You can easily automate the installation of Citrix StoreFront but what about the initial configuration. Perhaps you have multiple StoreFront server groups that you need to deploy and dont want to go through the hassle of running through the initial installation wizard when you open Citrix StoreFront for the first time.

Using a minimal amount of Powershell you can automate the initial Store creation process without having to open the StoreFront UI at all.

Pre-requisites:
You need to have the set-executionpolicy set to unrestricted or similar to run non Microsoft based cmdlets in powershell.

Once you have the powershell pre-req’s covered you need to import the relevant powershell snapin’s by running the following command:

./”C:\Programs\Citrix\Receiver StoreFront\Scripts\ImportModules.ps1″

You can make the above part of a script if you like to make the powershell deployment even more fantastical.
Now all you need to do is customise and run the following powershell command.

set-dsinitialconfiguration -hostbaseurl https://loadbalancedurl.domain.local -farmname auto -port 80 -transporttype HTTP -sslrelayport 443 -servers @(“test.local“; “test2.local“) -loadbalance $false -farmtype “XenDesktop” -storevirtualpath /Citrix/TEST -webreceivervirtualpath /Citrix/TESTWeb

The items in bold are variables and map directly to the initial store creation wizard you would normally have to step through within the GUI. In addition to the variables -storevirtualpath or -webreceivervirtualpath are included here as without them the initial store is given the default name of STORE which is ok but not exactly very personal.

In addition to the above you can also add XenDesktop sites to the stores by customising the following powershell command.

set-dsxdfarm -farmname XenDesktopSite -servers @(“test3.local”; “test4.local”) -port 80 -transporttype HTTP

Author: Dale Scriven

In Citrix Storefront 3.0 desktops and applications appear in seperate tabs by default. There are a couple of ways you can alter this behaviour so either all desktops appear on the applications tab or only a select few.

One change is a global change which makes all applications and desktops appear in a single tab while the other is a little more selective.

Display all desktops on the apps tab

In order to change it globally you will need to perform a bit of powershell magic on Citrix StoreFront.
Drop into powershell and run the following script:

cd “c:\program files\citrix\receiver storefront\scripts”
.\importmodules.ps1
set-enhancedenumerationoptions -siteid 1 -storevirtualpath /Citrix/Store -treatdesktopsasapps $true

Selectively display desktops on the apps tab

To be a little more selective on which desktops appear in the applications tabs you can use XenApp and XenDesktop keywords TreatAsApp . This will allow you to move individual desktops into the applications tab rather than the blanket change of the Citrix StoreFront powershell script above. I have written a little about keywords before and you can find how to use them HERE.

Before:

After:

Author: Dale Scriven

What happens if you want to reset your Citrix StoreFront configuration. Perhaps you’ve made a mistake that you dont want to uninstall or recreate the vm for.

You can simply reset the StoreFront configuration by using a simple powershell command ‘Clear-DSConfiguration’.

Like all Citrix powershell commands you have to import the powershell cmdlets but it is very easy to revert the StoreFront server back it its initial install configuration. After running the command and opening the GUI you will be asked if you wish to create a new deployment or join an existing server group. The script is outlined below.
#Reset Citrix StoreFront Server Configuration
cd ‘c:\program files/citrix\receiver storefront\scripts’
.\ImportModules.ps1
Clear-DSConfiguration

If you wish to use the above as part of a script then you may find that the powershell execution policy restricts the importmodules. to get around this you can call the script using the below (asuming the script has been saved as something like clear.ps1).

powershell.exe -exec bypass -file clear.ps1

Author: Dale Scriven

Citrix StoreFront 3.1 tech preview has only just been released but I thought it would be worth putting up a few screenshots to show the improvements (no tech talk I’m afraid just tantalising pictures of whats to come). I’ve yet to run StoreFront 3.1 through its paces fully but going from all the new shiny buttons to play with it will make many of us extremely happy indeed and will no doubt blog more about it shortly .

First thing to mention is that it does feel a bit Web Interfacey in that some menu’s are reachable from inside others and the way it is laid out has changed a good bit.

The list of new and improved features of StoreFront (as per the Citrix website) are as follows.

• Store-centric console architecture for authentication and Receiver for Web settings
• Specify the optimal NetScaler Gateway appliances for various users
• New or enhanced Receiver for Web settings:
  • Authentication methods
  • Shortcuts to websites
  • Deploy Citrix Receiver
  • Session settings
  • Workspace control
  • Client interface settings
  • Advanced settings
• Multi-site configuration for multiple XenDesktop sites or XenApp farms across multiple geographies
• Delegate authentication to XenApp and XenDesktop farms/sites
• Configure features previously configured via web.config, including:
  • Workspace control
  • Client interface settings
  • Store timeout duration and retry attempts
  • Communication timeout duration and retry attempts
  • HTML5 browser tab settings
  • Socket pooling
• StoreFront server health checks on each XenDesktop broker and XenApp server

Anyway without further ado heres some tantalising screen grabs!

