Virtual Apps and Desktops: Logon Duration in MonitorData.Session Table shows "Null"

book

Article ID: CTX225857

calendar_today

Updated On:

Description

  • Logon Duration in MonitorData.Session Table in Monitoring Database shows "Null" value for all sessions and hence Director does not report Average logon Duration for Sessions.





  • Below exception is seen in CDF Logs from the VDA and it did not show any Logon Duration information being sent from VDA to DDC. 

BrokerAgent,_#dotNet#_,0,,9,CDF_NET_ERROR,"BrokerAgent:1:9:PluginManager.DeliverNotificationsToPlugins EXCEPTION in plugin: System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.
at System.Diagnostics.Eventing.Reader.EventLogException.Throw(Int32 errorCode)

 

Environment

Caution! Using Registry Editor incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Resolution

SOLUTION 1
  • Verify the Security Descriptor on Application Event logs from a Lab Machine hosting the same OS which does not have CustomSD set for Application by running the below command:
          wevtutil gl application
  •  You will get an output like this:
         O:BAG:SYD:(D;; 0xf0007;;;AN)(D;; 0xf0007;;;BG)(A;; 0xf0007;;;SY)(A;; 0x5;;;BA)(A;; 0x7;;;SO)             (A;; 0x3;;;IU)(A;; 0x2;;;BA)(A;; 0x2;;;LS)(A;; 0x2;;;NS)
  • Then run the below command (with the Security Descriptor copied from LAB machine)to set the Security Descriptor on Application Logs to default on the effected VDA's.
          Example: 
          wevtutil sl Application /ca:O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)           (A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)


SOLUTION 2
  • Delete the below registry key from VDA after taking backup to delete the CustomerSD on Application Logs

         Key: HKLM/SYSTEM/CurrentControlSet/Services/EventLog/Application
         Value: CustomSD
  • Restart the VDA.

Problem Cause

Custom Security Descriptor was set for the Application Event logs on the VDA's.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application]
"customsd"="O:BAG:SYD:(D;; 0xf0007;;;AN)(D;; 0xf0007;;;BG)(A;; 0xf0007;;;SY)(A;; 0x5;;;BA)(A;; 0x7;;;SO)(A;; 0x3;;;IU)(A;; 0x2;;;BA)(A;; 0x2;;;LS)(A;; 0x2;;;NS)(A;;0x1;;;S-1-5-21-905980934-1232030010-646806464-20420)"

Due to CustomSD set on that Application Event Logs, UPMPlugin loaded in BrokerAgent (that runs under Network Service account) was denied permission to read the Application events . Hence, it couldn’t get the Desktop Ready event, and so no 'upmlogon' payload was sent to Citrix Monitor Service and so logon duration was not logged.

Issue/Introduction

Logon Duration in Monitor DB's monitordata.session table is Null

Additional Information

 

  • There are 3 EventLogs that UPM Vdaplugin reads to calculate the LogonDuration  - Application, GroupPolicy Logs and , User Profile Service.
  • It reads Group Policy event logs to get the events for Group Policy processing, User Profile Service log for profile load timings, and application log for 'Desktop Ready' event.
  • It is the Desktop Ready event created in Application Event Logs that marks the end of the Session launch, and that is when the upmlogon payload is sent to Monitor service via Monitor vdaplugin via BrokerAgent.

           image.png

 

  • Ensure that events are being written to Application, Microsoft-Windows-GroupPolicy\Operational and  Microsoft-Windows-User Profile\Operational event logs.
  • Ensure that the log location is accessible and events are present for the time of user logon.



Reference:

https://blogs.technet.microsoft.com/askds/2011/08/29/the-security-log-haystack-event-forwarding-and-you/
https://support.microsoft.com/en-us/help/323076/how-to-set-event-log-security-locally-or-by-using-group-policy      

Powered by Wolken Software