TThe Windows logon and logoff process is a complex part of a Terminal Server environment, and these processes are complicated even more when Citrix MetaFrame Presentation Server is installed. However, knowing how these processes really work can cut down your troubleshooting time.
This article can’t cover all aspects and every detail of the logon and logoff processes. However, it will take a look at these processes from an administrator’s standpoint (as opposed to taking a developer’s perspective).
The first part of this article covers the session initialization. It covers the steps that take place from the time a client tries to connect until the application shows up on the user’s desktop. (Note that we’re only talking about the actual connection from the client to the server. We are not talking about application enumeration or load balancing since those activities take place before a client connects to a server.)
The second part of this article will cover the disconnection and logoff processes.
No matter how an ICA session is invoked (Program Neighborhood, Web Interface, double-clicking an ICA file, etc.), the ICA client engine (wfica32.exe for Win32 clients) fires up and loads the module.ini file from the root folder of the ICA Client. The module.ini file defines the specific capabilities that the ICA client should or can use. Therefore, when troubleshooting, it’s possible (and useful) to change settings in the module.ini to change the capabilities of the ICA Client. For example, you might chose to disable specific client drives (DisableDrives=A,D,F) or to enable server drives in a pass-through session (NativeDriveMapping=TRUE).
If the client has or gets a valid TSCAL, the server’s WinLogon.exe process calls the GINA (and any linked GINAs, like ctxgina.dll when MetaFrame is installed) and the user is presented with the logon GUI.
The GINA then calls UserInit.exe which is responsible for setting up the user’s environment (restoring net uses, etc.). When Terminal Server is installed, UserInit queries the registry key AppSetup located in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon and executes all the programs listed in that key. By default this is limited to UsrLogon.cmd, although MetaFrame XP adds cmstart.exe to the list and MetaFrame version 3 adds CtxHide UsrLogon.cmd, and CmStart.exe. (Those of you who’ve been using Terminal Server for awhile will remember that UsrLogon.com is a hold-over from the early days when application compatibility scripts were used. See Microsoft article KB195950.)
The last thing UserInit does is launch the user’s shell as specified in the registry. By default this is explorer.exe, although you can change it to whatever you want and have some fun with your colleagues by changing theirs to progman.exe.
Once the shell is fired up the final steps take place, including items listed in the run registry keys and the programs from the Startup folder.
Everything on the server side that we’ve mentioned so far is Microsoft only. It applies if you’re connecting via a standard Terminal Server / RDP session or via a MetaFrame ICA session, (For more detail on WinLogon, UserInit, Csrss, and other Windows processes, take a look at Microsoft Knowledge Base article KB263201.)
Now let’s take a look at what happens when Citrix is thrown in the picture. As we mentioned earler, UserInit also executes the CmStart.exe process. CmStart.exe is the Citrix Client Manager Starting Utility and it’s responsible for two things:
- It starts the Citrix seamless windows engine shell called wfshell.exe.
- It launches the Citrix Client Manager (cltmgr.exe ) that’s used to keep the ICA client up to date.
The following screenshot is of Systernals’ Process Explorer running during a MetaFrame session start.
Citrix Client Manager Starting Utility (CmStart.exe)
Citrix Seamless engine (wfshell.exe)
- Crashes of wfshell.exe (CTX102634)
- High CPU spikes of wfshell.exe
- Slow logons
- Printer being not mapped
Advice: Don’t use third party printer drivers and don’t use PCL6 Drivers.
Citrix Client Manager (cltmgr.exe )
- Crashes of wfshell.exe
- Slow logons (without updating the client)
Advice: If the Client Update feature is not used, you should disable the client update database on every Citrix server (Start | Run | cudutil.exe | Database | Properties | uncheck enable).