do not have permission to roll back.
    • The catalog was not created using MCS.
    • The catalog was created using an image of the OS disk.
    • The snapshot used to create the catalog has become corrupted.
    • User changes to the machines in the catalog do not persist.
    • Machines in the catalog are running.

    Change the functional level or undo the change

    Change the functional level for the machine catalog after you upgrade the VDAs on the machines to a newer version. We recommend upgrading all VDAs to the latest version to enable access to all the newest features.

    Before changing the functional level for a machine catalog:

    • Start the upgraded machines so that they register with Citrix DaaS. This lets the management interface determine that the machines in the catalog need upgrading.

    To change the functional level for a catalog:

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select the catalog. The Details tab in the lower pane displays version information.
    3. Select Change Functional Level. If the management interface detects that the catalog must change the functional level, it displays a message. Follow the prompts. If one or more machines cannot be changed, a message explains why. To ensure that all machines function properly. We recommend you resolve those issues before clicking Change.

    After the catalog upgrade completes, you can revert the machines to their previous VDA versions by selecting the catalog and then selecting Undo Functional Level Change in the action bar.

    Clone a catalog

    Before cloning a catalog, be aware of the following considerations:

    • You cannot change settings associated with operating system and machine management. The cloned catalog inherits those settings from the original.
    • Cloning a catalog can take some time to complete. If necessary, select Hide progress to run the cloning in the background.
    • The cloned catalog inherits the name of the original and has a suffix Copy. You can change the name. See Rename a catalog.
    • After cloning completes, be sure to assign the cloned catalog to a delivery group.
    • You can create an empty catalog by cloning. During catalog cloning, you can set the number of machines to zero for MCS-provisioned catalogs and add no machines for non-MCS-provisioned catalogs.
    1. From Studio, select Machine Catalogs in the left pane.
    2. Select a catalog and then select Clone in the action bar.
    3. In the Clone Selected Machine Catalog window, view the settings for the cloned catalog and configure settings as applicable. Select Next to proceed to the next page.
    4. On the Summary page, view a summary of the settings and select Finish to start cloning.
    5. If necessary, select Hide progress to run the cloning in the background.

    Organize catalogs using folders

    You can create folders to organize catalogs for easy access. For example, you can organize catalogs by image type or by organization structure.

    Tip:

    You can set your preferred default view (folder or list view) for the Machine Catalogs node by clicking the Folder icon on the top right of the action bar.

    Required roles

    By default, you need to have the following built-in role to create and manage catalog folders: Cloud Administrator, Full Administrator, or Machine Catalog Administrator. If necessary, you can customize roles for creating and managing catalog folders. For more information, see Required permissions.

    Create a catalog folder

    Before you start, first plan how to organize your catalogs. Consider the following:

    • You can nest folders up to five levels deep (excluding the default root folder).
    • A catalog folder can contain catalogs and subfolders.
    • All nodes in Studio (such as the Machine Catalogs and the Applications nodes) share a folder tree in the backend. To avoid name conflicts with other nodes when renaming or moving folders, we recommend you give different names to first-level folders in different nodes.

    To create a catalog folder, follow these steps:

    1. From Studio, select Machine Catalogs in the left pane.
    2. In the folder hierarchy, select a folder and then select Create Folder in the Action bar.
    3. Enter a name for the new folder, and then click Done.

    Tip:

    If you create a folder in an unintended location, you can drag it to the correct location.

    Move a catalog

    You can move a catalog between folders. Detailed steps are as follows:

    1. From Studio, select Machine Catalogs in the left pane.
    2. View catalogs by folder. You can also turn on View all above the folder hierarchy to view all catalogs at a time.
    3. Right-click a catalog and then select Move Machine Catalog.
    4. Select the folder to which you want to move the catalog, and then click Done.

    Tip:

    You can drag a catalog to a folder.

    Manage catalog folders

    You can delete, rename, and move catalog folders.

    You can delete a folder only if it and its subfolders don’t contain catalogs.

    To manage a folder, follow these steps:

    1. From Studio, select Machine Catalogs in the left pane.
    2. In the folder hierarchy, select a folder, and then select an action in the Action bar as needed:

      • To rename the folder, select Rename Folder.
      • To delete the folder, select Delete Folder.
      • To move the folder, select Move Folder.
    3. Follow the onscreen instructions to complete the remaining steps.

    Required permissions

    The following table lists the permissions required to do actions on catalog folders.

    Action Required permissions
    Create catalog folders Create Machine Catalog Folder
    Delete catalog folders Remove Machine Catalog Folder
    Move catalog folders Move Machine Catalog Folder
    Rename catalog folders Edit Machine Catalog Folder
    Move catalogs to folders Edit Machine Catalog Folder and Edit Machine Catalog Properties

    Upgrade VDAs

    Important:

    • To ensure a smooth upgrade, make sure that you meet the prerequisites and review known issues before upgrading VDAs to CR or LTSR CU versions. See Upgrade VDAs using Studio.
    • When upgrading LTSR VDAs to LTSR Cumulative Update (CU) versions, make sure that the version of the VDA Upgrade Agents running on the VDAs is 7.36.0.7 or later. For more information, see Upgrade VDAs using Studio.
    • You can switch between the CR VDA and the LTSR VDA as long as you switch from an earlier version to a later version. You cannot switch from a later version to an earlier version because that is considered a downgrade. For example, you cannot downgrade from 2212 CR to 2203 LTSR (any CU) but you can upgrade from 2112 CR to 2203 LTSR (any CU).
    • You can also upgrade VDAs using PowerShell. See Upgrade VDAs using PowerShell.

    With the feature, you can do the following:

    • Upgrade VDAs on a per-catalog basis
    • Edit or cancel a scheduled VDA upgrade
    • Configure VDA upgrade settings after catalog creation
    • Upgrade VDAs on a per-machine basis

    Note:

    • When you schedule VDA upgrades for a catalog, only VDAs in the catalog that have the VDA Upgrade Agent installed can be upgraded.
    • Upgrading a VDA fails when the machine is in maintenance mode or when a session is running on the machine.

    Supported machine types

    This feature applies to the following machine types:

    For more information about the Citrix Machine Creation Services and Other service or technology options, see Machine management.

    Note:

    For MCS-provisioned machines, only static persistent machines are supported. Random machines are not supported even if they are persistent.

