Application and Desktop Probing

Application and desktop probing automates the process of checking the health of the apps and desktops that are published in a site by test launching them serially using StoreFront. The results of probing are available in Director.

Requirements

  • Delivery Controller runs version 7.18 or later for application probing and version 1906 or later for desktop probing.
  • Endpoint machines running probe agents are Windows machines with Citrix Workspace app for Windows version 1808 or later for application probing and version 1906 or later for desktop probing. Workspace app for Unified Windows Platform (UWP) is not supported.
  • Citrix Probe Agent supports authentication via StoreFront and Citrix Workspace using Active Directory credentials. In cases where the endpoint device is connected to StoreFront / Workspace via Citrix Gateway, you can authenticate using the Citrix Gateway domain credentials or Multi-factor authentication (MFA). Citrix Probe Agent doesn’t support other authentication methods like Single Sign-On (SSO).

    Note:

    • If user enabled the sign-in policy or conditional authentication on Citrix Cloud, probe agent fails to sign in to Storefront or Citrix Workspace app.

    • Probe Agent supports only the Active Directory authentication to authenticate to Citrix Workspace app.

  • Ensure that Microsoft .NET Framework version 4.7.2 or later is installed on the endpoint machine where you want to install the Probe Agent.

User accounts/permissions required to run Probing:

  • A unique StoreFront user to probe on each endpoint machine. The StoreFront user need not be an administrator; the probes can run in a non-administrator context.
  • User accounts with Windows administrator permissions to install and configure the Citrix Probe Agent on the endpoint machines
  • Reusing existing user accounts for probing might log off from the users’ active sessions. A full administrator user account or a custom role with the following permissions:
    • Delivery group permissions:
      • Read-only
    • Director permissions:
      • Create\Edit\Remove Alert Email Server Configuration - if the email server is not already configured
      • Create\Edit\Remove Probe Configurations
      • View Configurations page
      • View Trends page

Configuration

You can schedule your probes to run during off-peak hours across multiple geographies. The comprehensive probe results can help to troubleshoot issues related to the applications, hosting machine or connection before the users experience them.

Citrix Probe Agent version 2103 and later supports site aggregation. When you configure Citrix Probe Agent, select the Workspace (StoreFront) Site Aggregation Enabled option to enable enumeration of applications and desktops from aggregated sites. The following combinations of sites are supported:

  • Multiple on-premises sites having one StoreFront URL.
  • On-premises and cloud sites having either a StoreFront or Workspace URL.
  • Multiple cloud sites having one Workspace URL.
  • On-premises sites connected to StoreFront or Workspace via Citrix Gateway.

Note:

You must create separate administrators or users to configure probes that have access to only one site.

Step 1: Install and configure the Citrix Probe Agent

The Citrix Probe Agent is a Windows executable that simulates the actual application or desktop launch by the user through StoreFront. It tests launches as configured in Director and reports back the results to Director.

  1. Identify endpoint machines from where you want to run probing.

  2. Users with administrative privileges can install and configure the Citrix Probe Agent on the endpoint machine. Download the Citrix Probe Agent executable available at https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/app-probe-agent.html. The download link is also available in the Probes tab in Director.

    Probe Configuration.

  3. If you have aggregated sites, select the Workspace (StoreFront) Site Aggregation Enabled option to enable enumeration of applications and desktops from aggregated sites.

  4. Select an authentication method and enter the relevant credentials. Credentials are encrypted and stored securely.
  5. Configure with your StoreFront Active Directory credentials. Configure a unique Workspace (StoreFront) user on each endpoint machine. Probe agent

  6. Choose the Citrix Gateway option if your endpoint is connected to StoreFront via Citrix Gateway and configure with your Citrix Gateway Domain credentials.

    Probe agent

  7. Choose Multi-factor Authentication option if your Gateway supports it and enter the 16-digit authentication key. This is available only for Citrix Gateway that is configured with LDAP and Native OTP using Single Login Schema.

  8. In the Configure To Display Probe Result tab, enter your Director credentials, and click Validate.

    Probe agent

  9. Select your site and click Next.

  10. In the View Summary tab, ensure that the configured details are accurate. If you need to make changes, go to the respective tab and make the updates.

Note:

You can use the PowerShell script contained in Automating Citrix Probe Agent Installation and Configuration to automate the installation and configuration of Citrix Probe Agent.

