XenApp 6.5 Desktop Director 2.1 installation and configuration

Looks like Citrix will be getting rid of the AppCenter console (I still call it CMC :)) for  application management.

They are finally looking into centralizing both application and virtual desktop management with a single interface.  Specially with the next version of XenApp, you will no longer need AppCenter for your app deployments.  You can read more on Project (Avalon) Excalibur Technology on one of my previous posts

Citrix has released a nice install guide to install and configure Desktop Director 2.1 to use with XenApp 6.5 and would like to share it with you.


  • A XenApp 6.5 Farm
  • An available server to install Desktop Director, it can also be added to the XenApp 6.5 Controller
  • An install Media for XenDesktop 5.6 Feature pack 1
  • IIS 7 installed on the server that hosts the Desktop Director
  • .NET Framework 3.5 Sp1
  • Adobe Flash 10.x or above
  • Firewall exceptions for port 80, 2513 and 5985


  • Ensure you have downloaded the ISO for XenDesktop 5.6 Feature pack 1; it is needed this for the DesktopDirector install.
  • If it is not already installed on the operating system, install .NET 3.5 Sp1 and Adobe Flash 10.x or above
  • Mount the XenDesktop ISO and launch the autorun option from the media and select the XenDesktop Option. Agree to the Licensing Agreement on the next page.

  • Select Desktop Director on the Select Components to Install and input the XenApp 6.5 controller FQDN in the Enter the address of the XenDesktop Controller field. Note: If the XenDesktop Controller option is not displayed, you are installing on a XenApp 6.5 server.

  • Click Next, at the install prompt, click the Install tab. When the installation completes, click Close.

  • Open IIS Manager on the Desktop Director Server to be able to log on to the Desktop Director Console. Select the Desktop Director site under Default Web Site

  • Locate Service.AutoDiscoveryAddresses in Application Settings. Double click this option and rename it to Service.AutoDiscoveryAddressesXA and ensure the controller FQDN is present. Note: If you have installed this on a XenApp 6.5 server and you are not able to enter the FQDN of the controller at installation, you can change it from Localhost to Your 6.5 Controller FQDN here, refer following image:

  • Run an IIS reset in the command prompt after the above options are updated. Note: You will be able to log in now, however you will not be able to view user-session specific details yet. You must follow the subsequent steps to be able to log in and view user-session specific details.
  • On the XenApp 6.5 controller, setup the WinRM permissions using a tool in the XenDesktop 5.6 FP 1 ISO (previously called ConfigRemoteMgmt.exe which was used to access information about session).
  • Open the command prompt window, browse to the following directory and run the application <Drive Letter>:\x64\Virtual Desktop Agent\ConfigRemoteMgmt.exe. Use the switch – ConfigRemoteMgmt.exe /configwinrm Domain\User.

The user-session specific information can be viewed if the XenApp 6.5 Controller has its permissions set for remote management.

Note: If you are not setting up certificates on the server for SSL, you can disable the SSL verification by changing the UI.EnableSslCheck to false.

View the original article for more information.


XenApp 6.5 Universal Print Server

Traditionally… one of the biggest hurtles for me over the last 12 years have been around ICA print management (Policies, Universal Printer Driver, native drivers, 3rd party tools, native print spool, Citrix print manager, etc).

Although printing via ICA is now pretty darn good with a combination of native drivers and the Universal Printer technology, I always felt there was a need for a 3rd party tool such as ThinPrint or Tricerat for those special cases.  As you are aware, Citrix released the Universal Printer Server to make printing a lot easier with XenApp 6.5 Hotfix Rollup Pack (HRP01) and now for XenDesktop 5.6 FP1

What is UPS?

The Universal Print Server introduces the EMF functionality to the print server as the client.  Sweet!

That means, again, no native or 3rd party printer driver must be installed on the XenApp server for any printer on the Windows print server. In many environments that should help reduce the installation of printer drivers on the XenApp server dramatically. Having only the Citrix EMF would keep the XenApp farm stable and help with user logon times.

This also resolves two common issues that administrators are faced with today. Leveraging the UPS means the no printer drivers have to be managed on the VDA or XenApp servers at all. Universal Print Servers also can be placed in branch offices to optimize print WAN traffic.

You can read further information on UPS by clicking here as well as Thomas koetzing’s FAQ

Installed correctly?

