During the deployment of a blueprint via Citrix Smart Tools > Smart Deploy we came across the following error when attempting to deploy to our AWS Resource Location
The following problems were detected with your configuration
Please re-configure as no NAT instance was detected in this AWS Resource location
The blueprint / Citrix tools don’t seem to (yet) support AWS NAT Gateways. This also certainly wont work with the default VPC. To solve this we spun up a new NAT Instance in our own VPC with the servers in separate private subnets in order for the wizard to proceed / succeed. Also note If you deploy to the public subnet you need to provide an elastic IP address.
When trying to Upgrade our Citrix storefront servers from a 2.x version to 3.9 of storefront we encountered the following error: This meant the installation failed with the previous storefront version removed completely, and all configuration lost, and we were then unable to install any further version of Citrix Storefront.
Application Log Error, Source: Citrix Extensible Meta-Installer EVENTID: 0
Timestamp: 05/07/2017 19:04:43Category:Error, WinErrorMessage:Unexpected exception. Message: Exception has been thrown by the target of an invocation.. Stack Trace = at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object parameters, Object arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture) at Citrix.Cxmi.CustomSandbox.ManagedDllLoader.CallStaticMethod(String typeName, String methodName, Dictionary`2 methodParams) at Citrix.Cxmi.Workflow.ExecuteTask.Execute() at Citrix.Cxmi.Workflow.WorkflowSequence.Execute() at Citrix.Cxmi.Workflow.WorkflowSequence.Execute() at Citrix.Cxmi.Workflow.WorkflowExtension.Run() at Citrix.Cxmi.Core.Engine.Run() at Citrix.Cxmi.Core.Program.Main(String args).
Deletion of all local temp files – Failed
Complete uninstall and reinstall of Storefront versions – Failed
Reinstall of old version 2.x – Failed
Install of new 3.x version as different user – failed
We had no choice but to revert the VM snapshot to recover the production Web server.
Upgrade to Storefront 3.0 First, then attempt to upgrade to a higher version.
Azure Active Directory did not register a synchronization attempt from the identity synchronization tool in the last 24 hours for <Company>
There are a large number of reasons why this might be affecting you, however in this specific instance we needed to ensure the Microsoft Azure Active Directory Connect was not stuck at ‘required to upgrade’ screen.
Connect to the AD where you have installed the Sync tool and confirm.
Perform the upgrade as necessary
I then had to spend nearly as hour trying to discover what username / password was configured on this damned account as it was not working with my Azure portal login (portal.azure.com).
As this was a partner subscription from the Microsoft Action pack the original configuration was setup under portal.office.com, also as password synchronisation was setup as part of the AD sync, the previously updated on prem passwords had not synced with Office – so no one could log in with their new passwords.
I ran password recovery for the @xxx.onmicrosoft.com account
Accessed the portal.office.com and confirmed all else was ok with the subscription
Setup On Prem AD Sync again with the recently reset user and password.
Post setup (or reconfiguration) of Azure AD Synchronization there is a prompt
Azure Active Directory is configured to use AD attribute objectGUID as the source anchor attribute. Its strongly recommended that you let Azure manage the source anchor for you. Please run the wizard again and select Configure Source Anchor.
Why should we do this?
Upgrading this from objectGUID to ms-DS-ConsistencyGUID is best practise and allows for easy recover of accidentally deleted on-premise user accounts.
Walk Through Steps
Run the Azure AD Connector Wizard and select the Source Anchor option
Select Configure Source Anchor
Click ‘Configure’ to commit the settings appropriately
You may be frustrated at Microsoft Azure’s lack of ability to power off the Network gateways especially when they are chewing up resources and $. Unfortunately Azure provides no current way to power the gateways down so the only current solution is to delete them, however you need to delete them in the right order to remove the service pre-requisites.
Failed to delete virtual Network Gateway
Failed to delete virtual network gateway 'UKSouthGateway'.
Error: Gateway /subscriptions/xxxxx-xxxx-xxx-xxxx-xxxxxxx/resourceGroups/
The gateway devices must be deleted in a specific order
Citrix Have a cloud based secure browser service unsurprisingly called ‘Secure Browser Service‘. Here is a quick summary of the features / notes taken during a PoC for a customer.
Basically this is an Azure hosted cloud delivery of URLS you specify to publish to users (either anonymously or via your own authentication methods) combined with a browser that is ‘locked down’. You can have Firefox, Chrome, IE11 or IE11 (64bit). Even for a quick test. It’s awesome. Quick, Simple and reliable.
Flash and Video support (youtube) are native, albeit it noticeably slow (but still worked even for a UK based user while the resources were Azure West US region!) Signing up for trial was simple and very quick via my mycitrix.com account (5 minutes after requesting the, trial was ready to go)
From a customisation perspective there is little that is changeable – and possibly will stay this way to keep the service offering simple – you can always deploy your own secure browser service via XA/XD for further customisations. Well done Citrix.
Initial Overview Page
Clicking Get started
Enter a Name, URL and select the browser and region
Browser and Region Options
I selected IE11 and West US as the region
Application launched very quickly, but because its published initially in Kiosk mode my native response was to click ‘refresh’ which reloaded the entire published app – not the webpage (including back buttons etc)
Secure Browser service supports on prem apps / backends
Enable non-kiosk mode
Launching with non-kiosk
Other sites were accessible
(But I didn’t push my luck)
youtube.com was noticeably slow but still worked, sound and all! Pretty good by default.
Where is it hosted and did it match the region published in – YES
Flash is available and the Internet speed was very fast
Flash quality was low and jittery – but was absolutely usable even with approx 150ms from my device to West US Azure
Statistics on usage
Even for a PoC / Demo this is fantastic. Quick and simple and no obvious major issues. Well Done Citrix!
Great news everyone, our first online training course ‘Introduction to Citrix Netscaler (Part 1)’ is now available online. Please check out – http://www.jsconsulting.services/training for more information and resource links.
So what is Amazon AppStream 2.0? Here is the extract from the AWS Website: Amazon AppStream 2.0 is a fully managed, secure, application streaming service that allows you to stream desktop applications from AWS to any device running a web browser, without rewriting them. AppStream 2.0 provides users instant-on access to the applications they need, and a responsive, fluid user experience on the device of their choice.With AppStream 2.0, you can easily import your existing desktop applications to AWS and instantly start streaming them to an HTML5 compatible browser. You can maintain a single version of each of your apps, which makes application management easier. Your users always access the latest versions of their applications. Your applications run on AWS compute resources, and data is never stored on users’ devices, which means they always get a high performance, secure experience. Unlike traditional on-premises solutions for desktop application streaming, AppStream 2.0 offers pay-as-you-go pricing, with no upfront investment and no infrastructure to maintain. You can scale instantly and globally, ensuring that your users always have the best possible experience.
We like the simplicity of this product, and we hope it stays this way. The solution removes the complications of profile management, user settings and negates the need for other expensive delivery / middleware products solutions like Citrix – and just focuses on delivering the applications to the users. We believe you just need to couple this solution with the following additional components to be a viable replacement to some of your business applications:
The image builder, to start hosting & testing your own applications (Update: Image Builder now available since end of Jan 2017 stay tuned for an update)
A low latency link to the AWS Availability zone.
A storage product like google drive, box, dropbox, or webdrive so you can be sure your clients/customers data is protected and automatically in the cloud and not in the local instance (and a policy that enforces this)
Useful Notes during the Test
Fleet build takes approximately 30-35+ minutes at creation
If you stop the fleet and start it again, the startup time is just as long as the initial creation.
You need an individual instance for every user so 5 servers in a fleet = 5 concurrent users.
Instances of Appstream do not appear under EC2
Opening and displaying the demo applications is lightening quick
Connecting from London to Ireland Appstream instance was laggy (keyboard and mouse) in fact at time it was worse than normal RDP, with a latency ave of 371ms
Connecting from a site with a Direct Connection to AWS and a latency of 30ms the experience was much improved
The entire session ran in a browser windows over HTML5 and full screen mode looked great.
Youtube in firefox actually would run and display videos – but in no use-able fashion, even browsing the youtube page with all the video thumbnails was borderline unusable, the session was laggy, and unresponsive, in comparison RDP actually performs better with the same youtube page, resolution and site (not that this would be the main purpose for the platform anyway, just interesting for a comparison)
Keys would sometimes get ‘stuck’ so instead of typing you could end up closing windows instead (but bashing the Windows, CTRL and Alt keys quickly fixed this.
As Appstream is only currently available in US East – N Virginia, US West-Oregon, EU – Ireland, AsiaPacific – Tokyo – I couldn’t test the new London Zone.
Creation of the streaming URL (username to access the instance) failed if I change the logonID to the same ‘instance’ within the same fleet (I only had one instance), after that user had logged in (im guessing this is because the session was still active / running for the previous user as there was no log off button, only a disconnect.
Currently image availability is only limited to Windows 2012 with the AWS demo applications (Firefox OpenOffice, Notepad++)
A image builder component is planned which is exciting to see what options it will have. <Stay tuned for an update review>
We modified settings and saved files to desktop, documents and the X:\ session share all which remained available so long as we used the same connection string (or recreated one with the same ‘loginID’ aka Windows username)
You can choose the VPC Appstream runs on so you should be able to run it on your internal VPC (note: we didn’t test or try this)
For 3 users and 6 hours of running we were billed $13.23 USD which included:
$4.19 per user per month RDS Cal
$0.11 per hour the instance was running (whether the users were connected or not)
Note: you will need an instance per concurrent user so hourly usage = $0.11 * number of concurrent users
1 user, 8 hours a day – 160 hours a month = $21.79 (Annualised $261.48)
1 user, 24 Hours a day – 480 hours a month = $56.99 (Annualised $683.88)
We are excited to see where Amazon will take this new service and how we can leverage this for our customers and as a business tool especially if it means removing the complicated middle layers of delivery software.
Opening the AWS Console and selecting Appsteam 2.0
Create a ‘stack’
Get the naming right
Cant choose any other image at this point
Spin up the template ‘instance’ and select the resources
Choosing the details network Subnet in our default VPC
You still pay for the resources whether users are logged in or not as the instance will remain on unless you instruct AppStream to stop it.
Review the rest of the deployment details then click ‘create’
Wait for the creation of the fleet instance
There is little feedback at this point and the whole process took over 35 minutes
After waiting for a while and when the console said it was active I tried creating a streaming URL
This failed, as the instance was still not ready
Turns out you need to be using the Fleet details tab for the progress of the instance (status)
Note: seems they are bringing an image builder option so you can deploy your own images (assuming where you can install your own applications)
Update: This has been released as of End of Jan 2017! Review coming soon!
Running instances are NOT created in EC2
Finally the fleet was running
Create the streaming URL – which you can set to expire
Once that had been created however I was unable to reauthenticate a second time i the user name was NOT the same as the original streaming URL ‘userid’
But based on that all my settings and saved files ‘still existed.
Open the URL
Launch your apps
The Appstream ’task bar’ gives you the following options
Upload and Download files
Copy and Paste
Settings (display resolution and info re session details)
And a full screen option or numerous other options
The Appstreamed application opens ‘seamlessly’ (to use a Citrix term)
Closing the app, ‘ close the window
More apps could be launched from the ‘appstream’ start button
Multiple apps running
Currently there seems to be restricted access to the local disks / shared (when test saving a notepad++ document)
I tested a save to Session Folder, Desktop and Documents directory – and I am assuming these settings & documents ‘stick’ as I only have the one machine, not multiple instances in the ‘fleet’ and also one device to one user ‘requirement.
This makes sense to keep the solution simple and not have to over complicate it with user profiles and the like.
At the time of writing this the only option was to disconnect the session, there is no option to reboot from the session, or log off?
You can do this from the fleet details ‘management page’.
Stopping the instance took sub 10 seconds to stop.
However starting it again (which I now deeply regret) took another 35+ minutes)
Server was back online
But all settings, documents created were gone (as expected for a demo really)
If, like me, you have recently wondered how to stop WhatsApp sharing your details with Facebook well the team at WhatsApp seem to have already provided this (we hope). So lets us put aside our thoughts of deleting whatsapp entirely, for now, and whilst some of us have paid for a lifetime of “private, no-ads” service, it is still early days yet and this option maybe enough to give us some level of comfort..? Maybe??
Process to stop the data sharing
Dont immediately agree to the ‘policy change’ when you see it in whatsapp
3) Untick the “share my whatsapp account information with Facebook to improve my Facebook ads and product experiences.” (because, you know, our facebook experiences are already so awesome that we would willingly sign up for more targeted advertisements etc)
I just received the above messages today on my android phone EE network in the UK (26/08) however it only prompted me after a phone restart.