    Upgrade VDAs on a per-catalog basis

    Note:

    When scheduling VDA upgrades for a catalog, ensure all machines in the catalog are included in the upgrade scope. Therefore, we recommend backing up those machines before initiating the upgrade.

    After enabling VDA upgrade for a catalog, you can upgrade VDAs in the catalog immediately or schedule upgrades for the catalog. To do that, follow these steps:

    1. From Studio, select Machine Catalogs.
    2. Select the catalog and then Upgrade VDAs from the contextual menu or action bar. (Right-click to display the contextual menu.) The VDA Upgrade window appears.

      VDA upgrade

    3. Choose the desired VDA version from the dropdown list under New version to upgrade to.

      VDA Version

      Note:

      • You can only choose a later version to upgrade.

      • Rolling back to an earlier version is not supported.

    4. Choose whether to upgrade additional components in your deployment. You can also choose to install certain components in addition to the upgrade. If a component requires configuration, you must click the Configure button and configure the component’s settings to continue. After configuring, you can click Edit to change the configuration.

      Important:

      • To use the additional components feature, make sure that your VDA Upgrade Agent is version 7.34 or later, which is included in the VDA installer version 2206 or later.

      Note:

      • If you choose not to upgrade a component, the component remains intact in your deployment.
      • For a complete list of additional components, see Install VDAs.

      Additional components

    5. Click Next.
    6. Choose whether to enable any of the listed features. Click Next.

      Note:

      By default, the Enable restore cleanup checkbox is selected. We recommend enabling the restore feature. With the feature enabled, a system restore point is created before the upgrade starts. The restore point is deleted after the successful installation of the VDA. For more information, see Restore on install or upgrade failure.

      Features

    7. Choose whether to upgrade the VDAs immediately or at a scheduled time.

      • To upgrade the VDAs immediately, select Upgrade now and then specify a duration.

        A duration is the amount of time, in hours, after which the VDA Upgrade Service stops initiating additional upgrades. Upgrades in progress will run to completion. During that time, DaaS starts to upgrade the VDAs when they become eligible (for example, no active sessions anymore).

        The more VDAs that must be upgraded, the longer this duration is. We recommend selecting a large value (for example, 12 hours). Otherwise, depending on the number of the VDAs, there might still be VDAs that DaaS is unable to upgrade within this window.

      • To schedule the upgrades, select Upgrade later and then specify when you want the upgrades to occur.

        You can schedule the upgrades only for the next seven days. Upgrades you schedule apply only to the machines that are currently in the catalog. If you add machines to the catalog later but want to upgrade them as well, cancel the scheduled upgrade and then recreate a schedule.

      VDA Upgrade

    8. Select the Stop upgrade after the failure limit (Tech Preview) option.

      Behaviour illustration

      • Failure threshold and Concurrency level must be greater than Zero.

      • Failure threshold and Concurrency level must be lesser than or equal to the Total Number of machines being scheduled for Upgrade

      Failure threshold Concurrency level Behavior
      Provided Not Provided or input 0 Failure threshold is applied and concucrrency level is decided by the load balancer as before.
      Not Provided or input 0 Provided Failure threshold defaults to 10000 (max machines per catalog) and concucrrency level is used for batching.
      Not Provided or input 0 Not Provided or input 0 The default behavior is applicable with concurrency levels updated by the load balancer.
    9. Enter the Failure threshold.

      Note:

      Failure threshold is the number of failures after which the VUS halts any pending upgrade installation from subsequent batches that are not picked up by the upgrade agent.

    10. Enter the Concurrency.

      Note:

      Concurrent Upgrade is the number of VMs that can concurrently upgrade at any point within the upgrade window.

    11. Click Next.

      Note:

      Failure threshold is incompatible with Enable Restore or Enable Restore and Cleanup and may not work as intended.

    12. Choose whether to select the Citrix provided CDN or Local File Share.

      Local File Share

      Note:

      Enter the file path for the vda installer if you choose the local file share option.

    13. Click Next.

    14. Review your choices on the Summary page, then click Finish to apply your settings and exit the window.

    Note:

    • The Upgrade VDAs option is available only after you enable VDA upgrade for the catalog. To enable VDA upgrade, edit the catalog.
    • All machines in the catalog are placed in maintenance mode while upgrades are rolled out. Upgrades can take up to 30 minutes to begin and will be performed only during the specified time period.

    On the Machine Catalogs node, the VDA Upgrade column provides VDA upgrade information for the catalog. The following information can appear:

    Tip:

    To show the VDA Upgrade column, select Columns to Display in the action bar, select Machine Catalog > VDA Upgrade, and then click Save.

    • Available: A new VDA version is available.
    • Scheduled: The VDA upgrade has been scheduled.
    • Not configured: Appears when you have not enabled VDA upgrade for the catalog.
    • Up to date: The catalog’s VDAs are up to date.
    • Unknown: Unable to get information necessary for VDA upgrade. There are multiple possible reasons:
      • The VDA was in use during the upgrade window.
      • The number of upgrades in progress reached the maximum limit of 500.
      • The VDA Upgrade Agent was unresponsive during the upgrade window. Ensure that the agent is running on the VDA and can communicate with Citrix DaaS.
      • Unable to perform upgrade validation checks. See VDA upgrade requirement.

    You can also view the status of VDA upgrades for a catalog. To do that, click the catalog and then check the VDA Upgrade State information on the Details tab. The following information can appear:

    • Not scheduled: You have enabled VDA upgrade for the catalog but have not set up an upgrade schedule.
    • Scheduled: You have created an upgrade schedule for the catalog. For example, if you set the schedule to start at 09:00 PM, December 14, 2030, information appears as follows: Scheduled for December 14, 2030 09:00 PM UTC.
    • In progress: VDA upgrades have started.
    • Canceled: You have canceled the scheduled upgrade.
    • Failed: The catalog contains one or more machines whose VDA upgrades were not successful.
    • Successful: All VDAs in the catalog were upgraded successfully.

    You can also troubleshoot VDA upgrade issues with recommended actions for a catalog. To do that, click the catalog and then go to the Troubleshoot tab.

    To quickly drill down to catalogs that have a specific VDA upgrade state, you can use filters. For more information, see Use Search in Studio.

    Be aware of the following considerations:

    • The VDA Upgrade or VDA Upgrade State filter is available for use only with the following filters: Name and Machine Catalog.
    • When you use the VDA Upgrade or the VDA Upgrade State filter, Errors and Warnings in the upper right corner become unavailable.

