Citrix
Tokenbased Citrix VDA registration
Over the past few months, Citrix has made significant investments to make the Virtual Desktop Agents (VDAs) independent of Windows domains. This was particularly important for Linux and Mac systems, and for some time now, it has been possible to provision non-domain-joined VDIs in Azure using Citrix tools. New in version 2407, available for the first time as a Tech Preview, is the ability to integrate Windows machines provisioned through other methods using a token, without requiring a domain, Delivery Controller, or Cloud Connector.
During the VDA installation, instead of specifying a Delivery Controller (DDC), the token can be directly provided:
(Important: The token itself, not the path to the token file, must be specified. This will maybe in future changed to provide a token File).
Instructions from Citrix: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/install-configure/install-vdas.html#step-7-delivery-controller-addresses
The token must be generated first in the Citrix DaaS Console on the appropriate machine catalog where the VDA is to be integrated, via right-click:
It has to be a machine catalog with the Provisioning Method on the Setting Manual.
A single token can be used to deploy up to 100 VDAs, and the token is valid for a maximum of 14 days.
The installation steps are also described in the “Review the enrollment steps” section.
I used this new feature to integrate Azure AVD VMs created via pipeline into Citrix, which I had previously used through AVD. Now, I essentially have a VDI that I can broker and connect to traditionally via Microsoft, but also through Citrix. You may ask yourself why someone want to have the whole Citrix brokering stuff, but not using the Citrix provisioning method for Azure (MCS), this can have different reason, possibly because someone want to use an automated IaaS pipeline with bicep and have control over the provisioning / building of the infrastructure, or other obstacles to not using the Citrix techniques to build VMs. I can’t say more here, I just see a way to make things different and gain more control but still use the advantage of the Citrix techniques in brokering and the ICA protocol.
Since my machines are only in Azure AD, it is important that I configured the delivery group to set the LogonType to AzureAD. I accomplished this with the command:
Set-BrokerDesktopGroup <DeliveryGroupName> -MachineLogonType AzureAD
Additionally, if I still want to access the machine without Citrix, I need to add my user to the Direct Connection Access group. Otherwise, when connecting without Citrix, I will receive the following error:
These are my first experiences with the new token-based VDA rollout. Naturally, these steps must be automated for a business environment when using the token, whereas in my hands-on experiment, everything was done manually through the graphical interface. If you are experimenting with this, please keep in mind that’s a TechPreview and not yet GA.
Issues by accessing Citrix Virtual Apps and Desktops on a pure IPv6 Internet Provider with enabled EDT
Some weeks ago first Incidents reached my team with the problem description that Users having a problem accessing their pooled Windows 10 desktops trough Citrix ADC (aka Netscaler).
I noticed that all affected users have one thing in common, they all have UPC Cablecom as an Internet Provider. As soon they connect their device to another internet connection, for instance to the Wifi hotspot created with their mobile phone all works fine.
Further troubleshooting steps showed that if I publish a dedicated VDI with disabled EDT also all works fine. If you don’t know what EDT is, Google EDT and Citrix 🙂
Usually, EDT is enabled and uses UDP for communication if the port is open and it’s possible. Otherwise, it should fall back to TCP. It seems to fall back just works if the ports are closed.
Now my problem is, I can’t disable EDT for all pooled VDI as we have some users who really need it. I also won’t give all the users dedicated desktops.
Luckily Julian Jakob gave me the hint to disable EDT on client-side. This is the best workaround.
Guidance for the User
(Because of BYOD the user needs to do that … )
On Windows it’s just a Registry key which the users have to create:
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\UDT]
"HDXoverUDP"="Off"
On a Mac this command should be typed in the terminal:
defaults write com.citrix.receiver.nomas HDXOverUDPAllowed -bool NO
On iOS devices you can disable EDT in the Workpace App:
Settings => Advanced => Adaptive Transport Settings => EDT (set on inactive)
Please Citrix fix that! All that I want is a fall back to TCP if UDP is not working, I don’t care if the port is closed or if it’s another issue. If EDT doesn’t work don’t use it. For users, this manual config on the client-side is not just annoying, some are not able to do it.
