Configuring Citrix Storefront Domain Pass-through with Receiver for Windows

I would like to discus the procedure for configuring and implementing Domain Pass-through with Citrix Storefront and Citrix Receiver.

First things first, let’s get a receiver installed on a test machine.

****Note, this machine and all subsequent machines must be a member of the domain that your storefront server is currently attached to in order for the pass-through to work.

Download the Citrix receiver Here

Once downloaded find the path of your download location.  Now, we will need to install the receiver with the single sign on switch as follows:

This will install the receiver, enable and start the single sign-on service on that machine.  After your installation is completed and the machine is rebooted,  log back in to your workstation and double-check to make sure the ssonsvr.exe service was installed and is currently running under services.

Once you have confirmed.  Lets move over to your Storefront server.

Launch the Storefront administration console from the storefront server and on the left side of the console, click on Authentication.

Once authentication is selected move over to the right side of the console screen and under actions > authentication, click on add/remove Methods.

After clicking on Add/Remove Methods, a dialog box should appear with options to select what methods you would like to enable in Storefront.  The second option from the top is, “Domain pass-through”, click on the check box next to that option and click OK.  This will enable Storefront to take the credentials from the ssonsvr service on your workstation and pass them through Storefront and enumerate the app list without authenticating twice.

Depending on your Citrix infrastructure, you might need to propagate the changes to the other Storefront servers in your Server Group.  If you have more than one Storefront server and you do not propagate changes, you might see mixed results in your testing.

To do this, click on “Server Group” on the right side of the console and then on the left side under actions, click on “Propagate Changes”.    This action will replicate all the changes you just made to your authentication policies over to the other Storefront servers in your Server Group.

Now that you have all the configuration pieces in play, reboot the workstation you installed the receiver to and log back in.  Once logged in your should be able to right-click on the receiver and click open.  Receiver will now prompt you for your Storefront FQDN or email address if you have email based discovery enabled.  At this point your application list should enumerate without prompting for credentials. This also goes for the Web portal. Test both to make sure they are passing those credentials through appropriately.

********If your credentials still do not pass through, below are a few troubleshooting steps you can take.  Of course this all depends on how your environment is set up and what access you have to modify certain components in your windows infrastructure.

Modifying local Policy to enable pass-through on the workstation

Apply the icaclient.adm template located in C:\Program Files\Citrix\ICA Client\Configuration to the client device through Local or Domain Group Policy.

Once the adm template is imported, Navigate to Computer Configuration\Administrative Templates\Classic Administrative Templates\Citrix Components\Citrix Receiver\User authentication\, then double-click on the “Local user name and password” setting.

The following box should appear and make sure to select both “Enable pass-through authentication” and “Allow pass-through authentication for all ICA connections”.

Adding Trusted Sites in your browser

On the same workstation you are testing the pass-through.  Open IE and navigate to Tools > Internet Options.  Click on Trusted Sites and add your Storefront FQDN (the same address you entered into the receiver when you set it up.

Also, it wouldn’t hurt to configure pass through in IE.  In The Internet Options Security tab with Trust Sites selected, choose Custom level, security zone. Scroll to the bottom of the list and select Automatic logon with current user name and password.

Configure the NIC provider order

On the workstation you installed the receiver, launch control panel and click on Network Connections, choose Advanced > Advanced Settings > Provider Order tab and move the Citrix Single Sign-on entry to the top of the Network Providers list.

If you are still having problems with the receiver not passing the credentials, leave a comment with your specific issue.

References:

https://www.citrix.com/downloads/citrix-receiver.html

http://support.citrix.com/article/CTX200157

 

 

Kevin B. Ottomeyer @OttoKnowsBest

 

 

 

 

Citrix Access via Chrome is Broken

Purpose:
This post explains Google Chrome functionality that can negatively impact the access to any Citrix environment.

Symptom:
After clicking on a published application or desktop icon in StoreFront using Chrome–nothing happens.

or

After logging on to StoreFront using Chrome, it never thinks Citrix Receiver is installed and offers it to me to download before I get to see my icons.

or

You have a warning to, “Unblock the Citrix plug-in.”

