Skip to content

Citrix Receiver 4.x Store configuration through Group Policy fails

In one of our last deployments we tried to configure the necessary Citrix Receiver Store Configuration on our VDAs through a Group Policy. Unfortunately it was not working. The GPO was applied – but no store was configured.

The interesting part of the problem was that on other clients the same GPO was working – the user logged on and the store was configured – like it should be. We first started to remove the Citrix, run the Receiver Cleanup Utility and reinstall the Receiver. But it was still the same problem – the store was not configured automatically.

After checking the differences between the clients we found a difference in the registry. On the working client the following registry (with the Store information) was available:

HKLM\SOFTWARE\Policies\Citrix\Receiver

2014-11-07 11_52_33-OneDrive

This key was missing on the other client:

2014-11-07 11_54_05-dedam-ctxsv0009 win_2008r2-default-maintenance on dedam-esx-1-7.corp.grimme.com

We exported the key from the working client and imported it on the not working client. If now a user logged on the Store was automatically configured – like it should be.

The question now was: Why is this key missing? Time to delete the key again and run a gpupdate /force to make sure all Group Policies are applied correctly. Check the registry again and – wohoo – the key is available. So everything looked fine – until we rebooted the VDA – the key was lost again. 
Interestingly other Receiver Configurations (like disabling SelfServiceMode) through the same GPO were applied correctly.

Though it was time to check what happens during the boot with procmon. Inside the procmon log we found some interesting results – the registry key was first created from the Microsoft GPO service and then deleted by the Citrix Group Policy engine.

2014-11-07 11_54_54-dedam-ctxsv0009 win_2008r2-default-maintenance on dedam-esx-1-7.corp.grimme.com

Time to open a support ticket at Citrix. After some discussions and more testing we found the reason for the problem:
The Delivery Controllers had been configured through a GPO. This means that the VDA can only connect to the site after this GPO was applied. If the Citrix Group Policy engine starts and the VDA is not already connected to a Site every Citrix Policy is deleted. One of the deleted settings was the Receiver Store configuration (although that should be independent from other Citrix Policies). Interestingly other Receiver specific settings were not deleted.

Citrix developed a fix for this problem though that the Receiver Store configuration is not any longer deleted. Hopefully it will be integrated in the next Group Policy Client Side Extensions hotfix. If you have the same problem open a support case and ask for fix LC11637.

Installing a SSL Certificate on a Citrix NetScaler Insight Center Appliance

If you plan to connect your Citrix Director Installation to a NetScaler Insight Center Appliance and would like to use a HTTPS connection you need to exchange the SSL Certificate on the appliance again a trusted one.

The first step is to create a host entry for your NetScaler Insight Center Appliance (NSICA) on your internal DNS server. Then you need to create a certificate (split into a PEM and a KEY file) with the FQDN of your NSICA. After you have created the certificate open the NSICA configuration and switch to CONFIGURATION => NETSCAKER INSIGHT CENTER => SSL CERTIFICATE FILES2014-09-10 10_15_28-Citrix NetScaler Insight Center - Configuration - Internet Explorer

Click on ACTION and choose UPLOAD.
2014-09-10 10_15_52-Citrix NetScaler Insight Center - Configuration - Internet Explorer

Browse to your PEM File of the Certificate and Upload it to the NSICA.
2014-09-10 10_26_53-Citrix NetScaler Insight Center - Configuration - Internet Explorer

The PEM File should now be listed under “sdx_default_ssl_cert”.
2014-09-10 10_27_28-Citrix NetScaler Insight Center - Configuration - Internet Explorer

Switch to SSL KEYS and choose UPLOAD again.
2014-09-10 10_27_46-Citrix NetScaler Insight Center - Configuration - Internet Explorer

Browse for the KEY File of the Certificate and upload it.
2014-09-10 10_28_09-Citrix NetScaler Insight Center - Configuration - Internet Explorer

Like before the KEY File is now listed under “sdx_default_ssl_key”.
2014-09-10 10_28_30-Citrix NetScaler Insight Center - Configuration - Internet Explorer

After uploading the PEM and KEY file you need to navigate to SYSTEM => INSTALL SSL CERTIFICATE.
2014-09-10 10_29_14-Citrix NetScaler Insight Center - Configuration - Internet Explorer

Choose the just uploaded PEM and KEY File and confirm it with OK.
2014-09-10 10_30_35-Citrix NetScaler Insight Center - Configuration - Internet Explorer

After a necessary reboot the SSL Certificate is active and you can connect your Director to the NetScaler Insight Center Appliance using HTTPS.
2014-09-10 10_36_54-Citrix NetScaler Insight Center - Configuration - Internet Explorer

Citrix Receiver 4.2 Startmenu integration

After a long time of waiting Citrix released Receiver 4.2. This release brings back functionality to easily integrate Published Applications into the Startmenu known from the Receiver Enterprise. There are two ways available to configure the new Options.

