Application virtualization, IoT and Cloud Computing, Blog of Sacha Thomet

StoreFront

Fatal error during installation (1603) on StoreFront upgrade to 3.12

Today I’ve upgraded Citrix StoreFront Server from 3.9 to 3.12

as every time first I shut down all of the following services:

net stop W3SVC
net stop CitrixConfigurationReplication
net stop CitrixCredentialWallet
net stop CitrixDefaultDomainService
net stop “Citrix Subscriptions Store”
net stop “Citrix Peer Resolution Service”
net stop CitrixServiceMonitor
net stop CitrixTelemetryService

then I run CitrixStoreFront-x64.msi, reboot the server and after that I do that on the second node. Most time this goes pretty flawless.

But this time, my upgrade failed with an error:

CitrixStoreFront-x64.msi’ failed with error code 1603. Fatal error during installation”

I remember I had this already one time before, but what the hell was the solution … a short search with Google showed me:

https://discussions.citrix.com/topic/371535-storefront-upgrade-to-301-from-300-fails

Well I’m on StoreFront 3.9 and when I have a look into “C:\Program Files\Citrix\Receiver StoreFront\Services\ProtocolTransitionService\Citrix.DeliveryServices.ProtocolTransition.ServiceHost.exe.config” I see in some lines “Version=3.8.0.0” – but I have 3.9, so I replace all “Version=3.8.0.0” to “Version=3.9.0.0”

Result: StoreFront upgrade to 3.12 is successful – All’s well that ends well.

StoreFront – Allow relogin without browser close

Citrix StoreFront is able to handle Logins with SmartCards, and after a successful SmartCard Login you cannot Logoff and Login again before you close the Browser, you will see this message:

You have logged off successfully. Please close your browser to protect your account. Sie haben sich erfolgreich abgemeldet. Schliessen Sie den Browser, um Ihr Konto zu schützen.

You have logged off successfully. Please close your browser to protect your account.

According the message, this is a feature and not a bug … Not in every case a Re-Login is a security problem as for example if SmartCards are mandatory in general you need to logon also on the VDI or the application with your SmartCard.
Especially as an Admin working with multiple accounts it can be very annoying.

In scope of the CTP program I’ve asked Citrix to improve that and give Citrix admins the possibility to configure this security feature in future versions. Now when StoreFront 3.8 was released I complained that this is still not implemented.

Feng Huang then gave me the hint that this is actually configurable but not yet implemented into the GUI.

All what must be done is to add the line CTXS.allowReloginWithoutBrowserClose = true in the file C:\inetpub\wwwroot\Citrix\YOURSTORE\custom\script.js

THANKS Citrix for Listening to special requests!

Avoid blanks and dots in StoreFront 3.5 farm names!

Last day’s I upgraded my existing Storefront 3.01 to StoreFront 3.5 and in some farms I had a very bad issue after the upgrade, it seemed that all is ok but users are no more able to start any application or desktop.

On the StoreFront server I saw an Warning Event 28 from Citrix Store Service “ Failed to launch the resource “Farm Name.ApplicationName” as it was not found.

SF35_blanks_error-event28

The issue was that a blank and a dot (.) was in my Farmname, seems this is a bug in SF3.5 that you can configure that but It won’t work!

SF35_blanks_error-config

after I changed the display name to something like xa65farm without blank and point all works well.

Citrix X1 Prototype Mouse – hands-on

On Citrix Summit in Las Vegas back in January 2015 Citrix presented the X1 Prototype Mouse. This mouse is not just another mouse with a Citrix logo on it. It’s a mouse that works in Citrix Receiver with iOS-Devices! Yes it’s the truth, normal bluetooth mice doesn’t work with the Citrix receiver on iPad.

Even when I was not on Citrix Summit, with the social media channels I was pretty fast to get that Info and I was the 7th on the order form to request this cool gadget for a described use case.  I want to demonstrate this in my company because we are currently in a VDI initiative project with up to 2000 VDIs.

Today almost 4 months later I received my Citrix X1 Prototype Mouse and can start test and maybe show off in my company 🙂 To be honest, the design don’t give me the chance to show off …

Mouse MouseBottom
The X1 Mouse appears in a nasty 80ties style, the power switch on the bottom has three possible positions, up- and down for ON and OFF in the middle.

Connect the mouse to the iPhone? Really? 4,7 inch ? 

