Welcome back to the same bat time, same bat channel. We recently migrated SiteManager over to a new 3.18a version and to our new enterprise Citrix farm. Almost everything work perfectly, except that it didn’t. We ran into some fun with a single port. SCCP. Not sure if it is using SCCP or just port 2000, but it stopped some functionality. So if you have your DPS server on a different subnet, make sure to have this port open!
Category: XenApp
Looks like another fun day in the wild world of virtualization. After having setup a new enterprise farm, you typically try and copy over your policies from your known good farm. Well….. Sometimes this works well. Sometimes it does not. What is worse, is when you build an entirely new infrastructure and have it on its own subnet and then things start to break after you move user over. It appears that the default setting of “Direct connections to print servers” is enabled even if you don’t define it (it was enabled as it was copied from the old farm policy). Hmmmm. How could this bite me?
Well, let’s delve into that, shall we!? Several users were reporting that their printers and TWAIN scanners were not mapping. I checked and verified this. On some users, it wouldn’t map at all. Some it was a slow mapping. I checked the logs on the servers. Nothing to be found there. I engaged Citrix for this. We checked all the settings and policies over (extremely helpful TRM we have! He really is amazing!) So I ran into Google’s rabbit hole. After some soul searching, I mean searching for the answer, I came across this: https://support.citrix.com/article/CTX203252. This explains users have the same issue in a cloud situation. This reminded me that we had moved subnets (again, you’d think that would’ve been in the forefront of my mind since we had other firewall related issues which I will talk about in another post). So I explicitly disabled the setting and it worked immediately.
Since I have found this, now it is time to review the rest of the default policies and see if any of the rest of them need explicit disabling.
Ran across this video explaining Adaptive HDX transport. Rather good video that I wanted to share so that the people can get the information. Going to delve deeper into this new protocol that is delivering ICA over UDP versus TCP. Might have some more information on it in a future post!
So you have have SiteManager and you want to virtualize this app into Citrix. You may have noticed there are some caveats with. One of the issues that we encountered (we’ve been running this for several years across several versions now), is that you have to be creative to separate users because of the reporting port that is needed.
When a user logs in, it creates a port based on the INI file. That works all fine and well until player two enters the arena. So….. We had to utilize a set of scripts to create this separation of user space and create the random port per user. We’ve tried these in powershell and VB script. There wasn’t any performance difference or ease of configuration from what we found. I’ve added the scripts below so that you can more easily onboard this app into XenApp.
This launching script you will point in Citrix Studio is the one below. It is a batch script .bat.
REM TransportLaunch
@echo off
start /wait C:\SMAPP\FileshareMapDrives.vbs
start /wait C:\SMAPP\SmappUpdateINI.vbs
start /B /D Y:\SMAPP318-CTXTST\ C:\SMAPP\smapp.exe
This one will run and call the other visual basic scripts that actually do the work.
The first work script is to map the drive we are going to store the smdb file and the smapp.ini file that will contain the random port number.
'FileshareMapDrives checks "fileshareserver" fileshare share for the user's app configuration directory.
'If it is not there, it creates it and maps the "M" drive in the citrix session to it.
DIM fso, MyFile, strCurrentLine, strPortNum, strNewPortNum, strUserName, CitrixServer
'Determine which Citrix server you have attached to.
