Configure Windows 10 for Citrix PVS with Citrix App Layering.
More from the Lab!
- Building a Dual-Xeon Citrix Lab: Part 1 – Considerations
- Building a Dual-Xeon Citrix Lab: Part 2 – Hardware
- Building a Dual-Xeon Citrix Lab: Part 3 – Windows and Hyper-V installation
- Lab: Part 4 – Hyper-V Networking
- Lab: Part 5 – NetScaler 11 Architecture and Installation
- Lab: Part 6 – Configure NetScaler 11 High Availability (HA Pair)
- Lab: Part 7 – Upgrade NetScalers in HA
- Lab: Part 8 – Save, Backup and Restore NetScaler 11 configuration
- Lab: Part 9 – Install Microsoft SQL Server 2014 (Dedicated)
- Lab: Part 10 – Citrix Licensing demystified
- Lab: Part 11 – Install XenDesktop 7.6
- Lab: Part 12 – Setup NetScaler 11 Clustering (TriScale)
- Lab: Part 13 – Configure Published Applications with XenDesktop 7.6
- Lab: Part 14 – Citrix StoreFront 3.x
- Lab: Part 15 – Configure SSL in StoreFront
- Lab: Part 16 – StoreFront load balancing with NetScaler (Internal)
- Lab: Part 17 – Optimize and secure StoreFront load balancing with NetScaler (Internal)
- Lab: Part 18 – Secure LDAP (LDAPS) load balancing with Citrix NetScaler 11
- Lab: Part 19 – Configure Active Directory authentication(LDAP) with Citrix NetScaler 11
- Lab: Part 20 – RDP Proxy with NetScaler Unified Gateway 11
- Lab: Part 21 – Secure SSH Authentication with NetScaler (public-private key pair)
- Lab: Part 22 – Ultimate StoreFront 3 customization guide
- Lab: Part 23 – Securing Citrix StoreFront DMZ deployment
- Lab: Part 25 – Upgrade to Citrix StoreFront 3.7
- Lab: Part 26 – Install/Upgrade Citrix XenDesktop 7.11
- Lab: Part 27 – Getting started with Microsoft Azure
- Lab: Part 28 – Getting started with Citrix Cloud
- Lab: Part 29 – Configure XenDesktop And XenApp Service with Microsoft Azure and Citrix Cloud
- Lab: Part 30 – Configure Identity and Access Management in Citrix Cloud with Microsoft Azure AD
- Lab: Part 31 – Configure NetScaler Gateway Service for XenApp and XenDesktop Service in Citrix Cloud
- Lab: Part 32 – Configure MCS with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 33 – Configure Azure Quick Deploy with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 34 – Configure Site Aggregation for Citrix Workspace in Citrix Cloud with XenDesktop 7.x located on-premises
- Lab: Part 35 – Configure a Hybrid NetScaler MA Service environment in Citrix Cloud
- Lab: Part 36 – Configure ShareFile in Citrix Cloud with StorageZones on-premises
- Lab: Part 37 – Upgrade NetScaler HA pair with NetScaler MA Service in Citrix Cloud
- Lab: Part 38 – How to Configure Full VPN Setup with Citrix NetScaler in CLI
- Lab: Part 39 – Configure Multi-Factor Authentication with Azure MFA Service and Citrix Workspace
- Lab: Part 40 – Getting Started with Citrix App Layering
- Lab: Part 41 – Configure Citrix App Layering
- Lab: Part 42 – OS Layer with Citrix App Layering
- Lab: Part 43 – Platform Layer with Citrix App Layering
- Lab: Part 44 – Application Layers with Citrix App Layering
- Lab: Part 45 – Layered Image Deployment with Citrix App Layering
- Lab: Part 46 – Elastic deployment with Citrix App Layering
- Lab: Part 47 – User Layers with Citrix App Layering
- Lab: Part 48 – Windows 10 and PVS with Citrix App Layering
We discussed in the previous posts of this Citrix App Layering series how to install and configure the appliance. We also reviewed how to work with OS, Platform, Application and User layers in App Layering and how to deliver them elastically. In this post, we will review more in details Windows 10 and PVS with Citrix App Layering.
