Citrix Virtual Apps and Desktops

Uploading the AOT logs from CVAD Core Components

If you have configured the log server in HTTPS mode https://<LogServerFQDN>:port, make sure the necessary certificate is properly installed and trusted on your system.

  1. Uploading AOT logs from Storefront™

    #Enable uploading in HTTP
    
    Set-STFDiagnosticsLogServer -Server LogServerFQDN:8080
    
    #Or to use HTTPS
    
    Set-STFDiagnosticsLogServer -Server https://LogServerFQDN:8443
    
    #Disable
    
    Clear-STFDiagnosticsLogServer
    
    #The configuration will take effect in one hour. To apply the changes immediately, restart the Citrix Telemetry Service.
    <!--NeedCopy-->
    
  2. Uploading AOT logs from DDC:

    #Enable uploadng in HTTP
    Set-ConfigSite -LogServerEnabled $true -LogServerName LogServerFQDN -LogServerPort 8080
    
    #Or enable HTTPS
    Set-ConfigSite -LogServerEnabled $true -LogServerName https://LogServerFQDN -LogServerPort 8443
    #Disable HTTP
    Set-ConfigSite -LogServerEnabled $false -LogServerName LogServerFQDN -LogServerPort 8080
    #Disable HTTPS
    Set-ConfigSite -LogServerEnabled $false -LogServerName https://LogServerFQDN -LogServerPort 8443
    <!--NeedCopy-->
    
  3. Enable AOT on Windows VDA:

From the machine where you installed DDC, run the below commands and after this you need to restart Citrix Desktop Service to make it take effect immediately.

```bash
#Initiate, run following commands in DDC powershell
$configSlot = New-BrokerConfigurationSlot -Name VdaAotTracing -Description VdaAotTracing -SettingsGroup G=Telemetry


#If using HTTPS, parameter of -Endpoint should be "https://logserverFQDN:8443"
$policy = New-BrokerLogServerAddress -Enabled $true -Endpoint "logserverFQDN:8080"
$mc = New-BrokerMachineConfiguration -ConfigurationSlotUid $configSlot.Uid -LeafName VdaAotTracing -Policy $policy


# Using the real DeliverygroupName of your VDA.
$dg = Get-BrokerDesktopGroup -Name "DeliverygroupName"  
Add-BrokerMachineConfiguration -InputObject $mc -DesktopGroup $dg


#Restart Citrix Desktop Service in your VDA to make it take effect immediately.
<!--NeedCopy--> ```

Update when the log server address or port changed:

```bash
#Update, run following commands in DDC powershell
#If using HTTPS, parameter of -Endpoint should be "https://NewLogServerFQDN:8443"


$policy = New-BrokerLogServerAddress -Enabled $true -Endpoint "NewLogServerFQDN:8443"
Set-BrokerMachineConfiguration -Name "VdaAotTracing\VdaAotTracing" -Policy $policy
$mc=Get-BrokerMachineConfiguration -Name "VdaAotTracing\VdaAotTracing"

# Using the real DeliverygroupName of your VDA.
$dg = Get-BrokerDesktopGroup -Name "DeliverygroupName"
Add-BrokerMachineConfiguration -InputObject $mc -DesktopGroup $dg
#Restart Citrix Desktop Service in your VDA to make it take effect immediately.
<!--NeedCopy--> ```

How to disable:

```bash
#Disable, run following commands in DDC powershell


#If using HTTPS, parameter of -Endpoint should be "https://LogServerFQDn:8443"
$policy = New-BrokerLogServerAddress -Enabled $false -Endpoint "LogServerFQDN:8080"
Set-BrokerMachineConfiguration -Name "VdaAotTracing\VdaAotTracing" -Policy $policy
$mc=Get-BrokerMachineConfiguration -Name "VdaAotTracing\VdaAotTracing"

# Using the real DeliverygroupName of your VDA.
$dg = Get-BrokerDesktopGroup -Name "DeliverygroupName" 
Add-BrokerMachineConfiguration -InputObject $mc -DesktopGroup $dg

#Restart Citrix Desktop Service in your VDA to make it take effect immediately.

<!--NeedCopy--> ```
  1. Enable AOT on WindowsVDA directly:

Run the command directly on the machine(WindowsVDA) where you want to upload AOT. This will only take effect on the machine where the command is applied.

```bash
# Enable AOT uploading for Windows VDA
#If using HTTPS, parameter of -AotDataStoreEndpoint should be "https://LogServerFQDN:8443"

Enable-CitrixAOTUpload -AotDataStoreEndpoint LogServerFQDN:8443 -Role WVDA

# Disable AOT uploading
Disable-CitrixAOTUpload
<!--NeedCopy--> ```

Viewing and Using AOT Logs

Accessing Logs via Log Server

To keep your logs secure, you will need an AuthKey before downloading them. Here is what to do:

  1. Get your AuthKey – Use your own role-name/name to generate it.
  2. Run locally – Scripts can only run on the machine where the Docker container is installed.
  3. Windows users – Use the GetAuthKey.bat scripts instead of shell scripts.
  4. Download logs – Once authenticated, you can safely retrieve your logs.

    For Linux
    ./GetAuthKey.sh role-name
    {"key":"ebac9b7726cb4be597c92c6769134d25","role":"role-name","status":"DONE"}
    
    For Windows
    GetAuthKey.bat role-name
    {"key":"ebac9b7726cb4be597c92c6769134d25","role":"role-name","status":"DONE"}
    
    #Save the key: ebac9b7726cb4be597c92c6769134d25 by yourself. It's the only way to get the key.
    <!--NeedCopy-->
    

List machine names that have already sent their AOT logs to the logserver:

```bash
#The parameter is the key get from GetAuthKey.sh
For linux:
./ListMachines.sh ebac9b7726cb4be597c92c6769134d25
{"machines":["MachineName"]}
#Empty machines means that there has no log

For Windows:
ListMachines.bat ebac9b7726cb4be597c92c6769134d25
{"machines":["MachineName"]}
#Empty machines means that there has no log
<!--NeedCopy--> ```

Download logs by Machine name and Time range. Time is in UTC format.

```bash
#Usage: ./DownloadLogsByTime.sh [AuthKey] [MachineName] [StartTime] [EndTime] [OutputFile]
#Example: 

For Linux
./DownloadLogsByTime.sh ebac9b7726cb4be597c92c6769134d25 MachineName 2025-01-01T00:00:00Z 2025-01-02T00:00:00Z logs.csv

For Windows
DownloadLogsByTime.bat ebac9b7726cb4be597c92c6769134d25 MachineName 2025-01-01T00:00:00Z 2025-01-02T00:00:00Z logs.csv
<!--NeedCopy--> ```

Download logs by keyword/s filter. Time is in UTC format:

Note:

  • A keyword can be a single word or a combination of words.
  • Keywords can match anywhere within the log message.
  • A Transaction ID can also be used as a keyword.
```bash
#Usage: ./DownloadLogsByWords.sh [AuthKey] [StartTime] [EndTime] [SearchWords] [OutputFile]

#Example:
For Linux:
./DownloadLogsByWords.sh authkey 2025-01-01T00:00:00.000Z 2025-12-31T23:59:59.999Z "session launch" logs.csv

For Windows:
DownloadLogsByWords.bat authkey 2025-01-01T00:00:00.000Z 2025-12-31T23:59:59.999Z "failed vda" logs.csv
<!--NeedCopy--> ```
Uploading the AOT logs from CVAD Core Components