\n<#\n This script will manage the start of the Citrix Desktop Service.\n\n This script will read the values under the following registry key to determine how long to wait before\n starting the Citrix Desktop Service.\n - Key: HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Citrix\\VDAHelper\n - Key: HKEY_LOCAL_MACHINE\\SOFTWARE\\Citrix\\VDAHelper\n - Note that the values set under the Policies key have a higher priority.\n The VDAHelperSettingsEnabled tells the script if it should action or ignore all other settings under this\n registry key\n - Type: REG_DWORD\n - Value: VDAHelperSettingsEnabled\n - Data: 0=False; 1=True\n The DelayDesktopServiceTime value tells this script, in seconds, how long to wait before starting the\n Citrix Desktop Service\n - Type: REG_DWORD\n - Value: DelayDesktopServiceTime\n The TriggerOnTaskEndEvent value tells this script to wait for a task to end before starting the Citrix\n Desktop Service\n - Type: REG_DWORD\n - Value: TriggerOnTaskEndEvent\n - Data: 0=False; 1=True\n The TaskNameFullPath value tells this script to which task to base the trigger event off before starting\n the Citrix Desktop Service\n - Type: REG_SZ\n - Value: TaskNameFullPath\n The MaximumTaskWaitTime value tells this script, in seconds, how long to wait for the task to start\/end\n before starting the Citrix Desktop Service. This ensures that any failure in the task trigger events\n does not ultimately prevent the Citrix Desktop Service from starting.\n - Type: REG_DWORD\n - Value: MaximumTaskWaitTime\n The LogonEventUserName value tells this script which username will be in the logon event 4624 so that it\n can collect the "Logon ID" value to match it with a logoff event.\n - Type: REG_SZ\n - Value: LogonEventUserName\n The DefaultDomainName value tells this script what to set the Winlogon DefaultDomainName value to once\n the autologon process has started. This allows us to use a local account for the Autologon process.\n - Type: REG_SZ\n - Value: DefaultDomainName\n The UsePersonalityini value tells this script to get the list of DDCs from the MCSPersonality.ini or\n Personality.ini, whichever is present.\n - Type: REG_DWORD\n - Value: UsePersonalityini\n - Data: 0=False; 1=True\n\n IMPORTANT NOTES:\n - The TriggerOnTaskEndEvent value (0 or 1) will determine if the script waits for the specified task to\n start and end or uses the DelayDesktopServiceTime value instead.\n - During the initial implementation I found that the logoff event for the autologon account may occur a few\n seconds after the task ends. When this happens, and depending on how quickly the the VDA registers with\n the Delivery Controller or Cloud Connector, it may cause a power managed VDI machine to reboot again;\n creating a reboot loop. This is simply a timing issue. So to work around this we also wait for the logoff\n event that tells us that the session has been destroyed\/terminated. This presented me with a challenge as\n I was unable tie events 4624 (logon) and 4634 (logoff) together. We can, however, tie the 4624 (logon)\n event to the 4647 (logoff) event. However, this event just tells us that the logoff was initiated and not\n complete. A 4634 (logoff) event will follow, but there is no information in that event which allows us to\n formally tie them together. Therefore, we make the assumption that the 4634 event that follows the 4647\n event is the actual complete termination of the logoff, which is when the logon session is actually\n destroyed. At this point it's then safe to start the Citrix Desktop Service without the risk of a reboot\n loop occuring.\n - I have found that it may take some time for the 4634 (logoff) event to come through that tells you that\n the session has been destroyed\/terminated. This is typically due to antivirus software.\n\n Version 3.3 Updates\n - Replaced the Get-DeliveryControllers function with the Get-ListOfDDCs function. The name of the function\n may have been misleading given that it's for both Delivery Controller or Cloud Connector addresses. It\n now allows for the C:\\Personality.ini and C:\\MCSPersonality.ini for MCS deployments.\n - Added the UsePersonalityini value to the VDAHelper registry values, which is used to call the updated\n Get-ListOfDDCs function.\n - Updated the XDPing function\n - Changed the flow of some of the code\n\n Version 3.4 Updates\n - Added extra error checking and further improved the coding\n - When we set the Winlogon DefaultDomainName value we also need to set AutoAdminLogon value to 0 and clear\n the DefaultUserName value.\n - If the Winlogon AutoAdminLogon value is 0 (disabled), and the TriggerOnTaskEndEvent is set to 1 (enabled),\n we change the TriggerOnTaskEndEvent to 0 (disabled). This reduces unnecessary further delay waiting for an\n event that will never run.\n\n Version 3.5 Updates\n - Improved the check for the Personality.ini and MCSPersonality.ini files based on the history of VDA changes.\n\n Version 3.6 Updates\n - Replaced the Get-LastBootTime function with the Get-UpTime function. This starts to phase out the reliance\n on the Get-WmiObject cmdlet, with preference to use the Get-CimInstance cmdlet.\n\n Version 3.7 Updates\n - Added a group policy update (gpupdate) to be invoked before it reads the VDAHelper registry values. I've\n found this hit and miss with MCS images. So a gpupdate helps to ensures that the registry values are in\n place.\n - Added a check to see if it is a Citrix MCS Master Image. The script will check the following value:\n Key: HKEY_LOCAL_MACHINE\\SOFTWARE\\Citrix\\Configuration\n Type: DWORD\n Value: MasterImage\n Data: 1\n This is important so that it starts the Broker service immediately so that it does not cause any issues\n with the image preparation process.\n\n Version 3.8 Updates\n - Added the Delete-BrokerAgentCachedData function, which clears the SavedListOfDDCsSids.xml as per CTX216883\n to prevent registration issues caused by old or decommissioned Delivery Controllers or Cloud Connectors.\n\n Version 3.9 Updates\n - The updates added to 3.7 that starts the Broker service immediately if it is a Citrix MCS Master Image\n caused an issue because the Broker service was left in a Manual startup type. So the fix is to set it back\n to Disabled startup type after starting it. This allows this script to control how it starts once the MCS\n Master Image is deployed.