Anwendungsvirtualisierung, Internet der Dinge und Cloud Computing, Blog von Sacha Thomet

StoreFront

StoreFront – Erneut einloggen ohne schliessen des Browsers

Mit Citrix StoreFront ist es möglich sich per Smart Card an dem Web Receiver anzumelden, jedoch ist es ein Sicherheitsfeature dass man nach dem Abmelden von der StoreFront Webseite der Browser geschlossen werden muss.
Ärgerlich für Leute, zum Beispiel Admins, die sich mit verschiedenen Konten an und abmelden wollen. Noch mehr ärgerlich wenn man viele Tab’s im Browser offen hat die man nicht schliessen möchte.

Nach der Abmeldung vom StoreFront sieht man diese Meldung:

You have logged off successfully. Please close your browser to protect your account. Sie haben sich erfolgreich abgemeldet. Schliessen Sie den Browser, um Ihr Konto zu schützen.

Sie haben sich erfolgreich abgemeldet. Schliessen Sie den Browser, um Ihr Konto zu schützen.

Wie die Meldung sagt handelt es sich um eine Sicherheitsfunktion und nicht um eine Fehler… Aber nicht in jedem Fall ist ein wieder anmelden ein Sicherheitsproblem. Beispielsweise wenn Smart Cards zwingend auch zum anmelden an der VDI nötig sind, ist ein wieder anmelden an der Webseite durchaus unproblematisch.

Im Rahmen des CTP Programms habe ich angefragt diese Funktion zu verbessern und dem StoreFront Administrator die Möglichkeit zu geben diese Funktion zu deaktivieren. Mein Wunsch wurde erhört und mit StoreFront 3.8 wurde das das Feature implementiert, jedoch vorerst nur “unter der Haube” und ohne ein Punkt im GUI.

Feng Huang, Principal Software Architect bei Citrix und Verantwortlich für StoreFront hat mir nun die Information gegeben wie es konfiguriert wird. Diese Info darf ich nun auch hier publizieren:

Alles was gemacht werden muss, ist die Zeile  CTXS.allowReloginWithoutBrowserClose = true in die Datei  C:\inetpub\wwwroot\Citrix\YOURSTORE\custom\script.js einzufügen.

DANKE Citrix das ihr auf uns hört und spezielle Wünsche umsetzt.

Leerzeichen und Punkte in StoreFront 3.5 Farmnamen vermeiden!

In den vergangenen Tagen habe ich meine bestehende StoreFront 3.01 nach StoreFront 3.5 aktualisiert, in einigen Umgebungen hatte ich dann eine böse Überraschung. Es sah eigentlich so aus als wäre alles gut und würde alles laufen, aber dann bekam ich die Meldung dass die Benutzer keine Anwendungen oder Desktops mehr starten könnten.

Auf dem StoreFront Server sah ich einen Warning Event von Citrix Store Service “ Failed to launch the resource “Farm Name.ApplicationName” as it was not found.

SF35_blanks_error-event28

Die Ursache für den Fehler war ein Leerzeichen und ein Punkt in meinem Farmnamen, sieht aus als wäre das ein Bug in StoreFront 3.5, man kann etwas konfigurieren dass dann nicht funktioniert!

SF35_blanks_error-config

Nachdem ich den Namen auf xa65farm geändert hatte, lief alles wieder glatt.

Citrix X1 Prototype Mouse – hands-on

On Citrix Summit in Las Vegas back in January 2015 Citrix presented the X1 Prototype Mouse. This mouse is not just another mouse with a Citrix logo on it. It’s a mouse that works in Citrix Receiver with iOS-Devices! Yes it’s the truth, normal bluetooth mice doesn’t work with the Citrix receiver on iPad.

Even when I was not on Citrix Summit, with the social media channels I was pretty fast to get that Info and I was the 7th on the order form to request this cool gadget for a described use case.  I want to demonstrate this in my company because we are currently in a VDI initiative project with up to 2000 VDIs.

Today almost 4 months later I received my Citrix X1 Prototype Mouse and can start test and maybe show off in my company 🙂 To be honest, the design don’t give me the chance to show off …

Mouse MouseBottom
The X1 Mouse appears in a nasty 80ties style, the power switch on the bottom has three possible positions, up- and down for ON and OFF in the middle.

Connect the mouse to the iPhone? Really? 4,7 inch ? 

