Advertisements

Hide XenApp Full Desktop/XenDesktop icons from WI 5.4 Services site

While working on a new XenApp 6.5 implementation, we decided to deploy “XenApp Full Desktops” (AKA Poor Man’s VDI)¬†with published apps, and XenDesktops all talking to a single XenApp Service Site (AKA PNAgent) -> behind multiple Services Site load balanced by the NetScaler that is ūüôā

When you use single XenApp Services site to manage both XenApp and XenDesktop environments, or you‚Äôre providing published desktop and applications from your XenApp farm and XenDesktops,¬†you’ve¬†probably noticed that your users will get the Full Desktop icon and/or XenDesktop in their start menu.

Picture below shows me connected to a XA 6.5 Full Desktop running Citrix Receiver 3.4 Enterprise (I know 30MBs per user session).  The issue here is why should I see the XenApp Desktop icon when I am already connected to it?

full_desk_pna

Environment:

  • Windows 2008 R2
  • Citrix XenApp 6.5¬†Hotfix Rollup Pack 2 / XenDesktop 5.6 <- (I know, not XD 7 yet)
  • PVS 6.1.16
  • StoreFront 2.0 / Web Interface 5.4

Solution:

Follow the instructions on CTX123969  which shows how to hide Published Applications, however keep in mind the goal here is not to hide published apps, but rather hide desktops from both XenApp and XenDesktop.

Replace the code with the following:

java.util.ArrayList filtered = new java.util.ArrayList();

 for (int i=0; i<resources.length; i++) {
 if (!(resources[i] instanceof com.citrix.wing.webpn.DesktopInfo)) {
 filtered.add(resources[i]);
 }
 }
resources = (ResourceInfo[]) filtered.toArray( new ResourceInfo[0] );
Advertisements

Disable StoreFront 1.2 Desktop auto launch feature

In the good old days of traditional Web Interface, everything you did in the GUI was reflected back in the WebInterface.conf file usually located under C:\inetpub\wwwroot\Citrix\NameOfYourSite\conf\.  After a while, there was no reason to open the GUI and making modifications to your WI became a very speedy process.  Specially when you had several WI sites.

A lot has changed with StoreFront, however you can still control many aspects of the interface by editing files inside the web installation directory since the GUI is now missing.

What I am really wondering now, is how this will play a role with the Citrix NetScaler Web Interface feature, where it allows you to import the 5.4 WebInterface.conf file directly into the NetScaler and run WI on it. ¬†Time will tell I guess…

With StoreFront, when both desktops and applications are available from a site, Receiver for Web displays separate desktop and application views by default. Users see the desktop view first when they log on to the site. Regardless of whether applications are also available from a site, if only a single desktop is available for a user, Receiver for Web attempts to automatically start that desktop when the user logs on.

To change these default settings, edit the site configuration file.
  1. On the StoreFront server, use a text editor to open the web.config file for the Receiver for Web site, which is typically located in the C:\inetpub\wwwroot\Citrix\storenameWeb\ directory, where storename is the name specified for the store when it was created.
  2. Locate the following element in the file.
    <uiViews showDesktopsView="true" showAppsView="true" defaultView="desktops" />
    
  3. Change the value of the showDesktopsView and showAppsView attributes to false to prevent desktops and applications, respectively, being displayed to users, even if they are available from the site. When both the desktop and application views are enabled, set the value of the defaultView attribute to apps to display the application view first when users log on to the site.
  4. Locate the following element in the file.
    <userInterface ... autoLaunchDesktop="true">
    
  5. Change the value of the autoLaunchDesktop attribute to false to prevent Receiver for Web from automatically starting and accessing a desktop when a user logs on to the site and only a single desktop is available for that user.

For additional customizations of StoreFront configuration file, see this Citrix article

Speeding up the new StoreFront 1.2 (CloudGateway Express)

StoreFront 1.2 was just released on 07.31.12. ¬†After reading it’s benefits, I figure I set it up for a POC and see how it behaves with a new XenApp 6.5¬†environment. ¬†You can read on the benefits¬†here. ¬†The one thing I noticed, it is extra slow.

