XenApp Essentials: Troubleshooting Catalog Creation Failures

XenApp Essentials: Troubleshooting Catalog Creation Failures

book

Article ID: CTX224151

calendar_today

Updated On:

Description

VNET and Domain Controller Configuration in Xenapp Essentials

Symptoms or Error - Catalog creation fails with the following errors -
  • Either Domain does not exist or is not reachable from Virtual Network (VNET) . Please check the domain details, DNS settings, ensure that it is reachable from VMs in your specified VNET and redeploy the Catalog.
  • Could not provision VM for installing Citrix Cloud Connector. GatewaySubnet Subnet with name '' can be used only for the Gateway resource. Please correct the error and redeploy the Catalog.
Solution
  • Ensure the VNETs hosting the domain controller(s) is accessible from target VNETs provided during Catalog creation
  • If there are more than one Domain Controller, the target VNET provided during Catalog creation should have access to all the Domain Controllers
  • If you are hosting the domain via AADDS, the VNET hosting AADDS in Azure classic needs to be peered to target VNETs provided during Catalog creation. Ensure connectivity and reachability are successful by following the steps below.
Running the script VerifyReachability.ps1 will help confirm if a domain is reachable from the VNET. On a machine in the VNET you can run the script as
VerifyReachability.ps1 -DomainName -ServiceAccountName -ServiceAccountPassword

Problem Cause 
This issue occurs when the XenApp Essentials service attempts to create the catalog. The XenApp Essentials service creates a VM to install the Citrix Cloud Connector in the target VNET and attempts to join it to the specified domain. The attempt to join the VM to the specified domain fails if there are firewalls or other restrictions on the VNET preventing reachability to the Domain Controller.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - -
Symptoms or Error -- Catalog creation fails with the following error -
The Catalog does not have any Cloud Connectors, please contact Citrix support and provide the Transaction Id - VerifyReachability failed: Long running operation failed with status 'Failed'. VMExtensionProvisioningError VM has reported a failure when processing extension '4b6ddd2c-982d-41df-8ff6-a69a753ed270'. Error message: "Failed to download all specified files. Exiting.
Error Message: The remote name could not be resolved: 'configigxki24zzqpxu.blob.core.windows.net'"

Solution 
Running the script VerifyReachability.ps1 on a machine in the VNET will help confirm if there is internet connectivity from the VNET. On a machine in the VNET you can run the script as VerifyReachability.ps1 -DomainName -ServiceAccountName -ServiceAccountPassword

Problem Cause
Citrix specific post-install configuration scripts are stored in a secure public location. Your target VNET should allow VMs to have internet connectivity in order to allow post-install scripts to be downloaded and executed on them.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -- - - - - - - - - -
Symptoms or Error -- Catalog creation fails with the following error -

An error occurred while preparing the image. Ensure that the hypervisor has sufficient resources (such as memory) for additional machines

Solution 
Review errors in the Azure activity log for additional details on the failure. From the Azure Portal, select the Subscription specified for Catalog creation.
Select the XenApp-CatalogName location and review the Activity log for errors.
____________________________________________________________________________________


Active Directory, Domain Credentials and Citrix Cloud Resource Location

Symptoms or Error --Catalog creation fails with the following error - Failed to deploy Citrix server VMs: Failed to add any computer accounts. Please contact Citrix support and provide the Transaction Id

Solution
  • Ensure that the specified VNET has access to all the Domain Controllers for the domain specified at Catalog creation time..
  • If you have multiple catalogs created in different subscriptions, please ensure that all active Citrix Cloud Connectors have access to all the Domain Controllers for the domain specified at Catalog creation time..
  • Please delete any Citrix Cloud Connectors that may have been deployed from previous unsuccessful catalog creations..
  • An incorrect OU path may result in a Catalog creation failure. Verify that the OU path specified at the Catalog creation time is correct and addressable by all of the Citrix Cloud Connectors..
  • Ensure the domain credentials provided at Catalog creation time have sufficient permissions for the specific OU. An AADDS domain user with Admin permissions may still require ‘Read and Write’ permissions for the particular OU..
  • Ensure that the domains can be enumerated from all of the Citrix Cloud Connectors.
Here is a PowerShell snippet to help enumerate domains. Executing this on each Citrix Cloud Connector should enumerate the various domains. Verify that the domain specified at Catalog creation is part of the list..
$forestName =
[System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain().Forest.Name [System.DirectoryServices.ActiveDirectory.Forest]::GetForest((New-Object System.DirectoryServices.ActiveDirectory.DirectoryContext -Args @([System.DirectoryServices.ActiveDirectory.DirectoryContextType]::Forest, $forestName)))