With the release of Citrix Universal Print Server, Citrix released a new KB article which clearly describes how to check whether Citrix Universal Print Server has been installed and enabled correctly on your XenApp 6.5 HRP01 environment and would like to share with you

  • The Universal Print Server feature comprises a client component – Universal Print Client (UPClient) that needs to be installed on the XenApp server along with Hotfix Rollup Pack 1 (HRP01) that provides the necessary updates implementing support for the UPS. When installed, the two items will appear in the installed programs list in the server Control Panel->Programs->Programs and Features

Note: The Citrix Universal Print Server package also contains Group Policy Management software that Administrators can install on the system from where they wish to manage the UPS policies. It can be a XenApp server (see Citrix Group Policy Management (x64) item).

  • After configuring the use of the UPS and the Citrix Universal Print Driver (UPD) in the relevant Citrix policy rules:

scription: UPS comp policies.png

Review the following registry locations on the XenApp server to verify the implementation:

scription: Ups enable reg3.png

scription: Ups enable reg2.png

In this example, value 2 indicates UPS has been enabled with no fallback to Windows native remote printing.

Installing the UPClient software modifies the print provider order list to be as expected.

escription: Untitled.png

The Citrix universal printing provider module filename and location can be checked here.

  • It is also possible to verify if the Citrix UpProv.dll is in use and loaded into the Print Spooler by issuing the following command in the command line window.

tasklist /m /fi “imagename eq spoolsv.exe”

scription: E:UPS Screen-shotsSpooler loaded dlls.png

Here’s the link to the original document.

Citrix VDI-in-a-Box – 1030 Connection Error


Was helping out a friend with a deployment of Citrix VDI-in-a-Box for their company.  After setting up the environment we kept receiving a 1030 Connection error when accessing the virtual desktops from an external connection which utilized CAG 5.04.  After thinking that some ACL in the firewall was missing and waited around for the network folks to return emails, I noticed a very important step you need to configure inside vdiMgr.

Checked all the usual places
  • Is the STA generated from the vdiMrg in the CAG.
  • Used an SSL checker to see if the SSL was created correctly.
  • Checked that the vDesktop DHCP range is in the ICA access control list on the CAG.
  • CHecked that the correct ports are opened up on the firewall.

I found the issue by looking at the default.ica file from WI, and noticing the “Internal HDX gateway IP Addresses” is wrong inside the ICA file and seeing if it has been marked with the internal IP address.

If you log in to the vdiMgr console and go to advance properties and look under gateways ensure that you have specified the “Internal HDX gateway IP Addresses” which HAS TO point to the internal IP address of the CAG.

Outlook’s taskbar icon occassionally shows as PowerPoint

While working on a XenApp 6.5 project for a large company, I heard from one of the IT Directors that Outlook 2010 was showing the PowerPoint icon in the taskbar… Naturally I immediately attempted to reproduce the issue and was not able to.

Microsoft confirms this bug can affect you in the following scenario.

  • This is only happening on Windows 2008 R2 (Std or Ent Editions)
  • This is happening over RDP and ICA sessions, regardless
  • This is happening to Office 2010 (x64), Office 2007, and Office 2003 suites.

What I noticed after scratching my head a bit, this bug only occurred on the first launch of Outlook in an RDS/XenApp Desktop session.  Once the app was closed and reopened the icon showed the correct Outlook icon.  That is until you logged out and back in again and the PowerPoint icon came back for the initial launch of the app, of course completely randomly.

After doing some research, I was able to find a private hot fix from our friends at Microsoft, after applying the patch the issue was resolved.

Incorrect Outlook icon

New XenApp/XenDesktop preview – Project (Avalon) Excalibur Technology

Citrix has released today the Tech Preview of the new XenDesktop/XenApp version.

Project (Avalon) Excalibur Technology Preview is our next-generation, unified desktop and app virtualization technology that is reinventing the delivery of Windows apps and desktops for mobility in the cloud-era.  The availability of this tech preview will allow Citrix customers and partners to have a first-hand look at a new unified FlexCast infrastructure combining VDI and Hosted Shared desktops and apps from a single platform.

New features include:

