Bloomberg Anywhere on Citrix XenApp 2 Comments

Long time I didn't tried to install a Bloomberg component on Citrix XenApp. I know there is not a lot of information and best practices about that on internet, I think it will be a useful blog for everyone looking for information about that. First things first, I wanted to automate the deployment on several XenApp servers so here are the instructions : Unattended Installation Run sotrtxxxx20xx.exe and go in the temp folder to get the "setup.blp" file, you can copy it in the same folder as your Bloomberg installation file is. Here is the content of the setup.blp file : As you can see, you can configure a lot of settings to realize a clean unattended installation, for my installation I just change the directory to Maindir = d:\blp and rename the setup.blp file to archynet.blp. Now you can proceed the installation by creating a batch file with a command line : The /perm extension is mandatory when installing Bloomberg Anywhere on XenApp, without that, I haven't been able to make it work properly. # Command line switch: /perm=<value> # Valid values: default [Permissions set for all user profiles] ie: sotrtMMDDYYYY.exe /s /perm=default #               path/file [Permissions set to all usernames in text file (separated by newline)] #               ie: sotrtMMDDYYYY.exe /s /perm=c:\users.txt The installation might take some time because the installer upgrade the Microsoft Framework .Net and then install Bloomberg Anywhere. Once the silent installation is done, we do need to test it. Tests and issues When I tested Bloomberg everything looked fine except the media and video part, the screen was blinking, flickering a lot and reseting mouse position to the center of the screen until the process was killed. I had the same issue with some of the button with the Bloomberg macro in Excel 2003 : The screen was flickering and blinking until the process bxlaui.exe was killed. These issue were clearly XenApp issue, to make sure I tried only with RDP protocol, and everything was fine without XenApp. Resolution Using this good old KB about Seamless Configuration settings http://support.citrix.com/article/CTX101644 I combine several parameters to obtain the value 0x87116 Registry Key: HKEY_LOCAL_MACHINE/System/CurrentControlSet/Control/Citrix/wfshell/TWI Value Name: SeamlessFlags Value Type: REG_DWORD Values: 0x87116 87116 is the number obtained by using : DISABLE CLIENT INFO SYNC EXCEPT WORKAREA : Use this flag to configure the server seamless engine to accept the client work area information (size of the desktop excluding the taskbar) but not…

Citrix License Server 11.10 installation hang 7 Comments

I had to update a Windows 2003 - Citrix License Server at one customer place and I wasn't ready for that... For the first time of my Citrix life I had to troubleshoot an upgrade process.... I have try to uninstall / install, update nothing allowed me to complete the installation of the Citrix License Server 11.10 on a Windows 2003 server... The installation was just stuck and never ended the installation process. So I had to understand why this installation was stuck, in the event log I had this message : "A provider, Citrix_GTLicensingProv, has been registered in the WMI namespace, Root\CitrixLicensing, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it doe not correctly impersonate user requests." Weird message and I'm not sure it's related to the installation issue I have so I chose to use the good old msiexec command line to enable verbose logfile of the installation process : And surprisingly I got useful information ! The installer wasn't able to process the creation of a service (sc.exe command) and I found this Microsoft Security Bulletin : MS09-012 The I downloaded the KB956572 and installed it on the License Server. Then the installation went fine... I lost half of a day trying to understand what was wrong... Resources : MS09-012 - Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) Security Update for Windows Server 2003 (KB956572) Citrix License Server 11.10 download Vulnerabilities in Windows Could Allow Elevation of Privilege (959454)

In a new mission, I had to learn a new environment based on Citrix XenDesktop 4, Provisioning Services 5.6 and vmware vSphere 4.1. This week, I had a weird issue, I didn't change anything, I just didn't understood why suddenly VMs stopped to be available, in fact VMs were available but for some reason, it was impossible for everyone to access it through the Web Interface. VMs were working well XenDesktop brokers were fine Web Interface was ok Citrix License Server was up and running with correct license vmware vSphere was ok as well, VMs were running without any problem on it On the Web Interface, the following message was display while trying to launch a XenDesktop virtual desktop : "xxxxx is currently unavailable. try reconnecting and, if the problem persists, contact your administrator." On the DDC, XenDesktop Desktop Delivery Controller, I found event logs with ID 1301, source : Citrix Desktop Delivery Controller, with the following description : "The delivery controller failed to broker a connection for user xxxxx to desktop group yyyyy. The delivery controller cannot find any available virtual desktops. Please add more virtual desktops to the desktops group. If the problem is due to existing virtual desktops not becoming available, refer to Citrix Knowledge Base article CTX117248 for further information." It look like a communication problem between XenDesktop DDCs and vmware Virtual Center, so I checked every component, DDCs, Virtual Center.... I found nothing really relevant. So the next step was to enable extended logs on the DDC side, after a short search on Citrix website I found how to do do with CTX117452. I got a lot of logs, but after one day scratching my head to try to understand why without changing anything I had such behavior, I just had bunch of logs but I was missing something... Here is a short part of the pool_log.log file : I also took a log in the virtual desktops pool properties to check if everything was alright... It wasn't :   All the VMs within the Citrix Delivery Service Console were disassociated with Active Directory and a message confirm I had communication problem between vmware Virtual Center and Citrix XenDesktop : "Virtual machines could not be retrieved from the hosting infrastructure" and then a pop-up saying : "Error occurred whilst validating the list of virtual desktops. For more information about each error, hover the mouse over…

Warning : For those who download Alcatraz before the 2nd of December 2010, please update it, same link. An issue around leaking desktop handles is affecting v0.9.0.31, when you update it you should have v0.9.0.32 Citrix announced the 29th of November 2010 a new project code name “Alcatraz“, part of the project “San Francisco” and can be combine with project “GoldenGate” (Check the end of this blog for the Citrix links about each project). The idea is simple, how to add a "lock" layer to all the published applications accessed by mobile users, how to improve "security" if a device is stolen, lost etc ? Citrix Labs try to give an answer with this new project and I think this idea is very well found. Without modifying your existing Citrix (XenApp, WebInterface, CAG etc..) architecture you can provide another authentication level before launching an application with a PIN Code request (bellow screen shot from my iPhone) To be clear, this is not a second factor authentication add-on / product for Access Gateway and Web Interface. This PIN code interface is load before the published application, once the user profile loaded. It look neat, but how does it work ? First you need to install Alcatraz msi on the XenApp servers you want to use for your tests, you can download msi packages here : https://www.citrix.com/English/SS/downloads/details.asp?downloadID=2305766&productID=186 (MyCitrix account is required) You will find one package for 32bit OS and another one for 64bit OS. All the binaries will be installed in “C:\Program Files (x86)\Citrix\Alcatraz” folder and you will find the following files: Then the only change you need to do is to amend or create published applications dedicated to mobile users using “C:\Program Files\Citrix\Alcatraz\Alcatraz.exe” /a “command line of published application” for the 32bit XenApp servers or “C:\Program Files (x86)\Citrix\Alcatraz\Alcatraz.exe” /a “command line of published application” for the 64bit XenApp servers. In the registry, you can find a part in HKLM\Software\Citrix\Alcatraz for 32bit servers and in HKLM\Software\WOW6432Node\Citrix\Alcatraz for 64bit servers and all the settings are explained on the project page here : http://community.citrix.com/display/xa/Getting+Started+with+Project+Alcatraz ChallengeInterval – This setting is disabled by default (set to 0). This setting will force the user to enter their pass-code after a period of time (in seconds) even if the user is interacting with the published application. (Default: Disabled) InactivityTimeout – This is the amount of time (in seconds) that a user has not interacted with their published…

Provisioning XenApp 6 Servers is very easy and make everything very simple but using third party Citrix products like EdgeSight or Power and Capacity Management can be tricky in order to make it work properly with provisioned services. The last issue I had was with Power and Capacity Management but before explaining everything, a quick remind : Citrix XenApp Power and Capacity Management can help reduce power consumption and manage XenApp server capacity by dynamically scaling up or scaling down the number of online XenApp servers. Consolidating sessions onto fewer online servers improves server utilization, while providing sufficient capacity to handle load while minimizing unnecessary power consumption. As users log on to the system and reduce the idle capacity (how much capacity is available for additional sessions), other servers in the workload are powered up. As users log off and idle capacity increases, idle servers are shut down. This helps optimize capacity for XenApp workloads. When installing PCM on the PVS master virtual machine to update the vDisk, everything ran smoothly, no problem at at, service was set to automatic. The service name is "Citrix XenApp Power and Capacity Management Agent" (PCMAgent) and have dependency toward "Citrix Independent Management Architecture (IMA)" and "Remote Procedure Call (RPC)". I assumed the service will wait XenApp is done launching IMA Service and then PCM Service would be able to launch. That was an error, I suppose XenAppPrepTool was taking too much time to launch IMA Service and a timeout occur for PCMAgent Service so the service was in auto but an error showed up in system event logs : Solution ? I choose the simple way, first try was to try to delay the PCMAgent service to wait for IMA Service startup. To do so, just switch from Automatic to Automatic (Delayed Start) in the service properties / Startup type : As I use a login script for the XenApp servers, a very good example can be find here : http://jariangibson.com/2010/03/17/using-edgesight-with-provisioned-xenapp-servers/ I just add a line to start the PCMAgent service : If you want to script the service startup type, you can inject registry using this value : in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PCMAgent Then, update your vhd image and boot your provisoned XenApp servers, they should appear in PCM console. Sources: http://support.citrix.com/proddocs/topic/xenapp6-w2k8/ps-power-capacity-mgt-wrapper-v1.html http://jariangibson.com/2010/03/17/using-edgesight-with-provisioned-xenapp-servers/

At one of my customer place, we need to publish mstsc.exe (RDP Client) through XenApp 4.5 on Windows 2008 x64. Users complained about a weird keyboard behaviour. While typing in their session, users stated using shift for the first letter, the second letter was upper case as well. I'va made a quick video to show you this issue, you can watch it bellow :   On the Citrix Web Interface, one ICA file is used as a template for ICA file creation, default.ica. I edited this file to check what was in : In the WFClient (section bellow) I found the line KeyboardTimer=50 which mean at the end of the specified time period the keyboard data are sent to the server. I didn't wanted to modify this value without beeing able to test it before, so I right clicked on the published Remote Desktop icon to download the launch.ica file (generated with the defgault.ica and the 50ms value) saved it and the edited it changing the keyboardTimer value to 25 then 15 then 10 and finnaly 5. I had the issue until the last value 5ms tested. Now I need to make some more test to check if the bandwith consumed is really highter compare with the 50ms default value. I will update this post with the statistics result (Edgesight) Update : 1st July 2010 I've used Citrix Edgesight to check what's going on while I run some test toward ICA Session Traffic and ICA Session I/O. To run this test I created a script which open notepad and type a text (about 30/40 lines) so the same text input will be use for all the tested values. I made this test with KeyboardTimer=50 (default), KeyboardTimer=25 and KeyboardTimer=5 and here are the results :   I did blank the "non needed" data to avoid confusion and as you might notice, there is not a huge difference between these different values. I decided to commit the change for wan users and I will check in deeper statistics will real usage on weeks/month, before/after the change. I wanted to blog this issue because this is an annoying one and you might search a long time around the mstsc configuration, registry tips and tunning before finding out this was the KeyboardTimer value in the default.ica file on the Citrix WebInterface. You can also add the line KeyboardTimer=## (your value) to your WFCLIENT.INI file in your…

Today my need was very simple, I needed to build a script to collect logs in application event log on many XenApp servers. The goal with the following script it to use MFCom to get the target XenApp server list and export everything from the last 7 days and a specific keyword to an Excel file. This is very far to be perfect but it works and it did the job I needed :) Let's share ! At the end I added a function to send this Excel file by email so I can schedule this check and genrerate this report.

This is the second part, here is the link to the first part : Citrix XenApp – Hiding system drives part 1/2 If you read the first part, now you know how to apply the Microsoft Windows 2003/2008/R2 GPO to hide A,B,C or/and D drives. But what's happening if you have a E: drive or O: ? You cannot use this GPO anymore, you need to create your own. This is simple to understand how it works, just read what's follow. By default the Hide Drives part in the system.adm file look like this : Then if I explain you this policy displays only specified drives on the client computer. The registry key that this policy affects uses a decimal number that corresponds to a 26-bit binary string, with each bit representing a drive letter: I choose an example where I want to hide A,B,C,D and E drives : Then convert to decimal. This binary string converts to 31 in decimal. Add this line to the [strings] section in the new HideDrives.adm file: After add this entry in the ITEMLIST section above and save the HideDrives.adm file. So the whole ADM file must look like this : I think you're good with this one, just import this ADM file and activate it following the part 1. Links : Microsoft KB (thx to CTXBlog.fr) CLASS USER CATEGORY  !!HideDrives KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer POLICY !!HideDrives PART !!HideDrivesDropdown    DROPDOWNLIST NOSORT REQUIRED VALUENAME "NoDrives" ITEMLIST NAME !!ABOnly           VALUE NUMERIC    3 NAME !!COnly            VALUE NUMERIC    4 NAME !!DOnly            VALUE NUMERIC    8 NAME !!ABConly          VALUE NUMERIC    7 NAME !!ABCDOnly         VALUE NUMERIC    15 NAME !!HideABCDE        VALUE NUMERIC    31 NAME !!ALLDrives        VALUE NUMERIC    67108863 DEFAULT NAME !!RestNoDrives     VALUE NUMERIC    0 END ITEMLIST END PART END POLICY END CATEGORY;HideDrives [strings] Blank=" " ABCDOnly="Restrict A, B, C and D drives only" ABConly="Restrict A, B and C drives only" ABOnly="Restrict A and B drives only" ALLDrives="Restrict all drives" COnly="Restrict C drive only" DOnly="Restrict D drive only" HideABCDE="Restrict A,C,E,D and E drives only" HideDrives="Hide Drives" HideDrivesDropdown="Hide Drives Selection" MoveProfile="Move Profiles" MoveProfileDropdown="Move User Profile Location" MOVEPROFILETOD="Move Profile to D Drive" RestNoDrives="Restore Drives"

Hiding system drives C, D, floppy if there is still one and CDRom seems to be easy but I saw many many time at some customer's place administrator unable to complete this simple operation. The reason is in most of the case, the administrator doesn't really know how to manage GPO and what is difference between user and machine GPOs. First you need to know there is a built-in GPO in Microsoft Windows 2003 / 2008 / R2 with these settings ready to be set. To set it up, you need to create a new GPO or edit an existing one and find these two GPO bellow as follow : Most of the administrators I spoke with told me they've done that already, but it still doesn't work, they rebooted XenApp servers, Domain controller, everything they could reboot... But they forgot the essential... These GPO above are USER GPO and this GPO is place on the XenApp OU in the Active Directory where there is no user at all. The solution is very simple you need to activate the GPO loopback : This setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used. Then with a gpupdate /enforce this hiding drives GPO is working ! Finally ! In the second part of this blog I will explain how you can go further and hide drives with other letters than A,B,C or D.