\n\n Version 3.10 Updates\n - Tweaked the updates completed under 3.9 as I experienced a timing issue. Added the Create-RegValue function\n to assist with this.\n\n Future Improvements:\n - Add an option so it only starts the Citrix Desktop Service after the session host has been joined to Azure AD.\n https:\/\/github.com\/EUCweb\/BIS-F\/issues\/387\n - Can take different actions based on image type or manual deployment.\n https:\/\/github.com\/megamorf\/CitrixImagingTools\/issues\/13\n\n Script name: StartCitrixDesktopService.ps1\n Release 3.10\n Written by Jeremy Saunders (jeremy@jhouseconsulting.com) 16th October 2017\n Modified by Jeremy Saunders (jeremy@jhouseconsulting.com) 27th March 2026\n\n#>\n\n#-------------------------------------------------------------\n\n# Set Powershell Compatibility Mode\nSet-StrictMode -Version 2.0\n\n# Enable verbose, warning and error mode\n$VerbosePreference = 'Continue'\n$WarningPreference = 'Continue'\n$ErrorPreference = 'Continue'\n\n$StartDTM = (Get-Date)\n\n#-------------------------------------------------------------\n\n$invalidChars = [io.path]::GetInvalidFileNamechars() \n$datestampforfilename = ((Get-Date -format s).ToString() -replace "[$invalidChars]","-")\n\n# Get the TEMP path\n$logPath = [System.IO.Path]::GetTempPath()\n$logPath = $logPath.Substring(0,$logPath.Length-1)\n# Note that the GetTempPath changes in Windows from February 2025 means that the SYSTEM identity returns\n# %WINDIR%\\SystemTemp by default. Note the missing slash between System and Temp. Use $env:TEMP if you\n# want it to return %WINDIR%\\System\\Temp instead.\n# Reference:\n# - https:\/\/support.microsoft.com\/en-au\/topic\/gettemppath-changes-in-windows-february-cumulative-update-preview-4cc631fb-9d97-4118-ab6d-f643cd0a7259\n\n$ScriptName = [System.IO.Path]::GetFilenameWithoutExtension($MyInvocation.MyCommand.Path.ToString())\n$logFile = "$logPath\\$ScriptName-$($datestampforfilename).log"\n\ntry {\n Start-Transcript "$logFile"\n}\ncatch {\n write-verbose "$(Get-Date): This host does not support transcription"\n}\n\n#-------------------------------------------------------------\n\n# Set to true to invoke a gpupdate before it reads the VDAHelper registry values.\n$InvokeGPUpdate = $True\n\n# Set to true if you want to check if there are valid Delivery Controller(s) or\n# Cloud Connectors set under the following registry values:\n# - HKLM\\SOFTWARE\\Policies\\Citrix\\VirtualDesktopAgent\\ListOfDDCs\n# - HKLM\\SOFTWARE\\Citrix\\VirtualDesktopAgent\\ListOfDDCs\n# Note that the Policies value is checked first.\n$CheckForValidity = $True\n\n# Set the number of seconds to wait between validity checks of the ListOfDDCs\n# registry value.\n$interval = 10\n\n# Set the number of times to repeat the validity before continuing.\n$RepeatValidityCheck = 25\n\n# Set to true if you want to restart the service(s) if already started.\n$StopServiceIfAlreadyStarted = $True\n\n# Create the hashtable for services to be started\n$ServicesToStart = @{}\n\n# Create an object for each service that needs to be started\n$objService = New-Object -TypeName PSObject -Property @{\n "Name"\t=\t"BrokerAgent"\n "DisplayName"\t=\t"Citrix Desktop Service"\n}\n# Add the object to the hashtable\n$ServicesToStart.Add($objService.Name,$objService)\n\n#-------------------------------------------------------------\n\nFunction Get-VDAHelperSettings {\n # This function read the values under the following registry key to determine how long to wait\n # before starting the Citrix Desktop Service.\n # - Key: HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Citrix\\VDAHelper\n # - Key: HKEY_LOCAL_MACHINE\\SOFTWARE\\Citrix\\VDAHelper\n # Note that the values set under the Policies key have a higher priority.\n $regKey1 = "SOFTWARE\\Citrix\\VDAHelper"\n $regKey2 = "SOFTWARE\\Policies\\Citrix\\VDAHelper"\n $ResultProps = @{\n VDAHelperSettingsEnabled = 0\n DelayDesktopServiceTime = 0\n TriggerOnTaskEndEvent = 0\n TaskNameFullPath = ""\n MaximumTaskWaitTime = 0\n LogonEventUserName = ""\n DefaultDomainName = ""\n UsePersonalityini = 0\n }\n $results = @()\n # Create an instance of the Registry Object and open the HKLM base key\n $reg = [microsoft.win32.registrykey]::OpenRemoteBaseKey('LocalMachine',$env:computername) \n Try {\n $thisRegKey = $reg.OpenSubKey($regKey1)\n ForEach ($Key in $($ResultProps.Keys)) {\n Try {\n If ($null -ne $thisRegKey.GetValue($Key)) {\n If ($thisRegKey.GetValueKind($Key) -eq "String") {\n $ResultProps.$Key = $thisRegKey.GetValue($Key).Trim()\n } Else {\n $ResultProps.$Key = $thisRegKey.GetValue($Key)\n }\n }\n }\n Catch [System.Exception] {\n #$($_.Exception.Message)\n }\n }\n }\n Catch [System.Exception] {\n #$($_.Exception.Message)\n }\n Try {\n $thisRegKey = $reg.OpenSubKey($regKey2)\n ForEach ($Key in $($ResultProps.Keys)) {\n Try {\n If ($null -ne $thisRegKey.GetValue($Key)) {\n If ($thisRegKey.GetValueKind($Key) -eq "String") {\n $ResultProps.$Key = $thisRegKey.GetValue($Key).Trim()\n } Else {\n $ResultProps.$Key = $thisRegKey.GetValue($Key)\n }\n }\n }\n Catch [System.Exception] {\n #$($_.Exception.Message)\n }\n }\n }\n Catch [System.Exception] {\n #$($_.Exception.Message)\n }\n $results += New-Object PsObject -Property $ResultProps\n return $results\n}\n\nFunction IsTaskValid {\n param([string]$TaskNameFullPath)\n If ($TaskNameFullPath -Match "\\\\") {\n $TaskName = $TaskNameFullPath.Split('\\')[1]\n $TaskRootFolder = $TaskNameFullPath.Split('\\')[0] + "\\"\n } Else {\n $TaskName = $TaskNameFullPath\n $TaskRootFolder = "\\"\n }\n $TaskExists = $False\n # Create the TaskService object.\n Try {\n [Object] $service = new-object -com("Schedule.Service")\n If (!