    Edit or cancel a scheduled VDA upgrade

    After you schedule the upgrades for a catalog, you might want to edit or cancel the scheduled upgrade. To do that, follow these steps:

    1. From Studio, select Machine Catalogs.
    2. Select the catalog and then Edit Scheduled VDA Upgrade in the action bar. The Edit VDA Upgrade window appears, showing information about the installed VDA version and VDA version to upgrade to.
    3. Choose whether to edit or cancel the scheduled upgrade.

      • To cancel the upgrade, click Cancel scheduled upgrade. Remember: Canceling the scheduled upgrade does not force the upgrade in progress to stop.
    4. Click Done to exit the window.

    Configure VDA upgrade settings by editing a catalog

    After catalog creation, you can configure VDA upgrade settings by editing the catalog. Before you start editing, consider the following:

    • Verify that all machines in the catalog are on the same VDA (CR or LTSR) track. Otherwise, certain VDA upgrades will fail. For example, if you select Latest LTSR VDA, CR VDA upgrades will fail.

    • Upgrades to some of the machines in the catalog might have started. You cannot modify upgrades that are already in progress. Upgrades in progress continue. Those that have not yet started will upgrade to the specified version.

    Upgrade VDAs on a per-machine basis

    After enabling VDA upgrade for a catalog, you can upgrade the catalog’s VDAs one by one or in batches. To do that, follow these steps:

    1. From Studio, select Search.
    2. Select one or more machines and then Upgrade VDA from the contextual menu or action bar. (Right-click to display the contextual menu.)

      VDA upgrade

      Note:

      • For the Upgrade VDA option to be available, make sure that you have enabled VDA upgrade for the catalog where the selected machines reside and that those machines have the VDA Upgrade Agent installed. To enable VDA upgrade for it, edit the catalog.
      • Machines will be placed in maintenance mode while upgrades are rolled out. Upgrades can take up to 30 minutes to begin.
      • If your selection contains machines for which VDA upgrades are not available or whose upgrades are pending (scheduled, in progress, or awaiting upgrades), we will skip upgrades for those machines.

    On the Search node, you can add the VDA Upgrade column. For information about how to add a custom column, see Customize columns to display. The column is useful. It provides VDA upgrade information for the machine. The following information can appear:

    • Available: A new VDA version is available.
    • Scheduled: The VDA upgrade has been scheduled.
    • Not configured: Appears when you have not enabled VDA upgrade for the machine.
    • Up to date: The VDA is up to date.
    • Unknown: Information about the VDA upgrade is not yet available.

    You can also view the status of the VDA upgrade for a machine. To do that, click the machine and then check the VDA Upgrade State information on the Details tab. The following information can appear:

    • Unknown: Unable to get information necessary for VDA upgrade. There are multiple possible reasons:
      • The VDA was in use during the upgrade window.
      • The number of upgrades in progress reached the maximum limit of 500.
      • The VDA Upgrade Agent was unresponsive during the upgrade window. Ensure that the agent is running on the VDA and can communicate with Citrix DaaS.
      • Unable to perform upgrade validation checks. See VDA upgrade requirement.
    • Scheduled: You have set up an upgrade schedule. For example, if you set the schedule to start at 09:00 PM, December 14, 2030, information appears as follows: Scheduled for December 14, 2030 09:00 PM UTC.
    • Awaiting upgrade: The machine is placed in maintenance mode, awaiting the upgrade. (Make sure that users have logged out of their session so that the upgrade can proceed.)
    • In progress: The VDA upgrade has started.
    • Upgrade failed: Attempts to upgrade the VDA failed.
    • Validation failed: Attempts to validate VDA upgrade settings failed.
    • Canceled: The upgrade for the machine has been canceled.
    • Successful: The VDA was upgraded successfully.

    You can also troubleshoot VDA upgrade issues with recommended actions for a machine. To do that, click the machine and then go to the Troubleshoot tab.

    To quickly drill down to machines that have a specific VDA upgrade state, you can use filters. For more information, see Use Search in Studio. Be aware of the following considerations:

    • The VDA Upgrade or VDA Upgrade State filter is available for use only with the following filters: Name and Machine Catalog.
    • When you use the VDA Upgrade or the VDA Upgrade State filter, Errors and Warnings in the upper right corner become unavailable.

    Manage configuration set for a catalog

    Before you start, make sure that you have set up your WEM service deployment. For more information, see Get started with Workspace Environment Management service.

    Note:

    By default, if you have the Cloud Administrator, Full Access Administrator, or Machine Catalog Administrator role, you can manage configuration sets for catalogs. If necessary, you can allow roles to manage configuration sets by granting them the Manage configuration sets permission.

    Bind a catalog to a configuration set

    Important:

    If your Citrix DaaS and WEM service instances do not reside in the same region, you cannot bind a catalog to a configuration set. In that case, migrate your WEM service to the same region as Citrix DaaS.

    To bind a catalog to a configuration set, follow these steps:

    1. From Studio, select Machine Catalogs.

    2. Select the machine catalog and then Manage configuration set in the action bar. The Manage configuration set window appears.

    3. Select a WEM configuration set to which you want to bind the catalog.

      Note:

      If the selected configuration set does not contain settings relating to the basic configuration of WEM, the Apply basic settings to configuration set option appears. We recommend that you select the option to apply basic settings to the configuration set.

    4. Click Save to save your change.

    Switch to a different configuration set

    To switch to a different configuration set for a catalog, follow these steps:

    1. From Studio, select Machine Catalogs.
    2. Select the machine catalog and then Manage configuration set in the action bar. The Manage configuration set window appears.
    3. Select a different WEM configuration set to which you want to bind the catalog.
    4. Click Save to save your change.

    Unbind a catalog from the configuration set

    To unbind a catalog from the configuration set, follow these steps:

    1. From Studio, select Machine Catalogs.
    2. Select the machine catalog and then Manage configuration set in the action bar. The Manage configuration set window appears.
    3. Click the X icon on the right-hand side of the selected configuration set.
    4. Click Save to save your change.

    Retry catalog creation

    Note:

    This feature applies only to MCS catalogs.

