Citrix for HelpDesk staff

There is an awful lot of technical documentation out there for engineers and admins but not a lot of you are first level IT support.

What I get asked for a lot is a run sheet for support staff to quickly troubleshoot the most common Citrix issues. Now Citrix has gotten a lot better over the years to the point where you may not even have issues on a day to day basis anymore.

But for those time that you do, here is a brain dump of links and some helpful tips that I’ve pulled together from existing Citrix documentation.


Sample Call Script

Steps Details
1 Name of Customer, particular site or location if possible.
2 Name of User, department, Logon ID and callback number.
3 Do any other users at the site experience the same issue?  Can they have a colleague logon from same and/or different workstation?  Helps to determine whether this is a workstation issue vs. user account issue.
4 Identify workstation name or Inventory ID.
5 Name of Application attempting to access.
6 Review high level steps taken to authenticate.  This validates that steps are performed correctly.
7 Can user see the Web Interface or authentication page?  Can users see other web pages, such as  This helps to identify and troubleshoot network issues.
8 Does user see the appropriate icon?  Helps to troubleshoot user access and group memberships.
9 Does application launch when icon is selected?  Does the application logon screen appear?  Helps to determine if a connection is made into Citrix architecture.
10 Can user authenticate into the application?  Does the issue occur after application authentication? Helps determine if this is a Citrix infrastructure vs. Application Issue.
11 What is the application error(s)?  Provide a screenshot.
  Question Answer
Contact Number /Email
Contact Preference (Phone/Mail)
Resident Office
Current Location
Current Time Zone
Severity of the incident
# of affected users
Name of affected application
Description of the incident <Provide Screenshot / Video when escalating>
Troubleshooting performed
  Question Answer
Client name
Client IP
Client hardware type
Client OS
Version Citrix Receiver
Name of XenApp Server / virtual desktop
Name of PubApp / PubDesktop
User’s issue See these suggestions:
Logon takes a long time or fails intermittently or repeatedly Diagnose user logon issues
Application is slow or won’t respond Resolve application failures
Connection failed Restore desktop connections
Session is slow or not responding Restore sessions
Video is slow or poor quality Run HDX channel system reports


  • Remember that Citrix Printing policies and Group Policy Objects can alter printing behavior.
  • Printer property changes are stored in the end-user profile on the Server OS machine.
  • Endpoints do not inherit changes until the end user logs off and back on.
  • The Citrix Universal Print Server uses auto-discovery to connect network printers when enabled.
  • The Universal print driver usage policy determines whether to use only the Windows-native driver or only the Universal print driver.
  • The Universal print driver can print to any client-side printing device.
  • Proximity printing defines the IP address range of connected end users in order to automatically provide them access to network printers in the same range.
  • Proximity printing is a form of session printing, restricting network printers enumerated during a session.

By default, end users can add network or client-defined printers using the Windows Add Printer wizard. Such printers are auto-retained and enumerated at the start of the next session, if the printing policy allows.

By default, end users of thin clients and non-Windows plug-ins cannot add printers to their sessions.

Common Issues and Resolutions

  • End users see or print to another end user’s autocreated client printer.
    • Verify the end-user’s membership to the Domain, Local Administrators, or Power Users group.
  • Print jobs are garbled or fail to print.
    • Verify the printer driver name for the client is the same as the one for the server. If not, map the driver names. Remove incompatible printer driver, restart the Citrix Print Manager service and use the Citrix Universal print driver instead.
  • Network printers are not available in the session.
    • Verify that you applied the Session printers policy rule to the session. Verify that a higher priority policy does not conflict with lower-level policies. Use the net use command from the end-user device to verify permissions to the print server.
  • Session appears to stop responding at startup when end users disconnect from the network.
    • Verify that network printers are attempting to autocreate for the end user and then set the Auto-create client printers policy rule to Auto-create local client printers only for mobile users.
  • The Universal Print Server does not appear.
    • Verify the Universal Print Server is enabled. Ensure the OS is Windows Server 2008 or later.
  • Printers no longer in use are still created in sessions.
    • Verify that you have uninstalled all unused drivers.


