Citrix Provisioning Services PVS

Citrix Provisioning Services (PVS) allows you to have a single instance image management of your XenApp and/or XenDesktop VMs. A single image means you only have to update a single image which is then streamed to hundreds of desktops.

In a production environment, PVS consists of at least two PVS servers for High Availability. A disk image is taken from a reference computer which has been built up with all patches, applications etc installed and configured, and the vDisk image is imported into PVS. The imported vDisk image usually sits on locally attached storage on each PVS server. ‘Target device’ VMs are created without a C: drive and set to boot from network. The MAC addresses of the VMs are added to the PVS database so that when the VMs PXE boot the PVS server knows which vDisk to provide. The first time a vDisk is streamed to a target device the vDisk is cached in memory on the PVS server.

Since we are streaming a single vDisk to multiple computers, the vDisk must be read-only to avoid corruption. But Windows can’t run off a read-only disk, so thanks to Citrix  PVS to have a ‘write cache’ . There is also default location for the write cache, however it is very slow and not ideal under high availability. Attaching a small (10GB) disk to each VM for the write cache is a good approach – this disk can reside on local host storage, the SAN. When the PVS target device reboots, the write cache is cleared so each boot is a ‘first boot’. To ensure there is no data loss, use redirected folders and a good profile management system. Since PVS 7.1, Citrix introduced a new write cache option called ‘Cache in device RAM with overflow on hard disk’. The option takes a chunk of VM memory and uses it as a disk cache which provides a massive performance boost over other write cache options.

Let me go through Write Cache options that Citrix PVS offers;

Write Cache in Provisioning Services Server

In PVS, the term “write cache” is used to describe all the cache modes. The write cache includes data written by the target device. If data is written to the PVS server vDisk in a caching mode, the data is not written back to the base vDisk. Instead, it is written to a write cache file in one of the following locations:

  • Cache on device hard disk
  • Cache in device RAM
  • Cache on device RAM with overflow on hard disk
  • Cache on server

When the target device is booted, write cache information is checked to determine the presence of the cache file. If the cache file is not present, the data is then read from the original vDisk file.
All current versions of PVS have the option for distributing write cache. It is called Multiple Write Cache Paths. The multiple write cache paths (for a store) option provides the capability of distributing the write cache files across multiple physical media. This feature helps to improve I/O throughput for heavily loaded servers.
When a target device starts the server chooses one of the write cache paths from the list based on the MAC address of the client. The goal of selecting a path based on the MAC address is to get an even distribution of the clients across the available paths. The algorithm selects the same path for a given client each time that client is booted.
This functionality is needed to ensure that during a High Availability (HA) failover the new server would choose the same write cache for the client (otherwise it would not be able to find the write cache file and the client would hang). If the defined write cache path is not available to a server, the server falls back to the standard vDisk path.
It is not recommended for the Cache on the server to be used in production environments.

Cache on device Hard Disk


  • Local HD in every device using the vDisk.
  • The local HD must contain Basic Volume pre-formatted with a Windows NTFS file system with at list 512MB of free space.

The cache on local HD is stored in a file on a secondary local hard drive of the device. It gets created as an invisible file in the root folder of the secondary local HD. The cache file size grows, as needed, but never gets larger than the original vDisk, and frequently not larger than the free space on the original vDisk. It is slower than RAM cache, but faster than Server cache and works in a HA environment.

Cache in device RAM


  • Appropriate amount of physical memory on the machine.

The cache is stored in client RAM (memory). The maximum size of the cache is fixed by a setting in vDisk properties. All written data can be read from local RAM instead of going back to the server. RAM cache is faster than cache on server and works in a HA environment.
Note: If more different sectors are written than the size of the cache, the device stops.

Cache on device RAM with overflow on Hard Disk


  • Provisioning Service 7.1 or later.
  • Windows 7, Windows Server 2008 R2 or later.
  • Local HD in every device using the vDisk.

When RAM is zero, the target device write cache is only written to the local disk. When RAM is not zero, the target device write cache is written to RAM first. When RAM is full, the least recently used block of data is written to the local Write Cache disk to accommodate newer data on RAM. The amount of RAM specified is the non-paged kernel memory that the target device consumes.