    Failed catalogs are marked with an error icon. To see the details, go to the Troubleshoot tab of each catalog. Before retrying catalog creation, be aware of the following considerations:

    • Check the troubleshooting information first and resolve the issues. The information describes the issues found and provides recommendations for resolving them.
    • You cannot change settings associated with Operating system and machine management. The catalog inherits those settings from the original.
    • The creation can take some time to complete. If necessary, select Hide progress to run the creation in the background.

    To retry creating a catalog, do the following:

    1. From Studio, select Machine Catalogs in the left pane.
    2. Select the catalog and then go to its Troubleshoot tab.
    3. Click the retry hyperlink to retry creating the catalog.
    4. In the wizard that appears, change settings where necessary. If there is no need to make changes, you can go to the Summary page directly.
    5. After you finish, select Finish to start the creation.

    (Non-Citrix provisioned VDAs only) Generate and manage enrollment tokens

    After you decide to adopt token-based enrollment for non-Citrix provisioned machines, generate tokens on a per-machine catalog basis, and then share them with VDA installation administrators.

    An enrollment token features:

    • Registration range: 1 to 100 VDA machines
    • Validity period: up to 14 days

    To generate a token for a catalog using Studio, follow these steps:

    1. In Machine Catalogs, locate a non-MCS-provisioned catalog, which has Provisioning method: Manual displayed in the Machine Count column.
    2. Right-click the catalog, and then select Manage Enrollment Tokens.
    3. On the Generate enrollment token page that appears, provide the following token information:
      • Type a name for the token.
      • Enter its validity period. The period must be no more than 14 days. The token is valid only for the specified period.
      • (Optional) Select a host connection for power management of VDAs enrolled with the token. Options include all host connections under this catalog’s zone.
      • Enter the token usage limits (between 1–100).
    4. Click Generate.
    5. In the Token successfully generated window that appears, copy the token and save it in a safe place, or click Download to download it to the Downloads folder.

      A token record appears in the token list.

      Token generation

    6. Share the token with VDA installation administrators.

      For more information about how to install VDA and a token on machines, see Install VDAs.

    Manage tokens

    You have two options to revoke a token and make it unavailable for VDA enrollment:

    • Revoke: Revoke the token but retain it in the list for logging purposes.
    • Delete: Revoke the token and delete it from the list.

    Note:

    Expired tokens are automatically deleted in 14 days.

    Use PowerShell

    This section details how you can manage catalogs using PowerShell:

    Use PowerShell to check VDA upgrade status and VDA version

    Use the Get-VusCatalog PowerShell command to check the VDA upgrade status. Suppose that the catalog name is wuhanTestMC1. You can type the following in the command prompt:

    • PS C:\> Get-VusCatalog -Name wuhanTestMC1

    PowerShell command to check VDA upgrade status

    In this example, UpgradeState is UpgradeAvailable, meaning that VDA upgrade is enabled for the catalog. The StateId is UpgradeSuccessful, meaning that the catalog has been successfully upgraded to 2112.0.0.32068 (UpgradeVersion).

    Use the Get-BrokerMachine PowerShell command to get the current VDA version.

    PowerShell command to get current VDA version

    Use the Get-VusAvailableVdaVersion PowerShell command to get the latest VDA version.

    PowerShell command to get latest VDA version

    Manage the sequence number of the machine name

    To customize the sequence number of machines, which are deployed using MCS, through PowerShell commands, do the following:

    1. Open PowerShell as an administrator on the Delivery Controller.
    2. Run the command asnp citrix* to load the Citrix modules.
    3. Run the following command to check the start count for the identity pool of the catalog:

      Get-AcctIdentityPool -IdentityPoolName xxx

      The IdentityPoolName is the name of the catalog.

    4. If you want to set this count to a different value, run the following command and specify the StartCount as X:

      Set-AcctIdentityPool -IdentityPoolName xxx -StartCount X

    5. Add the machines to the catalog so that the machines are created with the required count.
    6. After creating the machines, run the following command to set it back to the original value Y:

      Set-AcctIdentityPool -IdentityPoolName xxx -StartCount Y

    Add descriptions to an image

    You can add informative descriptions about changes related to image updates for machine catalogs. Use this feature to add a description when creating a catalog, or when you update an existing master image for a catalog. You can also display information for each master image in the catalog. This functionality is useful for administrators who want to add descriptive labels when updating a master image used by a catalog, for example, Office 365 installed. Use the following commands to add or view image descriptions:

    • NewProvScheme. A new parameter, masterImageNote enables you to add a note to an image. For example:
    C:\PS>New-ProvScheme -ProvisioningSchemeName XenPS -HostingUnitName XenHu -IdentityPoolName idPool1 -MasterImageVM XDHyp:\HostingUnits\XenHU\Base.vm\Base.snapshot -MasterImageNote "Office365 installed"
    <!--NeedCopy-->
    
    • Publish-ProvMasterVMImage. Use this parameter to publish the note. For example:

    C:\PS>Publish-ProvMasterVMImage -ProvisioningSchemeName MyScheme -MasterImageVM XDHyp:\HostingUnits\HostUnit1\RhoneCC_baseXP.vm\base.snapshot -MasterImageNote "Visual Studio 2019 installed"

    • Get-ProvSchemeMasterVMImageHistory. Display information for each image. For example:

    `C:\PS>Get-ProvSchemeMasterVMImageHistory -ProvisioningSchemeName MyScheme -Showall

    VMImageHistoryUid : 3cba3a75-89cd-4868-989b-27feb378fec5

    ProvisioningSchemeUid : 7585f0de-192e-4847-a6d8-22713c3a2f42

    ProvisioningSchemeName : MyScheme

    MasterImageVM : /Base.vm/base.snapshot

    Date : 17/05/2021 09:27:50

    MasterImageNote : Office365 installed`

    Reset OS disk

    Use the PowerShell command Reset-ProvVMDisk to reset the OS disk of a persistent VM in an MCS created machine catalog. Currently, this feature is applicable to AWS, Azure, Google Cloud, SCVMM, VMware, and XenServer virtualization environments.

    To successfully run the PowerShell command, make sure that:

    • The target VMs are in a persistent MCS catalog.
    • The MCS machine catalog is functioning properly. This implies that the provisioning scheme and host exist, and the provisioning scheme has correct entries.
    • Hypervisor is not in maintenance mode.
    • Target VMs are powered-off and in maintenance mode.