Not only the iPad is the only use case for the mouse, remember 2010 the Vision of the Nirvana Device and the Motorola NirvanaPhone . With the new version of the Citrix Receiver for iOS you can connect a Screen on your iPhone, a Bluetooth Keyboard, that mouse and you can work with the iPhone as “Thin Client” on you television connected with Airplay or on your 24″ Office Screen connected with a Lightning VGA adapter.

I made some quick hands-on test:

I’ve used the following infrastructure to test:

  • XenDesktop 5  on Windows 7 x64, Citrix Webinterface behind Netscaler Gateway.
  • XenDesktop 7.6 on Windows 7 x64, Citrix Webinterface behind Netscaler Gateway.
  • XenApp 7.6 Desktop on Windows 2008 R2, Citrix StoreFront 2.6 behind Netscaler Gateway.

For all tests I used my Apple iPad mini with the R1 Receiver which is mandatory necessary to use the X1 Prototype Mouse. I didn’t install anything special on XenDesktop or XenApp.

11210509_10205552449102835_7320258021443610820_n

iPad Mini, Belkin Keyboard, Citrix X1 Prototype Mouse

 

 

The next points where I mention what is ok and what needs improvement I will complement as soon as I have new points.

What works fine:

  • No issue to connect and use the mouse if you follow the instructions from Citrix.
  • I can use the X1 mouse inside my virtual desktop like a normal mouse, I can launch applications from start menu, change the active cells in MS Excel – most things I usually do with my mouse works.
  • I can configure in mouse pointer options a “mouse track” which also works fine.

What currently doesn’t work or need still improvement:

  • I tried to resize an Internet Explorer window and was irritated because the mouse pointer doesn’t change his  shape on the edge of the window to a “double-arrow”:
    mouseedge-expected

    Expected mouse pointer on window edge, with a classic mouse on my macbook

    mouseedge-UNexpected

    Unexpected mouse pointer on window edge, from iOS with the X1 Prototype mouse

     

  • Most mouse properties (Mouse speed, pointer scheme, etc.) has no effect.
  • I can see my mouse pointer in my R1 Receiver for iOS on the Webinterface but I cannot click anything. Possibly I need for this the X1 Web Receiver (StoreFront 2.7)  and not my legacy Webinterface …

 

Conclusion: For iOS the Citrix X1 Mouse can be a game changer, but to be honest that what is now possible with this mouse on iOS is already long time possible with an Android Tablet and a commercial of the shelf bluetooth mouse.

By the way, the X1 Mouse can also be used with other OS than iOS, so if you have an X1 Mouse but you decide that your iPad is to small to work you can use your “cool” mouse with a computer that supports Bluetooth 4.0 as a classic mouse.

 

Update 5.5.2015 06:10 GMT+1:

From now it’s possible to use the normal Recevier with the X1 mouse:

X1-Receiver-info X1-Receiver

Update 5.5.2015 22:20 GMT+1:

The final version of the X1 mouse will be launched on Citrix Synergy: http://blogs.citrix.com/2015/05/05/the-mouse-that-roared-for-business and what sounds exciting:
“…this is a unique Bluetooth Low Energy mouse (BTLE) with custom firmware that provides full-function mouse support to specific Citrix Mobile apps including Citrix Receiver, GoToMyPC, ShareConnect and WorkDesktop.”

“Cannot complete your request‘” on Netscaler Gateway VPX

In my lab environment I was using a Citrix Webinterface 5.x which was accessible  from Internet over a Access Gateway 5 VPX. Since Citrix Store Front is in a fairly usable release (> Version 2.x), I intended to update my lab environment to the current software releases and update my skills to Store Front and Netscaler Gateway VPX.

You can find a step by step Netscaler Gateway intro here http://blogs.citrix.com/2013/07/03/citrix-netscaler-gateway-10-1-118-7-quick-configuration-wizard
Also a very nice guide you can find here, this guide also contains information about how to configure StoreFront for Netscaler Gateway VPX: http://benjamin.eavey.com/2013/07/netscaler-vpx-as-secure-gateway-replacement

Cannot complete your request

After completion of the configuration I was not able to access the my environment from outside. The login to the Netscaler Gateway, the black window, was working fine, but as soon I hit the StoreFront I get this Error:

cannot-complete

Because StoreFront is working fine from internal, I assumed that’s not a completely wrong StoreFront configuration. After i had a look into the event viewer on the StoreFront server I can see that something is wrong here:

eventlog_error_callback

 

The crucial indication that’s a problem between the Store Front server and the the Netscaler Gateway in role of Authentication Callback Server I found here:

eventlog_error_callback_event3

when I browse to the address https://192.168.x.x/CitrixAuthService/AuthService.asmx you can see a certificate error, so I need to have here a FQDN that match to the installed certificate but I wont communicate outside, so first I’ve defined the internal IP as Callback URL:

general-settings

 

Now I’ve changed the Callback URL to the FQDN appropriate to the certificate:

general-settings-ok-with-fqdn

But because the DNS resolve this URL as the external IP which is not accessible over the necessary TCP ports, I was constrained to do a dirty hack … I have edited my host file :

hosts

 

Have a look into the StoreFront 2.x Subscription Database

Last days I had to deal with Citrix StoreFront 2.0 and found out that a numerous issues still exists and that some things are still not implemented to configure in the StoreFront MMC SnapIn.

Session timeouts and settings like enable or disable of features like workspace control still must be handled over the config-files. But this is all well documented the official documentation of Citrix.

But seems there is no possibility to have a look into the subscription database from Citrix Storefront which is now with version 2.0 in a proprietary non-MSSQL format. For this reason I created this small script (execute it on the StoreFront server):

#========================================================================
# Created on: 22.10.2013
# Created by: Sacha T. blog.sachathomet.ch
# Filename: GetSubscriptedStoreFrontApps.ps1
#========================================================================
#define some variables
#$domainname = "anotherDomain" # use that if your user is in another domain
$domainname = $env:userdomain
$storename = "StoreFront"      # Change this to your Store-Name
$subinfofile = "C:\temp\temp-subscriptions.csv"
Write-Host Query StoreFront apps in domain $domainname in Store $storename
$username = Read-Host "Please enter username to query"
#Add Module for Citrix StoreFront
Import-Module "C:\Program Files\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1"
#Change username to domain SID
$objUser = New-Object System.Security.Principal.NTAccount($domainname, $username)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
#delete old Subcriptionexportfile
Remove-Item $subinfofile -ErrorAction SilentlyContinue
#Create new Subcriptionexportfile
Export-DSStoreSubscriptions -StoreName $storename -FilePath $subinfofile
##Add a caption to the file, this is needed to process csv
$content = Get-Content $subinfofile
Set-Content $subinfofile sid.app
Add-Content $subinfofile $content
#Read all Lines in CSV from this User which are not unsubscribed
import-csv C:\Temp\temp-subscriptions.csv -delimiter "."| Where-Object {$_.sid -like "$strSID*" -and $_.app -notlike "*unsubscribed*"}| Format-Table -Property app
#wait to read the result - usefull if started from WindowsExplorer with "Run in PowerShell"
Write-Host "Press any key to continue …"
$x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")

 

When I’ve created this script I found out that deleted apps wont be removed from the subscription database and as well users who leave the company will still have records in the database after they are deleted in the AD. So within the years, the subscription database will have a lot of orphan data in the database. Seems that an automated clean-up does not exists.

There is a way to delete the records, have a look to forum post of Duncan Gabriel Thread:

Delete user subscriptions?  http://forums.citrix.com/thread.jspa?threadID=334609

Display the server name on Citrix StoreFront 2.0 WebReceiver

In enterprise environments most admins have more than one Citrix Storefront Webserver and loadbalance them over a Netscaler,  F5 or something equivalent.If a user has a misbehaviour on the website it’s not always easy to find out on which Storefront Website this user is working. To simplify troubleshooting it can be helpful to know which web server  user is accessing.

To see this on the website just add the following lines to the bold written files:

C:\inetpub\wwwroot\Citrix\[Storenname]\contrib\custom.style.css

#SFserver {
 padding-right: 30px;
 padding-bottom: 20px;
 float: right;
 color: silver;
 }
C:\inetpub\wwwroot\Citrix\[Storenname]\contrib\custom.script.js
$(document).ready(function() {
 var $markup = $('<div id="SFserver">Storefront:  [Name of the Server e.g. StoreFront001] </div>');
 $('#resources-footer').append($markup);
 });

 

StoreFront Website with Name in footer

 

This can also be done dynamic with JavaScript (System.Environment.machineName) but I had some troubles with formatting … and maybe you wont reveal the real hostname and just put an alias there to distinguish on which server the user is working.

Keep in mind that this file will be updated/overwritten in a multi server environment when you click on propagate changes.

 

By the way, if you need this for the legacy Citrix Webinterface visit:  http://techblog.deptive.co.nz/2012/03/display-server-name-on-citrix-web.html