Resolution:
1) Re-enable the plugin using CTX137141.  This workaround will end in November 2015 when Google permanently disables NPAPI.
2) Customize StoreFront to remove the prompt to download Receiver with customized code.
3) Customize StoreFront with a link to download Receiver with customized code.
4) Enable a user setting to always open .ica files using CTX136578.
5) Use another browser not affected by the Chrome changes.

Cause:
Back in November 2014, Google announced it would remove NPAPI support from Chrome.  They are making this change to “improve security, speed, and stability” of the browser.   In April 2105, they will change Chrome’s default settings to disable NPAPI before removing it entirely in September of 2015.

What does this mean for my Citrix users who use Chrome?

Receiver detection.  The NPAPI plugin that Receiver (Windows and Mac) installs allows Receiver for Web (aka StoreFront) to detect if Citrix Receiver is or is not installed.  Without this plugin, it assumes you do not have Receiver and will offer it for you to download and install.  As an aside, you may have noticed that Internet Explorer has an ActiveX control that does the same thing.  If your user does not have Receiver then they can not launch their Citrix application or desktop, so this is a good thing. If your user is already running Receiver but gets offered the Receiver download this will be confusing and could potentially be a bad thing.

Launching applications and desktops.   Let me explain what should happen when you click on the icon for, say, Outlook 2010 in StoreFront (aka Receiver for Web).  StoreFront will talk to a delivery controller to figure out what machine is hosting Outlook 2010 and has the lowest load.  StoreFront will then offer you a .ica file to download.  If you have the plugin, Windows will know that this is a configuration file that should be opened by Receiver.  Receiver will then connect you to your application.  This all happens quickly and seamless making it seem like Outlook 2010 launches immediately.

Without the plugin, you will download an .ica file but Outlook 2010 will not open until you click it.  Chrome does have the option (the arrow on the downloaded file) to “Always open files of this type” as shown in CTX136578.

References:
http://blogs.citrix.com/2015/03/09/preparing-for-npapi-being-disabled-by-google-chrome/
http://blog.chromium.org/2014/11/the-final-countdown-for-npapi.html
http://support.citrix.com/article/CTX141137
http://support.citrix.com/article/CTX136578

Brian Olsen @sagelikebrian

Citrix Summit 2015

Citrix Summit is an annual conference where partners gather to hear the latest technical and sales information.  This year it was held in exciting Las Vegas at the sprawling Venetian conference center.  Coverage of Summit is always tricky because, while it is a partner only event and mostly covered by NDA, there are aspects that are already public.  This article will strive to keep the balance and leave what happened in Vegas–well, safely behind in Vegas.

This year Lewan sent four engineers to take part in the festivities. We came back with our heads full of announcements, product updates, and experience with what is coming next.  It is going to be an exciting year for Citrix customers.

The Annoucements

Mark Templeton is back at the helm as CEO.  This is excellent news as the 20 year veteran of Citrix is beloved by both employees and the industry.

Citrix acquires Sanbolic.  Sanbolic allows customer deployments to be geo-distributed across multiple locations and to scale in a linear and predictable manner.  We will have to wait and see what this means for Citrix’s product portfolio.

WorkspacePod Powered by HP is announced.  The solution is integrated Citrix infrastructure software with HP’s Moonshot platform.  HP considers this integrated compute, storage, networking, plus GPU to be the next step beyond hyper-converged infrastructure and they have labeled it ultra-converged.  Time will tell if this moniker will be adopted by the industry.  A tech preview is expected to be available Q1 of this year.

Product Updates

Workspace Cloud is announced.  Formerly Workspace Services, Workspace Cloud is a revolutionary new way to deliver Windows and mobile apps, data, and desktops.  I say revolutionary because it is clearly a new way of thinking.  I had several discussions over the week with some people hesitant on how this would incorporate in their environment and others who cannot wait for it to be released.  This is by no means a desktop as a service (DaaS) play.  Citrix is very specific with the choice of the word workspace.  To quote Mark T, “the desktop is to the PC-era as Workspace is to the Cloud-era“.