More from this Citrix App Layering series
- Introduction to Citrix App Layering
- Lab: Part 40 – Getting Started with Citrix App Layering
- Lab: Part 41 – Configure Citrix App Layering
- Lab: Part 42 – OS Layer with Citrix App Layering
- Lab: Part 43 – Platform Layer with Citrix App Layering
- Lab: Part 44 – Application Layers with Citrix App Layering
- Lab: Part 45 – Layered Image Deployment with Citrix App Layering
- Lab: Part 46 – Elastic deployment with Citrix App Layering
- Lab: Part 47 – User Layers with Citrix App Layering
- Lab: Part 48 – Windows 10 and PVS with Citrix App Layering
- Best Practices for Citrix App Layering
Requirements
For this lab, you need the following:
- Citrix ELM installed and configured.
- PVS Infrastructure configured.
- Windows 10 .ISO downloaded from Microsoft website.
- At this time Windows 10 1809 is not supported. We will work with Windows 10 1803 in this article.
Best Practices for Windows 10 & PVS in Citrix App Layering
- Legacy Network Adapter (Hyper-V) or VMXnet3 (VMware)
- Install VDA with Run As an Administrator or it will fail to install requirements.
- Then PVS Target Device client in the Platform layer.
- Attach the Write Cache disk from the PVS template in the Platform layer. Install the disk in the layer and then detach the disk from the Platform layer virtual machine before finalizing.
- Run JGPIERS Windows 10 Optimization Script: JGSpiers-W10-1803-Optimisations.
- Disable IPV6.
- Configure Service Account credentials in the PVS Connector configuration
Configure Windows 10 & PVS in Citrix App Layering
Install Citrix App Layering agent on a server part of the PVS farm
The App Layering agent is required to publish Layered Images to PVS. You must install the agent before creating the Connector for PVS.
Open the ELM package downloaded from Citrix website.
You should have citrix_app_layering_agent_installer.exe in it.
Install the agent on a PVS server that is part of the PVS famr and needs to communicate with ELM.
See below the process to install the agent.
Accept license agreement.
Enter agent port (default 8016).
Click on install.
To register the agent in ELM, you need to specify the ELM server IP and credentials.
If you do not register the agent during installation, you can manually register it later. However, remember that the PowerShell scripts do not run until the agent is registered with the appliance. See Manual registration.
Click on Register.
The installation is completed.
Configure Citrix PVS connector in App Layering
Adding a connector for PVS will allow you to publish directly from the ELM console to PVS. The disk will be automatically added into the PVS store and configured. However you will still have to manually assign it the devices. Also if you have multiple PVS servers and no central repository, you will need to manage the synchronization of your vDisks between your servers (PowerShell, DFS-R, etc).
See Citrix Documentation for connectors.
Go to System > Connectors > Add Connector Config.
Select the connector that applies to your configuration (Ex: Citrix PVS).
This will open a new page with the connector wizard.
First step is to add a new name for the connector.
Then let’s move to the PVS connector configuration.
You should be able to find the PVS server where you installed the agent earlier.
Add the proper credentials and click on Check Credentials to validate them.
Note: you may need to register PVS PowerShell snapin on the server again. See https://support.citrix.com/article/CTX235079.
Next, configure vDisk settings. Select the PVS site and the PVS Store name in the dropdown list. Then You need to set the default configuration for the write cache, the size of the write cache and the type of license mode. You can also Enable AD machine account password management, load balancing and printer management if needed.
Make sure to click on Test to validate that the PVS connector is configured properly.
Then click on Save and close the window.
In ELM, you should see the new PVS connector.
Create PVS client virtual machine
We need to create a virtual machine that we will use for PVS. We only need to configure a disk for the write cache.
Note: Make sure to use the Legacy Network Adapter.
