Introduction
Often as Citrix Engineers and Administrators, we troubleshoot issues, and that involves inspecting log files. Recently, I had a request from one of our customers to provide them with log file locations of all the Citrix products they use, and surprisingly I found that there was no centralized repository for log file locations. With that being said, I have written this article, which attempts to cover log file locations of each Citrix product. It serves as a single point of reference for log file locations for various Citrix products and stands to be a living reference and will require updates over time. We will do our best to maintain this article on an ongoing basis and community feedback is always welcome.
Citrix Virtualization
Citrix Licensing
The following table contains important log file locations for Citrix licensing Server:
Log File | Purpose | Location |
Access.log | HTTP access events | C:\Program Files\Citrix\Licensing\LS\LogsOn or C:\ProgramFiles(x86)\Citrix\Licensing\LSLogsOn |
Citrix.log | Licenses and license activities | |
Lmadmin.log | License server, console, and administration activities | |
web.log | Web server information |
Citrix Delivery Controller (CVAD aka On-Prem Only)
The following table contains important log file locations for Citrix Desktop Delivery Controller:
Log File | Purpose | Location |
XenDesktop Installation | Contains Installation log for Citrix Xenapp/XenDesktop component | C:\Users\<Install User>\AppData\Local\Temp\Citrix\XenDesktop Installer\ |
Setupapi.log | Setup log files | %SystemRoot%\INF |
Setuppaidev.log | Setup log files with verbose logging | |
Citrix Broker Service.log | Broker Service logs | Set Custom path to log file within CDFControl |
Xdlogs.etl | Persistent CDF trace file | Set Custom path to log file within CDFControl |
For more information on Windows event log messages for Citrix Virtual Apps & Desktops, please refer to this article.
Citrix Cloud Connector (CVADS aka Citrix Cloud Only)
The following table contains log file location for Citrix Cloud Connector:
Log File | Purpose | Location |
Windows Event logs | To debug Proxy related connectivity for the Citrix Cloud Connector, registry settings need to be tweaked to enable logging of Proxy related messages in Windows Application logs. | In Event Viewer >> Windows Application logs |
Citrix Workspace Environment Manager
The following table contains important log file locations for Citrix Workspace Environment Manager (WEM) Agent & Infrastructure components:
Log File | Purpose | Location |
Citrix WEM Agent Init.log | WEM agent session logs |
%userprofile% |
Citrix WEM Agent.log | WEM agent session logs |
|
Citrix WEM Agent Host Service Debug.log | WEM agent debug log | %PROGRAMFILES(x86)%\Norskale\Norskale Agent Host |
Norskale Agent Service | WEM agent viewer logs | Inside Event Viewer >> Application and Services logs |
vuemUIAgent-Traces.svclog | WCF trace for vuemUIAgent.exe | C:\Trace |
NorskaleAgentHostService-Traces.svclog | WCF Traces for Norskale Agent Host Service | C:\Trace |
Norskale Broker Service | WEM Infrastructure Broker Event logs | Event Viewer >> Application and Services Logs |
NorksaleInfrastructureBrokerService-Traces.svclog | Norskale Broker Service log | C:\Trace |
Citrix WEM Console Trace.log | WEM Console Debug log | %userprofile% |
WEMConsole-Traces.svclog | WCF Trace of Norskale Broker Service | C:\Trace |
Citrix WEM Database Management Utility Debug Log.log | WEM Database logs | %PROGRAMFILES(x86)%\Norskale\Norskale Infrastructure Services |
Citrix StoreFront
The following table contains important log file locations for Citrix StoreFront:
Log File | Purpose | Location |
AGServices.svclog | StoreFront Service Logs | C:\Program Files\Citrix\Receiver StoreFront\admin\Trace |
ConfigurationRelication.svclog | ||
DomainServices.svclog | ||
PeerNameResolutionService.svclog | ||
Roaming.svclog | ||
ServiceMonitor.svclog | ||
Store.svclog | ||
Store2Auth.svclog | ||
Store2Web.svclog | ||
Store2000.svclog | ||
StoreAuth.svclog | ||
StoreWeb.svclog | ||
SubscriptionStore.svclog | ||
Ica.log | Log file for launch.ica file | Set custom path to log file |
CitrixMsi.log | Installation log file | C:\Program Files\Citrix\Receiver StoreFront\logs |
StoreFront Events | Event logs for StoreFront Services | In Event ViewerApplications and Services Logs > Citrix Delivery Services Or Windows Logs > Application |
Note: In addition to verbose tracing on the StoreFront, Fiddler trace can be particularly useful when troubleshooting network issues between StoreFront services and Receiver for Web. For this, Fiddler trace should be enabled in StoreFront (Advanced settings), loopback must also be disabled. The confidentiality and integrity of outbound SSL connections which are proxied through fiddler maybe compromised during traffic capture. More information on how to perform the trace can be found here.
Citrix Workspace App
The following table contains important log file locations for Citrix Workspace App (Previously known as Citrix Receiver):
Log File | Purpose | Location |
Receiver_.log | Receiver logging – General | %localappdata%\Citrix\Receiver |
AuthManagerSDK-<Date>.log | Receiver logging- Authentication Manager | %localappdata%\Citrix\AuthManager |
SelfService.log | Receiver Logging – SelfService | %localappdata%\Citrix\SelfService |
trace-pnsson.log | Single Sign On logs | C:\Program Files(x86)\Citrix\Online Plugin\Logs(custom path can be set) |
Receiver_Browser.log | Receiver Logging – Browser | %localappdata%\Citrix\Browser |
Citrix Profile Management
The following table contains important log file locations for Citrix Profile Management (CPM):
Log File | Purpose | Location |
Windows event log | Windows event logs, used primarily for error reporting | %SystemRoot%\system32\LogFiles |
#_pm.log | Profile management log file | %SystemRoot%\system32\LogFiles\UserProfileManager |
#_pm_config.log | Profile management configuration log file | %SystemRoot%\system32\LogFiles\UserProfileManager |
Note: %SystemRoot%\System32\Logfiles\UserProfileManager is the default location for the path to save the log file, this can be changed to a UNC path. Citrix Virtual Desktops Machine Creation Services uses a local persistent folder which is mapped to the C drive (C:\Program Files\Citrix\PVS\Service\PersistedData).For non-persistent instances (PVS, MCS), Citrix recommends using a centralized file share to store log file(NTFS and SMB share permissions should be set for domain computers for read/write) or redirecting log files to a persistent drive attached to the VM so logs can be retained between reboots (this is commonly recommended for VDA event logs as well). Citrix UPM Log Parser can be leveraged to analyze the log files generated by Citrix Profile Management. Its installation and usage can be found here.
Citrix Virtual Delivery Agent
The following table contains important log file locations for Citrix Virtual Delivery Agent (VDA):
Log File | Purpose | Location |
vda_log.log (Windows VDA) |
Contains Citrix VDA Registration and Services Information
Note: Logging needs to be manually enabled |
Locate WorsktationAgent.exe.config (%ProgramFiles%\Citrix\Virtual Desktop Agent\)Under the <appSettings> section replace the value for LogtoCDF to 1
Set LogFileName to a custom path to store the log file |
vda.log (Linux VDA) |
Trace level logs for Linux VDA
This is configured via /etc/xdl/brokeragent.conf |
/var/log/xdl/vda.log |
Windows Event Logs | While troubleshooting VDA registration issues and VDA logon issues, windows event logs are helpful in determining root cause. | In Event Viewer >> Windows Application logs
Select custom views Create a custom view, select all event levels and specify the following event sources: Citrix Desktop Service |
Citrix Provisioning Services
The following table contains log file locations for Citrix Provisioning Services (PVS):
Log File | Purpose | Location |
Target Side Logs | PVS Target logs | C:\Program Data\Citrix\Provisioning Services\Log |
CDF monitor trace files | CDF monitor trace files captured on PVS Server | C:\Windows\cdfmonitor |
Always on Tracing logs | Always on tracing for SQL Server on PVS | C:\ProgramData\Citrix\Provisioning Services\Log\AOT |
Audit logs | PVS provides administrators a way to troubleshoot and monitor recent changes impacting system performance and behavior. To enable auditing within PVS, follow steps listed here. | In Citrix Provisioning Services console, right-click on a managed object, then select Audit Trail option. FilterResults option allows us to filter audit information based on parameters like user, date/time, action, type, domain, etc. |
Citrix Director
The following table contains log locations for Citrix Director:
Log File | Purpose | Location |
Log collection from IIS | Logs are collected by changing the value field in Application setting within IIS
The values for the following settings are changed: Log.Filename |
Set path and filename of log file within Log.FileName application setting in IIS |
CDF Trace files | CDF Trace files collected for Director Service | Select Custom Path within CDFControl (Tools >>Options) |
Citrix App Layering
The following table contains log locations for Citrix App Layering:
Log File | Purpose | Location |
Citrix Enterprise Layering Manager Logs | Citrix ELM Log files contain useful information to resolve application layering issues. | In Citrix Layering Management Console, select System>Manage Appliance
Click Export logsIn the Export log wizard, check the checkbox to include enterprise manager logs and complete the export process Go to the tasks panel and click on the information button to download the .tgz file which contains the ELM logs |
Ulayersvc.log | Unidesk Service Layering log
Note: By default, ulayersvc.log only logs events INFO or higher. For detailed logging, edit ulayer.exe.config file |
C:\ProgramData\Unidesk\Logs\ulayersvc.log |
Layerinfo.log | Unidesk LayerInfo log | Select Custom Path within CDFControl (Tools >>Options) |
Citrix Federated Authentication Services
The following table contains log locations for Citrix Federated Authentication Services (FAS):
Log File | Purpose | Location |
Windows Event logs (FAS Server) | Windows Application logs are particularly helpful while troubleshooting issues relating to User logons on the FAS Server. | In Event Viewer >> Windows Application logs
Select custom views Create a custom view, select all event levels and specify the following event source: Citrix.Authentication.FederatedAuthenticationService |
CAPI Logs (Domain Controllers & Client Machine) | CAPI logs are useful while troubleshooting Authentication errors in a FAS deployment | Enable logging for Microsoft/Windows/CAPI2/Operational Logs
CAPI logging can be controlled using registry key: CurrentControlSet\Services\crypt32 DiagLevel(value name) & 0 to 5 (DWORD) DiagMatchAnyMask(value name) & 0xfffffff(QUADWORD) DiagProcessName(value name) & process name (Multi_SZ) View logs in Event viewer >> Security logs
|
Kerberos Logs
(Domain Controllers & Client Machine) |
Kerberos logs are useful while troubleshooting Authentication errors in a FAS deployment |
Enable logging on Domain Controller and end user machine by creating the following registry values: CurrentControlSet\Control\Lsa\Kerberos\Parameters Log Level (value name) & 0x1(DWORD) KerbDebuglevel (value name) & 0xfffffff (DWORD) CurrentControlSet\Control\Lsa\Kerberos\Parameters KdcDebugLevel(value name) & 0x1(DWORD) KdcExtraLogLevel(value name) & 0x1f(DWORD)
View logs in Event viewer >> Security logs
|
Windows Event log Messages (Domain Controller & Client Machine) | Log entries on the Domain controller and user workstation when users logon with a certificate issued by FAS. The following log messages can be useful:
· Domain Controller CAPI2 log · Domain Controller Security logs · VDA security log · VDA CAPI log · VDA system log |
View logs in Event viewer >> Security logs
|
Citrix Hypervisor (XenServer)
The following table contains log locations for Citrix Hypervisor:
Log File | Purpose | Location |
XenCenter.log | XenCenter client logs | %appdata%\Citrix\XenCenter |
XenCenter Audit Trail.log | Additional user-specific logs | %appdata%\Citrix\XenCenter |
Kern.log, dmesg | XS kernel, disk, NIC messages | /var/log |
Xensource.log | XS command (XAPI) debug logs | /var/log |
Daemon.log | Openswitch daemon logs | /var/log |
Fvt.log | Sanity tests of hardware across reboots | /var/log/fvt |
Citrix Networking
Citrix ADC (NetScaler)
The following table contains the important log file and dump file locations for Citrix ADC:
Log File | Purpose | Location |
newnslog
(Read via nsconmsgs command) |
Main log file in netscaler data format | /var/nslog |
newnslog.xx.gz | Newnslog file (archived) | /var/nslog |
nstrace.x | Trace file collected after running nstrace.sh | /var/nstrace |
vmcore.x.gz | Dump file obtained during crash | /var/crash |
kernel.x | Kernel dump file obtained during crash | /var/crash |
savecore.log | Log file for core dump | /tmp |
ns.log | Syslog file for ADC System | /var/log |
messages | Logged entries | /var/log |
auth.log | Logs for Authentication/Authorization | /var/log |
dmesg.* | Logs containing Hardware/Boot sequence errors | /var/nslog |
Iprep.log | IP reputation logs | /var/log |
EPA logs
Scan done by EPA Plugin nsepa.txt (older scans)/epahelper_epa_plugin.txt (newer scans/OPSWAT) Scan done by native plugin nssslvpn.txt (older scans)/epahelper.txt (newer scans and OPSWAT)
|
Logs for Endpoint Analysis
Note: Logging needs to be enabled on the ADC for logs to be seen on the client machine, this should be enabled only temporarily for troubleshooting purposes. The process of enabling EPA logs on client machines is described here. |
For Windows Vista, 7, 8, and 10:
C:\Users\<username>\AppData\Local\Citrix\AGEE
For Mac OS X systems: ~/Library/Application Support/Citrix/EPAPlugin |
Citrix ADC (NetScaler) – SDX
The following table contains log locations for Citrix ADC SDX – SVM and Citrix Hypervisor (previously XenServer):
Log File (SVM) | Purpose | Location |
mps_config.log | All SVM configuration logs | /var/mps/log |
mps_inventory.log | SVM’s inventory system that polls for the state of VMs on SDX | /var/mps/log |
mps_service.log | UI to SVM backend activity log | /var/mps/log |
mps_event.log | SVM generated info | /var/mps/log |
mps_stat.log | SVM statistics collection messages | /var/mps/log |
System_health/* | SDX health info that is reflected on SDX dashboard | /var/mps |
Upgradebundle.log | Single bundle upgrade process status log | /var/mps/log |
Log File (XenServer) | Purpose | Location |
Kern.log, dmesg | XS kernel, disk, NIC messages | /var/log |
Xensource.log | XS command (XAPI) debug logs | /var/log |
Daemon.log | Openswitch daemon logs | /var/log |
Fvt.log | Sanity tests of hardware across reboots | /var/log/fvt |
Installer | XS upgrade logs during factory reset/single bundle upgrades/clean install | /var/mps/log |
Citrix ADM (MAS)
The following table contains the important log file locations for Citrix Application Delivery Management (ADM):
Log File | Purpose | Location |
mps_control.log | Responsible for restarting any subsystem if it crashes | /var/mps/log |
mps_service.log | Any request from UI/API will hit the service subsystem. Based on the request, it might process the request or route it to the appropriate subsystem. | /var/mps/log |
mps_inventory.log | It does inventory from ADC/SD-WAN instances and updates instance’s information in the database. | /var/mps/log |
Citrix SD-WAN
The following table contains log locations for Citrix SD-WAN:
Log File | Purpose | Location |
SDWAN_access.log | User access attempts get logged here. | In SD-WAN version 9.x, the logs are stored in the following path:
<Diagnostic Data File Name>/home/talariuser/log/diag/vw_sts_dir.zip In SD-WAN version 10.x, the logs are stored in the following path:
<Diagnostic Data File Name>/vw_sts_dir.zip For information on how to collect diagnostic data on Citrix SD-WAN refer here. |
SDWAN_common.log | Logs important information about the state of t2_app | |
SDWAN_config_update.log | Logs related to the configuration changes | |
SDWAN_db.log | This is for logging appliance connecting to following databases: config, reports, events, routing | |
SDWAN_Diagnostics.log | Debug commands that are snapshots of current status of the software/data structures/counters | |
SDWAN_dynamic_conduit.log | Logs detailing the state of dynamic conduit bring up and tear down | |
SDWAN_dyanmic_virtual_path.log | Logs detailing the state of dynamic virtual_path bring up and tear down | |
SDWAN_events.log | Logging from event processing are logged here | |
SDWAN_exceptions.log |
NetScaler SD-WAN software exceptions are logged here |
|
SDWAN_filetransfer.log | Logs related to change management distributing files across the network | |
SDWAN_firewall.log | Firewall and NAT related events | |
SDWAN_hd.log | Logging from hard disk monitoring are logged here | |
SDWAN_init.log | Logging from process monitor are logged here | |
SDWAN_ip_learned.log | Logs related to IP learning | |
SDWAN_management.log | The activities of the management tools are logged here | |
SDWAN_paths.log | Verbose details about what is seen on network paths | |
SDWAN_routes.log | Logs related to route distribution through the Virtual WAN network | |
SDWAN_security.log | Logs related to virtual path encryption and key rotation | |
SDWAN_snmp_poll.log | Logs related to using SNMP to poll logs and counters | |
SDWAN_traffic_impact.log | Logs related to tracking the amount of downtime a configuration change could cause | |
SDWAN_wd.log | Logs related to the state of the watchdog | |
SDWAN_webconsole.log | Logging from the UI code in goes here | |
SDWAN_hd.log | Logging from hard disk monitoring are logged here | |
SDWAN_init.log | Logging from process monitor are logged here | |
SDWAN_ip_learned.log |
Logs related to IP learning |
|
all_routing_protocols.txt | Import and Export filter Route´s counters | |
archive | In this directory will exported the previous configuration files | |
Coredump* | Directory that contains the main logs related to a memory crash | |
Current_cfg.txt | The active configuration file name | |
Dynamic_routes.txt |
SDWAN appliance Routing Table |
|
Eth_*.cap | Data captures from all the appliance interfaces | |
Icmp.log | TTL expire Errors | |
Init.log | Service initialization logs go in this file | |
Install_azure_services.log | Installation logns in Azure | |
Install_esx_tools.log |
Installation logs in VMWare ESX |
|
Install_kvm_tools.log |
Installation logs in KVM |
|
Last_1000_path_events.txt | Records the physical path congestion and bouncing events | |
Last_10000_events.txt | records the last 10 000 events in the SDWAN | |
Ssup_upgrade.log | Single Step Uprgare logs | |
Top.log | Logs the SD-WAN processor’s top command periodically |
Citrix Mobility
Citrix Content Collaboration (ShareFile)
The following table contains log file locations for Citrix Content Collaboration (previously ShareFile) Applications:
Log File (Client logs) | Location |
ShareFile Migration Tool | C:\Users\%USERNAME%\AppData\Roaming\Citrix\ShareFile\Migration Tool\Logs |
Citrix Sync for Windows Logs | C:\Users\%USERNAME%\AppData\Local\Temp\ShareFile |
Drive Mapper Logs | C:\Users\%USERNAME%\AppData\Local\Temp\ShareFile |
ShareFile
Desktop (Windows) |
Tool logs – C:\Users\%USERNAME%\AppData\Local\ShareFile\Desktop\Logs\
Installer logs – C:\Users\%USERNAME%\AppData\Local\Temp Update logs – C:\Users\%USERNAME%\AppData\Local\Temp\ShareFile |
ShareFile for Windows
Citrix Files |
C:\Users\%USERNAME%\AppData\Local\Citrix\ShareFile\SFWindows
C:\Users\%USERNAME%\AppData\Local\Citrix\Citrix Files\Logs |
ShareFile Desktop (Mac)
Citrix Files for Mac |
~/Library/Logs/com.sharefile.desktop.widget
~/Library/Logs/com.sharefile.desktop.widget |
Outlook
Plugin |
Tool logs – C:\Users\%USERNAME%\AppData\Roaming\ShareFile\Outlook
Installer logs – C:\Users\%USERNAME%\AppData\Local\Temp\ShareFile adx logs – C:\Users\%USERNAME%\documents\Add-in Express AND C:\Users\%USERNAME%\AppData\Local\Temp\ShareFile Outlook Plug-in |
Citrix Files for
Outlook |
Tool logs – C:\Users\%USERNAME%\AppData\Roaming\Citrix\Citrix Files for Outlook
adx logs – C:\Users\%USERNAME%\documents\Add-in Express AND C:\Users\%USERNAME%\AppData\Local\Temp\Citrix Files for Outlook |
Medical Image Uploader | C:\Users\%USERNAME%\AppData\Local\Temp\ShareFile Medical Image Uploader |
Enterprise
Sync Manager |
Win XP or Server 2003: C:\Documents and Settings\All Users\Application Data\ShareFile\EnterpriseSync |
Print to ShareFile | C:\Users\%USERNAME%\AppData\Local\ShareFile\PrintToShareFile\Logs\ |
Scan to ShareFile | C:\Users\USERNAME\Desktop\ScanSnap ShareFile Integration Reports |
On-Demand Sync Logs | JIT config logs located C:\users\%USERNAME%\Appdata\Local\Temp\ShareFile
(they will be the SyncJITConfig logs)
C:\Windows\Temp\ShareFile – Typically the corresponding path is C:\Windows\Temp– but may be different based on environment configuration. The SyncUpdateService log file names are in the format:SyncService2_<timestamp>.log. |
Desktop Sync | C:\Users\%UserName%\AppData\Roaming\com.sharefile.sfsync.Desktop\Local Store |
Desktop Widget | Documents\ShareFile\Sfdw-log.txt |
Desktop Sync for Mac
|
~/Library/Preferences/com.sharefile.sfsync.Desktop |
User
Management Tool (UMT) |
C:\ProgramData\Citrix\ShareFile\User Management Tool (Grab the umt.log file / and the .results file in the “Results” folder)
C:\Users\%USERNAME%\AppData\Local\ShareFile\UMT\Logs C:\ProgramData\Citrix\ShareFile\User Management Tool\Jobs |
iOS 8 | General > Privacy > Diagnostics & Usage > Diagnostic & Usage Data > Per-App or System logs here |
Android | Customers can submit the Android logs within the ShareFile App → Tap three bar / settings button – tap Help and Feedback, tap Send Log to ShareFile, get receipt number for our reference |
Log File (Server logs) | Location |
StorageZone
Controller Logs |
C:\inetpub\wwwroot\Citrix\StorageCenter\SC\logs
C:\inetpub\wwwroot\Citrix\StorageCenter\S3Uploader
IIS Logs: C:\inetpub\logs\LogFiles\W3SVC1 |
Citrix Endpoint Management (XenMobile)
The following table contains log file information for Citrix Endpoint Management (previously XenMobile):
Log File | Purpose | Location |
Debug Log | Contains useful information to debug error messages or server related actions | |
Admin Audit Log | Audit information about activity on XenMobile console | In the XenMobile Console, click the wrench icon to open the Support page
Under Log Operations, click logs to view the logs Upon Selecting a specific log file, the following operations can be performed: · Download All · View · Rotate · Download · Delete |
User Audit Log | Information related to configured users | For information on How to configure logging on Citrix Endpoint Management refer here. |
===Supplemental Log Guidance===
ADC Troubleshooting
Citrix ADC provides several diagnostic tools to view console messages, event messages, and download traces. Most of these utilities are available directly within the Citrix ADC GUI. This section focuses on command line diagnostic tools which can be leveraged in troubleshooting the Citrix ADC.
Command Line Diagnostics
nstrace.sh: nstrace.sh is a Citrix ADC utility (script file) that allows network administrators to take ADC traces from the appliance. The Citrix ADC trace captures all traffic going through the ADC appliance at any given time. The syntax for nstrace.sh is /ADC/nstrace.sh –sz0 –tcpdump 1.
This syntax will automatically create a trace file in the /var/nstrace directory. The administrator can press Ctrl-C on the keyboard to stop the trace. This trace can then be downloaded to a local host (via PSCP, WinSCP) and viewed on any packet capture program (i.e. Wireshark).
nstcpdump.sh: The /ADC/nstcpdump.sh script is a utility that emulates tcpdump syntax on ADC interfaces. The main benefit of using nstcpdump.sh includes its filtering ability. Below is an example:
/ADC/nstcpdump.sh –w /var/nstrace/ftp.pcap host 192.168.1.1 and host 192.168.1.2 and tcp.port==21
The above filter allows for all FTP traffic between 192.168.1.1 and 192.168.1.2 to be captured on the Citrix ADC and downloaded to /var/nstrace/ftp.pcap. This file can be downloaded to a local machine and viewed on Wireshark for easier analysis.
Local SYSLOG: ADC stores all log files locally on the appliance under /var/log/ns.log. Details regarding authentication errors or ADC can be viewed by running the following command:
>shell
# cat /var/log/ns.log
tail –f /var/log/ns.log
Authentication Debugging Tools: ADC provides a debugging utility to check for authentication successes and failures. Group extraction can also be validated using this utility. User details including group extraction can be viewed on screen by typing the following command, while a user is logging on to the VPN:
>shell
# cat /tmp/aaad.debug
The output of the command will provide helpful details on the authentication scheme used, success, failures, and cause of failures (i.e. incorrect password, bad bindings etc.).
Console Message Diagnostics: The Citrix ADC provides useful console messages that can shed light on ADC performance. For example, using the following command below can easily identify IP address conflicts and duplex mismatches:
> shell
# nsconmsg -K newnslog -d consmsg (live)
or
# nsconmsg -K newnslog –K /var/nslog/newnslog -d consmsg (from latest file)
Event Message Diagnostics: The Citrix ADC provides useful event messages that can provide insight on the status of configured ADC services and high availability. For example, the status of a specific configured service or notification of a failover or a reboot can be identified by running the command below:
> shell
# nsconmsg -K newnslog -d event (live)
or
# nsconmsg -K newnslog –K /var/nslog/newnslog -d event (from latest file)
EPA Logging
By default, EPA plugin as well as VPN plugin does not log anything related to client machine for security reasons. From Citrix ADC version 11.0.64.34 onward, Citrix has introduced “EPA verbose logging” to enhance EPA troubleshooting. This setting is enabled on the Citrix ADC globally, and new EPA scan attempts will result in logs on the client. It is recommended once troubleshooting or pilot have concluded, to remove this logging setting from the Citrix ADC, so bad actors cannot gain insight via client logs, as to what the EPA scan is looking for.
The EPA scan failure logs are written in human readable language, so troubleshooting can be done on the user end without involving the administrator.
The following can be achieved using this EPA feature:
- Provide verbose logging of which EPA scans passed/failed on the ADC
- Display human readable logs for EPA scan failure on the client machine
Through CLI the following command can be run on the ADC for PreAuth and PostAuth EPA logging:
>set vpn param -clientSecurityLog ON
Note: vpn param must be set for PreAuth and PostAuth logging. If the clientSecurityLog is modified in a SessionAction whose Session Policy has ClientSecurity as the rule, the clientSecurityLog value in SessionAction will not be honored. All these settings must be configured at a global level under Citrix Gateway.
For Windows Vista, 7, 8, 8.1, and 10 the log file location is:
C:\Users\<username>\AppData\Local\Citrix\AGEE
For Windows XP:
C:\Documents and Settings\All Users\Application Data\Citrix\AGEE
For Mac OS:
~/Library/Application Support/Citrix/EPAPlugin/
All failed EPA scans are logged as error messages and successful scans are logged as debug messages. By default, error messages are logged in ns.log and to log debug messages in ns.log the loglevel needs to be increased to DEBUG. This can be done via the command line using the following command:
>set audit syslogParams -loglevel ALL
Note: It is recommended to remove debug logging once troubleshooting has concluded.
Debugging can be disabled using the following command:
>set audit syslogParams -loglevel EMERGENCY ALERT CRITICAL ERROR WARNING NOTICE INFORMATIONAL
The same process can be done via the Graphical user interface by:
- Navigating to Configuration > System > Auditing > Settings > Change Auditing Syslog Settings
- Check DEBUG under Log levels during troubleshooting
- Uncheck DEBUG from Log Levels after troubleshooting is complete
StoreFront Troubleshooting
Fiddler Trace
In addition to verbose tracing on the StoreFront, Fiddler trace can be particularly useful when troubleshooting network issues between StoreFront services and Receiver for Web. For this, Fiddler trace should be enabled in StoreFront (Advanced settings), loopback must also be disabled. The confidentiality and integrity of outbound SSL connections which are proxied through fiddler maybe compromised during traffic capture The procedure of obtaining a fiddler trace must be performed only in a non-production environment and It should be noted that in case explicit authentication is enabled in Receiver for Web, user passwords will appear in the trace as clear text.
To obtain a fiddler trace of the network traffic between Receiver for Web Proxy and the StoreFront services, carry out the following steps:
- Log in to the StoreFront server as local user with admin privileges
- Edit the web.config file for Receiver for Web and enable fiddler tracing: <proxy enabled = “true” processName=”Fiddler” port=”8888” />
- The web.config file is usually located in C:\inetpub\wwwroot\Citrix\StoreWeb\web.config
- Run IIS Manager and click on Application pools under the server node. Then select the application pool named Citrix Receiver for Web and click Advanced Settings. Change the Application Pool identity to custom account and specify the same account used to log into the StoreFront server
- Install and run Fiddler on StoreFront Server (logged in with elevated privileges)
- From Fiddler’s Tools menu, select Fiddler Options. On the HTTPS tab, select Decrypt HTTPS traffic check box.
- Run Fiddler on the StoreFront server and export all Fiddler sessions, after reproducing the problem
- After the trace has been captured, log in to the StoreFront server with the same local admin account used while installing Fiddler and follow steps to restore system to its previous state
- Run IIS Manager and reset identity for Citrix Receiver for Web application pool to the built-in account ApplicationPoolIdentity
- Uninstall Fiddler
- Run certmgr.msc and remove the Fiddler root certificate “DO_NOT_TRUST_FiddlerRoot” from the Trusted Root Certification Authorities store
- Edit the web.config file for the Receiver for Web site and disable Fiddler tracing: <proxy enabled = “false” processName=”Fiddler” port=”8888” />
Citrix Profile Management Log Parser
Citrix Profile Management log parser can be used to analyze log files generated by Citrix Profile Management. This section describes how to use the tool to analyze logs.
The zip file used to install the tool can be found here.
To use the tool, perform the following steps:
- Launch the tool and enter the name of the remote machine on which the log parser will try to locate the log file
- On the Open File dialog box, specify the location of the log file
- If the machine can be reached, the tool tries to locate the UserProfileManager.log file in <systemroot>\system32\LogFiles\UserProfileManager.
- If the file is not foun, the tool looks into HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\UserProfileManager\PathToLogFile to retrieve the log file location
- If no machine name is specified, the local machine is used instead to prompt for a log file
- The log parser displays the first error found in the log file, the errors are highlighted in red, the logon events appear in green and the logoff events in blue. Service starting and stopping events appear in grey.
- Find button can be used to search text, filter information, warning and error messages.
- Filtering based on Date, Time, Type, Username, Domain, Session ID or Thread ID is also possible. “Reset filter” option will clear all previously selected filters.
- Filtering based on time span between two lines is also possible, this allows for setting custom time span (above 60 seconds) or use the preconfigured time spans of 5, 10 o 30 seconds. The display will be updated to show the time span selected.
Enabling Audit Log within Citrix Provisioning Services
Citrix Provisioning provides an auditing tool that records configuration on components within provisioning farms. The auditing tools saves the information to the provisioning database. It provides Citrix Engineers and Administrators with a way to troubleshoot and monitor any recent changes impacting system behavior or performance. Enabling audit logging is a Citrix leading practice on PVS deployments.
To enable auditing within Citrix Provisioning Services, perform the following steps:
- In the Citrix Provisioning console, right click on the PVS farm and select Farm Properties option.
- On the Options tab, under auditing, check the Enable auditing checkbox
The following managed objects within a Citrix Provisioning deployment are audited:
- Farm
- Site
- Provisioning servers
- Collection
- Device
- Store
- vDisks
Recorded tasks include the following:
- Citrix Provisioning console
- MCLI
- SOAP Server
- PowerShell
CDFControl
CDFControl is an event tracing tool geared towards capturing Citrix Diagnostic Facility (CDF) trace messages from various Citrix tracing providers. This tool is particularly useful when troubleshooting issues on specific components of the Citrix environment, such as on the delivery controllers, storefronts, or VDAs. The trace needs to be captured on the components and uploaded to Citrix Insight (https://cis.citrix.com) to be analyzed. Citrix Insight has smart capabilities to identify any discrepancies in configuration and suggests fixes as well.
This utility is available for download on the Citrix Downloads page. It is also available with the download of Citrix Scout utility, which is also equally useful for collecting trace files and troubleshooting various Citrix component issues.
The following steps need to be performed to collect a trace using CDFControl at system startup:
- Start CDFControl and select Options from the Tools menu.
- Specify the trace file path in the Startup trace file path for capturing startup trace section. Then click Save.
- Select the Trace Categories as recommended by Citrix Technical Support.
- With administrator privileges, select Startup Tracing and click Enable from the Tools menu.
- After clicking Enable, the animated bar starts scrolling. This does not affect the procedure.
- Close the CDFControl utility and restart the system after the Startup Tracing is enabled.
- Start the CDFControl utility. After the system restarts and the error appears, disable the Startup Tracing option by selecting Disable.
- Disable the Startup Tracing option by selecting Startup Tracing from the Tools menu and clicking Disable as described in the previous steps.
- Stop the Citrix Diagnostics Facility COM server service.
- Collect the trace log file (.etl) for analysis in the specified file path as set by the initial steps.
- Start the Citrix Diagnostics Facility COM server service.
- Upload trace log file(s) to Citrix Insight (https://cis.citrix.com) to be analyzed
How to Collect Diagnostic Data on Citrix SD-WAN Appliance
While troubleshooting issues relating to Citrix SD-WAN, engineers or administrators must often collect diagnostic data on the Citrix SD-WAN appliance. This section covers the steps required to collect Diagnostic data on the Citrix SD-WAN appliance and how to download it locally for viewing.
To collect diagnostic data, follow the steps listed below:
- Logon to Citrix SD-WAN UI and navigate to Configuration> System Maintenance> Diagnostics> Diagnostic Data
- Scroll-down and click Create New
- Only 5 diagnostic packages ca exist on the system at any given time, delete any unwanted packages
- Select the file from drop down and click Download Selected
- To analyze logs, uncompress the vw_sts_dir.zip file and refer the table to look for relevant log files
How to Configure Logging on Citrix Endpoint Management
This section describes the steps required to configure logging on Citrix Endpoint Management.
Perform the following steps to configure logging on Citrix Endpoint Management:
- In the XenMobile console, click the wrench icon to open the Support page
- Under Log Operations, click the Log Settings option.
- Within Log Settings, the following options can be specified:
- Log Size: Controls the size of the log file and the maximum log file backups retained in the database.
- Log level: This option is used to change log levels (like Fatal,Error,Warning,Info) or persist settings (log levels persist after reboot)
- Custom Logger: This option allows administrators to setup custom logging; custom logs require a class name and a log level.
-
Chetan Kini
Chetan is a consultant focused on virtualization and cloud technologies. Chetan has years of experience in professional and managed services and has specialized in end-user computing with organizations across North America.
Thanks a lot for sharing bro.
Thanks a lot it do worth it.