Cache on Server


  • Enough space allocated to where the server cache will be stored.
Server cache is stored in a file on the server, or on a share, SAN, or other location. The file size grows, as needed, but never gets larger than the original vDisk, and frequently not larger than the free space on the original vDisk. It is slower than RAM cache because all reads/writes have to go to the server and be read from a file. The cache gets deleted when the device reboots, that is, on every boot the device reverts to the base image. Changes remain only during a single boot session. Server cache works in a HA environment if all server cache locations to resolve to the same physical storage location. This case type is not recommended for a production environment.

SQL Connection Error – (provider: Named Pipes Provider, error: 40)

A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 – Could not open a connection to SQL Server.


This is trying to tell you that some of the services are not running and it is not communicating with the database.

Basically go to SQL Server Configuration Manager either searching or going to All apps…

Under “SQL Server services“, check your services if they are started and running…


If necessary just start the services and try logging in..



Adding Licensing on your Citrix Environment

We have got a Lab environment in here, by default you get 30-day trials which is really not enough to go through everything and practice what you need. So you need to login to (you might need to register or you can use your company’s account). Under you details on the left hand side go to > Previews/Betas – License Retrieval


On the right you will see any available licenses, if not you can scroll right down to request more which will give you additional licenses.


Click on the Serial Number and you will get  a warning about your license server name which is case sensitive. Yes you need to right exactly the same letters appear in the name.


Click on Continue,


Under Host ID you need to write your License server name and then you will be able to download and save your .lic file.

On your Citrix Studio > click on Licensing on the left …


and on the right Click on Add Licenses


Browse where you saved your license file. That should give you 90-day Evaluation or if you have got proper license you can use this as well.


One more thing to check is the “Production Edition”, make sure it is right version you want to use and you can do this by going in to “Edit Production Edition” under Actions on the right hand side.



Citrix XenApp / Xendesktop 7.6 Technical overview -1

This is from Citrix website and I think it is awesome article which explains the new architecture with a plain English. Very easy to read and understand.

XenApp and XenDesktop are virtualization solutions that give IT control of virtual machines, applications, licensing, and security while providing anywhere access for any device.

XenApp and XenDesktop allow:

  • End users to run applications and desktops independently of the device’s operating system and interface.
  • Administrators to manage the network and provide or restrict access from selected devices or from all devices.
  • Administrators to manage an entire network from a single data center.

XenApp and XenDesktop share a unified architecture called FlexCast Management Architecture (FMA). FMA’s key features are the ability to run multiple versions of XenApp or XenDesktop from a single Site and integrated provisioning.

FMA key components

A typical XenApp or XenDesktop environment consists of a few key technology components, which interact when users connect to applications and desktops, and log data about Site activity.

Citrix Receiver
A software client that is installed on the user device, supplies the connection to the virtual machine via TCP port 80 or 443, and communicates with StoreFront using the StoreFront Service API.

The interface that authenticates users, manages applications and desktops, and hosts the application store. StoreFront communicates with the Delivery Controller using XML.

Delivery Controller
The central management component of a XenApp or XenDesktop Site that consists of services that manage resources, applications, and desktops; and optimize and balance the loads of user connections.
Virtual Delivery Agent (VDA)
An agent that is installed on machines running Windows Server or Windows desktop operating systems that allows these machines and the resources they host to be made available to users. The VDA-installed machines running Windows Server OS allow the machine to host multiple connections for multiple users and are connected to users on one of the following ports:

  • TCP port 80 or port 443 if SSL is enabled
  • TCP port 2598, if Citrix Gateway Protocol (CGP) is enabled, which enables session reliability
  • TCP port 1494 if CGP is disabled or if the user is connecting with a legacy client
Broker Service
A Delivery Controller service that tracks which users are logged in and where, what session resources the users have, and if users need to reconnect to existing applications. The Broker Service executes PowerShell and communicates with the Broker agent over TCP port 80. It does not have the option to use TCP port 443.
Broker agent
An agent that hosts multiple plugins and collects real-time data. The Broker agent is located on the VDA and is connected to the Controller by TCP port 80. It does not have the option to use TCP port 443.
Monitor Service
A Delivery Controller component that collects historical data and puts it in the Site database by default. The Monitor Service communicates on TCP port 80 or 443.
ICA File/Stack
Bundled user information that is required to connect to the VDA.
Site Database
A Microsoft SQL database that stores data for the Delivery Controller, such as site policies, machine catalogs, and delivery groups.
NetScaler Gateway
A data-access solution that provides secure access inside or outside the LAN’s firewall with additional credentials.
A web-based tool that allows administers access to real-time data from the Broker agent, historical data from the Site database, and HDX data from NetScaler for troubleshooting and support. Director communicates with the Controller on TCP port 80 or 443.