    Perform the following steps to reset the OS disk:

    1. Open a PowerShell window.
    2. Run asnp citrix* to load the Citrix-specific PowerShell modules.
    3. Run the PowerShell command Reset-ProvVMDisk in any one of the following ways:

      • Specify the list of VMs as a comma-separated list, and perform the reset on each VM:

         Reset-ProvVMDisk -ProvisioningSchemeName "xxx" -VMName ("abc","def") -OS
         <!--NeedCopy-->
        
      • Specify the list of VMs as an output from Get-ProvVM command, and perform the reset on each VM:

         (Get-ProvVM -ProvisioningSchemeName "xxx") | Reset-ProvVMDisk "abc" -OS
         <!--NeedCopy-->
        
      • Specify a single VM by name:

         Reset-ProvVMDisk -ProvisioningSchemeName "xxx" -VMName "abc" -OS
         <!--NeedCopy-->
        
      • Create separate reset tasks for each of the VMs returned by the Get-ProvVM command. This is less efficient because each task will perform the same redundant checks, such as hypervisor capability check, connection check for each VM.

         Get-ProvVM -ProvisioningSchemeName "xxx" | Reset-ProvVMDisk -ProvisioningSchemeName "xxx" -OS
         <!--NeedCopy-->
        
    4. A confirmation prompt appears that lists the VMs to be reset along with a warning message that it is an unrecoverable operation. If you do not provide an answer and press Enter, no further action takes place.

      You can run the PowerShell command -WhatIf to print the action it would take and exit without performing the action.

      You can also bypass the confirmation prompt using one of the following methods:

      • Provide the -Force parameter:

         Reset-ProvVMDisk -ProvisioningSchemeName "xxx" -VMName "abc" -OS -Force
         <!--NeedCopy-->
        
      • Provide the -Confirm:$false parameter:

         Reset-ProvVMDisk -ProvisioningSchemeName "xxx" -VMName "abc" -OS -Confirm:$false
         <!--NeedCopy-->
        
      • Before running the Reset-ProvVMDisk, change $ConfirmPreference to ‘None’:

         PS C:\Windows\system32> $ConfirmPreference='None'
         PS C:\Windows\system32> $ConfirmPreference
         None
         PS C:\Windows\system32> Reset-ProvVMDisk -ProvisioningSchemeName "xxx" -VMName "abc" -OS
         <!--NeedCopy-->
        

      Note:

      Do not take VMs out of the maintenance mode or power them on until the completion of the reset process.

    5. Run Get-ProvTask to get the status of the tasks returned by Reset-ProvVMDisk command.

    Repair the identity information of active computer accounts

    You can reset the identity information of active computer accounts that have identity-related problems. You can choose to reset only the machine password and trust keys, or reset all configuration of the identity disk. This implementation is applicable to both persistent and non-persistent MCS machine catalogs.

    Note:

    Currently, the feature is supported only for AWS, Azure, GCP, SCVMM, VMware, and XenServer virtualization environments.

    Conditions

    Ensure the following to successfully reset the identity disk:

    • Turn off and set the VM to maintenance mode
    • Do not include the parameter -OS in the PowerShell command

    Reset identity information

    To reset identity information:

    1. Open the PowerShell window.
    2. Run asnp citrix* to load the Citrix-specific PowerShell modules.
    3. Reset the identity information.

      • To reset only the machine password and trust keys, run the following command:

         Repair-AcctIdentity -IdentityAccountName TEST\VM1 -PrivilegedUserName TEST\admin1 -PrivilegedUserPassword $password -Target IdentityInfo
         <!--NeedCopy-->
        

        The description of the parameters used in the command is as follows:

        • IdentityAccountName: The name of the identity account that must be repaired.
        • PrivilegedUserName: User account that has write permission on identity provider (AD or Azure AD).
        • PrivilegedUserPassword: Password for PrivilegedUserName.
        • Target: Target for the repair action. It can be IdentityInfo to repair account password/trust key, and UserCertificate to repair user certificate attributes of Hybrid Azure AD joined machine identities.
      • To reset all configuration of the identity disk, run the following commands in the following order:

         Repair-AcctIdentity -IdentityAccountName TEST\VM1 -PrivilegedUserName TEST\admin1 -PrivilegedUserPassword $password -Target IdentityInfo
         <!--NeedCopy-->
        
         Reset-ProvVMDisk ProvisioningSchemeName <name> -VMName <name>  -Identity
         <!--NeedCopy-->
        
      • To completely recreate the identity disk:

         Reset-ProvVMDisk -ProvisioningSchemeName <name> -VMname <name> -Identity -Recreate
         <!--NeedCopy-->
        
    4. Type y to confirm the action. You can also skip the confirmation prompt using the -Force parameter. For example:

      Reset-ProvVMDisk -ProvisioningSchemeName <name> -VMName <name> -Identity -Force
      <!--NeedCopy-->
      
    5. Run Get-ProvVM -ProvisioningSchemeName <name -VMName <name> to check the updated identity disk setting. The attributes of the identity disk (for example, IdentityDiskId) must be updated. The StorageId and IdentityDiskIndex must not change.

    Change the network setting for an existing machine catalog

    You can change the network setting for an existing machine catalog so that the new VMs are created on the new subnetwork. Use the parameter -NetworkMapping in the Set-ProvScheme command to change the network setting.

    To change the network setting for an existing provisioning scheme, do the following:

    1. In the PowerShell window, run the command asnp citrix* to load the PowerShell modules.
    2. Run (Get-Provscheme -ProvisioningSchemeName "name").NetworkMaps to get to the network path that you want to change.
    3. Assign a variable to the new network setting. For example:

      $NewNetworkMap = @{"0"= "XDHYP:\HostingUnits\MyNetworks\Network 0.network"}
      <!--NeedCopy-->
      
    4. Run Set-ProvScheme -ProvisioningSchemeName "name" -NetworkMapping $NewNetworkMap.
    5. Run (Get-Provscheme -ProvisioningSchemeName "name").NetworkMaps to verify the new network setting for the existing provisioning scheme.

    Manage versions of a machine catalog

    When an MCS machine catalog is updated with the Set-ProvScheme command, the current configuration is saved as a version. You can then manage the various versions of the machine catalog using PowerShell commands. You can:

    • See the list of versions of a machine catalog.
    • Use any previous version to update the machine catalog.
    • Manually delete a version if it is not used by a VM of that machine catalog.
    • Change the maximum number of versions to be retained by the machine catalog (the default is 99).

