David Ray
-
Posts
19 -
Joined
-
Last visited
-
Days Won
1
Content Type
Forums
Articles
Labs
Videos
TechZone
Citrix Community Articles
Events
Profiles
Posts posted by David Ray
-
-
Hi folks,
I am having trouble with my App Layering Appliance. Have failed to find any mention of this issue here or elsewhere on the internet. On the appliance under System/Management and Storage both the Layering service and the Management service status say "Needs attention" with an orange exclamation triangle. The "running since" on the layering service says 6/30/2025. The "running since" on the Management service says 11/17/2023, which corresponds to the last time I booted the appliance. Yes, I have tried rebooting it several times.
The Storage (on the Monitoring and Storage page) shows 308gb free. Even so I have attempted to expand the storage. I add some new free space on the disk on the VM but it never shows available when I click Expand storage. I suspect whatever is cause the Management service to "need attention" probably keeps it from recognizing and offering new space.
This would all just be puzzling and annoying except after the appliance is in this state for a while then then Image Publishing tasks stop working. They sit in state "Pending" forever with a status saying the task will start when more resources are available.
I have had a case open with Citrix Support for four days. There do not seem to be any support articles that apply very specifically and none of the suggestion in the ones we tried have had any effect. Waiting hopefully for some escalation engineer to have a better idea.
Does anyone have experience or suggestions that may help? Have not been able to publish new images for more than a week now.
We are running ELM version 23.4.0.1007. I'd be happy to try upgrading to 23.09 but any attempt fails before really starting. Probably for the same core reason behind the problem.
Thanks,
David -
Thanks for highlighting CTX297294. Fixed a problem I have long struggled with.
/David
-
Thanks. I was somewhat afraid that might be the case (user layers only). This would be so helpful if it worked for application layers while they were being composited. It would help clean up the various versions of Edge that got infected (that is how it feels) into quite a few app layers before I learned to disable the update services and scheduled tasks in the OS layer.
Thanks,
David-
1
-
-
App Layering 2110 adds an "Advanced" feature called 'Exclude files from layers'. See documentation at Citrix App Layering Documentation - Exclude Folders Files from Layers. The documentation not withstanding, I cannot seem to get this to do anything. Probably I am not understanding how to set it up or what to expect it to do.
It seems like this would be great for when you get a layer tatooed with something unwanted, like, maybe, an Edge update. Deleting it is not an option since the deletion would effectively delete Edge (in this example) from the image (unless it was added again in another layer with higher priority (yes, this mess has happened to me)).
But in all my simple tests so far this feature, too "Advanced" for me it seems, does nothing. It does not even enter anything into the logs mentioned in the docs. BTW, yes, I have updated my appliance to 2110.
My basic test is this: I found a simple txt file in my OS Layer. I made a new App Layer and then edited that text file. I added the exclusion list as described in the document excluding this txt file. I then published an image with just the OS Layer and this new App Layer. Not even a Platform layer... I just made it into a VM and ran it on the hypervisor and used the console.
I expected to see the original txt file from the OS Layer since, theoretically, the one in the App Layer is excluded from being written. Or I considered that the txt file might be gone altogether. But nothing happened at all. The file was there in the image in its edited form.
So... likely I am not understanding what it is supposed to do. Or, maybe, how to configure it. Anyone else have any insight/help?
Thanks,
David -
I have noticed that I get this error (The file copy was aborted after 5 transient errors) now in 19.8 if the PVS server is out of space for the vdisks. Took me a while to figure it out because I am sure in the past I would get a more salient message saying something about PVS and space. I even think I have seen it since I have been on 19.8. But I am certain I have gotten the abort after 5 errors message because of space. Just got several this morning 'til I noticed the space problem. Freed space and then the jobs worked.
/David
-
1
-
-
Hi,
Would like to get these files but I only get XML errors when I click the links. Have tried a couple computers and browsers.
-
Well... I really hate to go on record for the whole internet to see... but it is working now. And I am not sure when it started working.
René, yeah, all those things you mentioned last I had already checked. I really think my problem was probably in getting my VDI environment switched successfully from the old Storefront stores with old 6.5 XenApp to the new Storefront stores with new FAS configured 7.x XenApps. Some configs were baked into the image, some were GPO. Hard to get them all right at the same time. I probably got it fixed at some point and didn't realize it.
