Licensing: vSphere 5 Enterprise and 8 way VMs

In my experience, more and more customers are asking for multiway VMs with more than 4 vCPUs. For my company, an IT service provider, this is a little problematic as most of our licenses are vSphere Enterprise - not Enterprise Plus.

With vSphere 5, 8 way VMs are now possible both in the Standard edition and Enterprise edition. For up to 32 way VMs, the Enterprise Plus license is required.

See link for more info, page 6.

Read More

Only Some Applications open for only some users and others work fine...

We are having a strange issue. When trying to launch one of our published applicatio

ns from citrix on certian computers the connection will intialize but as soon as it goes to load the applciation, citrix disappears. This only happens on certian computers regardless of who is logged into them. We have tried deleting the microsoft store registry key as stated in other resolutions to this problem with no luck. What makes it even stranger is it only affects one of our applications that are published. All others work fine.

Our enviroment is Xen app 5 FP 3 with users connecting to WI 5 using the latest web citrix client.

The strange part is only some users are experiencing this issue with loading the application. Some users it works perfectly fine but on others you click and nothing loads up. The users affected can launch any other citrix program with no problems.

The path is correct and works when put into the run command.
Ans:

Please try the following:

1. If you are running a client lower than 12.1 test upgrading to 12.1 .

2. Disable antivirus on the workstatio ns


3. Look for commonalit ies for instance is this only happening to workstations that are running win7 and not XP or does this happen to workstations in a specific OU.

4. Verify on these workstations whether any info is being captured in the event logs for the client

5. Are all the apps that do not launch written in a specific language?

6. Although other Workstatio ns can connect what happens if you republish one of those apps?

Possible reasons could be:

When applications won’t launch in Citrix Xenapp or Presentation Server, you can get a multitude of error messages.  Most are guaranteed to tell you little to nothing about the actual cause of the issue.  Sometimes the app will appear to launch, and then nothing will happen.  Error codes can range from SSL Error codes 1-29, or more generic errors like “There is no Xenap server available”.   What can cause applications not to launch through the Citrix Web Interface?  Let’s take a look at a few possible causes…

Citrix Secure Gateway or Netscaler in the way? Maybe a firewall problem?

Does the problem exist only for external users coming in from the Internet, or does it also impact internal users?  You can usually test for this pretty well by installing the Citrix client directly on your web interface server.  If you can connect directly to the WI from itself and launch applications on itself, but you get errors when coming in from outside – chances are, you are dealing with a CSG or Netscaler issue.  Make sure that the CSG passes its internal diagnostic tests, and make sure the Netscaler has a valid route through to the Web Interface and each Xenapp server in the farm.  Make sure that the STA servers used on the Netscaler match exactly the STA servers specified on the Web Interface. Sometimes the network team can make a change to the inside facing firewall on the DMZ, and your users will suddenly experience the inability to launch applications via Citrix.  Remember that traffic must be able to pass on 1494 or 2598 (Depending on if you are using session reliability).

Licensing issues?

While Citrix does occasionally present valid licensing error messages during application launch, I’ve seen many cases where licensing problems caused error messages that don’t mention licensing at all.  In order to verify if you have a licensing problem, log into one of the Xenapp servers in question and drop to a command prompt.  Type “Qfarm /load” and look at the load on each server.  If a server is showing a load of “20000”, then it is experiencing a licensing problem.  Make sure that the license server is up, and licenses are showing in the console appropriately.  Occasionally you may have corrupt license files, and you’ll need to re-download them from MyCitrix along with a new startup license.  Take this opportunity to upgrade your license console to the latest version.

In addition to Citrix license issues, be sure you have enough licenses for terminal services or remote desktop services.  I’ve seen issues with these licenses that will causes Citrix apps to act like they are launching, but never open properly.

XML Errors?

If you are having problems with XML, chances are you’ll see some XML errors in the event viewer on either the Web Interface or the farm XML broker.  Make sure that the port you are using for XML is open between the Web Interface and the farm.  You can test this from the CLI by doing a “telnet <xmlbrokerserver> #”, using the server name and xml port # from your farm.  If it connects and gives you a blank black screen, then traffic is flowing properly.  If it hangs on a blinking cursor, then you should check your firewall settings.
If XML traffic is OK, your next step should be to re-register the XML service on the XML broker.  Use the command syntax below:
CTXXMLSS [switches] [/Rnnnn] [/Knnn] [/U] [/?]
Parameters:
/Rnnnn – Registers the service on port number nnnn
/Knnn – Keep-Alive nnn seconds (default 9).
/U – Unregisters the service.
/? (help) – Displays the syntax for the utility and information about the utilities options.

Corrupt Local Host Cache?

As with most Citrix issues, the local host cache is one of the usual suspects.  If an application won’t launch, you can recreate the local host cache quickly and safely as a first stab at the issue.  Use the command: “DSMaint recreatelhc” from the CLI on each Xenapp server in your farm.

Corrupt Published Apps?

This doesn’t seem to happen as often as it used to, but it can still come into play occasionally.  If you have ruled out other causes and you still can’t figure out why an app won’t launch – Try publishing it again from scratch in the DSC and seeing if the newly published icon works.  If it does, you can delete your old icon and point users to the new one.

Datastore Corruption?

You may want to check that the datastore isn’t showing any corruption.  Specifically I would recommend running the “DSCHECK /full applications” command to check the apps section of the database for errors.  Look for any verbage like “error”, “missing” or “not found” – and if you see that, run the same command again with the “/clean” switch appended to it.  Be sure to always back up your datastore before running this command, as it will make changes.

Load Balancer Issues?

Occasionally, applications won’t launch in a Citrix environment because of load balancer issues.  There could be issues where Citrix is “black holing” new users into a single server, overloading it, or problems where Citrix mishandles the load balancing completely.  The first step in troubleshooting a load issue is going to be using the “Qfarm /load” command.  If you notice any servers in the farm with a value of “10000” – that means they are at 100% load and can’t accept any new connections, typically. Once you know if load is being equally distributed throughout the farm, you can take action.  If you find that load is not being distributed correctly, check to make sure that your application is published to multiple servers and that it is in fact enabled.  If all other measures have failed, sometimes the Microsoft performance counters that Citrix relies on have been known to go corrupt and need to be rebuilt.

Is it limited to a specific server?

In a large Citrix farm environment, you won’t spend time looking at the load balancer or Netscaler device if you’ve been able to limit it to a specific server.  If you are sure it’s only one server in the environment, make sure that all of the Citrix services are started.  Sometimes it can be helpful to pull up the services console on the non-working server and compare it to a server that is working.  When you do a “Qfarm /load” command, does the problem server even report in?  If it’s missing from the Qfarm, then perhaps the IMA service is not started (See my other blog entry on why IMA won’t start).  If you exist all options, it may be necessary to restore the server from a snapshot (ideally), or run a Citrix repair from the install media.

Hotfix and Patch Level?

When all other options are exhausted, I’ve sometimes seen issues arise after Microsoft updates have run on a server, causing past Citrix patches or updates to get partially overwritten or corrupted.  I’ve seen cases where a client has been running fine on Roll-up 4 for years, and after we upgraded him to Roll-up 7, suddenly applications will launch again.  For these reasons, I’d always recommend checking that you are at current patch levels, and even consider reapplying a roll up pack on a test server as a last resort in such cases.  In cases where you suspect that a Microsoft update may have changed the fundamental way that Citrix and Windows Server communicate or work together, I’d recommend experimenting with rolling back a recent patch or update and judging the result.

References:
http://support.citrix.com/article/CTX711855

http://support.citrix.com/article/CTX104063

http://support.citrix.com/article/CTX112082

http://support.microsoft.com/kb/300956

http://citrixtechs.com/blog/?p=8

Read More

"The Supplied Credentials could not be validated.Either they are invalid or there is a problem with the authentication system. Try again or contact your help desk." Error in Citrix

When we try to access any applications with citrix web interface, we ll see the above error after providing our username and pwd. If yes, follow the below procedure. If still not working, readd the machine in which presentation server is installed to the same domain.
1. Use the Services Control Panel to stop the Citrix XML Service.

2. At the command prompt, type ctxxmlss /u to unload the Citrix XML Service from memory.

3. Type ctxxmlss /r8080. This forces the Citrix XML Service to use TCP/IP port 8080.

4. Restart the Citrix XML Service in the Control Panel.

After restart, open the Management Console for MetaFrame Presentation Server, go to your server’s Properties > MetaFrame Settings, and verify that the specified port is seen in the TCP/IP port of the Citrix XML Service section.

Read More

Zones Architecture & Design

Zones within Citrix infrastructures are logical segments within a Citrix farm. Every zone has a data collector (described in the next paragraph). Servers in a zone will communicate with his zone data collector where the data collectors of every zone will exchange information which each other about his zones.
When determine the needs for zones and the amount of zones used the following considerations:

• Available bandwidth

When there is limited bandwidth available the traffic between the servers within one zone can be too much for the network link. If this is the case it is a good idea to create zones to regulate the traffic of the Citrix infrastructure.

• Amount of changes in the Farm

Every change made in the farm is logically distributed to the Citrix server to reflect the changed settings. How more changes are made logically more traffic is generated between the Citrix servers. Together with the available bandwidth the amount of changes can be a reason to divide the farm into zones.

• Citrix advices a maximum of 25 zones

There is a limitation on the amount of zones. Citrix advises not to create more than 25 zones.

• Citrix Policy "Zone Preferences"

Within the enterprise edition there is a policy available that makes it possible to route users automatically to another (set of) server(s) if the Published Application is not available on the first group. This policy based on zones, so if you would like to use this policy zones are necessary.

• Load Sharing between servers

When using zones load sharing between servers can be arranged in two ways. There is a possibility to share the load over all servers despite if there are zones configured or the load is shared between servers in de zone only.  Using the first method the session of the user can be started on any server, while using the second methodology the users will be redirected to the server in the zone of the data collector, which handled his request.

• Each zone needs to have a Data Collector

Remember that each zone needs a data collector. Although every server can facilitate the role of data collector logically this role requires some resources available to carry out the tasks. Keep this in mind when determine the amount of servers to host the applications and check the considerations in the next paragraph about the data collector.

Best practices concerning the zones are using as less zone as possible, use zones only when low bandwidth connections are available between servers and/or if the zone preferences policy is necessary for your environment (for example when using a back-up/disaster site).


Data Collector Architecture & Design


The data collector is a role on a Citrix XenApp server which is collecting, maintaining and managing dynamic information about the farm and zone. The data collector also passes the user to the least busy server. Every Citrix XenApp server can be facilitating the server role, but of course some resources are needed for this role.
When creating the design the following topics should be considered.

• Dedicated Data Collector versus Non Dedicated Data Collector

Dependent on the size of the Citrix infrastructure (based on the amount of server, amount of users and logon/logoff activities) a decision should be made to use a dedicated server or a non dedicated server. A dedicated data collector is a server with Citrix XenApp installed, but the server is not hosting any Published Applications or Desktops. When using a Non Dedicated Data Collector think of using a different Load Evaluator with lower values. Also do not remember that data collector role should be assigned within the farm settings.

• Back-up Data Collector

When the primary data collector fails or is unavailable the Citrix farm will organize an election to select a new data collector. The election is primary based on settings about the data collector role, but also on the version of the software and (some) hot fixes. Again dependent the back-up data collector can be dedicated server or a shared server.

• Amount of Zones

As mentioned earlier in the zones part every zone has a data collector. When you have lots of zones you probably will choose for a non dedicated data collector in comparison with situations when there is/are just one or two zones.

Read More

SSL Certificate in Citrix

Install SSL Certificate

First follow the below process to install the certificate to your server. Then using citrix secure gateway console, we need to configure the new certificate.

Download and copy your certificate files to your server

 

Download your SSL certificate and support files by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. Download the PKCS#7 formatted version of your certificate.

1. Rename the file your_domain_com.p7b to your_domain_com.cer

Install the PKCS#7 Certificate File

1. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
2. Right-click the Web site for which you want to install the SSL certificate on and then click Properties. By default it will be Default Web Site, yours may be different.
   
   
3. Select the Directory Security tab and click Server Certificate in the Secure communications section.
4. Click Next in the Welcome to the Web Server Certificate Wizard window.
5. Select Process the pending request and install the certificate, Click Next.
6. Browse to locate the PKCS#7 file (your_domain_com.cer) when prompted to locate your web server certificate. Click Next.
7. Verify SSL Port 443 in the SSL Port dialog box.
8. Review the Certificate Summary screen and ensure that you are processing the correct certificate. ClickNext.
9. Click Finish to complete the IIS Certificate Wizard.
10. Again, Right-click on the site in IIS and click Properties.
11. Select the Web Site tab. In the Web Site Identification section make sure that your site has an IP address (or all unassigned) and that the SSL port is 443. Click OK.

Now install the certificate using secure gateway console in citrix using below process:

Assign the certificate to Citrix

1. From the Desktop, click Start > Programs
2. Select Citrix > Secure Gateway > Secure Gateway Service Configuration
3. Select Metaframe Server XP
4. Select OK
5. Select Typical for Configuration level and click Next
6. Select the certificate you want to assign from the certificate list
7. Click Next and complete the Wizard
8. Restart your Secure Gateway Service

Verify Installation

 To verify if your certificate is installed correctly, use our Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon  will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL

Read More

How to publish specific drives and folders because it is not recommended to publish EXPLORER.EXE directly.

The method of copying and renaming the EXPLORER.EXE to, for example, EXPLORER2.EXE is a widely used but not a suggested or supported method by the Citrix Development Team. When doing this, there might be other side effects like session hangs or slow sessions when launching several instances of the renamed EXPLORER2.EXE. These issues are the result of internal EXPLORER.EXE dependencies that cannot be resolved without rewriting large parts of the operating system kernel.
Instead, Citrix recommends you publish IEXPLORE.EXE, with the -e parameter, to provide the functionality of a published EXPLORER.EXE.

Procedure

Publish an application with a command line of:
<path to IEXPLORE.EXE>\IEXPLORE.EXE [–e <Initial drive/directory>|<URL>] (specify %windir% for the working directory).

Example:

“c:\Program Files\Internet Explorer\IEXPLORE.EXE" -e c:\

- Or -

“c:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.citrix.com
Note: Internet Explorer 7 and its later version have phased out several command line options for iexplore.exe. Obsolete as of Internet Explorer 7. - See Microsoft Development Network for more details: http://msdn.microsoft.com/en-us/library/ee330728(VS.85).aspx See CTX112195 – Error: Windows cannot find '(null)' ... when Launching Internet Explorer 7 in Explorer Mode  for other options.

Read More

Function of the Local Host Cache

Each XenApp server stores a subset of the data store in the Local Host Cache (LHC). The LHC performs two primary functions:

• Permits a server to function in the absence of a connection to the data store.
• Improves performance by caching information used by ICA Clients for enumeration and application resolution.
The LHC is an Access database, Imalhc.mdb, stored, by default, in the <ProgramFiles>\Citrix\Independent Management Architecture folder.
The following information is contained in the local host cache:
• All servers in the farm, and their basic information.
• All applications published within the farm and their properties.
• All Windows network domain trust relationships within the farm.


• All information specific to itself. (product code, SNMP settings, licensing information)
On the first startup of the member server, the LHC is populated with a subset of information from the data store. From then on, the IMA service is responsible for keeping the LHC synchronized with the data store. The IMA service performs this task through change notifications and periodic polling of the data store.
If the data store is unreachable, the LHC contains enough information about the farm to allow normal operations for an indefinite period of time, if necessary. However, no new static information can be published, or added to the farm, until the farm data store is reachable and operational again.

Note: Prior to Presentation Server 3.0, the LHC had a grace period of only 96 hours; this was due to farm licensing information being kept on the data store. Once the 96 hour grace period was up, the licensing subsystem would fail to verify licensing, and the server would stop accepting incoming connections.
Because the LHC holds a copy of the published applications and Windows domain trust relationships, ICA Client application enumeration requests can be resolved locally by the LHC. This provides a faster response to the ICA Client for application enumerations because the local server does not have to contact other member servers or the zone data collector. The member server must still contact the zone data collector for load management resolutions.
In some instances it can be necessary to either refresh or recreate the local host cache. The sections below describe these situations.

Refreshing the Local Host Cache

If the IMA service is currently running, but published applications do not appear correctly in ICA Client application browsing, force a manual refresh of the local host cache by executing dsmaint refreshlhcfrom a command prompt on the affected server. This action forces the local host cache to read all changes immediately from the data store.
A discrepancy in the local host cache occurs only if the IMA service on a server misses a change event and is not synchronized correctly with the data store.

Recreating the Local Host Cache
If the IMA service does not start, the cause may be a corrupt LHC.
If you have made extensive changes to the farm data store, such as publishing various applications, adding or removing servers from the farm, or creating new policies.
If you must clean the farm data store, using the DSCHECK utility, you should then rebuild the LHC on each of the servers in your farm, once the data store has been cleaned.

Steps to recreate the Local Host Cache

IMPORTANT: The data store server must be available for dsmaint recreatelhc to work. If the data store is not available, the IMA service cannot start.
1. Stop the IMA service on the XenApp server, if it is started. This can be done using the command: net stop imaservice, or from services.
2. Run dsmaint recreatelhc, which renames the existing LHC database, creates a new database, and modifies the following registry key HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\Runtime\PSRequired key to 1. Setting the value PSRequired to 1 forces the server to establish communication with the data store in order to populate the Local Host Cache database. When the IMA service is restarted, the LHC is recreated with the current data from the data store.
3. Restart the IMA service. This can be done via the command line, net start imaservice, or from services.
Note: For XenApp 6 or later the registry key path is HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\IMA\ RUNTIME\PSRequired to 1.
There is also an available built-in utility to check the Local Host Cache called LHCTestACLsUtil.exe file located in C:\Program Files (x86)\Citrix\System32 of the XenApp server. To run this utility, you must have local administrator privileges.

Read More