This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Discovering and Gathering XenDesktop Inventory

Jump to solution
davidle
By
Level 7

Hello,

We are trying to gather inventory from our XenDesktop environment and would like to know what additional permissions/rights is needed in order to gather this information successfully?

Here is what we have done so far:

1. Assigned functional account "Read-Only Administrator" within XenDesktop.

2. Enable Remote Powershell on host that is the Delivery Controller.

3. Granted functional account Full Control (Read/Write/Execute) to run Powershell commands on Delivery Controller.

Even after doing all the steps below, we are still getting the same result when attempting to discover the target Delivery Controller:

2020-04-15 16:09:24,629 [.DiscoveryTaskExecutor|PropertyDisco] [INFO ] Completed Xen Desktop discovery for device 'esctxd54': not discovered

The only way to get around this is to add the functional account to the local Administrators group on the Delivery Controller:

2020-04-16 11:24:11,492 [.DiscoveryTaskExecutor|PropertyDisco] [INFO ] Completed Xen Desktop discovery for device 'esctxd54': Discovered by 'WMI', Broker type 'XenDesktop', Site name '', WMI access 'true'

Has anyone else seen this issue before?

‎Apr 16, 2020 04:35 PM

(1) Solution

Jump to solution
jasonlu
By Level 7 Champion
Level 7 Champion
In response to AamerSharif

This is from a recent case I had regarding XenDesktop.

 

When the 'Discover Citrix XenDesktop environments' checkbox is marked in your rule's action, when the rule executes it attempts the following command from your Beacon:

Get-WmiObject Win32_Service -Filter "Name = 'CitrixBrokerService'" -ComputerName "XenDesktopServerNameHERE" -Credential "serviceaccountHERE"

So this means that:

1) TCP 135 (RPC) needs to be open between your beacon and the XD server

2) RPC service needs to be running on the XD server

3) Your service account that is used to interrogate XD requires the 'Remote Enable' right to be able to run WMI calls.

So, if you give the service account local admin, that should be more than enough, however you can give the service account that right explicitly.

https://serverfault.com/questions/28520/which-permissions-rights-does-a-user-need-to-have-wmi-access-on-remote-machines

If all this is not done, then your Discovery.log will show that XenDesktop is not discovered, and therefore the Inventory part will not run.

 

Note that all of this is in addition to the rights required when the 'Gather Citrix XenDesktop Inventory' checkbox is marked.

j

 

 

View solution in original post

‎Feb 17, 2021 06:25 PM

(4) Replies

Jump to solution
AamerSharif
By Level 9 Flexeran
Level 9 Flexeran
Citrix XenDesktop broker evidence comes from WMI, that requires admin permissions. When broker is discovered, then it will attempt inventory.
HTH
Aamer

‎Apr 20, 2020 07:21 AM

Jump to solution
davidle
By
Level 7
In response to AamerSharif

Hi @AamerSharif ,

"Citrix XenDesktop broker evidence comes from WMI, that requires admin permissions. When broker is discovered, then it will attempt inventory."

Is there an alternative besides granting full admin permissions to the host that is running the XenDesktop broker service?

Thanks.

- David

‎Apr 22, 2020 09:27 AM

0 Kudos

Jump to solution
AamerSharif
By Level 9 Flexeran
Level 9 Flexeran
In response to davidle
Hi David, yes can copy Powershell script from beacon located under remote execution and run it on XenDesktop server/s and upload generated files (ndi n VDI) to inventory beacon.
That’ll do the job.
Cheers
Aamer

‎Apr 23, 2020 06:20 AM

0 Kudos

Jump to solution
jasonlu
By Level 7 Champion
Level 7 Champion
In response to AamerSharif

This is from a recent case I had regarding XenDesktop.

 

When the 'Discover Citrix XenDesktop environments' checkbox is marked in your rule's action, when the rule executes it attempts the following command from your Beacon:

Get-WmiObject Win32_Service -Filter "Name = 'CitrixBrokerService'" -ComputerName "XenDesktopServerNameHERE" -Credential "serviceaccountHERE"

So this means that:

1) TCP 135 (RPC) needs to be open between your beacon and the XD server

2) RPC service needs to be running on the XD server

3) Your service account that is used to interrogate XD requires the 'Remote Enable' right to be able to run WMI calls.

So, if you give the service account local admin, that should be more than enough, however you can give the service account that right explicitly.

https://serverfault.com/questions/28520/which-permissions-rights-does-a-user-need-to-have-wmi-access-on-remote-machines

If all this is not done, then your Discovery.log will show that XenDesktop is not discovered, and therefore the Inventory part will not run.

 

Note that all of this is in addition to the rights required when the 'Gather Citrix XenDesktop Inventory' checkbox is marked.

j

 

 

‎Feb 17, 2021 06:25 PM