Jump to content
Welcome to our new Citrix community!
  • 0

Removing phantom VDAs from MCS and DB


Chris Gundry

Question

Hi

 

We have an issue where we created some new VDAs in MCS, we removed them again due to a silly mistake. Those VDAs do NOT exist in vCenter or in AD. They are still listed in the catalog AD accounts but are listed as SSIDs rather than actual computer account names. They are listed as 'in use' in catalog AD accounts.

 

We want to:

1. Clean up - Remove these phantom AD accounts from the use, but we can't because they are 'in use'.

2. Add new VDAs using the same original machine names - When we try to do so currently it says that they already exist. We have confirmed that these SSIDs and names are in the Citrix SQL DB in various places.

 

We have raised a support case and Citrix have been told they cannot assist us with this issue at all. They have told us to remove the entries for these account names, SSIDs and VDA names from all SQL tables and DBs manually. They have told us to raise a MS SQL support case to get MS to write a script to remove them. I have of course gone back to them and said that is ridiculous, MS are never going to write a script to do that, but Citrix support are washing their hands of it. I am obviously really frustrated with their complete lack of support, but, here I am!

 

Has anyone else had this/similar issue in the past and has anything to offer?

 

Thanks

Link to comment

4 answers to this question

Recommended Posts

  • 1

Hi Chris. 

The problem is likely corruption in the IdentityPool.  You probably deleted the VM's from the hypervisor and the Accounts from AD directly.  You can remove machines from Citrix Studio directly instead to avoid this problem.  When you remove a machine using Studio, you presented with options to remove the VM from the hypervisor and to remove the accounts from AD.

You could try to clean up the identity pool with these steps: 

1) Use Get-AcctIdentityPool to find the AcctIdentityPool for your catalog. 

2) Use Get-AcctADAccount to find the accounts that are not in a good state.  Something like the below.  Clue: If an account is missing in Active Directory, it will show the SID for the name and the SID.  

Get-AcctADAccount -IdentityPoolUid <Guid>] | Select ADAccountName,ADAccountSid,State | export-csv C:\temp\accounts.csv

3) Use Remove-AcctADAccount to remove the "phantom" accounts.  Something like: 

Remove-AcctADAccount  -ADAccountSid <SID>  -RemovalOption None

Re-run your report from Step 2 to make sure that the machine account is removed from the AcctIdentityPool. 

 

 

  • Like 1
Link to comment
  • 0

Hi Sandra

 

We definitely didn't delete the VDA VMs from hypervisor or accounts from AD, we only do that through Studio. So something has gone wrong within Studio/MCS unfortunately, leaving us in this odd state. Whever we have removed machines or accounts before it has worked fine, just this time it has somehow become broken!

 

Thank you so much for the great suggestion, although frustrating that Citrix support themselves couldn't help us with that!

 

I tried that 

Remove-AcctADAccount  -ADAccountSid <SID>  -RemovalOption None

but it failed with an error about invalid options. It seems it wanted -IdentityPoolUid <Guid> as well, which removed that error. I added that and it ran but said it failed to remove the account. I set -force and the account was indeed removed and is no longer in the GUI or Get-AcctADAccount, great!

 

I have not tried to re-add the new accounts and re-deploy the VDAs yet, but I have run a SQL query and I can see that the previous VDA name appears to still be listed in the DB, as are the SIDs... So although the AD accounts are now removed from the GUI they are still in the DB.

VDA Name: https://ibb.co/WHdwtBs

AD Account SID: https://ibb.co/mD8b2Nk

 

The fact the VDA Name is still listed in provisioned VMs says to me that MCS thinks it still exists.

I thought your suggestion of removing the account would have removed the SID entry, but it seems not ?

 

Looking at Get-ProvVM I can indeed see there are 4 phantom VDAs listed, with the names I am expecting and 'ADAccountName' is just a SID. Now I need to work out how to remove them I guess... I have tried Remove-ProvVm -ProvisioningSchemeUid 'xxxxxxxxx -VMName xxxxxxxx
That said 'workflow completed'  but also 'FinishedWithErrors', although does not report what the error was. Re-running Get-ProvVM still lists the VM...

 

I will pick this up again tomorrow, but any other ideas/suggestions?

 

Thank you

Link to comment
  • 0

It seems that Remove-ProvVm was failing because the VM was 'locked'. I used Unlock-ProvVM to 'unlock' the VM, then Remove-ProvVm was able to remove the VM!

 

The SQL query to find any info related to the VM names or SIDs now returns nothing!

 

I then attempted to re-create the require VDAs and it worked!

 

Thank you for the steer towards the PowerShell commands, I don't know why I didn't find them myself, or why Citrix 'support' didn't know to use them, rather than trying to get me to delete data directly from SQL tables!

Link to comment
  • 0
On 7/21/2022 at 12:14 PM, Chris Gundry said:

It seems that Remove-ProvVm was failing because the VM was 'locked'. I used Unlock-ProvVM to 'unlock' the VM, then Remove-ProvVm was able to remove the VM!

 

The SQL query to find any info related to the VM names or SIDs now returns nothing!

 

I then attempted to re-create the require VDAs and it worked!

 

Thank you for the steer towards the PowerShell commands, I don't know why I didn't find them myself, or why Citrix 'support' didn't know to use them, rather than trying to get me to delete data directly from SQL tables!

Hi Chris

 

Just wanted to let you know, because I had trouble figuring this out myself, that whenever a Citrix command returns a property "FailedAccounts" or "FailedVirtualMachines" or anything of that kind, to view the error you need to expand that property array. Store the Task into a variable and then call it using $variable.FailedAccounts and there it will tell you the error for each value in that property array.

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...