Use a Service Account with XenDesktop 5

During the testing process of Citrix XenDesktop 5, we were using the built-in SQL express database so we can do a quick lab setup. Of course a production deployment would use a full blown SQL 2008 R2 enterprise edition instance with database mirroring. During the XenDesktop 5 SP1 upgrade process, we ran into an interesting error that was related to how I did the original XD5 installation.

During the original installation process I logged into the freshly provisioned VM that was soon to become our all-in-one XD5 server. So of course I logged in with my admin credentials and performed the installation, using the free built-in SQL Express option. All was fine and dandy, until another administrator tried to install SP1.

During the SP1 installation process the other administrator ran into a problem, that was tracked down to SQL. As it turns out, my account (original installer) was automatically configured as the CitrixXenDesktopDB DBO.

So naturally when someone else came along and ran SP1, which needs to update the XD database, he ran into problems. While there are several solutions to the problem, I will propose a solution that solves two problems at once.

As we also discovered, the original installer’s account credentials are also used to connect to vCenter. As it turns out I’m a vCenter admin, so that process was transparent. However, when my password expired, XenDesktop broke because it couldn’t contact vCenter. Bad!

One elegant solution is prior to installing XD5 is to create a service account, and configure it for a non-expiring password. Next, give that service account local admin rights on your XenDesktop server. If you are using MCS with vCenter, give that account the required vCenter rights. Finally, login with that service account on the XenDesktop server and proceed with your installation process. This way both SQL Express and vCenter credentials are using those of the service account, not your personal admin account.

I really wish the XD5 installer prompted for service account credentials, so both of these problems could be automatically avoided. Only after several weeks of testing and a new service pack release did we run into these issues.

Print Friendly, PDF & Email

Related Posts

Notify of
Inline Feedbacks
View all comments