MFCOM Service

In our Citrix Enviornment, we have two servers(for example). Both the servers will be up and running fine but one of the server's status in citrix access management console will be Unavailable, whereas the server will be up and running. Now if we check the services.msc in second server(which one is showing as unavailable in citrix access management console), citrix MFCom Service status will be starting.. This is the problem.

Now follow the below steps:
Start Task Manager
kill mfcom32(or mfcom) process

Go to Services
Take Citrix MFCOM service to MANUAL

Open CMD and run followings:
dsmaint recreatelhc
dsmaint recreaterade

Go to Services
Start Citrix IMA Service

Open "Citrix Delivery Console" and check if it's ok or else manually start MFCOM service.
Wait until Citrix MFCOM starts (it will go to stopping status and will start but it takes time, after it does take it to Automatic)

Reboot the server

If you still face the issue, follow the below process:

IMA and MFCOM services are unresponsive during the Starting state due to data store corruption.

Cause

This issue occurs when there is a corrupt data store. Database corruption can be from a hard reboot of the XenApp server with an open connection to the data store.

Resolution

Verifying the Issue
To analyze the issue, you must verify the following:

1. Verify in the event log if the IMA or MFCOM service is unresponsive(hanging), as shown in the following screen shot:

2. You notice that the services, which are in the Starting state, are in an unresponsive state.

3. You can also verify it by opening the registry and navigating to HKLM>SOFTWARE>Wow6432Node>Citrix>IMA>RUNTIME and observe the CurrentlyLoadingPlugin key. If no details are displayed, then it might be a datastore corruption, or a service issue.

Note: An admin can verify if the database is corrupt.

Verifying for Data Store Corruption

To verify if it is a data store corruption and resolve it, complete the following procedure:

1. An admin can typically verify a data store corruption by completing the following tasks:
   - Running the dsmaint recreatelhc from the command prompt
   - Starting the service
   If you still experience issues, you must check for corruption in the datastore.



2. Create a new database and point the server in question to a new farm using the new database. If the server does not change the farm, you might have to check the data store integrity.


3. Run dscheck to get more details such as, where the corruption occurs. Refer to the Knowledge Center article CTX124406 – DSCHECK - XenApp Data Store Checker Tool Commands for more information about running dscheck command.
   
   In the following sample, you can observe that the dscheck /full servers was run and stopped prematurely at server Prod4. You can also observe that the following server after Prod4 is Prod6. In this example, you can notice that Prod6 has been powered down in the event viewer manually, potentially still having an open connection to the datastore, causing the corruption when it was rebooted. The Local Host Cache might have updated with the corrupt information. Therefore, the grace period of the IMA service is not activated because the system can still partially read the LHC file.

4. After restoring the datastore from a back up , run the dscheck /full servers once again. You can notice from the output that Server Prod6 is now displayed. This server had caused the corruption.

The IMA and MFCOM services are in Started state on all the servers.

Read More

Licensing: vSphere 5 Enterprise and 8 way VMs

In my experience, more and more customers are asking for multiway VMs with more than 4 vCPUs. For my company, an IT service provider, this is a little problematic as most of our licenses are vSphere Enterprise - not Enterprise Plus.

With vSphere 5, 8 way VMs are now possible both in the Standard edition and Enterprise edition. For up to 32 way VMs, the Enterprise Plus license is required.

See link for more info, page 6.

Read More

Only Some Applications open for only some users and others work fine...

We are having a strange issue. When trying to launch one of our published applicatio

ns from citrix on certian computers the connection will intialize but as soon as it goes to load the applciation, citrix disappears. This only happens on certian computers regardless of who is logged into them. We have tried deleting the microsoft store registry key as stated in other resolutions to this problem with no luck. What makes it even stranger is it only affects one of our applications that are published. All others work fine.

Our enviroment is Xen app 5 FP 3 with users connecting to WI 5 using the latest web citrix client.

The strange part is only some users are experiencing this issue with loading the application. Some users it works perfectly fine but on others you click and nothing loads up. The users affected can launch any other citrix program with no problems.

The path is correct and works when put into the run command.
Ans:

Please try the following:

1. If you are running a client lower than 12.1 test upgrading to 12.1 .

2. Disable antivirus on the workstatio ns


3. Look for commonalit ies for instance is this only happening to workstations that are running win7 and not XP or does this happen to workstations in a specific OU.

4. Verify on these workstations whether any info is being captured in the event logs for the client

5. Are all the apps that do not launch written in a specific language?

6. Although other Workstatio ns can connect what happens if you republish one of those apps?

Possible reasons could be:

When applications won’t launch in Citrix Xenapp or Presentation Server, you can get a multitude of error messages.  Most are guaranteed to tell you little to nothing about the actual cause of the issue.  Sometimes the app will appear to launch, and then nothing will happen.  Error codes can range from SSL Error codes 1-29, or more generic errors like “There is no Xenap server available”.   What can cause applications not to launch through the Citrix Web Interface?  Let’s take a look at a few possible causes…

Citrix Secure Gateway or Netscaler in the way? Maybe a firewall problem?

Does the problem exist only for external users coming in from the Internet, or does it also impact internal users?  You can usually test for this pretty well by installing the Citrix client directly on your web interface server.  If you can connect directly to the WI from itself and launch applications on itself, but you get errors when coming in from outside – chances are, you are dealing with a CSG or Netscaler issue.  Make sure that the CSG passes its internal diagnostic tests, and make sure the Netscaler has a valid route through to the Web Interface and each Xenapp server in the farm.  Make sure that the STA servers used on the Netscaler match exactly the STA servers specified on the Web Interface. Sometimes the network team can make a change to the inside facing firewall on the DMZ, and your users will suddenly experience the inability to launch applications via Citrix.  Remember that traffic must be able to pass on 1494 or 2598 (Depending on if you are using session reliability).

Licensing issues?

While Citrix does occasionally present valid licensing error messages during application launch, I’ve seen many cases where licensing problems caused error messages that don’t mention licensing at all.  In order to verify if you have a licensing problem, log into one of the Xenapp servers in question and drop to a command prompt.  Type “Qfarm /load” and look at the load on each server.  If a server is showing a load of “20000”, then it is experiencing a licensing problem.  Make sure that the license server is up, and licenses are showing in the console appropriately.  Occasionally you may have corrupt license files, and you’ll need to re-download them from MyCitrix along with a new startup license.  Take this opportunity to upgrade your license console to the latest version.

In addition to Citrix license issues, be sure you have enough licenses for terminal services or remote desktop services.  I’ve seen issues with these licenses that will causes Citrix apps to act like they are launching, but never open properly.

XML Errors?

If you are having problems with XML, chances are you’ll see some XML errors in the event viewer on either the Web Interface or the farm XML broker.  Make sure that the port you are using for XML is open between the Web Interface and the farm.  You can test this from the CLI by doing a “telnet <xmlbrokerserver> #”, using the server name and xml port # from your farm.  If it connects and gives you a blank black screen, then traffic is flowing properly.  If it hangs on a blinking cursor, then you should check your firewall settings.
If XML traffic is OK, your next step should be to re-register the XML service on the XML broker.  Use the command syntax below:
CTXXMLSS [switches] [/Rnnnn] [/Knnn] [/U] [/?]
Parameters:
/Rnnnn – Registers the service on port number nnnn
/Knnn – Keep-Alive nnn seconds (default 9).
/U – Unregisters the service.
/? (help) – Displays the syntax for the utility and information about the utilities options.

Corrupt Local Host Cache?

As with most Citrix issues, the local host cache is one of the usual suspects.  If an application won’t launch, you can recreate the local host cache quickly and safely as a first stab at the issue.  Use the command: “DSMaint recreatelhc” from the CLI on each Xenapp server in your farm.

Corrupt Published Apps?

This doesn’t seem to happen as often as it used to, but it can still come into play occasionally.  If you have ruled out other causes and you still can’t figure out why an app won’t launch – Try publishing it again from scratch in the DSC and seeing if the newly published icon works.  If it does, you can delete your old icon and point users to the new one.

Datastore Corruption?

You may want to check that the datastore isn’t showing any corruption.  Specifically I would recommend running the “DSCHECK /full applications” command to check the apps section of the database for errors.  Look for any verbage like “error”, “missing” or “not found” – and if you see that, run the same command again with the “/clean” switch appended to it.  Be sure to always back up your datastore before running this command, as it will make changes.

Load Balancer Issues?

Occasionally, applications won’t launch in a Citrix environment because of load balancer issues.  There could be issues where Citrix is “black holing” new users into a single server, overloading it, or problems where Citrix mishandles the load balancing completely.  The first step in troubleshooting a load issue is going to be using the “Qfarm /load” command.  If you notice any servers in the farm with a value of “10000” – that means they are at 100% load and can’t accept any new connections, typically. Once you know if load is being equally distributed throughout the farm, you can take action.  If you find that load is not being distributed correctly, check to make sure that your application is published to multiple servers and that it is in fact enabled.  If all other measures have failed, sometimes the Microsoft performance counters that Citrix relies on have been known to go corrupt and need to be rebuilt.

Is it limited to a specific server?

In a large Citrix farm environment, you won’t spend time looking at the load balancer or Netscaler device if you’ve been able to limit it to a specific server.  If you are sure it’s only one server in the environment, make sure that all of the Citrix services are started.  Sometimes it can be helpful to pull up the services console on the non-working server and compare it to a server that is working.  When you do a “Qfarm /load” command, does the problem server even report in?  If it’s missing from the Qfarm, then perhaps the IMA service is not started (See my other blog entry on why IMA won’t start).  If you exist all options, it may be necessary to restore the server from a snapshot (ideally), or run a Citrix repair from the install media.

Hotfix and Patch Level?

When all other options are exhausted, I’ve sometimes seen issues arise after Microsoft updates have run on a server, causing past Citrix patches or updates to get partially overwritten or corrupted.  I’ve seen cases where a client has been running fine on Roll-up 4 for years, and after we upgraded him to Roll-up 7, suddenly applications will launch again.  For these reasons, I’d always recommend checking that you are at current patch levels, and even consider reapplying a roll up pack on a test server as a last resort in such cases.  In cases where you suspect that a Microsoft update may have changed the fundamental way that Citrix and Windows Server communicate or work together, I’d recommend experimenting with rolling back a recent patch or update and judging the result.

References:
http://support.citrix.com/article/CTX711855

http://support.citrix.com/article/CTX104063

http://support.citrix.com/article/CTX112082

http://support.microsoft.com/kb/300956

http://citrixtechs.com/blog/?p=8

Read More

"The Supplied Credentials could not be validated.Either they are invalid or there is a problem with the authentication system. Try again or contact your help desk." Error in Citrix

When we try to access any applications with citrix web interface, we ll see the above error after providing our username and pwd. If yes, follow the below procedure. If still not working, readd the machine in which presentation server is installed to the same domain.
1. Use the Services Control Panel to stop the Citrix XML Service.

2. At the command prompt, type ctxxmlss /u to unload the Citrix XML Service from memory.

3. Type ctxxmlss /r8080. This forces the Citrix XML Service to use TCP/IP port 8080.

4. Restart the Citrix XML Service in the Control Panel.

After restart, open the Management Console for MetaFrame Presentation Server, go to your server’s Properties > MetaFrame Settings, and verify that the specified port is seen in the TCP/IP port of the Citrix XML Service section.

Read More

Zones Architecture & Design

Zones within Citrix infrastructures are logical segments within a Citrix farm. Every zone has a data collector (described in the next paragraph). Servers in a zone will communicate with his zone data collector where the data collectors of every zone will exchange information which each other about his zones.
When determine the needs for zones and the amount of zones used the following considerations:

• Available bandwidth

When there is limited bandwidth available the traffic between the servers within one zone can be too much for the network link. If this is the case it is a good idea to create zones to regulate the traffic of the Citrix infrastructure.

• Amount of changes in the Farm

Every change made in the farm is logically distributed to the Citrix server to reflect the changed settings. How more changes are made logically more traffic is generated between the Citrix servers. Together with the available bandwidth the amount of changes can be a reason to divide the farm into zones.

• Citrix advices a maximum of 25 zones

There is a limitation on the amount of zones. Citrix advises not to create more than 25 zones.

• Citrix Policy "Zone Preferences"

Within the enterprise edition there is a policy available that makes it possible to route users automatically to another (set of) server(s) if the Published Application is not available on the first group. This policy based on zones, so if you would like to use this policy zones are necessary.

• Load Sharing between servers

When using zones load sharing between servers can be arranged in two ways. There is a possibility to share the load over all servers despite if there are zones configured or the load is shared between servers in de zone only.  Using the first method the session of the user can be started on any server, while using the second methodology the users will be redirected to the server in the zone of the data collector, which handled his request.

• Each zone needs to have a Data Collector

Remember that each zone needs a data collector. Although every server can facilitate the role of data collector logically this role requires some resources available to carry out the tasks. Keep this in mind when determine the amount of servers to host the applications and check the considerations in the next paragraph about the data collector.

Best practices concerning the zones are using as less zone as possible, use zones only when low bandwidth connections are available between servers and/or if the zone preferences policy is necessary for your environment (for example when using a back-up/disaster site).


Data Collector Architecture & Design


The data collector is a role on a Citrix XenApp server which is collecting, maintaining and managing dynamic information about the farm and zone. The data collector also passes the user to the least busy server. Every Citrix XenApp server can be facilitating the server role, but of course some resources are needed for this role.
When creating the design the following topics should be considered.

• Dedicated Data Collector versus Non Dedicated Data Collector

Dependent on the size of the Citrix infrastructure (based on the amount of server, amount of users and logon/logoff activities) a decision should be made to use a dedicated server or a non dedicated server. A dedicated data collector is a server with Citrix XenApp installed, but the server is not hosting any Published Applications or Desktops. When using a Non Dedicated Data Collector think of using a different Load Evaluator with lower values. Also do not remember that data collector role should be assigned within the farm settings.

• Back-up Data Collector

When the primary data collector fails or is unavailable the Citrix farm will organize an election to select a new data collector. The election is primary based on settings about the data collector role, but also on the version of the software and (some) hot fixes. Again dependent the back-up data collector can be dedicated server or a shared server.

• Amount of Zones

As mentioned earlier in the zones part every zone has a data collector. When you have lots of zones you probably will choose for a non dedicated data collector in comparison with situations when there is/are just one or two zones.

Read More

SSL Certificate in Citrix

Install SSL Certificate

First follow the below process to install the certificate to your server. Then using citrix secure gateway console, we need to configure the new certificate.

Download and copy your certificate files to your server

 

Download your SSL certificate and support files by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. Download the PKCS#7 formatted version of your certificate.

1. Rename the file your_domain_com.p7b to your_domain_com.cer

Install the PKCS#7 Certificate File

1. In IIS Manager, double-click the local computer, and then double-click the Web Sites folder.
2. Right-click the Web site for which you want to install the SSL certificate on and then click Properties. By default it will be Default Web Site, yours may be different.
   
   
3. Select the Directory Security tab and click Server Certificate in the Secure communications section.
4. Click Next in the Welcome to the Web Server Certificate Wizard window.
5. Select Process the pending request and install the certificate, Click Next.
6. Browse to locate the PKCS#7 file (your_domain_com.cer) when prompted to locate your web server certificate. Click Next.
7. Verify SSL Port 443 in the SSL Port dialog box.
8. Review the Certificate Summary screen and ensure that you are processing the correct certificate. ClickNext.
9. Click Finish to complete the IIS Certificate Wizard.
10. Again, Right-click on the site in IIS and click Properties.
11. Select the Web Site tab. In the Web Site Identification section make sure that your site has an IP address (or all unassigned) and that the SSL port is 443. Click OK.

Now install the certificate using secure gateway console in citrix using below process:

Assign the certificate to Citrix

1. From the Desktop, click Start > Programs
2. Select Citrix > Secure Gateway > Secure Gateway Service Configuration
3. Select Metaframe Server XP
4. Select OK
5. Select Typical for Configuration level and click Next
6. Select the certificate you want to assign from the certificate list
7. Click Next and complete the Wizard
8. Restart your Secure Gateway Service

Verify Installation

 To verify if your certificate is installed correctly, use our Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon  will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL

Read More

How to publish specific drives and folders because it is not recommended to publish EXPLORER.EXE directly.

The method of copying and renaming the EXPLORER.EXE to, for example, EXPLORER2.EXE is a widely used but not a suggested or supported method by the Citrix Development Team. When doing this, there might be other side effects like session hangs or slow sessions when launching several instances of the renamed EXPLORER2.EXE. These issues are the result of internal EXPLORER.EXE dependencies that cannot be resolved without rewriting large parts of the operating system kernel.
Instead, Citrix recommends you publish IEXPLORE.EXE, with the -e parameter, to provide the functionality of a published EXPLORER.EXE.

Procedure

Publish an application with a command line of:
<path to IEXPLORE.EXE>\IEXPLORE.EXE [–e <Initial drive/directory>|<URL>] (specify %windir% for the working directory).

Example:

“c:\Program Files\Internet Explorer\IEXPLORE.EXE" -e c:\

- Or -

“c:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.citrix.com
Note: Internet Explorer 7 and its later version have phased out several command line options for iexplore.exe. Obsolete as of Internet Explorer 7. - See Microsoft Development Network for more details: http://msdn.microsoft.com/en-us/library/ee330728(VS.85).aspx See CTX112195 – Error: Windows cannot find '(null)' ... when Launching Internet Explorer 7 in Explorer Mode  for other options.

Read More