xentraveller

XenApp and other things Xen

Storefront 1.2 support for Offline applications is lacking

I’m pretty new to Storefront, and have been playing with it a bit recently. There was one thing which came up that I thought I should mention:

Storefront has poor support for Offline apps. For some people that just doesn’t matter, but for those that do, you should be aware that only the “Store” supports offline apps.

PNAgent aka Legacy support in Storefront does not support offline apps, nor does the WI replacement “Receiver for Web sites”.

IMO that sucks 🙂

Back to running up WI and Storefront!

Advertisements

How to get Pnagent working with Storefront 1.2

Install Storefront, and configure your initial store (I recommend using a cert as this makes it easier later), to get that going follow this:

http://support.citrix.com/article/CTX133185

Once you have Storefront installed, go to Authentication and add Domain pass-through.

Then go down to Stores, select your Store and on the right hand Action panel, select Configure legacy support.

Now in windows explorer, go into C:\inetpub\wwwroot\Citrix\storename\Views\PnaConfig    folder and make a copy of config.aspx. Edit the original with notepad

Find

<Logon>
<LogonMethod>prompt</LogonMethod>

Add

<LogonMethod>sson</LogonMethod>

and remove the

<LogonMethod>prompt</LogonMethod>

So at this point it should look something like this:

<Logon>
<LogonMethod>sson</LogonMethod>
<EnableSavePassword>false</EnableSavePassword>
<EnableKerberos>false</EnableKerberos>
<SupportNDS>false</SupportNDS>

That’s it for the Storefront side of things. Also check out this article here on how to configure the Receiver 3.3 Enterprise client with PNagent https://xentraveller.wordpress.com/2012/11/04/configuring-citrix-receiver-3-3-client-for-pnagent-functionality-via-command-line/

Configuring Citrix Receiver 3.3 and 3.4 client for PNagent functionality via command line storefront AND web interface

Update: this string successfully works on the 3.4 enterprise/legacy/pnagent client with a WI 5.4 implementation:

CitrixReceiverEnterprise.exe /silent ADDLOCAL=”ReceiverInside,ICA_Client,PN_Agent,SSON” ENABLE_SSON=Yes  SERVER_LOCATION=http://xenappwebinterface/Citrix/PNAgent/config.xml

Citrix have done a bit of work for Citrix Receiver 3.3, and optimised it for Storefront. However, it wasn’t entirely clear from the documentation how to configure it for use with PNagent.

The client has had the “server_location” command line option depreciated, and it’s now built into the “storeX=https://blah”  argument.

Here’s  how to do it…

1) Download the Citrix Receiver Enterprise Client located in the Receiver for desktops/legacy area from here

http://www.citrix.com/downloads/citrix-receiver.html

2) Run this in a command line:

CitrixReceiverEnterprise.exe /includeSSON /ENABLE_SSON=Yes STORE0=”Appstorename;https://server.url/storename/PNAgent/config.xml;on;Apps on XenApp” /LEGACYFTAICONS=True

The LEGACYFTAICONS is used for win7 desktops as there may be icon corruptions.

The above string works with both WI provided PNagent, and with Storefront provided PNagent. If using WI, you can safely enter anything you want in the appstorename and storename (storename should be the path to PNagent however).

Also note, the Receiver wouldn’t remember the settings for all users. So a group policy preference to do a computer registry update for this key:

HKLM/software/wow6432node/Citrix/Pnagent    ServerURL   reg_sz   Https://server.location
simliar with a 32 bit OS

HKLM/software/Citrix/Pnagent    ServerURL   reg_sz   Https://server.location

If you then get errors about Certificate Revocation lists not being able to be checked ensure you use the Citrix Receiver policies installed with the latest client, and disable CRL checking in that.

Update: The revocation checking message may pop up if the certificate intermediate certs are not included – add your cert vendors intermediate cert bundles, documentation on this will the vendors site.

To get Storefront configured, take a look here:

https://xentraveller.wordpress.com/2012/11/05/how-to-get-pnagent-working-with-storefront-1-2/

Remove admin tools and server manager from published desktop

PVS storage options

Here’s an easy to follow list on the different methods for designing a vdisk store for PVS infrastructure

1) SMB/CIFS

Windows file sharing is used to deploy images to provisioning servers. For HA of file servers, set up a fail over cluster. One image repository. Requires shared storage.

Benefits One LUN is shared between clustered file servers, no double up of images. no annoying image management (see server based and read only). Images read/write to

Cons Network based, could be limitations on network speeds.

Should be tuned, see this link http://www.jackcobben.nl/?p=2032

2) Block level

A LUN from shared storage is presented to PVS servers, used as a single repository for servers. Servers can read and write. Requires proprietary technology to allow for read/write on shared LUN with Windows. Requires shared storage.

Benefits No additional file servers. Images can be written/read to. No annoying image management.

Cons 3rd party technology required such as MelioFS http://www.sanbolic.com/meliofs.htm

http://blogs.citrix.com/2012/02/28/no-more-read-only-luns-in-pvs-sanbolic-melio-offers-consolidation-scalability-and-performance-for-pvs/

3) Per server

Each PVS server has its own image repository disk attached. Does not require shared storage.

Benefits Simple

Cons Must copy images between servers after one image has been updated. Double up on storage size requirements if using 2 servers, if using 3 servers, triple storage size etc etc.

Scripts can always be used to mitigate some of the image management pain points

4) Read only store

Single storage location, and read only. Requires shared storage.

Benefits one place to store your vdisk

Cons Can’t update images easily, mucking about making volume non read only

http://blogs.citrix.com/2009/09/17/provisioning-services-read-only-vdisk-storage/

PVS 6.1 “The database login failed. The user has no database access rights.”

After installing PVS 6.1 and attempting to access the PVS console I got this error message:
“The database login failed. The user has no database access rights.” It also contained the domain name and the computer account of the PVS server. On further investigation the computer account was not a DBO on PVS database on the SQL server, nor could i add the account via the new login interface as computer accounts were not available to chose from, only users.
Sorted out by running this on the SQL 2008 R2 database:
CREATE LOGIN [DOMAIN_NAME\LOGINNAME] FROM WINDOWS;
Then added the account to the DBO group on the database.
Login to console then worked.

Changing the default search provider in IE 9

One question I get a fair bit is, can we change the default search provider for IE. This is a bit of a pain… you can do it the long MS way

http://support.microsoft.com/kb/918238

or use a pre-canned copy here:

http://blogofanitadmin.blogspot.com/2011/05/group-policy-changing-default-search.html

This worked fine for me. MS should really improve this…

Adjust font size in Windows 2008 R2/XenApp

It’s seems it’s not so easy to do, however this tool will do it on a user by user basis

http://www.markprigg.com/    Remote Desktop Font Size Changing Tool

download

Citrix antivirus recommendations for XenApp

http://support.citrix.com/article/CTX127030  (it also contains links to provisioning services and edgesight)

Of note:

  • Scan on write events or only when files are modified. It should be noted that this configuration is typically regarded as a high security risk by most antivirus vendors. In high-security environments, organizations should consider scanning on both read and write events to protect against threats that target memory, such as Conficker variants.
  • Scan local drives or disable network scanning. This assumes all remote locations, which might include file servers that host user profiles and redirected folders, are being monitored by antivirus and data integrity solutions.
  • Exclude the pagefile(s) from being scanned.
  • Exclude the Print Spooler directory from being scanned.
  • Exclude specific files and folders within the \Program Files\Citrix directory that are accessed heavily or modified frequently. For example, the Local Host Cache (imalhc.mdb) and Application Streaming offline database (RadeOffline.mdb) files might need to be excluded from the \Independent Management Architecture sub-directory. The local Resource Manager Summary Database file (RMLocalDatabase.mdb) might also need to be excluded from the \Citrix Resource Manager\LocalDB sub-directory. If Application Streaming is used, the \RadeCache and \Deploy folders might need to be excluded as well. While entire directories can be excluded, it should be noted that this is not considered a best practice by most antivirus vendors. In high-security environments, organizations should consider excluding specific files using exact names, such as ‘imalhc.mdb’. If exact file names cannot be used, Citrix recommends using wildcard exclusions to limit the attack surface area.
  • Remove any unnecessary antivirus related entries from the Run key (HKLM\Software\Microsoft\Windows\Current Version\Run).
  • If pass-through authentication is being used, for example in a XenDesktop or Shared Hosted desktop scenario, exclude the XenApp Online Plug-in bitmap cache directory (typically %AppData%\ICAClient\Cache).

Citrix optimisations for Windows 2008 R2 server with XenApp 6/6.5

Citrix consulting have put together a large list of tweaks to help speed up and remove some hassles from Windows 2008 R2 with XenApp

http://blogs.citrix.com/2011/12/06/optimization-guide-for-windows-server-2008r2-with-xenapp-66-5-%E2%80%93-available-now/