To check the permissions different users and groups have on the Organizational Unit run the following PowerShell snippet.
Import-Module ActiveDirectory
(Get-Acl 'AD:/OU=xx,DC=xx,DC=yy').access | select identityreference, accesscontroltype, ActiveDirectoryRights
Please use the following steps to provide the required permissions to the Service Account User.
  1. Right click on the OU and select Delegate Control.
  2. Select the service account
  3. Tasks to Delegate: Select “Create a custom task to delegate”
  4. Active Directory Object Type: Select “Only the following objects in the folder:
    1. Select: Computer objects
    2. Select: Create selected objects in this folder
    3. Select: Delete selected objects in this folder
  5. Permissions: General
    1. Read
    2. Write
For customers using Azure Active Directory Domain Services with XenApp Essentials giving read/write permissions for group “AAD DC Administrators” to the Organizational Unit using the above steps should also resolve the issue.

Problem Cause
The XenApp Essentials service, as part of catalog creation, creates machines in the specified Subscription, VNET and OU to install a Citrix Cloud Connector. These Connectors need to be joined to the specified Active Directory Domain and OU. This step may can fail due to insufficient privileges associated with the specific Active Directory domain user. Additionally, connectivity issues from the VNET to the Domain Controller may also result in failures to join the machines to the specified domain.
____________________________________________________________________________________


VDA Image Preparation

Symptoms or Error
An error occurred while attempting to verify the master image. ImageVerification failed: Long running operation failed with status 'Failed'. VMAgentStatusCommunicationError VM ‘’ has not reported status for VM agent or extensions. Please verify the VM has a running VM agent, and can establish outbound connections to Azure storage. Please contact Citrix support and provide the Transaction Id.

Solution
  • Install the Azure VM Agent as per these instructions before uploading the VHD to the XenApp Essentials Image collection..
  • Azure Remote App customers bringing their images should install the Citrix Virtual Desktop Agent version 7.11 or higher.
  • VDA requires OS Version: Server 2012 R2 or Server 2016
Problem Cause
The XenApp Essentials service uses the Azure VM Extensions feature to perform certain post-install configurations. The Azure VM Agent is a secured, light-weight process that facilitates installing, configuring and removing an VM Extensions on the Azure Virtual Machines. A virtual machine image created by using the Azure portal and an image from the Marketplace automatically installs a VM Agent in the creation process. Images created from a physical machine or other means do not have the VM agent installed by default.
_____________________________________________________________


Azure Credentials and Subscriptions

Symptoms or Error
  • Failed to deploy Citrix server VMs: An error occurred while creating the Machine Catalog. NotEnoughCoresInRegion Please contact Citrix support and provide the Transaction Id
  • Could not provision VM for installing Citrix Cloud Connector. OperationNotAllowed Operation results in exceeding quota limits of Core. Maximum allowed: 4, Current in use: 4, Additional requested: 2. Please correct the error and redeploy the Catalog. If more help is needed, please contact Citrix support and provide the Transaction Id
Solution
  • From the Azure Portal, select the Subscription specified for Catalog creation. Review the Usage + Quotas to ensure you have sufficient Cores.
  • Delete any non-XenApp Essentials VMs, storage accounts to increase the availability of resources.
  • Contact Microsoft to increase the number of cores for the specified subscription.
_____________________________________________________________

Technical Support

If the above solutions do not resolve your problem, then contact Citrix Technical Support. You can easily open a ticket by clicking the Help ? icon in the Citrix Cloud console, and then select Open a Ticket.
Contact Tech Support
_____________________________________________________________

Additional Resources

Azure AD Domain Services Setup
Increasing Number of Cores when you hit NotEnoughCoresInRegion error.

Additional Information

Azure AD Domain Services Setup
Increasing Number of Cores when you hit NotEnoughCoresInRegion error.
Powered by Wolken Software