($service.Connected)){\n Try {\n $service.Connect()\n $rootFolder = $service.GetFolder("$TaskRootFolder")\n $rootFolder.GetTasks(0) | ForEach-Object {\n If ($_.Name -eq $TaskName) {\n $TaskExists = $True\n } #If\n } #ForEach\n } #Try\n Catch [System.Exception]{\n "Scheduled Task Connection Failed"\n }\n } #If\n } #Try\n Catch [System.Exception]{\n "Scheduled Task Object Creation Failed"\n } #Catch\n return $TaskExists\n}\n\nFunction IsEventLogValid {\n param([string]$EventLog)\n $EventLogExists = $False\n Try {\n Get-WinEvent -ListLog "$EventLog" -ErrorAction Stop | out-null\n $EventLogExists = $True\n }\n Catch [System.Exception]{\n #$($_.Exception.Message)\n }\n return $EventLogExists\n}\n\nfunction Get-TaskEventRunTime {\n param (\n [switch]$start,\n [switch]$end,\n [string]$taskPath\n )\n $results = @()\n $ResultProps = @{\n EventFound = $False\n TimeCreated = [datetime]"1\/1\/1600"\n ErrorMessage = ""\n }\n # in case taskpath contains quotes, have to escape (double) them\n $taskPath = $taskPath.Replace("'","''")\n If ($Start) {\n # fetch the most recent start event (100) event\n $XPath = "*[System[(EventID=100)]] and *[EventData[Data[1]='" + $taskPath + "']]"\n }\n If ($End) {\n # fetch the most recent success event (102) or failed (111) event\n $XPath = "*[System[((EventID=102) or (EventID=111))]] and *[EventData[Data[1]='" + $taskPath + "']]"\n }\n Try {\n get-winevent -LogName 'Microsoft-Windows-TaskScheduler\/Operational' -FilterXPath $XPath -MaxEvents 1 -ErrorAction Stop | ForEach-Object{\n $ResultProps.EventFound = $True\n $ResultProps.TimeCreated = $_.TimeCreated\n }\n }\n Catch {\n $ResultProps.ErrorMessage = $($_.Exception.Message)\n #$($_.Exception.Message)\n }\n $results += New-Object PsObject -Property $ResultProps\n return $results\n}\n\nFunction Get-UpTime {\n # This function will get the uptime of the machine, returning both the LastBootUpTime in Date\/Time\n # format, and also as a TimeSpan.\n param (\n [switch]$UseWinRM,\n [int]$WinRMTimeoutSec=30\n )\n $ResultProps = @{ \n LBTime = $null\n TimeSpan = $null\n Success = $False\n }\n Try {\n If ($UseWinRM) {\n # LastBootUpTime from Get-CimInstance is already been converted to Date\/Time\n $LBTime = (Get-CimInstance -ClassName Win32_OperatingSystem -OperationTimeoutSec $WinRMTimeoutSec -ErrorAction Stop).LastBootUpTime\n } Else {\n $LBTime = [Management.ManagementDateTimeConverter]::ToDateTime((Get-WmiObject -Class Win32_OperatingSystem -ErrorAction Stop).LastBootUpTime)\n }\n If ($LBTime -ne $null) {\n [TimeSpan]$uptime = New-TimeSpan $LBTime $(get-date)\n $ResultProps.LBTime = $LBTime\n $ResultProps.TimeSpan = $uptime\n $ResultProps.Success = $True\n }\n }\n Catch {\n $($_.Exception.Message)\n }\n return $ResultProps\n}\n\nfunction Get-LogonLogoffEvent {\n param (\n [switch]$Logon,\n [switch]$Logoff,\n [string]$UserName,\n [string]$Event,\n [string]$LogonID=""\n )\n $results = @()\n $ResultProps = @{\n EventFound = $False\n TimeCreated = [datetime]"1\/1\/1600"\n LogonID = ""\n }\n If ($Logon) {\n # Query to check that the session has logged on.\n$xmlquery=@"\n<QueryList>\n <Query Id="0" Path="Security">\n <Select Path="Security">\n\t\t*[System[(EventID='4624')]]\n\t\tand\n\t\t*[EventData[Data[@Name='TargetUserName'] and (Data='$UserName')]]\n\t\tand\n\t\t*[EventData[Data[@Name='LogonType'] and ((Data='2') or (Data='3'))]]\n\t\tand\n\t\t*[EventData[Data[@Name='ProcessName'] and ((Data='C:\\Windows\\System32\\winlogon.exe') or (Data='C:\\Windows\\System32\\svchost.exe'))]]\n\t<\/Select>\n <\/Query>\n<\/QueryList>\n"@\n }\n If ($Logoff -AND $Event -eq "4647") {\n # Query to check that the logoff has been initiated\n$xmlquery=@"\n<QueryList>\n <Query Id="0" Path="Security">\n <Select Path="Security">\n\t\t*[System[(EventID='4647')]]\n\t\tand\n\t\t*[EventData[Data[@Name='TargetUserName'] and (Data='$UserName')]]\n\t\tand\n\t\t*[EventData[Data[@Name='TargetLogonId'] and (Data='$LogonID')]]\n\t<\/Select>\n <\/Query>\n<\/QueryList>\n"@\n }\n If ($Logoff -AND $Event -eq "4634") {\n # Query to check that the session has been terminated\/destroyed\n$xmlquery=@"\n<QueryList>\n <Query Id="0" Path="Security">\n <Select Path="Security">\n\t\t*[System[(EventID='4634')]]\n\t\tand\n\t\t*[EventData[Data[@Name='TargetUserName'] and (Data='$UserName')]]\n\t\tand\n\t\t*[EventData[Data[@Name='LogonType'] and ((Data='2') or (Data='3'))]]\n\t<\/Select>\n <\/Query>\n<\/QueryList>\n"@\n }\n Try {\n Get-WinEvent -MaxEvents 1 -FilterXml $xmlquery -ErrorAction Stop | ForEach-Object{\n $ResultProps.EventFound = $True\n $ResultProps.TimeCreated = $_.TimeCreated\n if ($_.ID -eq "4624") {\n $ResultProps.LogonID = $_.Properties[7].Value\n }\n if ($_.ID -eq "4647") {\n $ResultProps.LogonID = $_.Properties[3].Value\n }\n if ($_.ID -eq "4634") {\n #\n }\n }\n }\n Catch {\n #$($_.Exception.Message)\n }\n $results += New-Object PsObject -Property $ResultProps\n return $results\n}\n\nFunction Test-ScheduledTaskCompletionAfterRegistration {\n # This function retrieves the most recent "Task Registered" event (Event ID 106) and then\n # checks whether a "Task Completed" event (Event ID 102) occurred after that registration.\n # It returns:\n # - The registration time.\n # - The most recent completion time (if any).\n # - A Boolean indicating whether the task completed after registration.\n # We can then use the CompletedAfterRegistration boolean value to determine if the task\n # has run once since registration.\n # If you delete the Scheduled Task, the Events will still be found in the\n # "Microsoft-Windows-TaskScheduler\/Operational" Event Log. This can be misleading. Always\n # pair this function with the IsTaskValid and IsEventLogValid functions to ensure you get\n # accurate results.\n [CmdletBinding()]\n param (\n [Parameter(Mandatory)]\n [string]$TaskName\n )\n $logName = "Microsoft-Windows-TaskScheduler\/Operational"\n try {\n # Get the latest 'Task Registered' event (Event ID 106)\n $registeredEvent = Get-WinEvent -LogName $logName -FilterXPath "*[System[(EventID=106)] and EventData[Data[@Name='TaskName']='$TaskName']]" -MaxEvents 1 -ErrorAction Stop\n if (-not $registeredEvent) {\n Write-Warning "No 'Task Registered' event found for task '$TaskName'."\n return\n }\n $registeredTime = $registeredEvent.TimeCreated\n $lastCompletedTime = $null\n $completedAfterRegistration = $false\n # Get recent 'Task Completed' events (Event ID 102)\n $completedEvents = Get-WinEvent -LogName $logName -FilterXPath "*[System[(EventID=102)] and EventData[Data[@Name='TaskName']='$TaskName']]" -MaxEvents 100 -ErrorAction Stop\n foreach ($event in $completedEvents) {\n if ($event.TimeCreated -gt $registeredTime) {\n $lastCompletedTime = $event.TimeCreated\n $completedAfterRegistration = $true\n break\n }\n }\n [PSCustomObject]@{\n TaskName = $TaskName\n LastRegisteredTime = $registeredTime\n LastCompletedTime = $lastCompletedTime\n CompletedAfterRegistration = $completedAfterRegistration\n }\n }\n catch {\n #"Error occurred: $_"\n }\n}\n\nFunction XDPing {\n # This function performs an XDPing to make sure the Delivery Controller or Cloud Connector is in a healthy state.\n # It tests whether the Broker service is reachable, listening and processing requests on its configured port.