Profile Optimization and “How do I speed up login times?” generally go hand-in-hand. These have to be two of the most important and most talked about items when it comes to delivering XenApp desktops. There are lot of different philosophies and strategies with regards to this, and in this article I’ll simply talk about what I have implemented in my environment. I have gone through extensive testing, tracing, logging, and analyzing of my settings and will show you what has worked for me. You can use some of these techniques to troubleshoot your own environment and see if you can get some gain in yours.
To start, I have leveraged many whitepapers, blogs, and Citrix KBs to generate my settings. I’d like to give credit where credit is due. First the Citrix XenApp and XenDesktop Policy Planning Guide was a good resource and baseline for everything. Second, this Citrix blog about Citrix Profile Management had a lot of great information. Also, CitrixIRC, of course, has been a great reference to talk things through with a bunch of great Citrix Admins. Join our chat at http://join.citrixirc.com. I have also read many other things on these topics, but I don’t recall them well enough to cite them.
Let’s get the framework in perspective here. I work for a Citrix CSP (Citrix Service Provider) and we currently have a couple dozen farms mostly in the SMB space (<250 users) I don’t do any enterprise work, so my tools and tricks are built around an SMB mindset. I use Citrix Profile Manager and GPOs, exclusively. I do not use any other third party tools to manage my profiles. I try to keep my environments simple enough for our other admins to be able to manage them. I think that if you can configure and test these tools properly they can do the job well enough to not need additional cost factors in our environments.
That being said lets start with Folder Redirection! Simply put, I redirect everything, except for AppData, utilizing GPOs. I manipulate AppData with UPM and we will talk about that later. Redirecting everything keeps it out of the profile and keeps the profile small. Simple enough.
Folder redirection isn’t the only culprit for large profiles. There are other commonly used programs that keep crap in the profile. I use GPOs to redirect these items as well. Outlook PST and OST files. Download the Office admx templates and USE THEM. “Microsoft Outlook 2010/Miscellaneous/PST Settings”. I set “Default location for PST/OST files” to a network drive. Well, I’m not using cached mode you say? Other things are stored in PST files as well, such as SharePoint Lists, so keep this in mind. AutoArchive? This will create a PST also, so if you are using this, you will want to make sure PST/OST files are moved. AutoRecover files are also stored in the profile. You can redirect Excel and Word Autorecover using the same admx templates.
How about Evernote? A lot of my users use Evernote, and by default the database is stored in AppData\Roaming. I redirect this to a network drive with a GPP Registry key. “HCU\Software\Evernote\Evernote” REG_SZ “DatabasePath”. I have seen very large databases and this is a good tweak to keep the profiles small.
Let’s talk AppData. First, I use UPM to exclude AppData\Local and AppData\LocalLow at the root. I keep AppData\Roaming in the users profile mainly for the performance implications of this being redirected on a large scale. However, I use the UPM to exclude a bunch of directories to keep it as small as possible. I will attach my UPM GPO for you to look at these settings in more depth. I exclude about 12 directories from AppData\Roaming that were gathered from the various best practices documents. Using Chrome? Chrome keeps all of its settings in AppData\Local. Shame on you, Google! With UPM, this is no problem. I do 2 things with Chrome. First, I include AppData\Local\Google in Synchronization. Second, I exclude AppData\Local\Google\Chrome\User Data\Default\Cache, Cached Theme Images, and JumpListIcons. This allows my users’ Chrome settings to save, but excludes the not-needed bloat directories.
Don’t forget the cookies! I have written another blog here on that. Read it!
How about the rest of the UPM settings? Again, I’m going to attach my UPM policy in here somewhere, but we can run through the basic settings. I delete cached copies of local profiles. We always want to load a fresh profile each time. This will lower profile corruptions. How about profile streaming and active writeback? Well, I turn these off. Most people will say that’s dumb, and those are great features, and you should keep those on. Well, I can see how these are great features, but again, I’m tuning these settings for my environments. With the tweaks I am implementing I have an average profile size of 30meg. The profile itself can load in less than 1 second on a gigabit network, so I’m not too concerned about this. These settings are nice for larger setups, but in my environment I’ll keep it as simple as possible.
Did you use the 2008 R2 Optimization Guide for XenApp 6/6.5? Well, don’t forget this blog post about one of the settings you need to change if you are using the UPM. Without changing it, UPM times out a lot and slows logon/logoff processing.
Don’t forget to exclude all of the un-needed folders inside of the profile as well. This is done with a GPO.
When all is said and done, here is what my profile looks like. Of course, this is a test user, but this is a great foundation to build user profiles on. Notice there are not any folders in there except for Windows and AppData.
Do you already have an environment built and would like to tweak these settings? I certainly did. I actually wrote a script that would go through the Profile Store and delete out all of the bloat from the users’ existing profiles. You can check that out script here. Its powershell, so have fun. I had users with 1gig profiles and was able to lower then to 30-60meg in our internal environment. Note, this must be run from the Profile Store directory.
One setting that works for me, but will require testing, is the GPO to wait for network at computer startup and logon. I was able to gain about 13 seconds on my logon times when I disabled this setting. Your mileage may vary.
Are you using GPPs for shortcuts and printers and such? I did a lot of GPP tracing to analyze these mappings and found this to be true inside my environments. If you create GPP Shortcuts using “update” it takes about 200ms for each item at each logon to parse. If you have 60 shortcuts between the start menu and desktop, that’s 12 seconds right there. That’s not a short amount of time. Setting these to “create” will speed this up to about 5ms per item at each login. You can change it to “update” if you actually want to change something in the future. I gained another 15 seconds on my logins when I changed all of my GPP shortcuts to “create”. The same basic numbers apply for printers too, however, I have not traced them to get exact numbers yet.
Login times have a lot to do with how many GPOs that you have in your environment. Remember these tips. Always prefer fewer larger GPOs opposed to many smaller ones. Each GPO has a set base processing time that can be avoided by consolidating GPOs into one larger one. Make sure you disable Computer/User settings in a GPO if you aren’t using them. This lowers login time a second or so per GPO.
So, what did I use to troubleshoot all of these things? I do curse Microsoft for getting rid of the userenv.log detailed logging. Nothing works quite as good. UPM logging is a really good place to start, however. You can turn it on in the UPM Policy GPO, and parse the logs with the UPM Log Parser. You should also be using the GPSvc.log. You can set that up using this blog. Don’t forget to create the “usermode” directory if it doesn’t exist, or the logs won’t work. You can also turn on GPP Tracing in a GPO under “Computer Configuration\Policies\Administrative Templates\System\Group Policy\Logging and Tracing”. You can turn all of these on, and enable tracing, to get detailed information of your GPPs. Some people like to use Policy Reporter to go through the logs. This is a nice tool, but I just read the logs manually.
Using all of these tips and tricks above, I was able to get my test user in my test environment to log in after about 9 seconds on the 3rd login. Obviously the first 2 logins are a tad slower as it builds the profile from scratch and runs some other scripts that I have in my environment. Now, keep in mind that’s a bare environment and your mileage will vary here as well. In my internal environment I was able to speed my logins up from around 75 seconds to 23 seconds. This is keeping in mind that our internal environment has about 847 GPOs and isn’t optimized at all. In my customer facing CSP environments I have gotten about a 75% improvement time in the environments that I have implemented these changes.
Take a look at my detailed UPM policy is here
this is a great blog post. But one question: you are excluding folders like citrix,contact,desktop, downloads ,favorites already in the UPM policy. Why are you also excluding those folders by mean of a windows gpo under system/profiles ?
If you only exclude them in the UPM policy it will create blank folders inside the profile. When you also exclude them in the GPO the folders are never created in the first place. This makes for a nice neat empty profile directory.
I love this article, very clear and so true !
Thank you for sharing this !
can you explain why you are excluding those folders/files from synchronization? I noticed that there are files in My documents and Desktop in the user profile. why are you excluding sync there
If I understand your question properly, I am not excluding any files/folders that are part of folder redirection in the UPM policy, but I am excluding them as part of the profile so the folders don’t exist in the user’s profile directory.
Thanks for posting this. I had no idea that changing shortcuts from update to create could potentially save me 150+ ms.
Don’t forget this tool
Excellent article! I would love to check out your UPM policy, but the link is broken.
Sorry about that! Fixed!
Hi, thanks for the great article. Do your users use fat clients and citrix? Are you redirecting folders for both situations or just against your Citrix servers OU? Would it be possible to show a screenshot of your folder redirection policies for redirecting all your content? Thanks again
I have only tried this on the XenApp Server’s OU. I have not tested any of these settings for fat clients. I would imagine it could have a lot of settings that would work well, and some settings that don’t. I know the “Do not wait for network at start-up” can have problems for fat clients when trying to apply GPOs and such. If you would like to do this, it would certainly need tested.
Thanks Ryan, I have set this up for TS servers only for the time being. I am having a problem with the UPM settings I think.
Basically I am trying to redirect all possible folders and then for the settings that I want to persist I want to synchronize these back to the profile with UPM. These folders include Favorites, some things under appdata. I am removing cached copies of the profile but because there is a farm in 2 separate regional locations, I don’t want the users accessing folders they use a lot in their redirected folders which could be in a different location to the xenapp farm. I would rather this was copied back to the local profile once at logon, then the changes synched back to the redirected folder when they log off and the local profile is wiped. I don’t want to replicate the redirected data to the 2 different locations yet as it isn’t large so I don’t forsee the copying over the WAN is going to cause an issue with logon speed. I can’t seem to get the UPM settings correct for this scenario – the favorites remain in the redirected folder and are not copied back to the favorites in the local profile. Any ideas on the best way to achieve this?
Jump on CitrixIRC and lets talk it thorough. http://join.citrixirc.com.
I see that link to the powershell script to clean up your profile is no longer working, do you perhaps have the updated link?
Thanks. I have fixed the link.
Firstly, thanks for that great ppost.
Secondly the link to your detailed UPM policy is no longer working.
Do you have an update on this?
Thanks. I’m glad you liked it. The link should be working. Are you still having problems?
Thanks for the great post.
My Outlook users seem to face slowness issue every day that the Outlook is simply hung for ~10 mins and can’t work at all.
Some more info:
Xenapp Citrix UPM profile.
GPO deployed to restrict Outlook “local cache” OST file to contain only mails from the latest month.
Please help on this.. Thanks
Are you storing the OST file on a file server, or in the local profile? How big are the OST files? Are you using Profile Streaming?
This is the good article about CITRIX-UPM. I have recently implement the same. I was told to create the User Home Directory too, in order to function the Citrix-UPM. Is it so?
In my configuration the Home Directory points to the root of the My Documents directory. I’m not sure if this is required, but it’s certainly a good idea to do so.
What if your running XenApp 6.5 advanced edition… Upm doesn’t support?
Yes, this assumes that you are running a version that supports the UPM, sorry.
You can use UPM on adv. edition as well. Though you’re not entitled to through licensing, it still works. There is no license check for this.
On the Evernote portion, have you had to change anything recently? I ask because I setup a GPP registry item as described pointing to \\MyFileServer\evernotedatabase$\%logonuser%, but evernote takes that path and creates it on the C drive of the server. This is using the latest release of Evernote.
After seeing that you are excluding locations within your GPO settings under System\User Profiles, it makes me wonder what other settings you have set in that location. Would you be able to detail any other settings User/Computer within the User Profile sections please?
Actually, that is the only setting I use in that GPO section. Everything else regarding profiles is part of the UPM policy and the Folder Redirection settings.
What does the Folder Redirect GPO look like if you exclude all these folders
You only exclude the folders so Windows doesn’t create blank folders inside the user profile directory. The Folder Redirect GPO has the normal settings to redirect these folders to a network drive.
I have a configuration where the downloads are not redirected and are in the profile. What will happen with the files in the download folder if I enable redirection afterwards. Will they get copied, moved, deleted?
You can set the GPO to move the contents to the new location.
