It really doesn’t matter if you are using physical workstations or virtual desktops delivered from a secure datacentre or from a public cloud datacentre. User experience is king; and logon performance is one of the key metrics used for measuring and understanding the user experience.
From the 2018 Migration Survey conducted by eG Innovations earlier in the year, 59% of 795 Citrix professionals voted that slow logons were the number one problem for them. This was voted higher than all other problems such as printing problems, frozen sessions, slow application launches and so on. This is definitely a topic that is of great interest to the Citrix community
Stats from the 2018 Citrix Migration Survey
Recently, I joined forces with eG Innovations to deliver a webinar on the topic “How to Make Citrix Logons Faster: Best Practices for Logon Time Optimization”. The webinar had a great turnout with over 850 Citrix professionals registering for it. Such a massive gathering is a clear indication that this is a hot and very important topic for all Citrix administrators today.
The content of the webinar was focused on two themes:
- How to optimize Citrix and the supporting infrastructure to reduce Citrix logon times, delivered by me:
- Windows optimizations: auto-logons, image optimizations, avoiding logon scripts, keeping Group Policy at a minimum, avoiding too many network drives and printers, etc.
- Infrastructure optimizations: hypervisor, storage, Active Directory, and anti-virus recommendations.
- Citrix optimizations: session pre-launch, brokering, PVS/MCS caching, App Layering, user profile management, WEM, etc.
- How to proactively monitor Citrix logon performance and diagnose the cause of logon slowness: is slowness due to GPO processing, logon script execution, large user profiles, WEM processing etc.?
WATCH THE RECORDED WEBINAR HERE >>
During the webinar around 30 questions were asked by the audience. Given that we had no time to answer them all live, I wanted to take this opportunity to answer them here.
Questions and Answers for Citrix Logon Optimization Best Practices
Windows Optimization
1. You recommended using Sysinternals to configure autologon. Will that be considered a security boundary? | It is always best to consult with your own security teams before using Autologon in your environment. Passwords are securely encrypted though. |
2. Does Autologon consume a XenApp/XenDesktop License | No. |
3. Any recommendation when using App-V? I know it does not do an awful lot in the login process but just wondering. | Shared Content Store is recommended. Your VDAs will likely reside in the same datacentres as your App-V infrastructure, so fast connections between the two are already there.
Using SCS, the packages stream to the OS rather than caching (which would have more of a hit on each VDA, especially during logon storms such as in the morning) |
4. You recommended some image optimization best practices. Can I get more image optimization links from jgspiers.com? | Windows Server 2016 Optimization Script:
https://jgspiers.com/windows-server-2016-optimisation-script/ Windows Server 2012 R2 Optimization Script: http://www.jgspiers.com/windows-server-2012-r2-optimisation-script/ |
5. What do you think about deploying network location/shortcuts to shares instead of mapping network drives? | If applications reference drive letters, you may have a problem if opting to use network location shortcuts. I know some applications reference data from Z: for example.
Otherwise, it is certainly possible and a good alternative. |
Citrix Optimization
6. What size range should the Citrix profile ideally be? | The smaller the profile the better. I personally like the profile to remain under 250-300MB and that is quite achievable in many respects.
However, with many organisations opting to cache OST files as they move to Office 365, that size could be easily pushed to 500-600MB if the OST (1-month cache) is stored along with the profile. |
7. We have profile streaming enabled, will profile size have any impact on user logon? | Profile Streaming caches the registry HKCU hive initially, then fetches files from your profile only as you need them. It is a feature used specifically to avoid long logon times during cases where you have a large profile. What I would point out though is that you should still make every effort to reduce your profile size, rather than not taking as much care since Profile Streaming is enabled. |
8. How would you handle profile size that gets larger day to day due to browser surfing and resulting in huge caches? | Citrix Profile Management has improved how it processes cookies since v5.8. You can use the “Process Internet cookie files on logoff” policy setting to delete stale cookies, preventing the cookie folder from becoming unreasonably large. Also add the following folders to the “folders to mirror” policy:
AppData\Local\Microsoft\Windows\INetCookies AppData\Local\Microsoft\Windows\WebCache AppData\Roaming\Microsoft\Windows\Cookies If you find large folders or files existing in user’s profiles that are not needed in the profile, you can use “Logon exclusion check” to either not synchronise them down to the VDA or delete them from the profile store completely. |
9. If you are using UPM, folder redirection, exclusion files, synchronizing files and folder, should you also enable profile streaming? | There is no right or wrong answer. You may find Profile Streaming has little difference because your profiles are already very small due to folder redirection, file exclusion and so on. Personally, though if I can use Profile Streaming then I will regardless of profile size. |
10. Our Windows 10 (LTSB) Master Image is fully optimized, FSLogix Profile Containers and O365 Containers, WEM Implemented (no GPOs, bare registry entries, printer mapped with WEM), 2x vCPU, 8GB RAM, 10G Network, Pure Flash Storage, the logon time by using a stop watch takes about 30 secs. Does it sound good enough to you? | 30 seconds or lower is the golden number however I’d be inclined to try and reduce it below than 30 seconds. Not sure about you, but I start my stopwatch right on clicking to launch a desktop and stopping it as soon as I see the desktop wallpaper. |
11. We’re using Wyse 3040 thin-clients with 2G RAM and 8G Flash. Can we still set Write-Cache to write to PVS RAM then HDD? | Write-Cache is actually configured against the Target Device (VDA) which receives a stream from PVS, not your Thin Client.
Any writes made to a VDA is first directed to RAM on the VDA, HDD is used as a backup if the RAM cache becomes full. You can read more: http://www.jgspiers.com/citrix-provisioning-services/ |
12. For PVS cache in device ram with overflow to local disk what do you recommend for the ram cache size? | 256MB-512MB for Desktop OS and 2-4GB for Server OS. The more the better. |
13. PVS Cache to ram (I guess no blocksize in ram so more efficient than disk) but what sizing? 512mb? 1gb? is there a point where it’s too big? when it fails over to disk – is the disk a static size or can it grow to accommodate the cache growth? and what if the disk cache fills? the desktop VDI would bluescreen? | The more RAM you assign the less chance you have writes going to disk, which is of course a good thing. I know customers with so much RAM that they happily assign it to RAM cache. However, the general rule of thumb is 256-512MB for Desktop OS and 2-4GB for Server OS.
The write cache disk is a fixed size, so you are asked to specify the size during the XenDesktop Setup Wizard for example. If the disk fills, the VM likely will freeze if some critical writes cannot be made. In the past for me using Server OS with 2GB RAM cache and 10-15GB HDD has been sufficient. Mileage varies however based on customer, what is on the image (applications etc.), OS used, # concurrent users and so on. |
14. Are you referring to Citrix Optimizer for image optimization? How can it help? | The Citrix Optimizer is a PowerShell based tool which you can use to disable services, disable scheduled tasks and tweak other parts of the OS. |
15. We ran the Citrix Optimizer on a Windows 10 1709 VDA and the logon times increased from 35 to 65 seconds. Is there a known issue with Windows 10? | Not that I am aware of. You can run through it again and check for the results. Let me know if it is still an issue. |
16. Do you have any suggestions or best practices on what to include in roaming profiles, what to exclude and what to redirect? | I redirect everything apart from AppData.
I like to use Citrix Profile Management for the roaming of AppData as it includes roaming of AppData\Local. You should start off with excluding this folder but then include specific folders within AppData\Local IF needed. Unfortunately, some applications do write to AppData\Local so there may be times when you have to roam parts of that directory. Citrix also has a list of default exclusion folders and registry entries which can be excluded via GPO. Look for these policy settings either in Studio or via GPO/ADMX:
|
17. With roaming profile option how can we improve login speed? | If you are using Microsoft Roaming Profiles, just make sure you redirect as much as possible. I only like to roam the AppData folder. Also make sure your profiles reside on SMB3 shares that are highly available and have good connectivity to each VDA (no latent WAN connections). Citrix Profile Management has some additional features to improve logon speed that you may want to evaluate: http://www.jgspiers.com/citrix-profile-management-overview/ |
18. Will upgrading XenApp infra site e.g. 7.6 to 7.15 LTSR give a boost in performance to end user experience? | The short answer is yes of course.
