Category Archives: Citrix

Local Policy Session Printing With CVADS

Local Policy Session Printing With CVADS

Recently on site I came across my first requirement for a Citrix Session Printer Policy when migrating from an on-premises 7.15 Site to CVADS.

At first I simply tried copying the policy in to the Cloud Studio but when I came to select the printer it was unable to connect. The first step was to eliminate firewall rules as usual so I got the SMB ports opened between the Cloud Connectors and the Print Servers but this didn’t resolve the issue.

Luckily I was working with Citrix at the time and so a quick check through Slack turned up Citrix Article https://support.citrix.com/article/CTX220345 which says “Because limitation of Citrix Cloud and Connector, in certain scenarios, communication with some of the on premises components, there is a need for some customers to manage the Citrix polices locally”.

The article itself was straightforward enough and geared towards using an Active Directory Group Policy which was duly created but still failed to apply. Closer inspection showed that because the customer uses AppSense for user personalisation they didn’t have the “user group policy loopback processing mode” enabled.

Continue reading Local Policy Session Printing With CVADS

Citrix Depreciate On-Premises Cloud Support

Citrix Depreciate On-Premises Cloud Support

With the release of the latest Current Release (CR) of Virtual Apps and Desktops (CVAD) version 2003 Citrix has announced that they have deprecated on-premises support for VDA workloads hosted on the following Clouds:

  • Amazon Web Services (AWS)
  • Microsoft Azure
  • Cloud Platform
Continue reading Citrix Depreciate On-Premises Cloud Support

Citrix – Making CentOS Look Like Windows 10

Citrix – Making CentOS Look Like Windows 10

As part of my testing with the CVAD 1912 Linux VDA I came across the B00merang desktop themes which makes a Linux desktop look like Windows 10. I decided to explore whether the theme could be applied to Citrix sessions and after to some googling, got it up and running .

Continue reading Citrix – Making CentOS Look Like Windows 10

Citrix – Learning About The Linux VDA

Citrix – Learning About The Linux VDA

As part of taking the new Citrix Virtual Apps and Desktops (CVAD) LTSR release out for a spin, today I decided to look at the Linux VDA again.  It’s been a while since I tried it as my previous attempts weren’t successful but today I figured was the day to try again !

Many years ago I worked on a Citrix install for a school in Hull which used XenApp on Sun Solaris to provide Open Office to their students at home for doing their homework.  At the time I was greatly impressed but after putting a XenApp server on Solaris in for one of the previous companies I worked for, I haven’t seen anything *nix related since.

Continue reading Citrix – Learning About The Linux VDA

Citrix ADC Vulnerability CVE-2019-19781

Citrix ADC Vulnerability CVE-2019-19781

Last Wednesday I got an update email from the Citrix Heroes community ran by DJ Eshelman about a new vulnerability which has been found with Citrix ADC appliances.  Fortunately my home lab hasn’t been powered up much this past few weeks but today I decided to apply the mitigation steps to my VPX in case.

Continue reading Citrix ADC Vulnerability CVE-2019-19781

SMS2 4 – Configuring Citrix NetScaler Radius Load Balancing

SMS2 4 – Configuring Citrix NetScaler Radius Load Balancing

This section of the documentation provides the steps necessary to configure Radius Load Balancing on a Citrix NetScaler HA Pair.

As with most configurations of a NetScaler HA Pair, the configuration is only performed on the Primary Node of the pair and then replicated automatically to the Secondary Node.

Configuring Raidus Load Balancing on a Citrix NetScaler consists of the following steps which will be explained in further detail in this section :-

  1. Creating a Radius Load Balancing Monitor
  2. Creating the Radius Server Servicies
  3. Creating a Radius Load Balancing vServer
  4. Creating a Radius Authentication Server and Profile
  5. Applying the Radius Profile to the Access Gateway vServer
  6. Saving the new configuration

Creating a Radius Load Balancing Monitor

The first part of the configuration is to create a Radius Load Balancing Monitor on the NetScaler by performing the following steps :-

  • Logon to the Primary Node NetScaler Web Gui as an AdministrativeAccount
  • Expand the Load Balancing branch in the Left Hand pane
  • Click on the Monitors branch under Load Balancing and then click on the Add button
  • When prompted enter a Name for the new Monitor
  • Click on the Special Parameters tab and set the User Name to anAccount on the Active Directory Domain.

For the configuration of this test environment I used the Service Account created for the SMS2 installation

  • Set the Password to the Password of the Active Directory Account choosen
  • Set the Radius Key to the Shared Secret Key set up on the Radius Servers

N.B. In order for this to work correctly both Radius Servers must be using expecting the same Shared Secret key

  • Under the Response Codes section click on Add, select 3-Access-Reject from the list, and then click on Add
  • Click on OK to create the new Radius Load Balancing Monitor

Creating the Radius Server Services

The next part of the configuration is to create the Radius Server Load Balancing Services for the two Radius Servers by performing the following steps :-

  • If necessary, Expand the Load Balancing branch in the Left Hand pane
  • Click on the Services branch under Load Balancing and then click on the Add button
  • When prompted enter a Service Name for the new Service
  • Set the Server to the IP Address of the Radius Server
  • Set the Protocol to RADIUS and the Port to 1812
  • Select the newly created Radius Monitor the list of Available Monitors and click on Add to apply it to the Service
  • Click on OK to create the new Radius Server Service

Perform the steps above to configure a Radius Server Service for the second Radius Server

Creating A Radius Load Balancing vServer

The next part of the configuraiton is to create the Radius Load Balancing vServer by performing the following steps :-

  • If necessary, Expand the Load Balancing branch in the Left Hand pane
  • Click on the Virtual Servers branch under Load Balancing and then click on the Add button
  • When prompted enter a Name for the new Virtual Server
  • Set the Protocol to RADIUS and the Port to 1812
  • Set the IP Address to the address required for the new Virtual Server
  • In the Services Section select both the newly created Radius Services created in the previous section
  • Click on the Method and Persistence tab
  • Under the LB Method section change the Method to Token

o    In the Rule box enter CLIENT.UDP.RADIUS.USERNAME

  • Under the Persistence section change the Persistence to RULE

o    Confirm that the Rule shown is CLIENT.UDP.RADIUS.USERNAME as set for the LB Method Rule

  • Click on Create to create the new Radius Load Balancing vServer

Creating a Radius Authentication Server and Profile

The next part of the configuraiton is to create the Radius Authenication Server and Profile by performing the following steps :-

  • Expand the Access Gateway branch in the Left Hand pane
  • Expand the Policies branch and then the Authentication branch
  • Click on the Radius branch and then click on the Servers tab
  • Click on the Add button and when prompted enter a Name for theAuthentication Server
  • Set the IP Address to the IP Address of the Radius Load Balancing vServer created in the previous section
  • If necessary, set the Port to 1812
  • Enter the Radius Shared Secret configured for the NetScaler in both the Secret Key and Confirm Secret Key settings
  • Click on Create to create the new Radius Authentication Server
  • Click on the Policies Tab and then click on the Add button
  • When prompted enter a Name for the new Radius Authentication Policy
  • Select the Radius Server created in the previous steps as the Server
  • Set the Expression to ns_true
  • Click on Create to create the new Radius Authentication Policy

Applying the Radius Authentication Profile to the Access Gateway vServer

The next part of the configuration is to apply the newly created Radius Authentication Policy to the Access Gateway vServer by performing the following steps :-

  • If necessary, Expand the Access Gateway branch in the Left Hand pane
  • Click on the Virtual Server branch and then open the Virtual Serveryou wish to apply Radius Authentication to
  • Click on the Authentication Tab and then under the Authentication Policies section click on Secondary
  • Click on the Insert Policy button and select the Radius Profile created in the previous section
  • Click on OK to apply the changes

Saving the configuration

The last part of the configuration is to save the new configuration on the NetScaler by performing the following steps :-

  • Click on the Save button and when prompted “Do you want to save the running configuration?” click on Yes
  • Once the configuration is saved and you are prompted “Configuration Saved Successfully” click on OK

XenApp – Deploying IE9 Flash Redirection Registry Fix In A Group Policy

XenApp – Deploying IE9 Flash Redirection Registry Fix In A Group Policy

Introduction

This article provides the steps required to deploy the Internet Explorer 9 Registry Fix for Flash Redirection using Group Policy Preferences.

High Level Steps

The process of deploying the Firefox Customisations consists of the following steps :-

  1. Creating a new Group Policy
  2. Adding the Registry Preferences to the new Group Policy
  3. Setting the GPO Status as a Computer Settings only Group Policy
  4. Linking the Group Policy to the Active Directory Organisational Unit

Creating A New Group Policy

To create a new Computer Settings Group Policy perform the following steps :-

  • Logon to a Windows 2008 R2 Server with the Group Policy Management Console Feature installed
  • Open the Group Policfy Management Console
  • If necessary expand the Forest and Domain you wish to create the new Group Policy in
  • Right click on the Group Policy Objects branch in the left hand pane and select New
  • When prompted name the new Group Policy and click on OK (We will be using Computer-XenApp-IE9-Flash-Fix-Policy as a name for the purposes of this article)

Adding The Registry Preferences To The New Group Policy

To add the Registry Preferences for the IE9 Flash Redirection fix to the new Group Policy perform the following steps :-

  • Right click on the Computer-XenApp-IE9-Flash-Fix-Policy and select Edit
  • The new Group Policy will be opened in the Group Policy Editor
  • Under Computer SettingsExpand the Preferences branch in the left hand pane and then Windows Settings branch
  • Right click on Registry, select New, and then Registry Item
  • For the Action select Replace
  • Under Hive Enter HKEY_LOCAL_MACHINE
  • Under Key path enter SOFTWARE\Wow6432Node\Citrix\HdxMediaStreamForFlash\Server\PseudoServer
  • For the Value name enter IE9BrowserMaximumMajorVersion
  • Set the Value type to REG_DWORD
  • Set the Value data to 9
  • Click on OK to add the new registry preference
  • Once the Registry Item has been added close the Group Policy Editor

Setting The GPO Status As A Computer Settings Only Group Policy

To set the GPO Status as a Computer Settings only Group Policy perform the following steps :-

  • Highlight the Computer-Firefox-Customisations-Policy
  • In the Right Hand Pane click on the Details Tab
  • Change the GPO Status drop down box to User configuration settings disabled

Linking The Group Policy To The Active Directory Organisational Unit

The final part of the process is to link the new Group Policy to the Organisational Unit in Active Directory where you wish to deploy the Firefox Customisations.  To link the Group Policy to the Organisational Unit perform the following steps :-

  • In the Left Hand Pane of the Group Policy Management Console navigate to the Organisational Unit you wish to deploy the settings to
  • Right Click on the Organisational Unit and select Link an existing GPO…
  • Scroll through the List of Group Policies, highlight the Computer-XenApp-IE9-Flash-Fix-Policy and then click on OK

Desktop Director – Speed Up Logon

Desktop Director – Speed Up Logon

Introduction

One of the most common causes of slow logon to a Desktop Director web site is due to an Active Directory Domain Name resolution problem which can be resolved easily.

This article provides details of how to speed up logon to XenDesktop Desktop Director by resolving the Active Directory Domain Name resolution problem.

Modifying The Desktop Director Web Site

To resolve the Active Directory Domain Name resolution problem perform the following steps :-

  • Open the Internet Information Services (IIS) Manager Console
  • Expand the Server nameSites, and Default Web Site branches in the left hand pane
  • Highlight the DesktopDirector site and then open the Application Settings
  • Locate the and Edit the Connector.ActiveDirectory.Domains setting
  • Change the Value from “(user),(server)” to the NetBIOS Domain Name of your Domain
  • Click on OK

Restart The World Wide Web Publishing Service

To ensure the change is taken restart the World Wide Web Publishing Service.

Desktop Director – Pre-populating The Domain Name Field

Desktop Director – Pre-populating The Domain Name Field

Introduction

This article provides details of how to pre-populate the Domain Name field on the Desktop Director log on page.

Editing The LogOn.aspx File

The first step of pre-populating the Domain Name field on the Desktop Director log on page is to edit the Logon.aspx page.

To edit the Logon.aspx file perform the following steps :-

  • In Windows Explorer navigate to the following folder :-

C:\Inetpub\wwwroot\DesktopDirector

  • Edit the file Logon.aspx and search for the line shown below :-

<asp:TextBox ID=”Domain” runat=”server” CssClass=”text-box”></asp:TextBox>

  • Modify the line and add in Text=”Your NetBIOS Domain Name” where shown below :-

<asp:TextBox ID=”Domain” runat=”server” Text=”NetBIOS Domain Name” CssClass=”text-box”></asp:TextBox>

E.G. <asp:TextBox ID=”Domain” runat=”server” Text=”example”CssClass=”text-box”></asp:TextBox> if your NetBIOS Domain Namewas example

  • Save and close the file

Restart The World Wide Web Publishing Service

The next step is to restart the World Wide Web Publishing Servicethrough the Services.msc

Confirm The Modification

Once the World Wide Web Publishing Service has been restarted navigate to the Desktop Director logon page and confirm that the Domain filed is now pre-populated with your NetBIOS Domain Name.

WI 5.3.0 – Site Creation Error: There is already a Site at this path within the IIS site

WI 5.3.0 – Site Creation Error: There is already a Site at this path within the IIS site

The above error may be caused if the Web Interface site was deleted from within IIS rather than in the Web Interface Management Console.

Windows 2003 IIS Servers

The resolution for this issue can be found in the Citrix Knowledge Base Article CTX108619

Windows 2008 R2 64-Bit IIS Servers

To resolve the error on a Windows 2008 IIS server perform the following steps :-

  • Open the Registry on the IIS Server
  • Navigate to the key shown below :-

HKLM\Software\Wow6432Node\Citrix\Web Interface\5.3.0\Sites\1

  • Expand the key above and delete the key shown below :-

/Citrix/XenApp

N.B. This is instructions for the Default Web Site and Default Site Name For Web Interface 5.3.0