Step 2: Configure Probing in Director

Limitation:

Probing fails if applications or desktops are test launched from Windows VDAs that have the interactive logon message banner enabled. This is because a timeout occurs due to waiting to accept the interactive logon message. To disable the logon message on a Server VDA. Go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security options.

Remove the text in the following fields and update the Microsoft policy.

  • Interactive Logon: Message Text for users attempting to logon
  • Interactive Logon: Message Title for users attempting to logon

Assign the probe user to this specific Server VDA with the interactive logon message banner disabled to ensure that the probe can get past the Application or Desktop Launch state.

For more information, see https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-message-text-for-users-attempting-to-log-on.

  1. Go to Probes > Application Probe or Desktop Probe and click Create Probe.
  2. In the Create Probe page, enter the name of the probe.
  3. Select the schedule:

    1. Choose the days of the week on which you want the probe to run.
    2. Enter the start time at which you want the probe to run.
    3. In addition, you can choose the Repeat in a day option. Enter the end time and the interval in which you want the probe to repeat within a day. For example, the configuration below helps run application probes from 12:08 hours until 16:34 hours repeating every 30 minutes every Monday, Wednesday, Thursday, and Sunday.
  4. Select the recommended number of applications or desktops to be probed depending on the interval.
  5. Select the endpoint machines on which the probe must run.
  6. Enter the email addresses of admins to send the results of failed probes. Configure your email server in Alerts > Email Server Configuration.

Director Configuration

In this configuration, the application sessions launch at 12:08 hours, 12:38 hours, 13:08 hours, and so on until 16:08 hours every Monday, Wednesday, Thursday, and Sunday.

Note:

  • After configuration, the agent runs the configured probes starting the next hour.
  • The probes that were set up before the Repeat in a day option was introduced, continue to run at their scheduled time. They have the Repeat in a day option disabled by default.
  • It is recommended that you configure probes such that each run has a period of 5 minutes to prevent overlaps.

Step 3: Probe execution

The agent runs probing as per the probe configuration that it fetches from Director periodically.

It launches selected applications serially using StoreFront. The agent reports the results back to Director via the Monitor database. Failures are reported in five specific stages:

  • StoreFront Reachability - configured StoreFront URL is not reachable.
  • StoreFront Authentication - configured StoreFront credentials are invalid.
  • StoreFront Enumeration - StoreFront Enumerate applications list does not contain the application or desktop to be probed.
  • ICA download - the ICA file is not available.
  • Application / Desktop launch – the application or desktop could not be launched.

Step 4: View probe results

You can see the probe results in Probes. The Probes view gives a comprehensive glimpse of the probe results. These results help analyze and troubleshoot issues proactively, enabling a smoother session launch experience for users.

The Overview tab provides a summary of all the configured probes in a single view.

Director probe runs

You can filter probes based on Time Period, Probe Type, Endpoint name, Application Name, Desktop Name and Probe Result Type. Probes that match the filter criteria are shown with the following details per probe, application/desktop and endpoint.

Probe Metrics shows the count of Scheduled, Planned, Skipped, Successful, and Failed runs.

  • Completed Runs – the number of probe runs that ran to completion.
  • Failed Runs – the number of probe runs that failed.
  • Skipped Runs – the number of runs that did not run to completion due to either the endpoint being inactive, or services being unavailable.
  • Successful Runs – the number of probes that completed successfully with no failures in any stage during the app/desktop launch.

The total number of endpoint machines is also displayed, with the count of active and inactive machines.

Probe Failure Stages presents a visual breakdown of the failure distribution for each failure group. By analyzing the stages in which most failures have occurred, it becomes easier to interpret the probe results and troubleshoot issues. The graphical representation shows the number of failed probe runs for application/desktop launch, ICA file downloads, Storefront/Workspace enumeration, Storefront/Workspace reachability, and Storefront/Workspace authentication.

It helps analyze the stages in which most failures have occurred. This information helps quickly understand the probe results and troubleshoot.

Some probe runs might not run to completion due to either the endpoint being inactive, or services being unavailable.

The Probe Runs tab provides the results of the completed probe runs in detail. You can drilldown to see the details of each individual run of a selected probe. You can filter and analyze further based on important pivot points.

Director probe runs

You can filter the probes runs based on Time Period, Probe Type, Endpoint name, Application Name, Desktop Name and Probe Failure Stage. Probe Failure Stage displays the stage in which the probe failed. Clicking on the Probe Name, Scheduled Runs, Failed Runs, Application/ Desktop name links also takes you to the Probe Runs page with the list of Probe runs matching the filter criteria.

Application and Desktop Probing