\n # We do this by issuing a blank HTTP POST requests to the Broker's Registrar service. Including "Expect: 100-continue"\n # in the body will ensure we receive a respose of "HTTP\/1.1 100 Continue", which is what we use to verify that it's in\n # a healthy state.\n # You will notice that you can also pass proxy parameters to the function. This is for test and development ONLY. I\n # added this as I was using Fiddler to test the functionality and make sure the raw data sent was correctly formatted.\n # I decided to leave these parameters in the function so that others can learn and understand how this works.\n # To work out the best way to write this function I decompiled the VDAAssistant.Backend.dll from the Citrix Health\n # Assistant tool using JetBrains decompiler.\n # Written by Jeremy Saunders\n param(\n [Parameter(Mandatory=$True)][String]$ComputerName, \n [Parameter(Mandatory=$True)][Int32]$Port,\n [String]$ProxyServer="", \n [Int32]$ProxyPort,\n [Switch]$ConsoleOutput\n )\n $service = "http:\/\/${ComputerName}:${Port}\/Citrix\/CdsController\/IRegistrar"\n $s = "POST $service HTTP\/1.1`r`nContent-Type: application\/soap+xml; charset=utf-8`r`nHost: ${ComputerName}:${Port}`r`nContent-Length: 1`r`nExpect: 100-continue`r`nConnection: Close`r`n`r`n"\n $log = New-Object System.Text.StringBuilder\n $log.AppendLine("Attempting an XDPing against $ComputerName on TCP port number $port") | Out-Null\n $listening = $false\n If ([string]::IsNullOrEmpty($ProxyServer)) {\n $ConnectToHost = $ComputerName\n [int]$ConnectOnPort = $Port\n } Else {\n $ConnectToHost = $ProxyServer\n [int]$ConnectOnPort = $ProxyPort\n $log.AppendLine("- Connecting via a proxy: ${ProxyServer}:${ProxyPort}") | Out-Null\n }\n try {\n $socket = New-Object System.Net.Sockets.Socket ([System.Net.Sockets.AddressFamily]::InterNetwork, [System.Net.Sockets.SocketType]::Stream, [System.Net.Sockets.ProtocolType]::Tcp)\n try {\n $socket.Connect($ConnectToHost,$ConnectOnPort)\n if ($socket.Connected) {\n $log.AppendLine("- Socket connected") | Out-Null\n $bytes = [System.Text.Encoding]::ASCII.GetBytes($s)\n $socket.Send($bytes) | Out-Null\n $log.AppendLine("- Sent the data") | Out-Null\n $numArray = New-Object byte[] 21\n $socket.ReceiveTimeout = 5000\n $socket.Receive($numArray) | Out-Null\n $log.AppendLine("- Received the following 21 byte array: " + [BitConverter]::ToString($numArray)) | Out-Null\n $strASCII = [System.Text.Encoding]::ASCII.GetString($numArray)\n $strUTF8 = [System.Text.Encoding]::UTF8.GetString($numArray)\n $log.AppendLine("- Converting to ASCII: `"$strASCII`"") | Out-Null\n $log.AppendLine("- Converting to UTF8: `"$strUTF8`"") | Out-Null\n $socket.Send([byte[]](32)) | Out-Null\n $log.AppendLine("- Sent a single byte with the value 32 (which represents the ASCII space character) to the connected socket.") | Out-Null\n $log.AppendLine("- This is done to gracefully signal the end of the communication.") | Out-Null\n $log.AppendLine("- This ensures it does not block\/consume unnecessary requests needed by VDAs.") | Out-Null\n if ($strASCII.Trim().StartsWith("HTTP\/1.1 100 Continue", [System.StringComparison]::CurrentCultureIgnoreCase)) {\n $listening = $true\n $log.AppendLine("- The service is listening and healthy") | Out-Null\n } else {\n $log.AppendLine("- The service is not listening") | Out-Null\n }\n try {\n $socket.Close()\n $log.AppendLine("- Socket closed") | Out-Null\n } catch {\n $log.AppendLine("- Failed to close socket") | Out-Null\n $log.AppendLine("- ERROR: $_") | Out-Null\n }\n $socket.Dispose()\n } else {\n $log.AppendLine("- Socket failed to connect") | Out-Null\n }\n } catch {\n $log.AppendLine("- Failed to connect to service") | Out-Null\n $log.AppendLine("- ERROR: $_") | Out-Null\n }\n } catch {\n $log.AppendLine("- Failed to create socket") | Out-Null\n $log.AppendLine("- ERROR: $_") | Out-Null\n }\n If ($ConsoleOutput) {\n Write-Host $log.ToString().TrimEnd()\n }\n return $listening\n}\n\nFunction Delete-BrokerAgentCachedData {\n # This function will delete the SavedListOfDDCsSids.xml\n # The SavedListOfDDCsSids.xml file can onlt be accessed and deleted by the SYSTEM account. Therefore,\n # this function will only work as expected when this script is run as a scheduled task.\n param (\n [int]$WinRMTimeoutSec=30\n )\n Try {\n $PersistentDataLocation = (Get-CimInstance -Namespace 'root\\citrix\\desktopinformation' -ClassName 'Citrix_VirtualDesktopInfo' -OperationTimeoutSec $WinRMTimeoutSec -ErrorAction Stop).PersistentDataLocation\n If (![string]::IsNullOrEmpty($PersistentDataLocation)) {\n If (Test-Path -path "$PersistentDataLocation") {\n $BrokerAgentInfoFolder = Join-Path $PersistentDataLocation 'BrokerAgentInfo'\n $targets = @('SaveListOfDdcsSids.xml','ListOfSIDs.xml') | ForEach-Object { Join-Path $BrokerAgentInfoFolder $_ }\n ForEach ($target in $targets) {\n If (Test-Path -path "$target") {\n write-verbose "$(Get-Date): Removing the `"$target`" file" -verbose\n Remove-Item $target -Force -ErrorAction SilentlyContinue\n }\n }\n }\n }\n }\n Catch {\n #$($_.Exception.Message)\n }\n}\n\nFunction Get-ListOfDDCs {\n # This function will get the list of DDCs from either the Registry or the MCSPersonality.ini\/Personality.ini,\n # depending on the value of the UsePersonalityini parameter.\n # You can get the list from either the Registry or ini file. I was initially considering prioritising it, but\n # felt that this would be too confusing and lead to potential issues.\n # If it gets the list from the registry, it will prioritise getting it from the Policy-based (LGPO or GPO) key\n # over the Registry-based (manual, GPP, specified during VDA installation) key.\n # Even though Citrix changed MCS images from Personality.ini to MCSPersonality.ini from VDA 2303, this function\n # will check for both for legacy reasons.\n # At least 1 controller in the list of DDCs must return True from the XDPing function for the IsServiceListening\n # property to be set to True.