VDAs are not registering using a published image - Use GPO/GPP/Restricted Groups to add the proper accounts and services

VDAs are not registering using a published image - Use GPO/GPP/Restricted Groups to add the proper accounts and services

book

Article ID: CTX259057

calendar_today

Updated On:

Description

VDAs are not appearing as registered, in Studio, no matter what is done to the image or the configuration of the VDA in the Platform Layer

Resolution

Create a new Group Policy or Edit Existing

Navigate to Computer Configuration>Preferences>Control Panel Settings>Local Users and Groups

Groups to Manage

Add any of the following desired


 

Add Domain Admins to Local Administrators

Note:  Many customers use an alternate administrative group for this like “Citrix Admins”.


 

Add Domain Users to Local Users

Note:  Many customers use an alternate user group for this like “Citrix Users”.


 

Add Domain Users to Direct Access Users if desired. 

Non-brokered access to server VDA which is part of the XenDesktop site is controller through a local group named Direct Access Users. Standard users who are part of this group, will be able to connect to the server through RDP directly (Non-brokered connection).
Reference: https://support.citrix.com/article/CTX203246
Note:  Many customers use an alternate user group for this like “Citrix Direct Access Users”.
Use Create as the Action because the group won’t exist by default.



 

Add the Telemetry Service to Performance Log Users

Action: Update
Add the following by clicking on Add and typing the following:
NT Service\Citrix Telemetry Service


 

Add the BrokerAgent to Performance Monitor Users

Action: Update
Add the following by clicking on Add and typing the following:
NT Service\BrokerAgent


------------- OR
Restricted Groups can also be used to add /Modify users in the local groups.
Computer Configuration ->Polices->Windows Settings->Security Settings->Restricted Groups

Right click and Add Group


Provide name of local group "Direct Access Users" or other groups shown above.

Ok
Click Add - Members of this group and you can add members as shown above.

Note: Either use RG or GPP.

Problem Cause

In Citrix App Layering the Machine is joined to the Domain in the Platform Layer.  However, changes to the Windows SAM database cannot be made in any layer but the OS layer and therefore when Windows adds the Domain Admins group to the local Administrators group and Domain Users group to the local Users group the settings are not retained and they do not flow through to the published VDAs.  The easiest way to handle this issue is to create a Group Policy Preference (GPP) to fix local group membership.
The Citrix VDA also adds two services into local groups. These can also be added via GPP.

  • The NT Service\CitrixTelemetryService is added to the local Performance Log Users group.
  • The NT Service\BrokerAgent is added to the local Performance Monitor Users group.
  • If you want to allow direct access via RDP to VDA's add a Domain group to the local Direct Access Users group.
Powered by Wolken Software