A management console that allows administers to configure and manage Sites, and gives access to real-time data from the Broker agent. Studio communicates with the Controller on TCP port 80.

Powershell special characters

When you are using Powershell, it really helps if you use special characters to write your own scripts or interpret someone else’s scripts. Some of them are really common and get used very often….

# Hash – Single line comment


#This script is for ....
#This variable is to ...


$ Dollar sign – is used to declare a variable

$ComputerName = "Server1"
$password = "p@sw0rd"


| Pipeline- Executes the left side and with  the output feeds to the right


Get-Process | Select -first 10


% Percentage – Short for “FOREACH”


% ($Server in $Servers) { Write-Host $_}


? Question Mark – Short for “Where”


Get-process | ? {$ -like 'win*' -and $_.status -eq 'Running'}


@ () – Declares an array


$Servers = @ ("server1", "server2", "server3")


@ {} – Declares an hash table


$servers = @{"server1" = "Dell";
             "server2" = "HP";
             "server3" = "Nutanix"}


------------------------------------ OR

$params = @{};
$params['class'] = 'Win32_DiskDrive';
$params['filter'] = 'size=256052966400'; #find a drive which is 256GB in size
Get-WmiObject @params
Get-WmiObject -Class 'Win32_DiskDrive' -Filter 'size=256052966400'


& Ampersand – Executes strings as commandlets


& "Get-Scheduledjob"


! Exclamation – Short for “not”

$serverName = $null;
if(!$serverName) { Write-Host '$a is null' }


:: Double colon – Reference static member of a class. The class name must be enclosed in square brackets.

[string]::Equals = ("Computers", "COMPUTERS")
False # this will compare these two strings and returns false




Server 2016 Licensing

Windows Server 2016 licensing model

The business model for Standard and Datacenter editions transitioned from processor-based to core-based licensing in October 2016 with the general availability of Windows Server 2016 (all other editions of Windows Server 2016 continue to be on the processor-based licensing model). Core-based licensing provides a more consistent licensing metric across environments, enabling multicloud environments, improving workload portability for Windows Server through benefits like Azure Hybrid Use Benefit (AHUB), and helping remove friction across different licensing models.


Customers with Software Assurance will transition to core-based licensing at their first renewal after the general availability of Windows Server 2016, although they can deploy Windows Server 2016 at any time.

The Windows Server 2016 licensing model includes both Cores + Client Access Licenses (CALs). Each user and/or device accessing a licensed Windows Server Standard, Datacenter, or Multipoint edition requires a Windows Server CAL or Windows Server and Remote Desktop Services CAL. A Windows Server CAL gives a user or device the right to access any edition of Windows Server of the same or earlier version. Each Window Server CAL allows access to multiple licenses of Windows Server.

Edition                  Licensing model       CAL requirements

Datacenter               Core-based*          Windows Server CAL**

Standard                   Core-based*           Windows Server CAL**

Essentials                 Specialty server      No CAL required 

** All physical cores on the server must be licensed, subject to a minimum of 8 core licenses per physical processor and a minimum of 16 core licenses per server.

** CALs are required for every user or device accessing a server.

Windows Server 2016 Standard and Datacenter: Core-based licensing

Core-based licensing requires all physical cores in the server to be licensed. Servers are licensed based on the number of processor cores in the physical server.

• A minimum of 8 core licenses is required for each physical processor and a minimum of 16 core licenses is required for each server.

• Core licenses are sold in packs of two.*

• Standard Edition provides rights for up to 2 Operating System Environments or Hyper-V containers when all physical cores in the server are licensed. For each additional 1 or 2 VMs, all the physical cores in the server must be licensed again.

• The price of a set of 16 core licenses (for a 2-processor server) for Windows Server 2016 Datacenter and Standard editions is the same price** as the 2-processor license of the corresponding edition of Windows Server 2012 R2. Windows Server 2016 Licensing Azure Hybrid Use Benefit With the Azure Hybrid Use Benefit, customers with Software Assurance can benefit from special pricing for new Windows Server virtual machines in Azure. Customers pay only for the base compute rate, which is currently the same as the Linux rate for virtual machines.

** 8 two-core packs will be the minimum required to license each physical server. The two-core pack for each edition is 1/8th the price of a license for a 2-processor server for corresponding Windows Server 2012 R2 editions.

** Rounding may result in slight variations in the final price of eight 2-pack core SKUs relative to the price of one Windows Server 2012 R2 processor SKU.


Moving to core-based licensing

Customers purchasing net new licenses, for example, through MPSA or from an OEM, will purchase licenses under the core-based model. Existing customers with Software Assurance will transition from processor-based to core-based licensing at the first renewal after the general availability of Windows Server 2016.

• Renewal before the general availability of Windows Server 2016: Customers with Software Assurance will be on processor-based licensing and true-ups will also be processor-based.

• Renewal after the general availability of Windows Server 2016: Customers with Software Assurance will transition to core-based licensing and true-ups will also be core-based.

Core license grants overview

Customers with servers under Software Assurance will receive core license grants at the expiration of Software Assurance coverage. Depending on the core density of existing servers, there are two categories of core license grants: Full core licenses and additional core licenses.

1. Full core license grants: Customers with a server density of 8 or fewer cores per processor and 16 or fewer cores per server are eligible to receive full core license grants. Customers will receive a minimum of 8 cores per processor and 16 cores per server at the expiration of Software Assurance coverage after the general availability of Windows Server 2016. To receive full core license grants, customers do not need to document their environments.

2. Additional core license grants: Customers with a server density of more than 8 cores per processor and 16 cores per server are eligible to receive additional core license grants and pay only Software Assurance on the incremental cores. To receive additional core license grants, customers must maintain a record of the physical hardware and the configuration of the licensed server by using the Microsoft Software Inventory Logging tool (SIL) or any equivalent software. Inventory must be maintained at the first expiration of the Software Assurance coverage after the general availability of Windows Server 2016 or before September 30, 2019.

Note: Customers are not required to share inventory with Microsoft, but may be asked to share inventory if required.


Announcing servicing guidelines for Windows Server 2016

With prior releases, Windows Server has been serviced and supported through a 5+5 model, with 5 years of mainstream support and 5 years of extended support. This model—renamed Long Term Servicing Branch (LTSB)—will continue with Windows Server 2016 for customers who choose to install full Windows Server 2016 with Desktop Experience or Server Core.

Customers choosing the Nano Server installation will opt into a more active servicing model—known as Current Branch for Business (CBB)—similar to the experience with Windows 10. This approach supports customers who are moving at a cloud cadence of rapid development lifecycles and wish to innovate more quickly. Since this servicing model continues to provide new features and functionality, Software Assurance is also required to install and use Nano Server.

XenApp and XenDesktop 7.13

The product release includes the following new and enhanced features.


New page in VDA installers:

The graphical wizards of the VDA installers (except VDAWorkstationCoreSetup.exe) have a new page named Additional Components. This page lists several components that can be installed.

User Profile Manager
User Profile Manager WMI Plugin
Machine Identity Service
AppDisk and Personal vDisk

By default, all of these additional components are selected if you select “Create a master image” on the Environment page of the VDA installation wizard. If you select “Enable Remote PC Access” on the Environment page, none of the additional components are selected by default.

This feature brings the graphical and command-line interfaces of the VDA installers into closer equivalency. Each of these components can be omitted from a command-line installation by using the /exclude option. (By design, the VDAWorkstationCoreSetup.exe VDA installer cannot install any of these components.)

If you upgrade a VDA that does not have those components already installed, default settings could result in those components being installed during the upgrade, unless you specifically exclude them or use the VDAWorkstationCoreServices.exe installer.

Installing Citrix App-V components when installing a VDA:

Previously, you enabled or disabled installation of the Citrix App-V software on the Features page of the VDA installer wizards (except VDAWorkstationCoreSetup.exe). To disable Citrix App-V software installation from the VDA command line, you used the /no_appv option.