Features such as selective H.264 and Adaptive Transport will boost user experience. Bandwidth utilisation is reduced. Brokering is also improved in 7.15 as described in the webinar. Through some Citrix testing over a 90ms link DDCs could broker 10k connections in 13min versus 44min in versions prior to 7.11. Citrix Profile Management also has a number of new features to help reduce logon times such as Logon exclusion check. |
19. Is the Workspace Environment Management part of licensing to XenDesktop 7.x? | You must have XenApp or XenDesktop Enterprise or above with Customer Success Services. |
20. When User Profile Management is configured via WEM, user profile logins are still slow! Unless I’m missing something? | It takes more than Profile Management to curb logon times. Optimisation of an OS image, reduction of GPOs and so on (which is how WEM helps) reduce the times overall. |
21. Can Citrix Workspace Environment Management (WEM)be integrated into the cloud? | WEM Service via Citrix Cloud is coming soon. |
22. Any optimizations for logging on with smart cards? | Fast Smart Card was released in XenApp & XenDesktop 7.18. This feature improves performance when smart cards are used in high-latency WAN scenarios. |
23. Can I make use of Citrix Profile Management features without upgrading my site? | Yes, there is an MSI with all versions of CPM that you can run to upgrade Profile Management on your VDAs. |
24. When performing optimizations on an App Layering image, if I create an Adobe layer and want to disable an update scheduled task that Adobe creates, do I do this on the Platform layer or application layer? | The application layers. The same applies to applications such as Office which creates telemetry scheduled tasks that can be disabled within the Office application layer itself. |
20. What exactly is the “Interactive Sessions” timer in director? | Have a look here which explains it: https://jgspiers.com/citrix-director-reduce-logon-times/#What-Is-Interactive-Session |
21. “With WEM”, CORRECTION, when UPM is configured via WEM, user profile logins are still slow! Unless I’m missing something? | It takes more than Profile Management to curb logon times. Optimisation of an OS image, reduction of GPOs and so on (which is how WEM helps) reduce the times overall. |
22. Any optimizations for logging on with smart cards? | Fast Smart Card was released in XenApp & XenDesktop 7.18. This feature improves performance when smart cards are used in high-latency WAN scenarios. |
Questions and Answers to Citrix Logon Monitoring Best Practices
25. How is the total logon time in Citrix Director calculated?
I’ve an example of a user who takes 352 seconds (that is no typo!) to logon, but the values provided by director only calculated up to 54.844 seconds. Why is logon time reported by Director lesser than what the user sees in reality? |
Citrix Director only reports logon time from brokering to interactive session measured from the Delivery Controller. It does not provide details into GPO processing, for example.
Third-party Citrix monitoring tools may be able to help you with detailed logon time breakdowns. For example, eG Enterprise from eG Innovations doesn’t just rely on Citrix Director data. It also collects logon metrics from within XenApp servers and XenDesktop VMs using WMI and other instrumentations. So, it can report which GPOs are slowing down logon for example. For additional details, refer to https://www.eginnovations.com/solutions/citrix/logon-monitoring. With third-party Citrix monitoring tools, you should be able to get more visibility into your issue and see what is causing logon slowness for your end user. |
26. What exactly is the “Interactive Sessions” timer in Director? | It is the time taken to handoff keyboard and mouse control to the user after the profile of the user is loaded for a session.
Have a look here which explains it: https://jgspiers.com/citrix-director-reduce-logon-times/#What-Is-Interactive-Session |
27. Most of the login time is stuck at “Connecting” state. What could be the reason behind this? | What does Director report when you look at logon times for a particular user? Does any metric stand out?
Make sure you are using the latest version of Receiver and check you DDCs/StoreFront servers for any Event Log errors or warnings. |
28. For unregistered desktops, Studio is a little misleading sometimes, as machines powered off will show as unregistered. Is there any other monitor that tracks this accurately? | All third-party Citrix monitoring tools leverage the APIs exposed by Citrix to show this data. What is available in Studio will also be reported by most other tools. Make sure you are on the latest versions of Citrix products as there have been many bug fixes in the latest release. |
29. Can you give examples of third-party software that automatically registers unregistered VDA? | Third-party software such as eG Enterprise and ControlUp can apply automated actions to VDAs that remain in an unregistered state. For example, they could attempt a restart of the Citrix Desktop Service and if that does not fix the registration issue or if the desktop has hung, force restart/reset the VM. |
30. I have seen individual logins showing extreme slow logins from time to time which increases the average login time. Is there an easy way to track down the specific user? | Yes, that is a standard part of eG Enterprise. You will be able to easily see which user is connected and what their logon time is in real time. You can also report on logon trends over time using built-in reports for historical analytics. |
If you have any further questions on the topic of logons, or even if you want to let me know how some of the tips shared in this webinar had a positive effect on your logon times, please leave a comment in the comments section below.