Here is the PowerShell code to create the PVS Client virtual machine for Microsoft Hyper-V:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
$VMname = "VM01" $SwitchName = "LAN" $ISOLocation = "C:\BDM.iso" $CacheSize = 20GB $DiskPath = "I:\VM\VM01\WriteCache.vhdx" $MAC = "000000000001" $Param = @{ Name = $VMname MemoryStartUpBytes = 8GB Path = "I:\VM\Hyper-V" ErrorAction = 'Stop' Verbose = $True } $VM = New-VM @Param $Param = @{ ProcessorCount = 4 DynamicMemory = $true } $VM = $VM | Set-VM @Param Remove-VMNetworkAdapter -VMName $VMname -Name "Network Adapter" Add-VMNetworkAdapter -VMname $VMname -IsLegacy $true -Name "Legacy Network Adapter" -SwitchName $SwitchName Set-VMDvdDrive -VMName $VMname -Path $ISOLocation Set-VMNetworkAdapter -VMName SRV01 -StaticMacAddress $MAC $NewVHDParam = @{ Path = $DiskPath Dynamic = $True SizeBytes = $CacheSize ErrorAction = 'Stop' Verbose = $True } $VHD = New-VHD @NewVHDParam $AddVMHDDParam = @{ Path = $DiskPath ControllerType = 'IDE' ControllerLocation = 1 } Add-VMHardDiskDrive -VMName $VMname @AddVMHDDParam |
Leave this virtual machine OFF for now. We will use it later to boot our PVS image.
Create Windows 10 Master Image
Let’s create a new Windows 10 virtual machine in Hyper-V with PowerShell.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
$VMname = "1803_MASTER" $SwitchName = "DMZ" $ISOLocation = "C:\Win10_1803_English_x64.iso" $Param = @{ Name = $VMname MemoryStartUpBytes = 8GB Path = "I:\VM\Hyper-V" NewVHDPath = "I:\VM\1803_MASTER\1803_MASTER.vhdx" NewVHDSizeBytes = 60GB ErrorAction = 'Stop' Verbose = $True } $VM = New-VM @Param $Param = @{ ProcessorCount = 4 DynamicMemory = $true } $VM = $VM | Set-VM @Param Remove-VMNetworkAdapter -VMName $VMname -Name "Network Adapter" Add-VMNetworkAdapter -VMname $VMname -IsLegacy $true -Name "Legacy Network Adapter" -SwitchName $SwitchName Set-VMDvdDrive -VMName $VMname -Path $ISOLocation Start-VM -Name $VMname |
The virtual machine will automatically boot.
From here install Windows 10 as usual.
Once Windows 10 installed, make sure to follow OS Layer best practices:
- Have one OS layer per Operating System (Windows Server 2016, Windows 10 64-bit, etc)
- Check Citrix documentation about supported OS
- The Operating System layer is always the lowest priority layer. It is always at the bottom of the layer stack no matter what the version date and time is.
- Start with a fresh image of a supported Windows OS from your hypervisor. Create a new base image based on latest .ISO downloaded from Microsoft website that includes latest Windows updates (Ex: Windows Server 2016 ISO download)
- Legacy NIC for Hyper-V and VMXNET3 for VMware
- Generation 2 virtual machine type is not supported with Hyper-V. Only Generation 1.
- Configure DHCP to get an IP address in the template.
- Clean up any installers or temp directories.
- OS Layer must be as clean as possible. Only install required apps! And only install on C:\ drive.
- If needed, install RDSH and Remote Assistance. If 2012 (R2), also install Desktop Experience.
- Activate Windows
- Rename the machine and leave it in WORKGROUP
- Install pending Windows Updates and then stop and disable Windows Updates service and then REBOOT!