XenMobile 10 is announced.  XenMobile 10 represents a big step forward for the product in areas like security (FIPS 140.2) and flexibility. Users get updated Worx apps and a new self service portal for tracking, locking, and wiping lost or stolen devices.  Our hands-on experience makes us believe the people most excited about this release should be the administrators as significant steps have been made to make this product easier to deploy and use.

XenServer 6.5 is announced.  Major improvements have been made to the hypervisor in the areas of performance.  The new 64-bit kernel architecture has resulted in dramatic improvements in networking and storage performance.  I do not have the numbers in front of me but I remember my jaw dropping in the keynote because some of them had triple digit percentage improvements.  The timing could not be better with the uptick in XenServer deployments in 2014 due to industry leading support of NVIDIA GRID vGPU technology.

Improvements to XenApp and XenDesktop are coming.  Citrix is hard at work improving their flagship products.  Enhancements are coming to Microsoft Lync optimization and session recording will be added to Director.  If the last one sounds a lot like SmartAuditor, it is because I believe it will be replacing that functionality.

XenApp and XenDesktop technology previews are coming.  DesktopPlayer for Windows will be a welcome addition for offline virtual desktop and BYO Windows users.  Linux fans rejoice, a virtual desktop agent is coming.  The most exciting thing I witnessed (at the conference 😉 ) was the integration of Framehawk into Citrix’s already amazing HDX protocol.  Framehawk is the special sauce that overcomes very challenging network conditions like high latency (often seen in cellular) or packet loss (often seen in poor Wi-Fi).  Check out the pre-Citrix acquisition video from a few years ago below to see why I am excited.

The demo lab is already being prepared to make room for all of this awesome tech.  All of these updates are bound to set the stage for an exciting week in Orlando at Citrix Synergy in May.  For more information, do not hesitate to contact us.

Brian Olsen @sagelikebrian

Citrix is all new in June

If you’ve been paying attention to Twitter lately, you’ve probably noticed that there have been a lot of new announcements and releases from Citrix over the past 7 days.   So many in fact it can be difficult to keep straight exactly what is going on.  I’m going to try to clear up some of the murk and hopefully help you understand how these announcements are going to impact your plans for the near future. I’ll try to detail each of the announcements and product updates and what’s new with them.

XenDesktop 7: This is Citrix’s flagship VDI product, which competes head to head with VMware’s Horizon View.   Hopefully most Citrix customers are also aware that most of the license editions for XenDesktop also include rights to Citrix XenApp (also knows as Presentation Server or MetaFrame).  Despite the bundling, XenApp and XenDesktop have always been two distict products with separate infrastructures and management frameworks.  XenDesktop 7 changes all that.  With the v7 release XenDesktop now fully encompasses all the functionality for application and desktop publishing from both server OS (XenApp/RDS – aka Hosted Shared) as well as desktop OS (XenDestkop/VDI – aka Hosted).  This means that from a single console you can configure desktops and apps published from Windows XP, 7, 8, Server 2008R2 and Server 2012.  Yes, I said desktops and apps!  Actually XenDesktop has had the ability to do “VM Hosted Apps” for a while but it was infrequently used; that capability is now core functionality and delivers the “seamless” published apps from both destkop and server environments.

Did I mention this is all in a single console?  Well, actually there are two consoles – the management/configuration interface which is now named “Studio” and a helpdesk and monitoring interface named “Director”.  XenDesktop admins will be familiar with both of these.  By the way, Director now has the ability to mine Edgesight data to provide historical information about users, apps, sessions, and hosts.

With the merger there is now a 4th edition of XenDesktop – now giving us Platinum, Enterprise, VDI, and Apps.  The Apps edition will map to the functionality which was previously provided by XenApp.

XenDesktop 7 also brings a host of new features and functionality including the H.264 supercodec, reverse seamless applications, and App DNA integration.  RemotePC is now configured from within the Studio console.   One of the more interesting capabilities is that you can now use MCS to manage your published app server farms which will greatly simplify single image management for smaller environments. Check out this blog for more details and a link to the Citrix TV session detailing the new features.

