Load balancing Citrix Workspace Environment Manager

By | October 11, 2016

So over the last few days, I’ve had several people ask me for assistance load balancing Norskale VUEM / Citrix Workspace Environment Manager.

So after conferring with Hal Lange of TCC to make sure I had my info right, its time to get this out there.

WEM is a pretty straight forward architecture, there is the SQL Database and then the Broker that the agents communicate with.

Licenæ Server Broke r SQL Databwe

We just need it to look more like this picture:

WEM LB

So the first order of business is that if you are going to load balance WEM you absolutely need to setup a SPN.

The installation instructions reference it, but for those who need it again.

setspn -U -S Norskale/BrokerService [accountname]

PS c:\users\administrator . LAB> setspn -U -S Norska1e/Brokerservice svc_CTXWEM Checking domain DC—I ab Registering serviceprincipa1Names for CN=ctx WEM, Norska1e/Brokerservice updated object PS C: users\administrator . LAB>

I can’t stress enough that this needs to be done this way for windows authentication, go reconfigure your service properly before proceeding if you need to!

Once you have your SPN go configure your broker servers identically with the Broker Service Configuration.

During the configuration, you have a network settings page that shows you all the ports we are going to need for this.

Conigcraton Manag±ment Load Con hourabcn Da-.sbsse Save Con figuration ancedS Admin arcker Port: Monituing aroker Port: Cirix Workspace Env Manger 4.0 Configuration Management Load Configuration Database Settings Save Con figura bon Net,Nork Settngs Admin Broker Port: Agent Broker Port: Agent Sync Broker Port: VUEM 3.5

Notice the new port for 4.0, as of now it doesn’t appear implemented but I imagine in future releases we’ll have to add this to the load balancer as well.

 

So two comments about the ports, first they are all TCP.  Secondly, there is a listing for the Monitoring Broker port, that functionality can be ignored for now. As you can see in the netstat below, there is no listener currently.

Netstat -ano or netstat -a -n -o if you prefer my bad habits.

PS natstät -a ctive Connections o.o.o.o:5985 o.o.o.o:8285 172.22. 172.22. 172.22. 172.22.22.36:28399 172.22. 172.22.22.36:28401 172.22. 172.22.22.36:28476 172.22. 172.22.22.36:28481 Proto Local Addr ess For eign Addr ess o.o.o.o:135 o. 0.0. o. 0.0. o.o.o.o:3389 o.o.o.o:8284 o.o.o.o:8286 o.o.o.o:8287 o. 0.0.0:49152 o. 0.0.0:49153 o.o.o.o:49154 o. 0.0.0:49155 o. 0.0.0:49157 o. 0.0.0:49176 o.o.o.o:64904 0 : 445 o: 47001 o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o o.o.o.o:o 172.22.22.36:28445 17. 17. 17. 17. 17. 17. 42 :139 42 :3389 42 : 8286 42 : 8286 42 : 8286 42 : 8286 Stat e LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING LISTENING ESTA8LISHED ESTA8LISHED ESTA8LISHED ESTA8LISHED ESTA8LISHED PID 576 1608 1052 1052 1052 1052 468 468 1608 1052 1052 1052 1052

You’ll see that it’s listening on 8284-8286 and all TCP, but nothing on 8287.

For those Curious, here is some information on the ports:

Admin Broker Port: this port is used by the Administration Console to connect to the Citrix Workspace Environment Management Infrastructure Services.

Agent Broker Port: this port is used by your Citrix Workspace Environment Management Agent Hosts to connect to the Citrix Workspace Environment Management Infrastructure Services.

Agent Sync Broker Port: this port is used by the Citrix Workspace Environment Management Agent Host service to synchronize its cache with the Citrix Workspace Environment Management Infrastructure Services.

Now last bit is if you check there is also a firewall rule created by the installer showing the ports you want.

Norskale Infrastructure Properties Programs and Services Remote Computers Protocols and Ports Scope Advanced local Principals Remote users Protocols and ports Protocol type Protocol number local port Remote port Specific Ports 8284 8285. 8286 Example 80. 443. 5000-5010 Al Ports Example 80. 443. 5000-5010 Intemet Control Message Protocol (ICMP) settings Customiza„ Bopfy

Now that we have our prep work done we can get with the actual load balancing

Add your servers into Traffic Management -> Load balancing -> Servers

o XD7-WEM01 XD7-WEM02 ENABLED ENABLED 172.221742 172.221743

Now we can do this two ways.

One option is that we could just configure a Service Group & VIP for any protocol and any Port.

For those that prefer that feel free, I am going to show doing one for each port.

The Broker is stateless so no need to set persistence either.

