Introduction
"I choose a lazy person to do hard labor. Because a lazy person will find an easy way to do it "
. - Bill Gates
Many people know that I am a big proponent of laziness in IT (and I wrote about this before, too) Lazy approach is actually very difficult -. it takes a lot of effort to learn to minimize the amount of work and be more efficient as you can imagine, it takes a lot. short-term time. in my case, I prefer to automate repetitive or time-consuming tasks, but there are also other ways how you can save some time.
one of the reasons why people create blog posts is to have a simple way to answer questions that are asked by many different customers. When a customer asks you a question, you can spend a lot of time discussing the subject, or ideally point to the existing article where the topic is explained. In the absence of such an article, it is best time to create one!
Drain maintenace
When dealing with the environment that is shared by multiple users, drainage concept of the hold mode is very important. Drain-maintenance fashion is used in scenarios where you can not move resources - two most typical examples are the virtual machines that are hosted on the local storage (without storage capacity of movement) and scenario where one operating system provides the environment for multiple users (movement of the session is technically not possible - I do not want me started talking about mutex and semaphores). You want to have the ability to put this resource in the drain-mode - leave intact existing sessions (including the ability to reconnect to a disconnected session), but redirect all new incoming requests to another resource. Once all virtual machines existing sessions are gone, you can proceed to the resource (either the XenApp server or physical host).
When dealing with customers who are migrating from previous versions of XenApp, load evaluators assignment is one of the common topics (as well as the impact of the environment on their workers' groups). To explain the context - in the past it was very common to create custom load evaluator (often called "No New Logons" or "Maintenance") which will report full load (10,000) when assigned to the server. There were generally three reasons why customers have chosen this method:
- Since the sale LE has been stored in the data store, you can assign it to the server that was offline
- personalized tHE reject new sessions, but it will reconnect to your existing session
- personalized lE affect only ICA connections, but the RDP connection for administrators will still be allowed
XenApp 6.5 approach to maintenance
with XenApp 6.5, can directly assign load evaluators to specific servers was removed, instead you assign appraisers charge to the entire server group. This is necessary to support dynamic provisioning and ability to manage a group of servers as a single entity. However, customers are looking for a way how to set a single server in maintenance mode.
This functionality is provided in XenApp 6.5 logon mode control. It simply allows you to specify several different parameters (information below was taken from our official documentation):
- Allow connections and reconnections . Enable all connections, reconnections, and session sharing (default).
- Prohibit logons and reconnections . Redirect all logons, reconnections, and session sharing to other servers.
- Prohibit logons only . Reroute new connections and session sharing, but that allows users to reconnect to disconnected sessions. This condition persists until you change it manually.
- Prohibit logons until the server restarts . Reroute new connections and session sharing, as above, but after restarting the server, the setting automatically changes to Allow connections and reconnections .
Although the connection control allows you to configure the flight maintenance (disabling new connections, while retaining the ability to reconnect to existing sessions), there are however some issues that are very common:
- This is just using the "logon change" command, so you can apply them only to the online server
- Setting drain mode will disable all connections, including RDP access for maintenance purposes
the common mistake is that XenApp is just using the RDS login mode. the confusion arises in part because the logon method XenApp and RDS login mode are synchronized - so when you change the RDS login mode, the change is automatically replicated to store data (and vice versa)
[ Ability to use RDP
When you disable access to the server, you can use RDP to connect to the server (for example to solve problems). However, if you try to RDP, you will get the following screen:
This should behavior - however, you can still use admin RDP to connect to this server (mstsc / admin). RDP is disabled access for regular users, but it is still possible for the administrator to connect to the drain in server mode.
Ability to disable access to the server offline
logon mode for RDP is the server configuration that is stored in the registry. connection mode configuration is stored in the registry in two locations:
HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Control Terminal Server TSServerDrainMode
0 = Allow all connections
1 = Allow reconnections but prevent new logon to restart
2 = Allow reconnections, but prevent new login
HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows NT CurrentVersion Winlogon WinStationsDisabled
0 = enabled
1 = Disabled
If the server is in drain mode, WinStationDisabled is always 0 (on).
Now, the interesting part is that XenApp logon command is actually managed data store is updated using the LHC synchronization notification. So when you change the logon mode in the console, this change is not immediately done on the registry of the target machine. When the XenApp server is offline and you change the login mode, it will get the notification from the data store during startup and automatically apply the logon mode you have configured in the console. This allows you to change logon mode even if the server is offline.
temporary evacuation mode (Prohibit logons until the server is restarted) is however available when the server is online.
Logon Mode in PowerShell
Especially in larger environments and dynamic, it is very common to automate the entire maintenance process. If you want to automate the assignment of connection modes, there are two commands you can use:
To assign the server connection mode:
Set-XAServerLogOnMode -LogOnMode $ LogonMode $ -ServerName server
Since the logon mode enumeration, you can use this universal method for all values allowed:
[enum] :: GetValues ( "Citrix.XenApp.Commands.LogOnMode")
to save time, I will also list all the valid values for $ LogonMode:
- AllowLogOns
- ProhibitNewLogOnsUntilRestart
- ProhibitNewLogOns
- ProhibitLogOns
for the logon mode assigned to the server, it is one of the properties of regular server object:
$ (Get-XAServer -ServerName $ server) .LogonMode
Summary
- Using the custom load evaluator was just a workaround to provide the necessary functionality in previous versions of XenApp, but with the availability of login modes there is no reason to use the old approach
- directors always get the RDP disabled access servers to perform administrative tasks
- Since the logon mode is implemented by IMA, it is possible to disable the server even if it is offline
Zugec Martin
0 Komentar