- Install Microsoft .NET Framework and Visual C++ libraries in the OS layer
- Install Microsoft .NET Core in the OS Layer
- Remove all Microsoft Store Apps and Disable related services
- Disable Windows Defender and Windows Firewall
Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False Set-Service MpsSvc -StartUpType Disabled Stop-Service MpsSvc -force
- Disable IPV6 (PVS only)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ Name: DisabledComponents Type: REG_DWORD Min Value: 0x00 Max Value: 0xFF (IPv6 disabled)
- Disable IE ESC
- Force High Performance Power Scheme
Powercfg /list Powercfg /s {UID} - Configure Page File
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management Key: "PagingFiles" (reg_multi_sz) Value: "C:\pagefile.sys 4096 4096"
- Set Time to display list of OS to 5s
Bcdedit /timeout 5
- Adjust performance for programs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\PriorityControl Key: "Win32PriortySeparation" (dword) Value: "26"
- Remove Legal notice
(Remove. Causing delay in launching published applications) HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System; Legalnoticecaption Legalnoticetext
- Run Citrix Optimizer with the appropriate template
Run Citrix Optimizer with 2016 template - Disable OS Rearm (MCS Only)
Set-ProvServiceConfigurationData -Name ImageManagementPrep_Excluded_Steps -Value OsRearm
- Hypervisor tools of your main hypervisor should be installed into the Operating System layer (Ex: VMware Tools or Hyper-V Integration Services). If you plan to deploy that image on a different hypervisor, you will need to add the tools on the platform layer.
- Do not install applications (Antivirus, Monitoring agents, etc) in the OS Layer.
- Create new local users and local groups in this layer. Domain users and groups can be added by GPO.
- Always connect to the OS Layer with the same local account
- Check this link for more best practices.
- Run Preparation Script instead of Shutdown For Finalize (optional)
Browse to the Citrix App Layering package.
Double click on citrix_app_layering_os_machine_tools_xx.xx.x.exe.
This package will unzip in C:\Windows\Setup\scripts (by default).
If not started automatically, run SetKMSVersion.hta.
Run also RemoveStoreApp.cmd to remove all Microsoft Store applications from the image.
Then run setup_x64.exe to install Citrix App Layering Image Preparation Utility.
Select Next to install.
Select Next.
Then Finish to close the window.
Shutdown the virtual machine.
Create OS Layer for Windows 10 in Citrix App Layering
Go to ELM console > Layers > OS Layers and select Create OS Layer.
Enter layer details:
Select the connector to be able to browse the virtual machines.
Select the virtual machine previously created.
Select icon assignment.
Confirm.
ELM will start to import the virtual machine in the repository.
Create Platform Layer for Windows 10 in Citrix App Layering
Make sure to follow Platform Layer best practices:
- Platform Layer has the highest priority of all layers. This layer will be applied last.
- Install Citrix Virtual Desktop Agent (VDA), Receiver/Workspace App, Real-Time Optimization Pack (RTOP), WEM and PVS Target Device software in the Platform Layer
- Do not install Windows Updates in this layer
- Join the machine to the domain
- Logon with a domain account to cache data in the layer. This will improve logon time.
- The Platform layer has the highest priority when creating the layered image. This means it is applied last so its settings will override all other layers.
- Single Sign-on applications must be installed in this layer (Ex: Imprivata)
- Video drivers (nVidia, AMD) can be installed in this layer
- Do not disable iPV6 (for PVS). Do it in the OS Layer.
- Changes made to local users and groups are not saved in this layer. Use GPOs instead.
- You can add additional disks but you must remove them before finalizing the disk in the ELM console
- If you want to deploy this image on a different hypervisor, install the hypervisor tools in this layer.
- Check this link for more best practices
- To have a Write Cache disk with PVS, you must attach the same disk to the Platform Layer. Install it in the layer. Then shutdown the layer and remove the disk before finalizing (See CTX232126).
- Run Citrix Optimizer to apply Citrix optimizations. Windows optimizations were applied in the OS layer in the previous post.
Go to ELM console > Layers > Platform Layer and select Create Platform Layer.
Click on Create Platform Layer.
Enter layer details:
Select the OS Layer.
Select the connector to be able to browse the virtual machines.
Select Platform types.
Enter a disk filename.
Assign an icon.
Select Create Layer to confirm.
Connect to the virtual machine create during the Platform Layer process.
Add the virtual machine to the domain. Reboot and then logon with a domain account to cache domain information in the layer.
Note: move the computer object in the correct OU.
Install Citrix Virtual Desktop Agent, Citrix Receiver/Workspace app and then PVS Target Device (if needed).