Now, you enable or disable Citrix App-V software installation on the Additional Components page of the VDA installation wizards (except VDAWorkstationCoreSetup.exe). To disable Citrix App-V software installation from the command line, use the /exclude “Citrix Personalization for App-V – VDA” option. (The /no_appv command-line option is no longer valid.)

If you enable the Citrix Personalization for App-V – VDA check box, the “Citrix AppDisk / Personal vDisk” components are automatically selected. This is a known issue in this release. You can prevent this by installing the VDA from the command line containing the /exclude “Personal vDisk” option.

Additional UDP ports opened in firewall during VDA installation:

If you enable the new HDX adaptive transport policy setting, UDP ports 1494 and 2598 are automatically opened in the Windows firewall by default when you install or upgrade a VDA using the graphical interface. (These ports are listed on the Firewall page of the installation wizard). These ports are used for communication with the Delivery Controller.

When installing a VDA from the command line, specify the new /enable_hdx_udp_ports option when using the new adaptive transport policy setting.

Note: TCP ports 1494 and 2598 are opened automatically for use during fallback or when the adaptive transport feature is not used. Those TCP ports are already covered with the existing /enable_hdx_ports option.

Application Group session sharing

When applications in an Application Group are started, by default they reuse existing sessions to launch faster and use fewer resources. In previous releases, although you could prevent application session sharing between Application Groups, applications in the same Application Group would always session share.

You can now configure Application Groups so that application session sharing is disabled between applications in the same Application Group. In some circumstances this may be desirable: for example, you may want users to start non-seamless applications in full size application windows on separate monitors. In this mode applications in the Application Group always run in separate sessions which are indistinguishable from each other for subsequent brokering and reconnection purposes. If a disconnected session exists which is already running the requested application, it is reconnected. You can disable application session sharing using the PowerShell SDK only.


AppDisk includes the following new features and enhancements:

  • Updated logging mechanism. An enhancement to the AppDisk logging and support paradigm allows an administrator to obtain diagnostic information and optionally upload it to the Citrix Insight Services (CIS) website.

Session Recording

Session Recording includes the following new and enhanced features:

  • Database names are configurable. You can use a custom name or the default database name for the Session Recording Database and for the Administrator Logging Database.
  • Database high availability. Session Recording supports three solutions for database high availability based on Microsoft SQL Server.


Director includes the following new and enhanced features:

  • Application-centric troubleshooting. This enhancement facilitates troubleshooting of active application instances in a XenApp and XenDesktop Site with the introduction of a new Application Instances slice-n-dice page in the Filters view. The page displays all active application instances on VDAs of Server OS, and their idle state information.
    Additionally, the Sessions slice-n-dice page is extended to include the session idle time metric enabling easy identification of idle sessions. You can sort and filter the session and application instances based on their idle time measurements and select instances to log off or disconnect.
    The Application Instances filter page and idle time measurements in the Sessions filter pages are available if Director, the Delivery Controller(s), and VDAs are version 7.13 or later.
  • Transport protocol on Session Details panel. The Director Session Details panel is enhanced to display the transport protocol in use for the session. The protocol is displayed as TCP or UDP for the HDX connection type based on the new HDX adaptive transport technology.

Virtual Delivery Agents (VDAs) 7.13

Version 7.13 of the VDA for Server OS and the VDA for Desktop OS include the following enhancements to HDX technologies:

  • Adaptive transport. Adaptive transport for XenApp and XenDesktop optimizes data transport by applying a new Citrix protocol called Enlightened Data Transport (EDT) in preference to TCP whenever possible. Compared to TCP and UDP, EDT delivers a superior user experience on long-haul WAN and internet connections. EDT dynamically responds to changing network conditions while maintaining high server scalability and efficient use of network capacity. EDT is built on UDP and improves data throughput for all ICA virtual channels, including Thinwire display remoting, file transfer (Client Drive Mapping), printing, multimedia redirection. If UDP is not available, adaptive transport automatically reverts to TCP.Enable it using the HDX Adaptive Transport policy setting. The same setting is applicable on both LAN and WAN conditions. This feature requires Citrix Receiver for Windows 4.7 or Citrix Receiver for Mac 12.5. For external secure access, it requires NetScaler Unified Gateway 11.1.51.

  • HDX 3D Pro support for AMD GPUs. Use HDX 3D Pro graphics acceleration technologies with AMD Multiuser GPU (MxGPU) on the AMD FirePro S-series server cards. This release includes support for multimonitors (up to a maximum of six), console blanking, custom resolution, and high frame rate.

  • Access to a high-performance video encoder for Intel Iris Pro graphics processors. The Use hardware encoding for video codec policy setting enables the use of hardware encoding for Intel Iris Pro graphics processors (new in 7.13) and for NVIDIA GRID GPUs (introduced in 7.11). For Intel Iris Pro graphics processors, hardware encoding is supported with VDAs for Desktop OS (in standard or HDX 3D Pro mode) and VDAs for Server OS. For NVIDIA GRID GPUs, hardware encoding is supported with VDAs for Desktop OS in HDX 3D Pro mode.

  • Enhanced drawing features on Wacom tablets. Wacom drawing tablets can connect to published desktops on a remote desktop service (RDS) VM when redirected with generic USB redirection. Though you can use the tablet’s pen device as a mouse device while it is redirected, we recommend that you also maintain a standard USB mouse, which is not redirected, to allow access to local client functions. The redirected device is active only inside the session and doesn’t have control over the local client. Install the driver for the Wacom devices on the hosting RDS OS and the same driver must support each device connected to the server.

  • Enhanced support for Asian languages. Enables the local Input Method Editor (IME) from the client device for entering text into a virtual desktop or application instead of the pre-deployed IME on the server. Using the local IME enables additional language choices because of the various IME brands available for the client. Using the local IME affords you convenience when using client touch keyboards, and an experience that is the same as using a native application. To enable or disable the local IME on the client, use these commands on the command line interface: wfica32.exe /localime:on to enable it and wfica32.exe /localime:off to disable it. The new setting applies to all sessions started after the setting change.

  • Auto client reconnect and session reliability consistency. Auto client reconnect and session reliability allow users to reconnect automatically to their Citrix Receiver sessions after recovering from network disruptions. Updates to auto client reconnect and session reliability policies in Studio are synchronized from server to client, which helps maintain reliable connectivity.

  • Bidirectional content redirection. Enables administrators to specify client to host and host to client URL redirection using group policies. Server policies are set in Studio, and client polices are set from group policy.

  • Client drive mapping. File copying performance is enhanced.

VDA installation and upgrade changes:

  • The 7.13 VDAs contain several new and enhanced features, as described in this section. However, after upgrading your VDAs from version 7.9, 7.11, or 7.12, you do not need to update the Machine Catalog’s functional level. The default (“7.9 (or newer …)”) remains the current functional level.

StoreFront 3.9

StoreFront includes the following new features and enhancements.

  • SAML authentication through StoreFront. Administrators can configure StoreFront to integrate with a SAML Identity Provider in Manage Authentication Methods > SAML Authentication.
  • Import multiple NetScaler Gateway vServer configurations. Administrators can import multiple vServer configurations from the StoreFront management console (Manage NetScaler Gateways > imported from file) or using PowerShell.
  • Configure two URLs for the same NetScaler Gateway using the StoreFront PowerShell SDK. In 3.9, administrators can set a new optional paramater, -gslburl, on the GslbLocation attribute. This simplifies the NetScaler Gateway administration in StoreFront.
  • Support for adaptive transport.
  • Citrix Customer Experience Improvement Program (CEIP). You are now automatically enrolled in CEIP when you install StoreFront.


Provisioning Services 7.13

Provisioning Services includes the following new features and enhancements:

  • PVS-Accelerator. This feature enables a PVS proxy to reside in the XenServer’s Control Domain on a host where streaming of a Provisioning Services vDisk is cached at the proxy before being forwarded to the virtual machine. Using the cache, subsequent booting (or any I/O requests) of the virtual machine on the same host can be streamed from the proxy rather than streaming from the server over the network. Using this model, more local resources on the XenServer host are consumed, but streaming from the server over the network saves resources, effectively improving performance.
  • Linux streaming. You can now provision Linux virtual desktops directly in the XenDesktop environment.