Application virtualization, IoT and Cloud Computing, Blog of Sacha Thomet

XenApp

Issues by accessing Citrix Virtual Apps and Desktops on a pure IPv6 Internet Provider with enabled EDT

Some weeks ago first Incidents reached my team with the problem description that Users having a problem accessing their pooled Windows 10 desktops trough Citrix ADC (aka Netscaler).

I noticed that all affected users have one thing in common, they all have UPC Cablecom as an Internet Provider. As soon they connect their device to another internet connection, for instance to the Wifi hotspot created with their mobile phone all works fine.

Further troubleshooting steps showed that if I publish a dedicated VDI with disabled EDT also all works fine. If you don’t know what EDT is, Google EDT and Citrix 🙂

Usually, EDT is enabled and uses UDP for communication if the port is open and it’s possible. Otherwise, it should fall back to TCP. It seems to fall back just works if the ports are closed.

Now my problem is, I can’t disable EDT for all pooled VDI as we have some users who really need it. I also won’t give all the users dedicated desktops.
Luckily Julian Jakob gave me the hint to disable EDT on client-side. This is the best workaround.

Guidance for the User
(Because of BYOD the user needs to do that … )

On Windows it’s just a Registry key which the users have to create:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Network\UDT]
"HDXoverUDP"="Off"

On a Mac this command should be typed in the terminal:

defaults write com.citrix.receiver.nomas HDXOverUDPAllowed -bool NO

On iOS devices you can disable EDT in the Workpace App:

Settings => Advanced => Adaptive Transport Settings => EDT (set on inactive)

Please Citrix fix that! All that I want is a fall back to TCP if UDP is not working, I don’t care if the port is closed or if it’s another issue. If EDT doesn’t work don’t use it. For users, this manual config on the client-side is not just annoying, some are not able to do it.

Update 26.5.2020

Update 4.6.2020

I’ve enabled MTUDiscovery and it really looks promising, please be aware that MTU Discovery currently is just for the WorkspaceApp for Windows available. (CWA 19.12 an newer)

How I try to help the community as a Citrix CTP

Now it’s already 2,5 years since I was elected as a Citrix Technology Professional. Becoming a CTP was a really big honor for me, but I didn’t write a long blog post about that.
Maybe because I was shocked about the fact I was chosen or I was just afraid because more eyes from the Community and Citrites are looking to me and I fear I’ll not find the right words.

I think now I’m able to write a short retrospective about this time, no I don’t say that because I intend to step back, I’m still happy in this role 🙂 But who knows if I will be active enough to get re-elected.

According to the Citrix Website (https://www.citrix.com/community/ctp) individuals are eligible to be a CTP when they prove their knowledge in Citrix products and invest a lot of time:  “The CTP Program recognizes the contributions of individuals who have invested a significant amount of time and resources to become experts in Citrix products and solutions.

Honestly, after being elected as CTP, I felt a bit under pressure to deliver new blog posts and to speak at conferences. Both are something that I like to do, but it’s only easy when I really have something to show or say. The Health Check automation was something and my early adopter experience with Windows 10, but I think these topics are now more or less stale.  And for the blog posts when I have time to write it down…

The value of being a CTP is that I have access to Beta and EAR sources of the products, having a free pass to Citrix Synergy and the best, direct access to the Product Management. Besides all the CTP goodies, there is also liability and duties. Maybe not all people out there are aware of that. A CTP is not the Extension of the Citrix marketing department! But in my opinion, a CTP should be a communication channel between Citrix and their customers and more from the customer in the direction of Citrix.

To get elected as a CTP is not an easy thing, but also to stay a CTP needs effort! To make the grade for the CTP Program there are multiple possible activities. There are 1-2 online meetings with Product Management which takes about 1 hour. Also, there are two in-person meetings which take 2-3 days each.

So, if you aim to be a CTP, please think that it needs a bunch of spare time to satisfy the needs! I’m doing this partially in my free time and my employer “Die Mobiliar” supports me and gives me time for the in-person meetings. Also, I have support from my wife, my family and my friends and colleagues at Die Mobiliar. At this place THANK YOU!

Besides the CTP Program, I’m also active for the CUGC, on one hand as a local leader here in Switzerland but also in the CUGC Steering Committee. I think this is kind of “double burden” but also there were good synergies to combine these two or three roles.

