Tech Blog

We’ve had this really frustrating issue for a few months where XenApp applications would launch then if a user closed the app or left it then they would be able open it again.

When you jump of the Citrix XenApp server you’d see the session but in a weird state.

Either like this:

or with the username but just a few processes listed:

• Citrix Graphics (ctxgfx)

• Client Server Runtime Process (csrss.exe)

• Desktop Window Manager (dwm.exe)

• Windows Logon Application (Winlogin.exe)

• Windows Logon User Interface Host (LogonUI.exe)

• EMUser.exe – Ivanti service

The work around workaround is to kill winlogin.exe or loginui.exe or emuser.exe and the session ends.

If we remove DisableLogonUISuppression this problem goes away, but then when launching a published application users see a black screen.

So after doing a million things one of the guys at Ivanti found the issue, the App was taking more than 60,000 Milliseconds to launch so Citrix was shitting itself.

The fix, increase the Citrix policy “application launch wait timeout” in Citrix to 12,000 Milliseconds.

And bobs your uncle.

You’re probably asking, why the hell does an app take more 60,000 Milliseconds  to launch….well, I’m blaming Ivanti personalisation and Chrome.

If that doesnt help then check these out:

https://support.citrix.com/article/CTX232490

https://www.reddit.com/r/Citrix/comments/8s9pva/disconnected_sessions_are_not_logging_off/

Ghost Sessions Haunting Me from Citrix

Hello,

As many of you may know the latest round updates have disabled TLS 1.0 and TLS 1.2

For us that meant either enabling TLS everywhere or using newer methods. Below is a URL to enable:

https://blogs.windows.com/msedgedev/2020/03/31/tls-1-0-tls-1-1-schedule-update-edge-ie11/

A much better option is to install Microsoft® ODBC Driver 13.1 for SQL Server on the clients:

https://www.microsoft.com/en-us/download/details.aspx?id=53339

Then update a whole bunch of ODBC system DSNs.

Thats great but some of our Citrix servers have a lot of system DSNs and I didnt much fancy doing them one by one so here’s some PowerShell to do it for you:

$DsnArray = Get-OdbcDsn -DriverName 'SQL Server' ForEach ($Dsn in $DsnArray) { Remove-OdbcDsn -InputObject $Dsn Add-OdbcDsn -Name $Dsn.Name -DsnType $Dsn.DsnType -Platform $Dsn.Platform -DriverName 'ODBC Driver 13 for SQL Server' -SetPropertyValue $Dsn.PropertyValue }

Boom.

Annoyingly our venctre broke recently meaning our Citrix clients wouldnt boot which had the knock on affect users couldnt logon.

To easily check the connection status of citrix and vcentre, you can run the following PowerShell command on a Citrix delivery server (or whereever Citrix PS is installed):

This is what it looks like when its broken, notice the State:

PS C:\Program Files\Citrix\Desktop Studio> Get-BrokerHypervisorConnection


Capabilities                           : {PowerOn, PowerOff, SuspendResume, Re
                                         et...}
ExplicitPreferredController            : True
HypHypervisorConnectionUid             : a17e1707-98f2-43e6-8d5b-42302ccbae53
IsReady                                : True
MachineCount                           : 564
MaxAbsoluteActiveActions               : 2
MaxAbsoluteNewActionsPerMinute         : 15
MaxAbsolutePvdPowerActions             : 100000
MaxPercentageActiveActions             : 10
MaxPvdPowerActionsPercentageOfDesktops : 50
MetadataMap                            : {}
Name                                   : KIL VMware vSphere
PreferredController                    : BohemianGrove\CitrixServer01
State                                  : Unavailable
Uid                                    : 1

Fixing vcentre and rebooting the citrix server it then looks like this:

PS C:\Program Files\Citrix\Desktop Studio> Get-BrokerHypervisorConnection


Capabilities                           : {PowerOn, PowerOff, SuspendResume, Res
                                         et...}
ExplicitPreferredController            : True
HypHypervisorConnectionUid             : a17e1707-98f2-43e6-8d5b-42302ccbae53
IsReady                                : True
MachineCount                           : 564
MaxAbsoluteActiveActions               : 2
MaxAbsoluteNewActionsPerMinute         : 15
MaxAbsolutePvdPowerActions             : 100000
MaxPercentageActiveActions             : 10
MaxPvdPowerActionsPercentageOfDesktops : 50
MetadataMap                            : {}
Name                                   : KIL VMware vSphere
PreferredController                    : BohemianGrove\CitrixServer01
State                                  : On
Uid                                    : 1

After a reboot of the VDI in a box Appliance the Grid IP isn’t working or pingable…

In the VDI Console, Admin, Advanced properties, remove the Grid IP, OK and then put it back in…

If you are building a Client/Server that is going to be used in a VDI environment don’t install the VMware SVGA WDDM driver as part of the VMware tools install.

It can cause issues like Black screens, Users not connecting etc and the first step Citrix get you to perform is to remove them, with XenDesktop this is fairly easy but time consuming with VDI-in-a-Box you can’t…

For XenDesktop, If you have installed them you can us the follow these steps to remove the driver:

• Remove VDA agent(s)
• Reboot
• Remove VMware Tools
• Reboot
• Install VMware tools (Custom install without SVGA driver)
• Reboot
• Install VDA agent(s)
• Reboot
• Update the Catalogue

For VDI-in-a-Box, If you have installed them you can us the follow these steps to remove the driver:

• Start again with new image.

Notes:

If you already have it installed and it’s not causing any issues you can leave it as is.

If you don’t remove the VDA agent before Uninstall/reinstall VMware tools, the guest will break.

VDI-in-a-Box installs the VDA agents when you import the image, you can’t get them any other way. (confirmed by Citrix Support)

Both these links mention VMware 4.1 U1 but Citrix have confirmed it is still affects later versions.

http://support.citrix.com/article/CTX123952

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1011709

Before you start the installation, make the program you want to add or drivers for the device you are installing available either through a local external USB flash/hard disk drive, CD/DVD or a mapped network shared drive. DO NOT COPY TO THE C: DRIVE or ANY LOCAL DRIVE. External USB Flash drive is recommended for temporary storage.

Procedure:

1. Plug in the external USB drive and logoff from the thin client as “User”
2. Login as “Administrator” (Press shift and click “log off”. This will allow you to log in as a local administrator. Default password for administrator is Wyse#123) Please bear in mind that keyboard might be set to American layout in which case you’ll need to hold shift + 3 to do # symbol
3. Verify that the File based writer filter is disabled. If not, click on the “FBWF Disable” icon, restart TC and login again as Administrator.
4. Go the “Start > Settings > Control Panel” and double-click on the “Ramdisk” icon.
5. Change the value from 16Mb to 64MB (you may have to increase this to a higher value depending on your application) and click “OK”. Do not set the value to 100MB.
6. Reboot the Thin Client for the Ram disk value to change
7. Login as Administrator
8. Go the “Start > Settings > Control Panel” and double-click on the “System” icon
9. For WES7 you will need to select from the left pane “Advanced system settings” first, select the “Advanced” tab and click on the “Environmental Variables…” button.
10. Select the “TEMP” variable and click on the “Edit” button
11. Change the “Variable value” from “Z:\” to “X:\” (where “X” is the drive letter of your external USB drive) and press “OK”
12. Select the “TMP” variable and click on the Edit button
13. Change the “Variable Value” from “Z:\” to “X:\” (where “X” is the drive letter of your external USB drive) and press “OK”
14. Start installation process”. DO NOT RUN IT FROM THE CLIENT FLASH
15. When the installation of your program is complete, change the Temp and TMP variables as well as the RAM disk back to the original values
16. Double-click on the FBWF Enable icon. This will reboot the thin client.

Old one this but during deploying a new W7 VDI image I found that randomly, the deployed images would present the user with a popup like this at logon which was not present on the golden master:

This turned out to be caused by the gold image being on a Vmware host with a given CPU type and the “failing” deployed images were being spun up on a host in the cluster with a different CPU in the host.

EVC is enabled but this only works at vmotion level. Differing CPUs in the hosts in a given cluster still present the real hardware CPU type to the guests.

That explained why it didn’t occur all the time, only some of the time, as they had a 3 host cluster, 2 the same, one different.

The fix? Spin up the gold image on all different CPUs in the cluster and reboot after each hardware detection has completed, this way the image has all CPU profiles loaded and doesn’t moan when its deployed.

CAG drops off network after updates to ESXi hosts, reboot fixes for a short time but then it drops off again.

Background

https://communities.vmware.com/thread/492945

Detailed fix in Citrix KB

http://support.citrix.com/article/CTX200278

So it seems Chrome and Citrix have fallen out and no longer work well together after the latest Chrome update.

The issue: After clicking on a published application or desktop icon in StoreFront using Chrome either nothing opens or you get the following messages:

• Cannot connect. To resolve this issue, please report this error to your helpdesk. Details: verify that the ICA connection is available and that the server address is present.
• Setup cannot continue because this version of Receiver is incompatible with a previously installed version.

Cause:
Back in November 2014, Google announced it would remove NPAPI support from Chrome.  They are making this change to “improve security, speed, and stability” of the browser.   In April 2105, they will change Chrome’s default settings to disable NPAPI before removing it entirely in September of 2015.

What does this mean fo users?

Receiver detection.  The NPAPI plugin that Receiver (Windows and Mac) installs allows Receiver for Web (aka StoreFront) to detect if Citrix Receiver is or is not installed.  Without this plugin, it assumes you do not have Receiver and will offer it for you to download and install.  As an aside, you may have noticed that Internet Explorer has an ActiveX control that does the same thing.  If your user does not have Receiver then they can not launch their Citrix application or desktop, so this is a good thing. If your user is already running Receiver but gets offered the Receiver download this will be confusing and could potentially be a bad thing.

Launching applications and desktops.   Let me explain what should happen when you click on the icon for, say, Outlook 2010 in StoreFront (aka Receiver for Web).  StoreFront will talk to a delivery controller to figure out what machine is hosting Outlook 2010 and has the lowest load.  StoreFront will then offer you a .ica file to download.  If you have the plugin, Windows will know that this is a configuration file that should be opened by Receiver.  Receiver will then connect you to your application.  This all happens quickly and seamless making it seem like Outlook 2010 launches immediately.

Without the plugin, you will download an .ica file but Outlook 2010 will not open until you click it.  Chrome does have the option (the arrow on the downloaded file) to “Always open files of this type” as shown in CTX136578.

Some Possible Fixes:
1) Re-enable the plugin using CTX137141.  This workaround will end in November 2015 when Google permanently disables NPAPI (this didnt work for me),
2) Customize StoreFront to remove the prompt to download Receiver with customized code,
3) Customize StoreFront with a link to download Receiver with customized code,
4) Enable a user setting to always open .ica files using CTX136578 (this also didnt work for me),
5) Use another browser not affected by the Chrome changes (this did work).

My current Citrix XenDesktop environment has out grown its original IP scope and I wanted to move it to a new dedicated VLAN with scope to grow even more. Below is brief guide in the steps taken.
Stage 1 – Creating the DHCP Scope
•    Logged onto your DC and open DHCP, drill down on IPv4, right click and select New Scope.

•    Give the Scope a name “Citrix Guest VM’s” and description.

•    Enter the IP range you would like addresses DHCP to give out (it always a could idea to leave some spare at the end for static IPs)

•    Add any exclusions you wish
•    Lease duration I left default of 8 days
•    Proceed to “Yes, I want to configure these options now”
•    Default Gateway is the IP address you will assign your Core Switch / Router in your network when creating the VLAN in the next stage. 192.168.25.254

•    Next select/enter your DNS servers
•    WINS Server if any
•    Active Scope – Select “Yes, I want to activate this scope now”
•    Finish

Stage 2 – Creating a new VLAN
In my environment we use HP Procurve Switches, so the following config are HP cmds.
•    Log on to your Core Switch / Router and use the follow config.

conf t
vlan 3025
name "Citrix Guest VMs"
ip address 192.168.25.254 255.255.255.0
ip helper-address 192.168.250.2
ip helper-address 192.168.250.2
tagged ?????
exit
wr mem

