Procedure to configure XenDesktop database in a secure environment.

XenDesktop wizard is made to automatically connect to the SQL Server and create the database. That is actually very helpful in a lab or small environments but it does not work in large and secure deployments. Simply because you don’t have full access to the SQL server and the rights to perform database creation tasks that require extended privileges. In this post, we will review how to create XenDesktop 7.x database in a secure environment.

Requirements

  • Windows authentication is required for connections between the Controller and the SQL Server database. SQL Authentication is not supported.
  • Dedicated service account is recommended to connect to SQL.
  • SQL Server is supported up to 2014 SP1.
  • Mirroring is only possible with the full version of SQL Server.
  • SQL collation of the database must be ending with 100_CI_AS_KS.
  • SQL server collation can be different from the XD database collation.
  • Each XenDesktop service gains access to the database through the local controller’s machine account.The services gain access to the database server through their machine account logon (names of the form ‘DOMAIN\MACHINE$’). These logons do not need to be members of any server-level roles.

Permissions

Citrix provides the privileges required to perform XD tasks:

XenDesktop SQL permissions required
XenDesktop SQL permissions required

As you can see, for an initial configuration you need to be db_creator, db_owner and securityadmin. Your DBA friends won’t like you if you ask securityadmin privileges on the production SQL servers. The solution to this problem is to delegate the creation of the database and the configuration to the DBA guys.

Setup

At the screen below, enter the database server location, and the name of the database.

SQL Setup
SQL Setup

You can try to connect to the SQL server but you won’t be able to connect. In a secure environment, your account does not have the permissions to connect to the SQL server and especially does not have the SecurityAdmin privileges required.

Insufficient privileges
Insufficient privileges

Then select Generate database script.

SQL Script
SQL Script

SQL Scripts are generated in the C:\TEMP folder.

Configuration

Now contact your DBA team and ask them to create a new database with the following configuration:

  • Name: XD7_DB
  • Owner: your admin account
  • Size: Primary – 400MB and Logs – 100MB
  • The recovery model is set to Simple. For use as a mirrored database, this must be changed to Full.
  • Collation: Latin1_General_100_CI_AS_KS
  • Permissions:
    • DBOwner for the service account you are using to connect to the DB
    • DBOwner for your admin account (optional)
  • Run the SQL script in SQLCMD mode in Microsoft SQL Management Studio

Note: The database must be created before running the script. 

 

Create database

To be performed by DBA guys.

Name: XD7_DB
Owner: CITRIXGURU\Administator
Primary: 400 MB
Logs: 100MB

Create database XD7_DB
Create database XD7_DB

Collation: Latin1_General_100_CI_AS_KS
Recovery mode: Simple (Full, if mirrored)

Configure collation
Configure collation

Database is created but is empty.

Database created
Database created

Run previously generated SQL Script

DBA team also needs to run the script previously created by the XenDesktop installer.

The script must be executed in SQLCMD mode with an account account having securityadmin or systemadmin permissions on the SQL server.

Run SQL Script
Run SQL Script

The script is showing errors if you are not in the SQLCMD mode:

Error with the script
Error with the script
Ignore the errors
Ignore the errors

You can put SQL Management Studio into SQLCMD mode by going to the “Query” menu and selecting SQLCMD mode.

SQLCMD Mode
SQLCMD Mode

The database is now containing XenDesktop tables.

XenDesktop tables created
XenDesktop tables created

Permissions have been updated with the XD controller computer account:

  • CITRIXGURU\CDC01$ added (no role membership)
Permissions updated
Permissions updated

XD controller computer account permissions

Add permissions

The SQL administrators also need to add your service account in the database permissions.

Create the account, login name: CITRIXGURU\svc_sql_ctx
Default database: XD7_DB

Add permissions for service account 1/4
Add permissions for service account 1/4

Login name and user name: CITRIXGURU\svc_sql_ctx

Add permissions for service account 2/4
Add permissions for service account 2/4

The account is now in the users of the dabatase.

Add permissions for service account 3/4
Add permissions for service account 3/4

Select DB_owner schema.

Add permissions for service account 4/4
Add permissions for service account 4/4

The database is now ready.

At the following screen you can select Yes.

Insufficient privileges
Insufficient privileges

Enter alternative credentials.

CitrixGuru_Lab_Capture_93_1445713913

 

Select OK and XenDesktop installer should continue the installation without errors.

Join a new controller to the XD farm

Select Connect this Delivery Controller to an existing site.

Connect this Delivery Controller to an existing site
Connect this Delivery Controller to an existing site

Enter the address of the primary controller: cdc01.citrixguru.lab

Enter primary controller's address
Enter primary controller’s address

Select No.

Select No
Select No

Then select Generate scripts.

Generate scripts
Generate scripts

Same as before, as the DBA guys to run the script.

The script will automatically add the secondary controller in the permissions.

Next, press OK and enter the service account credentials.

Service account credentials
Service account credentials

Desktop Studio will process the request.

Processing
Processing

Install is successful.

Secondary server is installed
Secondary server is installed

You can verify that the secondary controller is present by clicking on Controllers in configuration.

Controllers
Controllers


1 COMMENT

  1. Nice article, unfortunately this is up to version 7.6, I already commented on the Citrix site about the Membership and Owned Schema’s memberships for Xendesktop 7.15 but nothing found yet that describes the latest versions.

Comments are closed.