• Category Archives Citrix
  • SHA2 Certificates and Citrix Receiver Support

    Please be advised of a SSL certificate issue when updating or purchasing new SSL Certificates for your Citrix implementations. You will want to ensure that you purchase a SHA1 Cert and not a SHA2 cert which is currently being sold by Vendors for a cert set to expire in three (3) years or that expire during or after 2017. You will more than likely have to call your vendor and have them reissue a SHA1 cert that expires at the end of 2016 to ensure that you are functional until Citrix updates their Citrix Receivers to support SHA2 across all products.

    Microsoft has announced a new policy for Certificate Authorities (CAs) that deprecates the use of the SHA1 algorithm in SSL and code signing certificates, in favor of SHA2. The policy affects CAs who are members of the Windows Root Certificate Program who issue publicly trusted certificates.  It will allow CAs to continue to issue SSL and code signing certificates until January 1 2016, and thereafter issue SHA2 certificates only.

    The following Citrix Receiver models do not support SHA2 as of 2/25/2014 – This mostly affects the mobile receiver.

    • Linux 13.0
    • IOS 5.8.3
    • Android 3.4.13
    • HTML 5 1.2
    • Playbook 1.0
    • Blackberry 2.2 / BlackBerry 1.0 Tech Preview

     The following Citrix Receiver models do support SHA2 as of 2/25/2014

    • Windows 4.1 (std)
    • Windows 3.4 (ent)
    • Windows 8/RT (1.4)
    • Windows Phone 8 (1.1)
    • Mac 11.8.2 

    Please see the Citrix Receiver Feature Matrix for an updated list

    For more information on the deprecation of SHA1 from Microsoft, please visit the following link from Microsoft.

    You can view the algorithm of the Certificate by viewing the Certificate and looking at the Details tab.


  • Cannot Upgrade StoreFront 2.0 to 2.1

    Today I was upgrading a StoreFront 2.0 installation to 2.1.0.17 and I get the following error message.

    An error occured during installation. Please ensure all the required prerequisites have been installed and run the installer again.

    I checked and all prerequisites were listed.

    The Windows Application event log also logged the following entry

    Event ID: 0
    Source: Citrix Extensible Meta-Installer

    Timestamp: 2/6/2014 2:32:27 PM
    Category:Error, WinError
    Message:Installation of ‘..CitrixStoreFront-x64.msi’ failed with error code 1603. Fatal error during installation

    After a little fancy googling, I was able to come up with two things that solved my issue.

    Resolution:

    • Delete C:ProgramDataCitrixStorefront Install2.0.0.90FrameworkFramework.xml
    • Delete any and all thumbs.db files from c:inetpubwwwrootCitrix
      • In my case it was C:inetpubwwwrootCitrixstoreWebmedia


  • 2014 Certifications Goals

    Many folks are doing their end of year predictions or reviewing the previous year. I haven’t done these in the past, this year I am going to put up a goal for myself and list out the certifications that I would like to obtain next year. Its a pretty aggresive list I believe but achievable. They are listed in no particular order and pretty heavy on the VMware side. I am looking at going for the VCDX in 2015.

    • VCAP-DCA
    • VCAP-DCD
    • VCAP-DTA
    • VCAP-DTD
    • Citrix Certtfied Professional – Networking
    • Citrix Certified Professional – Mobility
    • Microsoft Certification – work back toward MCSE

    That’s a pretty big list for a single year. I may only do the Datacenter Virtualization or the Desktop VCAPs… I havent decided which route to go there yet but ultimately it will depend on which VCDX route I wish to achieve first.

    2015  Certification list (tentative)

    • VCDX
    • CCNA
    • MCSE

  • DHCP on Nexus 7k not working with Netflow enabled

    Recently I ran into an issue that was quite perplexing.

    Issue: DHCP does not work on the Nexus 7k with Netflow enabled

    Symptoms: DHCP not handing out addresses (Citrix Provisioning Environment using DHCP + TFTP options in scope).
     
    Not everyone runs DHCP in their datacenter server based networks but in VDI or End User Computing envornments running Citrix, VMware or other solutions this is a common practice so you may run into this issue if Netflow is enabled.

    Workaround: When you remove the ip monitor netflow input, you need to bounce the l3 interface to take a effect.

    Fix: This is fixed in an upcoming release, see the Bugfix below for more details.

    Cisco Bugfix Report (requires login)

    Cisco Forum post on issue

     


  • Citrix Netscaler VPX Express (free but powerful)

    An often overlooked resource (free) for small environments or for deployments with low requirements is the use of the Netscaler VPX Express. This is a very powerful device, and the VPX express gives you the features of a Standard Edition VPX express platform but has a few limitations.

    Use Cases:

    • Load Balancing a small XenDesktop or XenApp Farm
    • Load Balancing Citrix PVS tftp
    • Load Balancing AD request
    • Load Balancing DNS
    • Load Balancing just about any web site or service…
    • Unlimited ICA Proxy connections to XenDesktop/XenApp (still bound by 5 Mpbs throughput)
    • Remote access to Citrix XenDesktop and Citrix XenApp (Access Gateway)
    • Load Balancing a VMware View deployment (more to come on this one…)
    • Full VPN tunnel for up to 5 concurrent users
    • Clientless access to Web Sites or File Shares
    • External access to Exchange or other web sites and file shares.

    Benefits:

    • Netscaler Standard Edition Features
      • Load Balancing
      • Access Gateway
      • Content Switching
      • Web Logging
      • Content Filtering
      • URL Rewrite
    • Pay as you grow – VPX has all the same features and is only limited by licensing, can pay for a higher edition to expose new features and increase your total throughput
    • Netscaler includes 5 free Access Gateway Enterprise Edition concurrent licenses (what does that give me…?)
      • Full VPN Tunnel
      • EndPoint Analaysis
      • Policy Based SmartAccess
      • Clientless access to Web Sites and File Shares

    I think you get the idea, so what are the major limitations of the Netscaler VPX Express? This sounds too good to be true..

    • License only last one year.. (bummer), “but wait there’s more..” but its free and you can just request another license for the next year
    • 5 Mbps throughput (this applies to all traffic and can be upgraded with a simple license purchase)
    • No SSL offload (this is try of any VPX Netscaler) The Netscaler physical appliances offer SSL offload to dedicated hardware for encryption/decryption. This improved the performance of the box as the CPU doesn’t have to handle the SSL encryption/decryption.

    This is only the tip of the iceberg for what the Netscaler can do and the free ones main limitation is the bandwidth which can be upgraded with a license purchase. You can also deploy as many of these appliances as you need to handle the workload, each pair would have the 5 Mpbs limitation. It may not sound like much bandwidth but that is per second.

    Test it out, deploy the VPX Express yourself and see what your workload throughput is by putting it through the Netscaler and you may be surprised, maybe the VPX Express will be right for you… The Netscaler VPX Express is easy to deploy and can run on VMware vSphere, Hyper-V and XenServer, there are appliances for each of these hypervisors.


  • Citrix Provisioning Services 6.1 Blue Screen

    Following on the footsteps of older bugs coming back to bite us. I have found an issue with Citrix Provisioning Services 6.1 Update 19 on Windows 2008 R2 (this does not affect Windows 2008 x86).

    Issue: Citrix Provisioning Server 6.x displays Blue Screen of Death (BSoD) when starting target Virtual Machine from the vDisk.  When starting the target Virtual Machine from the vDisk, this BSoD (0x0000007b) is displayed, while the master Virtual Machine did not have any problems.

      
    The machine was created with the correct steps. I went through the standard PVS troubleshooting steps to resolve this issue. 
    The machine was cloned off the master template used to create the image
    VMware ethernet IDs matched on the clones setup using the Streamed VM Setup Wizard in PVS
    Image was built with the VMXNET3 Adapter
    You can find most of those troubleshooting steps in this Citrix article
    If you have worked with Citrix Provisioning Services for some time you have more than likely encountered this error before.. 
    I first dismissed this article from Citrix that explicitly mentions the following and it applies to older versions of the products and mentions that this issue is resolved.

    Note: Do NOT install the Device Identity Manager software if you are running Provisioning Services 6.0 software or later. The latest version of Device Identity Manager was included in the 6.0 target device software going forward. Installing Device Identity Manager atop any 6.0 or later target device software breaks the network interface and prevents XenConvert from running. 

    But this article was exactly what the doctor ordered, Eureka!!, I was almost ready to rebuild the image from scratch as everything else worked correctly. 

    Resolution: Apply Microsoft KB article 2550979 Updated 10/10/2013  New link to support 2008 R2 SP1 and RTM patch

    I recommend going through the other steps for troubleshooting first but I hope this helps you resolve this issue in the future.

     


  • Citrix Configuration Logging Error

    Sometimes old bugs come back to bite us when we least expect them, we believe them to be solved. This has been the week of old bugs. On a deployment of Citrix XenApp 5.0 on Windows 2008 (x86) I was setting up Configuration logging.

    I should get the following message upon completion of the wizard.

    Instead I was greeted with the following message
    Invalid username or password.

    With some healthy google searches, I happened upon the following Citrix Forum post describing what I was experiencing.. I then asked the customer if they had a capital S as the first character of the password. BINGO.

    We created another account for configuration logging, tested and bingo we were able to set up the connection to the database, we verified the issue also by testing it first with a capital S and without and were able to duplication the issue.

    Issue: Configuration logging fails for administrators whose SQL Server password starts with a capital letter S.

    Resolution: Change the password to not use Capital S as the first character or use a different account for Configuration logging.

    Note: This issue has been resolved in most of the current releases of Citrix via hotfixes and rollup packs but currently there is no hotfix for XenApp 5 for Windows 2008.

     


  • Citrix Summit / Synergy Update #1

    Today was day one of Citrix Synergy 2013 in Anaheim, CA. There was lots of energy to be found here today and it kicked off with the Citrix Keynote by CEO of Citrix systems, Mark Templeton. Mark Templeton is an excellent speaker and with help from his Chief Demo officer Brad Peterson really kept the show going.

    Some of the highlights for me from the keynote are below, but by no means complete, for a more complete synopsis of the Citrix keynote, please reference the blog of Dave Lawrence aka @TheVMguy.

    • Desktop Player for Mac – This announcement really got the crowd engaged with vocal approval, the ability to run offline XenDesktop VMs on the Apple Mac platform (As a Mac user I am definitely looking forward to testing this, expect a detailed blog post)
    • Cisco Partnership – Cisco and Citrix’s partnership really seem to be progressing strongly and expanding through the use of Netscaler as the next gen ADC platform. Integration points with Cisco ISE, Nexus and Cisco ONE were highlighted also that XenApp was the Number One workload on Cisco UCS. It was alluded that more was coming and in development, looking forward to this continuing relationship.
    • Microsoft Partnership – Citrix and Microsoft go back a long way and have a strong mutual relationship together and that will continue as the Citrix platform moves forward onto Windows Server 2012 and Windows 8 desktop delivering Windows Desktops as a service (DaaS) and Windows Applications to end users.
    • XenDesktop 7 – This deserves (and will get) its own blog post with full details. XenDesktop 7 was announced and will ship in June of this year
    • nVidia and intensive graphical application support – This is next generation support for advanced graphical applications and the results are mind blowing. Smooth high quality rendering and graphics are now truly possible thanks to the innovations between Citrix and nVidia 
    • XenMobile – Mobility is a big theme of Citrix Synergy this year.

    One thing I always enjoy about these conferences is the ability to network with great people, be it customers, partners, other vendors. Networking is one of the best reasons to attend any conference and to listen and have great conversations around technology and innovation.

    I did not blog for Citrix Summit as a lot of the things discussed were still under NDA and I was busy all day and all night and did not get much of a chance to take a breath and write any blog posts so I am going to highlight a few sessions now.

    This was probably my favorite session of Citrix Synergy thus far and a must attend for anyone remotely interested in the next edition of XenDesktop. You will not be disappointed.

    • SUM 223 Excalibur and the FlexCast management architecture for XenDesktop and XenApp
      • Presented by Simon Plant, Chris Lau and Jarian Gibson
      • This session will give you real world information and best practices around Project Excalibur (XenDesktop 7) and FMA (FlexCast management architecture) and the move from IMA
      • This session will be repeated on Friday May 24th at 1 PM PST – ATTEND THIS SESSION

    One of the must attend labs

    • SUM614 – Implementing Excalibur on Microsoft Hyper-V 
      • Instructor driven lab, one of the most well put together labs I have ever done

    Another session that was worth attending is Hands off my Gold Image by Aaron Parker aka Stealthpuppy on twitter.

    • SYN504 – Hands off my gold image! Automate XenDesktop and XenApp images using free tool

    It has been a great couple of days thus far and still two more days left. I will have more updates and details over the new releases coming so keep an eye out and if you have any comments or questions, please comment below.


  • Citrix XenApp – Cannot Remove from Farm

    Occasionally when administrating or building a Citrix XenApp server farm you may find the need to to remove your server from the farm but then you cannot remove the server. You may get the following error message “Server not available”.

    Luckily there is a fairly simple registry fix that you can do to simplify things and allow the disjoin from the farm.
    Locate the following registry key and change the value from 1 to 0

    HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixIMAStatus
    “Joined“=dword:00000000

     
    Then run:

    C:Program Files (x86)CitrixXenAppServerConfigXenAppConfigConsole.exe /ExecutionMode:Leave
     

    After the registry fix and the running the command you’ll be able to remove the server from the farm and then join an existing farm or create a new one again.