\n # References:\n # - https:\/\/docs.citrix.com\/en-us\/citrix-virtual-apps-desktops\/manage-deployment\/vda-registration.html\n # - https:\/\/portal.nutanix.com\/page\/documents\/solutions\/details?targetId=RA-2018-Citrix-Virtual-Apps-and-Desktops-Service-NCA-Disaster-Recovery:citrix-virtual-delivery-agent-registration.html\n param (\n [switch]$UsePersonalityini\n )\n #----------------- Set Variables ------------------\n $UseRegistry = $False\n If ($UsePersonalityini -eq $False) {\n $UseRegistry = $True\n }\n $DeliveryControllers = ""\n $Port = 80\n $IsServiceListening = $False\n $ListOfDDCsValue = "ListOfDDCs"\n $ListOfDDCsPropertyExist = $False\n $ListOfDDCsValueExist = $False\n $ControllerRegistrarPortValue = "ControllerRegistrarPort"\n $ControllerRegistrarPortValueExists = $False\n $RegPath = ""\n $RegPath1 = "HKLM:\\SOFTWARE\\Policies\\Citrix\\VirtualDesktopAgent"\n $RegPath2 = "HKLM:\\SOFTWARE\\Citrix\\VirtualDesktopAgent"\n $FilePath = ""\n #---------------- Process Registry ----------------\n If ($UseRegistry) {\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "$RegPath1" | Select-Object -ExpandProperty "$ListOfDDCsValue") -ne $null) {\n $ListOfDDCsPropertyExist = $True\n $ListOfDDCsValueExist = $True\n $RegPath = $RegPath1\n }\n If ((Get-ItemProperty -Path "$RegPath1" | Select-Object -ExpandProperty "$ControllerRegistrarPortValue") -ne $null) {\n $ControllerRegistrarPortValueExists = $True\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n If ([String]::IsNullOrEmpty($RegPath)) {\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "$RegPath2" | Select-Object -ExpandProperty "$ListOfDDCsValue") -ne $null) {\n $ListOfDDCsPropertyExist = $True\n $ListOfDDCsValueExist = $True\n $RegPath = $RegPath2\n }\n If ((Get-ItemProperty -Path "$RegPath2" | Select-Object -ExpandProperty "$ControllerRegistrarPortValue") -ne $null) {\n $ControllerRegistrarPortValueExists = $True\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n }\n }\n #--------------- Process ini Files ----------------\n If ($UsePersonalityini) {\n # Due to VDA upgrades and the change from Personality.ini to MCSPersonality.ini from VDA 2303, both ini files can potentially exist in the root of the C drive.\n # The assumption is that the one that was last written to is the live ini file.\n $FilePath = Get-ChildItem -Path "${env:SYSTEMDRIVE}\\" -Filter '*Personality.ini' | Where-Object {$_.Extension -eq ".ini"} | Sort-Object -Property LastWriteTime -Descending | Select-Object -First 1\n If ($null -ne $FilePath) {\n $Personalityini = (Get-Content -Path $FilePath.FullName) -match 'ListOfDDCs='\n If ($Personalityini -ne $null) {\n $ListOfDDCsPropertyExist = $True\n $DeliveryControllers = ($Personalityini | Select-String "$ListOfDDCsValue" | ForEach-Object {$_.Line}).split('=')[1]\n If (![string]::IsNullOrEmpty($DeliveryControllers)) {\n $ListOfDDCsValueExist = $True\n }\n }\n }\n }\n #----------------- Process output -----------------\n If ($ListOfDDCsValueExist) {\n If ($UseRegistry) {\n $DeliveryControllers = Get-ItemProperty -Path "$RegPath" | Select-Object -ExpandProperty "$ListOfDDCsValue"\n If ($ControllerRegistrarPortValueExists) {\n $Port = Get-ItemProperty -Path "$RegPath" | Select-Object -ExpandProperty "$ControllerRegistrarPortValue"\n }\n }\n If (![string]::IsNullOrEmpty($DeliveryControllers)) {\n $delimiters = "[, ]+" # Splits by comma or space, handling multiple delimiters\n $DeliveryControllers -split $delimiters | ForEach{\n # Check to to make sure it is an FQDN, so contains at least 1 decimal point\n $charCount = ($_.ToCharArray() | Where-Object {$_ -eq '.'} | Measure-Object).Count\n If ($charCount -gt 0) {\n # Check that at least 1 Delivery Controller is valid\n $TestConnection = (XDPing -ComputerName "$_" -Port $Port)\n If ($TestConnection) { $IsServiceListening = $True }\n }\n }\n } Else {\n $DeliveryControllers = "Not found"\n }\n } Else {\n $DeliveryControllers = "Not found"\n }\n $results = @()\n $ResultProps = @{\n UseRegistry = $UseRegistry\n RegPath = $RegPath.replace("HKLM:\\","HKLM\\")\n UsePersonalityini = $UsePersonalityini\n FilePath = $FilePath\n ListOfDDCsPropertyExist = $ListOfDDCsPropertyExist\n ListOfDDCsValueExist = $ListOfDDCsValueExist\n DeliveryControllers = $DeliveryControllers\n Port = $Port\n IsServiceListening = $IsServiceListening\n }\n $results += New-Object PsObject -Property $ResultProps\n return $results\n}\n\nFunction Create-RegValue {\n param (\n [String]$Path,\n [String]$Value,\n [String]$Data,\n [String]$Type\n )\n $ValueExists = $False\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "$Path" | Select-Object -ExpandProperty "$Value") -ne $null) {\n $ValueExists = $True\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n If ($ValueExists) {\n write-verbose "- Setting the $Value registry value to $Data" -verbose\n Set-ItemProperty -Path "$Path" -Name "$Value" -Type $Type -Value $Data -Force\n } Else {\n write-verbose "- Creating the $Value registry value and setting it to $Data" -verbose\n New-ItemProperty -Path "$Path" -Name "$Value" -PropertyType $Type -Value $Data | Out-Null\n }\n}\n\n#-------------------------------------------------------------\n\n$ServiceExists = $False\nif (Get-Service -Name "BrokerAgent" -ErrorAction SilentlyContinue) {\n $ServiceExists = $True\n write-verbose "$(Get-Date): The `"Citrix Desktop Service`" service was found" -verbose\n} else {\n write-warning "$(Get-Date): The `"Citrix Desktop Service`" service does not exist" -verbose\n}\n\n$IsMCSMasterImage = $False\n$ErrorActionPreference = "stop"\ntry {\n If ((Get-ItemProperty -Path "HKLM:\\SOFTWARE\\Citrix\\Configuration" | Select-Object -ExpandProperty "MasterImage") -ne $null) {\n [int]$MasterImageValue = (Get-ItemProperty -Path "HKLM:\\SOFTWARE\\Citrix\\Configuration" -Name "MasterImage").MasterImage\n If ($MasterImageValue -eq 1) {\n $IsMCSMasterImage = $True\n }\n }\n}\ncatch {\n #\n}\n$ErrorActionPreference = "Continue"\n\nIf ($IsMCSMasterImage -eq $False) {\n\n # Get the Operating System Major, Minor, Build and Revision Version Numbers\n $OSVersion = [System.Environment]::OSVersion.Version\n [int]$OSMajorVer = $OSVersion.Major\n [int]$OSMinorVer = $OSVersion.Minor\n [int]$OSBuildVer = $OSVersion.Build\n # Get the UBR (Update Build Revision) from the registry so that the full build number\n # is the same as the output of of the ver command line.\n [int]$OSRevisionVer = 0\n $Path = "HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"\n $ValueExists = $False\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "$Path" | Select-Object -ExpandProperty "UBR") -ne $null) {\n $ValueExists = $True\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n If ($ValueExists) {\n [int]$OSRevisionVer = (Get-ItemProperty -Path "$Path" -Name UBR).UBR\n }\n\n If ($InvokeGPUpdate) {\n # Update group policy.