XenApp 7.5“使用SPN HOST /和IP地址的故障工作人员回调”
时间:2020-03-21 11:48:55 来源:igfitidea点击:
当XenApp 7.5虚拟交付代理(VDA)托管在Windows Server 2008 R2 x64数据中心上时,似乎也无法连接到ADC。
“Fail worker callback using SPN HOST/ and IP address"
我们的设置
以下是我们正在使用的测试环境。
- 在Windows Server 2012 x64 Standard上运行的XenApp 7.5 ADC(未能在Windows Server 2008 R2 SP1 x64 Datacenter上运行)
- 10.20.0.75,cont2012.adtest.local
- 在Windows Server 2008 R2 SP1 x64数据中心上运行的XenApp 7.5 VDA
- 10.20.0.72,vda2008.adtest.local
- Active Directory域控制器(Windows Server 2008 R2 SP1 x64数据中心)
- 10.20.0.10(域:adtest.local)
- ADC和VDA均连接到AD DC
- Windows防火墙在AD DC,ADC和VDA上处于关闭状态,未设置其他防火墙
- 没有安装防我将毒软件,因此没有内置防火墙
连接性和安全性。
- Ping对IP和FQDN都起作用,DNS解析没有问题
- Kerberos密钥分发服务已启用并在AD DC上运行
- VDA上“ ListOfDDCs”的注册表值设置为cont2012.adtest.local
- HKEY_LOCAL_MACHINE \ Software \ Citrix \ VirtualDesktopAgent \ ListOfDDCs(REG_SZ)
- ADC计算机已添加到VDA本地管理员组
- VDA计算机已添加到ADC本地管理员组
- ADC计算机已添加到VDA安全策略中,用于“从网络访问此计算机”
- VDA计算机已添加到ADC安全策略中,用于“从网络访问此计算机”
Web服务器已启动并在端口80上的ADC上运行,并且可以通过telnet和Web浏览器从VDA和AD DC访问。
故障排除
VDA日志
VDA日志记录已根据Citrix的说明进行了设置:https://support.citrix.com/article/CTX117452
BrokerAgent:ConstructAndResolveRegistrarNames: Using IP Addresses; IP 10.20.0.75, Hostname cont2012.adtest.local, m_UseIpv6Registration = False BrokerAgent:=========>>>>> Attempting registration with following controller(s): cont2012.adtest.local (10.20.0.75) BrokerAgent:AttemptRegistrationWithSingleDdc: Attempting to talk to controller... BrokerAgent:AgentHeartBeat m_connectionId = S-1-5-21-3517788518-937966496-1463735470-1123:D3C3710AC76B5DFA810F54CB97E93141:635322141639732680 BrokerAgent:CurrentSettingsVersion is 0; BrokerAgent:We are attempting to register with DDC 'cont2012.adtest.local'; Previous successful registration was with DDC '' BrokerAgent:Sending CurrentSettingsVersion = 0 to DDC to force policy delivery BrokerAgent:Registration request 7.5.0.4523 Windows 2008 R2 Service Pack 1 Microsoft Windows NT 6.1.7601 Service Pack 1S-1-5-21-3517788518-937966496-1463735470-1123NULL0. BrokerAgent:request.WorkerCapabilities CBP1_5 BrokerAgent:request.WorkerCapabilities MultiSession BrokerAgent:Registration multi-session Type MultiSession. BrokerAgent:AttemptRegistrationWithSingleDdc: Failed to register with http://CONT2012.adtest.local:80/Citrix/CdsController/IRegistrar. WCF Fault with detail CallbackCommunicationError, message 'Fail worker callback using SPN HOST/VDA2008.adtest.local and IP address 10.20.0.72' BrokerAgent:TimedEventLogWorkItemManager::ProcessWorkItemThreadBody - Processing BrokerAgent:TimedEventLogWorkItemManager::ProcessWorkItemThreadBody - Sleeping 599999ms BrokerAgent:AttemptRegistration: Could not register with any controllers. Waiting to try again in 120000 ms. Multi-forest - False
ADC上的Windows事件日志
Citrix经纪人服务:
The Citrix Broker Service failed to contact virtual machine 'VDA2008.adtest.local' (IP address ). Check that the virtual machine can be contacted from the controller and that any firewall on the virtual machine allows connections from the controller. See Citrix Knowledge Base article CTX126992. Error details: Exception 'The request channel timed out while waiting for a reply after 00:00:05. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation Jan have been a portion of a longer timeout.' of type 'System.TimeoutException'.
Citrix桌面服务:
The Citrix Desktop Service cannot connect to the delivery controller 'http://CONT2012.adtest.local:80/Citrix/CdsController/IRegistrar' (IP Address '10.20.0.75') Check that the system clock is in sync between this machine and the delivery controller. If this does not resolve the problem, please refer to Citrix Knowledge Base article CTX117248 for further information. Error Details: Exception 'Fail worker callback using SPN HOST/VDA2008.adtest.local and IP address 10.20.0.72' of type 'System.ServiceModel.FaultException`1[Citrix.Cds.Protocol.Controller.Fault]'..
VDA上的Windows事件日志
The Citrix Desktop Service has detected that the delivery controller cont2012.adtest.local (IP Address 10.20.0.75) cannot connect to the Service. One possible reason for this is that the 'Access this computer from the network' security policy does not allow the delivery controller server identity to access this machine. Please check that a local or group policy is not set incorrectly to disallow access from the delivery controller servers.
XDPing工具
Citrix XDPing工具(https://support.citrix.com/article/CTX123278)已设置为帮助解决问题。
下面的ADC输出。
XDPing 2.2.0.0
Created by Citrix Systems Engineering and Escalation teams.
Checking version : You are using the latest version.
-------------------------------------------------------------------
Local Machine::
NetBIOS Name = CONT2012
OS Version = Microsoft Windows NT 6.2.9200.0
Platform = X64 Platform
Computer Domain: adtest.local
Role = Member Server
Membership = Verified, SID:S-1-5-21-3517788518-937966496-1463735470-1128 [OK]
-------------------------------------------------------------------
User::
User Name = administrator
User Domain = ADTEST
Authentication = Kerberos [OK]
Groups:
ADTEST\Domain Users
Everyone
BUILTIN\Users
BUILTIN\Administrators
NT AUTHORITY\REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
NT AUTHORITY\This Organization
LOCAL
ADTEST\Group Policy Creator Owners
ADTEST\Domain Computers
ADTEST\Domain Admins
ADTEST\Enterprise Admins
ADTEST\Schema Admins
ADTEST\Denied RODC Password Replication Group
-------------------------------------------------------------------
Local Machine Time::
UTC = 4/4/2014 2:43:33 PM
Local = 4/4/2014 3:43:33 PM (GMT Daylight Time)
DST = Yes
NtpServer = time.windows.com,0x9
-------------------------------------------------------------------
Domain Controller(s) Time::
Date/Time from adtest.local : 4/4/2014 3:43:33 PM : Time difference (mins): 0 [OK]
-------------------------------------------------------------------
Network Interfaces::
NIC #0 "Ethernet":
Network = Ethernet, 1Gb/s, Up
MAC = 00:11:22:D4:89:00
DNS servers = 10.20.0.10
Gateways = 10.20.0.1
DHCP server = 10.20.0.1
Address #0 = 10.20.0.75/255.255.255.0, Preferred, Origin=Dhcp/OriginDhcp
Lease = 5400/3063/3063
NIC #1 "Loopback Pseudo-Interface 1", Loopback:
Network = Loopback, 1073Mb/s, Up
DNS servers = fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1
Address #0 = ::1/0.0.0.0, Preferred, Origin=WellKnown/WellKnown
Lease = 2359/4294967295/4294967295
Address #1 = 127.0.0.1/, Preferred, Origin=WellKnown/WellKnown
Lease = 2359/4294967295/4294967295
NIC #2 "isatap.{5DF39DBE-C24F-4D98-80CE-E324E17C10FB}":
Network = Tunnel, 0Gb/s, Down
MAC = 00:00:00:00:00:00:00:E0
DNS servers = 10.20.0.10
Address #0 = fe80::5efe:10.20.0.75%14/0.0.0.0, Deprecated, Origin=WellKnow
n/LinkLayerAddress
Lease = 2299/4294967295/4294967295
NIC #3 "Local Area Connection* 11":
Network = Tunnel, 0Gb/s, Down
MAC = 00:00:00:00:00:00:00:E0
Address #0 = fe80::100:7f:fffe%13/0.0.0.0, Deprecated, Origin=WellKnown/Li
nkLayerAddress
Lease = 2348/4294967295/4294967295
-------------------------------------------------------------------
WCF Endpoints: CitrixBrokerService::
C:\Program Files\Citrix\Broker\Service\BrokerService.exe
Version Number :7.5.0.4526
XenDesktop version 7.5.0.4526
wsHttpBinding:
Citrix.Broker.Admin.SDK.IBrokerAdminService:
http://localhost/Citrix/BrokerAdminService/v2:
Ping Service: /Citrix/BrokerAdminService/v2
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.Broker.Admin.IBrokerAdminQuery:
http://localhost/Citrix/BrokerAdminQuery/v1:
Ping Service: /Citrix/BrokerAdminQuery/v1
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.EnvTest.Interfaces.IEnvTestApi:
http://localhost/Citrix/BrokerEnvTests/v1:
Ping Service: /Citrix/BrokerEnvTests/v1
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.Cds.Protocol.Controller.IRegistrar:
http://localhost/Citrix/CdsController/IRegistrar:
Ping Service: /Citrix/CdsController/IRegistrar
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.Cds.Protocol.Controller.ITicketing:
http://localhost/Citrix/CdsController/ITicketing:
Ping Service: /Citrix/CdsController/ITicketing
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.Cds.Protocol.Controller.IDynamicDataSink:
http://localhost/Citrix/CdsController/IDynamicDataSink:
Ping Service: /Citrix/CdsController/IDynamicDataSink
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.Cds.Protocol.Controller.INotifyBroker:
http://localhost/Citrix/CdsController/INotifyBroker:
Ping Service: /Citrix/CdsController/INotifyBroker
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
-------------------------------------------------------------------
Controller Services::
Service : Licensing services not present [OK]
-------------------------------------------------------------------
DNS Lookups for Local Machine::
Host Name : CONT2012.adtest.local
Address #0 = ::1 (rDNS: CONT2012.adtest.local) [OK]
Address #1 = 10.20.0.75 (rDNS: CONT2012.adtest.local) [OK]
-------------------------------------------------------------------
Event Log Check::
Invalid query
-------------------------------------------------------------------
Windows Firewall Settings::
XDPing has detected that the Windows Firewall service is not runnning. Skippin
g firewall check.
-------------------------------------------------------------------
Summary::
Checking version : You are using the latest version. [OK]
Number of messages reported = 1
下面的VDA输出。
XDPing 2.2.0.0
Created by Citrix Systems Engineering and Escalation teams.
Checking version : You are using the latest version.
-------------------------------------------------------------------
Local Machine::
NetBIOS Name = VDA2008
OS Version = Microsoft Windows NT 6.1.7601 Service Pack 1
Platform = X64 Platform
Computer Domain: adtest.local
Role = Member Server
Membership = Verified, SID:S-1-5-21-3517788518-937966496-1463735470-1123 [OK]
-------------------------------------------------------------------
User::
User Name = administrator
User Domain = ADTEST
Authentication = Kerberos [OK]
Groups:
VDA2008\None
Everyone
BUILTIN\Administrators
BUILTIN\Remote Desktop Users
BUILTIN\Users
NT AUTHORITY\REMOTE INTERACTIVE LOGON
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
NT AUTHORITY\This Organization
LOCAL
ADTEST\Group Policy Creator Owners
ADTEST\Domain Computers
ADTEST\Domain Admins
ADTEST\Enterprise Admins
ADTEST\Schema Admins
ADTEST\Denied RODC Password Replication Group
-------------------------------------------------------------------
Local Machine Time::
UTC = 4/4/2014 4:17:03 PM
Local = 4/4/2014 5:17:03 PM (GMT Daylight Time)
DST = Yes
NtpServer = time.windows.com,0x9
-------------------------------------------------------------------
Domain Controller(s) Time::
Date/Time from adtest.local : 4/4/2014 5:17:03 PM : Time difference (mins): 0 [OK]
-------------------------------------------------------------------
Network Interfaces::
NIC #0 "Local Area Connection":
Network = Ethernet, 1Gb/s, Up
MAC = 00:11:22:84:5C:D9
DNS servers = 10.20.0.10
Gateways = 10.20.0.1
DHCP server = 10.20.0.1
Address #0 = 10.20.0.72/255.255.255.0, Preferred, Origin=Dhcp/OriginDhcp
Lease = 3600/3410/3410
NIC #1 "Loopback Pseudo-Interface 1", Loopback:
Network = Loopback, 1073Mb/s, Up
DNS servers = fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1
Address #0 = ::1/0.0.0.0, Preferred, Origin=WellKnown/LinkLayerAddress
Lease = 216/4294967295/4294967295
Address #1 = 127.0.0.1/, Preferred, Origin=WellKnown/WellKnown
Lease = 216/4294967295/4294967295
NIC #2 "isatap.{F1C84D44-AE9D-4F04-8853-EFCA3BB4C4E2}":
Network = Tunnel, 0Gb/s, Down
MAC = 00:00:00:00:00:00:00:E0
DNS servers = 10.20.0.10
Address #0 = fe80::5efe:10.20.0.72%13/0.0.0.0, Deprecated, Origin=WellKnow
n/LinkLayerAddress
Lease = 170/4294967295/4294967295
NIC #3 "Local Area Connection* 9":
Network = Tunnel, 0Gb/s, Down
MAC = 00:00:00:00:00:00:00:E0
Address #0 = fe80::100:7f:fffe%11/0.0.0.0, Deprecated, Origin=WellKnown/Li
nkLayerAddress
Lease = 212/4294967295/4294967295
-------------------------------------------------------------------
WCF Endpoints: BrokerAgent::
C:\Program Files\Citrix\Virtual Desktop Agent\BrokerAgent.exe
Version Number :7.1.0.4019
XenDesktop version 7.1.0.4019
wsHttpBinding:
Citrix.Cds.Protocol.Worker.ILaunch:
http://localhost/Citrix/VirtualDesktopAgent/ILaunch:
Ping Service: /Citrix/VirtualDesktopAgent/ILaunch
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.Cds.Protocol.Worker.IDynamicDataQuery:
http://localhost/Citrix/VirtualDesktopAgent/IDynamicDataQuery:
Ping Service: /Citrix/VirtualDesktopAgent/IDynamicDataQuery
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.Cds.Protocol.Worker.IQueryAgent:
http://localhost/Citrix/VirtualDesktopAgent/IQueryAgent:
Ping Service: /Citrix/VirtualDesktopAgent/IQueryAgent
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.Cds.Protocol.Worker.IConfiguration:
http://localhost/Citrix/VirtualDesktopAgent/IConfiguration:
Ping Service: /Citrix/VirtualDesktopAgent/IConfiguration
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
wsHttpBinding:
Citrix.Cds.Protocol.Worker.ISessionManager:
http://localhost/Citrix/VirtualDesktopAgent/ISessionManager:
Ping Service: /Citrix/VirtualDesktopAgent/ISessionManager
Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
Service = Listening [OK]
-------------------------------------------------------------------
Workstation Services::
Service : BrokerAgent ("Citrix Desktop Service")
Status = Win32OwnProcess, Running [OK]
Prereq =
LanmanWorkstation (Win32ShareProcess), Running
Service : Citrix Encryption Service ("Citrix Encryption Service")
Status = Win32OwnProcess, Running [OK]
Service : cpsvc ("Citrix Print Manager Service")
Status = Win32OwnProcess, Running [OK]
Prereq =
Spooler (Win32OwnProcess, InteractiveProcess), Running
RpcSs (Win32ShareProcess), Running
-------------------------------------------------------------------
DNS Lookups for Local Machine::
Host Name : VDA2008.adtest.local
Address #0 = ::1 (rDNS: VDA2008.adtest.local) [OK]
Address #1 = 10.20.0.72 (rDNS: VDA2008.adtest.local) [OK]
-------------------------------------------------------------------
Client Details::
(Session ID) (Status) (Name) (Client IP Address):
0 WFDisconnected Services 0.0.0.0
1 WFConnected Console 149.112.255.255
2 WFActive RDP-Tcp#0 10.96.13.81
65536 WFListen ICA-CGP 54.0.1.0
65537 WFListen ICA-CGP-1 54.0.1.0
65538 WFListen ICA-CGP-2 54.0.1.0
65539 WFListen ICA-CGP-3 54.0.1.0
65540 WFListen ICA-HTML5 54.0.1.0
65541 WFListen ICA-TCP 54.0.1.0
65542 WFListen RDP-Tcp 54.0.1.0
Estimated Latency: -1
Estimated Bandwidth: ???
Estimated Network Condition: DIALUP_CONDITIONS
Session Reliability: False
-------------------------------------------------------------------
Event Log Check::
No importent XenDesktop events detected in the last hour.
-------------------------------------------------------------------
Windows Firewall Settings::
XDPing has detected that the Windows Firewall service is not runnning. Skipping firewall check.
-------------------------------------------------------------------
XenDesktop Farm::
Farm GUID (GPO) : Not Set
Farm GUID (local) : NOT SET
Farm GUID In Use : NOT SET
-------------------------------------------------------------------
Registry Based Configurations::
Registry based Controller list (ListOfDDCs) : [Not Conigured]
[Not Conigured]
It is not possible to enurmerate DDC list from VDA [ERROR]
-------------------------------------------------------------------
Summary::
Checking version : You are using the latest version. [OK]
It is not possible to enurmerate DDC list from VDA [ERROR]
Number of messages reported = 2
解决方法
XenApp 7.5 VDA在Windows Server 2012 x64上即开即用。