  1. Parameters during the installation and Registry entries
  2. Group Policy with imported ADM files

With both you can disable the SelfServiceStore, configure where and how Startmenu / Desktop Icons are created and if they are removed at logoff / exit.

Installation Parameters / Registry Setting

To disable the SelfServiceStore you must start the installation with the parameter /SELFSERVICEMODE=False . Furthermore it’s a good idea to also enable SingleSignOn ( /includeSSON) and configure the Store ( STORE0=”JHMeier;https://storefront.jhmeier.local/Citrix/Store/discovery;on;JHM Store”) through Parameters . Otherwise the user needs to manually configure the Store and SingleSignOn wouldn’t work.

2014-12-03 13_28_00-dedam-ctxsv0013 win_2008r2-standalone-test on dedam-esx-1-3.corp.grimme.com

CitrixReceiver.exe /includeSSON /SELFSERVICEMODE=False STORE0=”JHMeier;https://storefront.jhmeier.local/Citrix/Store/discovery;on;JHM Store”

If you need to remove the created shortcuts at logoff or exit of the Receiver you must configure the following Registry-Keys:

Remove Shortcuts at Logoff:

HKML\SOFTWARE\Citrix\Dazzle
RemoveAppsOnLogOff
Value = True

Remove Shortcuts at Receiver Exit

HKML\SOFTWARE\Citrix\Dazzle
RemoveAppsOnExit
Value = True

Group Policy with imported ADM files

After installing the Receiver 4.2 you find updated ADM files in the folder C:\Program Files(x86)\Citrix\ICA Client\Configuration”. Open an existing GPO or create a new one. Open Computer Configuration, right click on Administrative Templates and choose Add/Remove Templates…

2014-12-03 20_42_16-RDS - DEDAM-SV396 - Royal TS

For this configuration you need to add the icaclient.adm file – but you can also add the other available adm files.
2014-12-03 20_46_01-RDS - DEDAM-SV396 - Royal TS

After adding the file(s) open the following path:
Computer Configuration => Administrative Templates => Classic Administrative Tempaltes (ADM) => Citrix Components => Citrix Receiver => SelfService2014-12-03 20_56_50-RDS - DEDAM-SV396 - Royal TS

To disable the SelfServiceStore disable the setting Manage SelfServiceMode
2014-12-03 20_59_17-dedam-sv396 - Remote Desktop Connection

Enable the Manage App shortcut setting to configure the following settings:

  • Startmenu Directory
  • Desktop Directory
  • Disable Startmenu Shortcut
  • Enable Desktop Shortcut
  • Disable Categorypath
  • Remove apps on Logoff
  • Remove apps on Exit

2014-12-03 20_59_47-dedam-sv396 - Remote Desktop Connection

The store can be configured under Citrix Receiver => Storefront.

Results

After installing the Receiver with Parameters or configuring it through GPO Shortcuts are automatically published to the Startmenu. Furthermore the SelfServiceStore is removed – it is not possible to open it. If you right click the Receiver the following options are displayed:

2014-12-03 13_29_32-dedam-ctxsv0013 win_2008r2-standalone-test on dedam-esx-1-3.corp.grimme.com
Instead of Open only Refresh is available to check if new apps are published for the user.

Known limitation

There is one known limitation of this solution. If you enable removing the Shortcuts at logoff or exit the app enumeration after every logon is slow. To fix this two workarounds are available.

