XenApp and other things Xen

Category Archives: Xenapp

Adjust font size in Windows 2008 R2/XenApp

It’s seems it’s not so easy to do, however this tool will do it on a user by user basis

http://www.markprigg.com/    Remote Desktop Font Size Changing Tool



Citrix antivirus recommendations for XenApp

http://support.citrix.com/article/CTX127030  (it also contains links to provisioning services and edgesight)

Of note:

  • Scan on write events or only when files are modified. It should be noted that this configuration is typically regarded as a high security risk by most antivirus vendors. In high-security environments, organizations should consider scanning on both read and write events to protect against threats that target memory, such as Conficker variants.
  • Scan local drives or disable network scanning. This assumes all remote locations, which might include file servers that host user profiles and redirected folders, are being monitored by antivirus and data integrity solutions.
  • Exclude the pagefile(s) from being scanned.
  • Exclude the Print Spooler directory from being scanned.
  • Exclude specific files and folders within the \Program Files\Citrix directory that are accessed heavily or modified frequently. For example, the Local Host Cache (imalhc.mdb) and Application Streaming offline database (RadeOffline.mdb) files might need to be excluded from the \Independent Management Architecture sub-directory. The local Resource Manager Summary Database file (RMLocalDatabase.mdb) might also need to be excluded from the \Citrix Resource Manager\LocalDB sub-directory. If Application Streaming is used, the \RadeCache and \Deploy folders might need to be excluded as well. While entire directories can be excluded, it should be noted that this is not considered a best practice by most antivirus vendors. In high-security environments, organizations should consider excluding specific files using exact names, such as ‘imalhc.mdb’. If exact file names cannot be used, Citrix recommends using wildcard exclusions to limit the attack surface area.
  • Remove any unnecessary antivirus related entries from the Run key (HKLM\Software\Microsoft\Windows\Current Version\Run).
  • If pass-through authentication is being used, for example in a XenDesktop or Shared Hosted desktop scenario, exclude the XenApp Online Plug-in bitmap cache directory (typically %AppData%\ICAClient\Cache).

Citrix optimisations for Windows 2008 R2 server with XenApp 6/6.5

Citrix consulting have put together a large list of tweaks to help speed up and remove some hassles from Windows 2008 R2 with XenApp


Complete list of Microsoft hotfixes for Windows 2008 R2 Remote desktop

Located here:


Note they don’t recommend you proactively apply the patches, rather, apply on a case by case basis.

Xenapp 6.5 out

This is pretty old news by now, but some of the features are over here:

– improvements to HDX: this means more types of flash content can be rendered locally, and hopefully cache a bit better. Of course you still need to be running a Windows based client to make use of these optimisations. Terminals, such as the Wyse S10 do not make use of it due to the limited client.

– Multi-stream ICA: this is  a big one. ICA can now be split out into 4 distinct streams

Very High  High Medium Low
Audio ThinWire/DX Command Remoting MediaStream (Windows Media and Flash) Printing
Seamless USB Redirection COM Port Mapping
MSFT TS Licensing Clipboard LPT Port Mapping
SmartCard Redirection Client Drive Mapping Legacy OEM Virtual Channels
Control Virtual Channel
End User Experience Monitoring

This means if you didn’t have a Citrix Branch repeater you didn’t have many (if any) options for splitting up the various channels within an ICA stream for QoS.

So if I ran QoS on my network links, i could only push ICA up the priority list, but then it would effect ALL ICA channels, including printing.

Now, admins can split it out and put printing where it belongs, looowww down the list.

More information here on multi-stream

Citrix pnagent command line switches

Spotted this over here, the switches are:

/Terminate Closes out PNAgent and any open sessions
/terminatewait  Closes out PNAgent and any open sessions
/Configurl  /param:URL  (useful if you haven’t set up the client as part of the install)
/qlaunch  (syntax example   C:\Program Files\Citrix\ICA Client> pnagent.exe /Qlaunch “Farm1:Calc”)
NOTE: this list has been depreciated with the later versions of Citrix Receiver 3.3. Those switches can be found here
To configure via command line for PNagent and Receiver 3.3 enterprise have a look here

Xenapp 6 STILL hanging after deploying recommended fixes?

NLAsvc timeouts in XenApp 6? Users can’t log in? users can’t log out? CryptSvc service timeouts?

“The winlogon notification subscriber <Sens> is taking long time to handle the notification event (Logoff)” messages?

Take a look at this hotfix http://support.citrix.com/article/CTX129741

contains many fixes in one package. However, applying this hotfix alone will not sort out the hanging issues.

You should also follow this step:

7. A session can be terminated before the first application launches. The issue can occur when a one-minute time-out is exceeded, for example, when the profile share is located across a WAN link rather than on a local share.

This fix introduces support for the following registry key that allows you to configure the time-out as follows:

Name: ApplicationLaunchWaitTimeoutMS
Data: <desired additional time-out, in milliseconds>

Note: Specifying a value of less than 10000 reverts to 10000 because 10 seconds is the minimum override.


In this case, I was instructed to increase the value up to 300000 by support, and have not had any further hanging issues in xenapp 6/remote desktop since. Hurrah!

Office 20XX applications crashing in Xenapp6? clipboard may be to blame…

A problem I’ve seen was office applications crashing in xenapp 6 which runs on windows 2008 R2…

Nothing seemed to work, and the office apps were crashing with a seemingly random list of causes, even excluding DEP on the office binaries didn’t work.

After a bit of debugs with Microsoft they gave me a private fix for what looked to be a clipboard issue. The private hotfix worked, and will be released on the 15th/16th of June.

For those of you having issues with office apps (and maybe others crashing) on Xenapp6 or R2 this may help.

Article name is 2541119 and KB article (at the time of writing is not yet up on the MS site) will be here:


Update this is now out:

Some applications may crash on a computer that is running Windows 7 or Windows Server 2008 R2. This issue usually occurs when you use the following applications:

  • Windows Explorer
  • Microsoft Office applications
  • Windows Movie Maker


This issue occurs because of a known issue in Ole32.dll. When certain applications implement the IEnumFORMATETC interface but do not implement the IEnumFORMATETC::Next() function correctly, Ole32.dll adds a malformed data structure to the system clipboard. When another process queries the Clipboard later, the processes may receive this malformed data structure. Therefore, heap corruption occurs in this process.

Invisible app – XenApp 6

I’ve decided to capture my experiences with Xen products… here’s the first since starting the blog:

I call it, “Invisible app” 😉

This occurs randomly (perhaps 1 in 20) logins when establishing a new session to the farm.

The application launch starts where windows loads the profile in and gets as far as “preparing desktop”. At this stage, the login progress bar disappears and the user is left with nothing. This also occurs with published desktops.

A look at the CDSC shows that the user session is active, however, the application .exe that should be running (eg. word.exe) is not shown as a running process.

IF the user attempts to start the app again, the user is reattached to the invisible app. If the user attempts to start a new app, a new session is started and it appears to work OK.

Update #1:

I have contacted Citrix technical support about this, and captured a CDFtrace for them and Windows full memory dump at the time it occurred.

The Citrix dev analysed the dumps, and found:

“LogonUI seems to be waiting on a APLC call to svchost but we could not see what that thread is doing. ”

so have now asked me to log a call with Microsoft.

Final update:

After much going backwards and forwards I figured out that the problem was caused by failing login script that was conflicting with another script – specifically around mapping drives. The users could not see the command prompt as it’s hidden which confused matters, so the login session just sat there, never starting the app and complaining about a mapped drive.

Simple solution: get rid of the legacy scripts into group policy preferences.