Site icon Hybrid Clouds Blog

How to use Citrix VAD verbose logging and log path locations

Analyzing OS logs, application logs and Citrix VAD logs is a crucial part of your troubleshooting efforts. In the case of Citrix VAD, unless you have an automated tool for log collection and analysis, you will need to manually collect and analyze the Citrix VAD logs from the various components comprising a VAD solution. Before collecting the relevant logs, you should enable verbose tracing/logging where applicable and then try to replicate your issue so that the logs or traces capture the events which lead to your warning or error. Each VAD component has its own method of activating verbose logging and its own log paths.

citrix-log-files

The following table provides the method to enable verbose tracing/logging per VAD component.

VAD componentHow to enable verbose logging
Citrix StorefrontIn elevated Powershell window run the following command: Add-PSSnapin Citrix.DeliveryServices.Framework.Commands Set-DSTraceLevel –All –TraceLevel Verbose Set-DSTracefileLocation -ConfigFile “File Path for the Web.config of the Store you’re logging for” -Location “File path of where you’d like the Verbose logging to be saved” Set-DSTraceLevel –All –TraceLevel Off (for disabling verbose logging) Make use of the DebugView Tool by Microsoft. Replicate the issue and click File à Save As in DebugView to capture the verbose log in .log file format.   For Citrix Storefront generated XML logs, you can make use of the following script to format the logs in a more readable format: https://stefanos.cloud/CitrixStorefrontLogFormatScript   Also, you should consider enabling verbose tracing for the Storefront launch.ica file by following instructions in the following article: https://docs.citrix.com/en-us/storefront/1912-ltsr/troubleshoot.html   Finally, consider running a Fiddler trace of the Storefront for Web site, in order to troubleshoot issues between StoreFront services and Receiver for Web. Fiddler trace needs to be enabled in StoreFront (Advanced settings) and loopback must also be disabled. Fiddler is a Web debugging proxy and can be downloaded from: https://www.telerik.com/fiddler.
Delivery ControllersThe Citrix Scout tool log collection process should be combined with analysis of Windows System and Application Event logs
Citrix VDA serversThe Citrix Scout tool log collection process should be combined with analysis of Windows System and Application Event logs.
DirectorThe Citrix Scout tool log collection process should be combined with analysis of Windows System and Application Event logs. Alternatively follow instructions in the following article: https://support.citrix.com/article/CTX130320
Citrix LicensingRefer to the following CTX article for guidance: https://support.citrix.com/article/CTX127314
Citrix Cloud ConnectorReview the Windows Application log
SQL Server instancesThe SQL server error log should be combined with analysis of Windows System and Application Event logs
File serversAnalysis of the Windows System and Application Event logs
Active Directory Domain Controllers and DNS serversAnalysis of the Windows System, Application and Security Event logs
Citrix Workspace AppMake use of the Citrix Receiver Diagnostics Tool – For Windows, which creates a CDF trace that can be parsed by CDFControl. Alternatively follow instructions in the following Citrix articles: Citrix Workspace App for Windows Citrix Workspace App for iOS
Citrix GatewayGenerate a technical support bundle in the Citrix Gateway appliance by navigating in GUI console to Configuration tab and then clicking on System à Diagnostics à Technical Support Tools à Generate Support File. The technical support bundle contains the following configuration and log files: Configuration files. All files in the /flash/nsconfig directory. Newnslog files. The currently running newnslog and some previous files. Log files. Files in /var/log/messages, /var/log/ns.log, and other files under /var/log and /var/nslog.   To generate a network trace: Navigate to System à Diagnostics page in the configuration tab. Click the Start new trace link in the Diagnostic page. Update the packet size to 0 in the Packet size field. Click Start to start recording the network packet trace. Click Stop and Download to stop recording the network packet trace after the test is complete. Select the required file and click Select and click Download. Open the captured trace with a packet sniffing tool like Wireshark for further analysis.   Alternatively, you can run the following CLI commands for receiving a network trace: nstcpdump.sh nstrace.sh   For Citrix Gateway authentication issues real time debugging run the following commands in the Citrix Gateway CLI before replicating your issue: Shell Cat /tmp/aaad.debug
Citrix Profile ManagementVerbose logging for Citrix Profile Management (CPM) can be enabled via Group Policy. The following policies must be configured: Enable Logging Log Settings Maximum size of the log file Path to log file   Instructions on how to enable verbose logging for troubleshooting CPM can be found in the following article: https://docs.citrix.com/en-us/profile-management/current-release/troubleshoot/enable-logging.html.   Follow instructions in the following article which contains steps on how to use Microsoft Excel to review Profile Management log files: https://support.citrix.com/article/CTX200674 Alternatively the Citrix UPM Log Parser tool can be used: https://support.citrix.com/article/CTX123005
FsLogix profilesSetting verbose logging and other log settings in FsLogix profile container and Office365 container involves configuring the following policies which correspond to registry settings created in registry key HKLM\SOFTWARE\FSLogix\Logging: LogDir LogFileKeepingPeriod LoggingEnabled LoggingLevel (This value is set between 0 and 3 inclusive, with the following meanings. Changing this value will take effect at the next reboot. 0 – Log DEBUG level messages and higher 1 – Log INFO level messages and higher 2 – Log WARN level messages and higher 3 – Log ERROR level messages and higher) RobocopyLogPath
Windows Failover ClustersAnalysis of the WFC cluster logs

The following table provides the log locations and event ID descriptions per Citrix VAD component.

VAD componentLog file location(s)
Citrix StorefrontVerbose logs are generated in following path: C:\Program Files\Citrix\Receiver Storefront\Admin\Trace C:\Program Files\Citrix\Receiver StoreFront\logs Ica.log custom path (see previous table)   Also consult the “Application and Services Logs à Citrix Delivery Services” and Application Event Logs at the Windows level.
Delivery ControllersThe Citrix Scout tool log collection process should be combined with analysis of Windows System and Application Event logs.   The following article provides a thorough description of all Citrix Broker Service event logs: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/downloads/BrokerEvents.htm    The following article provides a thorough description of all Citrix FMA Service SDK event logs: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/downloads/ServiceCoreEvents.htm   The following article provides a thorough description of all Citrix Configuration Service event logs: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/downloads/ConfigurationEvents.htm    The following article provides a thorough description of all Citrix Delegated Administration Service event logs: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/downloads/DelegatedAdminEvents.htm   The following Citrix Delivery Controller additional application log paths are applicable: C:\Users\<Install User>\AppData\Local\Temp\Citrix\XenDesktop Installer\ %SystemRoot%\INF Custom path to log file configured inside CDFControl
Citrix VDA serversThe Citrix Scout tool log collection process should be combined with analysis of Windows System and Application Event logs. Also check the following Windows event sources: Citrix Desktop Service
Citrix HDX Audio
Citrix HDX MediaStream
Citrix ICA Service   You can also separately review log files available under: /var/log/xdl/vda.log  (for Linux VDA) %ProgramFiles%\Citrix\Virtual Desktop Agent\ (requires that WorsktationAgent.exe.config has the LogtoCDF property set to 1
DirectorThe Citrix Scout (CDFControl) tool log collection process should be combined with analysis of Windows System, Application Event logs and IIS logs. For IIS log analysis, you will need to set the path and filename of the IIS log file within Log.FileName application setting in IIS management.
Citrix LicensingRefer to the following CTX article for guidance: https://support.citrix.com/article/CTX127314
Citrix Cloud ConnectorReview the Windows Application log
SQL Server instancesThe SQL server error log should be combined with analysis of Windows System and Application Event logs
File serversAnalysis of the Windows System and Application Event logs
Active Directory Domain Controllers and DNS serversAnalysis of the Windows System, Application and Security Event logs. Also see the output of dcdiag and repadmin commands on the domain controllers.
Citrix Workspace AppReview logs generated in the following locations: %localappdata%\Citrix\Receiver %localappdata%\Citrix\AuthManager %localappdata%\Citrix\SelfService C:\Program Files(x86)\Citrix\Online Plugin\Logs %localappdata%\Citrix\Browser
Citrix GatewayThe technical support bundle is saved on the Citrix ADC appliance in an archive at the following location: /var/tmp/support/support.tgz   Review the following Citrix Gateway logs: newnslog is the current log located at /var/nslog (Must be read via the nsconmsgs command) newnslog.xx.gz are older logs located at /var/nslog nstrace.x is collected via nstrace.sh and is located at /var/nstrace vmcore.x.gz is a crash dump and is located at /var/crash kernel.x is a kernel crash dump and is located at /var/crash savecore.log is located at /tmp ns.log is a syslog file and is located at /var/log messages logs are located at /var/log auth.log are the authentication and authorization logs and are located at /var/log dmesg.* are logs which include hardware and boot sequence errors and are located at /var/nslog   Detailed log collection process and log paths for Citrix Gateway can be found in the following Citrix support article: https://support.citrix.com/article/CTX227560.
Citrix Profile ManagementThe CPM logs are generated into the path configured in the “Path to log file” group policy. More details about the CPM logs are provided in the following Citrix article: https://docs.citrix.com/en-us/profile-management/current-release/troubleshoot/log-files.html.
FsLogix profilesThe FsLogix logs are stored in the path configured in the LogDir policy/registry setting.
Windows Failover ClustersAnalysis of the WFC cluster logs from the WFC MMC management console

Utilizing the Citrix Scout (embedded into Virtual Apps and Desktops) and Citrix CDFControl tools to perform log collection can save you a lot of time since a log file bundle is generated for all servers and components in the Citrix VAD infrastructure. After Citrix VAD logs are collected from all components, they should be uploaded to Citrix Insight Services (https://cis.citrix.com) for further analysis.

For any network trace files collected from Citrix Gateway, make use of a packet sniffing tool for further analysis. Wireshark is ideal and is compatible with the network trace file format natively generated by Citrix Gateway.

You can find more detailed guidance and step-by-step procedures for analyzing and troubleshooting Citrix Virtual Apps and Desktops organized by category in my Citrix Virtual Apps and Desktops Troubleshooting e-book.

Exit mobile version