Still, it's odd... I had it fixed enough to get the screenshot I attached earlier. I don't know... it's working now.
Anyway, thanks René, the fact that you understood what I was doing and could say it worked for you gave me confidence to keep plugging away at it.
See ya,
David
-
1
-
-
Yes, that works fine. If you login with a userid/password on Storefront or a different Netscaler GW then you can go into VDI then into the published apps just fine.
-
Right. That is how we have it. SAML is not setup on the SF's. SAML is handled by (delegated to) the Netcaler as you say.
-
René,
I do have that GPO set on the XenApps and the XenDesktops. But thanks. It is good to know it works for you. I likely have something goofed in my config. Knowing that it can work encourages me to keep hunting.
/David
-
Apparently I am not doing a good job of explaining. There are no visible errors. The applications work fine if you run them directly from Storefront. What I am doing is publishing the applications to a XenDesktop desktop.
My users use XenDesktop desktops for nearly all their work. A few users get special applications published to their Xendesktop desktop from XenApp. This works fine using the normal logon methods (Userid/Password to Storefront/Netscaler Gateway).
The breakdown is when when the users login using federated authentication. In our case we are using a service with Netscaler to provide Multi-factor authentication. The Netscaler using SAML and the Citrix Federated Authentication Service (FAS) to authenticate to the Xendesktop desktop. So far so good... this works.
But then when the user attempts to access the published app (or sooner if I have pre-launch enabled) they just get the Windows Server 2008 R2 (our XenApp server OS) logon dialog because Receiver has (apparently) failed to pass-through the authentication. (Screenshot attached.)
Maybe I am the only person to ever try this. My coworker spent hours with Citrix Support and got basically no where (although he may have been worse at explaining than I have been).
It is unclear to me if this can never work and I am wasting my time or if it just something with my environment that if I could fix would then work.
-
Sorry to be so slow to respond... I went on vacation and tuned all this out for a while. I did try that (enabling InSession Certs). It does not help. And that stands to reason I think. Receiver pass through auth probably doesn't know anything about Smart Card certificate authentication.
/David
-
We are using SAML with an external identity provider through Netscaler and Storefront using FAS to our published desktops in Xendesktop. This is working pretty well.
Within the published desktop (pooled, random, provisioned by PVS) we have Receiver installed with SSO/Pass-through for access to a few published applications that are not in our image for one reason or another.
The scenario works fine when you login the normal way... userid and password at Storefront or Netscaler.
But when going in via SAML the Storefront logs into the pub desktop VDA with a SmartCard Cert provided by FAS. This works fine... except for Receiver and the published apps. Receiver obviously has nothing to pass on to the XenApp VDA to logon. When you try you get a server 2008 console screen in a window. You can click Switch User and logon... although the application does not actually start. I have configured Storefront to allow SmartCard authentication but that does not fix it.
I have tried latest versions of Storefront (3.9) and Receiver (4.8). VDAs are 7.13.
Anyone know if it is possible for this to work and if so how?
I made a nice(ish) ascii diagram I was going to paste here but you cannot choose a monospaced font so it looks bad. Here is a link to the ascii diagram if you are interested. Also attached it in a text file if you are leary about clicking on links (reasonable).
Thanks,
David
Layering Service and Management service "Needs Attention"
in App Layering
Posted
I've tried to think about that but cannot correlate the start of this issue to anything noteworthy happening on the appliance or our environment. It is not even super clear when this (the "needs attention" thing) started. The symptom that brought us to a halt started a week ago. Any image publish task sits in Pending. I have not tried a Layer task.
I did restore the appliance to date earlier in the month... a date chosen to be before the problematic Pending tasks but after most or all Layer updates (hoping not to lose layer work). That is the appliance I am working with now. The Monitoring and Storage info is the same on both (other than the running since date on the Management service).
I last updated the appliance (to 23.4) on June 6th this year. Starting in late October I did get a few of the notification emails from ELM mentioning High swap memory usage with both the Management service and the Layering Service. Not a lot of mails.. 1 a couple weeks. 2 a couple weeks. There was one of those emails on the day the tasks went stuck in Pending status.