Set WSHNetwork = CreateObject("WScript.Network")
' CitrixServer = WSHNetwork.ComputerName
CitrixServer = "fileshareserver"
Set fso = CreateObject("Scripting.FileSystemObject")
' Retrieve logged in username
strUserName = WSHNetwork.UserName
' Determine if the user's directory exists. If not create it
If fso.FolderExists("\\" & CitrixServer & "\fileshare\" & strUserName) THEN
Else
fso.CreateFolder("\\" & CitrixServer & "\fileshare\" & strUserName)
End If
' Map new Drive for the INI file
On Error Resume Next
WSHNetwork.MapNetworkDrive "M:", "\\" & CitrixServer & "\fileshare\" & strUserName
If Err.Number <> 0 Then
On Error GoTo 0
WSHNetwork.RemoveNetworkDrive "M:", True, True
WSHNetwork.MapNetworkDrive "M:", "\\" & CitrixServer & "\fileshare\" & strUserName
End If
On Error GoTo 0
'wscript.sleep(5000)
'wscript.echo "Maps are done"
'SmappUpdateINI
DIM fso, MyFile, strCurrentLine, strPortNum, strNewPortNum, strUserName, CitrixServer
After the above script runs, it will have your location mapped to point the smapp.exe file to the smapp.ini file it will need to load. Next up, the smappupdate.ini script, which is also a visual basic script.
Set fso = CreateObject("Scripting.FileSystemObject")
If fso.FolderExists("M:\SMAPP318-CTXTST") THEN
' wscript.echo "M:\SMAPP318-CTXTST exists"
Else
fso.CreateFolder("M:\SMAPP318-CTXTST")
' wscript.echo "M:\SMAPP318-CTXTST did not exist and I just created it"
End If
' Determine if the directory SMAPP318-CTXTST exists. If not create it
If fso.FileExists("M:\SMAPP318-CTXTST\SMDBL00.DB") Then
Else
fso.CopyFile "\\sharelocation\SMAPP318-CTXTST\SMDB\SMDBL00.DB", "M:\SMAPP318-CTXTST\", True
End If
If fso.FileExists("M:\SMAPP318-CTXTST\SMAPP.INI") Then
Else
' Open the file. Change the path to where you have your file saved.
Set MyFile = fso.OpenTextFile("\\sharelocation\SMAPP318-CTXTST\SMDB\SMAPP.INI", 1, TRUE)
' Create a temp file to copy into.
Set fs1 = fso.CreateTextFile ("\\sharelocation\SMAPP318-CTXTST\SMDB\Temp.txt",True)
fs1.close
Set MyFile2 = fso.OpenTextFile ("\\sharelocation\SMAPP318-CTXTST\SMDB\Temp.txt", 8)
' Copy each line into the temp file.
Do Until MyFile.AtEndOfStream
Line = MyFile.ReadLine
' Increment the port number by 1.
If InStr(1,Line, "Status Monitor Port=",1) Then
strPortNum = Right(Line, 5)
PortNum = CLng(strPortNum)
PortNum = PortNum + 1
strNewPortNum = Cstr(PortNum)
MyFile2.WriteLine("Status Monitor Port=" & strNewPortNum)
else
MyFile2.writeline line
End If
Loop
Set MyFile = nothing
Set MyFile2 = nothing
' Copy the temp file over original file and create a backup copy (UserName.bak).
fso.CopyFile "\\sharelocation\SMAPP318-CTXTST\SMDB\Temp.txt", "\\sharelocation\SMAPP318-CTXTST\SMDB\SMAPP.INI", true
fso.CopyFile "\\sharelocation\SMAPP318-CTXTST\SMDB\Temp.txt", "\\sharelocation\SMAPP318-CTXTST\SMDB\" & strUserName & ".BAK", True
fso.CopyFile "\\sharelocation\SMAPP318-CTXTST\SMDB\Temp.txt", "M:\SMAPP318-CTXTST\SMAPP.INI", true
' MyFile2.Close
' Set MytFile2 = nothing
fso.DeleteFile "\\sharelocation\SMAPP318-CTXTST\SMDB\Temp.txt"
End If
With these three scripts, you should be able to run SiteManager in your XenApp environment!
Hello and good morning. These are the adventures of the starship…. wait. That’s right. Wrong channel. Wrong show.
So….. I decided to upgraded to Fedora 29 ( really really nice btw) at the end of October. Everything was hunky and even dory one would say. Except for something. Something very painful. I tried to use my Citrix Receiver to connect. And what happened pray tell? It wouldn’t connect. Some people have had success with loading additional libraries and finagling around to get it working. I have not as of yet. I’m waiting for a new release of the Linux Receiver instead of battling this one. I’ve seen on some forums that this is a common issue with Fedora and the receiver. So you may want to hold out on upgrading to Fedora 29 until this issue is resolved.
Update 03/27/19 – Instead of fighting the battle of waiting and fighting, I have skipped past fixing this for now and went the way of HTML5 client. Looks like a viable option for this! I’ll be posting about the HTML5 client soon!
So, you have found that you have the dreaded, evil, painful, Mandatory Upgrade message…. This has happened to me a few times. I’ve spoken with Citrix support (which was very good about this btw) to get fixed a couple of times. The third time, I tried my hand at re-creating the sorcery that was shown to me. I pulled a Sorceror’s Apprentice fail for a bit. After arguing with my hand against my forehead and maybe some choice angry words of frustration dipped in a rainbow of expression, I finally got it. I got the order of operations right. I got the thingie to come back to me without resorting to percussive maintenance. That would be quite difficult since they are virtual. It would’ve been as effective as a flame-proof candle. But, I share with you below what I did to bring it back from the dreaded error….
Go ahead and close Studio and log out at that point. You need the account that was used to build the farm. I tried other accounts, and they just didn’t have the power. This account also needed SA on the SQL server to register all the instances. So that is what I found prerequisite. Then, open some sweet, sweet Powershell ISE as administrator. Copy and paste this into the ISE. Run the first two lines to see the count of instances. There should be 60 per controller for 7.15LTSR. There is one line commented out. Run that line and only that line on ONE controller, otherwise you are starting the process over again. Once you run it on the first controller, comment it back out and run that beautiful bean footage from “Get-Service Citrix* | Stop-Service -Force” onward. You will have to repeat the process sans the commented out line on the rest of the Delivery Controllers.
asnp Citrix*
Get-ConfigRegisteredServiceInstance | measure
Get-Service Citrix* | Stop-Service -Force
Get-Service Citrix* | Start-Service
#Get-ConfigRegisteredServiceInstance | Unregister-ConfigRegisteredServiceInstance
Get-AdminServiceInstance | register-configserviceInstance
Get-AcctServiceInstance | register-configserviceInstance
Get-ApplibServiceInstance | register-configserviceInstance
Get-BrokerServiceInstance | register-configserviceInstance
Get-ConfigRegisteredServiceInstance | register-configserviceInstance
Get-ConfigServiceInstance | register-configserviceInstance
Get-EnvTestServiceInstance | register-configserviceInstance
Get-HypServiceInstance | register-configserviceInstance
Get-LogServiceInstance | register-configserviceInstance
Get-MonitorServiceInstance | register-configserviceInstance
Get-ProvServiceInstance | register-configserviceInstance
Get-SfServiceInstance | register-configserviceInstance
Get-TrustServiceInstance | register-configserviceInstance
Get-OrchServiceInstance | register-configserviceInstance
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-AdminServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-AcctServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-ApplibServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-BrokerServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-ConfigServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-EnvTestServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-HypServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-LogServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-MonitorServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-ProvServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-SfServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-TrustServiceGroupMembership
Get-ConfigRegisteredServiceInstance -servicetype config | Reset-OrchServiceGroupMembership
After you run this, you should be able to run the “Get-ConfigRegisteredServiceInstance | measure” command again to see the proper number of instances. You can run this after you run the above on a controller and see if the number increments properly. Sometimes you have to reboot the Controller after doing the fix. If you have 4 Delivery Controllers, it will look like below:
You should be able to open Studio now and it looks all pretty and pristine!
Let me know if this helps you out! Tune in for next blog’s episode, “Something, Something, Something Dark Side.”
Here are the requirements I ran across needing for the SQL backend portion for XenApp 7.15LTSR. I had to initially get full sa permission so that XenApp could setup it’s 3 databases. We couldn’t get it to work otherwise. After that, we were able to step down the permission as listed below.
SQL Requirements
- SQL server (stand alone or cluster/AG. If cluster/AG, then additional setup is needed.
- Five total drives. Two drives for OS and SQL install and one for each DATA, TEMP, and LOG.
- Service account to run SQL.
- Service account for XenApp server for adds to the farm.
- Service account for PVS if using PVS.
- Permissions for account: dbowner and securityadmin. Securityadmin is needed to create the machine account access to the database.
- SQL Database for Site, ConfigurationLogging, and Monitoring for XenApp.
- If you are using Session Recording, you will also need CitrixSessionRecording and CitrixSessionRecordingLogging.
Good afternoon and stuff! As promised, I’m going to begin to post the stuff for building a XenApp 7.15 LTSR Enterprise environment. This is subject to change as I run into different issues, requirements, or angry wombats. Below is a skeleton of the requirements I ran into in setting up and Enterprise Citrix environment. I did run into an interesting issue with the Netscaler management interface being on the same VLAN as the data traffic, but that is for another post soon to come. I’ll be addressing the individual components as well as the specifics / issues and resolutions I ran across as well. But for now, here you go!
- IP range for the Citrix servers.
- Dedicated storage LUN(s) / storage cluster.
- Dedicated hardware / Vmware cluster.
- One license server.
- Two – three PVS servers.
- One SQL server and instance.
- Two – three storefront servers.
- Two – three director servers.
- Two – three profile servers.
- DHCP server.
- Two netscalers in HA to support user connections.
- SSL certificate for main site.
- SSL certificate for StoreFront.
- VLAN for Citrix.
- AppLayering OVA 4.11.
- MAS OVA for netscaler.
- Sizing of 3:1 or 4:1 for Citrix on over provisioning of hardware. Some articles list as 2:1, but 3:1 or even 4:1 may be attainable depending on applications.
- Four service accounts.
So you want to connect to Citrix on Fedora 28 to a Citrix site that uses Entrust certificates? Well, the receiver has a few issues with that idea. So to take care of that, there are some workarounds you need to do. I have a link on the bottom of the screen for what I had to do to get it working. You will need to download the tarball files. I used the 13.8 client. You can do it with the newer 13.9 as well, I had just backtracked to get it working. So below is what I had to do.
- Download the tarball to install https://www.citrix.com/downloads/citrix-receiver/linux/receiver-for-linux-latest.html. You will need to sign up for a Citrix account.
- Copy the file to /opt.
- Switch to the privileged user install.
- Follow the install through.
- When you are done, go to https://www.entrust.com and download the Entrust root 2048, Entrust root G2, and in my case, the Entrust L1K certificate. You may have a different intermediate certificate depending on what you are using. You will need to save these to /opt/Citrix/ICAClient/keystore/cacerts. I didn’t need the PEM, I only had to download the .cer files.
- You should be able to connect and launch now!
From I was finding, this is also what you will need to do if you are using newer versions of Ubuntu such as 18.04.
https://discussions.citrix.com/topic/393904-cannot-connect-to-0002-streetsmart-edge/
Welcome all to the world of an older application that was never meant to be multi-user. The application was designed for a desktop OS and for a single user. One way you can get around application work/temp folders is an old DOS command called subst. You can use it to map a folder location as a drive. An example is subst x: c:\users\%username%. You will need to create a folder in the user folder location. Then you can potentially point the INI file for the application to the x: location and now you have a separated workspace for each user. This has helped with more than one application in the past. Sometimes with terminal services and Citrix you have to get a little creative. With the big push of Windows 10, many older applications are being pushed off the desktop and into a virtualized environment as these antiquated applications are usually mission critical and haven’t been re-architected. Hope this brings some help to you!