Config Break down
1 Enter configuration mode
2. Created VLAN 3025
3. Naming the VLAN
4. Creating the default gateway ip address for the VLAN
5 & 6. DHCP Servers
7. Tagging – You need to tagged any ports you would like to traffic to run through, see below.
8. Exit VLAN config
9. Save
Tagging
You need to proceed to create the VLAN and tagged the ports through your network you intend the traffic to run through. In my situation I stated by creating the VLAN on both core switches and had to tagged ports through to my server rack switches and then uplinks to my ESXi Hosts.

Testing
Once all the tagging was done I wanted to do some testing before I moved onto VMware VCentre.
From my core switch I untagged a port on VLAN 3025 (untagged assigns an the device connected to that port the IP in that specified VLAN). Plugged in my laptop and check the address assigned. It was a success I received a address from the 192.168.25.0/24 range, I could double check this by looking at the address leased on the DHCP server.
If you was not successful at this point please go back and review as the stage will not work

Stage 3 – VMware VCentre
•    Adding the Virtual Machine Port Group  (VLAN) onto a vSwitch (virtual switch) in VMware
Open up VMware Client, navigate to the your Cluster
– Select your host (if you have mulitple you will need to do this to all of them)- Select the Configuration tab
– Select Networking from the left side menu
– Click ” Add Networking at the top”

Add Virtual Machine, click next

Select the vSwitch you are currently using, for exmaple mine is “vSwitch0″

Give the Port Group a name, i suggest using the same as the VLAN on the physical switches.
Enter the VLAN ID – 3025

View Summery and Click Finish.

You have now added a new VLAN (port Group) into VMware ESXi and can now been given to VMs, in our case our VDI solution.
To check this, edit any VM which is sitting on any of the host you have just configured, select the NIC and you should be able to drop now the menu to select “Citrix Guest VMs” network.

Now this is great, you are able to change the VM to a new network…… but I have 200 VMs!
It is not feasible to sit there and manually reconfigure and 200 machines and reboot them, plus you would be taking down your environment for a long time.
Stage 4 – VMware vSphere PowerCLI
How to automate the NIC change for multiple VMs
1. Download VMware vSphere PowerCLI

https://my.vmware.com/web/vmware/details?downloadGroup=PCLI550&productId=352

2. Install and connect to you Vcentre Server

Connect-VIServer –Server VCENTER_SERVERNAME

Once Successfully connected you can start issuing powershell commands. Use get-vicommand to see a list of all PowerCLI commands.
To complete this task we just need:
– The list of machines from the XenDesktop machine catalog.
Commands used:

Get-VM: to obtain list of VM
Get-NetworkAdapter: to find list of VMs on VLAN
Set-NetworkAdapter: to change the VLAN

Scenario:
– Machine Catalog Name: “Admin Desktop”
– Machine names: “monvdiad##”
-Current Network: “Server Network”
-New Network: “Citrix Guest VMs”
** Make sure the account you are using have elevated rights in vSphere
PowerCLI Commands to change VLAN
To obtain a list of all XenDekstop VMs in that catalog issue following command use the wildcard display all machines that start with “MONVDIAD*”

Get-vm –Name “monvdiad*”

If the above query returns the list of the correct VM’s then proceed to change the NIC with the code below.

Get-vm -Name “monvdiac*” | Get-NetworkAdapter | where {$_.NetworkName -eq "Server Network"} | Set-NetworkAdapter -NetworkName "Citrix Guest VMs" -Connected: $false | Set-NetworkAdapter -Connected: $true

Press “A” to accept the changes and watch the magic begin.
Once complete I personally would give the affected VM’s a reboot with the following cmd

 Get-VM –Name “monvdiac*” | Restart-VM

Again press “A” to accept
You can check your work by manually check a VM or issue the following cmd which will query and display any VM using “Citrix Guest VMs” Port Group as a selected network.

Get-vm –Name “monvdi*” | Get-NetworkAdapter | where {$_.NetworkName –eq “Citrix Guest VMs”}

Jobs a good un!