Home » windows

Tag: windows

Cloud Hosting With Multiple Proxy Servers

Scenario

A customer had a requirement for Cloud Hosting With Multiple Proxy Servers and wanted to send some traffic direct to the internet (host or url whitelist), some hosts or urls to one proxy in their cloud hosting and some traffic via another proxy in another peered network in their cloud hosting.

Solution

Our solution in the end was simple but it does required endpoint configuration (the browsers needs to point to the pac file in order for this to work – this was configured via AD GPO for the AppStream instances in Amazon Web Services as the AppStream instances were domain joined.)

This is also supported on Windows and Mac Endpoints via the proxy autoconfiguration file.

This means we can whitelist traffic to the internet, we can send other url or hosts specific matches to various internal proxy servers and for all else we can return a proxy server that doesnt exist and if it points to 127.0.0.1 its a very quick ‘failure’ response.

The response message to the clients is not perfect (users receive ‘The Proxy Server is not responding’) but as a simple working solution this was considered tolerable.

Windows > Configure it in Internet Explorer

Internet Explorer pac file configuration
Internet Explorer pac file configuration

Mac > Configure it in Network Settings

Mac automatic proxy configuration
Mac automatic proxy configuration

PAC File Configuration

function FindProxyForURL(url, host) {

// If the hostname matches, send direct.
if (shExpMatch(host, "*.microsoft.com") ||
shExpMatch(host, "*.google.com"))
return "DIRECT";

// If the hostname matches, send direct.
if (shExpMatch(host, "*.myotherwebsite.com") ||
shExpMatch(host, "*.myotherwebsite2.com"))
return "PROXY internal.squid.proxy:3128";

// If the hostname matches, send direct.
if (shExpMatch(host, "*.myotherwebsite3.com") ||
shExpMatch(host, "*.myotherwebsite4.com"))
return "PROXY internal.squid.proxy2:3128";


// DEFAULT RULE: All other traffic, use below proxies, in fail-over order.
return "PROXY 127.0.0.1:8081";

}

Install the NetScaler Gateway Plugin for Microsoft Windows

Prerequisites

Item Description
 * You should be a local administrator of the device where you are install the gateway plug-in

Step Description Screenshot
1 Ensure your newly created gateway is added to DNS internally or externally (wherever you are connecting to it from)

Open a web browser to the NetScaler VIP

Login

2 Select Network Access
3 Click Download
4 Click Run
5 Click Install

Note: You must be a local administrator to install this Software

6 Click Yes to any Windows UAC prompts
7 Click Finish
 8 The Gateway VPN will connect automatically and the web page will display the NetScaler VPN Home Page.

Upgrading to Citrix Receiver 4.2

We have a number of functional expectations to test prior to Upgrading to Citrix Receiver 4.2. It is imperative that things as simple as ‘desktop shortcuts’, appropriate start menu integration and XenApp session sharing work to keep the end users happy and prevent the “same ole service calls being logged again”.

Examples:

  1. A 100% dynamic client start menu (locally or in the XA/XD sessions – built based on the apps published to them) and support for XenApp6.5 session sharing
  2. Ideally one storefront “store” and one receiver version if possible deployed across the organisation (if support for all features exists)
  3. We would prefer not to rely on web interface servers if it can be helped.
  4. Simple desktop and start menu shortcut management with filtering based on device or platform (presently we use separate web interface sites)
  5. Support for File type association and Prelaunch.

Nice to haves / Things to test.

Company Laptop & desktops: Selective or filtered apps on the clients desktops (to avoid conflict with citrix published apps like Citrix outlook vs local outlook) to XenApp 4.5, XenApp 6.5 and XenDesktop 7.6.

Citrix desktop: End user ‘refresh’ on the XenApp desktop (without logging off)

Issues Encountered with Citrix Receiver 4.2

Session Sharing still broken: Whilst the configuration is not officially supported running the receiver via a published XA6.5 desktop and launching a Citrix app would start a brand new session even launching it on the same server.

Receiver Disconnects: During opening, launching or refreshing of the receiver (inside a Citrix session) the local Citrix session would disconnect http://support.citrix.com/article/CTX136339

Shortcut refresh slow: In selfservicemode=false or with user subscriptions disabled (effectively making all apps mandatory) the initial log into receiver would deploy the apps to the start menu under 2 minutes (which is slow compared to pnagent and depending on how many apps were available for your login) following this Citrix article we also set the InitialRefreshMinMs and MaxMs to 1 http://support.citrix.com/article/CTX200337

 

Receiver not started automatically for new users logging onto the workstation:

We had to set a shortcut in the users startup folder or regrun keys for the receiver to open.

 

Receiver Installation:

We decided against recommending the selfservicemode=false option in combination with receiver deployments script to end user devices (as its much more difficult to reverse) rather we’d recommend to use the group policy ADM that comes with the new client to manage the selfservicemode so you can easily change it later if desired.

GPO Location: C:\Program Files(x86)\Citrix\ICA Client\Configuration\icaclient.adm

Kiosk Users: if you have a generic desktop login and people each use their own credentials just for citrix its best to just use storefrontweb as the receiver shortcut deployment to the start menu and even in the receiver window constantly got confused between the different logged on users and was definitely too slow to be a usable solution. Possibly this could be fixed with the GPO ‘Remove Apps on Logoff’

 

Storefront Filtering is per store: If we filtered an application (by its keyword: description) it was effectively hidden from all parts of that store including

  1. Receiver
  2. Storefront web
  3. Legacy Config xml receiver
  4. Regardless of any other store settings (new subscriptions enabled or disabled or the app set to mandatory)

See here how to configure Storefront Filtering

 

Mandatory Apps Ignore Start Menu Directory:

Via GPO we tried forcing the Start Menu directory (different to what the app has published) which worked for all applications except some instances of mandatory apps refused to move. This was most obvious when the user had already synced their apps to the start menu then the start menu directory was forced via GPO.

XA6.5 Published App Start Menu Folder property name is ignored:

Receiver only uses the “Client Application folder” varilable for the shortcut publication.

This makes more sense however when looking at application publication in the Citrix Studio for XenApp 7.6.

Changing the Start menu Path left all the old shortcuts initially unusable:

Changing the start menu path after a user had already sync with the store resulted in all the shortcuts being completely recreated under the new folder hierarchy, whilst the old path was left (during the sync) intact, but unusable.

Running the old shortcuts resulted in the fun message:

After the initial sync completed again (took over 2-3 minutes as I had heaps of published shortcuts) the old folder ‘Citrix’ was eventually removed.

Desktop shortcuts delivered in folders: If an application is published in the XA6.5 console with a Client Application folder, and the app is published to the desktop as well the Client application folder is also created.

Shortcuts doubled up: If there was an application with the same name locally as remote, we would end up with 2 – making it confusing for the end users – Citrix’s solution to this is the “keyword: Prefer” in the application description – which we found continued to only launch the Citrix application.

See here for an excellent explanation of the supported Storefront and Receiver Keywords: http://www.martijnhs.com/2014/05/08/citrix-storefront-keywords-explained/

 

 

Summary

The deployment method we have had most success with (so far) has been:

  • The Citrix Receiver 4.2 packaged and deployed simply with “CitrixReceiver4.2.100.exe /includeSSON” (no other commands or calls)
  • The actual storefront Store configured via GPO

  • The SSO option enabled via GPO

  • The storefront site added to trusted or intranet sites
  • The SSO options/passthrough setting enabled in the storefront servers / site
  •  We enabled The Shortcut managment options to stop confusion for end users (all citrix apps delivered in a start menu sub folder)

  • We also disabled the selfservicemode via gpo rather than forcing it during the installation in the 4.2 receiver.

  • We forced the receiver to connect to the store asap by: [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Dazzle]

“InitialRefreshMinMs”=”1”

“InitialRefreshMaxMs”=”1”

  • We placed the receiver in the Startup Folder of the local machine, so it would launch automatically

This configuration would also mean that ALL the application shortcut are all delivered to the users start menu, but people connecting via the ‘storefront web’ page can still have subscriptions enabled so they don’t see things like the accessories published apps ‘calc, or snipping tool or magnifier etc’ from the ‘storefront web’.

*Additional Note: If upgrading existing users devices, you may find it useful to set the legacy web interface to delete / remove all shortcuts on logoff / exit –  that way you can be 99% sure that there there should be no remnants of the legacy clients shortcuts on the desktop or star menu etc for the end users

Windows Desktops / Clients

The 4.2 Citrix receiver is an absolute must have for 3D Pro / HDX graphics, the improvements are numerous for graphics display and the smoothness of 3D apps. When deploying 4.2 locally with self service it grants the users that little bit of flexibility and control over their own start menu and the customisable GPO can help you easily change your mind later should the need arise.

XenApp

On a XenApp published desktop where session sharing is still broken with Receiver 4.2 we are going to stick with Citrix Receiver 3.4 enterprise Cumulative Update 4 and have it pointing to the storefront legacy config.xml file for now – which delivers the full dynamic Citrix start menu and still supports session sharing.

It is incredibly frustrating as an integrator and even as an end user to see ‘similar’ issues that Citrix has previously fixed in prior versions of their ICA Client reappearing all over again in the new Receiver, it certainly does nothing for their reputation.

We are very interested to hear how other people are managing their upgrades and end user shotcuts. Does anyone have a simpler, quicker, inexpensive and truly dynamic way to manage end user shortcuts whilst still conglomerating the users application experience from all their platforms (i.e local client apps, Citrix apps, Microsoft SCCM, VMWare thinapp and Microsoft App-V to name a few) and still support things like true session sharing and access gateway filtering??? Drop us a line.

Also please see this excellent article to address or workaround some of the problems described above.

 

 

Vmware 5.1.0 PSOD and Windows 8.1

Situation

The OS was built and running fine on my SHuTTLE SH67 32GB, i7 CPU Vmware 5.1.0 box.

Steps

The moment i tried to copy a ISO (smaller files seemed to be ok) to or from the Windows 8.1 machine the entire ESXi box would PSOD.

Connecting from the *.1 to a XenServer machien to install the client tools also rendered the ESX PSOD.

Resolution?

Workaround

Change the Windows 8.1 from using the E1000 network NIC driver to the VMXNet3. All problems gone! (for now!)

 

References:

https://communities.vmware.com/message/2301745

http://forums.veeam.com/vmware-vsphere-f24/vsphere-5-5-tests-done-t17869-60.html

 

 

Super Boring EventID Post

A list of the common EventID’s I always want to search for but can never remember.

 

 

Log Name: Security EventID: 4624 – Discover Successful logon account ID’s local or on DCs

Log Name: System Source: bugcheck EventID: 1001 – the computer has rebooted from a bugcheck

Log Name: System Source: EventLog EventID: 6008 – previous system shutdown was unexpected

Log Name: System Source: srv EventID: 2013 – disk is at or near capacity

 

Reduce WINSXS folder size

I hate the C:\Windows\WINSXS folder. The size it takes up is a complete joke even BEFORE apps or windows updates.

These are some of the commands that I have found in the past (with varying success) to try and reduce the size of this rediculous folder.

It is rare that I have run this on a production environment, but on mini test VM’s and prelive stuff havent ever had any issues (depends if the commands even exist or are installed)

USE THESE COMMANDS COMPLETELY AT YOUR OWNRISK, IF YOU BREAK THIS FOLDER YOU WILL MORE THAN LIKELY RUIN YOUR SERVER. ALWAYS HAVE A BACKUP!

From and administrator command prompt try the following to try and reduce WINSXS folder size

  1. vsp1cln.exe
  2. compcln.exe
  3. dism.exe /online /cleanup-image /spsuperseded * (most successful)

or you can even try deleting blobs.bin file and reboot the system, c:\Windows\winsxs\ManifestCache\blobs.bin (only if its really big, and it should regenerate)

USE THESE COMMANDS COMPLETELY AT YOUR OWNRISK, IF YOU BREAK THIS FOLDER YOU WILL MORE THAN LIKELY RUIN YOUR SERVER. ALWAYS HAVE A BACKUP!

James

App-V Error – Application took too long to be ready to interact with the user

Exact Error: The application took too long to be ready to interact with the user, possibly because the system was too busy. Try again in a few minutes. If the problem persists Report the following error code to your System Administrator

Error code: 4604EE8-0B01FE04-0000041E

rtmerror

Solution: seems to be realted to a number of JAVA applications, in this instance it was the Cisco Systems Real Time Monitoring toool

Simply change the OSD file to point to console instead of windows

Change:
<VM VALUE=”Win32″>
<SUBSYSTEM VALUE=”windows“/>
</VM>

To:
<VM VALUE=”Win32″>
<SUBSYSTEM VALUE=”console“/>
</VM>

java_fix_appv

Help Files not working over Network or When under Citrix Published App

We had a stupid applicaiton that published itself from a network share – including the help files.

Windows introduced security for this from Internet explorer to block these from running etc

to change the security for these help files to be displayed follow this

http://support.microsoft.com/kb/896054

 

REGEDIT4
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftHTMLHelp1.xItssRestrictions]
"MaxAllowedZone"=dword:00000001

Domain Join fails with 'network location cannot be reached'

Scenario:  When trying to join a domain with any windows flacour pc or server sometimes you will get the following ambigious error. The network is UP, the machine is pingable and DNS resolves as expected.

Error Message: The Following error occured attempting to join the domain “”: The network location cannot be reached. For information about network troubleshooting, see Windows Help.

 

 

 

 

 

Solution: Ensure that client for microsoft networks is ticked / enabled under the proprties of the ‘domain’ network interface card