By default when Desktop Viewer is enabled, it does not span on multiple screen. When it is maximizes, it only maximizes on one screen. To have it utilizes multiple screen, do:
Enable Desktop Viewer
Login to your StoreFront Server
Navigate to C:\inetpub\wwwroot\Citrix\<your store or receiver web>\
Edit web.config
Find showDesktopViewer="true" and make sure the value is true, not false
Enable Force Full Screen
Login to your StoreFront Server
Navigate to C:\inetpub\wwwroot\Citrix\<your store>\App_Data\
Edit default.ica
Find [Application]
Add DesktopViewer-ForceFullScreenStartup=true under that tag
Propagate your change across your Server Group
Showing posts with label Citrix. Show all posts
Showing posts with label Citrix. Show all posts
Saturday, September 26, 2015
Tuesday, September 15, 2015
NetScaler 10.1 Custom Theme
Custom theme for NetScaler is a quick win to maximum appearance on the Access Gateway login page. With custom theme, the changes you made will persist on NetScaler reboot.
To edit/create a new theme, using winscp or filezilla connect to NetScaler and take a backup of:
/netscaler/ns_gui
on your local backup copy, start making changes:
put your pictures in /media
put your css changes in /css
put you html adjustment in index.html
put localised string in /resource/en.xml
Once the adjustment is done, upload the files back to /netscaler/ns_gui
To record the changes as a custom theme do the following:
mkdir /var/ns_gui_custom
cd /netscaler
tar -zcvf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*
this creates customtheme.tar.gz in the /var/ns_gui_custom folder
Now you can login to NetScaler, navigate to Global Settings and change the theme to custom
all done!
To make adjustment to this custom theme, you do:
edit /var/ns_gui_custom/ns_gui
rm /var/ns_gui_custom/customtheme.tar.gz
cd /var/ns_gui_custom
tar -zcvf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*
that's it
To edit/create a new theme, using winscp or filezilla connect to NetScaler and take a backup of:
/netscaler/ns_gui
on your local backup copy, start making changes:
put your pictures in /media
put your css changes in /css
put you html adjustment in index.html
put localised string in /resource/en.xml
Once the adjustment is done, upload the files back to /netscaler/ns_gui
To record the changes as a custom theme do the following:
mkdir /var/ns_gui_custom
cd /netscaler
tar -zcvf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*
this creates customtheme.tar.gz in the /var/ns_gui_custom folder
Now you can login to NetScaler, navigate to Global Settings and change the theme to custom
all done!
To make adjustment to this custom theme, you do:
edit /var/ns_gui_custom/ns_gui
rm /var/ns_gui_custom/customtheme.tar.gz
cd /var/ns_gui_custom
tar -zcvf /var/ns_gui_custom/customtheme.tar.gz ns_gui/*
that's it
Thursday, December 18, 2014
XenDesktop 7.5 Publish Application to Multiple Delivery Group
Recently I deployed XenApp/XenDesktop 7.5 environment with StoreFront 2.5. By default, using the GUI console, it only allows you to publish an application to a single Delivery Group.
If you have 4 servers and 2 delivery groups, and in each delivery group, 2 servers are registered, with this configuration in mind, you can only publish a particular application to a single delivery group, which equals to 2 servers only.
There was a requirement to be able to publish an application to all the 4 servers within 2 delivery groups. Apparently this is not possible using the GUI console.
However, using PowerShell you can !
You publish the application to the 1st delivery group using the GUI console, then you publish to the 2nd delivery group using the following
If you have 4 servers and 2 delivery groups, and in each delivery group, 2 servers are registered, with this configuration in mind, you can only publish a particular application to a single delivery group, which equals to 2 servers only.
There was a requirement to be able to publish an application to all the 4 servers within 2 delivery groups. Apparently this is not possible using the GUI console.
However, using PowerShell you can !