Hopefully by following these links it is enough to get your helpdesk staff up to speed on what Citrix is and how to troubleshoot the major issues they are likely to run in to. If you have any additional resources please let me know via the (moderated) comments.

Netscaler Express Gateway VPX & Web Interface

As many of you know, Web Interface is dying the true death in 2015. That doesn’t stop people from asking me to set up their netscalers in front of it.

You think given how long both of these things have been around that there would be pretty comprehensive guides on how to do this.
You’d be wrong.

If you have your netscaler in 2 arm mode this becomes even more complicated. I’ll outline the issues I went through, and how to resolve them.

The biggest issue you’ll likely face is that once you think you’ve got everything set up you’ll log in and all will look fine, the LDAP auth will complete but then you’ll get a 401 unauthorized error. This is coming from the internal web interface. The reason for this is probably because you can’t resolve the FQDN of the gateway. Or if you can, it resolves to the internet facing IP and for whatever reason (firewalls, etc) the traffic doesn’t make it’s way back to you.
The way around this is to create another gateway with an internal IP, and either create a hosts file or update your internal DNS to point internally.
Check your XenApp server application event logs for any errors, the main one will probably be due to SSL certificates. Make sure your intermediate certs are in the chain, this is the most common mistake that will break things. You’ll see an error saying that you can’t establish a trusted link. Once you get all this working you’ll probably come across another poorly documented error.

You’ll now be able to see the internal web interface with the published app icons, but clicking on them won’t do anything. You’ll never get an ica file and the client won’t launch.
The reason for this is because by default when you create a new site in Web Interface it will bind the Handler Mappings to the latest version of .Net. What we need to do is bind it to .Net2. This is outlined in the following citrix support article:
Don’t forget to set your servers to trust XML requests, as these will now be coming from your netscaler gateway.

Once you change this you should have get an ica file and your client should then launch.
Congrats, you’ve now replaced your relatively simple secure gateway box with a far more complicated netscaler express gateway VPX!



PNAgent URL Value location for Receiver 3.4

For Receiver 3.4, Citrix in their infinite wisdom have taken away the abilty to change the PNAgent URL Value location with a registry string value and have now stored it as a binary key inside HKCUSoftwareCitrixPNAgent “Configuration Model 000″.
You can use a script to read and edit it,
or the citrix tool to just read it.

The easiest way is to set it up on a clean machine and just export the key. The easier way would have been for Citrix not to make your old GPOs that edited the registry useless.




Hardware Reserved RAM inside a Virtual Machine?

At a client site I came across something that I hadn’t seen before whereby Server 2008 R2 would reserve almost half of the available RAM for system devices and call it Hardware Reserved RAM.
Out of 46 Gig available, 20 was assigned to system devices of which 10 GB was assigned to a block of PCI-e ports.

Windows Server 2008 System Reserved RAMHaving never come across this before I decided to dig around a bit deeper.

Opening up the Device Manager and changing the view to be Resources by connection, it was then possible to see the different memory blocks that were allocated.

From this screenshot we can see the PCI bus has about 10GB of RAM allocated.

Device Manager RAM usageExactly why it’s doing this or how to fix it is something I’ve yet to work out.

This article goes into detail about how to see what’s using your memory, but doesn’t explain why this would happen on a 64bit operating system. More research is required, I’ll post back any findings.

Export a list of XenDesktop VDIs to CSV with PowerShell

Export a list of XenDesktop VDIs to CSV with PowerShell
Have you ever wanted to export a list of XenDesktop VDIs to CSV with PowerShell?

I wanted to do this just recently but had trouble finding the relevant info, so hopefully this helps someone out.

Make sure you have the Citrix Powershell SDK installed. The PowerShell SDK is installed by default on XenDesktop 5 Controllers.

From the Citrix Knowledge Center article Getting Started with PowerShell in XenDesktop 5

Begin a PowerShell session by clicking the blue icon on the taskbar or browsing to Start > All Programs > Accessories > Windows PowerShell > Windows PowerShell (On 64-bit systems, this starts the 64-bit version. Either the 32-bit or 64-bit versions will work fine though.)