Note the minimised menu options on the left but expanded on the right. Also laid out much more like Web Interface used to be.

You can now easily specify where the authentication request is validated.

Lots more options here!

Optimal HDX Routing

Hurrah User Farm Mapping has now been added to the GUI!

As you can see theres a lot of work gone into the tech preview and I’d be very happy if most of this transitioned into the GA. To try it out for yourself goto https://www.citrix.com/downloads/storefront-web-interface/betas-and-tech-previews/storefront-technology-preview and login with you MyCitrix account.

——-Update——-5th November 2015——-

I’ve written a short post on the new user farm mapping features which you can read more about HERE.

Author: Dale Scriven

Huraah! User Farm Mapping has finally been included within the GUI of the Citrix StoreFront 3.1 Tech Preview release.

This is a very welcome addition to those of us who have spent a long time digging round XML files and configuring things using notepad. In previous versions of StoreFront this has also meant that once configured within the web.conf XML file that the GUI locked out the ability to edit the delivery controllers.

Within Citrix StoreFront 3.1 Tech Preview basic user farm mapping and aggregation options have been made available through the GUI. Now obviously being a tech preview there is no certainty that it will make the final release or that it wont be expanded upon at GA making it even more useful. This post will walkthrough the basics of how to configure the GUI elements of UFM and also outline the things that I have noticed that are missing so far. so without further ado lets get configuring!

Configuring User Farm Mapping

Now when you open StoreFront the GUI looks a little different from before but if you’re an old hand at Web Interface the layout shouldn’t be too shocking!

What we need to do to configure user farm mapping is click the Manage Delivery Controllers option on the right hand side.

What you will now notice is a handy user mapping and multi-site configuration options, click Configure.

You will now see a couple of hyperlinks to choose from to either configure user farm mapping or the agregation. Click on the User Farm Mapping link first.

By default the everyone radio button will be selected so in order to configure groups click the Specific User Groups radio button and then Add. Now in my mind here is the first curious option, you can search by Active Directory Group (natch) but you also have the option to add manually by SID. It’s nice to have the option but I do wonder how much use the SID selection option will actually get within a GUI.

Enter an AD user Or Group name in the standard search box and click OK. Then click next on the StoreFront 3.1 GUI.

Manually specifying by SID’s (added for completeness of post)

Now click the Add button to begin adding controller groups.

Click the Controllers that you wish to add into the user farm mapping for the AD group. then click OK.

You now have the chance to order the delivery controllers by preference with option 1 in the screen below. This will coincide with the aggregation options where upon if you have two aggregated farms both with Microsoft Word published for example the one at the top of this list will be displayed to the user unless the controllers are uncontactable. Once your happy with the order the mappings are in for the group click Create.

Now you are back at the initial User Farm Mapping configuration screen where you again can reorder the global mappings by preference 1 which affects what aggregated resources a user will see if there are multiple user farm mappings and the user is a member of several groups that span hit more than one user farm mapping configuration.

Configure aggregation groups

Configuring aggregation groups is extremely simple through the GUI although the logic to me of the configuration has changed. Within the traditional xml you gave an aggregation group a name which ensured that multiple farms where aggregated together however there is no option for this within the GUI. Instead you appear to apply a blanket aggregation and then use the user farm mapping global order to specify a kind of grouping structure.

To configure aggregation click the aggregate resources hyperlink.

Check the boxes next to the delivery controllers that you wish to aggregate the resources for and click the Aggregate button.

Your controllers will move up to the Aggregated Resources section, if you’ve made a mistake at this point just select them again and click the do not aggregate button, otherwise click ok and your done!

Things that I’ve noticed so far is that there doesn’t seem to be a provision for specifically specifying a failover/loadbalanced mechanism for the delivery groups so to use this feature you will need to ensure that the order and the actual published applications do match exactly, and the addition of specifying the SID’s when binding groups to ufm’s is curious in my eyes but there we go I’m sure someone will use it.

As mentioned before adding this feature to the GUI is very welcome as messing about with XML can be tedious (or at least it is for me). I really hope this feature makes the GA of Citrix StoreFront 3.1.

Author: Dale Scriven

In this podcast I talk about my career to date going over some of the reasons and for making the choices I made and the positives and negatives that came from those choices.

Author: Dale Scriven

Web: vhorizon.co.uk

Now its a very small thing I know but the thing I notice most when logging in to StoreFront is the non UK spellings of Favorites.

However never fear this can easily be changed.

Run Notepad as an administrator and browse to c:\inetpub\wwwroot\Citrix\StoreWeb\custom and open the strings.en.js file. If you Store has no customisations in it yet then it will look like the below.

Now paste the below code into the file and save the changes.If your having trouble with the code below download the example here and to compare HERE.

(function ($) {
$.localization.customStringBundle(“en”, {
Example1: “This is an example”,
Example2: “This is another example”,
QuickAccess: “Favourites”,
AddFavoritesTitle: “Add Favourites”,
AddFavoritesDescription: “Go to Desktops or Apps, click on Details next to your choice and then select Add to Favourites.”,
AddFavoritesDescriptionDesktopsOnly: “Go to Desktops, click on Details next to your choice and then select Add to Favourites.”,
AddFavoritesDescriptionAppsOnly: “Go to Apps, click on Details next to your choice and then select Add to Favourites.”,
AddFavoritesDescriptionPhone: “Under the menu, go to Desktops or Apps, click on Details next to your choice and then select Add to Favourites.”,
AddFavoritesDescriptionPhoneDesktopsOnly: “Under the menu, go to Desktops, click on Details next to your choice and then select Add to Favourites.”,
AddFavoritesDescriptionPhoneAppsOnly: “Under the menu, go to Apps, click on Details next to your choice and then select Add to Favourites.”,
AddToFavorites: “Add To Favorites”,
SearchFavoritesPlaceholder: “Search Favourites”,
});
})(jQuery);

Now restart IIS and login to the store and ensure that all the Favorites are now spelled correctly.

Once you are happy with the results propagate the changes to ensure all StoreFront servers in the server group receive the new strings.en.js file.

Author: Dale Scriven

I’ve been aware of NSX for a while and its ability but never delved too much into the in’s and outs of it. However since a move this year to a new employer I’m suddenly finding I’m being involved in much larger projects (currently on a project with 70,000 expected users) which means that NSX has moved round onto my radar properly.

So I did a little reading on the subject and noted that Pluralsight also has some good content too and went to register for an Evaluation version. The benefit for me being a vExpert is also that I get a year long key for NSX so didn’t anticipate any particular issues…..

How wrong I was! NSX appears to be completely out of reach for most people including me as a vExpert and working for a partner.

All I wanted to do was download the ISO’s etc and play with it in my lab to put it through the typical scenario’s that I might face however on registering for the evaluation instead of being able to download it you get a 60 day hosted lab access (much the same as Hands on Lab content).

So whats the problem you might ask, call me cynical but I don’t like labs of this nature very much. Sure they are a good way to follow some instructions and learn where typical buttons and settings are but you cannot really test the software in that way can you. It’s not until you lab it correctly that you find out its little troubles and how it actually works. Besides being an EUC guy I need to know how its going to work with VMware View and shock horror Citrix stuff too.

So I’ve done a little digging around I’ve even logged calls with the Partner Network and the Licensing guys and it seems the only way you can get hold of the media is either by going on the Install Configure Manage course or by purchasing it….

This makes no sense to me what so ever because as a partner and VCP in other area’s I do not need to go on the ICM course to take the exam and I’m never going to get a customer to purchase it without fully testing its capabilities which you simply cannot do within a lab.

This puts me in rather an awkward situation where I want to test the software and start recommending it where appropriate but I cannot get my hands on it at all. I’m not clear why I can sign up for Evals on all VMware’s other products and get immediate access to the software but NSX even after well over 2 years of being a VMware product is still out of reach.

This may very well explain why the take up of NSX is appearing to be slow as if I’m a partner and a vExpert and can’t get my hands on it then what chance do the poor clients have.

Author: Dale Scriven

I’ve recently been involved in a rather large project which had lots of multisite configurations required or user farm mappings. What I did notice that whilst there is a good bit of information on the interwebs about User Farm Mapping there wasn’t much if anything that could be considered as a complete guide.

So I thought I would put together a guide and a video (on its way) on what I think is important when configuring user farm mapping or multisites. Now firstly I must say that I have seen the tech preview of StoreFront 3.1 which does include some mapping elements finally in the GUI although it appears somewhat limited see here for details, but when StoreFront 3.1 is released you might find that some of this post is irrelevent but anyway here go’s.

User Farm Mapping / Multisite purpose

The purpose of User Farm Mapping is to allow you to define which XML brokers are enumerated against based upon user group configuration while providing several load balancing and failover mechanisms. This goes over and above what the Citrix StoreFront typically provides through the manage delivery controllers node. It add’s load balancing of XML enumeration to sites along with failover capability and agregation of resources to allow the preferential display of applications if you have multiple sites which publish the same applications.

For example with agregation you have a Dev site and a live site, and a single critical application published on both sites, if you make a change to the dev application and want your users to actively use it and test it you can create an agregation of sites and utilise XenApp/XenDesktop keywords PRIMARY and SECONDARY to specify which application launch icon is displayed see HERE for details on keywords.

User Farm mapping configuration basics

There is a simple building block structure which we will look at and outline some basic behavoiurs.

<userFarmMapping name="UserMapping1">
 <groups>
 <group name="" sid="" />
 </groups>
 <equivalentFarmSets>
 <equivalentFarmSet name="" loadBalanceMode="" aggregationGroup="">
 <primaryFarmRefs>
 <farm name="" />
 </primaryFarmRefs>
 <backupFarmRefs>
 </backupFarmRefs>
 </equivalentFarmSet>
 </equivalentFarmSets>
 </userFarmMapping>

This code above will need to go in the Store web.conf file, so if you have a store called vhorizon for instance you will need to edit the web.conf file in /Citrix/vhorizon and NOT /Citrix/vhorizonWeb.

Variables

The user farm mapping has several configuration variables some are required and some are optional. All the tags must be present in the code block however some do not require an entry in the =”” part of the tag.

<userFarmMapping name=“FriendlyName”>

This is a friendly name for the user mapping section, each section must have its own
individual name so you could not have two code blocks in the same Store entitled UserMapping1 for example. This is a required entry.

<group name=“Domain\Group” sid=”S-1-5-21-xxx-xxx-xxx-xxx” />

This line reflects the user group that this usermapping section is filtered by. Both
group name and SID are required and must pre-exist otherwise errors maybe
encountered through StoreFront admin GUI and Cannot Complete your request
messages.

You can have multiple lines of groups here but they will be treated as an AND statement so the farm mapping will only apply if the user is a member of GROUPA AND GROUPB. If you need multiple groups then multiple user farm mappings will be required. These groups do no have to reflect any groups used to publish Desktops or applications. This is a required entry.

EquivalentFarmSet name=”Location1”

This tag is again a friendly name however specifies within the user farm mapping that the farms have identical applications published. This is a required entry.

LoadBalanceMode=”LoadBalanced”
LoadbalanceMode=“Failover”

This tag specifies the mode in which the separate controllers are queried, load balanced behaves as you would expect the other option is “Failover” which queries the Primary Farm specified until such time as it is unable to receive a responsefrom it where it will then go on and query the next farmset. This is a required entry.

AggregationGroup=””

This tag again is a friendly name which can be used to specify user farm mappings that should be queried together and have identical applications published. This tag entry does not require configuration.

<primaryFarmRefs>

<farm name=“XenDesktop” />

This tag is where you specify the names of the delivery controllers that will take part in
userfarm mapping. This text must match exactly the name given to the
controllers within Storefront. For example if you create a XenDesktop
configuration within Storefront entitiled
ComPanyXD with xd701.company.local and xd702.company.local the farm name
within the config must be ComPanyXD, Any typos or errors here will produce
“cannot complete your request” and StoreFront admin GUI refresh issues.

You can specify multiple farms within the PrimaryFarm Ref tag’s and the the query to
the farms will be acted upon based upon the LoadBalanceMode selected earlier (as exampled below).

<primaryFarmRefs>
<farm name=“XenDesktop1” />
<farm name=“XenDesktop2” />

This is a required entry.

<backupFarmRefs>

<farm name=“XenDesktop-Backup” />

The backupFarmRefs tag is used when you want to query a particular farm when all
PrimaryFarmRefs farms fail to respond. Errors here will be reflected in the same way as the primary farm refs tag. The BackupFarmRefs tag does not require configuration.

Configuring user farm mapping

Firstly open the Web.Conf file with notepad and then find the below line of code.

</authentication>
 <wingConfigurations>
 <add name="Default" authenticationPath="citrix.deliveryservices/wing/authentication" authenticationName="Default" farmsetPath="citrix.deliveryservices/wing/farmsets" farmsetName="Default" resourcesName="Default" resourcesPath="citrix.deliveryservices/wing/resources" />
 </wingConfigurations>
 <resources>

REMOVE the / from “citrix.deliveryservices/wing/resources” /> so that it looks like “citrix.deliveryservices/wing/resources” >

Now copy and paste the code below between the /resources” > and the </wingConfigurations> code.

<userFarmMappings>
 <clear />

Now Under the <clear /> paste the example code block (well go into this shortly).

<</code><code class="xml keyword">userFarmMapping</code> <code class="xml color1">name</code><code class="xml plain">=</code><code class="xml string">"UserMapping1"</code><code class="xml plain">></code></div>
<div class="line number8 index7 alt1"><code class="xml spaces"> </code><code class="xml plain"><</code><code class="xml keyword">groups</code><code class="xml plain">></code></div>
<div class="line number9 index8 alt2"><code class="xml spaces"> </code><code class="xml plain"><</code><code class="xml keyword">group</code> <code class="xml color1">name</code><code class="xml plain">=</code><code class="xml string">""</code> <code class="xml color1">sid</code><code class="xml plain">=</code><code class="xml string">""</code> <code class="xml plain">/></code></div>
<div class="line number10 index9 alt1"><code class="xml spaces"> </code><code class="xml plain"></</code><code class="xml keyword">groups</code><code class="xml plain">></code></div>
<div class="line number11 index10 alt2"><code class="xml spaces"> </code><code class="xml plain"><</code><code class="xml keyword">equivalentFarmSets</code><code class="xml plain">></code></div>
<div class="line number12 index11 alt1"><code class="xml spaces"> </code><code class="xml plain"><</code><code class="xml keyword">equivalentFarmSet</code> <code class="xml color1">name</code><code class="xml plain">=</code><code class="xml string">""</code> <code class="xml color1">loadBalanceMode</code><code class="xml plain">=</code><code class="xml string">""</code> <code class="xml color1">aggregationGroup</code><code class="xml plain">=</code><code class="xml string">""</code><code class="xml plain">></code></div>
<div class="line number13 index12 alt2"><code class="xml spaces"> </code><code class="xml plain"><</code><code class="xml keyword">primaryFarmRefs</code><code class="xml plain">></code></div>
<div class="line number14 index13 alt1"><code class="xml spaces"> </code><code class="xml plain"><</code><code class="xml keyword">farm</code> <code class="xml color1">name</code><code class="xml plain">=</code><code class="xml string">""</code> <code class="xml plain">/></code></div>
<div class="line number15 index14 alt2"><code class="xml spaces"> </code><code class="xml plain"></</code><code class="xml keyword">primaryFarmRefs</code><code class="xml plain">></code></div>
<div class="line number16 index15 alt1"><code class="xml spaces"> </code><code class="xml plain"><</code><code class="xml keyword">backupFarmRefs</code><code class="xml plain">></code></div>
<div class="line number17 index16 alt2"><code class="xml spaces"> </code><code class="xml plain"></</code><code class="xml keyword">backupFarmRefs</code><code class="xml plain">></code></div>
<div class="line number18 index17 alt1"><code class="xml spaces"> </code><code class="xml plain"></</code><code class="xml keyword">equivalentFarmSet</code><code class="xml plain">></code></div>
<div class="line number19 index18 alt2"><code class="xml spaces"> </code><code class="xml plain"></</code><code class="xml keyword">equivalentFarmSets</code><code class="xml plain">></code></div>
<div class="line number20 index19 alt1"><code class="xml spaces"> </code><code class="xml plain"></</code><code class="xml keyword">userFarmMapping</code><code class="xml plain">>

The text included in the <userFarmMapping></userFarmMapping> tags and be replicated as many times as you need however the xml also needs to include subsequent close tags at the end of the configuration so at the bottom of your last </userFarmMapping> tag include the following code.

</userFarmMappings>
</resourceWingConfiguration>

So with all those steps taken care of what you should end up with is something similar to the below except for the number of user farm mappings that you have created. Please note the difference between some of the very similar xml code such as <userFarmMapping> and userFarmMappings> or <resourcesWingConfiguration> and resourcesWingConfigurations> they are different and will cause an error if used incorrectly.

</protocolTransition>
 <resourcesCommon>
 <resourcesWingConfigurations>
 <resourcesWingConfiguration name="Default" wingName="Default" >
<userFarmMappings>
 <clear />
 <userFarmMapping name="UserMapping1">
 <groups>
 <group name="vhorizon\group-hk" sid="S-1-5-21-192877713-1470444450-2752603835-1203" />
 </groups>
 <equivalentFarmSets>
 <equivalentFarmSet name="Location1" loadBalanceMode="Failover" aggregationGroup="None">
 <primaryFarmRefs>
 <farm name="xd76" />
 </primaryFarmRefs>
 <backupFarmRefs>
 </backupFarmRefs>
 </equivalentFarmSet>
 </equivalentFarmSets>
 </userFarmMapping>
</userFarmMappings>
</resourcesWingConfiguration> 
 </resourcesWingConfigurations>
 </resourcesCommon>

Things to look out for

As with all things there are some common errors that crop up with slight configuration errors and I’ve listed a few below. Also during the project we have had a single StoreFront store with around 80 seperate user farm mappings (so 80 code blocks configured) and with no perceivable reduction in performance. The servers were all put extensively through login testing and didn’t fail until well over the amount of users we had spec’d the servers for.

As mentioned the farm listings within the configuration are case sensitive so if you have a case error within a configuration that a user is a member of they will receive a cannot complete your request error and the event viewer will log an Event ID 7 and an Event ID 1.

Once you have input the UFM configuration into the web.conf file the StoreFront GUI
locks out the ability to edit and manage controllers for the store as this can have a detrimental effect to UFM if the delivery controller set names are changed etc. All changes to the delivery controllers must be performed manually through the web.conf files.

I have created a video on the process required for configuring user farm mapping along with some other important information.

Author: Dale Scriven

So a couple of blog posts have dropped over at VMware about the new features included within AppVolumes 3. Going through the list of updates all appear to be great updates however the last two made me sit up and take notice!

AppToggle

AppCapture and AppIsolation

AppScaling with Multizones

Integrated Application UEM and Montoring

Unified Admin Console

Going from top to bottom you have AppToggle which allows you to target applications within a single appstack to to different users. So you could have multiple applications within a single stack but have say Visio assigned to the IT team and MS Project assigned to the managers.

AppCapture and AppIsolation is a new tool to ease the process of capturing and updating applications including ThinApps.

AppScaling with Multizones removes the need for additional methods to replicate AppStacks across datacentres and will utilise fileshares which will be scanned for AppStacks and then imported into the venter environment.

Intergrated Application, User Mangement and Monitoring. Now this is where things get really interesting. It appears as if VMware are joining the AppVolumes and the VMware UEM (previously Immidio) products together and offering this as a single product. This is a great move and was hinted at at the UKVMUG I attended last year. Both products are fantastic in their simplicity and delivery options and offering these as a single SKU will provide even more reason to add the products to the design portfilio.

Finally the Unified Admin Console, This is stated as being in Beta in this release will I assume mean that the immidio and AppVolume admin consoles are being amalgemated into a single pane of glass. Being in beta I am looking forward to seeing how this is going to look.

Now as with all things its all sounds fantastic but to truely understand the advances in this version of AppVolumes I’ll need to kick the tyres but its looking like a great release which I’ll be looking forward to utilising in my designs.

You can read more about it on Harry Labana’s (Vice president of EUC, VMware) blog post here .

Author: Dale Scriven

Heres a nice little tip that will allow you to quickly and easily change most text within Citrix StoreFront Receiver for Web sites.

Ever wanted to change the text that appears within Citrix Receiver for Web. Turns out theres a handy dandy cheat sheet built into StoreFront for those of us who are not code junkies, heres how to access it and also implement your desired changes into StoreFront.

Firstly logon to your StoreFront server and explore to the following location(change “en” for your local language along with the Drive letter and Store name):

“C:\Inetpub\wwwroot\Citrix\StoreWeb\receiver\js\localization\en”

Inside it you will see a single file with a file name similar to ctxs.strings_%Random%.js

Now edit this file with notepad and you will get an extensive list of the current text that is displayed by Citrix StoreFront to the user. [DO NOT ACTUALLY CHANGE THIS FILE].

For ease of access heres a current list of my js file at the bottom of my blog post.

All you need to do now is find the text you wish to change and copy the whole line and then ensure notepad is open with admin rights.

Open the strings.en.js file (again substitute en for your language) from “C:\inetpub\wwwroot\Citrix\StoreWeb\custom”

Input your copied string into the file in-between the {} as exampled below:

(function ($) {
$.localization.customStringBundle(“en”, {
Desktops: “VDI”,
AllApps: “Stuff”,
});
})(jQuery);

Save this file and attempt to logon and navigate to the area where you are expecting to see the changes to text. Once tested ok propagate the changes to all the other servers in the group.

You can see another example blog post I wrote HERE detailing how to correct the spelling of Favourites within StoreFront.

Text block from StoreFront 3.01  February 2016
About: “About”,
AcceptTermsMessage: “Please accept the terms of the licensing agreement before installing Citrix Receiver.”,
AccessGatewayChangePasswordWarning: “Logoff is required after a successful password change. You will need to log on again to use your apps.”,
ActivateCitrixPlugin: “Activate the Citrix plug-in”,
ActivateReceiver: “Activate…”,
ActivateReceiverToolTip: “Activate Receiver on your desktop”,
Add: “Add”,
AddAll: “Add All”,
Added: “Added”,
AddedToFavorites: “Remove”,
AddFavoritesTitle: “Add Favorites”,
AddFavoritesDescription: “Go to Desktops or Apps, click on Details next to your choice and then select Add to Favorites.”,
AddFavoritesDescriptionDesktopsOnly: “Go to Desktops, click on Details next to your choice and then select Add to Favorites.”,
AddFavoritesDescriptionAppsOnly: “Go to Apps, click on Details next to your choice and then select Add to Favorites.”,
AddFavoritesDescriptionPhone: “Under the menu, go to Desktops or Apps, click on Details next to your choice and then select Add to Favorites.”,
AddFavoritesDescriptionPhoneDesktopsOnly: “Under the menu, go to Desktops, click on Details next to your choice and then select Add to Favorites.”,
AddFavoritesDescriptionPhoneAppsOnly: “Under the menu, go to Apps, click on Details next to your choice and then select Add to Favorites.”,
AddToFavorites: “Add To Favorites”,
AllApps: “Apps”,
AllAppsTitle: “All Apps”,
AllAppsForToolbar: “All”,
AllowPluginToRun: “Allow this website to run the Citrix plug-in to access apps.”,
AllRightsReserved: “All rights reserved.”,
AlreadyInstalled: “Already installed”,
AppDetailsUnavailable: “App details unavailable”,
AppInMaintenance: “\”{0}\” is temporarily unavailable due to planned maintenance.”,
AppRequestPendingApprovalCannotStart: “\”{0}\” is pending approval and cannot be started.”,
Approved: “Approved”,
AppStore: “Citrix Receiver”,
AuthFailureSmartcard: “Cannot log on using smart card.”,
AuthFailurePassthrough: “Cannot log on using the account you used to sign on to the computer.”,
Available: “Available”,
Back: “Back”,
BackToAppsAndDesktops: “Back to Apps and Desktops”,
BlankFolder: “[blank category]”,
Bundles: “Featured App Groups”,
Cancel: “Cancel”,
CancelRequest: “Cancel Request”,
CannotAddApp: “Cannot add app \”{0}\”.”,
CannotAddAppTitle: “Cannot Add App”,
CannotCompleteYourRequest: “Cannot complete your request.”,
CannotGetYourAppsFromStore: “Cannot get your apps from the store.”,
CannotRemoveApp: “Cannot remove app \”{0}\”.”,
CannotRemoveAppTitle: “Cannot Remove App”,
CannotMoveApp: “Cannot rearrange apps, as the server is currently unavailable.”,
CannotStartApp: “Cannot start app \”{0}\”.”,
CannotStartDesktop: “Cannot start desktop \”{0}\”.”,
CannotStartDesktopSuggestRestart: “Cannot start desktop \”{0}\”. Try restarting it.”,
Categories: “Categories”,
ChangeClient: “Change Receiver…”,
ChangePassword: “Change password…”,
ChromeAppOriginMismatch: “Please contact your IT department with this information: You must whitelist the ID of Citrix Receiver in StoreFront.”,
ChromePluginHelperMessage: “Please allow the Citrix plug-in to run on this website to access apps. For more information refer to the Citrix Knowledge Center article {0}.”,
CitrixCopyright: “\u00a9 2015 Citrix Systems, Inc.”,
CitrixLicenseAgreement: “Citrix license agreement”,
ClickContinue: “click <strong>Continue</strong>.”,
ClickInstall: “Install Citrix Receiver to access your applications”,
ClickLogOnToContinue: “Click Log On to continue.”,
ClickUpgrade: “Click install to upgrade Citrix Receiver”,
CloseYourBrowserToEndSession: “Please close your browser to log off.”,
CloseYourBrowserToProtectAccount: “Please close your browser to protect your account.”,
Connect: “Connect”,
Continue: “Continue”,
CookiesAreDisabledBody: “Please enable cookies in your browser before using this version of Citrix Receiver”,
CookiesAreDisabledTitle: “Cookies Disabled”,
Denied: “Denied”,
DesktopInMaintenance: “The desktop \”{0}\” is temporarily unavailable due to planned maintenance.”,
DesktopRestartWarningText: “Restarting your desktop may solve the problem, but you will lose any unsaved work.”,
DesktopRestartWarningTitle: “Do you want to restart desktop \”{0}\”?”,
Desktops: “Desktops”,
DetectAgain: “Detect again”,
Details: “Details”,
DetectClient: “Detect client…”,
Disconnect: “Disconnect”,
DisplayInFramesNotAllowed: “This site has been loaded within another web page. This page will be refreshed to reload the site.”,
DoYouWantToStartApp: “Do you want to start \”{0}\”?”,
Download: “Download”,
DownloadAgain: “Download again”,
DownloadReceiver: “Download Receiver…”,
DownloadingReceiver: “Downloading Receiver…”,
