Blog

  1. XenApp Farm Health Report

    UPDATE: Version 2 of this script has been released

    I recently created a Powershell script to report on several key items in a XenApp 6.x farm and e-mail a health check report. I run this script as a scheduled task on a XenApp server on a daily 7:00 am trigger. It gives XenApp administrators some confidence that the farm is in a good operational state for the day.

    The script checks the health of a XenApp 6.x farm and e-mails two reports. The full farm health report is attached to the e-mail and any errors encountered are in an html report embedded in the email body.
    This script checks the following:
    – Ping response
    – Logon enabled
    – Assigned Load Evaluator
    – ICA port response (at this stage only ICA, not CGP is tested)
    – WMI response (to check for WMI corruption)
    – Server uptime (to ensure scheduled reboots are occurring)
    – Server folder path and worker group memberships are report for informational purposes

  2. Export SSL certificate from Access Gateway 5

    We recently set up a Citrix Access Gateway 5 VPX appliance for a client and created the CSR from the Access Gateway. We then needed to add the certificate to the internal Web Interface sites which use the same external DNS name. Here is the process to export the certificate from Access Gateway and import into IIS.

      1. From the web admin console of the Access Gateway export the required certificate into a .cer file. This will contain the private key and public certificate. You will be prompted to enter a password.
      2. Download OpenSSL and install on a Windows computer.
      3. Download and install Notepad++
      4. Open the .cer file using Notepad++, select the Private Key and copy it into a new Notepad++ document. Save this as Cert_Private.txt
      1. Select the certificate(s) and copy to t new Notepad++ document. Save this as Cert_Public.txt. Ensure all certificates are selected and copied.
      1. You now need to convert these PEM format files into a PFX which can be imported in IIS. OpenSSL is used to do this:
    openssl.exe pkcs12 -export -out Cert.pfx -inkey Cert_Private.txt -in Cert_Public.txt
    1. You can now take the generated Cert.pfx and import into IIS
  3. Citrix XenApp Virtualization Best Practice – Rule #1

    Virtualizing XenApp servers is now the norm. All the standard benefits of general server virtualisation apply to XenApp server consolidation, however the consolidation ratio of XenApp servers is different to general servers.

    When virtualising general server workloads it is common, and desirable, to overcommit host resources to achieve a high consolidation ratio. General server workloads do not have interactive sessions, unlike a XenApp server. The end user is unlikely to notice spikes in utilisation on a virtualised file server or print server, however they are likely to notice even short spikes in utilisation on a virtualised XenApp server. The VM configuration has been carefully planned to ensure that host resources are not overcommitted which ensures host resources are available to XenApp VMs even when the host is under load.

    Rule #1: Do not overcommit CPU

    Total vCPUs <= Total logical CPU cores
    Total vCPUs: The total number of vCPUs across all VMs on a host
    Total logical CPU cores: The total number of physical CPU cores on a host, multiplied by two if hyperthreading is enabled (which is should be)
    For example, take a host with dual hex core CPUs with hyperthreading enabled.
    Physical CPU cores: 2 x 6 = 12
    Logical CPU cores: 12 x 2 = 24
    So with this host no more that 24 vCPUs should be assigned to XenApp VMs.
    But what about the number of vCPUs per XenApp VM? There is no definitive rule here, only load testing with your specific configuration and workload will determine the optimal number of vCPUs per VM. The number of vCPUs must also be balanced with the amount of memory assigned to the VM. In general 2 – 8 vCPUs will be assigned to a XenApp VM.
    If you found this useful keep an eye our for Rule #2 which will look at NUMA node considerations when virtualizing XenApp workloads.
  4. Logoff scripts not running with XenApp or RDS published apps

    I have had a long couple of weeks looking into an issue where logoff scripts do not run with XenApp 6.5 published applications or with Windows Server 2008 R2 RemoteApp. Logoff scripts work perfectly from a published desktop, or if the user is added to the local Administrators or Power Users group. To make troubleshooting more challenging, sometimes logoff scripts will work…. just sometimes.
    The issue appears to be something to do with wfshell.exe as wfshell.exe hangs at logoff for 10 seconds and if an administrator terminates the users wfshell.exe process the logoff scripts run as expected. A fix suggested in the Citrix forums is to add wfshell.exe to LogoffCheckSysModules as described in CTX891671, but this did not work for me.
    I ended up rebuilding a XenApp 6.5 server from scratch for the client who was experiencing this issue and the problem went away, so I know it was something installed which was causing the issue but I could not track down the culprit. The looming “solution” was to rebuild the entire farm! Which I was understandably not that happy with, so I decided to log a case with Citrix who ended up providing a workaround which I have successfully tested.
    Add wfshell.exe to the list of processes RDS may safely terminate by adding an entry to:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Sysprocs
    wfshell.exe = 0 (REG_DWORD)
    I pushed this entry out to the farm using Group Policy Preferences which is easy, and ensures the setting will always apply to all farm servers.

  5. Remote Assistance PowerShell GUI for XenApp

    Shadowing to or from multi-monitor desktops is broken in Windows Server 2008 R2, which means Citrix XenApp 6.x. Nothing new here, I read about this on Joshua Mueller’s blog about a year ago, and Citrix also has an article based on explaining how to use Microsoft Remote Assistance as alternative shadowing method.

    While RA is a good alternative the problem is that there is no integration with the XenApp farm; a support person must find the user session within the XenApp console, find the XenApp server the session is on, open RA using msra.exe /offerra, enter the server name and finally select the user session from the drop-down list. Phew. A few too many steps for support staff who do this day-in day-out.

    Surely there must be a better way! There is, but it’s not perfect either. I had some fun using Sapien PrimalForms CE to create a PowerShell GUI which helps automate the task of finding a XenApp user session and shadowing the user via Remote Assistance. To find the free version of PrimalForms go to downloads, sign up, and look in the Community Tools section for the free download.

    Here is a quick overview of the script:
    Run the script RemoteAssistance.ps1 from a XenApp server and you will be prompted for a username, enter a username and hit search and all the user’s sessions will be listed:

    Select a session, hit Connect and Remote Assistance will open and connect to the XenApp server.

    Select the user from the drop-down list and click Next to shadow the session.

    Hold on. If you can automatically connect to the server, surely you can also connect straight to the user session and eliminate this last step? Right? Simple? No. Please, someone tell me I have missed something simple and there is a way to make Remote Assistance connect to the server and the session. All the script is doing is passing arguments to msra.exe, and these are the options msra.exe excepts:

    Yes there is a argument, but no argument 🙁

    So this Remote Assistance GUI is helpful, but far from perfect. Please let me know if you find it useful, would like it modified, or know of another way of invoking a Remote Assistance session where the username can be parsed.

    The script can be published in XenApp using this command line:
    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -WindowStyle Hidden -File “\\server\share\RemoteAssistance.ps1”

    Download the script from here.

  6. Display the server name on Citrix Web Interface

    When load balancing Citrix Web Interface servers a useful tweak is to display the Web Interface server in small text on the web page. This assists in troubleshooting any issues as you can easily ask the user to tell you the web server they are connected to. I do not recommend making this change to external facing sites (via Access Gateway) to ensure internal server names are not exposed.
    Browse to your Web Interface site /app_data/include folder and edit footer.inc and add the code shown in blue below:

    <%
    // footer.inc
    // Copyright (c) 2000 – 2010 Citrix Systems, Inc. All Rights Reserved.
    // Web Interface 5.3.0.0
    %>




    Copy the modified footer.inc to all Web Interface sites/servers and now when you browse to your Web Interface site you will see something like this at the bottom of the web page:

    And in case anyone was wondering, I always use Citrix NetScaler VPX for load balancing Citrix Web Interface.

  7. Flight Centre Desktop Virtualisation enables Business Continuity

    Deptive designed and implemented the Citrix XenApp 6 desktop virtualisation solution for Flight Centre New Zealand in late 2010. An article has recently been published by CIO NZ where IT manager Kelvin Kroll speaks of the business continuity benefits during the Christchurch disaster; affected staff where easily able to be relocated to other stores and even to stores of rival travel agent.
    Read the full article here, unfortunately Deptive is not mentioned by name though.

  8. Enable the Citrix Desktop Viewer with XenApp

     

    The Citrix Desktop Viewer toolbar if officially supported with XenDesktop only, but also works with XenApp. The Desktop Viewer is enabled on the each Web Interface/Web Services site in WebInterface.conf by adding the line ShowDesktopViewer=On
    The Desktop Viewer can also be enabled and disabled in default.ica on each Web Interface site where ConnectionBar=0 disables and ConnectionBar=1 enables the Desktop Viewer. This setting is found in the [Application] section. However, when ConnectionBar=1 is set this breaks seamless applications – they are seamless no more and have frame with the Desktop Viewer showing which is probably NOT what you are after! I recommend using for former method of setting ShowDesktopViewer=On only.

    Note that once the Desktop Viewer is enabled the display settings from the farm and Web Interface are ignored the idea being that Desktop Viewer gives the user control of how to size and place their desktop session. Enabling the Desktop Viewer on a desktop appliance site where a published desktop automatically opens full screen will break this functionality; the desktop session will open in a window instead.

  9. How to determine the client IP address in XenApp 6

    26 Sep 2012: See my updated method here.

    I have been modifying a client’s 2500 line VBScript login script recently (what a beast!) and had to find a replacement for ICACLIENTINFO.EXE which was used in their Presentation Server 4.0 environment to determine the client IP address and map printers based on subnet. ICACLIENTINFO.EXE does not work with XenApp 6/6.5, so I had to find a replacement method. After some hunting through the registry I found this:
    HKLM\SOFTWARE\Citrix\Ica\Session\2\Connection\ClientAddress
    Now I just had to find a way to determine the Session ID, which was easier than I thought:
    HKCU\Volatile Environment\2

    And now to put it together into a script:
    Set objShell = CreateObject(“Wscript.Shell”)
    aRegKeys = RegEnum(“.”, “HKCU”, “Volatile Environment”)
    sessionID = aRegKeys(0)
    strIPCTXClient = objShell.RegRead(“HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Ica\Session\” & sessionID & “\Connection\ClientAddress”)
    WScript.Echo “Client IP Address: ” & strIPCTXClient

    ‘************************************************************************
    ‘*
    ‘* Function RegEnum()
    ‘*
    ‘* Purpose:Enumerate all subkeys of the specified registry key.
    ‘*
    ‘* Input:strHkey – registry hive (HKLM, HKCU etc)
    ‘* strKey – the registry key to enumerate
    ‘*
    ‘* Output: An array of the subkeys. An empty array is returned for an error.
    ‘*
    ‘************************************************************************
    Function RegEnum(strTarget, strHkey, strKey)
    Const VBObjectError = -2147221504
    Const FUNCTIONNAME = “RegEnum ()”

    Dim intHkey

    Const HKEY_CLASSES_ROOT = &H80000000
    Const HKEY_CURRENT_USER = &H80000001
    Const HKEY_LOCAL_MACHINE = &H80000002
    Const HKEY_USERS = &H80000003
    Const HKEY_CURRENT_CONFIG = &H80000005

    Select Case UCase(strHkey)
    Case “HKCR”
    intHkey = HKEY_CLASSES_ROOT
    Case “HKCU”
    intHkey = HKEY_CURRENT_USER
    Case “HKLM”
    intHkey = HKEY_LOCAL_MACHINE
    Case “HKU”
    intHkey = HKEY_USERS
    Case “HKCC”
    intHkey = HKEY_CURRENT_CONFIG
    Case Else
    Err.Raise vbObjectError, FUNCTIONNAME, “Invalid HKEY: ” & strHkey
    RegEnum = Array()
    Exit Function
    End Select

    On Error Resume Next
    Dim objReg
    Set objReg=GetObject(“winmgmts:{impersonationLevel=impersonate}!\\”&_
    strTarget & “\root\default:StdRegProv”)

    If Err <> 0 Then
    RegEnum = Array()
    Exit Function
    End If

    ‘ Get all subkeys in the specified key
    Dim arrSubKeys
    objReg.EnumKey intHkey, strKey, arrSubKeys

    If Err <> 0 Then
    RegEnum = Array()
    Exit Function
    End If

    If IsArray(arrSubKeys) Then
    RegEnum = arrSubKeys
    Else
    RegEnum = Array()
    End If

    End Function

  10. Citrix acquires RingCube

    Citrix have just announced their acquisition of RingCube, it’s been an active few months for Citrix with their recent acquisition of Kaviza. RingCube’s vDesk product fits in the user virtualisation/user personalisation category along with products from Unidesk and AppSense. vDesk is much more than user profile management (likewise for the Unidesk and AppSense products), to quote RingCube’s website “The vDesk workspace separates the user’s desktop environment, including applications, data, and settings, from the operating system”….. “When administrators need to provision new applications, update existing applications or deliver data to the users’ workspace, they simply make the change in the master workspace, apply the new version of the master to the user or group, and a differential update is automatically pushed to the user at their next login.”

    I love the concept, especially being able to centrally update an application and have the update apply to all users while not blowing out disk storage. My question is how effective this is over the long term: changes to the master workspace must be stored in a per user workspace, which over time will continue to grow – after two years how big has an average user workspace become? Are there any means to control this organic growth? User profile management will become “user personalisation management” encompassing not only the user profile, but user installed applications and user data as well.
    This is a big feather in Citrix’s cap and will certainly add value to their product suite. Will we now see VMware making an acquisition to play catch up? Based on recent twitter activity is seems that Unidesk is the most like target.
    Now when as a Citrix Partner will I be able to get my hands on vDesk??

Subscribe to our Newsletter



Please leave this field empty.