Having to wait for an application or desktop to initialize due to a slow logon process is very frustrating for users and admins alike. It’s a key indicator for environment health and has a lot of weight in how users perceive service levels and their IT department’s capabilities. It can also impact staff productivity, cost to the business and the mental health of the helpdesk team dealing with a disgruntled user base. Modern deployments which are correctly tuned and sized can experience logons as quick as 5 ~ seconds but most businesses don’t have such sophisticated environments in place. When logon times are over 30 seconds (and sometimes much worse!) there are a plethora of areas and sub components than can cause or contribute to a poor logon experience;
- Infrastructure contention (Network, Storage, Compute)
- Group Policy configuration / structure
- Profile server
- Profile management solution
- Configuration (what’s being synchronized / excluded etc)
I’m fascinated with the mechanics of the logon process and enjoy the hunt in identifying the root cause of poor logon times. This is, arguably, a healthy obsession in my area of expertise before you go judging ? This nicely brings me to the point of the blog… I spent a fair bit of my time last month planning and performing upgrades for our clients running Citrix as part of our CR (Current Release) managed services. Most of which were coming from Xenapp 7.18 to Virtual Apps and Desktops 1811. Whilst reviewing the bug fixes, features and improvements there was one that specifically caught my eye, ‘Logon Performance Drilldown’. This new feature, which provides deeper insight of the logon process, dropped in Virtual Apps and Desktops 1808 towards the end of last year.
Before going any deeper, I’d like to provide a quick recap on the logon process phases:
Brokering
Time taken to decide which desktop to assign to the user.
VM Start
If the session required a machine start, this is the time taken to start the virtual machine.
HDX Connection
Time taken to complete the steps required in setting up the HDX connection from the client to the virtual machine.
Authentication
Time taken to complete authentication to the remote session.
GPO’s
This is the time taken to apply group policy objects during logon.
Login Scripts
If logon scripts are configured for the session, this is the time taken for the logon scripts to be executed.
Profile Load
This is the time taken for the profile to load.
Interactive Session
This is the time taken to “hand off” keyboard and mouse control to the user after the user profile has been loaded.
This ‘quick recap’ is high level, if you would like to get into the weeds a little further on the process and understand how login ties can be improved within a Citrix deployment I can direct you to one of Insentra’s friends and Citrix CTP, James Rankin’s writings:
https://james-rankin.com/articles/how-to-get-the-fastest-possible-citrix-logon-times
Feature Overview
The Drilldown feature enables us to unpack additional detail two key logon phases;
From Citrix Director, select an existing session then go to ‘Details’. From the Logon Duration module, you will be presented with a breakdown of the logon process. By hovering over GPO’s ‘Current Session’ bar (Blue) you see the ‘Detailed Drilldown’ option:
You are then presented with a granular breakdown of each GPO, how long it took to process and if it was successful or not. This is excellent for quickly identifying problematic GPO’s or issues with the structure:
To dig into the ‘Profile Load’ phase, follow the same process as above choosing ‘Detailed Drilldown’:
In addition to the Profile Load time, the drill-down provides detail on the number of files in the user profile, the profile size and any files larger than 50MB. A nice breakdown of the folder and file count is also shown. This helps quickly identify profile bloat issues and which directories/files are problematic:
NOTE: The logon time for a session is typically higher than the summed values of the logon phases. Any discrepancy in the total time is due to the communication and processing between the VDA’s and the remote systems such as Active Directory and the profile server. The following screenshot is from a lab environment in which WanEm was introduced to increase bandwidth and latency between the VDA and Active Directory and the profile server:
In this example, it took 27 seconds (Logon Duration minus the sum of the Logon phases) to to contact Active Directory and the profile server and download the required policies and files. I believe this should be highlighted because of all of the Logon phases are within a reasonable time but the overall logon duration is slow it would point to a network or communication issue.
Setup and Pre-requisites
In order to leverage this feature, you have to be on the CR (Current Release) servicing option. If you are on LTSR (Long Term Service Release) you can’t get it for now, however, it may make its way into the next CU (Cumulative Update).
If you are unfamiliar with these terms there’s some nice, light reading explaining the service branches and the pros & cons here:
And here:
https://www.citrix.com/blogs/2019/01/15/ltsr-vs-cr-the-current-debate/
Ok, the steps required:
- Install Citrix User Profile Manager and Citrix User Profile Manager WMI Plugin on the VDA.
- Ensure that the Citrix Profile Management Service is running.
- For XenApp and XenDesktop Sites 7.15 and earlier, disable the GPO setting, Do not process the legacy run list.
- Audit process tracking must be enabled for Interactive Session drilldown.
- For GPO drilldown, increase the size of Group Policy operational logs.
NOTE: The only step that caused me a little confusion in the above pre-requisites which I’ll callout is the UPM WMI Plugin install. This will only show in add/remove programs if the VDA install was customised. If it was a standard install then it’s bundled under ‘Citrix Profile Manager’. You can run the following Powershell command on a VDA to confirm if it exists, or not:
Get-ItemProperty HKLM:SoftwareMicrosoftWindowsCurrentVersionUninstall* | where {$_.Publisher -Like “*Citrix*”} | Select-Object DisplayName,Publisher,DisplayVersion | Sort-Object DisplayName
The UPM WMI plugin (UpmVDAPlugin.msi) can be found in ‘Virtual Desktop Components’ on the install media should it be required.
If your deployment is on the CR (Current Release) servicing option, then I’d recommend you get this feature going. I’ve had a great success with it, and it’s enabled me to identity some issues that were easily addressed -resulting in user experience and logon time improvements. For those that have additional tooling for this type of insight, it’s still very much worthwhile as it will provide an additional layer of confirmation in the findings.