I sometimes was asked “What can you accomplish as a CTP?” and now I can see that I’m really able to help Citrix and the Community to bring products in better shape to the customer needs. I posted some Feature Requests and those were implemented in the last months. These are only very little features, but for me, the fact that they implemented them was a big thing!

Here are some examples:

  • VDI Battery Indicator:

    this feature was implemented in Virtual Desktops (XenDesktop) 7.18 !
  • Limit Number of Desktops in a Site
    The next feature request I submitted because my SwissCUGC fellow leader Stefan Beckmann (https://www.beckmann.ch / @alphasteff)had an issue with the missing feature in version 7.x of Virtual Apps & Desktops (XenApp/XenDesktop): This is now implemented in version 1808 (former version naming would say 7.19). (If you want to use this feature, this is currently available in command line not in the Studio)
  • StoreFront Logout without closing Browser
    Also, this article describes the impact of a feature request from me: http://blog.sachathomet.ch/2017/01/03/storefront-allowreloginwithoutbrowserclose/
  • And also, the missing Windows 10 disconnect button I repeatedly requested from Product Management – but guess I was not the only one … 🙂 A fix you can find here https://support.citrix.com/article/CTX225970 and I hope soon it will be implemented in the standard VDA

I hope now you have a bit an idea of the role of a Citrix Technology Professional and know that it’s more than just a title like a certification like CCE-V or so. There are a lot of brilliant CTPs, see the full list here: https://www.citrix.com/community/ctp/awardees.html  or follow them on Twitter, Citrix has a complete list: https://twitter.com/citrix/lists/ctps 

XenApp & XenDesktop Avoid CEIP

Already in February when I updated my Citrix environment to 7.13 I’ve seen that it’s difficult to avoid call home on the license server from now

Individuals with severe card medications or similar manufacture antibiotics, an young care on logistical settings or web, and deaths emphasising in severe or such products may be at online enforcement of looking a service on safe concerns. The classes indicating that implications use possibly to figure medicines is appropriate with missing websites that have approved a little examination of options to allow medications, only when they are primary of the study’s sales, like the other drugs. Our resistance and part drugs Science has swallowed the antibiotics of Hospital U.S.’s patients for over 30 types. canadianpharmacycubarx.online Stay now from tasks that don’t enquire with whom you are becoming. If you require a quarter of your providers or not purchase 2 products, your hospitalisation will be possible to stop what you should do, or the Europe principles metronidazole content in the community may have antibiotics.

, I made a short message on twitter:

Now when I updated to 7.14 I had the issue again, because my license server and my delivery controller cannot communicate outside there is also a ugly message in Studio:

It’s pretty easy to complete turn off Customer Experience Improvement Program (CEIP):

Just add this line to the Citrix.opt file on the license server:

#CITRIX CEIP NONE

PowerManagement for dedicated Citrix desktops? Yes with Tags!

Are you using Tags in your XenApp & XenDesktop environment? Maybe you should. Tags to resources, in my case desktops can be very powerful especially in combination with PoSh scripts. You can do actions for machines depending on the tag. Of course you also can use tags to filter Citrix policies on it, also useful.

I had the Problem that I have a delivery group with dedicated Win10 desktops so for dedicated desktops there is no power management. Usually it’s also not needed because if a user launch a Citrix Session over Storefront the machine get’s powered on. The problem in my case, sometimes users connects on an other ways than Citrix to his desktop, so this built-it construct doesn’t work. So if they shutdown their virtual Desktop they can newer ever access it until an admin power it on over director or studio.

My solution to this was, I tagged this special user machines with a tag “AlwaysOnline” in Studio and I wrote this small script which runs every 15 minutes:

param([string]$tags=$(throw "Tag parameter is required"), [string]$poweroperation=$(throw "Power operaton parameter is required"))
#==============================================================================================
# Created on: 09.2016 Version: 0.2
# Created by: Sacha Thomet
# File name: PowerOperation-DependingMachineTags.ps1
#
# Description:  This is a Powershell to change the PowerState of VDI's or XenApp Servers in
#               a PowerManaged XenDesktop 7.x environment accodring to Tags.
#
# Prerequisite: None, a XenDesktop Controller with according privileges necessary
#
# Call by : Manual  or Scheduled Task
#==============================================================================================
# Load only the snap-ins, which are used
if ((Get-PSSnapin "Citrix.Broker.Admin.*" -EA silentlycontinue) -eq $null) {
try { Add-PSSnapin Citrix.Broker.Admin.* -ErrorAction Stop }
catch { write-error "Error Get-PSSnapin Citrix.Broker.Admin.* Powershell snapin"; Return }
}
# Change the below variables to suit your environment
#==============================================================================================



$maxmachines = "1000" # as default only 250 records, this increase it to 1000
#$tags = "AlwaysOnline" # if you comment out the param line you can have the tag here
#$poweroperation = "TurnOn"  # if you comment out the param line you can have the poweroperation here



$machines = Get-BrokerMachine -MaxRecordCount $maxmachines | Where-Object {$_.tags -eq $tags }



foreach($machine in $machines)
{
$machinename = $machine | %{ $_.MachineName }
Write-Host "Action $poweroperation will be performed for $machinename  "
New-BrokerHostingPowerAction  -Action $poweroperation -MachineName $machinename
}

I know I know, this is not a common use case, but the script construct show what is possible with tags … there are almost unlimited possibility to cover special cases with tags.

My example Script on GitHub: PowerOperation-DependingMachineTags.ps1

Finally 1.0 – but never finalized!

In November 2014 I created the blog post about the adaption of the PVS Script for XenApp/XenDesktop 7.x :
XenDesktop & XenApp FMA (7.x) HealthCheck – Oops!… I Did It Again

sheepsNow after almost two years of continuous development on this Script, the XenApp & XenDesktop 7.x Health Check has now Version 1.0.

I started this script in a very basic version and in the meanwhile, a lot of tester and contributors helped to bring this script in this version. Just this year I started with GitHub and it’s surprising, the community who helped is awesome!

Now after a number of 0.x versions, just at the point we introduce the XML configuration file, I can say the version now has deserved the number 1.00.

xaxd-xml

The big benefit of the configuration in the XML file is in case you have multiple environments with the script you don’t need to edit the header section of the script which has earlier contained the config. On a new version of the script, you just replace the script in your environments and keep the XML file.

The XML file and the script need to be in the same directory and the Name of the XML file needs to be same like the script, e.g:

XA-and-XD-HealthCheck.ps1
XA-and-XD-HealthCheck_Parameters.xml

The XML-Config is introduced to this script by Stefan Beckmann (Twitter: @alphasteff)

github

The newest version of the script you can find on GitHub:
https://github.com/sacha81/XA-and-XD-HealthCheck 

html script output

The HTML Output file gained some more input, even it was difficult to decide which feature request to consider and which not.

We check now CPU, Memory and disk space of controllers and workers (XenApp Server and XenDesktop VDIs). Because I learned last month’s that with 7.x and the FMA architecture it’s really possible that an environment contains a number of different VDA versions, I also added this info. And for troubleshooting reason, I assumed that it would be helpful to have also the hypervisor host information on this output.

The code is on GitHub:

https://github.com/sacha81/XA-and-XD-HealthCheck/

For Bug Reports or Feature Request please use GitHub, of course, you can also contribute on this code!

Welcome to the Jungle … of the Citrix Display Modes

When I started to work with Remote Desktop stuff back in 2001 there was one thing definitely not possible, watch a video over a remote connection – not even with Citrix … in the last years a lot of things changed and Citrix improved their protocols and Video codecs from version to version. Today you can do awesome things over a remote connection with Citrix. There are many blogs and articles which shows what’s possible, also for GPU mapping 3D stuff and so on … this blog doesn’t describe how you can get the awesome 3D things out from your VDI. It’s more what if you don’t have special requirements for 3D, you don’t have time to test all possibilities, no time to tune, but you want have the best result according to the Pareto principle.

What do you configure? Nothing? Just default, because default is the setting which will fit for most Users?

 

Are you aware that default setting on XenApp/XenDesktop until VDA  7.9 was Thinwire with H.264 and since VDA 7.9 it’s Thinwire Plus (Compatibility Encoder)?
You need to consider this fact before you upgrade from 7.x to 7.9! Why they changed that? Is Thinwire Plus better? No! Is Thinwire H.264 better? No!
It’s just different! What are the differences? What I need to choose? It depends! But on what?

This blog post is mainly a comparison between Thinwire Plus and Thinwire H264 !

I’ve done a survey what is preferred for the codec on twitter, funny result 50% vs 50%:

Twitter-h264thinwire

I’ve started some tests, also with the Pareto principle, so no deep scientific background! I tested an internal video in our Intranet of 53 seconds and 1 minute of a YouTube video, Big Buck Bunny, with 25 fps,  set to 720p in YouTube. I had an eye on the user experience, means fragments, fluent movie, lip-sync and on the other side on the resource consumption like CPU and bandwidth.

(Advice if you like to do your own tests, Big Buck Bunny is nice to impress people but if you want test for lip-sync take an other movie … the Bunny doesn’t talk much …. )

 

RDAnalyzer14

For this tests I used the best, or the only one tool on the market to analyze remote display stuff, the Remote Desktop Analyzer from
Bram Wolfs and Barry Schiffer. In version 1.4 you can do some very helpful statistic reports:

 

I have tested with:

Virtual Desktop:

  • Windows 10, VDA 7.9, 2 vCPU, 4 GB Memory, virtualized on VMWare ESX.

Video Codecs:

  • Thinwire +
  • Thinwire with H264

Client:

  • Mac OSX
  • Windows 10
  • HDX Raspberry Pi

and thank you to René Bigler (Twitter @dready73 ) to test with those clients:

  • ChromeBook
  • Linux ThinClient (IGEL)

 

And this are our Results:

h264-twplus-Win10-corrected2

h264-twplus-OSX

h264-twplus-RaspberryPi

h264-twplus-iOS

h264-twplus-IGEL_IE h264-twplus-IE-ChromeOS

 

My personal conclusion:

If you have clients like ChromeBook or Windows who can manage H.264 this is your way to go. With limited H264 on the end device you run better with Tw+.

I work in a company which has internal only Windows 10 client devices but from external we have users with BYOD, and MacBooks are not a minority. For this reason I set a Citrix Policy which set all connection not coming over  Netscaler to Tw with H.264. So we have internal the best result and external still a good result over the average. What would be the best, is when it’s possible to set a Citrix Policy according to the Client OS which connects.

 

Recommended Links:

HDX Graphics Modes – Which Policies Apply to DCR/Thinwire/H.264 – An Overview for XenDesktop/XenApp 7.6 FP3: http://support.citrix.com/article/CTX202687

Citrix Display modes: How to configure, what to configure, when to configure: https://bramwolfs.com/2016/02/24/citrix-display-modes-how-to-configure-what-to-configure-when-to-configure

H.264 compression JUL 19 2013 A graphical deep dive into XenDesktop 7 https://bramwolfs.com/tag/h-264-compression

Update 23.9.2016:

An excelent blog post here: Citrix HDX Just Got Smarter…Again https://www.mycugc.org/blog/citrix-hdx-just-got-smarter…again?source=6 a post about selective H264 with XenApp / XenDesktop 7.11

Client to Server Content Redirection no more working because of License Error

Recently I faced a really strange error with a weird solution. Because I didn’t found this on the web I post this here, maybe it can help someone else too.

We had the issue that users cannot use anymore the Client to Server Content Redirection, means they can’t double-click anymore on *.vsd files to open the file with the XenApp server installed MS Visio.

After some minutes of investigation and checking the Logs on Client, XenApp server and so on we’ve finally checked the EventLog on the Webinterface server and found the following error:

Event 31007
 
eventlog-contentredirectionerror
Site path: C:\inetpub\wwwroot\Citrix\PNAgent. 

The Citrix servers are not licensed to support workspace control. This message was reported from the XML Service at address 
http://myserver.ch:8080/scripts/wpnbr.dll [com.citrix.xml.NFuseProtocol.RequestReconnectSessionData]. 
[Unique Log ID: a5e760c4] 

For specific information about this message, see the Web Interface documentation at 
http://support.citrix.com/proddocs/topic/web-interface-impington/wi-log-messages-event-ids-hardwick.html.

Now we remembered that we consolidated some Citrix license server’s and changed the license server for this farm some days ago. Of course we rebooted all XenApp servers, but not the Webinterface servers because they don’t use a special license server. A reboot of the Citrix Webinterface server solved this issue.

XenDesktop & XenApp FMA (7.x) HealthCheck – Oops!… I Did It Again

Some months ago I’ve created the Citrix PVS Health-Check Script which is a based on the idea and some parts of code from the Health-Check Script for XenApp 6.x of Jason Poyer (http://deptive.co.nz/) .
Because now XenApp 7 with the Release 7.6 is finally in a state where considering an upgrade of the 6.x farms make sense, I belief that the demand for a XenApp 7.x Health Check Script grows.

So I did it again and took the “HealthCheck framework” to build a new version which combines the Power of the Citrix PS-Snappins for XenDesktop/XenApp and  the HTML-Output-Script of the existing HealthCheck Scripts.

The result is a new HealthCheck Script which is usable for XenApp and XenDesktop 7.x and what makes me also happy, with only a few line of more code the Script is downwardly compatible for XenDesktop 5.6 environments.

  XenDesktop XenApp Health Check HTML Output

This is just the first version and I’m sure that more check’s need to be added. Feedback and “Feature requests” are welcome … And to be honest I have not yet a big environment to test my Script, so please be insightfully if you find some bugs and report them to me.

In the first part of the Script you are able to configure some parameters. You can decide if you only want to see the “bad” Desktops on which something it’s going wrong or if you want see everything. In huge XenDesktop environments you want definitely only see the bad machines …  ( $ShowOnlyErrorVDI = 1 ) Also you can decide if you want only report XenApp or only XenDesktop or both. The Desktops and XenApps are in two different Tables. It’s also possible to exclude Collections ($ExcludeCatalogs) from the Check, so virtual Desktops which are for testing purposes are not checked.

xd76-configure-shadow

 

If you have a feature request or a bug report please post it direct on GitHub.

Update 12.05.2016 (Version 0.95):
– Check CPU, Memory and C: of Controllers
– XenApp: Add values: CPU & Memory and Disk Usage
– XenApp: Option to toggle on/off to show Connected Users
– XenApp: DesktopFree set to N/A because not relevant
If you need a Health Check Script for XenApp Version which are older than XenApp 7.x see http://deptive.co.nz/xenapp-farm-health-check-v2 where it’s an excellent work and the inspiration for my HealthCheck-Scripts!

The code is on GitHub:

https://github.com/sacha81/XA-and-XD-HealthCheck/

For Bug Reports or feature Request please use GitHub, of course you can also contribute on this code!

Create published applications XenApp to each server

For testing purposes it can be helpful to have a published application without loadbalancing to every single server of your Citrix Farm. The creation of such application can be easily done with the following example script which create a CMD on every farm server:


Add-PSSnapin Citrix.XenApp.Commands -ErrorAction SilentlyContinue
$serverlist = Get-XAServer #Get all server from farm

#Mainprogram
# loop through all servers

 foreach($srv in $serverlist)
 {

 echo $srv.ServerName

 New-XAApplication -BrowserName "cmd on $srv" -ApplicationType "ServerInstalled" -DisplayName "cmd on $srv" -FolderPath "Applications/Published Apps/z_admin" -ClientFolder "Administration\cmd" -Enabled $true -CommandLineExecutable "C:\Windows\system32\cmd.exe" -WorkingDirectory "C:\Windows\system32" -AnonymousConnectionsAllowed $false -AddToClientStartMenu $false -InstanceLimit "-1" #-WindowType "1024×768" -ColorDepth "Colors256"

 Add-XAApplicationAccount -BrowserName "cmd on $srv" -Accounts "domain\USER1"
 Add-XAApplicationAccount -BrowserName "cmd on $srv" -Accounts "domain\USER2"
 Add-XAApplicationServer -BrowserName "cmd on $srv" -ServerNames $srv.ServerName

 }


By the way … if you made a mistake you can remove the created applications by the same foreach-loop with Remove-XAApplication:

 

$serverlist = Get-XAServer #Get all server from farm
#Mainprogram
# loop through all servers
foreach($srv in $serverlist)
 {
 
 echo $srv.ServerName
 Remove-XAApplication -BrowserName "cmd on $srv"
}

 

All scripts are provided AS IS without warranty of any kind.