\n write-verbose "$(Get-Date): Invoking a Group Policy Update..." -verbose\n $gpupdate = Invoke-Command { gpupdate.exe \/force }\n # Split up the results between Computer Policy and User Policy\n $computerResult = $gpupdate | Select-String "Computer Policy"\n If ($computerResult | Select-String "errors") {\n write-warning "$(Get-Date): - Group Policy Update failed!" -verbose\n } Else {\n write-verbose "$(Get-Date): - Group Policy Update was successful." -verbose\n }\n }\n\n #-------------------------------------------------------------\n\n $VDAHelperSettings = Get-VDAHelperSettings\n write-verbose "$(Get-Date): The VDA Helper settings are:" -verbose\n $VDAHelperSettingsEnabled = $VDAHelperSettings.VDAHelperSettingsEnabled\n write-verbose "$(Get-Date): - VDAHelperSettingsEnabled: $VDAHelperSettingsEnabled (0=False,1=True)" -verbose\n $TriggerOnTaskEndEvent = $VDAHelperSettings.TriggerOnTaskEndEvent\n write-verbose "$(Get-Date): - TriggerOnTaskEndEvent: $TriggerOnTaskEndEvent (0=False,1=True)" -verbose\n $TaskNameFullPath = $VDAHelperSettings.TaskNameFullPath\n write-verbose "$(Get-Date): - TaskNameFullPath: $TaskNameFullPath" -verbose\n $DelayDesktopServiceTime = $VDAHelperSettings.DelayDesktopServiceTime\n write-verbose "$(Get-Date): - DelayDesktopServiceTime: $DelayDesktopServiceTime seconds" -verbose\n $MaximumTaskWaitTime = $VDAHelperSettings.MaximumTaskWaitTime\n write-verbose "$(Get-Date): - MaximumTaskWaitTime: $MaximumTaskWaitTime seconds" -verbose\n $LogonEventUserName = $VDAHelperSettings.LogonEventUserName\n write-verbose "$(Get-Date): - LogonEventUserName: $LogonEventUserName" -verbose\n $DefaultDomainName = $VDAHelperSettings.DefaultDomainName\n write-verbose "$(Get-Date): - DefaultDomainName: $DefaultDomainName" -verbose\n $UsePersonalityini = $VDAHelperSettings.UsePersonalityini\n write-verbose "$(Get-Date): - UsePersonalityini: $UsePersonalityini (0=False,1=True)" -verbose\n # To avoid any issues using passing UsePersonalityini as a parameter for the Get-ListOfDDCs function, we cast it to [bool].\n # - [bool]0 evaluates to $false\n # - [bool]1 (or any non-zero value) evaluates to $true\n $UsePersonalityini = [bool]$UsePersonalityini\n\n If ($TriggerOnTaskEndEvent) {\n $AutoAdminLogon = "0"\n $ErrorActionPreference = "stop"\n try {\n If ((Get-ItemProperty -Path "HKLM:\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" | Select-Object -ExpandProperty "AutoAdminLogon") -ne $null) {\n [string]$AutoAdminLogon = (Get-ItemProperty -Path "HKLM:\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon" -Name "AutoAdminLogon").AutoAdminLogon\n }\n }\n catch {\n #\n }\n $ErrorActionPreference = "Continue"\n If ($AutoAdminLogon -eq "0") {\n write-verbose "$(Get-Date): - Disabled the TriggerOnTaskEndEvent because AutoAdminLogon is disabled." -verbose\n $TriggerOnTaskEndEvent = 0\n }\n }\n\n # There may be circumstances when WinRM fails if is being reconfigured and or restarted at computer startup.\n # This may happen if there is a conflicting startup script running in your environment. So we just loop until\n # it's successful.\n $LastBootTime = $null\n Do {\n $GetUpTime = Get-UpTime -UseWinRM:$True\n If ($GetUpTime.Success) {\n $LastBootTime = $GetUpTime.LBTime\n } Else {\n write-warning "$(Get-Date): Could not retrieve the LastBootTime. Will try again in 1 second!" -verbose\n Start-Sleep -Milliseconds 1000\n }\n } Until ($GetUpTime.Success)\n write-verbose "$(Get-Date): This host was last booted on $LastBootTime" -verbose\n\n If ($CheckForValidity -AND $ServiceExists) {\n $SkippingValidationTest = $False\n $DeliveryControllers = ""\n $i = 0\n Do {\n If ($UsePersonalityini -eq $False) {\n write-verbose "$(Get-Date): Checking to see if there is a valid DDCs set under the following registry values:" -verbose\n write-verbose "$(Get-Date): - `"HKLM\\SOFTWARE\\Policies\\Citrix\\VirtualDesktopAgent\\ListOfDDCs`"" -verbose\n write-verbose "$(Get-Date): - `"HKLM\\SOFTWARE\\Citrix\\VirtualDesktopAgent\\ListOfDDCs`"" -verbose\n } Else {\n write-verbose "$(Get-Date): Checking to see if there is a valid DDCs set in the following ini files:" -verbose\n write-verbose "$(Get-Date): - `"${env:SYSTEMDRIVE}\\Personality.ini`"" -verbose\n write-verbose "$(Get-Date): - `"${env:SYSTEMDRIVE}\\MCSPersonality.ini`"" -verbose\n }\n $IsValid = Get-ListOfDDCs -UsePersonalityini:$UsePersonalityini\n\n # If the Personality.ini does not contain a ListOfDDCs Property, it's not an MCS image\n # that leverages the Personality.ini, so we skip the validation tests and break out of\n # the Do Until loop.\n If ($UsePersonalityini -AND $IsValid.ListOfDDCsPropertyExist -eq $False) {\n write-verbose "$(Get-Date): - The host does not contain the ListOfDDCs Property in the Personality.ini" -verbose\n $SkippingValidationTest = $True\n break\n }\n\n $DeliveryControllers = $IsValid.DeliveryControllers\n $Port = $IsValid.Port\n If ([String]::IsNullOrEmpty($DeliveryControllers) -OR $DeliveryControllers -eq "Not found") { $DeliveryControllers = "none set" }\n If ($UsePersonalityini -eq $False) {\n write-verbose "$(Get-Date): - Values found under `"$($IsValid.RegPath)`"" -verbose\n } Else {\n write-verbose "$(Get-Date): - Values found under `"$($IsValid.FilePath)`"" -verbose\n }\n write-verbose "$(Get-Date): - Attempting an XDPing to Delivery Controller(s) or Cloud Connector(s): $DeliveryControllers" -verbose\n write-verbose "$(Get-Date): - Using TCP port: $Port" -verbose\n write-verbose "$(Get-Date): - Note that at least one Delivery Controller or Cloud Connector must test successfully." -verbose\n If (!$IsValid.IsServiceListening) {\n write-verbose "$(Get-Date): - XDPing failed" -verbose\n write-verbose "$(Get-Date): - Will check again in $interval seconds" -verbose\n $i++\n If ($i -eq $RepeatValidityCheck) { break }\n Start-Sleep -Seconds $interval\n }\n } Until ($IsValid.IsServiceListening -eq $True)\n If ($IsValid.IsServiceListening) {\n write-verbose "$(Get-Date): - XDPing successful" -verbose\n } Else {\n If ($SkippingValidationTest) {\n write-verbose "$(Get-Date): - Continuing without validating Delivery Controller(s) or Cloud Connector(s): $DeliveryControllers" -verbose\n } Else {\n write-verbose "$(Get-Date): - Continuing with invalid Delivery Controller(s) or Cloud Connector(s): $DeliveryControllers" -verbose\n }\n }\n }\n\n $SetDefaultDomainName = $False\n $TaskExists = $False\n $EventLogExists = $False\n If (![string]::IsNullOrEmpty($TaskNameFullPath)) {\n $TaskExists = IsTaskValid -TaskName:"$TaskNameFullPath"\n $EventLog = "Microsoft-Windows-TaskScheduler\/Operational"\n $EventLogExists = IsEventLogValid -EventLog:"$EventLog"\n If ($EventLogExists -eq $False) {\n write-warning "The `"$EventLog`" Event Log does not" -verbose\n write-warning "exist. This may be because there's a new disk attached to the virtual" -verbose\n write-warning "machine and the Event Logs haven't finished being moved to the new" -verbose\n write-warning "location. If this is the case, restarting the Virtual Machine again" -verbose\n write-warning "should address this issue." -verbose\n }\n }\n\n If ($VDAHelperSettingsEnabled -AND $ServiceExists) {\n\n If ($LastBootTime -gt (Get-Date)) {\n If ($TriggerOnTaskEndEvent) {\n $TriggerOnTaskEndEvent = $False\n write-warning "$(Get-Date -format "dd\/MM\/yyyy HH:mm:ss"): The last boot up time is greater than the current time. This means that we are unable to trigger on a task event because we cannot accurately correlate the Event logs due to not having a valid starting point." -verbose\n }\n }\n\n If ($TriggerOnTaskEndEvent -AND $TaskExists -AND $EventLogExists) {\n write-verbose "$(Get-Date): The `"$TaskNameFullPath`" task is valid" -verbose\n $StartPhase = (Get-Date)\n $ValidStart = $False\n $ValidEnd = $False\n $ValidLogoffInitiated = $False\n $ValidLogoffTerminated = $False\n Do {\n $TaskLastStartTime = (Get-TaskEventRunTime -Start -Taskpath "$TaskNameFullPath").TimeCreated\n write-verbose "$(Get-Date): The task last started on $TaskLastStartTime" -verbose\n If ($LastBootTime -lt $TaskLastStartTime) {\n write-verbose "$(Get-Date): - The task has started." -verbose\n $ValidStart = $True\n } Else {\n write-verbose "$(Get-Date): - Waiting $(((Get-Date)-$StartPhase).TotalSeconds) seconds for the task to start after the reboot..." -verbose\n }\n If ($(((Get-Date)-$StartPhase).TotalSeconds) -ge $MaximumTaskWaitTime) {\n $ValidStart = $True\n $ValidEnd = $True\n }\n Start-Sleep -Seconds 1\n } Until ($ValidStart -eq $True)\n Do {\n $TaskLastEndTime = (Get-TaskEventRunTime -End -Taskpath "$TaskNameFullPath").TimeCreated\n write-verbose "$(Get-Date): The task last finished on $TaskLastEndTime" -verbose\n If ($LastBootTime -lt $TaskLastEndTime -AND $TaskLastStartTime -lt $TaskLastEndTime){\n write-verbose "$(Get-Date): - The task has ended." -verbose\n $ValidEnd = $True\n } Else {\n write-verbose "$(Get-Date): - Waiting $(((Get-Date)-$StartPhase).TotalSeconds) seconds for the task to end..." -verbose\n }\n If ($(((Get-Date)-$StartPhase).TotalSeconds) -ge $MaximumTaskWaitTime) {\n $ValidEnd = $True\n }\n Start-Sleep -Seconds 1\n } Until ($ValidEnd -eq $True)\n\n # Confirming that the session has logged on.\n $LogonEvent = Get-LogonLogoffEvent -Logon -UserName:"$LogonEventUserName"\n If ($LogonEvent.EventFound) {\n write-verbose "$(Get-Date): A valid logon event was found for the `"$LogonEventUserName`" user account on $($LogonEvent.TimeCreated)" -verbose\n Do {\n # Confirming that the logoff has been initiated.\n $LogoffEvent4647 = Get-LogonLogoffEvent -Logoff -Event:"4647" -UserName:"$LogonEventUserName" -LogonID:"$($LogonEvent.LogonID)"\n If ($LogonEvent.TimeCreated -lt $LogoffEvent4647.TimeCreated){\n write-verbose "$(Get-Date): - The logoff was initiated on $($LogoffEvent4647.TimeCreated)" -verbose\n $ValidLogoffInitiated = $True\n } Else {\n write-verbose "$(Get-Date): - Waiting $(((Get-Date)-$StartPhase).TotalSeconds) seconds for the account to logoff..." -verbose\n }\n If ($(((Get-Date)-$StartPhase).TotalSeconds) -ge $MaximumTaskWaitTime) {\n $ValidLogoffInitiated = $True\n $ValidLogoffTerminated = $True\n }\n Start-Sleep -Seconds 1\n } Until ($ValidLogoffInitiated -eq $True)\n Do {\n # Confirming that the session has been terminated\/destroyed.\n For ($i=1; $i -le 10) {\n If ($OSMajorVer -eq 6 -AND $OSMinorVer -eq 1) {\n $LogoffEvent4634 = Get-LogonLogoffEvent -Logoff -Event:"4634" -UserName:"${env:computername}$"\n $i = 10\n } Else {\n $LogoffEvent4634 = Get-LogonLogoffEvent -Logoff -Event:"4634" -UserName:"DWM-$i"\n }\n If ($LogoffEvent4647.TimeCreated -le $LogoffEvent4634.TimeCreated){\n write-verbose "$(Get-Date): - The logoff for user DWM-$i was terminated on $($LogoffEvent4634.TimeCreated)" -verbose\n $ValidLogoffTerminated = $True\n } Else {\n write-verbose "$(Get-Date): - Waiting $(((Get-Date)-$StartPhase).TotalSeconds) seconds for the account to logoff..." -verbose\n }\n If ($(((Get-Date)-$StartPhase).TotalSeconds) -ge $MaximumTaskWaitTime) {\n $ValidLogoffTerminated = $True\n }\n If ($ValidLogoffTerminated) {\n Break\n }\n $i++\n }\n Start-Sleep -Seconds 1\n } Until ($ValidLogoffTerminated -eq $True)\n # Disable the TriggerOnTaskEndEvent to reduce further delay waiting for an event that will never run.\n $TriggerOnTaskEndEvent = 0\n } Else {\n write-verbose "$(Get-Date): No valid logon event was found for the `"$LogonEventUserName`" user account." -verbose\n }\n } Else {\n If ($TriggerOnTaskEndEvent) {\n If ($TaskExists -eq $False) {\n write-warning "The `"$TaskNameFullPath`" task does not exist" -verbose\n }\n }\n write-verbose "$(Get-Date): Delaying the starting of the Citrix Desktop Service for $DelayDesktopServiceTime seconds" -verbose\n Start-Sleep -s $DelayDesktopServiceTime\n }\n }\n\n $SetDefaultDomainName = $True\n If ($TriggerOnTaskEndEvent) {\n If (![string]::IsNullOrEmpty($TaskNameFullPath)) {\n If ($TaskExists -AND $EventLogExists) {\n $HasTaskCompleteOnce = Test-ScheduledTaskCompletionAfterRegistration -TaskName:"$TaskNameFullPath"\n If ($VDAHelperSettingsEnabled -AND $HasTaskCompleteOnce.CompletedAfterRegistration -eq $False) {\n $SetDefaultDomainName = $False\n Write-Verbose "$(Get-Date): The `"$TaskNameFullPath`" Scheduled Task has not completed." -verbose\n If (!([String]::IsNullOrEmpty($DefaultDomainName))) {\n $WaitTimeInMinutes = 10\n Write-Verbose "$(Get-Date): - waiting up to $($WaitTimeInMinutes) minutes for the Scheduled Task to run and complete." -verbose\n $i = 0\n Do {\n $HasTaskCompleted = Test-ScheduledTaskCompletionAfterRegistration -TaskName:"$TaskNameFullPath"\n Start-Sleep -s 60\n $i = $i + 1\n If ($i -eq $WaitTimeInMinutes) {\n $HasTaskCompleted = $True\n }\n } Until ($HasTaskCompleted -eq $True)\n }\n }\n }\n }\n }\n $WinlogonPath = "HKLM:\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon"\n If (!([String]::IsNullOrEmpty($DefaultDomainName))) {\n If ($SetDefaultDomainName) {\n Write-Verbose "$(Get-Date): Setting the DefaultDomainName Winlogon value to `"$DefaultDomainName`"" -verbose\n Set-ItemProperty -Path $WinlogonPath -Name "DefaultDomainName" -Value "$DefaultDomainName" -Type STRING -Force\n Write-Verbose "$(Get-Date): Setting the AutoAdminLogon registry value to 0." -verbose\n Set-ItemProperty -Path $WinlogonPath -Name AutoAdminLogon -Value 0 -Type STRING -Force\n Write-Verbose "$(Get-Date): Clearing the DefaultUserName registry value." -verbose\n Set-ItemProperty -Path $WinlogonPath -Name DefaultUserName -Value "" -Type STRING -Force\n } Else {\n Write-Verbose "$(Get-Date): The DefaultDomainName Winlogon registry value will not be set." -verbose\n }\n } Else {\n Write-Verbose "$(Get-Date): DefaultDomainName does not have a value set under the VDAHelper registry key." -verbose\n }\n\n} Else {\n Write-Warning "$(Get-Date): This Citrix VDA is the MCS Master Iamge." -verbose\n Write-Warning "$(Get-Date): The Broker service will be started immediately to avoid issues during the image preparation process." -verbose\n}\n\nIf ($ServiceExists) {\n Delete-BrokerAgentCachedData\n ForEach ($key in $ServicesToStart.keys) {\n $ServiceName = $ServicesToStart.$key.Name\n $ServiceDisplayName = $ServicesToStart.$key.DisplayName\n\n write-verbose "$(Get-Date): Setting the `"$ServiceDisplayName`" service to Manual start type..." -verbose\n\n # Possible results using the sc.exe command line tool:\n # [SC] ChangeServiceConfig SUCCESS\n # [SC] OpenSCManager FAILED 5: Access is denied.\n # [SC] OpenSCManager FAILED 1722: The RPC server is unavailable." --> Computer shutdown\n # [SC] OpenService FAILED 1060: The specified service does not exist as an installed service." --> Service not installed\n\n Invoke-Command {cmd \/c sc.exe config "$ServiceName" start= demand} | out-null\n\n If ($StopServiceIfAlreadyStarted) {\n # Stop the service\n $objservice = Get-Service "$ServiceName" -ErrorAction SilentlyContinue\n If ($objService) {\n If ($objService.Status -eq "Running") {\n write-verbose "$(Get-Date): Stopping the service..." -verbose\n stop-service -name "$ServiceName" -verbose\n do { \n Start-sleep -s 5\n write-verbose "$(Get-Date): - waiting for the service to stop" -verbose\n } \n until ((get-service "$ServiceName").Status -eq "Stopped")\n write-verbose "$(Get-Date): - the service has stopped" -verbose\n } Else {\n If ($objService.Status -eq "Stopped") {\n write-verbose "$(Get-Date): The service is not running" -verbose\n }\n }\n } Else {\n write-verbose "$(Get-Date): The `"$ServiceDisplayName`" service does not exist" -verbose\n }\n }\n\n # Start the Service\n $objservice = Get-Service "$ServiceName" -ErrorAction SilentlyContinue\n If ($objService) {\n If ($objService.Status -eq "Stopped") {\n write-verbose "$(Get-Date): Starting the service..." -verbose\n start-service -name "$ServiceName" -verbose\n If ($IsMCSMasterImage) {\n If ($ServiceName -eq "BrokerAgent") {\n # We cannot set the Citrix Desktop Service (BrokerAgent) service back to Disabled until it's been started. However, if\n # the MCS image preparation process completes and starts to shutdown the machine whilst the service is still starting, the\n # command to disable the service will not run and therefore leave the service set to Manual start type. This is a timing\n # issue. So the trick here is to immediately set the service to disabled via the registry, which won't interfere with the\n # service starting, and will ensure that it is disabled in the image.\n write-verbose "$(Get-Date): Setting the `"$ServiceDisplayName`" service to Disabled start type so that this script will control how it starts once the MCS Master Image is deployed..." -verbose\n Create-RegValue -Path:"HKLM:\\SYSTEM\\CurrentControlSet\\Services\\$ServiceName" -Value:"Start" -Data:4 -Type:DWORD\n }\n }\n do { \n Start-sleep -s 5 \n write-verbose "$(Get-Date): - waiting for the service to start" -verbose\n } \n until ((get-service "$ServiceName").Status -eq "Running") \n write-verbose "$(Get-Date): - the service has started" -verbose\n } Else {\n If ($objService.Status -eq "Running") {\n write-verbose "$(Get-Date): The service is already running" -verbose\n }\n }\n } Else {\n write-verbose "$(Get-Date): The `"$ServiceDisplayName`" service does not exist" -verbose\n }\n }\n}\n\n#-------------------------------------------------------------\n\n$EndDTM = (Get-Date)\nwrite-verbose "$(Get-Date): Elapsed Time: $(($EndDTM-$StartDTM).TotalSeconds) Seconds" -Verbose\nwrite-verbose "$(Get-Date): Elapsed Time: $(($EndDTM-$StartDTM).TotalMinutes) Minutes" -Verbose\n\ntry {\n Stop-Transcript\n}\ncatch {\n write-verbose "$(Get-Date): This host does not support transcription"\n}\n<\/pre><\/div>\n\n\nEnjoy!<\/p>\n\n\n\n\n\n\n","protected":false},"excerpt":{"rendered":"
This is a process I’ve been working on since early 2017. I got it to a point where it works perfectly for my needs in my lab and several customer environments, and has been very reliable over the last few months, so I decided it was ready to release to the community in March 2019. … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[14,5,91,38,242],"tags":[864,534,535,862,858,863,865,538,861,847,845,842,851,852,853,843,844,540,541,542,539,537,536],"class_list":["post-1894","post","type-post","status-publish","format-standard","hentry","category-citrix","category-scripting","category-vdi","category-xenapp","category-xendesktop","tag-autoadminlogon","tag-brokeragent","tag-citrix-desktop-service","tag-cloud-connector","tag-cloud-connectors","tag-defaultdomainname","tag-defaultusername","tag-delay","tag-delivery-controller","tag-hkey_local_machinesoftwarecitrixvirtualdesktopagent","tag-hkey_local_machinesoftwarepoliciescitrixvirtualdesktopagent","tag-listofddcs","tag-masterimage","tag-mastermcsimage","tag-masterpvsimage","tag-mcspersonality-ini","tag-personality-ini","tag-pooled","tag-power-managed","tag-reboot-loop","tag-register","tag-startup","tag-vda"],"aioseo_notices":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts\/1894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/comments?post=1894"}],"version-history":[{"count":5,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts\/1894\/revisions"}],"predecessor-version":[{"id":3565,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/posts\/1894\/revisions\/3565"}],"wp:attachment":[{"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/media?parent=1894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/categories?post=1894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-json\/wp\/v2\/tags?post=1894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"VDA](\"https:\/\/www.jhouseconsulting.com\/jhouseconsulting\/wp-content\/uploads\/2025\/07\/VDAHelper-680x285.png\")