The first change comes from the Citrix Forums which dictates to disable NetBIOS over TCP/IP. To disable NetBIOS over TCP/IP, open the Advanced Properties dialog for TCP/IP on each network interface as shown in the screenshot.

DisableNetBIOSoverTCPIP

Apparently, the need for NetBIOS communication is a prime contributor to the slow enumeration events. Once I made this change the enumerations were lightning fast, but the initial logon page was still slow to load.

In the old days, the sloooow logon page loading was caused by the .NET Framework not  staying resident in memory; however, with Web Interface 5.4 and IIS 7, the Idle Time Out value on the Web Interface App Pool is set correctly to 0 by default, which keeps the .NET Framework loaded. So I went looking for another solution.

I found the answer at Alexander Ervik Johnsen’s website. (Later I discovered it is also a Citrix KB article.) I made the following changes on both the Microsoft.NET\Framework and Microsoft.NET\Framework64 directories:

  1. Check in IIS for the ASP.net version that is in use with the Web Interface application pool, which should be version 2.0.50727
  2. Edit the ASPNET.CONFIG file(C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet.config)
  3. Add the following GeneratePublisherEvidence line to the runtime section of the ASPNET.CONFIG file as shown
    <runtime>
    <generatePublisherEvidence enabled=‚ÄĚfalse‚ÄĚ/>
    </runtime>
  4. Run IISRESET for force a reread of the ASPNET.CONFIG file

Once I made those changes to the ASPNET.CONFIG file, my Web Interface login page loaded in about 3 seconds. I was quite surprised at the difference only those two changes made to the response time of the Web Interface servers.

After making the changes above the darn thing is actually ready for a POC.

 

Limit users to XD/XA resources in Web Interface 5.4

Let’s take a look at how we can limit access to multiple Farms via Citrix Web Interface 5.4

In the example below… I will be configuring a Web Interface Services Site (PNAgent) in preparation to allow mobile users access to XenApp/XenDesktop via mobile devices such as the iPad, iPhone and Android (yuck). For details on how to configure a Service Site go to the following link.

As you probably know, there are several ways of limiting access via the NetScaler AGEE, however the new CAG Standard edition (5.0.x) has a limitation when utilizing basic logon points.

Solution:

  • Create your AD groups such as CitrixXenAppUsers and CitrixXenDeskUsers
  • Create a new Web Interface Service Site (PNAgent) such as PrivateCloudPNA
  • Configure your new site with access to your Farms, in this case XenApp6.5 and a XenDesktop 5.6
  • Configure your site to utilize your CAG, with Gateway access
  • Configure your Access Gateway basic logon point to forward to your new site “PrivateCloudPNA
  • Ensure you can launch published Apps and Desktops
  • Edit your WI site by opening the WebInterface.conf file located under C:\inetpub\wwwroot\Citrix\NameOfYourSite\conf\
  • Search for Farm1Groups and remove the “#”
  • Set Farm1Groups=nameofyourdomain\CitrixXenAppUsers
  • Since we have a XenDesktop farm in this example, we also need to set access to it by entering¬†Farm2Groups=nameofyourdomain\CitrixXenDeskUsers
Now lets get fancy… go to the Citrix Mobile Receiver URL Generator and create a link that you can email the mobile users. ¬†This will automatically configure the Citrix Receiver (after installing it of course) to your newly created site.

Web Interface 5.4 and XenApp 6.5 pass-through authentication

There is stuff about this all over the web.  After collecting a lot of data from various sources I figure I put it all together in a simple to follow set of instructions.

Problem: 

You configure pass-through authentication in Web Interface, but while it works through the login page, you find that you are promoted to enter credentials via the XenApp 6.5 server’s Windows 2008 R2 login screen when launching a published application.

I was able to test this with all Citrix Receivers (3.0, 3.1, 3.2)

  • Lets start with the WI settings and make sure you set you have one of your Authentication Methods to Pass-Through. ¬†In my case, I also selected Explicit to allow users to authenticate as another account if needed.

  • Next simply install the Citrix Receiver 3.x and reboot
  • Once the system is back up, make sure the Citrix SSO service is running.

The hard part is done, unless your AD person is named Omar.