Thanks for this post it’s helped with some of our UPM config. I had the same problem as Zak posted with Evernote and
we can’t get it move to a UNC path. I’m not sure if you could shed any light on this.
You you tell us something about this folder? It takes about 4MB.
UPM_Profile\AppData\Roaming\Microsoft\Document Building Blocks\1031\14
I do not know about that folder, sorry.
Great article, I recently deployed UPM and wanted to make two quick notes.
1) I thought I read with the new version of UPM that I deployed (5.1.1) they no longer required you to exclude the folders that are redirected. Though when I check in a few UPM profiles I have the blank folders there, so not sure about that one.
2) Disabling an unused computer or user side of a GPO/GPP has little effect on performance according to this article:
So curious if you have empirical testing that states otherwise?
Thanks, I appreciate it. The blank folders are removed by the GPO “Exclude Directories in Roaming Profiles” as described above.
Yes, that technet article is accurate. My tests indicated only a second or so gain when disabling compter/user section of the GPO. I would classify that as “negligible”. However, every second counts when it comes to login times. 🙂
I’m confused with XD/XA 7.5
Like other policies Citrix has moved most of them into studio. You can now set UPM settings in studio.
If I want to install and use UPM on users laptops as well as Citrix sessions so both enviroments share the same things like desktops and other items do I
a: Use a GPO on the laptops and then just replicate those settings in Studio to our Xenapp or VDI desktops?
b. Ignore the studio policies and just use a GPO for both laptops and citrix sessions?
I would stick to GPOs, personally.
I am in the process of setting up the folder redirection. Currently my path to user store is \\test01\citrix\profiles\%username%. For my redirection I am pointing them to the same place which now looks like this is incorrect (\\test01\citrix\profiles\%username%\Contacts). I am assuming these redirections should go to another place other then your path to user store?
Our difficulty is most folders we can’t redirect to the users %homepath%. We have different homepaths for different divisions so this is why I can’t map it to there. Any suggestions?
I don’t redirect anything to the profile directory, it will lead to bloat and slow login times. %homepath%\Contacts should work universally across your environment. Why is this not possible in your enviornment?
A previous admin could never get it to work. He contacted Microsoft and they said it would work like that. I just tried adding it and get “The target path is not a UNC path” If this is not a valid local path at the client, folder redirection will fail.
I am going to apply it and test it out.
I made the change and it doesn’t work. Here is what I have it set to.
Setting – Basic – Redirect everyone’s folder to the same location
Target folder – Redirect to the following location
Root Path – \\%homepath%\Desktop (Also tried without \\)
On the server I get error 502 “Failed to apply policy and redirect folder “desktop” to “\\\\Desktop”. The specified path is invalid.”
Any suggestions? I will try some other things as well.
Jump into CitrixIRC and we can work it through. http://join.citrixirc.com
Think I got it. Using %homeshare%\Desktop
Can we exclude appdata\roaming\Microsoft\Templates? What will the effects be?
You can exclude anything you want. Is there a reason you would want to exclude that specific directory? Testing would be needed to determine the user impact of that folder.
a few months ago I upgraded upm from 4.1.2 to 5.0 on my xenapp 6 farm. Since then users complain that bookmarks and passwords are not saved in Mozilla firefox on their published desktops. Any idea what could be the cause?
Cheers and keep up the good work.
That shouldn’t have anything to do with the UPM version at all. I would investigate other things. I assume other programs are still working fine?
Great article and definitely something which I would like to implement in my evironment but the links do not seem to be working.
They all appear to work fine. Which one(s) aren’t working for you?
Unless I’ve missed something, is there any reason you are doing the folder redirection with the standard User Configuration-Policies-Windows Settings-Folder Redirection GPO rather than doing it all with the Citrix UPM GPO (User Configuration-Administrative Templates-Citrix-Profile Management-Folder Redirection)?
Not really. They basically do the same thing. Most of my environments already have some form of folder redirection before we layer XenApp on top of it, so I’ve just kept that configuration.
Great article, I followed this when I set up my UPM test about 2 months ago. I’m failing on one thing with this and I don’t know why. I have two directories under my User.Name directory. I want these to be copied to the Server on Log On, and than get copied back when the user logs out. It seems this should be done with Folders To Mirror under File System > Synchronization > Folders to Mirror. However, these do not copy back and forth.
I now created a batch file that runs at startup that will copy the two directories I need so it’s local for the user. I am also working on a log off script that will copy these back…but it seemed like Folders to Mirror should be doing this for me.
Here’s what I have under List of Folders to mirror:
The bottom 2 are the big ones I want to copy to the server the user hits on log in, and than copy back when they log out. Not sure if it’s related, but users have told me that their Google Chrome cookies don’t seem to copy back when they log out.
Any help would be appreciated!
I am really interested in looking at that deletecrap script. Could you post another link?
Is anyone else having trouble with the link? It works fine for me.
Fantastic post! Should these settings work for XenDesktop as well?
Yes, they should!
Hi I am trying to use your powershell script. I changed the $Path to reflect the path of my user store and made a few other changes for some of the subfolders that our profile doesn’t have. However when I run the script I get System cannot find the path specified.
I really don’t have any experience with Powershell. do you think you can assist?
Raj, Jump into the IRC channel (http://join.citrixirc.com) and we can help you out!
I downloaded your profile cleanup script but having problems with it. I tried running the script with changing the path to reflect the correct path for my environment but i get path cannot be found error.
Can you help with that?
If you could also explain how I may be able to use the windows folder in the home folder or “profile path” effectively. the scenario: A standard home drive on server A, the citrix environment user profile and redirection is to a server B. An application I have uses ini settings in a file in the windows folder that is created when a user logs onto the citrix environment. Where are these files copied from into the windows folder on server A and how can I make sure this windows folder is created on server B and not server A perhaps under the UPM_profile folder (….%username%/profile/upm_profile…).I need the specific application to read the ini file in the windows folder in the UPM_Profile when logging onto citrix…..is it as simple as changing the home folder location in AD user settings?
Why are you including these paths in your directory synchronization?
Isn’t AppData\Roaming\* included bij default in your policy?
Good catch. This is unneeded information. This was grabbed directly from the Citrix guide http://support.citrix.com/article/CTX134081.
Hello Ryan, I have this situation at work, previously we were using XenApp local profiles stored on the C-Drive, now we implemented UPM 4.1 to save storage on our server. For some odd reason it seems to be copying users over to UPM from the local profile stored on the server at a slow rate, say 2 users a day. Is there a way to speed this up?
I will admit, I have not seen this issue before. Jump in CitrixIRC and see if any of the other guys have any ideas.
i hope you are still active in this thread.
I have a similar setup but not excluding as much stuff. I am redirecting .ost files to a network share and limiting the local cache to 1 month. .ost files range from 50meg to 600meg. Users keep having random occurrences where Outlook 2013 will crash. When the users try to relaunch it, it tells them the .ost is corrupt and needs to be scanned. After scanning, it tends to open back up and work. But may crash again in a week.
Have you seen that at all?
I hope you are still active in this thread.
I have .ost files redirected to a network share and I am caching 1 month worth of mail on the share. It works great and its fast, but periodically outlook will crash and tell users they need to repair the .ost file. After repairing it, it works for maybe a week, maybe a month. its very sporadic.
Have you seen this at all, or have any suggestions.
Cody, sadly I have not seen this before. Something else must be corrupting these .OST files. Do your users only have access to 1 desktop, or copy of Outlook at a time? I have this configuration running across about 50 customers, none of which have this issue.
Jump in CitrixIRC, maybe one of the other guys have some thoughts as well.
Generally I read such posts and thanks the person quietly. But I must say I have really enjoyed your post . You have summarized very well a list of steps so it should help me reduce the roaming profile sizes.
Thanks for the article. However I must be missing something. Anytime I exclude folders like Desktop, Documents in my citrix policy like you have, the savings aren’t changing and be saved to the network.
Is that type of information being stored in ntuser.dat? Just doesn’t seem to be taking affect.
Could this be because I am not excluding all the folders in the roaming profile?
Very Nice ..Great article ..
Keep it up …:)