You can watch the recording of the webinar at your convenience: https://www.eginnovations.com/webinar/how-to-make-citrix-logons-faster/
Helpful Resources:
Ray
June 19, 2018In your opinion is your 2016 optimization script better or should we run the Citrix Optimization?
George Spiers
June 19, 2018I personally use my script in deployments, but I don’t class any as being better. They are both good at what they do.
Ray
June 19, 2018Ok, thank you George. May I have the Excel spread sheet with all your optimizations?
George Spiers
June 19, 2018Sure. I have sent it!
Aaron Silber
June 22, 2018Is the spreadsheet available online for download and if not might i grab a copy as well please? Thanks!
George Spiers
June 24, 2018Just sent it to you.
Marc Farmer
June 28, 2018I´d appreciate a copy of it, too. Really interessted in the differences to the other scripts.
George Spiers
June 28, 2018Sent.
avaneesh
May 21, 2020Hi George,
Do you have any value idea, which i recommend in my working environment. we are using xenapp 7.15 LTSR
Nick Panaccio
June 28, 2018Any chance you’ve tested Windows 10 logon times? With Windows 10 (1703 or 1709), XD 7.15+, Profile Manager 7.15+, VMware OSOT (based on Login VSI’s template), Citrix Optimizer, Folder Redirection, and App Layering 4.11, I can’t get the logon time below 40ish seconds. Disabling GPOs has little, if any, effect on this testing, as well. So when I see somebody talking about 30 second logon times in W10 on XenDesktop, I’m immediately both jealous and curious.
George Spiers
June 30, 2018Hey Nick – running through a new W10 1709 build this week will let you know the logon results after performing my optimisations.
Is 40 seconds stop watch timing or is that from Director?
Nick Panaccio
July 2, 2018Awesome, thanks. This was using an online stopwatch, but Director shows similar numbers.
Nick Panaccio
July 6, 2018I must have been half asleep when I wrote my original reply, because upon checking Director again, the times don’t match up – and I think I know why. I have been using a stopwatch to calculate how long it takes for the full desktop to load, from the user clicking on the shortcut, to Skype for Business logging in.
If I break it down, I’m averaging between 45 and 55 seconds total: 8 seconds to connect to the desktop, 26 seconds later the desktop appears, and 16 seconds later Skype has loaded and the status is reflected. So basically, the desktop is presented around 34 seconds after clicking on the shortcut.
Ray
June 30, 2018This was a really great presentation George. We are looking at Egg enovations as well.
I am torn between them and control up lol
George Spiers
June 30, 2018Thanks Ray for the feedback 🙂
Ray
June 30, 2018Typo sorry
eG Innovation is what I mean
Vinod Mohan
June 30, 2018Hello Ray,
I’m Vinod, who co-presented with George at the logon webinar. I’m glad to know you liked the presentation. Thanks to George for sharing his experience with logons. Please free to contact info@eginnovations.com to know more about our solution capabilities, competitive differentiatiors and licensing. We will be happy to also give you a personalized demo and discuss your specific performance monitlring needs.
Regards
Vinod
Wout Reynaert
April 2, 2019Hi, great post, thx a lot for your hard work and sharing!
I would like to add my findings to question no 15 (concerning Windows 10 version 1709 long logon times after running optimization scripts). I had the same experience with very long logon times after I ran some optimization scripts (not sure which exactly, but some Citrix script and possibly BIS-framework script I guess).
I was able to pinpoint my problem to the Microsoft Passport service crashing directly after OS boot (not at login time of a random user, so checking eventlogs at time of logon won’t show anything related to the long logon times!). This service was crashing because of the ‘Device Association Service’ which had been disabled by one of the optimization scripts I ran. After setting the ‘Device Assiociation Service’ to manual instead of disabled, my issue was solved…
Hope this can help others out there facing the same problem 🙂
Cheers,
Wout Reynaert
George Spiers
April 5, 2019Thanks for sharing Wout.