Update 26.5.2020
- If you have a non-standard MTU, see this article: https://support.citrix.com/article/CTX231821
- Background why this is happening, it seems UPC uses CarrierGradeNAT * and its a problem with IPv4/IPv6 Encapsulation, at the end there is too little payload available (MTU issue). Kudos to Markus Löffler for this hint and the link.
- Citrix has introduced in the background a feature called MTU Discovery. It’s not yet officially announced but it’s in the documentation since 1912: https://docs.citrix.com/en-us/citrix-virtual-apps-desktops/technical-overview/hdx/adaptive-transport.html#edt-mtu-discovery maybe this also can help solving this issue. I was not yet able to test.
* Explanation in German: https://www.elektronik-kompendium.de/sites/net/2010221.htm
Update 4.6.2020
I’ve enabled MTUDiscovery and it really looks promising, please be aware that MTU Discovery currently is just for the WorkspaceApp for Windows available. (CWA 19.12 an newer)
How I try to help the community as a Citrix CTP
Now it’s already 2,5 years since I was elected as a Citrix Technology Professional. Becoming a CTP was a really big honor for me, but I didn’t write a long blog post about that.
Maybe because I was shocked about the fact I was chosen or I was just afraid because more eyes from the Community and Citrites are looking to me and I fear I’ll not find the right words.
I think now I’m able to write a short retrospective about this time, no I don’t say that because I intend to step back, I’m still happy in this role 🙂 But who knows if I will be active enough to get re-elected.
According to the Citrix Website (https://www.citrix.com/community/ctp) individuals are eligible to be a CTP when they prove their knowledge in Citrix products and invest a lot of time: “The CTP Program recognizes the contributions of individuals who have invested a significant amount of time and resources to become experts in Citrix products and solutions.”
Honestly, after being elected as CTP, I felt a bit under pressure to deliver new blog posts and to speak at conferences. Both are something that I like to do, but it’s only easy when I really have something to show or say. The Health Check automation was something and my early adopter experience with Windows 10, but I think these topics are now more or less stale. And for the blog posts when I have time to write it down…
The value of being a CTP is that I have access to Beta and EAR sources of the products, having a free pass to Citrix Synergy and the best, direct access to the Product Management. Besides all the CTP goodies, there is also liability and duties. Maybe not all people out there are aware of that. A CTP is not the Extension of the Citrix marketing department! But in my opinion, a CTP should be a communication channel between Citrix and their customers and more from the customer in the direction of Citrix.
To get elected as a CTP is not an easy thing, but also to stay a CTP needs effort! To make the grade for the CTP Program there are multiple possible activities. There are 1-2 online meetings with Product Management which takes about 1 hour. Also, there are two in-person meetings which take 2-3 days each.
So, if you aim to be a CTP, please think that it needs a bunch of spare time to satisfy the needs! I’m doing this partially in my free time and my employer “Die Mobiliar” supports me and gives me time for the in-person meetings. Also, I have support from my wife, my family and my friends and colleagues at Die Mobiliar. At this place THANK YOU!
Besides the CTP Program, I’m also active for the CUGC, on one hand as a local leader here in Switzerland but also in the CUGC Steering Committee. I think this is kind of “double burden” but also there were good synergies to combine these two or three roles.
I sometimes was asked “What can you accomplish as a CTP?” and now I can see that I’m really able to help Citrix and the Community to bring products in better shape to the customer needs. I posted some Feature Requests and those were implemented in the last months. These are only very little features, but for me, the fact that they implemented them was a big thing!
Here are some examples:
- VDI Battery Indicator:
this feature was implemented in Virtual Desktops (XenDesktop) 7.18 !
- Limit Number of Desktops in a Site
The next feature request I submitted because my SwissCUGC fellow leader Stefan Beckmann (https://www.beckmann.ch / @alphasteff)had an issue with the missing feature in version 7.x of Virtual Apps & Desktops (XenApp/XenDesktop): This is now implemented in version 1808 (former version naming would say 7.19). (If you want to use this feature, this is currently available in command line not in the Studio) - StoreFront Logout without closing Browser
Also, this article describes the impact of a feature request from me: http://blog.sachathomet.ch/2017/01/03/storefront-allowreloginwithoutbrowserclose/
- And also, the missing Windows 10 disconnect button I repeatedly requested from Product Management – but guess I was not the only one … 🙂 A fix you can find here https://support.citrix.com/article/CTX225970 and I hope soon it will be implemented in the standard VDA
I hope now you have a bit an idea of the role of a Citrix Technology Professional and know that it’s more than just a title like a certification like CCE-V or so. There are a lot of brilliant CTPs, see the full list here: https://www.citrix.com/community/ctp/awardees.html or follow them on Twitter, Citrix has a complete list: https://twitter.com/citrix/lists/ctps
Citrix Receiver 4.11 – Keyboard and Language Bar
In Citrix Receiver 4.11 there is a new feature for Improved Control Over the Remote Language Bar for Seamless Published Applications (See https://support.citrix.com/article/CTX231913 ). This is especially for us here in Switzerland nice and important as we have four official spoken languages and also different Keyboard layouts. There is German, French, Italian and Romansh. Romansh is more or less neglected but beside German the languages French and Italian play a significant role.
As I plan to roll out the Receiver 4.11 in my company, my aim is to keep the possibility open for the user for configure that on receiver, but I want to have a pre-defined setting. By the way, earlier we always hid the Language bar by making use of the SeamlessFlags (on server side). But I experienced that this had in Server 2016 a negative impact to the logon time, don’t ask me why … But it’s a fact and i’s reproducible so I keep the Language bar visible and now I’m very happy that this is configurable in Receiver.
The configuration of this both features is is described here https://docs.citrix.com/en-us/receiver/windows/current-release/improve/keyboard-layout-and-language-bar.html and it’s possible to hide this Advanced feature with a reg Key.
But there is just described the config via GUI for the user! And there is today no way to configure that in the ADMX 🙁
With the help of ProcMon and Total Commander I just found out which two settings are getting touched when User set this preferences:
Local Keyboard is in the good old Appsrv.ini – the value is LocalIME=1 to use the local keyboard
Language Bar is HKCU\SOFTWARE\Ica Client\Engine\Configuration\Advanced\Modules\LocalIME
DWORD: DisableLanguageBar
So if you want to configure this for all users you need to “patch” the AppSrv.ini to set the local Keyboard and/or Adjust the reg key above to disable the Language Bar on receiver side.
Fatal error during installation (1603) on StoreFront upgrade to 3.12
Today I’ve upgraded Citrix StoreFront Server from 3.9 to 3.12
as every time first I shut down all of the following services:
net stop W3SVC
net stop CitrixConfigurationReplication
net stop CitrixCredentialWallet
net stop CitrixDefaultDomainService
net stop “Citrix Subscriptions Store”
net stop “Citrix Peer Resolution Service”
net stop CitrixServiceMonitor
net stop CitrixTelemetryService
then I run CitrixStoreFront-x64.msi, reboot the server and after that I do that on the second node. Most time this goes pretty flawless.
But this time, my upgrade failed with an error:
CitrixStoreFront-x64.msi’ failed with error code 1603. Fatal error during installation”
I remember I had this already one time before, but what the hell was the solution … a short search with Google showed me:
https://discussions.citrix.com/topic/371535-storefront-upgrade-to-301-from-300-fails
Well I’m on StoreFront 3.9 and when I have a look into “C:\Program Files\Citrix\Receiver StoreFront\Services\ProtocolTransitionService\Citrix.DeliveryServices.ProtocolTransition.ServiceHost.exe.config” I see in some lines “Version=3.8.0.0” – but I have 3.9, so I replace all “Version=3.8.0.0” to “Version=3.9.0.0”
Result: StoreFront upgrade to 3.12 is successful – All’s well that ends well.