Now lets get that Citrix Client ADM imported so we can create a GPO to allow this.  In the example below I did this based on a computer policy.

  • From a computer that is installed with the Receiver client, open the Group Policy Object Editor. Click on¬†Start¬†>¬†Run¬†and enter¬†gpedit.msc.
  • In the Group Policy Object Editor, right-click¬†Administrative Templates.
  • Click¬†Add/Remove Templates.
  • Browse to the C:\Program Files\Citrix\ICA Client\Configuration folder and add the icaclient.adm file.

  • Expand¬†Computer Configuration¬†>¬†Administrative Templates¬†>¬†Citrix¬†Components¬†>¬†Presentation Server Client¬†>¬†User Authentication.
  • On the right pane, select¬†Local User name and password.
  • Right-click and¬†enable¬†the policy for pass-through authentication. This policy is applied to all users logging on to this workstation.
  • To apply GPO settings on a per-user basis, configure the settings under User Configuration. Expand¬†User Configuration¬†>¬†Administrative Templates¬†>¬†Citrix Components.

  • Run¬†GPupdate¬†on the workstation to apply the policy immediately. ¬†Since this is a Comp policy you may have to reboot.
  • Log off and log on again.
  • Check the Task Manager on the workstation to verify that the ssonsvr.exe process is running.

PS4.0 Farm hosted on Citrix Web Interface 5.4

Well just started working in a new company and for some reason, they still have PS4.0 running in Prod…

By default, Citrix Web Interface 5.4 will not allow for PS4 connectivity. However there are some tricks you can do to get this working

  • Go to the site’s root normally located under C:\inetpub\wwwroot\Citrix\NameOfSite\conf\
  • Open WebInterface.conf
  • Look for the RequireLaunchReference syntax
  • Set the setting to “Off” (RequireLaunchReference=Off)

Once that is done, you will be able to open PS4.0 apps directly from your WI 5.4 implementation for both CSG (CAGs/NetScalers) or direct WI connections.

If you are utilizing the new Receiver Client, you may run into an issue where apps do not open. I did run into it on one of my Windows Laptops (Mac worked as usual :P)

  • Uninstall all Citrix Online Plugins or Receiver
  • Delete folder c:\program files\citrix
  • Delete following registry key : HKLM/HKCU/Software/Citrix
  • Install Citrix client

More Citrix Web Interface 5.4 customizations

I recently accepted a job in a large enterprise company… I had to put the developers hat on and customize a new set of Web Interface 5.4 sites I set up. ¬†I don’t know, but I can not leave the standard stuff up. ¬†Where is the fun in that? ūüėõ

Well after working on the site I found many places where it makes sense to modify a bit of code. ¬†Below is what I changed. ¬†The end result looks great. ¬†I also made a ton of changes to the web webinterface.conf file. ¬†Will post those as a new post as it will be a little lengthy… ūüôā

Lets stat by editing the logout process of WI. ¬†When a user log’s off, you have to click once again to relog in. ¬†Why do that? ¬†Instead you can redirect WI to go directly to the logon page (Makes sense right?)

Well here is the process

** Edit the Loggedout.aspx file in C:\inetpub\wwwroot\Citrix\sitename\auth

All the way at the end… make sure you have the following syntax

// A new Session will have been created for this page request as it has already been

// abandoned while logging out.

// Abandon this new session otherwise the session will remain active until timeout.

// Avoid session fixation by checking that it’s a new session which is abandoned

if (wiContext.getWebAbstraction().isNewSession()) {

wiContext.getWebAbstraction().abandonSession();

}

Response.Redirect(“login.aspx?CTX_FromLoggedoutPage=1”);

%>

** Now lets get some funky stuff going…

The file below is under your Citrix site root’s \app_data\include\fullstyle.inc

Fullstyle.inc Edits:

**Remove CTX tagline ‚Äď only use if not changing tagline text. Otherwise, see ‚ÄúChange CTX Default Tagline Text‚ÄĚ below.

#hor1izonTagline {

color: #F2F2F2;

font-size: 180%;

font-weight: normal;

margin: 50px 0 0 0;

padding-bottom: 10px;

text-align: center;

display: none;

}

** Remove all footer images and text (this includes the HDX and Citrix logos, and also any Footer text you may have specified in the Web Site Appearance Wizard)

#footer img

{

padding: 0 8px;

vertical-align: middle;

display: none;

}

.horizonPage #hdxLogo {

display: inline;

display: none;

}

.horizonPage #footer p {

color: #F2F2F2;

display: none;

}

**Change SysMessage text size and bold

#sysMessage

{

width: <%=wiContext.getString(‚ÄúPageWidth‚ÄĚ)%>;

margin: 0 auto;

padding-top: 8px;

font-size: 12px;

font-weight: bold;

}

<%

// The width is set shorter than the background width

%>

#sysMessage p

{

text-align: left;

padding: 10px 0;

font-size: 14px;

font-weight: bold;

}

**Change Tagline to smaller font

#horizonTagline {

color: #F2F2F2;

font-size: 120%;

font-weight: normal;

margin: 50px 0 0 0;

padding-bottom: 10px;

text-align: center;

}

Graphics Changes:

**Replace CTX XenApp top logo with YourLogo.png

  • replace \media\CitrixXenApp.png
  • replace \media\CitrixXenAppLoggedoff.png

**Remove computer screens graphic

  • rename \media\Devices.png to Devices_orig.png
  • rename \media\Devices.gif to Devices_orig.gif
  • rename \media\DevicesLoggedoff.gif to DevicesLoggedoff_orig.gif
  • rename \media\DevicesLoggedoff.png to DevicesLoggedoff_orig.png

Misc. Changes:

**Change CTX default tagline text

  • copy \program giles\citrix\web interface\5.4.0\languages\accessplatform_strings.properties to \inetpub\wwwroot\citrix\<site name>\languages.
  • Edit file:
    • #HorizonTagline=Your Windows desktops and apps on demand ‚Äď from any PC, Mac, smartphone or tablet.
    • HorizonTagline=<Whatever you want here>

**Add logo to Login box (Thanks Jon Woods!)

\inetpub\wwwroot\Citrix\XenApp\app_data\include\loginMainForm.inc
<% // LoginType set to Explicit, but only if it is allowed
if (viewControl.getExplicitDisabled()) {
%>
value=‚ÄĚ”>
<% } else { %>
value=‚ÄĚ<%=WIAuthType.EXPLICIT%>‚ÄĚ>
<% } %>
<%
}
%>
<% // added table row and cell for logo %>
<table>
<tr><td rowspan=‚ÄĚ6‚Ä≥ valign=‚ÄĚTop‚ÄĚ align=‚ÄĚleft‚ÄĚ><img src=‚ÄĚ../media/Your Logo Filename Here.png‚ÄĚ alt=‚ÄĚ”></td></tr>
<% // end table row and cell for logo %>
<%
if (viewControl.getShowLoginTypeOptions()) {
%>

**Add the desktop Viewer (Drop-down toolbar) to Virtual Desktops (Be careful, this has been known to mess with Dual Displays):

In the sites webinterface.conf file, add line ‚Äď ‚ÄúShowDesktopViewer=On‚ÄĚ

**Override the styles:

read the posting on this forum string from “efontan512″. Really good stuff.

**Add logo to top left:

\inetpub\wwwroot\Citrix\XenApp\app_data\include\header.inc
before:
<div id=‚ÄĚheaderWrapper‚ÄĚ>
<div id=‚ÄĚheader‚ÄĚ>
<table id=‚ÄĚheaderLeft‚ÄĚ cellspacing=‚ÄĚ0‚Ä≥>
<tr>
<%
after:
<div id=‚ÄĚheaderWrapper‚ÄĚ>
<div id=‚ÄĚheader‚ÄĚ>
<table id=‚ÄĚheaderLeft‚ÄĚ cellspacing=‚ÄĚ0‚Ä≥>
<tr>
<td>
<img id=‚ÄĚheaderLogo‚ÄĚ src=‚ÄĚ../media/AtosLogoHeader.png‚ÄĚ alt=‚ÄĚSeiten-Header‚ÄĚ title=‚ÄĚ”&gt;
</td>;
<%