Background
Using Citrix Profile Management with profile streaming enabled should keep your logon times pretty low. Recently, they updated the version of our Antivirus (Trend Micro) to the latest, and suddenly I started seeing desktops fail with “session prepare failure” errors. After much investigation it had something to do with the behavior monitoring feature of the AV software hanging Citrix Profile Management long enough to cause the desktop to freeze/unregister. Turning off the profile streaming option fixed that issue.
Since then I have noticed logon times have skyrocketed. I used to see an average logon time of about 30 seconds, and after disabling profile streaming I see average times well over 1 minute (some individuals as high as 5 minutes).
In order to try to get our logon times back down to a reasonable time I wrote a script to investigate the profile store. I found a few folders which contain a ton of files – files that have to be copied in at each logon slowing things down.
The Fix
I wrote a blog post a while back about using a Powershell Script to redirect folders via symbolic links. You can find that here https://www.citrixirc.com/?p=315. We can use that same method to redirect “bad” folders, but using Citrix Workspace Environment Management instead (no need to learn how to script!). NOTE: Users must have the “Create symbolic links” right!
Instructions
Of course, you are going to need WEM setup in your environment. Carl Stalhood has a great step by step on how to set it up here http://www.carlstalhood.com/workspace-environment-manager/.
A couple of caveats I would add to his blog post:
If you are installing on a PVS image before shutting down your maintenance/private mode vdisk to re-seal, kill the Norskale Agent Host Service. For whatever reason if you don’t do this it can cause your vms in standard mode to take an obscenely long time to shutdown.
If you have a PVS environment and you have redirected the WEM cache to the persistent drive use a startup task to refresh the cache, force restart the Norskale Agent Host Service, and start netlogon after. If the cache doesn’t already exist WEM doesn’t seem to check with the WEM server. You have to create the cache, and then restart the service so that it reads it, and force restarting the Norskale Agent Host Service will stop netlogon (dependent on it). Chicken or the egg thing…
Assuming you have WEM setup and running:
Create a Folders and Files action that creates the redirected folder structure in the user home directory or where ever you want to put it. In the \\server\share\VDIPaths (or whatever you name it) have the folder structure laid out for all the folders you wish to redirect (empty folders) – this is your folder “template” directory:
ie: \\server\share\VDIPaths\Recent
\\server\share\VDIPaths\IELocal\DOMStore
\\server\share\VDIPaths\GoogleChrome\Googlelocal
etc.
The source path is the folder you just created and the target is where you want to put it. Make sure overwrite target if existing and run once are unchecked
Under Options – Copy Directory Content (creates the folder structure in the user’s %homeshare% folder or where ever you put it), and make sure the Execution order is “0” – happens first.
Next we need to perform 3 tasks for each folder you want to redirect to the user %homeshare%\VDIPaths folder (or where ever you decide to put it)
We will first move the existing data in the profile to the redirect location, second delete the existing data in the profile, and finally create the symbolic link.
Move
The first thing we do is create the move operation. Name it whatever you want. The source is the local profile path to the user, and the target is where we want to move the files
Under the Options Tab select Move Directory Content and set the execution order to 1. We want the “VDIPaths\Recent” folder to have been created already by the create task
Delete
Set the source path to the directory you want to delete
Under the Options Tab select Delete Files / Folders and set the Execution order to 2 as we want the files to be moved to the new location prior to deleting.
Create the Symbolic Link
The Source will be the %homeshare% location, and the target will be the local profile path location.
Under the Options tab set the action to Create Directory Symbolic Link and set the execution order to 3.
Assign tasks
Assuming you have already setup configured users you can now assign the 4 tasks above to your test user or group. Going forward you will only need to create the latter 3 tasks, and just make sure you update the “template” directory accordingly.
Assign the first task (create VDI_Paths in my case) setting always true
Assign the second task (Move Recent in my case) setting always true
Assign the third task (Delete Recent in my case) setting always true
Assign the 4th task (Recent_Symbolic_Link in my case) setting always true
0 – Create VDI_Paths – copies the folder structure to the user’s %homeshare% directory
1 – Move Recent – moves the contents of %appdata%\Microsoft\Windows\Recent to %homeshare%\VDIPaths\Recent
2 – Delete Recent – deletes the %appdata%\Microsoft\Windows\Recent folder
3 – Recent_Symbolic_Link – Creates a symbolic link at %appdata%\Microsoft\Windows\Recent pointing to %homeshare%\VDIPaths\Recent
You end up with something that looks like this:
If you click into the Recent symbolic link you will see it still looks like it is on the local C: drive as far as the path goes, but it is “redirected” to the path you specified. If it does not work check the Norskale Vuem Agent.log file in the user profile, and look for the error. If it is a permissions issue, then you probably have to allow the user to create symbolic links via gpo and/or local policy (I put it both places just to be sure it takes).
I have done this for the following paths thus far with success
%appdata%\Microsoft\Windows\Recent – all the recent places/docs a user has opened
%appdata%\Microsoft\Signatures – Outlook signatures
%localappdata%\Apps\2.0 – This one is for clickonce apps – I also had to make another task to create the “Apps” folder in the local profile in case it doesn’t exist (only one that is different from the rest)
%localappdata%\Microsoft\Internet Explorer\DOMStore – some IE cache that gets quite large
%appdata%\Microsoft\Office\Recent – all recent Office docs
%localappdata%\Google – Chrome cache
%appdata%\Mozilla – Firefox cache
%localappdata%\Mozilla – Firefox cache
%localappdata%\Apps\Evernote – Evernote (unfortunately some of my users need this)
%localappdata%\WebEx – WebEx Cache
Once you are certain all of the existing data for each of your users has been moved to their %homeshare% directory (or where ever you put it) you can exclude those folders from UPM, and remove the Move/Delete tasks. It won’t hurt to leave them though…
Hi,
Why would i want to keep the application cache distant on a file server, i think it would be better to solve the AV problem with Streamed Profiles, have you ever got it solved? sounds like a real pain
The problem I had is that Trend Micro’s behavior monitoring (part that stops ransomware) was delaying the UPM file system driver – causing the machine to hang/unregister. The file system driver is a .sys file and the only extension I can exclude from behavior monitoring are .exe files (and believe me all the citrix .exe files are set to be excluded). In any case turning off profile streaming is the only way to correct it – aside from disabling the behavior monitoring piece (not an option). I have read of similar headaches from other AV platforms as well where disabling the profile streaming is the fix.
The reason I move the application caches to a file share (CIFS) is because at logon with profile streaming off it would have to copy in EVERYTHING before the user got to the desktop… greatly increasing the user logon times. Browser caches alone can be huge, and copying in thousands of itsy bitsy files from the “Recent”/”DOMStore” directories can take forever.
Hello David,
Which version of Trendmicro are you guys using?
thanks
v12 I believe.
on a side note
for some reason, I had to use “Copy Directory Content” instead of “Move Directory Content”
Thanks David. Your settings are all to redirect AppData subfolders. I’m trying to determine the best way to manage common folder redirection, e.g. Documents, Favorites, etc. WEM has redirection settings for UE-V and other profile-handling methods, but not for Citrix UPM. I feel like I’m missing something.
Never mind my previous comment. I thought that USV = UE-V. I realize now that USV is just roaming profiles and folder redirection, so the folder redirection part should be used alongside Citrix UPM.
[…] WEM > WEM Agent > PvS – link to CTA David Ott’s blog post […]
[…] CTA David Ott at Using Citrix Workspace Environment Management to Redirect Folders via Symbolic Links – Speed Up Lo…: before shutting down your maintenance/private mode vdisk to re-seal, kill the Norskale Agent Host […]
Fabulous! Used it to redirect OneNote folder in the appdata\local.
Thank you a bunch for sharing this with all of us you really know what you’re talking about!
Bookmarked. Please additionally seek advice from my web site =).
We can have a hyperlink change arrangement among us