No more able to start SOAP on PVS
After the last monthly Microsoft Security Updates one of my PVS Servers was no more able to start the SOAP service. I received an Event 7000 with the message:
The Citrix PVS Soap Server service failed to start due to the following error: The service did not respond the the start or control request in a timely fashion.
I live in Bern, and we are known as slow-paced people here in Bern, probably because of our slow sounding accent. So my idea is if the service need more time to start, I’ll give him more time.
I’ve created a new DWORD called ServicesPipeTimeout with the value 120000 in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control which means the service has 2 minutes time to start. After a reboot my SOAP was again up and running.
By the way and additional tip according this service… SOAP is sometimes bitchy … it’s a good idea to set the service to auto restart after a crash.
Finally 1.0 – but never finalized!
In November 2014 I created the blog post about the adaption of the PVS Script for XenApp/XenDesktop 7.x :
XenDesktop & XenApp FMA (7.x) HealthCheck – Oops!… I Did It Again
Now after almost two years of continuous development on this Script, the XenApp & XenDesktop 7.x Health Check has now Version 1.0.
I started this script in a very basic version and in the meanwhile, a lot of tester and contributors helped to bring this script in this version. Just this year I started with GitHub and it’s surprising, the community who helped is awesome!
Now after a number of 0.x versions, just at the point we introduce the XML configuration file, I can say the version now has deserved the number 1.00.
The big benefit of the configuration in the XML file is in case you have multiple environments with the script you don’t need to edit the header section of the script which has earlier contained the config. On a new version of the script, you just replace the script in your environments and keep the XML file.
The XML file and the script need to be in the same directory and the Name of the XML file needs to be same like the script, e.g:
XA-and-XD-HealthCheck.ps1 XA-and-XD-HealthCheck_Parameters.xml
The XML-Config is introduced to this script by Stefan Beckmann (Twitter: @alphasteff)
The newest version of the script you can find on GitHub:
https://github.com/sacha81/XA-and-XD-HealthCheck
The HTML Output file gained some more input, even it was difficult to decide which feature request to consider and which not.
We check now CPU, Memory and disk space of controllers and workers (XenApp Server and XenDesktop VDIs). Because I learned last month’s that with 7.x and the FMA architecture it’s really possible that an environment contains a number of different VDA versions, I also added this info. And for troubleshooting reason, I assumed that it would be helpful to have also the hypervisor host information on this output.
The code is on GitHub:
https://github.com/sacha81/XA-and-XD-HealthCheck/
For Bug Reports or Feature Request please use GitHub, of course, you can also contribute on this code!
Happy New Script – PVS 7.7 HealthCheck
We are close to the New Year 2016 and I want to wish you all the best for 2016!
I’m already happy now, because I can publish some hours after the PVS 7.7 release from Citrix this Script:
Today Citrix released XenApp/XenDesktop 7.7 and Citrix Provisioning Services 7.7. There are a bunch of new features, but for me the most important thing, beside of the Win10 support, is
…. drum roll ….
the new PVS PowerShell API. PoSh with PVS 7.6 and below was a pain … To know what else is new in PVS look here: PVS 7.7 New in this release
Now PVS comes with a real PoSh interface which gave more back than a bundle of strings. I had the chance to play around with PVS 7.7 Tech Preview and so here you have already the PVS HealthCheck Script for Version 7.7 in a complete new developed version:
If you have a feature request or a bug report please post it direct on GitHub.
This version doesn’t work with PVS 7.6 and below, if you have an older version than 7.7 take this script: Citrix PVS HealthCheck
Update 11.04.2016: Performance-Improvement, Change the order of the table, all the VDI status now at the end.
Update 09.05.2016: Bugfix & Input from Jay, get CPU/Memory/Disk usage of PVS.
Update 27.05.2016: Now my Script is on GitHub
I’m an absolute GitHub newbie … for this reason I leave it still also here as a download until I’m really comfortable with GitHub.
The code is on GitHub:
PoSh Script who alert me if I’m running out of pooled Desktops
Just a small one, last days I’ve created a small script who alert me if I’m running out of pooled Desktops.
If you run this script at regular intervals you will receive an email as soon you have less desktops free than you defined as threshold:
#============================================================================================== # Created on: 08.2015 Version: 0.2 # Created by: Sacha Thomet # File name: Citrix-XenDesktop-Alert-low-free-desktops.ps1 # # Description: Check for Free Desktops in DeliveryGroups # # Prerequisite: None # # Call by : Scheduled Task e.g every 10 minutes # # Changelog: # V0.1 Initial Version, create report file from array FreeDesktopReport and attach this to the email. # V0.2 Change from txt-file to formatted HTML-Mail # #============================================================================================== if ((Get-PSSnapin "Citrix.Common.Commands" -EA silentlycontinue) -eq $null) { try { Add-PSSnapin Citrix.* -ErrorAction Stop } catch { write-error "Error Citrix.* Powershell snapin"; Return } } # Change the below variables to suit your environment #============================================================================================== # Variables what should be changed according your environment and wishes $DeliveryGroups = @("Win7-Desktops","Win10-Desktops") $minDesktops = 10 $directoraddress="http://citrixdirector.mycompany.ch" $EnvironmentName="Production XenDesktop" # E-mail report details $emailFrom = "citrix@mycompany.ch" $emailTo = "citrix@mycompany.ch" $smtpServer = "mailrelay.mycompany.ch" #=======DONT CHANGE BELOW HERE ======================================================================================= $mailbody = $mailbody + "&lt;!DOCTYPE html&gt;" $mailbody = $mailbody + "&lt;html&gt;" $mailbody = $mailbody + "&lt;head&gt;" $mailbody = $mailbody + "&lt;style&gt;" $mailbody = $mailbody + "BODY{background-color:#fbfbfb; font-family: Arial;}" $mailbody = $mailbody + "TABLE{border-width: 1px;border-style: solid;border-color: black;border-collapse: collapse; width:60%; }" $mailbody = $mailbody + "TH{border-width: 1px;padding: 0px;border-style: solid;border-color: black; text-align:left;}" $mailbody = $mailbody + "TD{border-width: 1px;padding: 0px;border-style: solid;border-color: black;}" $mailbody = $mailbody + "&lt;/style&gt;" $mailbody = $mailbody + "&lt;/head&gt;" $mailbody = $mailbody + "&lt;body&gt;" $mailbody = $mailbody + "This is the Low-Desktop-Alert for $EnvironmentName, if you receive this mail the value of free desktops is below the configured threshold of $minDesktops desktops! &lt;br&gt;&lt;br&gt;" $FreeDesktopReport = @() foreach($dg in $DeliveryGroups) { $desktops = Get-BrokerDesktopGroup | where {$_.Name -eq $dg } $CurrentDeliveryGroup = "" | Select-Object Name, Alert, DesktopsAvailable # Write Array Values $CurrentDeliveryGroup.Name = $dg $CurrentDeliveryGroup.DesktopsAvailable = $desktops.DesktopsAvailable if ($desktops.DesktopsAvailable -lt $minDesktops ) { Write-Host "Number of free desktops to low for DeliveryGroup $dg, sending email" # Add Line to Report $CurrentDeliveryGroup.alert = "True" } $FreeDesktopReport += $CurrentDeliveryGroup } $mailbody += $FreeDesktopReport | ConvertTo-Html $mailbody += "&lt;br&gt;&lt;br&gt;Launch Citrix Studio or browse to &lt;a href=$directoraddress&gt;Citrix Director&lt;/a&gt; see more information about the current Desktop usage&lt;br&gt;" $mailbody = $mailbody + "&lt;body&gt;" $mailbody = $mailbody + "&lt;/html&gt;" # If any record raises an alert, send an email. if (($FreeDesktopReport | where {$_.alert -eq "True"}) -ne $null) {Send-MailMessage -to $emailTo -from $emailFrom -subject "********* Low free Desktop Alert for $EnvironmentName *********" -Body $mailbody -BodyAsHtml -SmtpServer $smtpServer }
Or download the Script here
Citrix X1 Prototype Mouse – hands-on
On Citrix Summit in Las Vegas back in January 2015 Citrix presented the X1 Prototype Mouse. This mouse is not just another mouse with a Citrix logo on it. It’s a mouse that works in Citrix Receiver with iOS-Devices! Yes it’s the truth, normal bluetooth mice doesn’t work with the Citrix receiver on iPad.
Even when I was not on Citrix Summit, with the social media channels I was pretty fast to get that Info and I was the 7th on the order form to request this cool gadget for a described use case. I want to demonstrate this in my company because we are currently in a VDI initiative project with up to 2000 VDIs.
Today almost 4 months later I received my Citrix X1 Prototype Mouse and can start test and maybe show off in my company 🙂 To be honest, the design don’t give me the chance to show off …
The X1 Mouse appears in a nasty 80ties style, the power switch on the bottom has three possible positions, up- and down for ON and OFF in the middle.
Connect the mouse to the iPhone? Really? 4,7 inch ?
Not only the iPad is the only use case for the mouse, remember 2010 the Vision of the Nirvana Device and the Motorola NirvanaPhone . With the new version of the Citrix Receiver for iOS you can connect a Screen on your iPhone, a Bluetooth Keyboard, that mouse and you can work with the iPhone as “Thin Client” on you television connected with Airplay or on your 24″ Office Screen connected with a Lightning VGA adapter.
I made some quick hands-on test:
I’ve used the following infrastructure to test:
- XenDesktop 5 on Windows 7 x64, Citrix Webinterface behind Netscaler Gateway.
- XenDesktop 7.6 on Windows 7 x64, Citrix Webinterface behind Netscaler Gateway.
- XenApp 7.6 Desktop on Windows 2008 R2, Citrix StoreFront 2.6 behind Netscaler Gateway.
For all tests I used my Apple iPad mini with the R1 Receiver which is mandatory necessary to use the X1 Prototype Mouse. I didn’t install anything special on XenDesktop or XenApp.
The next points where I mention what is ok and what needs improvement I will complement as soon as I have new points.
What works fine:
- No issue to connect and use the mouse if you follow the instructions from Citrix.
- I can use the X1 mouse inside my virtual desktop like a normal mouse, I can launch applications from start menu, change the active cells in MS Excel – most things I usually do with my mouse works.
- I can configure in mouse pointer options a “mouse track” which also works fine.
- …
What currently doesn’t work or need still improvement:
- I tried to resize an Internet Explorer window and was irritated because the mouse pointer doesn’t change his shape on the edge of the window to a “double-arrow”:
- Most mouse properties (Mouse speed, pointer scheme, etc.) has no effect.
- I can see my mouse pointer in my R1 Receiver for iOS on the Webinterface but I cannot click anything. Possibly I need for this the X1 Web Receiver (StoreFront 2.7) and not my legacy Webinterface …
- …
Conclusion: For iOS the Citrix X1 Mouse can be a game changer, but to be honest that what is now possible with this mouse on iOS is already long time possible with an Android Tablet and a commercial of the shelf bluetooth mouse.
By the way, the X1 Mouse can also be used with other OS than iOS, so if you have an X1 Mouse but you decide that your iPad is to small to work you can use your “cool” mouse with a computer that supports Bluetooth 4.0 as a classic mouse.
Update 5.5.2015 06:10 GMT+1:
From now it’s possible to use the normal Recevier with the X1 mouse:
Update 5.5.2015 22:20 GMT+1:
The final version of the X1 mouse will be launched on Citrix Synergy: http://blogs.citrix.com/2015/05/05/the-mouse-that-roared-for-business and what sounds exciting:
“…this is a unique Bluetooth Low Energy mouse (BTLE) with custom firmware that provides full-function mouse support to specific Citrix Mobile apps including Citrix Receiver, GoToMyPC, ShareConnect and WorkDesktop.”