I came upon this quite frequent issue with my XenDesktop 7.8 Hosted Shared Desktop environment based on Windows Server 2008 R2. Folder Redirection via GPO is in place, whereas Citrix User Profile Management is not used.
I tried the following to no prevail:
- remove C:\Users\Default\AppData\Local\Microsoft\Windows\userclass.dat (which did not exist on my system in the first place)
- related to Desktop Experience, i.e. C:\Windows\System32\TSTheme.exe (removed Users group from Reading the executable, renamed the executable)
- Microsoft Hotifx KB2661001 for Windows Server 2008 R2
- disabling Windows Search service
- modified the XenApp server to force IPv4 to take precedence over IPv6 (already disabled IPv6 as described in KB929852 in the first place)
- analyzed potential Folder Redirection issues
- adding DisableStatus=00000001 in HKLM\SOFTWARE\Wow6432Node\Citrix\Logon as per CTX135782
- and all else described at Citrix XenApp – Long logon times and potential fixes
Group Policy Logon Delay
As per Carl Stalhood - Citrix Group Policy Logon Delay Workaround:
Citrix Discussions Xenapp 7.9: Wait for local session manager: “I have a Xenapp 7.9 environment on Windows 2012 R2. When logging in through Citrix I got message “Wait for local session manager” for 20-30 seconds. When logging in to the server with RDS, I do not have to wait for this.”
“Add the following 2 registry keys to your 7.9 VDA server – then try connecting to it using ICA to see if the issue still occurs:
Add reg keys in “HKLM\SOFTWARE\Citrix\GroupPolicy”
- REG_DWORD: “CacheGpoExpireInHours” – Value = 5-24 (# of Hours) ***start with value of 5***
- REG_DWORD: “GpoCacheEnabled” – Value = 1
Restart the machine after adding these registry keys and attempt an ICA connection (at least twice) to see if that helps the Login delay.”
Multi-Homed DCs
In case you have multi-homed Domain Controllers, i.e. with at least two NICs and thus two different IP addresses, and of which one NIC happens to be connected to a non-routable network, this might cause this issue as well (pls read Please wait for the Local Session Manager). If the NIC connectecd to the non-routable network is goig to register its IP address with DNS and your XenApp server tries to connect to this exact same IP address in return (through DNS name resolution), the connection attempt would time out eventually and then authenticate against another, reachable DC. To remedy this situation do as described in KB975808:
- Ensure Register this connection’s addresses in DNS is unchecked on the NIC's TCP/IP Advanced IP Settings under the DNS tab
- Issue the command netsh int ipv4 add address <Interface Name> <ip address> <subnet mask> skipassource=true
My Troubleshooting Methodology
As none of the above worked for me I had to further investigate the issue. I started with analyzing the actual Logon Process and Logon Duration with both ControlUp's Analyze_Logon_Duration.ps1 and Citrix Director.
In order to run the script make sure that Audit Process Tracking has been enabled as per Citrix Blog and KB921468, otherwise you could receive error messages stating Could not find Network Providers events (requires audit process tracking) or Could not find Pre-Shell (Userinit) events (requires audit process tracking) when running the Powersell script:
With Citrix Director I found out that my Logon Duration took 43sec, especially the Interactive Session part of the Logon Process:
Interactive Session is defined as per Citrix eDocs as follows:
This is the time taken to "hand off" keyboard and mouse control to the user after the user profile has been loaded. It is normally the longest duration out of all the phases of the logon process and is calculated as follows:
Interactive Session duration = Desktop Ready Event Timestamp (EventId 1000 on VDA) - User Profile Loaded Event Timestamp (EventId 2 on VDA)
The following Citrix Blog explains the Interactive Session part of the Logo Duration in detail. It mentions another article which suggests adding a registry value in order to reduce the startup delay further:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Serialize
REG_DWORD: StartupDelayInMSec
Value: 0
Well, it worked in that particular case in that it reduced my Logon Duration a little bit more. But not to a point where it seemed acceptable for my users.
In the end I uninstalled the following, just recently released maligned Microsoft Updates:
- KB3161949 (Network Shares became unavailable)
- KB3164033 (caused printing issues due to updating GDI.dll)
- KB3164035
- KB3159398 (caused issues with GPO Processing)
After rebooting my affected server the issue went away, as my Logon Duration (especially Interactive Session) came down to a total of 17sec:
Further investigation was therefore not possible at this point of time. I'll keep a look at it and will update this article accordingly. And have a look at the Links at the bottom of my blog as well.
As per Xenapp 7.9: Wait for local session manager adjusting the following registry settings might improve performance as well:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
Name: AppInit_DLLs
Type: String
Value: mfaphook64.dll
Old Value: C:\Program Files\Citrix\System32\mfaphook64.dllHKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows
Name: AppInit_DLLs
Type: String
Value: mfaphook.dll
Old Value: C:\Program Files(x86)\Citrix\System32\mfaphook.dll
Further reading:
- KB2661001 - "Please wait for Local Session Manager" message remains for several minutes when you disconnect from a computer that is running Windows Server 2008 or Windows Server 2008 R2 during the logon process
- TechNet - Analyze Session Logon Duration
- XenAppBlog - Optimize Logon Times – Part 1: Citrix Director
- Citrix XenApp – Long logon times and potential fixes
- CTX133595 - Slow Initial Login When Using Folder Redirection
- Citrix Discussions - Please wait for Local Session Manager
- Citrix Blogs - Troubleshooting Slow Logons via Powershell
- Citrix Blogs - Logon Duration explained
- Slow Boot Slow Logon (SBSL), A Tool Called XPerf and Links You Need To Read
- Who broke my user GPOs?
- Citrix Blogs - Interactive Session of Logon Duration in Citrix Director – Explained
- Citrix Blogs - Citrix Logon Times – Rule of 30
- Citrix eDocs - Diagnose user logon issues
- The Complete Guide to Understanding the Citrix Logon Process for XenApp/XenDesktop (registration required)