XenDesktop 7 brings with it a host of other updates:

• StoreFront 1.2 -> StoreFront 2.0
• Web Interface 5.4 -> StoreFront 2.0 (StoreFront is now required)
• Provisioning Services 6.1 -> Provisioning Services 7.0
• XenServer 6.1 -> XenServer 6.2
• Receiver 3.4 -> 4.0  (and new receivers for iOS, Android, and OSX too)

It’s a pretty safe bet that if you use XenDesktop or XenApp you’ve got some new code in your future.

XenApp 6.5 Feature Pack 2: Much less hubbub about 6.5 FP2, but very noteworthy that in this same timeframe Citirx has chosen to issue an update to the existing XenApp product which offers many of the end-user benefits associated with XenDesktop 7.  This appears to be a recognition on Citrix’s part that customers probably will not migrate off of XenApp 6.5 in any great hurry, and this update removes much of the need.  XenApp 6.5 was originally released in August of 2011 and is widely deployed.  Details of the new features can be found here.

Cloudgateway is now XenMobile Apps: So if you’re looking for an updated App Controller, you need to look in a new place.  This heralds future integration between the XenMobile MDM solution and Citrix’s Web/SaaS/Mobile Application management.  We also saw a new release of XenMobile MDM 8.5 on June 28.

ShareFile Storage Center and Connectors are now Storage Controller 2.0: This brings the integration of the on-prem storage options for ShareFile all into one product, reducing the number of servers needed to connect to local storage zones, CIFS shares, and SharePoint.  It also provides read/write access to SharePoint sites!

XenServer 6.2: The latest release of Citrix’s XenServer hypervisor is more incremetnal and has not received much fanfare, with the largest announcement being that the product is now fully open source.  More details on the future strategy and new features can be found here.

NetScaler 10.1: It seems like this release has been kept fairly quiet, however the new HDX Insight reporting feature will offer great value to shops using NetScaler for its Access Gateway Enterprise Edition features.  Want to know how much data user sessions are moving?  Look no further!

VDI in a Box: Even VDI in a Box got an update, now at version 5.3. ViaB gets updates to support better 3D graphics. newer hypervisors, the H.264 supercodec, Windows 8 and Personal vDisk.  More info can be found here.

So June has been a huge month for Citirx with updates across nearly the entire product portfolio.  If you have or use Citrix products these changes will affect you.  If you need help or just want more information reach out to your Lewan Account Executive.  We’re here to help.

Gaining user acceptance for your desktop virtualization project

So proud of Lewan’s own Kenneth Fingerlos who will be speaking next week at Citrix Synergy. A link to his session overview is available on the Citrix Blog: Gaining user acceptance for your desktop virtualization project | Citrix Blogs. Well done, Kenneth! Read his post to the Citrix Blog below:

Gaining user acceptance for your desktop virtualization project
By Kenneth Fingerlos

With the IT press being dominated with articles on the pitfalls of BYO, MDM, MAM, mobile data and cloud-based services it’s clear that enterprise IT and end-users are thinking about different things. When we look at the OS on our compute devices it’s clear that more and more end-user concerns are driving the decisions which go into the design of the devices.

When IT takes on desktop virtualization we focus on costs, security and efficiency. We assess our users to help us determine what is needed for them to do their jobs. With that knowledge we optimize our designs to minimize costs and provide just what every user needs. We focus on single image management and questions of if MCS or PVS might be a better way to deliver our unified images. Do we need a 3rd party personalization manager or can we make due to with roaming profiles or perhaps we can drop personalization all together.

Meanwhile our users are purchasing iPads and Androids at an alarming rate.

It’s common for IT to focus on securing our borders, centralizing our data and developing the most efficient infrastructures we can. It is after all what good IT people are trained to. We read the design guides and perform our Assess Design Deploy process faithfully. We know who our user groups are and what applications they need. We’ve created pristine template images, with all of our corporate graphics and the approved list of applications pre-installed. In short, our design is textbook perfect we’ve addressed all of IT’s project goals and we’re ready to begin roll-out.