Note: Make sure you have installed Microsoft Visual C++ libraries in the OS Layer or VDA will install them in the Platform Layer.
Install Citrix PVS Target Device in the layer.
Reboot the virtual machine.
Take a look at the Local groups.
Citrix VDA install created the following local groups:
- Direct Access Users
- Anonymous
And added users in few others:
- NT Service\CitrixTelemetryService in Performance Log Users
- NT Service\BrokerAgent in Performance Monitor Users
This configuration will not be captured in the layer. You need to create a domain GPO to applies the configuration.
Additionally you can also add few others:
- NT AUTHORITY\Authenticated Users in Remote Desktop Users
- <DOMAIN>\<CITRIX_ADMIN_GROUP> in Administrators
- <DOMAIN>\<CITRIX_DA_USERS> in Direct Access Users
Note: NT Service accounts can only be added via Group Policy Preferences
See below an example of implementation via GPO.
Next step is to add the Write Cache disk in the Platform Layer. By default, the virtual machine created by ELM for the Platform layer has 2 disks mapped.
Here is to PowerShell script to attach the disk from the PVS virtual machine created earlier in this article.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
$VMName = "1803_PLATF_VDA-2018-12-31_10-34-54.481" $DiskPath = "I:\VM01\VM01-Cache.vhdx" $AddVMHDDParam = @{ Path = $DiskPath ControllerType = 'SCSI' ControllerLocation = 1 } Add-VMHardDiskDrive -VMName $VMname @AddVMHDDParam |
Note: you can also import that disk manually in the configuration of the virtual machine.
The disk is now attached to the virtual machine via the SCSI Controller.
In the virtual machine, open diskmgmt.msc. The tool will automatically start to scan for new disks.
You can also manually Recan Disks in the Action menu.
Select MBR (Master Boot Record).
Click OK. The new disk should appear Unallocated.
Right click the unallocated disk and select New Simple Volume.
Click next.
Assign a drive letter.
And assign a name for the volume.
Click Finish to confirm.
Windows will partition the Write Cache disk.
Reboot the virtual machine.
Run Citrix Optimizer with the appropriate Windows 10 template.
Once you are done with the optimizations, click on Shutdown For Finalize.
Before Finalizing, remove the disk from the virtual machine.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$VMName = "1803_PLATF_VDA-2018-12-31_10-34-54.481" $RemoveVMHDDParam = @{ ControllerType = 'SCSI' ControllerLocation = 1 } Get-VMHardDiskDrive -VMName $VMname @RemoveVMHDDParam | Remove-VMHardDiskDrive |
Make sure that the disk was removed properly. ELM will not be able to finalize the layer if the disk is present.
Finalize the Platform Layer in ELM.
Publish Layered Image of Windows 10 in Citrix App Layering
Go the the ELM console > Images and select Create Template.
In the Template Wizard, enter the name of the template and pick an icon.
Select the OS Layer to be integrated in this image.
No assignment.
Select the connector.
Select the Platform Layer.
Add Layered Image Disk settings.
Select Create Template and Publish.
Note: Create Template does not deploy the image to the target infrastructure.
ELM will start to create the template and deploy it the the PVS server configured in the connector.
Configure PVS for Windows 10 in Citrix App Layering
Go the the PVS console > Stores.
The new Layered Image was deployed and automatically added in the Store defined in the PVS Connector.
Go the the PVS console > Sites > DEV > Device Collections and create a new collection for Windows 10.
Create a new Target Device in this collection.
Make sure that the Target Device has the same MAC address than the virtual machine created (Ex: 00-00-00-00-00-01).
Then assign the vDisk previously created and published via the ELM console.
Click OK to create the Device.
Note: In this lab, we are using a Boot Device Manager (BDM) .ISO disk for the boot to simplify the process.
Boot the virtual machine.
The virtual machine is up and running.
You may have BSODs related to the following:
- SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (CVhdMp.sys) (CTX229910)
- When using default network adapter instead of Legacy Network Adapter.
- INACCESSIBLE BOOT DEVICE (CTX232126)
- The cache disk was not added properly to the Platform Layer.
You can logon to the virtual machine and check that the vDisk is streamed properly from the PVS server:
More from the Lab!
- Building a Dual-Xeon Citrix Lab: Part 1 – Considerations
- Building a Dual-Xeon Citrix Lab: Part 2 – Hardware
- Building a Dual-Xeon Citrix Lab: Part 3 – Windows and Hyper-V installation
- Lab: Part 4 – Hyper-V Networking
- Lab: Part 5 – NetScaler 11 Architecture and Installation
- Lab: Part 6 – Configure NetScaler 11 High Availability (HA Pair)
- Lab: Part 7 – Upgrade NetScalers in HA
- Lab: Part 8 – Save, Backup and Restore NetScaler 11 configuration
- Lab: Part 9 – Install Microsoft SQL Server 2014 (Dedicated)
- Lab: Part 10 – Citrix Licensing demystified
- Lab: Part 11 – Install XenDesktop 7.6
- Lab: Part 12 – Setup NetScaler 11 Clustering (TriScale)
- Lab: Part 13 – Configure Published Applications with XenDesktop 7.6
- Lab: Part 14 – Citrix StoreFront 3.x
- Lab: Part 15 – Configure SSL in StoreFront
- Lab: Part 16 – StoreFront load balancing with NetScaler (Internal)
- Lab: Part 17 – Optimize and secure StoreFront load balancing with NetScaler (Internal)
- Lab: Part 18 – Secure LDAP (LDAPS) load balancing with Citrix NetScaler 11
- Lab: Part 19 – Configure Active Directory authentication(LDAP) with Citrix NetScaler 11
- Lab: Part 20 – RDP Proxy with NetScaler Unified Gateway 11
- Lab: Part 21 – Secure SSH Authentication with NetScaler (public-private key pair)
- Lab: Part 22 – Ultimate StoreFront 3 customization guide
- Lab: Part 23 – Securing Citrix StoreFront DMZ deployment
- Lab: Part 25 – Upgrade to Citrix StoreFront 3.7
- Lab: Part 26 – Install/Upgrade Citrix XenDesktop 7.11
- Lab: Part 27 – Getting started with Microsoft Azure
- Lab: Part 28 – Getting started with Citrix Cloud
- Lab: Part 29 – Configure XenDesktop And XenApp Service with Microsoft Azure and Citrix Cloud
- Lab: Part 30 – Configure Identity and Access Management in Citrix Cloud with Microsoft Azure AD
- Lab: Part 31 – Configure NetScaler Gateway Service for XenApp and XenDesktop Service in Citrix Cloud
- Lab: Part 32 – Configure MCS with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 33 – Configure Azure Quick Deploy with XenDesktop and XenApp Service in Citrix Cloud
- Lab: Part 34 – Configure Site Aggregation for Citrix Workspace in Citrix Cloud with XenDesktop 7.x located on-premises
- Lab: Part 35 – Configure a Hybrid NetScaler MA Service environment in Citrix Cloud
- Lab: Part 36 – Configure ShareFile in Citrix Cloud with StorageZones on-premises
- Lab: Part 37 – Upgrade NetScaler HA pair with NetScaler MA Service in Citrix Cloud
- Lab: Part 38 – How to Configure Full VPN Setup with Citrix NetScaler in CLI
- Lab: Part 39 – Configure Multi-Factor Authentication with Azure MFA Service and Citrix Workspace
- Lab: Part 40 – Getting Started with Citrix App Layering
- Lab: Part 41 – Configure Citrix App Layering
- Lab: Part 42 – OS Layer with Citrix App Layering
- Lab: Part 43 – Platform Layer with Citrix App Layering
- Lab: Part 44 – Application Layers with Citrix App Layering
- Lab: Part 45 – Layered Image Deployment with Citrix App Layering
- Lab: Part 46 – Elastic deployment with Citrix App Layering
- Lab: Part 47 – User Layers with Citrix App Layering
- Lab: Part 48 – Windows 10 and PVS with Citrix App Layering