Not only the iPad is the only use case for the mouse, remember 2010 the Vision of the Nirvana Device and the Motorola NirvanaPhone . With the new version of the Citrix Receiver for iOS you can connect a Screen on your iPhone, a Bluetooth Keyboard, that mouse and you can work with the iPhone as “Thin Client” on you television connected with Airplay or on your 24″ Office Screen connected with a Lightning VGA adapter.

I made some quick hands-on test:

I’ve used the following infrastructure to test:

  • XenDesktop 5  on Windows 7 x64, Citrix Webinterface behind Netscaler Gateway.
  • XenDesktop 7.6 on Windows 7 x64, Citrix Webinterface behind Netscaler Gateway.
  • XenApp 7.6 Desktop on Windows 2008 R2, Citrix StoreFront 2.6 behind Netscaler Gateway.

For all tests I used my Apple iPad mini with the R1 Receiver which is mandatory necessary to use the X1 Prototype Mouse. I didn’t install anything special on XenDesktop or XenApp.

11210509_10205552449102835_7320258021443610820_n

iPad Mini, Belkin Keyboard, Citrix X1 Prototype Mouse

 

 

The next points where I mention what is ok and what needs improvement I will complement as soon as I have new points.

What works fine:

  • No issue to connect and use the mouse if you follow the instructions from Citrix.
  • I can use the X1 mouse inside my virtual desktop like a normal mouse, I can launch applications from start menu, change the active cells in MS Excel – most things I usually do with my mouse works.
  • I can configure in mouse pointer options a “mouse track” which also works fine.

What currently doesn’t work or need still improvement:

  • I tried to resize an Internet Explorer window and was irritated because the mouse pointer doesn’t change his  shape on the edge of the window to a “double-arrow”:
    mouseedge-expected

    Expected mouse pointer on window edge, with a classic mouse on my macbook

    mouseedge-UNexpected

    Unexpected mouse pointer on window edge, from iOS with the X1 Prototype mouse

     

  • Most mouse properties (Mouse speed, pointer scheme, etc.) has no effect.
  • I can see my mouse pointer in my R1 Receiver for iOS on the Webinterface but I cannot click anything. Possibly I need for this the X1 Web Receiver (StoreFront 2.7)  and not my legacy Webinterface …

 

Conclusion: For iOS the Citrix X1 Mouse can be a game changer, but to be honest that what is now possible with this mouse on iOS is already long time possible with an Android Tablet and a commercial of the shelf bluetooth mouse.

By the way, the X1 Mouse can also be used with other OS than iOS, so if you have an X1 Mouse but you decide that your iPad is to small to work you can use your “cool” mouse with a computer that supports Bluetooth 4.0 as a classic mouse.

 

Update 5.5.2015 06:10 GMT+1:

From now it’s possible to use the normal Recevier with the X1 mouse:

X1-Receiver-info X1-Receiver

Update 5.5.2015 22:20 GMT+1:

The final version of the X1 mouse will be launched on Citrix Synergy: http://blogs.citrix.com/2015/05/05/the-mouse-that-roared-for-business and what sounds exciting:
“…this is a unique Bluetooth Low Energy mouse (BTLE) with custom firmware that provides full-function mouse support to specific Citrix Mobile apps including Citrix Receiver, GoToMyPC, ShareConnect and WorkDesktop.”

“Cannot complete your request‘” on Netscaler Gateway VPX

In my lab environment I was using a Citrix Webinterface 5.x which was accessible  from Internet over a Access Gateway 5 VPX. Since Citrix Store Front is in a fairly usable release (> Version 2.x), I intended to update my lab environment to the current software releases and update my skills to Store Front and Netscaler Gateway VPX.

You can find a step by step Netscaler Gateway intro here http://blogs.citrix.com/2013/07/03/citrix-netscaler-gateway-10-1-118-7-quick-configuration-wizard
Also a very nice guide you can find here, this guide also contains information about how to configure StoreFront for Netscaler Gateway VPX: http://benjamin.eavey.com/2013/07/netscaler-vpx-as-secure-gateway-replacement

Cannot complete your request

After completion of the configuration I was not able to access the my environment from outside. The login to the Netscaler Gateway, the black window, was working fine, but as soon I hit the StoreFront I get this Error:

cannot-complete

Because StoreFront is working fine from internal, I assumed that’s not a completely wrong StoreFront configuration. After i had a look into the event viewer on the StoreFront server I can see that something is wrong here:

eventlog_error_callback

 