    A version includes the following information of a machine catalog:

    • VMCpuCount
    • VMMemoryMB
    • CustomProperties
    • ServiceOffering
    • MachineProfile
    • NetworkMapping
    • SecurityGroup

    Run the following commands (provided as examples) to manage the various versions of a machine catalog.

    • To see the configuration details of the various versions of a machine catalog:

       Get-ProvSchemeVersion -ProvisioningSchemeName AzureCatalog
       <!--NeedCopy-->
      
    • To see the configuration details of a particular version of a machine catalog:

       Get-ProvSchemeVersion -ProvisioningSchemeName AzureCatalog -Version 2
       <!--NeedCopy-->
      
    • To see the total number of versions associated with a machine catalog:

       (Get-ProvSchemeVersion -ProvisioningSchemeName AzureCatalog).Count
       <!--NeedCopy-->
      
    • To use any previous version to update the machine catalog:

       Set-ProvScheme -ProvisioningSchemeName AzureCatalog -Version 2
       <!--NeedCopy-->
      
    • To manually delete a version if it is not used by a VM of that machine catalog:

       Remove-ProvSchemeVersion -ProvisioningSchemeName AzureCatalog -Version 3
       <!--NeedCopy-->
      
    • To set the maximum number of versions to be retained by the machine catalog (the default is 99). This setting is applied across all the catalogs. For example, in this case, a maximum of 15 versions will be retained for all the MCS provisioned catalogs.

       Set-ProvServiceConfigurationData -Name "MaxProvSchemeVersions" -Value 15
       <!--NeedCopy-->
      

    If the number of versions reaches the maximum number of versions, then a new version cannot be created if older versions are in use by any of the VMs in the machine catalog. In that case, do one of the following:

    • Increase the limit of the maximum number of versions to be retained by the machine catalog.
    • Update some VMs that are on older versions so that those older versions are no longer referenced by any VMs, and can be deleted.

    Change cache configuration of an existing machine catalog

    After creating a non-persistent catalog with MCSIO enabled, you can use the Set-ProvScheme command to modify the following parameters:

    • WriteBackCacheMemorySize
    • WriteBackCacheDiskSize

    This feature is currently applicable to:

    • GCP and Microsoft Azure environments, and
    • a non-persistent catalog with MCSIO enabled

    Requirements

    The requirements to modify the cache configuration are:

    • Update to the latest version of VDA (2308 or later).
    • Enable the parameter UseWriteBackCache for the existing machine catalog. Use New-ProvScheme to create a machine catalog with UseWriteBackCache enabled. For example:

       New-ProvScheme -ProvisioningSchemeName $CatalogName -HostingUnitUid $HostingUnitUid `
       -IdentityPoolUid $acctPool.IdentityPoolUid -CleanOnBoot `
       -MasterImageVM $MasterImage `
       -ServiceOffering $ServiceOffering `
       -NetworkMap $NetworkMap `
       -SecurityGroup $SecurityGroup `
       -UseWriteBackCache -WriteBackCacheDiskSize 8
       <!--NeedCopy-->
      

    Change the cache configuration

    Run the Set-ProvScheme command. For example:

    Set-ProvScheme -ProvisioningSchemeName $provScheme.ProvisioningSchemeName -WriteBackCacheDisk32 -WriteBackCacheMemorySize 128
    <!--NeedCopy-->
    

    Note:

    • The value of WriteBackCacheDiskSize must be more than zero because at least 1 GB of cache disk storage is required.
    • The value of WriteBackCacheMemorySize must be less than the machine catalog memory size.
    • These changes only affect new VMs added to the catalog after the change is made. Existing VMs are not affected by these changes.

    Convert a non-machine profile-based machine catalog to a machine profile-based machine catalog

    You can use a VM, template spec (in case of Azure), or launch template (in case of AWS), or VMware template (in case of VMware) as a machine profile input to convert a non-machine profile-based machine catalog to machine profile-based machine catalog. New VMs added to the catalog take property values from the machine profile.

    Note:

    An existing machine profile-based machine catalog cannot be changed to a non-machine profile-based machine catalog.

    To do this:

    1. Create a persistent or non-persistent machine catalog with VMs and without a machine profile.
    2. Open the PowerShell window.
    3. Run the Set-ProvScheme command to apply the property values from the machine profile to the new VMs added to the machine catalog. For example:

      • In the case of Azure:

         Set-ProvScheme = Set-ProvScheme -ProvisioningSchemeName xxxx -MachineProfile XDHyp:\HostingUnits\<HostingUnitName>\machineprofile.folder\<ResourceGroupName>\<TemplateSpecName>\<VersionName>
         <!--NeedCopy-->
        
      • In the case of AWS:

         Set-ProvScheme = Set-ProvScheme -ProvisioningSchemeName xxxx -MachineProfile "XDHyp:\HostingUnits\<hosting-unit>\<launch-template>.launchtemplate\<launch-template-version>.launchtemplateversion"
         <!--NeedCopy-->
        
      • In the case of VMware:

         Set-ProvScheme -ProvisioningSchemeName "my-prov-scheme" -MachineProfile "XDHyp:\HostingUnits\my-hosting-unit\my-template.template"
         <!--NeedCopy-->
        

        Note:

        Set the FolderID as the custom property to avoid deriving FolderID from the VMware template.

    Retrieve warnings and errors associated with a catalog

    You can get historical errors and warnings to understand issues with your MCS machine catalog and fix those issues.

    Using PowerShell commands, you can:

    • Get a list of errors or warnings
    • Change the warning state from New to Acknowledged
    • Delete the errors or warnings

    To run the PowerShell commands:

    1. Open a PowerShell window.
    2. Run asnp citrix* to load the Citrix-specific PowerShell modules.

    To get a list of errors and warnings:

    Run Get-ProvOperationEvent command.

    • With no parameters: Gets all errors and warnings
    • With LinkedObjectType and LinkedObjectUid parameter: Gets all errors and warnings associated with a specific provisioning scheme
    • With EventId parameter: Gets a specific error or warning that matches this event ID
    • With Filter parameter: Gets errors or warnings by a customized filter

    To change the state of errors or warnings from New to Acknowledged:

    Run Confirm-ProvOperationEvent command.

    • With EventId parameter: Sets the state of a specific error or warning that matches this event ID. You can get the EventId of a specific error or warning as an output from Get-ProvOperationEvent command
    • With LinkedObjectType and LinkedObjectUid parameters: Sets the state of all the errors and warnings associated with a specific provisioning scheme
    • With All parameter: Sets the state of all errors and warnings as Acknowledged

    To delete the errors or warnings:

    Run Remove-ProvOperationEvent command.

    • With EventId parameter: Removes a specific error or warning that matches this event ID. You can get the EventId of a specific error or warning as an output from Get-ProvOperationEvent command
    • With LinkedObjectType and LinkedObjectUid parameters: Removes all errors and warnings associated with a specific provisioning scheme
    • With All parameter: Removes all errors and warnings

    For more information, see the Citrix PowerShell SDK.

    Delete machines without hypervisor access

    When deleting a VM or a provisioning scheme, MCS needs to remove tags from the VM, and sometimes from the base disk as well, so that the resources included in the deletion options are no longer tracked or identified by MCS. However, some of these resources are only accessible through hypervisor. Use the PurgeDBOnly option in Remove-ProvVM PowerShell to delete VM resource objects such as VM, base disk, image in ACG, and so on from the database even when there is no hypervisor access.

    This option is enabled on:

    • all supported hypervisors
    • persistent and non-persistent VMs

    Limitations

    You cannot use the commands -PurgeDBOnly and -ForgetVM at the same time.

    Use the PurgeDBOnly command

    When running the PowerShell command Remove-ProvVM -ProvisioningSchemeName SCVMM-MC -VMName SCVMM01 -ForgetVM the deletion operation might fail in the following scenarios:

    • The host connection is in maintenance mode
    • Invalid credentials
    • Authentication failure
    • Unauthorized operation
    • The hypervisor is unreachable

    Note:

    Remove-provVM -ForgetVM targets only persistent VMs. If one of the VMs in the list is non-persistent, the operation fails.

    When the operation fails because the hypervisor is unreachable, the following prompt appears:

    Try to use -PurgeDBOnly option to clean DDC database.

    Use the -PurgeDBOnly option in the Remove-ProvVM PowerShell command to delete references of a VM from MCS database. For example,

    Remove-ProvVM -ProvisioningSchemeName SCVMM-MC -VMName SCVMM01 -PurgeDBOnly

    Update properties of individual VMs

    You can update properties of individual VMs in a persistent MCS machine catalog using the PowerShell command Set-ProvVM. However, the updates are not applied immediately. You must set the time window using the PowerShell command Set-ProvVMUpdateTimeWindow for the updates to apply.

    This implementation helps you to manage individual VMs efficiently without updating the entire machine catalog. Currently, this feature is applicable only to the Azure environment.

    Currently, the properties that you can update are:

    • CustomProperties
    • ServiceOffering
    • MachineProfile

    Using this feature, you can:

    Before updating properties of a VM:

    1. Open a PowerShell window.
    2. Run asnp citrix* to load the Citrix-specific PowerShell modules.
    3. Check the configuration of the existing machine catalog. For example:

      Get-ProvScheme -ProvisioningSchemeName AzureCatalog
      <!--NeedCopy-->
      
    4. Check the configuration of the VM on which you want to apply the updates. For example:

      Get-ProvVM -ProvisioningSchemeName AzureCatalog -VMName machine1
      <!--NeedCopy-->
      

    Update properties of a VM

    Do the following to update the properties on a VM:

    1. Turn off the VM on which you want to apply the updates.
    2. Update the properties of the VM. For example, if you want to update storage type (StorageType) custom property of the VM, run the following:

      Set-ProvVM -ProvisioningSchemeName AzureCatalog -VMName machine1 -CustomProperties "...<Property Name='StorageType' Value='Premium_LRS' />..."
      <!--NeedCopy-->
      

      You can update properties of two VMs in a machine catalog simultaneously. For example:

      Set-ProvVM -ProvisioningSchemeName AzureCatalog -VMName machine1 -CustomProperties "...<Property Name='StorageType' Value='Premium_LRS' />..."
      <!--NeedCopy-->
      
      Set-ProvVM -ProvisioningSchemeName AzureCatalog -VMName machine2 -CustomProperties "...<Property Name='StorageType' Value='StandardSSD_LRS' />..."
      <!--NeedCopy-->
      

      Note:

      The updates are not applied immediately.

    3. Get the list of properties that are specified to be updated and the configuration version. For example:

      Get-ProvVMConfiguration -ProvisioningSchemeName AzureCatalog -VMName machine1
      <!--NeedCopy-->
      

      Check the property value of Version and the properties to be updated (in this case, StorageType).

    4. Check the configuration version. For example:

      Get-ProvVM -ProvisioningSchemeName AzureCatalog -VMName machine1
      <!--NeedCopy-->
      

      Check the property value of ProvVMConfigurationVersion. The update is not yet applied. The VM is still in the old configuration.

    5. Request scheduled update. For example:

       Set-ProvVMUpdateTimeWindow -ProvisioningSchemeName AzureCatalog -StartsNow -DurationInMinutes -1
       <!--NeedCopy-->
      

      For more information on scheduled updates, see Update provisioned machines to current provisioning scheme state.

      Note:

      Any pending provisioning scheme update is also applied.

    6. Restart the VM. For example:

      New-BrokerHostingPowerAction -MachineName machine1 -Action TurnOn
      <!--NeedCopy-->
      
    7. Check the configuration version. For example:

      Get-ProvVM -ProvisioningSchemeName AzureCatalog -VMName machine1
      <!--NeedCopy-->
      

      Check the property value of ProvVMConfigurationVersion. The update is now applied. The VM now has the new configuration.

    8. To apply further configuration updates on the VM, turn off the VM, and repeat the steps.

    Retain the properties updated on a VM after the machine catalog is updated

    Do the following to retain the properties updated on a VM:

    1. Turn off the VM on which you want to apply the updates.
    2. Update the machine catalog. For example, if you want to change the VM size (ServiceOffering) and storage type (StorageType), run the following:

      Set-ProvScheme -ProvisioningSchemeName AzureCatalog -ServiceOffering Standard_E4_v3 -CustomProperties "...<Property Name='StorageType' Value='StandardSSD_LRS' />..."
      <!--NeedCopy-->
      
    3. Get the configuration details of the machine catalog. For example:

      Get-ProvScheme -ProvisioningSchemeName AzureCatalog
      <!--NeedCopy-->
      

      The ProvisioningSchemeVersion is now incremented by one. The VM size and storage type are also updated.

