Home » microsoft

Tag: microsoft

Azure Source Anchor Upgrade from objectGUID

Post setup (or reconfiguration) of Azure AD Synchronization there is a prompt

Azure Active Directory is configured to use AD attribute objectGUID as the source anchor attribute. Its strongly recommended that you let Azure manage the source anchor for you. Please run the wizard again and select Configure Source Anchor.

Why should we do this?

Upgrading this from objectGUID to ms-DS-ConsistencyGUID is best practise and allows for easy recover of accidentally deleted on-premise user accounts.

Walk Through Steps

  1. Run the Azure AD Connector Wizard and select the Source Anchor option
  2. Select Configure Source Anchor

  3. Click ‘Configure’ to commit the settings appropriately

  4. Success

 

Upgrading to Citrix Receiver 4.2

We have a number of functional expectations to test prior to Upgrading to Citrix Receiver 4.2. It is imperative that things as simple as ‘desktop shortcuts’, appropriate start menu integration and XenApp session sharing work to keep the end users happy and prevent the “same ole service calls being logged again”.

Examples:

  1. A 100% dynamic client start menu (locally or in the XA/XD sessions – built based on the apps published to them) and support for XenApp6.5 session sharing
  2. Ideally one storefront “store” and one receiver version if possible deployed across the organisation (if support for all features exists)
  3. We would prefer not to rely on web interface servers if it can be helped.
  4. Simple desktop and start menu shortcut management with filtering based on device or platform (presently we use separate web interface sites)
  5. Support for File type association and Prelaunch.

Nice to haves / Things to test.

Company Laptop & desktops: Selective or filtered apps on the clients desktops (to avoid conflict with citrix published apps like Citrix outlook vs local outlook) to XenApp 4.5, XenApp 6.5 and XenDesktop 7.6.

Citrix desktop: End user ‘refresh’ on the XenApp desktop (without logging off)

Issues Encountered with Citrix Receiver 4.2

Session Sharing still broken: Whilst the configuration is not officially supported running the receiver via a published XA6.5 desktop and launching a Citrix app would start a brand new session even launching it on the same server.

Receiver Disconnects: During opening, launching or refreshing of the receiver (inside a Citrix session) the local Citrix session would disconnect http://support.citrix.com/article/CTX136339

Shortcut refresh slow: In selfservicemode=false or with user subscriptions disabled (effectively making all apps mandatory) the initial log into receiver would deploy the apps to the start menu under 2 minutes (which is slow compared to pnagent and depending on how many apps were available for your login) following this Citrix article we also set the InitialRefreshMinMs and MaxMs to 1 http://support.citrix.com/article/CTX200337

 

Receiver not started automatically for new users logging onto the workstation:

We had to set a shortcut in the users startup folder or regrun keys for the receiver to open.

 

Receiver Installation:

We decided against recommending the selfservicemode=false option in combination with receiver deployments script to end user devices (as its much more difficult to reverse) rather we’d recommend to use the group policy ADM that comes with the new client to manage the selfservicemode so you can easily change it later if desired.

GPO Location: C:\Program Files(x86)\Citrix\ICA Client\Configuration\icaclient.adm

Kiosk Users: if you have a generic desktop login and people each use their own credentials just for citrix its best to just use storefrontweb as the receiver shortcut deployment to the start menu and even in the receiver window constantly got confused between the different logged on users and was definitely too slow to be a usable solution. Possibly this could be fixed with the GPO ‘Remove Apps on Logoff’

 

Storefront Filtering is per store: If we filtered an application (by its keyword: description) it was effectively hidden from all parts of that store including

  1. Receiver
  2. Storefront web
  3. Legacy Config xml receiver
  4. Regardless of any other store settings (new subscriptions enabled or disabled or the app set to mandatory)

See here how to configure Storefront Filtering

 

Mandatory Apps Ignore Start Menu Directory:

Via GPO we tried forcing the Start Menu directory (different to what the app has published) which worked for all applications except some instances of mandatory apps refused to move. This was most obvious when the user had already synced their apps to the start menu then the start menu directory was forced via GPO.

XA6.5 Published App Start Menu Folder property name is ignored:

Receiver only uses the “Client Application folder” varilable for the shortcut publication.

This makes more sense however when looking at application publication in the Citrix Studio for XenApp 7.6.

Changing the Start menu Path left all the old shortcuts initially unusable:

Changing the start menu path after a user had already sync with the store resulted in all the shortcuts being completely recreated under the new folder hierarchy, whilst the old path was left (during the sync) intact, but unusable.

Running the old shortcuts resulted in the fun message:

After the initial sync completed again (took over 2-3 minutes as I had heaps of published shortcuts) the old folder ‘Citrix’ was eventually removed.

Desktop shortcuts delivered in folders: If an application is published in the XA6.5 console with a Client Application folder, and the app is published to the desktop as well the Client application folder is also created.

Shortcuts doubled up: If there was an application with the same name locally as remote, we would end up with 2 – making it confusing for the end users – Citrix’s solution to this is the “keyword: Prefer” in the application description – which we found continued to only launch the Citrix application.

See here for an excellent explanation of the supported Storefront and Receiver Keywords: http://www.martijnhs.com/2014/05/08/citrix-storefront-keywords-explained/

 

 

Summary

The deployment method we have had most success with (so far) has been:

  • The Citrix Receiver 4.2 packaged and deployed simply with “CitrixReceiver4.2.100.exe /includeSSON” (no other commands or calls)
  • The actual storefront Store configured via GPO

  • The SSO option enabled via GPO

  • The storefront site added to trusted or intranet sites
  • The SSO options/passthrough setting enabled in the storefront servers / site
  •  We enabled The Shortcut managment options to stop confusion for end users (all citrix apps delivered in a start menu sub folder)

  • We also disabled the selfservicemode via gpo rather than forcing it during the installation in the 4.2 receiver.

  • We forced the receiver to connect to the store asap by: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Dazzle]

“InitialRefreshMinMs”=”1”

“InitialRefreshMaxMs”=”1”

  • We placed the receiver in the Startup Folder of the local machine, so it would launch automatically

This configuration would also mean that ALL the application shortcut are all delivered to the users start menu, but people connecting via the ‘storefront web’ page can still have subscriptions enabled so they don’t see things like the accessories published apps ‘calc, or snipping tool or magnifier etc’ from the ‘storefront web’.

*Additional Note: If upgrading existing users devices, you may find it useful to set the legacy web interface to delete / remove all shortcuts on logoff / exit –  that way you can be 99% sure that there there should be no remnants of the legacy clients shortcuts on the desktop or star menu etc for the end users

Windows Desktops / Clients

The 4.2 Citrix receiver is an absolute must have for 3D Pro / HDX graphics, the improvements are numerous for graphics display and the smoothness of 3D apps. When deploying 4.2 locally with self service it grants the users that little bit of flexibility and control over their own start menu and the customisable GPO can help you easily change your mind later should the need arise.

XenApp

On a XenApp published desktop where session sharing is still broken with Receiver 4.2 we are going to stick with Citrix Receiver 3.4 enterprise Cumulative Update 4 and have it pointing to the storefront legacy config.xml file for now – which delivers the full dynamic Citrix start menu and still supports session sharing.

It is incredibly frustrating as an integrator and even as an end user to see ‘similar’ issues that Citrix has previously fixed in prior versions of their ICA Client reappearing all over again in the new Receiver, it certainly does nothing for their reputation.

We are very interested to hear how other people are managing their upgrades and end user shotcuts. Does anyone have a simpler, quicker, inexpensive and truly dynamic way to manage end user shortcuts whilst still conglomerating the users application experience from all their platforms (i.e local client apps, Citrix apps, Microsoft SCCM, VMWare thinapp and Microsoft App-V to name a few) and still support things like true session sharing and access gateway filtering??? Drop us a line.

Also please see this excellent article to address or workaround some of the problems described above.

 

 

AppV 5 Publishing Error 0x74F00F0C

Situation

Added a new list of Computers to begin accessing our App-V 5 Infrastructure.

The access to the servers and share are driven by AD Group “App-V Citrix Computers” and “App-V LT or DT Computers” etc

Error

AppV 5 Publishing Error 0x74F00F0C

Event ID: 1008, Error, Logname Microsoft-AppV-Client/Admin

With creating the new group for desktops and laptops to start accessing the AppV infrastructure we started getting

Package {b10fe46f-1d9e-449e-94dc-b6f3e1b0bf47} version {c8df57be-6ed3-49f6-8611-bb7e1c896a3a} failed configuration in folder ” with error 0x74F00F0C-0x80070043

Resolution

Ensure the above groups (that App-V is publishing too) have read access to the App-V content store. Otherwise they will get the publication from App-V Infrastructure mode – but have none of the rights to access the packages and files it contains.

 

Citrix PVS vdiskdif.vhdx cache file filling up and servers crashing after reboot.

Situation:

We had a number of production VMs running a Citrix desktop workload on Citrix Xenapp 6.5 via Citrix PVS 7.1 (SP3) with cache to RAM with overflow to hard drive, set at 2048Mb. VMware Hypervisor 5.5 and Appv 5 SP2 with HRP4 running in full infrastructure mode (no Microsoft SCCM) and 30GB of packages running in Shared content store mode from a network file share \\server\appvshare$

Servers have 12GB Ram, with 4 vCPU’s and Windows 2008 R2 SP1

C: Drive is 40GB (with 35GB utilised)

D: Drive is 20 GB (typically 12GB utilised at any one time) with a 6.1GB Page file redirected here, an the vdiskdif.vhdx at 4mb

We have a daily reboot for the entire Citrix desktop estate estate at 3am.

Appv GPO Settings are to use Shared content mode, use the local path of c:\programdata\appv (not app-v), autoload = ALL, user and computer refresh on logon = true

APPV_Streaming

Problem/Symptoms:

After an IE11 upgrade on the Citrix vDisk, every 2-3 days some of the citrix servers would reboot (as per policy) and quickly fill up the D drive, finally crashing the server and rendering it unusable. Hoorah for PVS cache to disk.

As the machine had crashed there was little way to troubleshoot it after the fact, so we needed to capture it during.

Steps to resolve:

Increase C: Drive to 60GB using the process listed in the first section of this article – NO FIX

Increase D: Drive to 40GB to resolve. The server stopped crashing as the server didnt run out of D drive space, we then noticed that the vdiskdif.vhds was sitting at 13.6GB and growing (vs unaffected servers sitting at 4Mb) When checking the system processes, nothing was obviously running or processing. This was a nice workaround but not a final solution or fix.

We rebooted and remotely monitored the system with PSTools (sysinternals) executable “pslist -s \\servername”. During the reboot the appvclient.exe was siting 25% CPU, whilst the GPO to do a full client sync was ‘called’ and run (powershell: get-appvpublishingserver | sync-appvpublishingserver)

Our crashing was finally narrowed to the AppV client that was sporadically somehow crashing and filling the D drive. When the AppV client was stopped or the server removed from any ‘global’ publishing – the server never crashed. As soon as the production APPV packages were republished to the device, and after every 2 or 3 reboots the appvclient.exe would run, start caching files, and start filling up the D drive as it was ‘copying / caching’ the packages.

This felt very much like the AppV client was ignoring the shared content mode, and trying to cache everything locally.

Final Resolution:

The ‘gut feeling’ on this problem was that the AppV client wasnt getting the correct settings from GPO in time. The local AppV Client settings (registry) were reviewed and it seemed there were some improvements to be made.

OLD SETTING

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Streaming]

“AutoLoad”=dword:00000001

“SharedContentStoreMode”=dword:00000000

Turns out the Appv Client settings were set to disable Shared content mode, and to autoload all apps which we are assuming its doing sometimes before it gets its required settings from GPO.

 

NEW SETTING

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Streaming]

“AutoLoad”=dword:00000000

“SharedContentStoreMode”=dword:00000001

After creating a new vDisk version with the ‘New Setting’ registry keys listed above tattooed in the vDisk image  the servers haven’t crashed since.

Also we were using a GPO powershell script that tells the client to go and ‘autoload’ all the apps. So the autoload registry option was just confusing things, hence we disabled it.

App-V 5.0 apps not working when published as seamless applications

Scenario:

Our AppV Applications on Citrix are published globally to the citrix servers computer accounts so the apps are available before the users login. These applications all launch and integrate with AppV either directly calling the AppV exe or by using the /appvve or switch on a hosted Citrix desktop. When the same AppV application is launched seamlessly the app opens but without AppV integration.

Solution:

*UPDATED* – The /Appvve: switch will work if published via Citrix, but only if the Application/s (in APPV) are published to the end user account (not just the computer accounts)

The /appvve switch doesnt work with Citrix published applications. Use the APP-v console to make the applications available for the end user/s or user groups and then script the launch of the app with powershell.

Launch_APP_JAMES.ps1

—— begin script——–

$appvname = get-appvclientpackage “James”
start-appvvirtualprocess -appvclientobject $appvname excel.exe

—— end script——–

I then publish this PS1 script from Citrix in the published app command line:

“C:WindowsSystem32WindowsPowerShellv1.0powershell.exe” -windowstyle hidden “\lonfs001xenapp$AppsSAPLaunch_APPV_JAMES.ps1”

Resources:

There is a myriad of other ways you can integrate or launch apps inside the APPV bubble see below link for more details. We were unable to use the ‘file type associations’ as we want normal excel to load without the APPV integration and add-ins and for select users have this APPV integration be available.

http://support.microsoft.com/kb/2848278

Does App-V 5.0 support Junction points?

YES!

We had an application that was old and a number of its ‘working files’ referenced c:\program files\PROGRAM, but the new version of the app was c:\program files (x86)\PROGRAM

This was embedded in many of the older files that referred to this path directly

During the APP-V sequencing a junction point was created with

mklink /d  “C:\Program Files\PROGRAM”  “C:\Program Files (x86)\PROGRAM”

And when the package launches this directory is ‘linked’ for the users seamlessly, without affecting the underlying server or needing to create the junction point on the server outside of the package.

Hide Libraries and Network in Microsoft Office (x86) AND Windows Explorer (x64)

Problem:

We had hidden the Libraries and Network links in the explorer bar on our Citrix XenAPp 6.5 servers, but for some reason they continued to appear inside Office and some other applications.

Turns out the common element was 32bit apps were all still able to see libraries and Network locations etc particularly when saving files in Word or excel.

W7_Libraries_default_view

 

(screenshot shown above from windows 7 device, its exactly the same view we want to restrict however in terminal server / windows 2008 r2)

Solution:

There are two registry locations for libraries and network etc, 64bit and 32bit, edit them all as follows, be sure to assign permission to these keys as administrator first!

64bit Favorites key is:
HKEY_CLASSES_ROOTCLSID{323CA680-C24D-4099-B94D-446DD2D7249E}ShellFolder
Attributes: a9400100

64Bit Libraries key is:
HKEY_CLASSES_ROOTCLSID{031E4825-7B94-4dc3-B131-E946B44C8DD5}ShellFolder
Attributes:b090010d (hide)
Attributes:b080010d (default – show)

64bit Network key is:
HKEY_CLASSES_ROOTCLSID{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}ShellFolder
Attributes: B0940064

HIDE 32 bit verison of the same for 32bit apps
32bit Favorites key is:
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClassesCLSID{323CA680-C24D-4099-B94D-446DD2D7249E}ShellFolder]
“Attributes”=dword:a9400100

32Bit Libraries key is:
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClassesCLSID{031E4825-7B94-4dc3-B131-E946B44C8DD5}ShellFolder]
“Attributes”=dword:b090010d

32bit Network key is:
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeClassesCLSID{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}ShellFolder]
“Attributes”=dword:b0940064

XenApp6.5_LibrariesHidden

Reinstall of APPv 5.0 SP1 Server fails after Hotfix Installation / upgrade

Scenario:

We had errors with the App-V publishing service on one of our AppV 5 infrastructure servers. Hotfix KB2940354 had already been installed. But during the remove of the APp-V 5.0 SP1 client, the hotfixes are not removed, nor can they be uninstalled.

Error:

The Application Virtualization setup has failed because a more recent version of the App-V is already installed. To Complete the setup, uninstall the existing version of App-V.

Image

Delete this key:

Simply delete any keys related to any App-V hotfixes prior to reinstalling a lower version of the App-V server.
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionUninstall{e1ca9d65-0ebf-4fd5-98e5-00d6453967a4

Launch Internet Explorer in APP-V 5 environment & passthrough the URL

We have a package that needs to be installed and run inside the APP-V 5.0 ‘virtual environment’ or ‘bubble’.

The following command ran Internet Explorer inside the APP-V package / environment then passed Internet explorer the URL

Its a powershell script we have housed on a network share for all such XenApp scripts and specific application launching etc

Powershell Script

$AppVName = Get-AppvClientPackage “Published AppV Name”
Start-AppvVirtualProcess -AppvClientObject $AppVName iexplore.exe “http://website/page”

 

Citrix Published App Path:

“C:WindowsSystem32WindowsPowerShellv1.0powershell.exe” -windowstyle hidden “\serversharescript.ps1”

Load Specific Theme not working with Run Only Specified Windows Applications

Problem

When configuring a very restricted desktop for 3rd party access we configured the ‘Run Only specified Windows Applications’

Surprisingly very little actually stopped working.

However the Windows Aero.theme was no longer being applied:

Solution

Add the following executables to allow the theme to apply: shell32.dll, dwm.exe, rundll32.exe svchost.exe, regsvr32.exe in the group policy location

User Configuration> Policies > Administrative Templates > System > Run only specified Windows applications