Complex multi-forest XenApp environment with access, XML brokers, and Session Hosts members of different forests with two-way trusts between each in place.
- XenApp 6.5 HRP7
- Web Interface 5.4
- StoreFront 3.0.x
As part of a farm consolidation initiative, XenApp 6.5 Session Hosts were transitioned from one farm to a larger farm, retaining their domain membership. Session Hosts joined farm successfully, qfarm /load revealed them ton be online, however application launches from both Web Interface and StoreFront resulted in errors. Event logs on both access tiers were logging either Event ID 30102 or 12346 “The Citrix servers reported an unspecified error from the XML Service at address http://xxxxxxx/scripts/wpnbr.dll [com.citrix.xml.NFuseProtocol.RequestLaunchRef]” or a variation thereof depending on product.
The following were investigated:
- Routing between WISF and XML Broker successful (apps were enumerating)
- Routing between XML Broker and Session Host servers successful
- Validation of firewalls (none were present between components)
- Servers online in farm and server loads within tolerance
- Citrix QuickLaunch of desktop to bypass access tier direct to Session Host successful
- Citrix QuickLaunch via XML Broker to Session Host for published app successful
- Recreated LHC on XML brokers
- Access, XML Broker, and Session Host components within time tolerance for trusts
- XML Broker event logs (no errors found)
- Session Host server event logs (no errors found)
- DNS resolution of Session Hosts in other domain from XML broker
- Trusts between forests were validated with AD SME
Root Cause & Resolution:
Wireshark traces on XML broker taken during failed application launches revealed the XML broker was attempting NetBIOS queries for the Session Host servers located in the other domain. Pinging the hostnames of the Session Host servers from the XML brokers in the farm failed, while pinging FQDNs worked successfully, suggesting a direct reliance on resulting non-qualified domain names shortnames hostnames of Session Host servers were required.
Augmenting the XML broker NIC’s IPv4 Properties > Advanced>DNS>DNS suffix for the domain name of the servers in the other forest domain resolved the issue, and applications commenced launching once all XML brokers in farm were updated with the additional DNS suffixes.
Michael Shuster is Ferroque Systems’ Chief Architect and noted Citrix authority. A passionate virtualization and digital workspaces advocate, he has designed, engineered, or otherwise advised clients on Citrix, VMware, and Microsoft technology platforms across the globe.