The Citrix login process is arguably one of the most important in that the login process is where end users get their first impression of the overall Citrix experience. Desktop virtualization projects have failed solely based on the metric of login times with end users refusing to adopt the new environment because of slow login times. There are 3 big reasons why Citrix logins are slow.
Make no mistake, the Citrix Logon Process is complex assembly of 33 different stages that must work in concert to reach completion. To help IT with challenges around logins, Citrix has built visibility into login duration metrics into XenDesktop 7 Director.
Drilling down into data collected from their own monitoring data, our partner ControlUp sampling 1.8 million logon events from 16 different organizations, found the longest Citrix login times averaged 67.8 seconds, the fastest averaging 9.6 seconds, with the overall average standing at 29.7 seconds.1
Our own data, from the Citrix environments we have built and manage, average 17 seconds, sub 5 seconds being the fastest.
Top 3 Reason Citrix Login’s are Slow
- The user profile is too big in number of files or size, is the wrong type or not managed properly.
This can either be due to size (file size or number) or connection issues to the profile store (generally a file share, though some third-party solutions may utilize databases). Several types of Microsoft profiles exist: local, roaming, mandatory, though roaming are by far the most common. Several third party solutions like FSLogix, UniDesk and AppSense address challenges in this area).
Roaming Profiles stay consistent across servers and individual sessions with personalizations maintained. The downside is that they are prone to corruption and bloat, and bloat = slow logins.
- Logon scripts are applied at the Active Directory user level instead of being applied via Group Policy Objects.
Common culprits: Long scripts, scripts consuming a lot of resources, scripts moving a lot of data, having a lot of mapped drives, or a large number of network printers.
- Too many group policies.
It is better to have a few large GPOs than several small ones. Disable unused GPOs.
Explaining the Citrix Login Process – High Level
Step 1: With a click, the end user requests a connection to a desktop (XenDesktop) or application (XenApp).
End user initiates the process by launching an application or desktop through the Citrix client, a shortcut create by Receiver, or a link on Web Interface.
Step 2: Web Interface/Storefront queries the XenApp Zone Data Collector (ZDC) &/or XenDesktop Controller (XDC)
XenApp - The Web Interface passes the request to the appropriate controller, along with authentication and end user information.
XenDesktop - The Web Interface passes the request to the appropriate controller, along with authentication and end user information.
Step 3: ZDC returns best server information &/or XDC returns best desktop information
XenApp - Using load information, available servers, zone preferences and access rights, the controller server returns the best server for the user to access.
XenDesktop - Using available desktop and access rights, the controller server returns the best desktop for the user to access. If necessary, the XDC will start a desktop at this time.
Step 4: Web Interface/Storefront generates an ICA file
Using the provided information from the controller server, the end user and local web configuration settings, the WI server generates a small session initiation file and passes it to the client.
Step 5: User connects to XenApp server &/or User connects to XenDesktop desktop
XenApp / XenDesktop - A connection is initiated with the given server or desktop. During the handshaking process, the client and the server determine encryption levels and other capabilities
Step 6: Remote Desktop Services/Terminal Services Licenses are verified.
XenApp - The XenApp server validates that RDS/TS licenses are available.
Step 7: User is authenticated against Active Directory
Credentials passed to the XenApp server or XenDesktop are confirmed against AD, and checked to see if the end user has access to the server / desktop.
Step 8: User Profile is downloaded.
The server or desktop will check to see whether a copy of the roaming profile exists, and then if it does not or if the roaming profile on the profile store is newer, it will download the roaming profile from the remote server. Other profile solutions may operate at the same time, or may activate at a later step.
*NOTE: User Profiles are one of the primary reasons Citrix logins are reported as being slow.
Step 9: Citrix licenses are verified.
For whichever Citrix products are being used, appropriate licenses are verified, and an appropriate error message is displayed if licenses are not available.
Step 10: GPOs are applied.
The server or desktop then queries Active Directory for user-specific GPOs and applies them to the operating system. Any additional GPO extensions are then applied as well, such as folder redirection or security policies, followed by any applications stated in the GPO. Anything specified in the “run” registry key is executed, then any specified user logon scripts are run to update the operating system.
*NOTE: GPO’s & Logon Scripts are two of the primary reasons Citrix logins are reported as being slow.
Step 11: Citrix Policies Applied.
Any remaining policy actions, such as mapping drives, session and auto-created printers or other policy configurations are applied at this point.
Step 12: Startup menu applications executed.
Any applications or scripts in the users “Startup” folder are executed.
Wrapping it up...
Fast, consistent logins are key to great Citrix environments and a great End User Experience. Poor login times can have a detrimental impact on the overall adoption of a Citrix project. Having login times greater than 30 seconds should be a red flag that there is definite room for improvement. Conversely, sub-10 second logins put you among the best of the best.
If Citrix login times are not to these standards, focus attention on Profiles, Group Policies, and login scripts as these are the most common culprits negatively impacting Citrix login times.
Bonus Tip: Don’t overlook authentication as another source slowing Citrix logins at all levels.
If you need help reducing your Citrix login times or improving the Citrix experience in general Whitehat can help from a simple consulting engagement to adding your environment to the family of Citrix environments Whitehat manages and/or hosts.
1 Logon Duration – What Can Be Learned from 2 Million Logons? By Eugene Kalayev
Optimization Guide: User Logon – Citrix Systems