Troubleshooting Virtual Desktop Agent Registration with Controllers in XenDesktop

  • CTX126992
  • Created onMar 26, 2014
  • Updated onSep 03, 2014
Article Topic Configuration


This article contains information about Troubleshooting Virtual Delivery Agent Registration with Controllers in XenDesktop.


XenDesktop relies upon a software component installed on each virtual desktop (the Virtual Delivery Agent) being in communication with one of the controllers in your XenDesktop site. This state is referred to as the VDA being registered with a controller. If communication fails for any reason, the VDA is said to have failed to register with a controller. It is then not possible for XenDesktop to broker a connection to the virtual desktop in question, and the virtual desktop becomes a wasted resource.
The VDA logs problems with registration in its event log, as shown in the following example: 

User-added image

Where the details of the four most recent event log entries are:


Date and Time


Event ID



12/8/2010 10:03:59 AM

Citrix Desktop Service


"The Citrix Desktop Service failed to register with any controllers in the last 2 minutes.
 The service now tries to register with controllers at a reduced rate of every 2 minutes."


12/8/2010 10:01:55 AM

Citrix Desktop Service


"The Citrix Desktop Service failed to register with any delivery controller.
 The service retries registering with controllers in approximately 8 seconds.
 Please ensure that at least one delivery controller is available for Virtual Desktop Agents to register with. Refer CTX117248 for further information."


12/8/2010 10:01:55 AM

Citrix Desktop Service


"The Citrix Desktop Service cannot connect to the delivery controller '' (IP Address '')
Check that the system clock is in sync between this machine and the delivery controller. If this does not resolve the problem, refer to  CTX117248 for further information.
Error Details:
Exception 'An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.' of type 'System.ServiceModel.Security.MessageSecurityException'.."


12/8/2010 10:01:55 AM

Citrix Desktop Service


The Citrix Desktop Service successfully obtained the following list of 1 delivery controller(s) with which to register: ' ('.

If the virtual desktop in question has been added to a desktop group in your XenDesktop site, you will also see evidence of the VDA's failure to register with any controllers in the site, in the administration consoles. The following screen shot shows how this looks in Citrix Director.
Here, the State column provides information about the registration state of the desktop machine. A value of UnRegistered indicates that registration has not successfully completed.

User-added image

Troubleshooting Registration Problems

Virtual Desktop not Added to the Correct Site

If you see VDA event log entries on the worker suggesting registration failure, complete the following steps:
  1. Check that the virtual desktop is correctly added to the correct XenDesktop site. This must be done from both the point of view of the virtual desktop and of the XenDesktop site itself.
  2. In Desktop Director, enter the name of the machine into the search box – the machine name must appear in the drop-down that appears below the search box as you type the name. If it does not, it means that the machine has not been added to the site correctly.
  3. Check that the machine in question is a member of the correct site, check that the list of controllers listed in the event log entry with Event ID = 1010 on the virtual desktop is correct for your XenDesktop site. If it does not, the virtual desktop has not been correctly configured to be part of the site.
Note: There are two ways of configuring site membership on a virtual desktop: registry-based (default), and active-directory-based. For further details, see

Virtual Desktop Firewall not Properly Configured

If the firewall on the virtual desktop has not had the appropriate exclusions configured to enable communication with controllers, the registration fails. As an experiment, try disabling all firewall software on the virtual desktop and restart it. If registration now succeeds, the problem points to misconfiguration of the firewall; reconfigure it and re-enable it.
Note: It is not advisable to run with the firewall permanently disabled on virtual desktops.

Domain Name Services (DNS) not Properly Configured

If the virtual desktop or the controller sees an incorrect IP address for the other party, registration fails. To see if this is an issue, try the following: on both machines, start a command shell window and run the following commands:
ping <>
Both machines must be able to ping each other successfully with DNS name (using the fully qualified domain name (FQDN) including the bit and not the simple NetBIOS name). It is important that, the IP address reported for the remote machine using the ping command in each case must match the IP address reported using ipconfig command on the relevant machine.
If there is any discrepancy, fix the problem with your DNS configuration and restart the virtual desktop, the controller, or both, as appropriate.

Time Synchronization not Properly Configured

The communication between virtual desktops and controllers is secured using Kerberos. This relies on Tickets with a limited life span. If the difference in system time between the two ends of the communication is too great, the Tickets are always considered to have timed out when they are accessed and communication fails.
Check that the system time on all systems is within a reasonably small margin (the default domain-wide Kerberos setting is five minutes).

Domain Membership Problems

Under some circumstances, it can appear that a machine (virtual desktop or controller) is a part of a domain, but in fact, it is not (for various reasons). This can cause problems with the secure communication between virtual desktops and controller.
Try removing the machines in question from their domains (temporarily moving them into a workgroup, for example) and then subsequently rejoin them to their domains. When the subsequent system restart has completed, check to see if registration has been successful.

Service Principal Names (SPNs)

Communication between virtual desktops and controllers uses Microsoft’s Windows Communication Foundation (WCF). The services implementing the communication endpoints use the computer’s identity. Thus, WCF’s mutual authentication model uses the SPN associated with the respective computer accounts (by default, HOST/host’s-fully-qualified-domain-name). The controller determines the virtual desktop’s SPN after inspecting the servicePrincipalName attribute of the associated computer account in Active Directory.
You can inspect the virtual desktop’s computer account using tools such as Active Directory Explorer. If the servicePrincipalName attribute does not include an entry with the computer’s fully qualified domain name, try editing it manually, and check to see if that fixes registration problems.

Multiple Network Adapters

If your virtual desktops contain multiple network adapters that can be used to communicate with the controllers, this might cause the security negotiation to fail. In that case, try disabling all network adapters except for the one used to communicate with the controllers.

Additional Resources

CTX117248 - Troubleshooting Virtual Desktop Agent Registration with Controllers in XenDesktop

CTX133769 - XenDesktop Registration Failure when Microsoft Global Catalog Port 3268 is Blocked

Automatic translation

Important: Non-English versions of this article are translated by an automatic translation system (also referred to as Machine Translation, or MT) and have not been translated or reviewed by a person. Citrix offers a machine translated version of this article to allow for greater access to the support content. However, automatic translation is not always perfect and may contain vocabulary, syntax or grammar errors. Citrix is not responsible for inconsistencies, errors or damage incurred as a result of the use of machine translated articles. Thank you.

Traduction automatique

Important : cet article a été traduit par un système de traduction automatique (également appelé Traduction automatique ou TA) et n'a pas été vérifié par des spécialistes. Citrix propose une traduction automatique de cet article afin de permettre à toute personne ne maîtrisant pas l'anglais d'accéder au contenu de l'assistance. Toutefois, la traduction automatique n'étant pas parfaite, elle peut contenir des erreurs de terminologie, de syntaxe ou de grammaire. Citrix n'est pas responsable des incohérences, erreurs ou dommages pouvant résulter de l'utilisation par nos clients d'articles TA.

Automatische vertaling

Belangrijk: Dit artikel is vertaald door een automatisch vertalingssysteem (ook Machine Translation of MT genoemd) en is niet vertaald of beoordeeld door mensen. Citrix biedt een machine-vertaalde versie van dit artikel aan om een betere toegang mogelijk te maken tot de support-inhoud. Automatisch vertalen werkt echter niet altijd perfect en het resultaat kan fouten bevatten in de woordkeuze, syntaxis of grammatica. Citrix is niet verantwoordelijk voor inconsistenties, fouten of schade als gevolg van het gebruik van MT-artikelen door onze klanten.

Maschinelle Übersetzung

Wichtig: Dieser Artikel wurde mit einem maschinellen Übersetzungssystem und ohne jegliche Bearbeitung durch Personen übersetzt. Citrix bietet maschinelle Übersetzungen von Artikeln an, damit Benutzer umfassenden Zugriff auf Support-Inhalte haben. Maschinelle Übersetzungen enthalten jedoch möglicherweise Fehler in Bezug auf Terminologie, Syntax und Grammatik. Citrix übernimmt keine Verantwortung für Inkonsistenzen, Fehler oder Schäden, die aus der Verwendung von maschinell übersetzten Artikeln durch Kunden resultieren.


重要提示:本文是由自动翻译系统翻译完成的(也称为“机器翻译”或 MT),未经人工翻译或审查。Citrix 提供本文的机器翻译版本是为了方便更多人访问支持内容。然而,自动翻译的文章并不总是完美的,可能存在词汇、语法或文法方面的错误。对于因客户使用机器翻译文章导致出现的不一致、错误或损害,Citrix 不承担任何责任。



Tradução automática

Importante: este artigo foi traduzido por um sistema de tradução automática (também conhecido por Machine Translation ou MT) e não foi traduzido nem revisado por pessoas. A Citrix oferece uma versão traduzida por máquina deste artigo para permitir maior acesso ao conteúdo de suporte. No entanto, a tradução automática não é sempre perfeita, podendo conter erros de vocabulário, sintaxe ou gramática. A Citrix não se responsabiliza por inconsistências, erros ou danos incorridos como resultado do uso de artigos de MT de nossos clientes.

Traducción automática

Importante: Este artículo ha sido traducido por un sistema de Traducción automática (también llamada MT o Machine Translation) sin intervención de un traductor humano. Citrix ofrece la traducción automática de este artículo para ampliar el acceso a la información de asistencia técnica. No obstante, la traducción automática no es perfecta y puede contener errores de vocabulario, sintaxis y gramática. Citrix no se hace responsable de cualquier imprecisión, error o daño ocasionados por el uso que hagan nuestros clientes de los artículos traducidos automáticamente.
Was this helpful?
Thank you for your feedback

Share your comments or find out more about this topic

Citrix Forums