  • Simplified, unified, and expanded FlexCast 2.0 architecture New unified FlexCast 2.0 architecture combines simplified and integrated provisioning and personalization tools for both desktops and apps, delivered from either a desktop-based or server-based operating system.
  • Windows Server 2012 and Windows 8 Host Windows 8 VDI desktops or VM hosted applications in addition to Windows Server 2012 server-based desktops and applications. This tech preview also supports Windows 2008R2/SP1 and Windows 7.
  • SuperCodec for Optimized Graphics New enhancements to HDX using Deep Compression Codec technology double the visual performance of desktops and apps to mobile devices dynamically adapting for device type, form factor and network connection while still leveraging the processing power of modern tablets and smartphones
  • Storefront for apps & data Create centralized enterprise app stores to deliver desktops, applications, and other resources to users on any device, anywhere with the Citrix StoreFront.
  • Intelligent configuration tools New intelligent configuration tools for deploying desktops and apps that proactively check configuration errors in real time while streamlining the provisioning of profile management and storefront settings.
  • Delegated Administration Enterprise-class administration model includes role-based access, custom roles with configurable permissions, and fine-grained, object-based control.
  • Advanced Configuration Logging Capture site configuration changes and administrative activities within a single tool, Desktop Studio.  Use Desktop Studio to diagnose and troubleshoot problems after configuration changes are made, assist change management, track configurations, and report administration activity.
  • Personal vDisk Improvements Improve scalability with performance enhancements designed to optimize resource utilization, deliver updates faster with the newly enhanced personal vDisk update process, and experience how an improved architecture increases the number of apps compatible with personal vDisk technology.

With a valid My Citrix ID you can download this Tech Preview here.

XenApp 6.5 / XenDesktop 5.6 Best Practice Policies

One of the most common mistakes that Citrix Engineers make in a XenApp/XenDesktop deployment is not taking the time to fully understand Citrix Policies.  There are several articles such as the XenApp and Desktop Policy Planning Guide and the XenDesktop and XenApp Best Practices Reference Guide I suggest reading.

I been in environments running pretty large farms where policies are not applied at all.  It is very important to take the time to go over these, as you can provide better session control and most importantly a better end user experience, specially when working with high latency connections for remote offices.

The policies below are from a collection of the docs mentioned above, as well as my own experience.

XenApp Baseline User Policy:

Apply this policy as your baseline to all users connecting to your XenApp farm.

ICA\Adobe Flash Delivery\Flash Redirection
Flash acceleration – Enabled
Flash default behavior – Enable Flash Redirection
Flash event logging – Enabled
Flash intelligent fallback – Enabled
Flash latency threshold – 30 milliseconds

Audio Plug N Play – Allow
Audio quality – Medium
Client audio redirection –  Allow
Client microphone redirection –  Prohibit

ICA\Desktop UI
Desktop wallpaper – Allowed
Menu animation – Allowed
View window contents while dragging – prohibited

ICA\File Redirection
Client floppy drives – Prohibit
Client optical drives – Prohibit
Host to client redirection  Disable
Read-only client drive access – Disable
Use asynchronous writes – Enabled

ICA\Port Redirection
Auto connect client COM ports – Disable
Auto connect client LPT ports – Disable
Client COM port redirection – Disable
Client LPT port redirection – Disable

Client printer redirection – Allow
Default printer – Set to client’s main printer
Printer auto creation log preference – Errors
Wait for printers to be created (desktop) – Disabled

ICA\Printing\Client Printers
Auto-create client printers – Default printer only
Auto-generate generic universal driver – Disabled
Client printer names – Standard names
Direct connections to print servers – enabled
Retained and restored client printers – Allowed

Automatic installation of in-bo printer drivers – Disabled
Universal driver usage – Use Universal Printing only if requested driver is unavailable

ICA\Printing\Universal Printing
Universal printing EMF processing mode – Spool to printer
Universal printing image compression limit – Best Quality
Universal printing optimization defaults – Standard Quality
Caching of embedded images
Caching of embedded fonts
Universal printing preview preference – Use for auto-generated and generic

ICA\Session Limits
Linger Disconnect Timer Interval – 5 Minutes
Linger Terminate Timer Interval – 10 Minutes
Pre-Launch Disconnect Timer Interval – 15 Minutes
Pre-Launch Terminate Timer Interval – 30 Minutes

Log shadow attempts – Allow
Notify user of pending shadow connections – Allow
Users who can shadow other users – Defined by security

ICA\Time Zone Control
Estimate local time for legacy clients – Enable
Use local time of client –  Use Client time zone

ICA\TWAIN devices
Client TWAIN device redirection – Enabled
TWAIN compression level – low

ICA\Visual Display\Moving Images
Moving Image Compression – Enabled
Server Session Settings
Session importance – Normal
Single Sign-on – Disabled

XenApp Baseline Computer Policy Setting.

Apply this policy as your baseline to all Servers in your XenApp farm.

ICA listener connection timeout – 120000 ms
ICA listener port number – 1494

ICA\Auto Client Reconnect
Auto client reconnect – Allow
Auto client reconnect authentication – Not required
Auto client reconnect logging – Disabled

ICA\End User Monitoring
ICA round trip calculation – Enable
ICA round trip calculations for idle connections – Disable

Display memory limit   32768 KB
Display mode degrade preference – Degrade Color Depth First
Dynamic Windows preview – Enabled
Image caching – Enabled
Maimum allowed color depth   32 bit
Notify user when display mode is degraded – Disabled
Queuing and tossing – Enabled

ICA\Graphics Caching
Persistent Cache Threshold – 3000000 Kbps

ICA\Keep Alive
ICA keep alive timeout – 60 seconds
ICA keep alives – Enabled

Windows Media Redirection – Allowed

ICA\Session Reliability
Session reliability connections – Prohibited

ICA Shadowing
Shadowing – Allow

License server host name – License Server name
License server port – 27000
Server Settings
DNS address resolution – Enabled
Full icon caching – enabled

Server Settings\Health Monitoring and Recovery
Health Monitoring – Enabled
Health Monitoring tests – Use Defaults (please configure as you see fit.)

Server Settings\Memory/CPU
CPU Management server lever – preferential load balancing
Memory optimization – Enabled
Memory optimization interval – enabled

Server Settings\Reboot Behaviour
Reboot logon disable time – Choose a value to suit your clients
Reboot Schedule frequency – Choose a value to suit your clients
Reboot Schedule start date  – Reboot Schedule Choose first day of the reboot
Reboot Schedule time – Choose time to restart server
Reboot warning interval – Choose interval which the users are notified about pending restart
Reboot warning users – enabled
Scheduled Reboots – enabled

XML Service
Trust XML requests – enabled
XML server port – 8080

XenApp WAN/External User Policy.

Apply this policy for users working from branch offices or remote locations with low bandwidth and/or high latency connections.

ICA\Adobe Flash Delivery\Flash Redirection
Flash acceleration – Enabled

Audio quality –  Medium

ICA\Client Sensors\Location
Allow applications to use the physical locations of the client device – allowed (Tablet Devices)

ICA\Desktop UI
Desktop wallpaper – prohibited
Menu animation – prohibited
View window contents while dragging – prohibited

ICA\File Redirection 
Use asynchronous writes – Enabled

ICA\Mobile Experience
Automatic Keyboard Display – Enabled (Tablet Devices)
Launch touch-optimized desktop – Enabled (Tablet Devices)
Remote the combo box – Enabled (Tablet Devices)

ICA\Printing  Wait for printers to be created (desktop) – Disabled

ICA\Printing\Universal Printing 
Universal printing optimization defaults – Standard Quality
Caching of embedded images
Caching of embedded fonts

ICA\TWAIN devices
Client TWAIN device redirection – Disabled

ICA\Visual Display 
Max Frames per Second – 15 FPS

ICA\Visual Display\Still Images
Extra Color Compression – Enabled
Extra Color Compression Threshold – 8192 kbps
Lossy compression level – High
Lossy compression level threshold value – Unlimited

XenDesktop Shadowing via Desktop Director – WinRM configuration for Windows 7

I think we can all agree that XenDesktop has VMware View beat as far as feature sets are concerned.  One of the best features of a XenDesktop 5.5/5.6 is the Virtual Desktop management via the Desktop Director.  It provides Admins, Support/NOC folks with an excellent overview on what is going on inside your deployment which can be utilized for user connection troubleshooting.  What is really nice, is that it gives you information on user sessions including Audio, USB devices, Flash Redirection, Printing as well as others.  One of the best features is to allow connections (AKA Shadowing) directly to XD sessions.

HDX session information

To use this feature you must configure WinRM, if this is not set up on your XD’s, you will receive the error below when establishing a connection, which will end up in a call at 2:00 AM for the Admins

Remote Assistance Connection issue


Unlike Windows XP, WinRM is installed by default on a Windows 7 desktop so there is no need to install it.

Enabling Offer Remote Assistance Helpers Group

Creating a new GPO and assign it to the OU with the XD AD computer objects.  Edit the group policy and navigate to Computer Configuration –> Policies –> Administrative Templates –> System –> Remote Assistance:


Open up the setting Solicited Remote Assistance, enable the feature and set the following configuration as such:

Permit remote control of this computer: Allow helpers to remotely control the computer

Maximum ticket time (value): 1

Maximum ticket time (units): Hours

Method for sending e-mail invitations: Simple MAPI


Apply the settings, open up the setting Offer Remote Assistance, enable the feature and configure the settings as such:

Permit remote control of this computer: Allow helpers to remotely control the computer

Helpers: domain\domain admins or your preferred group

**Note: that you can set the helpers to any group you choose.



Apply the settings and you should see the following:


Once the GPO has been applied to the desktops, you should now see the group Offer Remote Assistance Helpers listed:



Once you’ve verified that the GPO has been applied, proceed by attempting to shadow a user’s desktop and remote assistance should launch: