Application launch process in XenApp 6

Posted on December 18, 2012 by Murugan B Iyyappan

The application listing and displaying process is as follows:

1. A user launches the Web Interface, it returns the logon page.
2. When the user types in credentials, it is forwarded from XML then to IMA service in HTTP (or HTTPS) form.
3. The IMA then forwards the credential data to local Lsass.exe (lsass.exe” is the Local Security Authentication Server. It verifies the validity of user logons to your PC or server).
4. The Lsass.exe encrypts the credentials then passes them to the domain controller.
5. The DC returns the SIDs (user’s SID and the list of group SIDs) to Lsass.exe and to IMA.
6. IMA used the SIDs to search the Local Host Cache (LHC) for a list of applications and the Worker Group Preference policy for that authenticated user.
7. The list of the applications together with the user’s worker group preference policy are returned to the Web Interface.
8. The Web Interface returns the web page to the web browser with the list of applications

The application launch process is as follows:

1. When a user clicks the application icon, the selected application data is passed back to WI.
2. Web Interface passes the application information together with the user’s Worker Group Preference policy back to IMA on the XML broker server.
3. It then forwards to the IMA service on the Zone Data Collector.
4. The Zone Data Collector tries to find out a least loaded server according to the Worker Group preference list.
5. When it finds the least loaded server, it sends a query to the Citrix Service Manager of that server to verify whether the server has the required application installed, if the answer is yes, it then provides this server’s host ID to the XML broker.
6. The XML broker translates this host ID into it’s IP address by searching the LHC.
7. The IP address is then provided to Web Interface and it creates the ICA file.
8. The ICA file is then returned to Web browser on the client machine.
9. Citrix online Web plug-in uses the ICA file to launch an ICA connection to the least loaded XenApp server.
10. The XenApp server launches the application for the user

 

Posted in Citrix XenApp | Tagged , , , , , , | Leave a comment

Installing Windows 8 in VHD with Windows 7

Posted on October 2, 2011 by Murugan B Iyyappan

It is really amazing that now we can boot our computer between the existing Windows 7 installation or Windows 8 without sacrifice disk space!

Using a Dynamic Virtual Hard Disk (VHD), you can install Windows 8 to a single file that is stored on your Windows 7 file system, and then boot directly from that Virtual Hard Disk.

We can choose to load either your existing OS or the new Windows 8 at boot time. We are not doing an in-place upgrade nor doing a rebuild but a new install of Windows

It will not work in the following scenarios…

  • If you are using BitLocker on your windows 7 Computer
  • If you are using Windows XP as your current operating system and can only (officially) use this on an existing Windows 7 or Windows 2008 R2 computer.
  • When making the VHD, make sure the “maximum size” that you specify is less than the actual size of your disk.

Let’s download Windows 8 here and browse the BuildWindows.com web site.

Boot from the Windows 8 media to launch the installer. Before clicking “Install Now”, hit Shift+F10 and the command prompt will appear.

Now create the VHD that will be the Windows 8 drive. Run “diskpart” from the CMD window, and then execute the following commands to diskpart:

  1. list disk – This shows your currently attached hard disks.
  2. select disk 0 – Select the disk where the current Windows 7 is installed.
  3. list vol – Show all the volumes that exist on that disk.
  4. create vdisk file=”d:\Windows8.vhd” maximum=20000 type=expandable – This creates a Dynamic VHD that can grow to ~20GB in the root of my Windows 7 partition.
  5. select vdisk file=”d:\Windows8.vhd” – after selecting this vdisk, the following commands will apply to it
  6. attach vdisk – The VHD will be mounted and the disk will be available to the windows installer
  7. exit – Exit diskpart

Close the Command Prompt and return to the Install Windows wizard and click Install Now. Now we should see a new Disk 1 listed with Unallocated Space. We’ll get notice “Windows cannot be installed to this disk” but the Next button is enabled. (Windows is great!). Once the installation is complete and gets reboot, we will see a new boot loader that asks you to “Choose an operating system” and we can select either the new install of Windows 8 or (Windows 7) existing OS. Now we can browse around Windows 8 on the Native hardware! Even though it is running from a VHD we can also still access files on your Windows 7 disk.

Can’t figure out how to shut down?

Take the mouse cursor to the bottom left corner of the screen and a small start menu will appear. Click on Settings, then Power and choose Shutdown.

Posted in Citrix XenApp, Citrix XenDesktop | Tagged , , , , , , , , | 1 Comment

Troubleshooting Client Drive Mapping

Posted on June 19, 2011 by Murugan B Iyyappan

This article will give you a vast idea about many common client drive mapping inquiries and issues along with their respective explanation or resolution.

Client Drive Mappings Do Not Create For Any User

  • If the ICA-tcp port properties are set to “Inherit User Config” make sure the Active Directory profile for the users having the issue have the “Connect client drives at logon” box checked. (Which is the default setting.)

  • Ensure the option to disable client drive mappings on the ICA-tcp listener in Terminal Services Configuration is not enabled. A Group Policy may gray out the check box selection.

  • Removable drives must be inserted / attached to the client computer before the ICA connection. After the removable drive is inserted / attached, ensure the client is not reconnecting to a disconnected session or that the drive is not being restricted by a policy.
  • For Windows 2000 and 2003 Terminal Server Installations, ensure the following registry entry exists and that the process, wfshell.exe, is running inside the session:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
    Key Name: AppSetup
    Value: Cmstart.exe
    CTX983798 – What Does the CMSTART Command Do?
  • Ensure the Client Network Service is started. Do not attempt to restart the Client Network Service when there is an existing ICA connection to the server. If the Client Network Service does not appear within services, verify that the key, CdmSerivce, and its subcatergories, Enum and networkProvider, along with their values are present under:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.
    Check another working server for proper registry settings.
  • Ensure the RPC Service is started.
  • Ensure that Client Network is visible under Network Neighborhood. If it is not, follow the steps listed below:

a. Start Registry Editor (Regedt32.exe) and go to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
The value for ProviderOrder contained only LanmanWorkstation.
Add CdmService, so that the Value now reads “CdmService,LanmanWorkstation.”

b. For Presentation Server 4.5, ensure the path defined under the CommonFilesDir value from HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion is correct.

c. Restart the server

  • Ensure Cdmprov.dll is in the \system32 directory.
  • Ensure Microsoft files Mpr.dll, the Multiple Provider Router dll, and Mup.sys (the Multiple UNC Provider driver) are present.
  • Does drive mapping fail for the administrator? If not, ensure users have sufficient rights to the dlls, exes, and registry settings outlined in this section.
  • Does the command chgcdm /default work?
  • Does the command net use * \\client\c$ work? If it does not, a System Error 67 appears.
  • Is a local Windows 2000/2003 policy “Strengthen default permissions of global system objects” disabled? If so, Enable this policy or apply Citrix Hotfix XE104W2K3R01 / MPSE300W2K3R03 or the Operating System equivalents. Citrix Presentation Server 4.0 includes the fix.
  • Check the event log for CDM error messages.
  • Can a similar function be performed in a Microsoft network scenario?
  • Verify that the Cdm.sys file is in the \Program Files\Citrix\System32\drivers directory.
  • For Terminal Server 4.0 installations, check to see if the following registry entry exists:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
    Key Name: Userinit
    Value: Ctxlogon.exe
  • If using Web Interface, does the template.ica or default.ica file have a value of CDMAllowed=Off (for Presentation Server Client version 9.x or earlier) or CDMAllowed=False (for Presentation Server Client version 10.x or later)
  • CTX117481 – Manually Mapped Client Drives are not Mapped when Reconnecting to a Disconnected Session
 
 

Configuring Server Drive Letters For Client Drive Mapping

The Citrix XenApp plugin/ICA Client supports client drive mapping functionality. Client drive mapping allows users logged on to a XenApp server from a client device to access their local drives transparently from the ICA session. Client devices can transparently access files contained on the local machine and data can be cut and pasted between local and remote sessions using the clipboard. During the initial installation of XenApp, the administrator is prompted to modify the server drive letter assignments to avoid conflicts with user drive letters (except with Windows Server 2008 where drive remapping is not supported).

CTX457309 – MetaFrame/Presentation Server Drive Remapping Best Practices

The default drive letters assigned to client drives start with V and work backwards assigning a drive letter to each fixed disk and CD ROM. (Floppy drives are assigned their existing drive letters.) This method yields the following drive mappings:

Client drive letter Is accessed by the Citrix server as
A A
B B
C V
D U

If the Citrix server drive letters do not conflict with client drive letters, the client drive letters can be accessed with their existing drive letters. So that the Citrix server drive letters do not conflict with the client drive letters, you need to change the server drive letters to higher drive letters. For example, changing Citrix server drives C to M and D to N allows client devices to access their C and D drives directly.

How to Map Client Workstation Network Drives in an ICA Session

Use the Net Use command in a logon script to map client network drives, even when the Citrix Management Console policy is enabled. For design and performance reasons, if the client mapped network drive is accessible on the network from the Citrix server, Citrix prefers that you do not following the solution below and that the network drive be mapped in a regular Windows NT logon script.

The below point items are valid for all versions of XenApp.

  • During logon, the ICA Client informs the server of the available client drives, COM ports, and LPT ports.
  • Client drive mapping allows drive letters on the Citrix server to be redirected to drives that exist on the client device; for example, drive H in a ICA user session can be mapped to drive C of the local computer running the Citrix ICA Client. These mappings can be used by the File Manager or Explorer and your applications just like any other network mappings. Client drive mapping is transparently built into the standard Citrix device redirection facilities. The clients disk drives are displayed as share points to which a drive letter can be attached. The Citrix server can be configured during installation to automatically map client drives to a given set of drive letters. The default installation mapping maps drive letters assigned to client drives starting with V and works backwards, assigning a drive letter to each fixed disk and CD-ROM. (Floppy drives are assigned their existing drive letters.)
  • You can use the net use and change client commands to map client devices not automatically mapped at logon.
    Here is the command and syntax:
    net use y: \\client\c$
    where y is the drive letter in a session and c is the client drive letter you want to map.

Presentation Server 4.0 with Hotfix Rollup Pack 1 automatically maps Network Drives. [From PSE400W2K3R02][#127532]: “Network drives for client devices incorrectly map automatically as local client drives.”

How to Disable Specific Client Drive Mappings such as the A: drive

Perform the following steps:

  • Open the Module.ini file in a text editor (for example, Notepad) on the client device. In most cases, this file is in the \Program files\Citrix\ICA client directory.
  • Add the following entry to the end of the [ClientDrive] section:
    DisableDrives =A,D,F
  • Save the changes and exit the text editor.
  • Restart the ICA Client and establish a connection to the Citrix server.

This entry prevents the client side drive letters A, D, and F from being mapped. The entry is not case-sensitive. If someone attempts to map a “disabled drive” through the client network within an ICA session (that is, net use * \\client\D$), the following error message appears: “System Error 55 has occurred. The specified network resource is no longer available.”

The same restriction can be applied to an .ica file (used with published applications) by adding “DisableDrives=” in the [Wfclient] section. Again, use a text editor to make this change.

Another solution is to enable a policy through the management console.

How to Map Only One Client Drive at Logon

  • From Terminal Services Configuration, double-click your connection type.
  • Select Client Settings.
  • Clear Inherit user config.
  • Clear Connect Client drives at Logon.
  • Click OK.
    Note    : Do not select Disable Client Drive Mapping; this will disable all future client drive mappings.
  • Create a logon script (.bat file) in the following format:
    net use y: \\client\c$
    where y is the drive in a session and c is the client drive you want to map.
    Note    : This does not permanently disable clients from mapping another drive when they are logged on.

How to Map Client Drives in Ascending Order

By default, when server drives are not remapped (C and D) or the above initialclientdrive registry value is set, client drives are mapped in descending order. See “Configuring Citrix Server Drive Letters for Client Drive Mapping” for more information. The methodology explained in “How to Map Only One Client Drive at Logon” can be used to create the mapping in ascending order.

How to Make the Server Drives Appear as a Client Drive When Using the PassThrough Client

From the 6.20.986 ICA Win32 Client ReadMe:

Client drive mapping on the pass-through client was restricted to the drives on the client device. The client could not map local or network drives configured on the MetaFrame server in a pass-through session.

Local or network drives configured on the MetaFrame server can now be mapped by the pass-through client.

For version 9.xx, open the Module.ini file in a text editor and add the following line to the [ClientDrive] section of the file: NativeDriveMapping=TRUE

For version 10.xx

  • Run Regedit.
  • Navigate to:
    HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive
  • Create the Reg Value: NativeDriveMapping
    Reg Type: REG_SZ
    Add the Value: True
  • When this flag is set, the client drives on the client device are not mapped and are not available. The drives configured on the MetaFrame server are mapped and are available to the pass-through client.
    CTX126763 – Client Drive is Not Mapped Using ICA Client Version 12 as Pass-Through Client

@echo off
rem *
rem * Wait on redirector to connect client drive.
rem * In this case, we are using the V: drive as the client C:.
rem * We also need something to look for on the client drive.
rem * Adjust the settings accordingly.
rem * echo Connecting…
:Delay
DIR %homedrive% /w > V:\tag.txt
IF EXIST V:\tag.txt GOTO :Connected
goto :Delay :Connected
DEL V:\tag.txt
START /NORMAL /WAIT Explorer.exe

Files saved to a client drive is successful but the file is corrupt or the saved file reports an invalid memory location.

If the client drive or disk does not have enough space, the file copy passes but the file is truncated or the file will not copy and gives an invalid memory location error.

Client Drives content may disappear in Windows Explorer and at a command prompt when applications open more than 20 file handles

Add the bolded entry to the Module.ini [ClientDrive] section. The Module.ini is in the \Program Files\Citrix\ICA Client directory.

MaxOpenContext = (A number ranging from 21 to 1024.)

Example:

[ClientDrive]
DriverName = VDCDM30.DLL
DriverNameWin16 = VDCDM30W.DLL
DriverNameWin32 = VDCDM30N.DLL
MaxWindowSize = 6276
MaxRequestSize = 1046
CacheTimeout = 600
CacheTimeoutHigh = 0
CacheTransferSize = 0
CacheDisable = FALSE
CacheWriteAllocateDisable = FALSE
MaxOpenContext = 50
DisableDrives =


Note: The default is 20 file handles per drive. If it becomes necessary to increase this number, it is possible there is a handle leak with the applications accessing the client drives.

Cannot Save Word97 Docs with Long Filenames to Citrix Drive A:

When the File Open or Save As dialog box is opened, Word brings up the last drive letter used. If that drive was a remote share, Word starts a search for the correct remote share at drives C through Z, because drive letters A or B are not usually referenced as network shares. If Word cannot find the correct remote share, it makes a new connection with a NULL local drive name.

Saving Long Filenames with the DOS Client

The standard 8.3 format must be used in saving to local drives with the ICA DOS Client. The Citrix server does not physically write the file, rather, the ICA DOS client is sent the file and the ICA Client writes it. Thus, the ICA Client cannot write a long filename because the DOS operating system does not support long filenames.

Internet Explorer 5.0 saves HTML pages with all images by creating its own directories and file names. These file names are long file names that are not compatible with the DOS Client.

Posted in Citrix XenApp, Citrix XenDesktop | Tagged | Leave a comment

Troubleshooting Slow Logons in Citrix

Posted on June 19, 2011 by Murugan B Iyyappan

Perform steps 1 through 3 with the same user account:

1. Log on from the Terminal Server console. In a load balanced environment, it might be necessary to log on to multiple Terminal Servers.

2. From a workstation on the LAN, log on to the Terminal Server with an RDP or ICA desktop session. Again, in a load balanced environment, it might be necessary to log on to multiple Terminal Servers.

3. If applicable, from a workstation on the WAN, log on to the Terminal Server with an RDP or ICA desktop session. Again, in a load balanced environment, it might be necessary to log on to multiple Terminal Servers.

Important: Steps 1 through 3 will give you a good idea as to whether or not the logon issue is strictly related to MetaFrame or is more likely a profile, logon script, network, or other user environment issue.

4. For profile issues, remove any references to a profile path from the Terminal Server and/or user profile path within User Manager for Domains, Active Directory users and computers, or Computer Management. Alternatively, create a local account directly on the Terminal Server to ensure the profile is being loaded directly from the server. Retest the logon time.

Note: New user accounts, accounts without a local profile, and anonymous accounts need to generate a local profile upon logon. The creation of the original profile might take time. It might be necessary to log on a second time when troubleshooting a profile issue.

5. For logon script issues, remove any references to a logon script within User Manager for Domains, Active Directory users and computers, Computer Management, or any sort of computer or group policy. Creating a local account directly on the Terminal Server and testing might be worth the time.

6. Network issues, such as Font Searching might cause slow logins on Terminal Server are often difficult to troubleshoot and find. Network monitors/sniffers and other third party utilities such as regmon and filemon from http://www.sysinternals.com can be used for these issues.

The issue described above was resolved by the following:
In some cases, the logon process on a Terminal Server might be very slow because an application is searching for fonts. Applications that might cause this problem include NWScript.exe and Lotus CC:Mail.
Network traces on such systems revealed that a process running on the Terminal Server is searching for fonts by name during the logon process and not finding them. Performing the following steps might succeed as a solution:

a. In the system Control Panel, click the Environment tab.

b. In the system variables section, click the variable Path.

c. Add the following to the end of the string in the Value field at the bottom of the panel:
;%SystemRoot%\Fonts

d. Click Set. Your changes take effect immediately.

7. The ICA Clients Bitmap Cache directory has an excessive amount of files stored in it. Delete the files in the Bitmap Cache directory for the ICA Client that you are using.

8. Printer autocreation affects logon time.
User workstations, FAT clients, defined with Novell print queues might experience a logon delay from three to six minutes when autocreating printers

9. If drive A is being queried, try disabling client drive mapping. If logon performance improves as a result of client drives not mapping during logon, see CTX238200 – Troubleshooting Client Drive Mapping.

10. If an older client version is faster than a newer version, it might be related to a new or altered client feature. It might be necessary to disable and then re-enable the new features to troubleshoot the issue.

11. Check the session for a possible hung process. Check with the vendor of the process to further troubleshoot the issue.

• CTX106049 – Published Application Sessions Take 60 Seconds to Log Off when Windows 2003, Service Pack 1 is Installed.

12. For published applications, investigate, within the Management Console, the checkbox on the Client Option property for Printing: Start this application without waiting for printers to be created and CTX111403 – Delayed Application Launch

13. If applicable, disable session reliability. CTX104147 – Explaining ICA Session Reliability, Common Gateway Protocol, on TCP Port 2598.

14. CTX110552 – Slow Logons Caused by Ctxnotif.dll

15. CTX106618 – Application Launch Performance is Slower when Applications are Launched into an Isolation Environment

16. Investigate whether Auto Client Update is slowing down the logon process. This is enabled by default and can be disabled within the ICA settings of Program Neighborhood.


 
Posted in Citrix XenApp | Tagged , , , | Leave a comment

Troubleshooting Citrix Slow Performance Issues

Posted on June 19, 2011 by Murugan B Iyyappan

External File Server Performance

External file servers, especially servers holding roaming user profiles can cause significant delays;

Symptoms: Long pause / very slow / hangs at logon ‘Loading Your Personal Settings”

Long logon delays often indicate issues with remote file access; namely GPO’s and Profile data if roaming profiles are used. The duration of the delay often effects all users on a particular server.

To Diagnose: Use userenv.dll debugging. http://support.microsoft.com/kb/221833, Log file is located under %Systemroot%\Debug\UserMode\Userenv.log.

Solution: Watch out for ‘Srv’ events in the System Event Log with Error code ‘2022’; see the following KB article for more details: http://support.microsoft.com/kb/317249

Microsoft does not support the use of PST files across a network. This can cause significant performance issues to file servers hosting them. Please refer: http://blogs.technet.com/askperf/archive/2007/01/21/network-stored-pst-files-don-t-do-it.aspx

If you’re hosting PST files on the same server as your profiles you’ve more than likely found your problem. I would suggest separating the profiles and PST files on separate servers. Profile access needs to be quick to ensure smooth logons.

Active Directory Access

Slow access to domain controllers, namely Global Catalogue (GC) servers can cause significant delays in logon as group memberships are referenced and permissions are established from the Active Directory.If you have only a single domain in your forest each Domain Controller can be setup as a GC server. In a multi-domain forest you should ensure that the Infrastructure Master FSMO role is not placed on a GC. The first DC in a domain is always automatically configured as a GC, subsequent DC’s are not.

Symptoms: Long pause / delay / hang / slow at logon “Applying computer settings” and loading Logon Scripts

To Diagnose: Use userenv.dll debugging and check the log file located under “%Systemroot%\Debug\UserMode\Userenv.log”

Solution: Setup dedicated DC’s; DC’s are central to yourActive Directory Domain. Quick access for LDAP queries is essential for performance. Running print/file server roles on these servers is simply not smart and not reccommended.

 Citrix Server Hardware / Number of Users Per Citrix Server

There are many myths about the number of users you can effectively have on a single Citrix server. Single server can handle 60 users without any issues what so ever. There isn’t a Citrix reccomended number of users per server. This limit is dictated by the applications your user operates during their session. The only way to find out what your Citrix servers can handle is to test them.

Symptoms: High CPU/ Memory / Page File usage on all Citrix servers within a farm.

To Diagnose: Create a performance benchmark using the built in Window Performance counters.

Solution: Setup and introduce further servers into a farm. Unless you’re seeing high CPU/RAM usage there is little point in adding more servers to the farm.

Logon Scripts

It’s worth noting at this point a poor logon script can cause more problems than the few issues it may automatically fix. Avoid, where possible, calling network applications held on File servers – these shares will be in high demand at peak hours and could cause delays. Script type: We are not going to get into which is better and which is worse programming language wise. 

Symptoms: Long pause after the ‘Applying your personal settings’ box disappears.

To Diagnose: Test a user account with the same profile settings other than logon script; ensure it has no logon script.

Solution: Scale back / Streamline your scripts where possible. 

Network Adapter Configuration

Symptoms: Running Citrix Presentation Server 4.5 on Windows Server 2003 we might have experienced delays of up to 5 minutes for some user accounts whilst logging on. Specifically the logon would get stuck at ‘Loading your personal settings.’

Solution: The cause was simple; a network configuration mismatch. The switch to which the serevr was connected was configured for auto, as was the server. The link infact had auto-negotiated to 10Mb Half Duplex. Forcing the server to 100Mb Full-Duplex reduced logon to around 15 seconds.This can be explained by the use of roaming profiles. The delay was caused by the slow NIC configuration. This means that copying users roaming profiles took up to 5 minutes prior to logon.

 Antivirus Configuration

Symptoms: Generally slow performance across all applicationsand file access.

To Diagnose: TEMPORARILY disable all anti-virus components (especially the on-access scanner and any application filters/buffer overflow protection)

Solution: You should configure the anti-virus on-access scanner as follows:

• Scan on write events only
• Scan local drives only
• Exclude the pagefile from being scanned
• Exclude the Print Spooler directory to improve print performance
• Exclude the \Program Files\Citrix folder from being scanned
• If ICA pass-through connections are used, exclude the user‘s XenApp Plugin bitmap cache and the XenApp Plugin folders

Session Latency

Symptoms: Slow responses when entering text into applications. Refresh of application GUI appears slow, menus etc appear ‘sluggish.’

To Diagnose: Use the Metaframe Servers SDK (MFCOMSDK) v2.3 tool; smcconsole.exe. Using this tool you can view individual sessions bandwidth utilisation and latency. This tool is incredibly useful when troubleshooting issues regarding session performance. Session latency can also be viewed using the WMI performance counters for ICA Session that are installed when Citrix is installed on a Windows Server.

Speed Screen Configuration

Symptoms:  Slow responses when entering text into applications

Solution: An often overlooked setting is Speedscreen. Speedscreen will significantly improve the speed at which applications appear to respond to text input from a thin user. You should configure speed screen and replicate settings across the server farm.

Posted in Citrix XenApp, Citrix XenDesktop | Tagged , , , | 1 Comment