Why then do our users balk at adopting virtualized desktops? Often stalling or delaying projects indefinitely?

Often when projects reach the user testing phase we find that users are reluctant and frequently actively resistant to adopting new virtualized desktops. When presented with the new “IT Optimized” desktop paradigm our users blatantly refuse to use it. And the project stalls.

Let’s explore why users are resistant, and what we (IT) can do to help ease them into a new model. We’ll talk about easy use cases and end user wins. We’ll talk about marketing desktop virtualization to our users. We’ll talk about some not-so-easy scenarios that we may want to put off and tackle after the project has some steam and victories on the record. We’ll talk about gold images, RemotePC, personal vDisk, personalization and dedicated desktops. But most importantly we’re going to talk about what users are looking for and how we bring them on-board with the project.

Come join me Friday, May 24th in SYN216: Gaining user acceptance for your desktop virtualization project at Synergy Los Angeles to talk about these issues and learn how to not only drive user adoption but to convert your users into your project’s largest promoters.

Kenneth Fingerlos has been working in IT since 1996 in various roles including systems admin, IT manager and IT consultant with a focus on all aspects of datacenter and end-user computing. Kenneth currently holds certifications from VMware and Citrix and works as a systems architect with Citrix Platinum partner Lewan & Associates. Twitter: @Kfingerlos

Lewan Synergy of the Rockies

Our Lewan Synergy of the Rockies event was yesterday, here are some highlights and links from the event.

Citrix Support – Premier Support calculator citrix.com/pscalculator. AutoSupport released for automated diagnosis of issues http://support.citrix.com/article/CTX135408

Citrix GotoMeeting – mobile clients have the ability to start and host a meeting as well as present content from the device. Whiteboard functionality is also built in.

Citrix XenServer – XenServer 6.1 released, includes support for Storage XenMotion, LACP (up to 4) support, batch conversion of VMware virtual machines

Citrix XenClient – added support for ultrabooks

Citrix ShareFile– What ShareFile does is: Store, Sync, Share

• Sync and device with user files
• Selective offline access on mobile devices
• Data protection – encryption, lock, remote wipe, poison pill
• Enables file sharing with anyone
• Online file sharing space for virtual teams

With ShareFile Enterprise released, control plane resides at Citrix Online while the data plane can reside inside your datacenter, your data never resides outside. StorageZone Connect (tech preview) allows integration of existing file shares.

Citrix CloudGateway Enterprise – enabled mobile application management of iOS and Android devices, wrapped native app deployment via the Citrix AppController. AppController integrates mobile, web/saas, follow-me-data.

Just announced last week is @WorkWeb and @WorkMail, videos of this solution in action are here.

Citrix Receiver – Citrix Receiver for HTML 5 was released this summer, requires Access Gateway 10 and StoreFront 1.2. Enabled clientless access to Windows apps, Desktops, web and SAAS apps.

One Citrix Receiver look and feel across desktops and mobile platforms. First Time User experience allows setup and configuration with just a users email address.

Citrix RemotePC – Citrix RemotePC was released as part of Citrix XenDesktop 5.6 Feature Pack 1. RemotePC is the secure brokering of a physical endpoint (desktop or laptop) that is in your office (typically) via Citrix HDX technology. Think of it as GotoMyPC but with the centralized control over virtual channels (printing, clipboard, local drives, etc), automated provisioning of PC and end users, and the high performance of Citrix HDX. RemotePC is available in Citrix XenDesktop Enterprise and Platinum and in most cases won’t require any additional Microsoft licensing…as in you won’t need VDA licenses!

Universal Print Server– Combined with the previously available Universal Print Driver, administrators may now install a single driver in the virtual desktop image or application server to permit local or network printing from any device, including thin clients and tablets, leveraging HDX optimization technology to reduce bandwidth load over wide area networks and manage printing communications outside of the virtual desktop channel for enhanced Quality of Service. Use of the Citrix Universal Print Driver had previously been constrained to Windows devices because we relied on Windows to translate from Windows-centric print formats. With UPS, the print engine runs on a server, and we’re no longer limited to printing from Windows devices because the format translation is done on the server. There’s now little or no need to install 3rd party, non-native printer drivers, so overall stability is also improved.

Project Excalibur (XenDesktop v.Next) – Part of Project Avalon. Unification and simplification of XenApp/XenDesktop into a single architecture. XenApp IMA architecture has been around since Metaframe XP and in Project Avalon is being integrated into the Citrix XenDesktop FMA architecture.

Excalibur will also bring support for Windows Server 2012 and Windows 8 machine groups.

Also announced was a new SuperCodec using H.264 encode/decode. With so many devices support H.264 decode via hardware acceleration this could be a fallback encoding method for devices that don’t support offloading the multimedia to the client (ex: AVI, WMV, Flash). With the upcoming vGPU (GPU virtualization) the encoding could also potentially benefit from hardware based encoding. This technology will also support transcoding down high bit-rate video down to adapt to available bandwidth so that you can take 1080p video and transcode down to stream on 3G networks.

You can watch Citrix Synergy Barcelona session SYN133 on CitrixTV which goes thru the Excalibur release.

Excalibur will be available for download as a tech preview on November 1st.

Citrix Netscaler – Citrix Netscaler 10 now support scale-up, scale-in, and scale-out (TriScale) options with new Active-Active-Active-Ac.. scale-out options. Citrix and Cisco also announced a new partnership where Cisco will be selling Citrix Netscaler into their customers who are looking for Application Delivery Controllers as Cisco recently discontinued their ACE product line. Citrix also announced new partnerships with a number of key vendors who will be building joint solutions on their Netscaler product line.

Citrix XenDesktop Hypervisor Support Matrix

http://support.citrix.com/article/CTX131239

Heads up Citrix users

Heads up if you use XenDesktop 5 or XenApp 6.

If you get the error “An error occurred while making the requested connection” when trying to connect through web interface running Xendesktop 5 or XenApp 6 the issue could be a Microsoft patch.  We just ran into this issue with XenDesktop 5.

This is the patch http://support.microsoft.com/kb/2286198 that wreaks havoc.

Here is a forum article related to the issue http://forums.citrix.com/thread.jspa?threadID=271745&start=15&tstart=0

You will also get the following errors or similar in the event log

Log Name:      Application

Source:        Citrix Web Interface
Date:          9/30/2010 8:49:17 AM
Event ID:      30024
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      ftlvxa5x86.adolfolab.ctx
Description:
Site path: C:inetpubwwwrootCitrixAG5.

The XML document sent by the Citrix servers could not be processed because it contains invalid XML. This message was reported from the XML Service at addresshttp://localhost:80/scripts/wpnbr.dll [com.citrix.xml.NFuseProtocol.RequestLaunchRef]. The specified Citrix XML Service could not be contacted and has been temporarily removed from the list of active services. [Unique Log ID: e28daedd]

First few hours on the Motorola Xoom

Just spend my first few hours on the Motorola Xoom that we have acquired for our Desktop Virtualization showroom!

http://danbrinkmann.wordpress.com/2011/04/11/my-first-few-hours-with-the-motorola-xoom/

The list of hardware and software continues to climb.  Any vendors want to get on the list?

• Citrix XenApp/XenDesktop
• VMware View
• VMware vSphere
• AppSense
• Wyse Xenith
• HP Thin Clients (various)
• HP 8440p laptop (Citrix XenClient capable)
• Streamed VHD delivery to HP All-in-one PC
• Motorola Xoom
• iPad 2
• Dell Equallogic storage
• HP P4000 (older Lefthand units running latest SANiQ)
• NetApp
• Dell m600 and m610 blades (thank you VERY much Dell for the additional memory!!!!

Soon to be added… Fusion-io card…wurd!

Desktop Virtualization Showroom at Lewan

What would you like to see?

http://danbrinkmann.wordpress.com/2011/03/07/da-lab/