For those that prefer the CLI here you go:

add server XD7-WEM01 172.22.17.42

add server XD7-WEM02 172.22.17.43

add serviceGroup XD7-WEM-BrokerAdmin TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO

add serviceGroup XD7-WEM-AgentBroker TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO

add serviceGroup XD7-WEM-AgentSync TCP -maxClient 0 -maxReq 0 -cip DISABLED -usip NO -useproxyport YES -cltTimeout 9000 -svrTimeout 9000 -CKA NO -TCPB NO -CMP NO

add lb vserver XD-WEM-BrokerAdmin TCP 172.22.25.114 8284 -persistenceType NONE -cltTimeout 9000

add lb vserver XD-WEM-AgentBroker TCP 172.22.25.114 8286 -persistenceType NONE -cltTimeout 9000

add lb vserver XD-WEM-AgentSync TCP 172.22.25.114 8285 -persistenceType NONE -cltTimeout 9000

Create the service group as shown in the below screenshot.
Load Balancing Service Group Basic Settings Name* XD7-WEM-BrokerAdmin Protocol* Traffic Domain Cache Type* SERVER AutoScale Mode D Cacheable State €1 Health Monitoring €1 AppFlow Logging Monitoring Connection Close Bit NONE Number of Active Connections Cancel
Add your members.
Create Service Group Member O IP Based @ Server Based Select Server* X07-WEM01,XD7-WEM02 Port* 8284 Weight Server Id Hash Id State Close
For now I am just using the TCP monitor, I imagine soon we’ll get better guidance on how to monitor the service.
Monitors Unbind Edit Binding Add Binding Monitor Name Edit Monitor weight State
Final view.
Load Balancing Service Group Basic Settings Name Protocol Effective State Traffic Domain XD7-WEM- TCP ENABLED BrokerAdmin Cache Type Cacheable Health Monitoring AppFlow Logging Monitoring Connection Close Bit Number ot Active Connections SERVER ENABLED NONE DISABLED Service Group Members 2 Service Group Members Thresholds & Timeouts Maximum Bandwidth (Kbps) Monitor Threshold Max Requests Max Clients Monitors 1 Service Group to Monitor Binding Done AutoScale Mode Client Idle Time-out Server Idle Time-out 9000 9000

Now recreate this for the Agent Broker port (8286) and Agent Sync (8285) Ports.

XD7-WEM-BrokerAdmin XD7-WEM-Agentaroker XD7-WEM-Agentsync SENA8LED SENA8LED SENA8LED

Now create 3 load balanced VIPs one for each port on the same IP.

Load Balancing Virtual Server Basic Settings Create a virtual server by specifying a name, an IP address, a port, and a IP (VIP) address is a public IP address. If the application is accessible only a private (ICANN non-routable) IP address. You can configure multiple virtual servers to receive client requests, there Name* XD-WEM -BrokerAdmin Protocol* IP Address Type* IP Address IP Address* 172 . 22 8284 More Cancel 25 114
Load Balancing Virtual Server ServiceGroup Binding Add Binding Unbind Edit Service Group Members o Service Group Name X07-WEM-8rokerAdmin
Load Balancing Virtual Server Load Balancing Virtual Server Export as a Template Basic Settings Name Protocol IP Address Traffic Domain xo-WEM-BrokerAdmin TCP 172.22.25.114 8284 Listen Priority Listen Policy Expression Range Redirection Mode RHI State AppFlow Logging Priority Queuing Sure Connect Down State Flush Layer Parameters NONE PASSIVE ENABLED Services and Service Groups No Load Balancing Virtual Server Service Binding 1 Load Balancing Virtual Server ServiceGroup Binding Traffic Settings Health Threshold Client Idle Time-out Minimum Autoscale Members Maximum Autoscale Members ICMP Virtual Server Response Done 9000 PASSIVE OFF OFF ENABLED OFF

You can leave Method & Persistence as defaults since this is not stateful data.

Now create the other two LBVIP’s for the other two ports

o o o XD-WEM-BrokerAdmin XD-WEM-AgentBroker XD-WEM-Agentsync 172.22.25.114 172.22.25.114 172.22.25.114 8284 8286 8285 TCP TCP TCP

Once complete we’ll need to update your GPO pushing out the Broker Config to your agents.
Connection Broker Name Comment: C) Not Configured @ Enabled C) Disabled Su pported on: Options: Broker Setvice Name : wem.lab.revord.net Connection Broker Name Previous Settin At least Microsoft Windows XP Help: Tells the Agent to connect t

Add in your DNS name for your shiny new vip.

Once the GPO is updated and you refresh computer policy you can force an agent check in by right-clicking on the status bar icon and selecting refresh.

Capture Screen Manage Applications Manage Printers Refresh Help About
Refresh Con firmat'on All environment settings will be refreshed Do •pu want to proceed?
ciTR!X Workspace Environment Management Please wait Processing ademal taske

Once yous see this screen you know its checked in.