You publish the application to the 1st delivery group using the GUI console, then you publish to the 2nd delivery group using the following
Add-BrokerApplication -Name "My Published App" -DesktopGroup "Delivery Group 2"
Monday, December 15, 2014
Citrix XenApp 6.5 Cloning
Here are the steps I've followed successfully to clone a non Data Collector XenApp role without using PvS:
Find out about VMware Customisation
yes or no
Find out Data Collector
qfarm
Local Admin Password
find out the username/password for local admin of the cloned machine
Shutdown XenApp Server
shutdown
Backup
Take a snapshot of all XenApp Servers
SQL database
Start the XenApp Server
start
XenApp Role Manager
Start XA Role Manager
Edit Configuration
Prepare this server for imaging and provisioning
Do NOT remove this server from the farm
Apply
Change IMA to Manual
(if) there is NO VMware customisation Wizard
Run sysprep here (or not if want to use as a VMware template later)
Shutdown XenApp Server
shutdown
Clone
Clone use vShpere Clone
- customize (if sysprep has not been done)
- no customize (if want to convert this as a template)
After finish cloning, convert the cloned VM to a template
Deploy
Deploy VM from Template and Customize
Make sure it does not have network connected
Remove from Domain
Let it reboot once
Join to Domain
Connect the network
Join the deployed VM to the domain
Reboot
Start IMA
Start IMA
Check Server Join to farm
Change IMA to automatic
Change the original master server IMA to automatic
Wednesday, November 12, 2014
Citrix PS or XenApp Data Store Move - Domain Service Account
To move Citrix SQL data store from one server to another and using domain service account rather than SQL built-in account, follow the process below
Trusted_Connection=Yes
DATABASE=SQL-SERVER-DATABASE-NAME
WSID=CITRIX-SERVER-NAME
SERVER=SQL-SERVER-NAME[\INSTANCE]
- Stop IMA services from all Citrix servers
- Backup the database from the source SQL server
- Restore the database to the destination SQL server
- Add the domain service account to the SQL server and assign dbo rights to the database that just been restored
- Edit the MF20.DSN file on each Citrix Server and make sure the following value exist
Trusted_Connection=Yes
DATABASE=SQL-SERVER-DATABASE-NAME
WSID=CITRIX-SERVER-NAME
SERVER=SQL-SERVER-NAME[\INSTANCE]
- Save the MF20.DSN file
- Run the following command
dsmaint config /user:DOMAIN\USERNAME /pwd:PASSWORD /dsn:"FULL-PATH-TO-MF20.DSN FILE"
Note: /dsn: requires double quote ""
Then run this:
dsmaint recreatelhc
Then Start the IMA Service
Note: /dsn: requires double quote ""
Then run this:
dsmaint recreatelhc
Then Start the IMA Service
Tuesday, December 31, 2013
NetScaler Blank Screen with Internet Explorer 9+
If you customized your NetScaler theme and when trying to login to its Access Gateway or VPN using Internet Explorer 10 or 11, you might get a blank screen instead of a login screen.
To fix this issue, you can tell your users to run their IE on compatibility mode or you need to edit the index.html file located on your theme folder
I am using the Symphony1 theme, so my index.html file location is on
/var/vpn/themes/Symphony1/ns_gui/vpn/index.html
Edit the file using vi and add the following line:
<META http-equiv="X-UA-Compatible" content="IE=EmulateIE9" />
right after <link
Save the file and try again :)
To fix this issue, you can tell your users to run their IE on compatibility mode or you need to edit the index.html file located on your theme folder
I am using the Symphony1 theme, so my index.html file location is on
/var/vpn/themes/Symphony1/ns_gui/vpn/index.html
Edit the file using vi and add the following line:
<META http-equiv="X-UA-Compatible" content="IE=EmulateIE9" />
right after <link
 |
| Location of <META> Tag |
Save the file and try again :)
Thursday, April 04, 2013
Citrix StoreFront Authentication Check URL
Use the following URL to check the Authentication Method being used by a user:
https://storefront.domain.tld/Citrix/Authentication/Integrated/test.aspx
https://storefront.domain.tld/Citrix/Authentication/Integrated/test.aspx
Thursday, April 12, 2012
NetScaler MAC Based Forwarding
In the situation where you have deployed your NetScaler with 2 NICs, one connected to the DMZ network and the other one is connected to your Internal network, depending on your configuration, you might need to enable the MAC Based Forwarding on NetScaler
You probably assign the NSIP on your Internal Network, MIP on your Intenal Network, SNIP and VIPs on your DMZ Network (for example for publishing CAG/SSL VPN). You then trying to access your NetScaler services from your Internal Network. This means your traffic from the Internal network goes to your default gateway (e.g. the firewall) which then forwarded to the VIP on DMZ Network. NetScaler then accept the traffic, however, the returning traffic will not going back to through the firewall (e.g. NetScaler default gateway), it will be going to the other NetScaler's NIC that connects to Internal network. This will create asymmetric routing, and most router/firewall will drop the packets.
To avoid this, usually enabling the MAC Based Forwarding (MBF) will fix this.
The following is the definition of MBF:
With MAC-based forwarding (MBF) enabled, when a request reaches the NetScaler appliance, the appliance remembers the source MAC address of the frame and uses it as the destination MAC address for the resulting replies. MAC-based forwarding can be used to avoid multiple-route/ARP lookups and to avoid asymmetrical packet flows. MAC-based forwarding may be required when the NetScaler is connected to multiple stateful devices, such as VPNs or firewalls, because it ensures that the return traffic is sent to the same device that the initial traffic came from.
To enable it, from the NetScaler Console:
You probably assign the NSIP on your Internal Network, MIP on your Intenal Network, SNIP and VIPs on your DMZ Network (for example for publishing CAG/SSL VPN). You then trying to access your NetScaler services from your Internal Network. This means your traffic from the Internal network goes to your default gateway (e.g. the firewall) which then forwarded to the VIP on DMZ Network. NetScaler then accept the traffic, however, the returning traffic will not going back to through the firewall (e.g. NetScaler default gateway), it will be going to the other NetScaler's NIC that connects to Internal network. This will create asymmetric routing, and most router/firewall will drop the packets.
To avoid this, usually enabling the MAC Based Forwarding (MBF) will fix this.
The following is the definition of MBF:
With MAC-based forwarding (MBF) enabled, when a request reaches the NetScaler appliance, the appliance remembers the source MAC address of the frame and uses it as the destination MAC address for the resulting replies. MAC-based forwarding can be used to avoid multiple-route/ARP lookups and to avoid asymmetrical packet flows. MAC-based forwarding may be required when the NetScaler is connected to multiple stateful devices, such as VPNs or firewalls, because it ensures that the return traffic is sent to the same device that the initial traffic came from.
To enable it, from the NetScaler Console:
enable ns mode mbf
Wednesday, April 11, 2012
XenServer 6.0 Kill Dead VM
Sometime when you try to restart or shutdown the VM, its status get stuck with the yellow status on XenCenter.
To forcely kill that VM:
To forcely kill that VM:
- Login to the XenServer console where the VM is hosted
- Get the VM Dom ID
xe vm-list name-label={VM Name} params=dom-id
- Get the list of live domains and see if the Domain ID of your VM is listed there
list_domains
- If your Domain ID VM is there, run the killing script
/opt/xensource/debug/destroy_domain -domid <dom id>
- Do another list_domain to check the Dom ID is gone
- Reset the power state of that VM
xe vm-reset-powerstate vm={VM Name} force=true
- If that still does not work do
xe-toolstack-restart
Sunday, January 22, 2012
Passed Citrix XenServer 5.6 Exam
Yay! today I passed 1Y0-024 Citrix XenServer 5.6 Exam - 2 more to go to get the CCEE for Virtualization
Saturday, October 08, 2011
Tuesday, May 24, 2011
Citrix XenApp Management Console Bug
Citrix XenApp 5 or 4.5FP2 has got a bug - when you launch CMC and run the discovery, it does not find the XenApp farm, only the Web Interface module.
To fix it, run the following:
cd %CommonProgramFiles%\Citrix\*Present*
%windir%\microsoft.net\framework\v2.0.50727\regasm /codebase pse.core.dll
cd %CommonProgramFiles%\Citrix\*Framew*
CmiLaunch.exe
Run the discovery again and it should find it now
To fix it, run the following:
cd %CommonProgramFiles%\Citrix\*Present*
%windir%\microsoft.net\framework\v2.0.50727\regasm /codebase pse.core.dll
cd %CommonProgramFiles%\Citrix\*Framew*
CmiLaunch.exe
Run the discovery again and it should find it now
Thursday, December 23, 2010
Netscaler and Citrix Web Interface Setup
This guide assumes you have setup a basic Netscaler (e.g. DNS, NTP, IP) and Citrix Web Interface
Netscaler
Enable Access Gateway features
Access Gateway - Policies - Authentication - Servers (tab)
Add the domain controller
Access Gateway - Policies - Authentication - Policies (tab)
Add a new policy
Select the Server created earlier and add ns_true as expression
Access Gateway - Policies - Session - Profiles (tab)
Add a new profile
Change the Web Interface Address to your local web interface server path
Change the Single Sign-On Domain to your Active Directory domain
Access Gateway - Policies - Session - Policies (tab)
Add a new Policy
Add the ns_true expression
Change the Request Profile to the profile created earlier
Access Gateway - Virtual Servers
Add a new virtual server
Give an IP address
Select the SSL certificate (click here how to add SSL certificate to NetScaler)
Insert the policy created earlier
Add the URL to the STA
Citrix Web Interface
Create a new XenApp Web Sites
Authentication Point: At Access Gateway
Available Method: Explicit
Authentication Method:
Add the URL (https) that is publicly available for the user
Secure Access: Gateway Direct
Enter the publicly available URL to the address
Add the STA URL exactly the same with the STA servers you added to the Netscaler
Netscaler
Enable Access Gateway features
Access Gateway - Policies - Authentication - Servers (tab)
Add the domain controller
Access Gateway - Policies - Authentication - Policies (tab)
Add a new policy
Select the Server created earlier and add ns_true as expression
Access Gateway - Policies - Session - Profiles (tab)
Add a new profile
Change the Web Interface Address to your local web interface server path
Change the Single Sign-On Domain to your Active Directory domain
Access Gateway - Policies - Session - Policies (tab)
Add a new Policy
Add the ns_true expression
Change the Request Profile to the profile created earlier
Access Gateway - Virtual Servers
Add a new virtual server
Give an IP address
Select the SSL certificate (click here how to add SSL certificate to NetScaler)
Insert the policy created earlier
Add the URL to the STA
Citrix Web Interface
Create a new XenApp Web Sites
Authentication Point: At Access Gateway
Available Method: Explicit
Authentication Method:
Add the URL (https) that is publicly available for the user
Secure Access: Gateway Direct
Enter the publicly available URL to the address
Add the STA URL exactly the same with the STA servers you added to the Netscaler
Monday, September 20, 2010
Import SSL Certificate to Citrix Netscaler
I use the following method to import SSL Certificate to Citrix Netscaler:
- Find any Windows 2003 with IIS installed. Generate a CSR from this machine
- Submit this CSR to your CA to get the private key of it
- Import this private key to your IIS again
- Export the certificate both public and private keys as a pfx file
- Import this .pfx file to the Netscaler, it will generate a new file
- Open this new file, it should have 2 sections, public and private sections
- Create 2 new files, one for the public and one for the private section
- Upload these 2 new files to the Netscaler (you can delete the .pfx and the generated file from Netscaler if you want to)
- From Netscaler, add a new SSL certificate
- Give a name to the new Certificate
- Select the public certificate for the Certificate File Name
- Select the private certificate for the Private File Name
- You can use the SSL certificate now with CAG
Sunday, January 10, 2010
Citrix Xen Application DataStore Move
To move SQL database from the old server to the new server:
- Stop IMA service on all Citrix servers
- Take a full backup of the data store DB from the old server
- Restore the backup to the new SQL server
- Edit the MF20.DSN ODBC file on Zone data collector server
- Change the old server to the new server
- Run the following command
C:> dsmaint config /user:sql-username /pwd:sql-password /dsn:"C:\Program Files\Citrix\Independent Management Architecture\MF20.dsn"
C:> dsmaint recreatelhc
- Start the IMA service
- Do the same thing for the rest of the servers
Friday, September 04, 2009
Simple Trick - CAG SSL Certificate Installation
It is a very painfull process to install an SSL certificate to the Citrix Access Gateway appliance.
The easiest way is to generate the CSR from any IIS server, generate/purchase the SSL certificate using that CSR and install the signed certificate/public key to the IIS where the CSR was generated from.
Next is to export that certificate (including the private key) from IIS as PFX format
Next is to convert this PFX format certificate to PEM format using the tool (Google this: pfx2pem)
Install this PEM format certificate to CAG
The easiest way is to generate the CSR from any IIS server, generate/purchase the SSL certificate using that CSR and install the signed certificate/public key to the IIS where the CSR was generated from.
Next is to export that certificate (including the private key) from IIS as PFX format
Next is to convert this PFX format certificate to PEM format using the tool (Google this: pfx2pem)
Install this PEM format certificate to CAG
Saturday, February 28, 2009
Thursday, May 29, 2008
Citix Hanging at Mapping Client Drives
Quick tips [that works for me]:
If you are trying to login to a published application on Citrix and it was hanging on the "Mapping Client Drives" forever....
Go to the citrix server itself, try to restart the Citrix Print Manager service (or kill the cpsvc.exe process), restart the Print Spooler service and start the Citrix Print Manager again
If you are trying to login to a published application on Citrix and it was hanging on the "Mapping Client Drives" forever....
Go to the citrix server itself, try to restart the Citrix Print Manager service (or kill the cpsvc.exe process), restart the Print Spooler service and start the Citrix Print Manager again
Thursday, May 17, 2007
Citrix Conference 2007
Today is the Citrix day.
Darling Harbour was the place for Citrix Conference 2007!
Citrix has got a great range of solutions for Enterprise:
- Presentation Server
- Desktop Server
- Access Gateway
- WANScaler
- NetScaler
WANScaler rocks as well!! It optimizes traffic between main office and branch offices by caching and compressing the data and use token to simplify the traffic.
There is a new coming appliance product which is based on Citrix and Microsoft technology, not available yet now. They are saying this product can be used as a Domain Controller at branch office as well as the WANScaler!
Some notes from the session about upgrading to Presentation Server 4.5:
- Parallel Migration
- Build Presentation Server 4.5 Data Store
- Build License Server 4.5 (member server 4.5 does not work with earlier version of license server)
- Build new zone data collector
- Create a Web Interface Site 4.5 (using access management console -> create site)
- Add Server Farms
- Migrate Servers (install PS4.5 to the existing member server - note: maske sure the one that has data store installed is the last one to be migrated
- In-place Upgrade (insert the CD to the existing server and install)
- First to upgrade -> License Server
- Upgrade Farm Metric Server
- Upgrade Consoles
- Upgrade Web Interface 4.5
- Upgrade Zone data collector
- Upgrade Member Server
Some pictures:
