Sunday, May 03, 2009

128-bit SecureICA Problem in Windows Server 2008 x64 with XenApp 5.0

Recently I have been having problem with SecureICA 128-bit encryption on Windows Server 2008 x64 with XenApp 5.0. The symptom (and how to replicate the issue) is like this:
1. Install XenApp 5.0 on a Windows Server 2008 x64 server
2. Publish a Desktop from the server
3. Publish an application (let's say notepad.exe) and force 128-bit encryption as the "Minimum Requriement" from this same server
4. Launch the published Desktop from any other Windows client you wish and forced 128-bit encryption from the ICA client
5. From the published Desktop remote session (which is a Windows Server 2008 x64 desktop), laucn Citrix Program Neighborhood from the Start Menu
6. Find an application set and points it to the same server
7. Try to launch the published Notepad.exe created in step 3 earlier, and..

You will NEVER be able to launch this application from the Citrix Program Neighborhood client. The message given will be something like "Higher encryption is required which this client does not support". No amount of tweaking on the client settings will get you pass this problem.

OK, even if you have the published application with high-encryption as the minimum requirement published elsewhere, such as from a CPS4.0 or CPS4.5 servers running Windows 2000 or Server 2003, you will still get the same error message and will not be able to launch it from the published Desktop.

I have reported this case to Citrix Support for more than 2 weeks...and they have yet come back to me.

Update 22-May-2009: Citrix has been able to simulate the problem and provided me a private fix to the PN client on May 14th. They have also mentioned that they will include this fix in the future service pack.

Thursday, April 30, 2009

Windows Installer Services Error 1719

This error gives a message: "The Windows Installer service could not be accessed"

Let's say you've got an error 1719 when trying to install an MSI package and you follow the solution in http://support.microsoft.com/?kbid=315346, and this error still persists. And if you're running Windows Server 2008, you can try this method:

At the command prompt, run this at the C:> prompt:
regsvr32.exe %SystemRoot%\System32\msi.dll

And on an x64 OS, you should also run this:
%systemroot%\sysWOW64\regsvr32.exe %systemroot%\syswow64\msi.dll

This solves the problem I was facing.

Monday, April 13, 2009

Citrix User Profile Manager - some initial discovery

As I learn how to use this on Windows Server 2008 x64, here are things that I will want to share about Citrix User Profile Manager (CUPM):

1. It is run before the Windows standard Loading user profile, Applying user settings. This means it will be able to save user's Desktop settings such as Desktop Language

2. It does not compress user data in the User Store (the location where the saved profile will be stored). This is not configurable. Compressing user profile and saving a single compressed instance across a network has the benefits of reduced network bandwidth usage and reduce the chances of profile corruption.

3. Only 1 configuration per server. Let's say you have SAP Client and Microsoft Word loaded on a Citrix XenApp server and they are both published. The 1 configuration limit means if you want to just load SAP Client and load only SAP Client-related settings for a session, you must load the whole profile including profile settings for Microsoft Word

4. It is able to read Active Directory User Account Object attributes - e.g. Profile path - to use as the location for the user store. Or you can save the user store in user's HOMEDRIVE environment variable. The default settings in CUPM is to save the User Store in user's Windows folder on the HOMEDRIVE. User Environment Variables are not possible because CUPM runs before Windows' Loading User Profile action is processed

5. Configurations can be done through the AD Group Policy Object, or the local INI file, or the combination of both. GPO settings have the priority

6. To use this effectively, the server should be configured to use Local Profile only. This can be set in the Policy Editor or the Group Policy Object in AD

7. CUPM has the option to delete the cached local profiles when users log off. This will be useful in a Terminal Services environment

8. This can be used anywhere, not only for servers running Citrix XenApp

These are just some of my initial thoughts.

Thursday, March 19, 2009

Silently install XenApp 5.0 on Windows Server 2008

How do you deploy XenApp 5.0 on hundreds of Windows Server 2008 x64 silently? The strategy here is to deploy XenApp 5 on all the servers first, with its local farm (temporary). After that, an administrator can join the server to a farm by using the 'chfarm.exe' command.

From XenApp source downloaded from Citrix, copy the DVD image to a share network location. And install XenAp 5 with the following command. I put this into a CMD file so it is easier to modify as necessary. This CMD file is kept in the root directory of the source files:

msiexec /i "%~dp0XenApp Server\w2k8x64\mps.msi" REBOOT="ReallySuppress" CTX_MF_REBOOT="No" /qb /l*v "c:\temp\xenapp.log" AcceptLicense="Yes" CTX_FARM_SELECTION="Create" CTX_NEW_FARM_NAME="NewFarm" CTX_USER_NAME="administrator" CTX_DOMAIN_NAME="" CTX_MF_LIC_CHOICE_FOR_CREATE="DontKnow" CTX_IMA_PROTECTION_ENABLE="0" CTX_CREATE_FARM_DB_CHOICE="Local" CTX_MF_LICENSE_SERVER_PORT_DEFAULT="1" CTX_LOCAL_DATABASE="Access" CTX_MF_SHADOWING_CHOICE="Yes" CTX_MF_SHADOW_PROHIBIT_REMOTE_ICA="No" CTX_MF_SHADOW_PROHIBIT_NO_NOTIFICATION="Yes" CTX_MF_SHADOW_PROHIBIT_NO_LOGGING="Yes" CTX_XML_CHOICE="separate" CTX_XML_PORT_NUMBER="80" CTX_MF_SERVER_TYPE="E" CTX_RDP_DISABLE_PROMPT_FOR_PASSWORD="Yes" TRANSFORMS="%~dp0CTXUpdate.mst"

You will note that at the TRANSFORMS parameter, it's specifying a file called "CTXUpdate.mst". This is to resolve issue that some installation could take up to 45 mins in an environment with multiple domains and multiple domain trusts. The article in Citrix describes this issue. I would advise that you obtain this MST from Citrix.

Installation of Citrix Presentation Server 4.5 Hotfixes May Appear to Hang - http://support.citrix.com/article/ctx115754

Note that this only install XenApp server. This does not install Citrix Management Console which you will need to configure the farm.

What this command does are:
1. Installs XenApp 5 with a local datastore using Access
2. Does not specify a license server
3. Adds the default local 'administrator' as the farm administrator
4. Enables shadowing feature with notification
5. Creates a local Citrix farm named 'NewFarm'
6. Records the installation in a log file in C:\TEMP\XenApp.log
7. Supresses post-installation restart

You would probably need to add more pre-install and post-install commands to this CMD. For example, you may want to create C:\TEMP first. Or make sure that the registry key "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\ica-tcp" does not exist. If this key exists, your installation will fail.

What about Windows Server 2008 x86? Its MPS.MSI is also in the Citrix DVD image under the folder 'XenApp Server\w2k8'.