Under certain conditions, when you create MCS pooled random Windows 10 machines, they might point to wrong domain controller as the logon server. This will lead to delayed user logon and GPO applications might take longer than expected.

On further investigation, you would observe the following registry key being created on MCS provisioned machines.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\JoinDomain



 

This issue can occur because of the domain injection process during MCS provisioning process. Be default, MCS will use the domain controller from the AD site (to which the Delivery Controller belongs to) as the preferred logon server. This means MCS provisioned pooled machines would point to that particular domain controller regardless of what AD site and subnet they belong to.

To resolve this issue, follow the steps below:

1. Launch elevated PowerShell on Delivery Controller and execute the commands below -
   1. asnp citrix*
   2. Set-ProvServiceConfigurationData –Name DisableDomainInjection –Value true
2. Reboot all the Delivery Controllers
3. Create a new MCS pooled random catalog

Note : Under certain conditions, after updating an image (with VDA version >= 2407) for MCS pooled machines, the machines may fail to join domain, refer to the article CTX694833

MCS created pooled Windows 10 machines get the wrong logon server