Recently I have been having problem with SecureICA 128-bit encryption on Windows Server 2008 x64 with XenApp 5.0. The symptom (and how to replicate the issue) is like this:
1. Install XenApp 5.0 on a Windows Server 2008 x64 server
2. Publish a Desktop from the server
3. Publish an application (let's say notepad.exe) and force 128-bit encryption as the "Minimum Requriement" from this same server
4. Launch the published Desktop from any other Windows client you wish and forced 128-bit encryption from the ICA client
5. From the published Desktop remote session (which is a Windows Server 2008 x64 desktop), laucn Citrix Program Neighborhood from the Start Menu
6. Find an application set and points it to the same server
7. Try to launch the published Notepad.exe created in step 3 earlier, and..
You will NEVER be able to launch this application from the Citrix Program Neighborhood client. The message given will be something like "Higher encryption is required which this client does not support". No amount of tweaking on the client settings will get you pass this problem.
OK, even if you have the published application with high-encryption as the minimum requirement published elsewhere, such as from a CPS4.0 or CPS4.5 servers running Windows 2000 or Server 2003, you will still get the same error message and will not be able to launch it from the published Desktop.
I have reported this case to Citrix Support for more than 2 weeks...and they have yet come back to me.
Update 22-May-2009: Citrix has been able to simulate the problem and provided me a private fix to the PN client on May 14th. They have also mentioned that they will include this fix in the future service pack.
Sunday, May 03, 2009
Thursday, April 30, 2009
Windows Installer Services Error 1719
This error gives a message: "The Windows Installer service could not be accessed"
Let's say you've got an error 1719 when trying to install an MSI package and you follow the solution inhttp://support.microsoft.com/?kbid=315346, and this error still persists. And if you're running Windows Server 2008, you can try this method:
At the command prompt, run this at the C:> prompt:
regsvr32.exe %SystemRoot%\System32\msi.dll
And on an x64 OS, you should also run this:
%systemroot%\sysWOW64\regsvr32.exe %systemroot%\syswow64\msi.dll
This solves the problem I was facing.
Let's say you've got an error 1719 when trying to install an MSI package and you follow the solution in
At the command prompt, run this at the C:> prompt:
regsvr32.exe %SystemRoot%\System32\msi.dll
And on an x64 OS, you should also run this:
%systemroot%\sysWOW64\regsvr32.exe %systemroot%\syswow64\msi.dll
This solves the problem I was facing.
Monday, April 13, 2009
Citrix User Profile Manager - some initial discovery
As I learn how to use this on Windows Server 2008 x64, here are things that I will want to share about Citrix User Profile Manager (CUPM):
1. It is run before the Windows standard Loading user profile, Applying user settings. This means it will be able to save user's Desktop settings such as Desktop Language
2. It does not compress user data in the User Store (the location where the saved profile will be stored). This is not configurable. Compressing user profile and saving a single compressed instance across a network has the benefits of reduced network bandwidth usage and reduce the chances of profile corruption.
3. Only 1 configuration per server. Let's say you have SAP Client and Microsoft Word loaded on a Citrix XenApp server and they are both published. The 1 configuration limit means if you want to just load SAP Client and load only SAP Client-related settings for a session, you must load the whole profile including profile settings for Microsoft Word
4. It is able to read Active Directory User Account Object attributes - e.g. Profile path - to use as the location for the user store. Or you can save the user store in user's HOMEDRIVE environment variable. The default settings in CUPM is to save the User Store in user's Windows folder on the HOMEDRIVE. User Environment Variables are not possible because CUPM runs before Windows' Loading User Profile action is processed
5. Configurations can be done through the AD Group Policy Object, or the local INI file, or the combination of both. GPO settings have the priority
6. To use this effectively, the server should be configured to use Local Profile only. This can be set in the Policy Editor or the Group Policy Object in AD
7. CUPM has the option to delete the cached local profiles when users log off. This will be useful in a Terminal Services environment
8. This can be used anywhere, not only for servers running Citrix XenApp
These are just some of my initial thoughts.
1. It is run before the Windows standard Loading user profile, Applying user settings. This means it will be able to save user's Desktop settings such as Desktop Language
2. It does not compress user data in the User Store (the location where the saved profile will be stored). This is not configurable. Compressing user profile and saving a single compressed instance across a network has the benefits of reduced network bandwidth usage and reduce the chances of profile corruption.
3. Only 1 configuration per server. Let's say you have SAP Client and Microsoft Word loaded on a Citrix XenApp server and they are both published. The 1 configuration limit means if you want to just load SAP Client and load only SAP Client-related settings for a session, you must load the whole profile including profile settings for Microsoft Word
4. It is able to read Active Directory User Account Object attributes - e.g. Profile path - to use as the location for the user store. Or you can save the user store in user's HOMEDRIVE environment variable. The default settings in CUPM is to save the User Store in user's Windows folder on the HOMEDRIVE. User Environment Variables are not possible because CUPM runs before Windows' Loading User Profile action is processed
5. Configurations can be done through the AD Group Policy Object, or the local INI file, or the combination of both. GPO settings have the priority
6. To use this effectively, the server should be configured to use Local Profile only. This can be set in the Policy Editor or the Group Policy Object in AD
7. CUPM has the option to delete the cached local profiles when users log off. This will be useful in a Terminal Services environment
8. This can be used anywhere, not only for servers running Citrix XenApp
These are just some of my initial thoughts.
Thursday, March 19, 2009
Silently install XenApp 5.0 on Windows Server 2008
How do you deploy XenApp 5.0 on hundreds of Windows Server 2008 x64 silently? The strategy here is to deploy XenApp 5 on all the servers first, with its local farm (temporary). After that, an administrator can join the server to a farm by using the 'chfarm.exe' command.
From XenApp source downloaded from Citrix, copy the DVD image to a share network location. And install XenAp 5 with the following command. I put this into a CMD file so it is easier to modify as necessary. This CMD file is kept in the root directory of the source files:
msiexec /i "%~dp0XenApp Server\w2k8x64\mps.msi" REBOOT="ReallySuppress" CTX_MF_REBOOT="No" /qb /l*v "c:\temp\xenapp.log" AcceptLicense="Yes" CTX_FARM_SELECTION="Create" CTX_NEW_FARM_NAME="NewFarm" CTX_USER_NAME="administrator" CTX_DOMAIN_NAME="" CTX_MF_LIC_CHOICE_FOR_CREATE="DontKnow" CTX_IMA_PROTECTION_ENABLE="0" CTX_CREATE_FARM_DB_CHOICE="Local" CTX_MF_LICENSE_SERVER_PORT_DEFAULT="1" CTX_LOCAL_DATABASE="Access" CTX_MF_SHADOWING_CHOICE="Yes" CTX_MF_SHADOW_PROHIBIT_REMOTE_ICA="No" CTX_MF_SHADOW_PROHIBIT_NO_NOTIFICATION="Yes" CTX_MF_SHADOW_PROHIBIT_NO_LOGGING="Yes" CTX_XML_CHOICE="separate" CTX_XML_PORT_NUMBER="80" CTX_MF_SERVER_TYPE="E" CTX_RDP_DISABLE_PROMPT_FOR_PASSWORD="Yes" TRANSFORMS="%~dp0CTXUpdate.mst"
You will note that at the TRANSFORMS parameter, it's specifying a file called "CTXUpdate.mst". This is to resolve issue that some installation could take up to 45 mins in an environment with multiple domains and multiple domain trusts. The article in Citrix describes this issue. I would advise that you obtain this MST from Citrix.
Installation of Citrix Presentation Server 4.5 Hotfixes May Appear to Hang - http://support.citrix.com/article/ctx115754
Note that this only install XenApp server. This does not install Citrix Management Console which you will need to configure the farm.
What this command does are:
1. Installs XenApp 5 with a local datastore using Access
2. Does not specify a license server
3. Adds the default local 'administrator' as the farm administrator
4. Enables shadowing feature with notification
5. Creates a local Citrix farm named 'NewFarm'
6. Records the installation in a log file in C:\TEMP\XenApp.log
7. Supresses post-installation restart
You would probably need to add more pre-install and post-install commands to this CMD. For example, you may want to create C:\TEMP first. Or make sure that the registry key "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\ica-tcp" does not exist. If this key exists, your installation will fail.
What about Windows Server 2008 x86? Its MPS.MSI is also in the Citrix DVD image under the folder 'XenApp Server\w2k8'.
From XenApp source downloaded from Citrix, copy the DVD image to a share network location. And install XenAp 5 with the following command. I put this into a CMD file so it is easier to modify as necessary. This CMD file is kept in the root directory of the source files:
msiexec /i "%~dp0XenApp Server\w2k8x64\mps.msi" REBOOT="ReallySuppress" CTX_MF_REBOOT="No" /qb /l*v "c:\temp\xenapp.log" AcceptLicense="Yes" CTX_FARM_SELECTION="Create" CTX_NEW_FARM_NAME="NewFarm" CTX_USER_NAME="administrator" CTX_DOMAIN_NAME="" CTX_MF_LIC_CHOICE_FOR_CREATE="DontKnow" CTX_IMA_PROTECTION_ENABLE="0" CTX_CREATE_FARM_DB_CHOICE="Local" CTX_MF_LICENSE_SERVER_PORT_DEFAULT="1" CTX_LOCAL_DATABASE="Access" CTX_MF_SHADOWING_CHOICE="Yes" CTX_MF_SHADOW_PROHIBIT_REMOTE_ICA="No" CTX_MF_SHADOW_PROHIBIT_NO_NOTIFICATION="Yes" CTX_MF_SHADOW_PROHIBIT_NO_LOGGING="Yes" CTX_XML_CHOICE="separate" CTX_XML_PORT_NUMBER="80" CTX_MF_SERVER_TYPE="E" CTX_RDP_DISABLE_PROMPT_FOR_PASSWORD="Yes" TRANSFORMS="%~dp0CTXUpdate.mst"
You will note that at the TRANSFORMS parameter, it's specifying a file called "CTXUpdate.mst". This is to resolve issue that some installation could take up to 45 mins in an environment with multiple domains and multiple domain trusts. The article in Citrix describes this issue. I would advise that you obtain this MST from Citrix.
Installation of Citrix Presentation Server 4.5 Hotfixes May Appear to Hang - http://support.citrix.com/article/ctx115754
Note that this only install XenApp server. This does not install Citrix Management Console which you will need to configure the farm.
What this command does are:
1. Installs XenApp 5 with a local datastore using Access
2. Does not specify a license server
3. Adds the default local 'administrator' as the farm administrator
4. Enables shadowing feature with notification
5. Creates a local Citrix farm named 'NewFarm'
6. Records the installation in a log file in C:\TEMP\XenApp.log
7. Supresses post-installation restart
You would probably need to add more pre-install and post-install commands to this CMD. For example, you may want to create C:\TEMP first. Or make sure that the registry key "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\ica-tcp" does not exist. If this key exists, your installation will fail.
What about Windows Server 2008 x86? Its MPS.MSI is also in the Citrix DVD image under the folder 'XenApp Server\w2k8'.
Sunday, May 25, 2008
Restoring Citrix Universal Print(er) Driver (CPS4.0)
Let's see...I've spent 3 months engineering a deployment for Citrix Presentation Server 4.0 and the support people accidentally removed the Citrix Universal Print Drivers from the installation, what do I advise them to do? One way to restore the driver is Repair the MSI package from the Add/Remove Programs. This works perfectly but what if they will complain to you that they do not want to repeat this for about 600 servers?
Well I can say that to do that you will have no way but to repair it. Citrix support articles do not have a single entry that will make your life easier. So after cracking my head and researching for a couple of days, I have a solution (yeah!)
A few things you'll need:
1. A bare server (I use Windows 2000 Advanced Server because that's what my company uses)
2. Citrix Presentation Server 4.0
3. And finally - Microsoft Print(er) Migrator 3.1(http://www.microsoft.com/WindowsServer2003/techinfo/overview/printmigrator3.1.mspx)
Note: even though it is called Print Migrator, when you run the tool, the window title says "Printer Migrator"
First you will need a bare server, with no CPS 4.0 and no printer drivers, then install CPS4.0 on it. You will see that it now has several drivers when you look at them in Control Panel -> Printers then access menu File -> Server Properties -> Drivers tab...
I'll continue with this later...
Buy some video games for your XBOX360, PS3, Wii here! Play-Asia.com -
Play-Asia.com - Your One-Stop-Shop for Asian Entertainment
Well I can say that to do that you will have no way but to repair it. Citrix support articles do not have a single entry that will make your life easier. So after cracking my head and researching for a couple of days, I have a solution (yeah!)
A few things you'll need:
1. A bare server (I use Windows 2000 Advanced Server because that's what my company uses)
2. Citrix Presentation Server 4.0
3. And finally - Microsoft Print(er) Migrator 3.1(http://www.microsoft.com/WindowsServer2003/techinfo/overview/printmigrator3.1.mspx)
Note: even though it is called Print Migrator, when you run the tool, the window title says "Printer Migrator"
First you will need a bare server, with no CPS 4.0 and no printer drivers, then install CPS4.0 on it. You will see that it now has several drivers when you look at them in Control Panel -> Printers then access menu File -> Server Properties -> Drivers tab...
I'll continue with this later...
Buy some video games for your XBOX360, PS3, Wii here! Play-Asia.com -
Play-Asia.com - Your One-Stop-Shop for Asian Entertainment
Sunday, February 10, 2008
Saturday, September 15, 2007
NetworkService Account
I found some information about this service account: http://msdn2.microsoft.com/en-us/library/ms684272.aspx
Monday, September 10, 2007
How to resolve Error 26005: Could not start IMA Service in CTX_MF_IMA_StartIMAService State = 1
On Windows 2003 Server, you may get this error during Citrix Presentation Server 4.5 installation.
Citrix is aware of this error and posted an article about this error. But...this article on Citrix does not help at all. It does not give a resolution that works.
http://support.citrix.com/article/entry.jspa?entryID=11800
So how did I work around this problem manually?
Simple, just pause the installation immediately after the installation process says installing SNMP agent for Resource Manager. Then launch the Service Manager (services.msc) and you will see a service named "Citrix Independent Management Architecture". Change the logon account of this service to "Local System" from "Network Service". Then resume the installation.
I do not know what this Network Service account is.
And if you want to deploy this to multiple servers then I guess just author a Windows Installer transform to modify the installation so that the server will use "Local System". I think that's it but I have to explore more about this approach...
Tuesday, September 04, 2007
Tuesday, August 14, 2007
How to enable Windows Terminal Services home drive redirection on Windows 2000.
User’s home location, specified in the user Active Directory account object, normally points to a network location. However, this reconnection takes up a considerable amount of time during user logon. A feature available within the Microsoft Windows system allows the server to redirect the user’s home location to a local drive. But this feature is available as a default for Microsoft Windows Server 2003 and above. All is not lost for Windows 2000 as Microsoft has provided a feature fix for users of Windows 2000.
What is required here is that a Microsoft-provided patch can be applied to a Microsoft Windows 2000 Server to take advantage of this feature. The Hotfix description can be obtained from http://support.microsoft.com
This hotfix can be applied to the server and home location re-direction setting can be configured in the Windows Registry. Details follow:
Hotfix Executable: Windows2000-KB843261-v3-x86
Settings applied:
Key: HKLM\Software\Policies\Microsof
t\Windows NT\Terminal Services Value
WFHomeDir
Type
REG_SZ
Data
E:\DataHomedrives
Description
This configures the home location for all users that log on to the server
Value
WFHomeDirDrive
Type
REG_SZ
Data
H:
Description
Drive letter for the mapping if the WFHomeDir is a network location. This is not required but here we set it to H:
Value
WFHomeDirUNC
Type
REG_DWORD
Data
0x0
Description
This indicates if the data set in the ‘Value’ above is a UNC path
E:\DataHomedrives must be configured to give the server local ‘users’ group read/write permissions.
With this configured, E:\DataHomedrives will be filled with folders and files for each unique users that log on to the servers. These folders and files are temporary. Therefore, for housekeeping purpose, a script can be incorporated into the server startup file to perform regular clean up.
The registry values above can be applied via the Active Directory Group Policy objects when you want to manage it centrally on a collection of servers.
Monday, August 13, 2007
Fifth-generation video game consoles in Malaysia
Nintendo Wii, Playstation 3, and Micorsoft XBOX 360 are not available in Malaysia while countries like Singapore and South Korea already have all of them launched since early this year. The main reason is because of the relatively high software piracy rate. This deters game manufactures and producers from wanting to plant their presence in a market which does not have mature intellectual property protection.
1st Generation - Atari, NES2nd Generation - Super NES, Sega Saturn
3rd Generation - Playstation
4th Generation - Microsoft XBOX, Playstation 2
5th Generation - Nintendo Wii, XBOX 360, Playstation 3
Saturday, August 11, 2007
Adapting to changes for survival
Giant super- and hypermarkets are losing out to the competitions because of silly regulations that they impose on customers. Such regulations will drive customers away. For example, they prohibit customers from taking any forms of bags including backpacks into the shopping areas. Also, no cameras allowed...but they let people with mobile phones (with camera better than some older Point & Shoot's) in! What dinosaur is that?
And most importantly, their prices are most often the most expensive no matter how hard they try to fool us.
Subscribe to:
Posts (Atom)