    4. Update the properties of the VM. For example, provide a machine profile to the VM.

      Set-ProvVM -ProvisioningSchemeName AzureCatalog -VMName machine1 -MachineProfile "XDHyp:\HostingUnits\<hosting-unit>\machineprofile.folder\<resource-group>.resourcegroup\<template-spec>.templatespec\<template-spec-version>.templatespecversion"
      <!--NeedCopy-->
      

      Note:

      The machine profile input has a tag and a different VM size (ServiceOffering) specified.

    5. Get the list of properties that the VM will have after merging the configuration updates on the VM with the machine catalog updates. For example:

      Get-ProvVMConfigurationResultantSet -ProvisioningSchemeName AzureCatalog -VMName machine1
      <!--NeedCopy-->
      

      Note:

      Any updates on the VM will override the updates done on the machine catalog.

    6. Request scheduled update for the VM. For example:

      Set-ProvVMUpdateTimeWindow -ProvisioningSchemeName AzureCatalog -VMName machine1 -StartsNow -DurationInMinutes -1
      <!--NeedCopy-->
      
    7. Restart the VM. For example:

      New-BrokerHostingPowerAction -MachineName machine1 -Action TurnOn
      <!--NeedCopy-->
      

      The VM keeps its updated VM size as derived from the machine profile. The tag values as specified in the machine profile are also applied to the VM. However, the storage type is derived from the latest provisioning scheme.

    8. Get the configuration version of the VM. For example:

      Get-ProvVM -ProvisioningSchemeName AzureCatalog -VMName machine1
      <!--NeedCopy-->
      

      The ProvisioningSchemeVersion and ProvVMConfigurationVersion now shows the latest version.

    Revert the configuration updates applied to a VM

    1. After applying the updates to a VM, turn off the VM.
    2. Run the following command to remove the updates that are applied on the VM. For example:

      Set-ProvVM -RevertToProvSchemeConfiguration -ProvisioningSchemeName AzureCatalog -VMName machine1
      <!--NeedCopy-->
      
    3. Request scheduled update for the VM. For example:

      Set-ProvVMUpdateTimeWindow -ProvisioningSchemeName AzureCatalog -VMName machine1 -StartsNow -DurationInMinutes -1
      <!--NeedCopy-->
      
    4. Restart the VM. For example:

      New-BrokerHostingPowerAction -MachineName machine1 -Action TurnOn
      <!--NeedCopy-->
      
    5. Check the configuration version of the VM. For example:

      Get-ProvVM -ProvisioningSchemeName AzureCatalog -VMName machine1
      <!--NeedCopy-->
      

      The ProvVMConfigurationVersion value is now the configuration version of the machine catalog.

    VDA Update Support via Local File Share Access

    Specify the VDA installer location through PowerShell cmdlets which reduces your effort from providing network rules to allow each VDA to go and fetch the new VDA installer from the Citrix Managed Azure CDN.

    PowerShell cmdlets

    Two new optional parameters added to New-VusCatalogSchedule and New-VusMachineUpgrade cmdlets that allow you to use installers from a local file share

    • VdaWorkstationPackageUri - to specify the UNC path to the workstation OS VDA installer
    • VdaServerPackageUri - to specify the UNC path to the server OS VDA installer

    Prerequisites

    • VDA Upgrade Agent to version 7.40.0.35 or later (using the VDA installer version 2311 or later)
    • Virtual Apps and Desktops Remote PowerShell SDK version 7.40 or newer (released on Jan 10, 2024 or later)
    • Remote PowerShell SDK version 7.42 or later (released after Feb 16, 2024)

    How to Set File Share Permissions

    The network shares containing VDA installer packages must have read access for the VDA Upgrade Agent service which runs as Local System (NT AUTHORITY\SYSTEM principal).

    • Domain-Joined file share permission

      When the VDA machine is domain-joined, then the Local System account (VUA runs as Local System), uses computer credentials when accessing network shares.

      The least privilege permission can be set by granting the Read access to Domain Computers.

      1. Choose people on your network who you want to share the file with.
      2. Click Advanced Sharing Settings and turn on File and Printer Sharing.
    • Non-Domain Joined file share permission

      When the VDA machine is non-domain joined, then the Local System account (VUA runs as Local System), uses ANONYMOUS LOGON when accessing network shares.

      1. Select a shared folder.
      2. Disable the password protection.
        1. Go to Folder Properties.
        2. Select Network and Sharing Center.
        3. Turn off Password Protected Sharing.
      3. Click Advanced Sharing to grant a share permission.
        1. Select Permissions.
        2. Grant a Read share permission to ANONYMOUS LOGON.
      4. Select the Security Tab to grant folder permissions
        1. Click Edit to add permissions to the shared folder
        2. Select the shared folder to grant folder permissions to ANONYMOUS LOGON.
      5. Click Advanced to turn on File and Printer Sharing.
      6. Add the shared folder name to Network Access Security Policy.

      Note:

      Restart your machine for the change to take effect immediately.

    VDA Updates from a Local File Share

    1. Download the VDA installer and place it in the shared file.

      Note:

      With Virtual Upgrade Service, you can select from either the Current Release track or the LTSR track.

      For Example: If the machine catalog is set to Current Release that is 2311, and the VDA version is 2305, you must upgrade the VDA to version 2311.

      1. Navigate to the Downloads page on our website.
      2. Select Citrix Virtual Apps and Desktops as the product.
      3. Select Citrix Virtual Apps and Desktops 7 2311, All Editions.
      4. Select the VDA installer from the Components that are on product ISO but also packaged separately expandable.
    2. Select the relevant VDA installer based on the catalog type.

      • Download the Multi-session OS VDA installer if the catalog type is multi session
      • Download the Single-session OS VDA installer if the catalog type is single session
      • Download the Single-session OS Core Services VDA installer if the catalog type is Remote PC Access

    Note:

    The version of the file share installer has to exactly match the version of the latest installer version published by VUS to the cloud.

    Troubleshoot

    • For machines with Power State Unknown status, see CTX131267 for guidance.
    • To fix VMs that continuously show an unknown power state, see How to fix VMs that continuously show an unknown power state.
    • If a Cloud Connector is not operating properly, MCS provisioning operations (such as catalog updates) take longer than usual and the management console performance degrades significantly.

    Where to go next

    For information on managing specific hypervisor catalogs, see: