Citrix consultant, Certified Expert, Citrix Technology Professional
Mike Streetz is a Citrix Consultant who works with everyone from small businesses to large enterprises to help their users get work done via Citrix Virtual Apps and Desktops. He has been working in the Citrix space for over 10 years.
Mike knows that your users don’t want long logon times, don’t want long waits for files and don’t enjoy when “Citrix is slow”. His job is to help you get the most out of your Citrix environment.
Mike has worked with clients to optimize user experience by using tools such as FSLogix alongside Citrix ADC with Global Server Load Balancing to point users to the fastest site to serve their needs.
Mike is a Citrix Technology Advocate, CUGC Leader of the Los Angeles chapter, Citrix Certified Professional in Citrix Cloud, Virtual Apps and Desktops and Citrix ADC and holds the Azure Administrator Associate certification. He has previously spoken at the Ruxcon security conference in Australia.
I’ll be at Citrix Summit 2015 next week in Las Vegas in an attempt to do some real life networking and also pass my networking certification in Citrix Netscaler 10.5.
This is my first trip to Vegas, so it should be loads of fun!
I’d really love to meet up with anyone who is able to provide a work shadowing or volunteer opportunity in San Francisco while I’m there from February to May. I’d also love to chat to anyone about their experiences integrating XenMobile and Sharefile through Netscaler.
If you’re heading to the con you can find me through the Summit Mobile app (android) (iphone) by searching for Mike Brown or hit me up via Linkedin.
As many of you know, Web Interface is dying the true death in 2015. That doesn’t stop people from asking me to set up their netscalers in front of it.
You think given how long both of these things have been around that there would be pretty comprehensive guides on how to do this.
You’d be wrong.
If you have your netscaler in 2 arm mode this becomes even more complicated. I’ll outline the issues I went through, and how to resolve them.
The biggest issue you’ll likely face is that once you think you’ve got everything set up you’ll log in and all will look fine, the LDAP auth will complete but then you’ll get a 401 unauthorized error. This is coming from the internal web interface. The reason for this is probably because you can’t resolve the FQDN of the gateway. Or if you can, it resolves to the internet facing IP and for whatever reason (firewalls, etc) the traffic doesn’t make it’s way back to you.
The way around this is to create another gateway with an internal IP, and either create a hosts file or update your internal DNS to point internally.
Check your XenApp server application event logs for any errors, the main one will probably be due to SSL certificates. Make sure your intermediate certs are in the chain, this is the most common mistake that will break things. You’ll see an error saying that you can’t establish a trusted link. Once you get all this working you’ll probably come across another poorly documented error.
You’ll now be able to see the internal web interface with the published app icons, but clicking on them won’t do anything. You’ll never get an ica file and the client won’t launch.
The reason for this is because by default when you create a new site in Web Interface it will bind the Handler Mappings to the latest version of .Net. What we need to do is bind it to .Net2. This is outlined in the following citrix support article: http://support.citrix.com/article/CTX123921
Don’t forget to set your servers to trust XML requests, as these will now be coming from your netscaler gateway.
Once you change this you should have get an ica file and your client should then launch.
Congrats, you’ve now replaced your relatively simple secure gateway box with a far more complicated netscaler express gateway VPX!
At a client site I came across something that I hadn’t seen before whereby Server 2008 R2 would reserve almost half of the available RAM for system devices and call it Hardware Reserved RAM.
Out of 46 Gig available, 20 was assigned to system devices of which 10 GB was assigned to a block of PCI-e ports.
Having never come across this before I decided to dig around a bit deeper.
Opening up the Device Manager and changing the view to be Resources by connection, it was then possible to see the different memory blocks that were allocated.
From this screenshot we can see the PCI bus has about 10GB of RAM allocated.
Exactly why it’s doing this or how to fix it is something I’ve yet to work out.
This article goes into detail about how to see what’s using your memory, but doesn’t explain why this would happen on a 64bit operating system. More research is required, I’ll post back any findings.
Begin a PowerShell session by clicking the blue icon on the taskbar or browsing to Start > All Programs > Accessories > Windows PowerShell > Windows PowerShell (On 64-bit systems, this starts the 64-bit version. Either the 32-bit or 64-bit versions will work fine though.)
Type Asnp Citrix.* and press Enter. This loads the Citrix-specific PowerShell modules. (Asnp is short for Add-PSSnapin).
Run the Citrix cmdlets.
To list all of the ones available, run Get-Command –Module Citrix.*
Help might be obtained on any cmdlet by running Get-Help <cmdlet> such as Get-Help Get-BrokerDesktop (additional details might be obtained by adding on the –examples, -detailed, or –full switches)
The command you want to export a list of XenDesktop VDIs to CSV with PowerShell is as follows:
Did you know you can Troubleshoot problematic sessions using Citrix UPM?
You can! Citrix User Profile Manager keeps useful logs on lots of things but wht you may not realise is that it also keeps a log of the last servers a user successfully logged in to.
This info can be useful for troubleshooting stuck sessions and profile issues, especially when your Citrix Delivery Services Console isn’t forthcoming in showing the session that is stuck.
When you get users calling and reporting they can’t log in or are having issues with their profile just have a look inside the users citrix upm profile at their PMCompatibility.ini file.
This will show you the last server the user logged in to, and from there you can see if their session quit properly or if there is a lock on any files in their profile on that server that stopped it unloading.
It’s pretty easy to just to add in new accounts here or change the password field of an existing account.
Delete everything in the password field between the “” and replace it with a palintext password. (you’ll be promted to change it, just keep it simple)
Change passwordExpired= to “true”
Restart the licensing service.
Log in with your account and password you created. It should ask you to change it. This new password gets encrypted and stored in place of the old plaintext one you put in.
Don’t add extra line breaks in this file or it won’t work.
Some older versions of licensing server used to leave the plaintext passwords in there, yet another reason to upgrade to 11.11.1