Login PI and Xenapp Optimisation – Part 1

This post has already been read 19134 times!

There are a lot of optimising tips and best practices that can be searched for on the internet for your Citrix environments. This article will collate some of these suggestions and then I would like to get down to some tests to see the improvements that can be made. I will use a new tool called Login PI which is made by those clever people at LoginVSI. This tool can log the speed of your Xenapp connections and session initialisation.

First thing is first – I would like to thank the amazing people out there who have already tested and provided optimisations. To this end I will provide the following links and they are all worth a good read. I have no doubt more recommendations will be added to this post over time.
http://benpiper.com/2011/12/7-ways-speed-citrix-xenapp-logons/

https://support.citrix.com/article/CTX101705

https://xenappblog.com/2016/optimize-logon-times/

https://lalmohan.co.nz/2015/10/07/citrix-xenapp-long-logon-times-and-potential-fixes/

https://wilkyit.com/2017/04/28/citrix-xenapp-and-windows-server-2016-optimisation-script/

https://virtualfeller.com/2016/04/18/microsoft-windows-10-citrix-xendesktop-and-logon-time/

https://msdn.microsoft.com/en-us/library/windows/hardware/dn567648(v=vs.85).aspx

https://support.microsoft.com/en-us/help/3147099/recommended-hotfixes-and-updates-for-remote-desktop-services-in-windows-server-2012-r2

https://support.citrix.com/article/CTX142357

http://www.carlstalhood.com/citrix-profile-management/#exclusions

https://www.loginvsi.com/blog/732-windows-server-2016-performance-tuning

My Generic Recommendations to apply are taken from all the above.

Generic Recommendations

Install all the recommended Security Microsoft Patches.

https://support.microsoft.com/en-us/help/3147099/recommended-hotfixes-and-updates-for-remote-desktop-services-in-windows-server-2012-r2

https://support.citrix.com/article/CTX142357
  • Set logon time expectation with users without session pre-launch or linger and this is from the point of application click after logon. Setting expectation is paramount. Why would you expect sub 10 seconds for a logon if your normal workstation cannot achieve this?
  • Design your profiles with folder redirection (User Configuration > Policies > Windows Settings > Folder Redirection.
  • Streamline your profile and use UPM exclusions - http://www.carlstalhood.com/citrix-profile-management/#exclusions .
Check the recommended exclusions after every UPM release.
  • Do not map every printer! Use default printer only if possible.
    Start this application without waiting for printers to be created. "Set-BrokerApplication APPNAME -WaitForPrinterCreation:0"
    
    https://support.citrix.com/article/CTX218333
  • Consolidate your GPO and enable Block Policy inheritance. Fewer GPO objects the faster logon will be.
  • Use Load throttling.
  • Use latest Receiver Client.
  • Use Director to provide you with valuable insights as to what parts of the logon process are causing issues.
  • Check logon scripts. Check for old mapped drives, printers that no longer exist.
  • Check for old, stale user profiles (not deleted after logoff). Configure profiles to be deleted after logoff (This does not enhance log on but is best practice).
  • Make sure users have full permission on HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft \MSLicensing registry key.
  • Disable virtual channels not in use (client drives, audio, printing, com ports, USB redirection) in the Citrix policies.
Disable unused parts of your GPO (Computer or User).

https://technet.microsoft.com/en-us/library/cc733163(v=ws.11).aspx
  • Use Asynchronous GPO processing (This should be enabled by default). Let's the system display the Windows desktop before it finishes updating user Group Policy. Setting can be found here:
    
    Computer Configuration\Administrative Templates\System\Group Policy
Disable or prevent apps from running once shell initialises. Use msconfig or right click app in task manager\Start up and set to disable.

Use Autoruns . This tool highlights what runs when a user logs in to a Windows Server. Run this and disable all that is not required for your environment.

Disable not delete all that is not required under the following:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components and HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components.

  • Remove Delay. VDAs based on Windows 8.x and Server 2012and 2016 Microsoft introduced a delay of 5-10 seconds for operating systems starting from Windows 8. To remove the delay, add the registry value StartupDelayInMSec (REG_DWORD) to 0 in HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\Serialize   (You can add the key “Serialize” if not present already). This will greatly reduce “interactive logon” delays.
Exclude the whole of \AppData\Local\Google\Chrome. Include the following as a start:

AppData\Local\Google\Chrome\User Data\First Run AppData\Local\Google\Chrome\User Data\Local State
AppData\Local\Google\Chrome\User Data\Default\Bookmarks
AppData\Local\Google\Chrome\User Data\Default\Favicons
AppData\Local\Google\Chrome\User Data\Default\History
AppData\Local\Google\Chrome\User Data\Default\Preference
Slow Initial Login When Using Folder Redirection

Modify the following registry entry, which controls the time wait.

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer

FolderRedirectionWait (REG_DWORD) in milliseconds

Default value is 5000 milliseconds or 5 seconds for each folder.

Valid values would be from 0 to as high as you want to go which would be the DWORD maximum.
AntiVirus

Recommend turning OFF Real-time scanning for MCS/PVS created images as they are only read only.

Run Real-time scanning on the network shares that hosts the profiles/home folders and also on the Write Cache location in case of PVS images. Run a full scan on writable images only.
  • Enable the Microsoft policy “Set maximum wait time for the network if a user has a roaming user profile or remote home directory” and set the value to 0. The policy could be found under Computer Configuration – Policies – Administrative Templates – System – User Profiles - https://support.citrix.com/article/CTX133595/
In the system Control Panel, click the Environment  In the System Variables section, click the variable Path. Add the following to the end of the string in the Value field at the bottom of the panel:

 ;%SystemRoot%\Fonts

Click Set. The changes take effect immediately.
IPv6 turned off if not in use. Slow boots could occur due to IPv6. See also this TechNet article.

To disable IPV6 I would recommend using the registry key instead since there is known issue when you unselect it in the network adapter settings.
Black screen – Might not be relevant after 7.9

https://support.citrix.com/article/CTX205179

Remove the full path from the AppInit_DLLs key.

Key Location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

Entry Name: AppInit_DLLs

Entry Type: String

New Entry Value: mfaphook64.dll

Old Entry Value: C:\Program Files\Citrix\System32\mfaphook64.dll

Key Location: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows

Entry Name: AppInit_DLLs

Entry Type: String

New Entry Value: mfaphook.dll

Old Entry Value: C:\Program Files (x86)\Citrix\System32\mfaphook64.dll
  • Active Setup. Remove the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}.Make sure that the key is removed for the user profile as well under HKCU . The above key is 2C7339CF-2B09-4501-B3F3-F3508C9228ED - Theme Setup Program (Non Critical)
Delete entry HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC. This can be achieved by a login script.

REG DELETE HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC /va /f
 Redused logon time from 55 seconds to 16-17 seconds. (KB 3161390)

OR

…add the location to the registry exclusion list in Citrix Profile Manager.

For memory consumption, you should consider the following:

Verify that DLLs loaded by an app are not relocated.

Relocated DLLs can be verified by selecting Process DLL view, as shown in the following figure, by using Process Explorer.

Here we can see that y.dll was relocated because x.dll already occupied its default base address and ASLR was not enabled



If DLLs are relocated, it is impossible to share their code across sessions, which significantly increases the footprint of a session. This is one of the most common memory-related performance issues on an RD Session Host server.
Disable NTFS Last Access Timestamps

By default, Windows keeps track of the last time a file was accessed through the “last access” time stamp. If you use this time stamp for backup purposes or you make frequent use of the Windows search function base on time stamp, then you may actually have a use for it.

In other cases you can disable the update and it will speed up Windows by avoiding having to update (write) that time stamp every time a file is read.

fsutil behavior set disablelastaccess 1

OR

Navigate to the following registry location:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlFileSystem

Right-click the right-side panel and select New > DWORD Value. Call it NtfsDisableLastAccessUpdate and give it a value of 1.
Here are some other optimizations you can add in to GPO preferences taken from Erics Xenapp Blog.

CtxStartMenuTaskbarUser – Windows 7 look on WS08R2 & XenApp 6.5
StatusTray – Provisioning Services
vDesk VDI – Personal vDisk
DisableStatus – Slow logon with black screen (Citrix XenApp 7.6 Slow Logon)

Generic AV recommendations

Recommend turning OFF Real-time scanning for MCS/PVS created images as they are only read only.

Run Real-time scanning on the network shares that hosts the profiles/home folders and also on the Write Cache location in case of PVS images.
  • Hardcore option – use Citrix universal printer and disallow printer mappings
  • Is the file server optimised? – Check the IOPS on the file server!
Virtual environments

Remove CD-ROM drives from your virtual Citrix servers.

Hide VMware Tools Systray Icon –
HKLM\SOFTWARE\VMware, Inc.\VMware Tools
 “ShowTray”=dword: 00000000
Note all your optimisations that are not out of the box!
Be careful when fully optimising an image as it might inadvertently break other stuff. I would go through my generic recommendations and if this proves a suitable logon time leave it there.

It might be better to trick user expectation by using session pre-launch or linger than go through a completely optimised image as if stuff does break troubleshooting might be difficult.

As with everything proof is in the pudding.
LOGIN PI Tests
I will reveal the tests of 3 scenarios using a tool called LOGIN PI in a future post.

1) Out of box Xenapp 2016 image.

2) My Rule of thumb recommendations applied.

3) 2016 optimisation using the Citrix Optimiser Tool.
Let’s see what we get!

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *