Kenneth is Speaking at BriForum Denver

I sat down with one of Lewan’s Solution Architects, Kenneth Fingerlos, to discuss his upcoming speaking engagement at the BriForum conference on July 20th.  Our brief conversation covered the details of his session, “vSGA, vDGA, vGPU, and Software – When and Why“, his background in the industry, and what gets him excited in the technology space right now.

Me: Kenneth, can you tell me a little bit about your industry experience?

Kenneth: So, after college I took a left turn in my career path and went into corporate IT for ten years.  Various positions: desktop management, server management, data center.  Various kinds of things.  After ten years of that I decided I didn’t care for IT management and tried to correct the course change and landed in consulting.  I’ve been doing IT consulting for about the last ten years around storage, data management, virtualization of various types, and building up my skill sets trying to help customers solve problems.

Me: Great, great.  So have you been to BriForum before?

Kenneth: I have not been to BriForum.  This will be my first year.

Me: What attracted you to BriForum?

Kenneth: I’m excited.  The whole idea of a conference that has some size to it and is established that is not tied to a specific vendor is just exciting, right?  You go to a Cisco conference and it is all about what is the latest widget from Cisco.  Cisco can do no wrong.  You find the same thing if you go to, you know, Dell World.  Dell is perfect.  Whatever Dell has got going is awesome and whatever everyone else has is garbage.  BriForum excites me because it is everybody. It is a marketing company–a media company that puts on the conference as opposed to a product manufacturer.

Me: So what will you be discussing at BriForum?

Kenneth: I’m discussing a topic that is near and dear to my heart which is the idea of virtualized graphics.  Taking things we do everyday in the physical world with physical PCs and trying to bring this into this virtualized environment.  Things like disaster recovery, security, flexibility.  You know, the physical world is pretty restricted.  Graphics have always been one of these things that is hard and is difficult.  Technology is evolving and has advanced dramatically over the last couple of years in terms of what we can do.  But there is also a lot of complexity and a lot of information and I find my customers have a lot of confusion about what they can and can’t do.  What works, what doesn’t work.  My session is all about trying to bring some clarity to that area.

Me: Ok, so I am going to open this up a little bit and say maybe don’t limit this to just the enterprise world but what is the technology you are most excited about right now?

Kenneth: The technology I am most excited about right now….I think the stuff that is most exciting is really this idea of graphics virtualization.  I mean, so many things go into a user experience, right?  And all of the traditional things that you think about: servers, storage, memory, CPUs–graphics is part of that.  Remoting protocols, right?  What’s going on with actually getting that content delivered to a user.  Networking, right? 3G, 4G networks and starting to think about what’s next, what’s beyond 4G.  These are huge enablers to let people consume and develop content in ways that have never been envisioned before.  Letting you take that stuff to the cloud, to the remote data center, and access it from anywhere.  I’ve been sitting on top of a mountain in my 4×4 holding a virtual desktop, just because I’m a geek and into this stuff, but yes–I can access that app, whatever it is, from a mountain top in the middle of nowhere.  That’s cool stuff. And it’s all about enabling people to work and function in ways they’ve never been able to before.  That excites me.

Me: Very cool.  Well, looking forward to seeing your session at BriForum!  Until next time.

As I wrote about earlier, BriForum Comes to Denver, and I am excited to have such a great event in my backyard.  If you are going to be at BriForum or just have general questions about Denver, reach out to either @kfingerlos or myself (@sagelikebrian) and let’s catch up.

Brian @sagelikebrian

Citrix Default Printer Won’t Retain

The Windows default printer is a magical thing. This is the printer that is selected by default when you print in an application. Depending on your particular printing workflow this may be the only printer you ever use. Some applications have a quick print functionality that sends a print job to the default printer using default settings and no prompts (for example, portrait orientation and a single copy). To make a printer your default, simply right-click it and select default printer.

When you use Citrix, a Windows default printer is still a Windows default printer. The difference is that Citrix has administrative policies to help you decide what will be the default.

I recently ran into an issue with a new XenDesktop v7.6 environment where users could select a new default printer using the method above but the next day when they logged on to their desktop it was set back to Microsoft XPS Document Writer. A quick note on Microsoft XPS Document Writer, as you may have noticed it installed on your computer, it is really a print-to-file driver Microsoft created to allow you to save print output in the Microsoft XML Paper Specification.  If you have never used it, do not feel bad, it is more likely you have used the immensely popular PDF format made popular by Adobe before becoming an open standard in 2008.

By default, the user’s current printer is used as the default printer for the session. For example, my laptop’s default printer is HP Deskjet 3520 series (Network).  When I logon to my Citrix desktop it will redirect the laptop printers into the session including my default printer.  That is ideal for a laptop user.

For my next example, I am using a thin client that does not have a default printer because it does not have an OS. It can only connect to a Citrix desktop. When I logon from the thin client it will not see a default printer so it will make the first printer on the Citrix desktop the default. Often times this ends up being the Microsoft XPS Document Writer instead of the HP Deskjet 3520 series (Network).

At first, the issue seemed related to a Windows user profile issue since everyone lost their setting from one logon to the next.  After verifying that other Windows user settings were being retained (i.e. wallpaper, Office settings, and the printer mappings themselves), I moved on to Citrix print policies.   There is a specific policy I found interesting:

Default printer

Looking closer at the policy it defaults to “Set default printer to the client’s main printer”.  Most of the time this will result in using the default printer on the user’s endpoint (e.g. laptop or desktop).  If that endpoint is a thin client or even an iPad it will not have a default printer to redirect so you will end up with the first printer in the session.

I made a new policy and set it to “Do not adjust the user’s default printer” and gave it a higher priority then the others and assigned it to my test user account.

I then ran a gpupdate on each test worker to verify it had the new policy.  To test, I logged on with the test user, changed my default printer to a network printer.  I then logged out and put that test server in maintenance mode ensuring my next logon would go to the other test server.  Success, my new default printer was retained.  To be extra sure there was not anything cached locally, I rebooted both non-persistent workers and logged in again.  Success.  The final steps were to make the policy apply to more users and have them test before rolling it out to everyone on both the test and production workers.

Printing is rarely thought of as complicated but it always is.  If you are running into a similar issue then this policy change could be your answer.

Brian Olsen @sagelikebrian

Microsoft Excel Not Enough Memory or Disk Space

During a recent Deployment of XenApp 7.6 on Windows Server 2012 R2 when users ran an application that exported data to Excel they kept getting this error.

Checking the XenApp session host server which was sized at 2vCPU and 8GB of RAM there was plenty of memory available as there was only one users logged into the server. Launching Excel then opening a workbook was fine and did not result in the error and after patching Office 2010 to the latest patch the error still persisted. After investigating there was no reason why this error would appear.

It would appear that this is a bug in Excel 2010 and Excel 2013 running on Windows Server 2012 R2 and excluding AppData\Local with Citrix Profile Management which is done to reduce the size of profile. With this configured the Cache folder ends up not having allocated enough space, the folder is part of the User Shell Folders in their profile.

The solution. Redirect the user Cache directory to C:WindowsTemp, but doing so without the need to load the hive and hack the default profile’s NTUSER.dat.

First assign Users Modify rights to C:WindowsTemp, otherwise they will not have access and this will not work.

Create a GPO Preference Registry Collection named something descriptive such as Excel Cache Directory

Create a new Registry Item pointing to: HKEY_CURRENT_USERSOFTWAREMICROSOFTWINDOWSCURRENTVERSIONEXPLORERUSER SHELL FOLDERS
The Value Should be Cache
The Data Should be C:\WINDOWS\TEMP
The Type Should be a REG_EXPAND_SZ

Allow for the GPO to replicate and run a GPUPDATE /FORCE and test and you should no longer see the error.

The next time you encounter this issue give this a try. For more information please leave a comment.

Johnny Ma @mrjohnnyma

Marlins Score Big with Citrix

It seems like every other week there is an IT security breach that makes the news.  Many of these hacks score credit card information that can immediately be used or sold.  Recently there have been allegations that members of the St. Louis Cardinals hacked into the Houston Astros’ system to gather information on players.

New York Times – Cardinals Investigated for Hacking Into Astros’ Database
Kansas City Star – Astros GM Luhnow disputes details related to Cardinals hacking probe

At face value, it seems shocking to hear about hacking in Major League Baseball.  There was a time when America’s favorite pastime was not considered high tech.  It was the boys of summer playing a great game and the best team won.  In this Moneyball era of baseball statistics, numbers and data win big.

 

You don’t have to believe me, just ask Brad Pitt.

As soon as I heard the news it made me think of what the Marlins are doing with technology from Citrix.

 

The Marlins are scoring two big wins with Citrix.  First, they are doing things that have never before been possible and making a better experience for their customers.  Second, they have a focus on security that has kept their IT department out of national headlines while protecting their team and intellectual property.  It is hard to put a price on the total package.

We should not give all the credit to the Marlins’ IT foresight.  After all, the Simpsons predicted this way back in 1999.

Brian Olsen @sagelikebrian

How to Fix Java issues with Citrix Netscaler GUI

We have all encountered the dreaded Java error when trying to connect to the Citrix Netscaler GUI.  In this post I would like to walk through the steps of resolving those Java error messages. There are a few technical articles that TRY to walk you through the process of troubleshooting this issue, but I have found the method that I use to be the most successful.  For me this is one of the most frustrating error messages, as I am constantly working in different versions of Java, Netscaler firmware or browser.

For starters, lets go ahead and uninstall any version of Java you currently have installed.  Most versions of Netscaler 10.1 and above will support the most recent version of Java.  You can download the most recent version Here.  For this exercise, we are going to assume you are using chrome, Firefox or IE.  In my experience, I have had the most success with the Netscaler GUI and the Chrome browser.

After you have successfully installed Java and went through the confirmation process go ahead and browse to your java configuration applet or go to control panel > Java (32bit).

Once the Java Control Panel pops up, click on the Settings button.

You will now be redirected to the Temporary Internet files dialog.  First, click on the “Delete Files” button

One the “Delete Files and Applications” box appears, UNCHECK all of the checkboxes and click OK.

Before clicking out of the Temporary Internet files dialog, make sure to uncheck ” Keep Temporary files on my computer” and click OK.  Having all of these temporary files are one of the main causes for applet corruption.

That last set of steps will clear out all the previously downloaded temporary applets, cookies and certificates you currently have in your configuration.  If you are launching java for the first time after the new install this might be a moot point, but I do it anyway 🙂

Now, stay in the Java Control Panel and at the top, click on the “Security” Tab.  Inside of that tab, click on “Edit Site List” at the bottom.

Once you have clicked on Edit Site list, Click on Add.  Here you will be able to add the Netscaler access gateway FQDN as an exception.  Only add websites here that you know you can trust their certificate.

After you click add you will notice a text box appear in the same window.  Go ahead and add your Netscaler FQDN into that field and click OK  example:  Https://yournetscaler.yourdomain.com

After clicking OK, you will notice your Netscaler FQDN is now in the exceptions list.  Click Ok to exit the Java Control panel and relaunch your browser to test.

 

This article applies to Netscaler versions 9.3, 10.0, 10.1

Let me know how it goes.  Add your comments below!

 

 

Kevin B. Ottomeyer @OttoKnowsBest

 

 

Configuring Citrix Storefront Domain Pass-through with Receiver for Windows

I would like to discus the procedure for configuring and implementing Domain Pass-through with Citrix Storefront and Citrix Receiver.

First things first, let’s get a receiver installed on a test machine.

****Note, this machine and all subsequent machines must be a member of the domain that your storefront server is currently attached to in order for the pass-through to work.

Download the Citrix receiver Here

Once downloaded find the path of your download location.  Now, we will need to install the receiver with the single sign on switch as follows:

This will install the receiver, enable and start the single sign-on service on that machine.  After your installation is completed and the machine is rebooted,  log back in to your workstation and double-check to make sure the ssonsvr.exe service was installed and is currently running under services.

Once you have confirmed.  Lets move over to your Storefront server.

Launch the Storefront administration console from the storefront server and on the left side of the console, click on Authentication.

Once authentication is selected move over to the right side of the console screen and under actions > authentication, click on add/remove Methods.

After clicking on Add/Remove Methods, a dialog box should appear with options to select what methods you would like to enable in Storefront.  The second option from the top is, “Domain pass-through”, click on the check box next to that option and click OK.  This will enable Storefront to take the credentials from the ssonsvr service on your workstation and pass them through Storefront and enumerate the app list without authenticating twice.

Depending on your Citrix infrastructure, you might need to propagate the changes to the other Storefront servers in your Server Group.  If you have more than one Storefront server and you do not propagate changes, you might see mixed results in your testing.

To do this, click on “Server Group” on the right side of the console and then on the left side under actions, click on “Propagate Changes”.    This action will replicate all the changes you just made to your authentication policies over to the other Storefront servers in your Server Group.

Now that you have all the configuration pieces in play, reboot the workstation you installed the receiver to and log back in.  Once logged in your should be able to right-click on the receiver and click open.  Receiver will now prompt you for your Storefront FQDN or email address if you have email based discovery enabled.  At this point your application list should enumerate without prompting for credentials. This also goes for the Web portal. Test both to make sure they are passing those credentials through appropriately.

********If your credentials still do not pass through, below are a few troubleshooting steps you can take.  Of course this all depends on how your environment is set up and what access you have to modify certain components in your windows infrastructure.

Modifying local Policy to enable pass-through on the workstation

Apply the icaclient.adm template located in C:\Program Files\Citrix\ICA Client\Configuration to the client device through Local or Domain Group Policy.

Once the adm template is imported, Navigate to Computer Configuration\Administrative Templates\Classic Administrative Templates\Citrix Components\Citrix Receiver\User authentication\, then double-click on the “Local user name and password” setting.

The following box should appear and make sure to select both “Enable pass-through authentication” and “Allow pass-through authentication for all ICA connections”.

Adding Trusted Sites in your browser

On the same workstation you are testing the pass-through.  Open IE and navigate to Tools > Internet Options.  Click on Trusted Sites and add your Storefront FQDN (the same address you entered into the receiver when you set it up.

Also, it wouldn’t hurt to configure pass through in IE.  In The Internet Options Security tab with Trust Sites selected, choose Custom level, security zone. Scroll to the bottom of the list and select Automatic logon with current user name and password.

Configure the NIC provider order

On the workstation you installed the receiver, launch control panel and click on Network Connections, choose Advanced > Advanced Settings > Provider Order tab and move the Citrix Single Sign-on entry to the top of the Network Providers list.

If you are still having problems with the receiver not passing the credentials, leave a comment with your specific issue.

References:

https://www.citrix.com/downloads/citrix-receiver.html

http://support.citrix.com/article/CTX200157

 

 

Kevin B. Ottomeyer @OttoKnowsBest

 

 

 

 

Citrix Access via Chrome is Broken

Purpose:
This post explains Google Chrome functionality that can negatively impact the access to any Citrix environment.

Symptom:
After clicking on a published application or desktop icon in StoreFront using Chrome–nothing happens.

or

After logging on to StoreFront using Chrome, it never thinks Citrix Receiver is installed and offers it to me to download before I get to see my icons.

or

You have a warning to, “Unblock the Citrix plug-in.”

Resolution:
1) Re-enable the plugin using CTX137141.  This workaround will end in November 2015 when Google permanently disables NPAPI.
2) Customize StoreFront to remove the prompt to download Receiver with customized code.
3) Customize StoreFront with a link to download Receiver with customized code.
4) Enable a user setting to always open .ica files using CTX136578.
5) Use another browser not affected by the Chrome changes.

Cause:
Back in November 2014, Google announced it would remove NPAPI support from Chrome.  They are making this change to “improve security, speed, and stability” of the browser.   In April 2105, they will change Chrome’s default settings to disable NPAPI before removing it entirely in September of 2015.

What does this mean for my Citrix users who use Chrome?

Receiver detection.  The NPAPI plugin that Receiver (Windows and Mac) installs allows Receiver for Web (aka StoreFront) to detect if Citrix Receiver is or is not installed.  Without this plugin, it assumes you do not have Receiver and will offer it for you to download and install.  As an aside, you may have noticed that Internet Explorer has an ActiveX control that does the same thing.  If your user does not have Receiver then they can not launch their Citrix application or desktop, so this is a good thing. If your user is already running Receiver but gets offered the Receiver download this will be confusing and could potentially be a bad thing.

Launching applications and desktops.   Let me explain what should happen when you click on the icon for, say, Outlook 2010 in StoreFront (aka Receiver for Web).  StoreFront will talk to a delivery controller to figure out what machine is hosting Outlook 2010 and has the lowest load.  StoreFront will then offer you a .ica file to download.  If you have the plugin, Windows will know that this is a configuration file that should be opened by Receiver.  Receiver will then connect you to your application.  This all happens quickly and seamless making it seem like Outlook 2010 launches immediately.

Without the plugin, you will download an .ica file but Outlook 2010 will not open until you click it.  Chrome does have the option (the arrow on the downloaded file) to “Always open files of this type” as shown in CTX136578.

References:
http://blogs.citrix.com/2015/03/09/preparing-for-npapi-being-disabled-by-google-chrome/
http://blog.chromium.org/2014/11/the-final-countdown-for-npapi.html
http://support.citrix.com/article/CTX141137
http://support.citrix.com/article/CTX136578

Brian Olsen @sagelikebrian

Sharefile SAML AD Authentication Fails on Chrome and Firefox

After configuring our ShareFile to integrate our AD accounts using AD FS 2.0 and SAML for login, we found several user could not log in with Chrome or Firefox.  They would go to the SAML login URL and then enter their correct AD credentials.  The login would then fail.  Using IE with the same credentials was successful.  After investigation, the issue was linked to AD FS 2.0 and Chrome/Firefox, not ShareFile.

The Solution below was found at http://exitcodezero.wordpress.com/2013/05/30/adfs-authentication-issues-with-chrome-and-firefox/

To correct the issues, disable Extended Protection in IIS on your ADFS server

1. Open IIS Manager on your ADFS Server
2. Expand your ADFS Server
3. Expand Sites
4. Expand Default Web Site
5. Expand adfs
6. Click to select ls
7. Double-click Authentication 
8. Right-click Windows Authentication and select Advanced Settings… 
9. Set Extended Protection to Off 
10. Restart IIS or perform an iisreset

Citrix is all new in June

If you’ve been paying attention to Twitter lately, you’ve probably noticed that there have been a lot of new announcements and releases from Citrix over the past 7 days.   So many in fact it can be difficult to keep straight exactly what is going on.  I’m going to try to clear up some of the murk and hopefully help you understand how these announcements are going to impact your plans for the near future. I’ll try to detail each of the announcements and product updates and what’s new with them.

XenDesktop 7: This is Citrix’s flagship VDI product, which competes head to head with VMware’s Horizon View.   Hopefully most Citrix customers are also aware that most of the license editions for XenDesktop also include rights to Citrix XenApp (also knows as Presentation Server or MetaFrame).  Despite the bundling, XenApp and XenDesktop have always been two distict products with separate infrastructures and management frameworks.  XenDesktop 7 changes all that.  With the v7 release XenDesktop now fully encompasses all the functionality for application and desktop publishing from both server OS (XenApp/RDS – aka Hosted Shared) as well as desktop OS (XenDestkop/VDI – aka Hosted).  This means that from a single console you can configure desktops and apps published from Windows XP, 7, 8, Server 2008R2 and Server 2012.  Yes, I said desktops and apps!  Actually XenDesktop has had the ability to do “VM Hosted Apps” for a while but it was infrequently used; that capability is now core functionality and delivers the “seamless” published apps from both destkop and server environments.

Did I mention this is all in a single console?  Well, actually there are two consoles – the management/configuration interface which is now named “Studio” and a helpdesk and monitoring interface named “Director”.  XenDesktop admins will be familiar with both of these.  By the way, Director now has the ability to mine Edgesight data to provide historical information about users, apps, sessions, and hosts.

With the merger there is now a 4th edition of XenDesktop – now giving us Platinum, Enterprise, VDI, and Apps.  The Apps edition will map to the functionality which was previously provided by XenApp.

XenDesktop 7 also brings a host of new features and functionality including the H.264 supercodec, reverse seamless applications, and App DNA integration.  RemotePC is now configured from within the Studio console.   One of the more interesting capabilities is that you can now use MCS to manage your published app server farms which will greatly simplify single image management for smaller environments. Check out this blog for more details and a link to the Citrix TV session detailing the new features.

XenDesktop 7 brings with it a host of other updates:

• StoreFront 1.2 -> StoreFront 2.0
• Web Interface 5.4 -> StoreFront 2.0 (StoreFront is now required)
• Provisioning Services 6.1 -> Provisioning Services 7.0
• XenServer 6.1 -> XenServer 6.2
• Receiver 3.4 -> 4.0  (and new receivers for iOS, Android, and OSX too)

It’s a pretty safe bet that if you use XenDesktop or XenApp you’ve got some new code in your future.

XenApp 6.5 Feature Pack 2: Much less hubbub about 6.5 FP2, but very noteworthy that in this same timeframe Citirx has chosen to issue an update to the existing XenApp product which offers many of the end-user benefits associated with XenDesktop 7.  This appears to be a recognition on Citrix’s part that customers probably will not migrate off of XenApp 6.5 in any great hurry, and this update removes much of the need.  XenApp 6.5 was originally released in August of 2011 and is widely deployed.  Details of the new features can be found here.

Cloudgateway is now XenMobile Apps: So if you’re looking for an updated App Controller, you need to look in a new place.  This heralds future integration between the XenMobile MDM solution and Citrix’s Web/SaaS/Mobile Application management.  We also saw a new release of XenMobile MDM 8.5 on June 28.

ShareFile Storage Center and Connectors are now Storage Controller 2.0: This brings the integration of the on-prem storage options for ShareFile all into one product, reducing the number of servers needed to connect to local storage zones, CIFS shares, and SharePoint.  It also provides read/write access to SharePoint sites!

XenServer 6.2: The latest release of Citrix’s XenServer hypervisor is more incremetnal and has not received much fanfare, with the largest announcement being that the product is now fully open source.  More details on the future strategy and new features can be found here.

NetScaler 10.1: It seems like this release has been kept fairly quiet, however the new HDX Insight reporting feature will offer great value to shops using NetScaler for its Access Gateway Enterprise Edition features.  Want to know how much data user sessions are moving?  Look no further!

VDI in a Box: Even VDI in a Box got an update, now at version 5.3. ViaB gets updates to support better 3D graphics. newer hypervisors, the H.264 supercodec, Windows 8 and Personal vDisk.  More info can be found here.

So June has been a huge month for Citirx with updates across nearly the entire product portfolio.  If you have or use Citrix products these changes will affect you.  If you need help or just want more information reach out to your Lewan Account Executive.  We’re here to help.

Enable Alt+Tab Application Toggling in a Citrix XenApp Desktop Session

I recently had a request for a user to be able to toggle between different applications inside their Citrix desktop session with alt+tab. The Citrix receiver provides this functionality with a registry change. There are a couple ways to send the hot key combo of Alt+tab to the Citrix session, but below I will show how to pass the physical hot key combo of Alt+tab from the client workstation to the Active Citrix session window (non-fullscreen mode).
This work will be done on the Client workstation and I am assuming the client has Windows 7 with Citrix receiver installed.
My background information was found here:
http://support.citrix.com/article/CTX118974
http://support.citrix.com/proddocs/topic/ica-settings/ica-settings-transparentkeypassthrough.html
1. Open regedit on the client device to edit the registry
2. Navigate to the key
HKEY_LOCAL_MACHINE \SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard\
3. Open Key: TransparentKeyPassthrough
4. Set the value to: Remote

5. Exit the Citrix receiver if it is started and log back into your Citrix desktop.
6. When the Citrix desktop session is the Active window, you will be able to toggle between the applications in that session with Alt+Tab