The first is to add the following registry setting:

HKLM\Software\Citrix\Dazzle
Name = ReuseStubs
Type = REG_SZ
Value = true

The other one is to create Stub-Files on a Share. These files are necessary to start a published application. To create them start a Receiver and subscribe all published applications. The files are created under %Appdata%\Citrix\SelfService. Copy the *.exe files to your share. Furthermore you need to create the following registry settings (If it’s a 64Bit system the Path is HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle):

HKLM\Software\Citrix\Dazzle
Name = CommonStubDirectory
Type = REG_SZ
Value = PATHTOSHARE (e.g. \\server\citrixstubs)

HKLM\Software\Citrix\Dazzle
Name = CopyStubsFromCommonStubDirectory
Type = REG_SZ
Value = true

After a restart of the Receiver the settings are active and the enumeration should be faster.

Windows 2012R2 stops at Boot screen while Network Boot is activated for Citrix Provisioning Server

During my last Citrix Provisioning Server deployments I had an interesting problem. The Windows 2012R2 Master Template always stopped at the Boot screen. This happened even before it was converted into a PVS Device (Disk) nor the Target Device Tools had been installed.

The VM was running on VMWare ESXi 5.5 and we used Citrix Provisioning Server 7.6. After changing the first boot device to Network – though that an initial connection to Citrix PVS happened – the boot stopped while showing the Windows Boot screen. Although we were still booting from the local hard drive – so it didn’t make any sense why this was happening.
2014-10-13 08_25_32-DEDAM-CTXSV0011

After some more testing we discovered that this was not happening with all Windows 2012R2 VMs – only with new deployed ones. Ok let’s check where the difference between the VMs are.

New VMs where running in the ESXi Compatibility mode 5.5 (VM-Version 10).
2014-10-15 12_49_19-vSphere Web Client

While old VMs where still running in the ESXi Compatibility mode 5.0 (VM-Version 8).
2014-10-15 12_52_16-vSphere Web Client

After checking what has changed we saw the new VMs were using a SATA-Controller for the CD-/DVD-Drive instead of an IDE-Controller.

Old VM (Version 8):
2014-10-15 12_56_00-vSphere Web Client

New VM (Version 10):
2014-10-15 13_00_00-vSphere Web Client

Though we removed the CD-/DVD-Drive and SATA Controller from a new VM and added the CD-/DVD-Drive using an “old” IDE-Port.
2014-10-13 08_27_33-vSphere Web Client

After this change the VM was booting without any problems.
2014-10-13 08_30_00-DEDAM-CTXSV0011

I don’t know what causes this problem – but hopefully it will be fixed from either Citrix or VMWare in one of their next versions.

(Undocumented) Issues when Upgrading to XenDesktop / XenApp 7.6

During the last days I tested the Upgrade from XenDesktop 7.5 to XenDesktop 7.6. I found some interesting “Issues” during the upgrade which seem to be not documented.

Upgrading StoreFront on a separate System

If you upgrade StoreFront on a separate Server and use the Upgrade Wizard you receive the following message:
2014-10-07 11_45_22-RDS - DEDAM-SV361 - Royal TS

As you can see the Upgrade process try’s to check something which is not available on a standalone StoreFront system. Luckily you can ignore the warning and continue with your installation. Actually StoreFront even doesn’t check the licenses later – so even if no licenses are available StoreFront works.

Upgrading Citrix License Server on a separate System

The more confusing message is shown if you use the Upgrade Wizard to upgrade the Citrix License Server which is not installed on a Delivery Controller. If you try to upgrade the following message is displayed:

2014-10-07 14_56_37-RDS - DEDAM-SV367 License Server - Royal TS
This product requires a newer license. You must install a license with a Subscription Advantage date of “2014.0815” or later.

Even if you have licenses with a Subscription Advantage date after “2014.0815” the message is displayed. Luckily you can also safely ignore this message (of course only if your Subscription Advantage date is after 2014.0815) – your users will still be able to access their Desktops and Applications.

Auto Fill User Start Menu with Citrix Receiver 4.x

One of the biggest challenges in a lot of migrations to Citrix Receiver 4.x (and XenDesktop / XenApp 7.x) is the (missing) function to automatically fill the users start menu. In the past it was quite easy to push all published applications for the user into his start menu using the Citrix Receiver Enterprise (aka. Online Plugin). Citrix decided to stop the development of the Citrix Receiver Enterprise and fully switched to the Citrix Receiver.
But how can we now automatically fill the user start menu without any user interaction?

First of all you need to make sure that the Receiver Single-Sign-On is working. If you don’t know how to configure this read the article “Citrix Receiver Single-Sign-On (Pass-through Authentication) does not work with StoreFront”.

Also it is necessary to configure the Receiver automatically with your StoreFront Store. You can either achieve this by creating a GPO (with the Receiver adm) or using another command line parameter (next to /includeSSON for Single-Sign-On). To use a GPO import the Receiver ADM-File into the GPO. You can find the ADM-File on a computer with an installed Receiver in the following path:
C:\Program Files (x86)\Citrix\ICA Client\Configuration   (or C:\Program Files\….)

After importing the icaclient.adm you find the following settings inside the GPO:
Computer Configuration => Administrative Templates => Classic Administrative Templates (ADM) => Citrix Receiver => Storefront => Storefront Accounts List
2014-09-03 08_39_59-RDS - DEDAM-SV421 - Royal TS

Change the setting to enable and enter the Store (account) details under “Show”.
2014-09-03 08_41_11-RDS - DEDAM-SV421 - Royal TS

Enter your StoreFront Store in the following format:
STORE NAME;STOREURL;ON;STORE DESCRIPTION
2014-09-03 08_40_36-RDS - DEDAM-SV421 - Royal TS

Alternatively you can add the following parameter to your Receiver-Installation:
STORE0="STORE NAME;STORE URL;On;STORE DESCRIPTION"

The next step is to add the following registry keys under the path HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle (if it’s a 32Bit-System without Wow6432Node):

Name Type Data
InitialRefreshMinMs REG_SZ 1
InitialRefreshMaxMs REG_SZ 1
DontWarnOfRemovedResources REG_SZ True

The last one (DontWarnOfRemovedResources) is optional – if you activate this a user is not informed if one of his applications is removed.
For adding the keys the following commands can be used:

REG ADD HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle /f /v InitialRefreshMinMs /t REG_SZ /d 1
REG ADD HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle /f /v InitialRefreshMaxMs /t REG_SZ /d 1
REG ADD HKLM\SOFTWARE\Wow6432Node\Citrix\Dazzle /f /v DontWarnOfRemovedResources /t REG_SZ /d True

Don’t forget to change the path on a 32Bit-System.
2014-09-02 11_26_27-dedam-wv210 CTX Test - Copy

Now you need to create a new Shortcut in the Startup Folder. With this Shortcut the Receiver automatically connects to Storefront and receives the subscribed applications of the user after he logged in. For every application a Shortcut is created in the Start Menu. The Shortcut gets the following settings:

Target:
"C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe" -logon -poll
Start in:
"C:\Program Files (x86)\Citrix\SelfServicePlugin\"

2014-09-08 08_12_21-dedam-wv210 - Remote Desktop Connection

If your users now log in not all of their available applications won’t be published to the Start Menu. The reason for this is that the user first needs to subscribe all of his available applications. The good thing is: You can also automate this Smiley

Switch to your Delivery Controller and start the Desktop Studio. Now open  “Delivery Groups => Applications” and change the Settings of one Application. You need to change the “Description and keywords”. Either enter
KEYWORDS:mandatory
or enter
KEYWORDS:auto
In this situation both keywords have the same effect – after the user logs on and the SelfService is triggered with –logon and –poll every application is subscribed for the user. Of course only applications with a configured Keyword are subscribed.2014-09-09 10_16_04-RDS - DEDAM-SV421 - Royal TS

The difference between the keywords is that with “auto” the application is only once subscribed – if the user removes it from his applications inside the Receiver it stays removed. If the keyword is “mandatory” the application is subscribed with every user logon. Don’t forget to enter the Keyword for every application which should be automatically published to the Start Menu.

That’s it – now Applications are automatically pushed to the user start menu after he logged in – if anything is unclear feel free to contact me.

Book: Citrix XenDesktop 7.5 and XenApp

51G-KY1yyuL

In the last week I finally received a copy of the book  about Citrix XenDesktop and XenApp 7.5 which Nico Luedemann and I have written.

It’s an absolutely awesome feeling to see the printed book after a lot of work (and time of waiting). I can only suggest everyone to try and write his own book – it’s a really interesting experience.

A big thank you goes to my family for beeing so patient with me while I was spending such a lot of time for writing the book.

Many thanks also go to Sebastian Kestel from Galileo Computing – thanks for the good collaboration during the whole project.

I hope you all enjoy reading the book – if you have any questions feel free to contact me. The book is published by Galileo Computing. You can buy it as a print copy or ebook.

XenDesktop 7.5 and XenApp

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: