Citrix Director 7.6 Deep-Dive Part 5: Monitoring & Troubleshooting Anonymous User Sessions

Citrix Blog Repost

Anonymous (unauthenticated) user session support

A new feature of XenDesktop 7.6.

Instead of requiring users to log into Citrix Receiver with Active Directory user credentials, a combination of network security and authentication within the application itself is relied upon.

Anonymous Session Support -refers to running sessions as a set of pooled, local user accounts.

1.  This feature is popular in XenApp in the healthcare industry, since their applications typically have server back-ends with their own logons, separate from users’ AD accounts. Thus, the Windows account running the client application is irrelevant.

2,  Anonymous Session support consists of a pool of local user accounts that are managed by XenDesktop and typically named AnonXYZ, where XYZ is a unique 3-digit value.

More information on Anonymous Session Support feature is available here.

With anonymous sessions, the end user will not know the actual username.}

Each anonymous session is assigned a random name such as ANON001, ANON002, etc.,
1,  Citrix Director helps administrators to view details of each session of XenApp via User Search.  But here is the catch, how to view details of anonymous user session as they do not use Active Directory credentials for the session and the end user has no way to know what the username is?

2,  The Helpdesk Admin needs a way to be able to search for the user’s specific anonymous session, return the Help Desk view and User Details views in order to follow their standard troubleshooting processes.

EndPoint Search

The new functionality introduced for Citrix Director 7.6

It can be leveraged to view details of anonymous user sessions. Typically, the end user will know the name of their endpoint as many times there is a sticker attached to the screen or device with the device (endpoint) name.  When the end user calls into the help desk, they can now tell the Help Desk admin the endpoint name so the Help Desk administrator can start the troubleshooting process using Director.

1,  Sessions running on a particular endpoint device can be viewed through Endpoint Search functionality.

2,  Administrators can search for the client device and a list of all the sessions launched by that particular client are provided (as shown in the below screenshot), from which the administrator can choose the required session to view details of that session.

3,  Searching for an endpoint can be expensive across a large number of sites.

In order to improve performance, we have provided the ability to “group” endpoints. This is accomplished via the Director Config Tool, which restricts the search within a defined group. How do you group endpoints? All you have to do is run the Director Config Tool, select /createsitegroups, provide the IP and a name and your done!  Once the configuration is complete, the “Select a group” option will be available as part of the search view.

Note: Endpoint Search results include all clients from which a session is launched irrespective of whether the session is an anonymous user session or not.

If Director is monitoring multiple sites, the landing page after login will have search option for endpoint.

Within another view of Director, administrators can search for endpoint sessions using the new Search button on the ribbon bar of Director:

Below is the Screenshot of List of sessions running on a particular client machine:

Note: The endpoint names must be unique in order for Director to be able to search and return the appropriate session.

Details of Anonymous User Session in Client Details view:

  • Session Details: Anonymous field in Session Details Panel is used to indicate whether the session is Anonymous Or Not (As mentioned in the note above, Endpoint Search is not limited to Anonymous User Sessions).

Activity Manager and Machine Details Panel are similar to the User Details Page.

Note:  Shadow is disabled for Anonymous Sessions, as Anonymous user accounts are guest accounts that do not have permissions for Shadowing.

  • LogonDuration:  Logon Duration in Client Details Page is only for the current session and 7 day averages of logons from the client device, unlike when viewing a specific user, and the 7 day average is the average from that Delivery Group.Duration for each Logon Steps like Brokering etc. provided are same as in User Details Page.More on Logon Duration can be found here.
  •  Personalization: Reset Profile and PvD Reset Buttons will be disabled and Panel displays  “not available” as Anonymous User Accounts do not use Citrix Personalization Components.
  • HDX Insight : Network Data from HDX Insight will not be available for Anonymous Users.

Anonymous User Sessions In Filters View:

Director also facilitates the ability to filter out all Anonymous User Sessions through Sessions in Filters Page.

This provides the ability to quickly perform global actions on anonymous sessions (i.e. logoff) as needed.

Navigate to Filters->Sessions Page and use filters to select “Anonymous is Yes”  



Note: In the screenshot above, observe that Endpoint Name column is clickable. Clicking on Endpoint Name leads to the same behavior as Endpoint Search.


Adding to Director’s Help Desk functionality to include the ability to search and troubleshoot endpoints and machines allows the Help Desk to expand their troubleshooting use cases and enables one tool and one process for first call resolution.

Citrix Director 7.6 Deep-Dive Part 4: Troubleshooting Machines

Citrix Director 7.6 Deep-Dive Part 4: Troubleshooting Machines


XenDesktop 7.6 now includes machine details in Citrix Director. These details enable IT administrators to get more insight about the machines in use. The machine details page consists of machine utilization, infrastructure details, number of sessions, and hotfix details. With this new addition, the administrators can view machine-level details on the Director console itself.

As shown in the screenshot below, after logging into Director, you can now search for a machine directly by selecting “Machine” in the dropdown list on the left and then entering the name of the machine in the “Search for machine” field on the right.

The Director administrator can now configure Site groups as an additional search filter to narrow down results to these specific groups. Create the groups in the Director server by running the configuration tool with the following command prompt:

C:inetpubwwwrootDirectortoolsDirectorConfig.exe /createsitegroups

Then provide a Site group name and an IP address of the Site’s Delivery Controller to create the Delivery Group, as shown in the following screenshot:

After the Site groups are created, the administrator can select a group from the newly added “Select a group” field:

All machines that match the search string entered appear in the “Search for machine” dropdown. Then the administrator can select the appropriate machine to navigate to machine details page.

The machine details page has five sections:

  1. Machine Details
  2. Machine Utilization – CPU and memory usage
  3. Sessions – The total number of connected and disconnected sessions
  4. Infrastructure Panel – Hypervisor and Delivery Controller sections
  5. Hotfixes

Machine Details

The panel consists of the following fields:

  1. Machine name: The domainmachine name of the machine selected.
  2. Display name: The display name of the machine as configured while creating and publishing the Delivery Group.
  3. Delivery Group: The Delivery Group that contains the machine selected.
  4. Machine Catalog: The catalog that contains the machine selected.
  5. Remote PC access: Indicates whether the selected machine is configured for Remote PC Access.
  6. Site name: The Site name with which the machine is associated.
  7. Registration state: Indicates whether the machine is registered with the Delivery Controller.
  8. OS type: Indicates the operating system running on the machine.
  9. Allocation type: Indicates whether the allocation is static or random.
  10. Machine IP: Gives the IP address of the machine (Ipv4/Ipv6).
  11. Organizational unit: Gives the organizational unit with which the machine is associated in Active Directory.
  12. VDA version: Gives the version of the XenDesktop VDA installed on the machine.
  13. Host: Indicates the name of the hypervisor host as configured on Studio.
  14. Server: Indicates the name of the hypervisor as seen on the hypervisor console, such as XenCenter/VSphere/SCVMM console.
  15. VM name: Indicates the name of the virtual machine as seen on the hypervisor console.
  16. vCPU: Indicates the number of vCPUs allocated on the hypervisor for the machine.
  17. Memory: Indicates the memory allocated on the hypervisor for the machine.
  18. Hard disk: Indicates the hard disk allotted to the machine on the hypervisor.
  19. Avg. disc sec/transfer: The average time in seconds per every disk transfer as seen on the performance monitor tool on the machine.
  20. Current disk queue length: The disk queue length as seen on the performance monitor tool on the machine.
  21. Load evaluator index: This field, which is only present for server OS machines, gives a measure of the load on the server machine distributed across CPU, memory, disk and session count.

The Director admin can perform some additional operations on machine details page:

a)      Power Control – The Power Control dropdown allows the user to shut down, restart, force restart, force shut down, and start a virtual machine. To perform these power control operations on Remote PC machines, you must configure the XenDesktop Wake on LAN feature.

b)      Manage Users – You can now assign users to the machine directly from Director console. To do so, click the Manage Users button, which opens up the popup below:

c)      Maintenance Mode – You can now set the maintenance mode for the machine from the Director console by clicking on the Maintenance Mode button on the machine details panel. You can turn it off by clicking the same button again.

Machine Utilization

The Machine Utilization panel displays memory and CPU usage over the past minute so IT admins can monitor the load on the machine from the Director console. This enables help desk admins to solve issues related to slow and poor performance in user sessions because of either CPU or memory usage overload. The panel is updated every five seconds.


The Sessions panel shows the total number of sessions associated with the machine, including the number of connected and disconnected sessions. The numbers are hyperlinks that redirect to the Filters page.


The infrastructure is divided into two sections, hypervisor status and Delivery Controller.

Hypervisor Status – The alerts set on the hypervisor host are shown in this section. (Note: Alerts set on HyperV host currently are not supported.)

Delivery Controller – This panel consists of multiple fields that are explained below:

a)      Status: Status of the Delivery Controller, either online or offline. For example, the Director server is either unable to reach the Delivery Controller, or the Broker Service on the Delivery Controller is not running.

b)       Services: Shows the number of core services that are currently not available, including Citrix AD Identity Service, Broker Service, Central Configuration Service, Hosting Unit Service, Configuration Logging Service, Delegated Administration Service, Machine Creation Services and Monitor Service. Just like the alerts in the Hosts table, the administrator can click the alerts’ text and see a pop up displaying the name of the service, the time the service failed, and the location of that service.

c)      Site Database: Indicates whether the site database is connected. For example, the Delivery Controller is unable to contact the Site database; there is an issue with the database configuration; or there is version mismatch between the database and the service.

d)      License Server: Indicates whether you can connect to the license server configured for the Site. For example, the Controller is unable to contact the license server; if they are running the same machine then the service may be stopped.

e)      Configuration Logging Database: Indicates whether the Configuration Logging Database is connected. For example, the Citrix Configuration Logging Service on the Controller is not running.

Monitoring Database: Indicates whether the Monitoring Services Database is connected. For example, the Delivery Controller is unable to contact the Monitoring Services Database, or the Citrix Monitoring Service on the Controller is not running.


The Hotfixes panel consists of details pertaining to the hotfixes installed on the machine selected. Details displayed include component, component version, hotfix name, hotfix file name, links to Knowledge Center articles and effective date.

Citrix Director 7.6 with XenApp 6.5 – Installation / Setup

Source: Did You Restart?

Citrix Director 7.6 with XenApp 6.5 – Installation / Setup

If you’ve seen some of the demonstrations of the new Citrix Director 7.6 it’s pretty cool!

I wanted to provide the director so that other IT staff here could easily terminate specific process / applications.  They tend to terminate entire sessions when really only a specific process is necessary (frozen app that crashed – we have one in particular that is troublesome).

Below is how I setup and got it to work.  There are actually some pretty decent guides available from Citrix that cover all these steps in decent detail.

Citrix XenApp 6.5 with Hotfix Rollup Pack 2 and 5.
XenApp servers running Windows 2008 R2 SP1
Citrix Director 7.6.1 running on Windows 2012 R2

We’ll need at least the following machines for my mock setup:
1 x Windows 2012 R2 for the Citrix Director. name = Director
1+ x XenApp 6.5 running as the controller (no applications hosted). name = XAController
1+ x XenApp 6.5 session host mode (no xml). name = XA01
Note: you don’t have to install any machines as host mode if you don’t want to, I have redundant controller’s that don’t host any apps, and then install all my “app” servers as session host mode.

Setup Citrix Director: (Director)

  1. Install and configure your Windows 2012 R2 server
  2. Install IIS
    1. Web Server
      1. Common HTTP Features:
        1. Default Document
        2. Directory Browsing
        3. HTTP Errors
        4. Static Content
        5. HTTP Redirection
      2. Health and Diagnostics:
        1. HTTP Logging
        2. Logging Tools
        3. Tracing
      3. Performance:
        1. Static Content Compression
        2. Dynamic Content Compression
      4. Security:
        1. Request Filtering
        2. Basic Authentication
        3. Windows Authentication
      5. Application Development:
        1. .Net Extensibility 4.5
        2. ASP
        3. ASP.NET 4.5
        4. CGI
        5. ISAPI Extensions
        6. ISAPI Filters
        7. Server side Includes
      6. Management Tools:
        1. IIS 6 Management Compatibility:
          1. IIS 6 Metabase Compatibility
          2. IIS 6 Scripting Tools
          3. IIS 6 WMI Compatibility
        2. IIS Management Scripts and Tools
          1. Management Service
    2. Install the below features:
      1. .Net Framework 4.5 Features:
        1. WCF Services:
          1. HTTP Activation
          2. TCP Port sharing
      2. Windows Process Activation Service:
        1. Process Model
        2. Configuration APIs
  3. Install dotnet 4.5.1
  4. From the XenApp / XenDesktop 7.6 installation iso download
    1. Navigate to x64Desktop DirectorDesktopDirector.msi and install
    2. go to x64Citrix PolicyCitrixGroupPolicyManagement_x64.msi and install
  5. Open cmd prompt (runas administrator)
    1. navigate to inetpubwwwrootdirectortools
    2. DirectorConfig.exe /registerdotnet
    3. DirectorConfig.exe /xenapp XAController (this is your XenApp Farm’s Controller name).
      1. To add more than 1 name separate with a comma.  XAController1, XAController2
      2. There is no need to enter non-controller XenApp servers here.  So Session host mode XenApp servers that do not run the xml service for instance should not be configured in this setting.
  6. Ensure that your firewall is configured to allow ports 443, 80, 2513

Setup Session Host XenApp Server: (XA01)

  1. Attach your XenApp 7.6 iso to your server
    1. Alternately you can copy the following files from your download to a central location:
      1.  x64Virtual Desktop ComponentsConfigRemoteMgmt.exe
      2.  x64Virtual Desktop ComponentsInterop.NetFwTypeLib.dll
      3.  SupportDirectorWMIProviderDirectorWMIProvider_x64.msi
  2. Install SupportDirectorWMIProviderDirectorWMIProvider_x64.msi
  3. Ensure dotnet 4.0.30319 or higher is installed
  4. Open a cmd prompt (runas administrator)
    1. navigate to x64Virtual Desktop Components (or where you put the files)
    2. winrm qc
      1.  yes if prompted
    3.   ConfigRemoteMgmt.exe /configwinrmuser “mydomainsecuritygroup” /all
  5.  Ensure that port 2513 is open

Remote Assistance: (XA01)

  1. On the XenApp session host server ensure that the feature “Remote Assistance” is installed.
  2. Configure the GPO for remote assistance
    1. computer config/administrator templates/system/remote assistance
      1. offer remote assistance and helpers.

PrePopulate Domain at Logon: (Director)

  1. Now we can also prepopulate the domain box at the logon screen
  2. This site lays it out very nicely.
    1. Edit inetpubwwwrootdirectorLogOn.aspx
    2. Find the section with the following: asp:TextBox ID=”Domain” runat=”server” CssClass=”text-box”
    3. Add the following:  Text=”” readonly=”true”
    4. refresh the screen

Force SSL and redirect Default Web Site: (Director)

  1. I like to force SSL for most of my sites.  Also I like to redirect the Default so I don’t have to type in the directories.
  2. Redirect Default Website
    1. On Default Web Site open HTTP Redirect
    2. Check the “redirect requests to this destination”
    3. Enter the path https://servername/Director  (instead of servername you could also use a DNS name that you setup that is easier to remember)
    4. Check “redirect all requests to exact destination”
    5. Apply
    6. Restart the website
  3. Force SSL
    1. On the default site open bindings
    2. Add https
    3. select the servername ssl cert
    4. OK
    5. Highlight the http binding
    6. Remove
    7. Restart the website and then test navigation to https://servername
    8. Also test http://servername and it shouldn’t work.

A blog dedicated to Citrix technology

There's More to the Story: a blog about LIFE, chronic illness, and Mental Health

I’m the loud and relentless "patient" voice and advocate they warned you about. I happen to have type 1 diabetes, ADHD, anxiety, OCD, PCOS, endometriosis, thyroid issues, asthma, allergies, lactose intolerance (and more), but there’s more to story.


Learn Troubleshoot and Manage Windows

Dirk & Brad's Windows Blog

Microsoft Platform How To's, Best Practices, and other Shenanigans from Highly-qualified Windows Dorks.

Ingmar Verheij

About Citrix, Remote Desktop, Performance, Workspace, Monitoring and more...

Virtual to the Core

Virtualization blog, the Italian way.

CloudPundit: Massive-Scale Computing

the business of Internet infrastructure, cloud computing, and data centers

Every Cloud Has a Tin Lining.


See no physical, hear no physical, speak no physical -

Ask the Architect

My workspace journey

The weblog of an IT pro specializing in virtualization, storage, and servers


a place under control of his big head

this is... The Neighborhood

the Story within the Story

Yellow Bricks

by Duncan Epping


Enterprise Storage Engineer

My Virtual Vision

My thoughts on application delivery