The crucial indication that’s a problem between the Store Front server and the the Netscaler Gateway in role of Authentication Callback Server I found here:

eventlog_error_callback_event3

when I browse to the address https://192.168.x.x/CitrixAuthService/AuthService.asmx you can see a certificate error, so I need to have here a FQDN that match to the installed certificate but I wont communicate outside, so first I’ve defined the internal IP as Callback URL:

general-settings

 

Now I’ve changed the Callback URL to the FQDN appropriate to the certificate:

general-settings-ok-with-fqdn

But because the DNS resolve this URL as the external IP which is not accessible over the necessary TCP ports, I was constrained to do a dirty hack … I have edited my host file :

hosts

 

Have a look into the StoreFront 2.x Subscription Database

Last days I had to deal with Citrix StoreFront 2.0 and found out that a numerous issues still exists and that some things are still not implemented to configure in the StoreFront MMC SnapIn.

Session timeouts and settings like enable or disable of features like workspace control still must be handled over the config-files. But this is all well documented the official documentation of Citrix.

But seems there is no possibility to have a look into the subscription database from Citrix Storefront which is now with version 2.0 in a proprietary non-MSSQL format. For this reason I created this small script (execute it on the StoreFront server):

#========================================================================
# Created on: 22.10.2013
# Created by: Sacha T. blog.sachathomet.ch
# Filename: GetSubscriptedStoreFrontApps.ps1
#========================================================================
#define some variables
#$domainname = "anotherDomain" # use that if your user is in another domain
$domainname = $env:userdomain
$storename = "StoreFront"      # Change this to your Store-Name
$subinfofile = "C:\temp\temp-subscriptions.csv"
Write-Host Query StoreFront apps in domain $domainname in Store $storename
$username = Read-Host "Please enter username to query"
#Add Module for Citrix StoreFront
Import-Module "C:\Program Files\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1"
#Change username to domain SID
$objUser = New-Object System.Security.Principal.NTAccount($domainname, $username)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
#delete old Subcriptionexportfile
Remove-Item $subinfofile -ErrorAction SilentlyContinue
#Create new Subcriptionexportfile
Export-DSStoreSubscriptions -StoreName $storename -FilePath $subinfofile
##Add a caption to the file, this is needed to process csv
$content = Get-Content $subinfofile
Set-Content $subinfofile sid.app
Add-Content $subinfofile $content
#Read all Lines in CSV from this User which are not unsubscribed
import-csv C:\Temp\temp-subscriptions.csv -delimiter "."| Where-Object {$_.sid -like "$strSID*" -and $_.app -notlike "*unsubscribed*"}| Format-Table -Property app
#wait to read the result - usefull if started from WindowsExplorer with "Run in PowerShell"
Write-Host "Press any key to continue …"
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

 

When I’ve created this script I found out that deleted apps wont be removed from the subscription database and as well users who leave the company will still have records in the database after they are deleted in the AD. So within the years, the subscription database will have a lot of orphan data in the database. Seems that an automated clean-up does not exists.

There is a way to delete the records, have a look to forum post of Duncan Gabriel Thread:

Delete user subscriptions?  http://forums.citrix.com/thread.jspa?threadID=334609

Display the server name on Citrix StoreFront 2.0 WebReceiver

In enterprise environments most admins have more than one Citrix Storefront Webserver and loadbalance them over a Netscaler,  F5 or something equivalent.If a user has a misbehaviour on the website it’s not always easy to find out on which Storefront Website this user is working. To simplify troubleshooting it can be helpful to know which web server  user is accessing.

To see this on the website just add the following lines to the bold written files:

C:\inetpub\wwwroot\Citrix\[Storenname]\contrib\custom.style.css

#SFserver {
 padding-right: 30px;
 padding-bottom: 20px;
 float: right;
 color: silver;
 }
C:\inetpub\wwwroot\Citrix\[Storenname]\contrib\custom.script.js
$(document).ready(function() {
 var $markup = $('
Storefront:  [Name of the Server e.g. StoreFront001]
'); $('#resources-footer').append($markup); });

 

StoreFront Website with Name in footer

 

This can also be done dynamic with JavaScript (System.Environment.machineName) but I had some troubles with formatting … and maybe you wont reveal the real hostname and just put an alias there to distinguish on which server the user is working.

Keep in mind that this file will be updated/overwritten in a multi server environment when you click on propagate changes.

 

By the way, if you need this for the legacy Citrix Webinterface visit:  http://techblog.deptive.co.nz/2012/03/display-server-name-on-citrix-web.html

Follow me on Twitter