Type Asnp Citrix.* and press Enter. This loads the Citrix-specific PowerShell modules. (Asnp is short for Add-PSSnapin).
Run the Citrix cmdlets.
To list all of the ones available, run Get-Command –Module Citrix.*

Help might be obtained on any cmdlet by running Get-Help <cmdlet> such as Get-Help Get-BrokerDesktop (additional details might be obtained by adding on the –examples, -detailed, or –full switches)

The command you want to export a list of XenDesktop VDIs to CSV with PowerShell is as follows:

Get-BrokerDesktop -AdminAddress servername -MaxRecordCount 1000 -DesktopKind Private | sort desktopgroupname | export-csv “outputfile.csv

Items in bold can be changed to required values.

Hope this saves you some time searching!

Troubleshoot problematic sessions using Citrix UPM

stuck session
Did you know you can Troubleshoot problematic sessions using Citrix UPM?

You can! Citrix User Profile Manager keeps useful logs on lots of things but wht you may not realise is that it also keeps a log of the last servers a user successfully logged in to.
This info can be useful for troubleshooting stuck sessions and profile issues, especially when your Citrix Delivery Services Console isn’t forthcoming in showing the session that is stuck.

When you get users calling and reporting they can’t log in or are having issues with their profile just have a look inside the users citrix upm profile at their PMCompatibility.ini file.
This will show you the last server the user logged in to, and from there you can see if their session quit properly or if there is a lock on any files in their profile on that server that stopped it unloading.



Hacking Citrix Licensing Server password files

Hacking Citrix Licensing Server password files is fairly trivial…

Hacking Citrix Licensing Server password files

Open up C:Program Files (x86)CitrixLicensingLSconfserver.xml in your editor of choice and you’ll see several entries such as

<user firstName=”-N/A-” id=”DOMAINUser” lastName=”-N/A-” password=”(ENC-01)longencryptedstring” passwordExpired=”false” privileges=”admin” type=”domain-admin”/>

It’s pretty easy to just to add in new accounts here or change the password field of an existing account.
Delete everything in the password field between the “” and replace it with a palintext password. (you’ll be promted to change it, just keep it simple)
Change passwordExpired= to “true”
Restart the licensing service.
Log in with your account and password you created. It should ask you to change it. This new password gets encrypted and stored in place of the old plaintext one you put in.

Don’t add extra line breaks in this file or it won’t work.

Some older versions of licensing server used to leave the plaintext passwords in there, yet another reason to upgrade to 11.11.1

Citrix XenApp 6.5 Links

I’ve been doing a heap of work with a new Citrix XenApp 6.5 deployment using single sign on, here are a bunch of links that helped me get everything up and running.

Citrix XenApp 6.5 from HiMikeBrown.comConfigure Pass-through Authentication for Citrix XenApp 6.5

Citrix Profile Management and VDI – Doing it Right!
Some useful stuff about getting folder redirection working.
Configure URLs for online plugin

A Field Guide to XenApp 6.5 Session Pre-Launch
This gives a great explination of what pre-launch is too.

XenApp applications won’t launch in a PVS environment with multiple network interfaces

Removing hidden or ghosted devices from a Windows virtual machine (2010145)
Useful if you’ve cloned or P2Ved a machine.

How to Set Up Session Sharing Precedence Over Load Balancing in a XenApp Farm
Useful for prelaunch and when you have non concurrent licensing.

Automatic creation of user folders for home, roaming profile and redirected folders
Why you would try to do this manually I don’t know.

Security Recommendations for Roaming User Profiles Shared Folders

Load balance XML brokers through Netscaler
How to fix the latency issue with load balanced XML Brokers through netscaler (TL;DR enable UDP 137 to your virtual server IP)

Understanding Citrix XML Broker
A good overview of how all the XML bits work

How to Use the Command Line to Install the Version 11.2 Plug-in or Later
Pretty much required to get SSO working (unless you’re running the Enterprise version)

Why You Shouldn’t Install Citrix Receiver on Citrix XenApp
Only true if you don’t use session pre-launch!

Reduce application launch time with Session Pre Launch

XenApp 6/6.5 Profile Optimization

Customize the default local user profile when preparing an image of Windows
This seems like way more of a pain in the ass than it needs to be.

To specify a template or mandatory profile for Citrix User Profile Manager

UPMConfigCheck Tool