One of the logs you can check to validate everything is working is in %userprofile%\Norskale Vuem Agent.log

There is also a Citrix WEM Agent Init.log in the same path

8:35:03 AM Event -> MainController.InitAgentLog() : Init Log finished. Now Switching to Main Log…

8:35:03 AM Event -> MainController.ProcessAgentInitOperations() : Broker Service Name -> wem.lab.revord.net

8:35:03 AM Event -> MainController.ProcessAgentInitOperations() : Broker Service Port -> 8286

8:35:03 AM Event -> MainController.ProcessAgentInitOperations() : EnableAgentLogging -> True

8:35:03 AM Event -> MainController.ProcessAgentInitOperations() : AgentLogFile -> %USERPROFILE%\Norskale Vuem Agent.log

Shows that we have hit the server, you can browse the log for any errors but at this point you should be good.

Again I’d like to thank Hal Lange (@Hal_Lange) for his assistance with this post.

Additional TIP:

Here is the FAQ for logs for VUEM  Agent from Norskales site.

From: https://norskale.zendesk.com/hc/en-us/articles/209686486-VUEM-error-logging

Alex Norris

June 24, 2016 04:39

By default, all of VUEM’s components will log what they do to their own logs, and in some cases to Windows Event Viewer logs. This KB article covers where to find the logs for the various VUEM components.

Norskale VUEM Agent

The Agent will always create three logs, with a fourth log created only if the Agent service is in debug mode. By default, the logs are created in non-verbose mode. To enable verbose logging (debug mode), go to Advanced Settings > Agent Options in the Administration Console and tick the “Debug Mode” checkbox (Advanced Settings > Service Options for the Norskale Agent Host Service). This is a site-wide setting and will apply to every Agent/Service connected to the site for which you enabled debug mode.

Norskale VUEM Agent Init.log

This is the initialisation log for  the Agent, which will log the Agent starting up. If the Agent fails to start up, this log will likely contain the relevant error message. This log is created in the root of the current user’s Users folder. Errors in this log are listed as Exceptions.

Norskale VUEM Agent.log

This is the main Agent log, which will list what instructions the Agent is processing. If one of the actions assigned to the current user is not showing, this log will likely contain the relevant error message. This log is created in the root of the current user’s Users folder. Errors in this log are listed as Exceptions.

Norskale Agent Service log (Event Viewer)

This event viewer log contains events pertaining directly to the Agent service (cached settings refresh and connection events). This log is under the Applications and Services Logs category in Event Viewer.

Norskale Agent Host Service Debug.log

When debug mode is enabled for the service, the Agent service will create a new log file in verbose mode in the Agent install directory with the name “Norskale Agent Host Service Debug.log.”

Norskale Administration Console

The Administration Console only creates one log file.

Norskale Administration Console Trace.log

This is the main log for the Administration Console; it is only created if the admin console is in debug mode, and will only logs exceptions. If the Administration Console is erroring out, this log will likely contain the cause of the error. This log is created in the root of the current user’s Users folder. To enable verbose logging (debug mode), go to the About tab in the ribbon > Local Options and tick the “Enable Debug Mode” checkbox.

Norskale Broker Service

The Broker Service creates only one log  file by default but will create a second if verbose logging is enabled.

Norskale Broker Service (Event Viewer)

This event viewer log is where the Broker Service will log all errors when not in debug mode. This log is under the Applications and Services Logs category in Event Viewer. To enable debug mode, run the Broker Service Configuration utility and select “Enable Debug Mode” under the Advanced Settings tab.

Norskale Broker Service Debug.log

This log is created in the Broker Service install directory when verbose logging is enabled. To enable verbose logging for the Broker Service, go to the Advanced Settings tab in the Broker Service Configuration utility and tick the “Enable Debug Mode” checkbox. This will log all events, and errors are logged as Exceptions.

Norskale Database Management utility

The Database Management utility only creates one log file.

Norskale Database Management Utility Debug Log.log

This log is created whenever the Database Management utility attempts a database creation or upgrade, and logs all errors pertaining to those operations. This log is created in the Norskale Infrastructure service’s install directory.

Agent Debug Mode Local Override

In cases where the agent cannot connect to the broker, toggling debug mode on in the admin console will not work, as the agent will not be able to connect to retrieve the updated settings. To set debug mode as a local override, open RegEdit and browse to the following registry key:

HKLM\System\CurrentControlSet\Control\Norskale\Agent Host

To force debug mode on for the agent, set AgentDebugModeLocalOverride to 1, close the agent and re-launch it manually. To force debug mode on for the agent service, set AgentServiceDebugModeLocalOverride to 1, then restart the agent service.

From <https://norskale.zendesk.com/hc/en-us/articles/209686486-VUEM-error-logging>

Leave a Reply

Your email address will not be published. Required fields are marked *