Faq: “FAQ”,
Featured: “Featured”,
Folders: “Folders”,
ForFullExperience: “For a full-featured experience, use {0}.”,
GoBackToChoices: “Go back to choices”,
Help: “Help”,
IAgreeWith: “I agree with the”,
IfAlreadyInstalled: “If Receiver is detected, you will see a window in a few seconds. Please choose {0}.”,
IfNoWindowAlreadyInstalled: “If no window appears, select {0}.”,
IfNoWindowDetectAgain: “If no window appears, click {0}.”,
IfNoWindowOptions: “If no window appears, select from the options below.”,
IfWasInstalled: “If Receiver was installed successfully, your browser will show a window in a few seconds. Please choose {0}.”,
InfoBarSecurityInformation: “Allowing the ActiveX control to run will install software on your computer.”,
InProgress: “In Progress”,
Install: “Install”,
InstallationBegins: “Please wait while the download process begins.”,
InstallReceiver: “Install Receiver…”,
InstallWhenDownloadComplete: “Install Receiver on your machine when the download is complete. Once you’ve installed Receiver, return here and click {0}.”,
JustAMomentDetecting: “Just a moment, we’re detecting if Receiver is already installed.”,
LaunchApplication: “Launch Application”,
Less: “Less”,
LicenseAgreementContentCode: “CTX_code EP_T_A124358”,
LicenseAgreementContentText: “Use of this component is subject to the Citrix license or terms of service covering the Citrix product(s) or service(s) with which you will be using this component. This component is licensed for use only with such Citrix product(s) or service(s).”,
LicenseAgreementContentTitle: “CITRIX(R) LICENSE AGREEMENT”,
LoadingContent: “Loading Content…”,
LoggingOff: “Logging off Citrix Receiver…”,
LoginTimedOut: “Logon has timed out due to inactivity.”,
LogOff: “Log Off”,
LogoffError: “Logoff error”,
LogOffSessionsFailed: “If any apps are still running, please exit them manually.”,
LogOn: “Log On”,
LogonHasExpired: “Your logon has expired. Please log on again to continue.”,
LogonTextPassthrough: “To use the account you used to sign on to the computer, click Log On.”,
LogonTextSmartcard: “Insert your smart card into the reader and click Log On.”,
Menu: “Menu”,
More: “More”,
MultiApprovedApps: “Your request to add these apps is approved.”,
MultiDeniedApps: “Your request to add these apps is denied.”,
NoAppsFound: “No items match your search.”,
NoAvailableAuthMethods: “No logon methods are available on this platform.”,
NoUpdates: “No Updates Available”,
NoWindowDownload: “If no window appears, proceed to download.”,
OK: “OK”,
OnceComplete: “After Citrix Receiver is installed, “,
Open: “Open”,
Other: “Other”,
Overview: “Overview”,
PartialRefreshFailure: “Some servers failed to respond”,
PasswordExpiresTodayMessage: “Your password will expire today.”,
PasswordExpiresTomorrowMessage: “Your password will expire in 1 day.”,
PasswordExpiryChange: “Change Now”,
PasswordExpiryChangeLater: “Not Now”,
PasswordExpiryMessage: “Your password will expire in {0} days.”,
PasswordExpiryTitle: “Do you want to change your password?”,
Pending: “Pending”,
PendingApproval: “Pending Approval”,
PhoneOrTabletRequired: “Phone or tablet required”,
PhoneOrTabletRequiredMessage: “Please use an iPhone, iPad, or Android phone or tablet to access your apps and desktops.”,
PleaseLogOnToContinue: “Please log on to continue.”,
PopupBlockerDesktopAutoLaunch: “Citrix Receiver has connected your desktop. To see your desktop, allow pop-ups from this website in your browser.”,
PopupBlockerReconnectApps: “Citrix Receiver has reconnected your apps. To see your apps, allow pop-ups from this website in your browser.”,
Preferences: “Preferences”,
QuickAccess: “Favorites”,
ReceiverForMac: “Receiver for Mac”,
ReceiverForWindows: “Receiver for Windows”,
Refresh: “Refresh”,
RememberLogonMethod: “Remember my logon method”,
Remove: “Remove”,
Request: “Request”,
Restart: “Restart”,
ResourceIsNotAvailable: “\”{0}\” is not available.”,
RetryDownload: “Retry download”,
SearchAppsPlaceholder: “Search All Apps”,
SearchDesktopsPlaceholder: “Search Desktops”,
SearchFavoritesPlaceholder: “Search Favorites”,
SearchPlaceholder: “Search”,
SearchResults: “Search Results ({0})”,
SecurityDetails: “Security details”,
SecurityInformationText: “Whenever you download a file over the Internet, there is always a risk that it will contain a security threat (a virus or a program that can damage your computer and the data stored on it). To check the file for security threats, click Install and then save the file to a suitable location on your computer. Scan the file with an up-to-date antivirus program and carry out any other checks required by your corporate security policy before running/installing the file. You may need to reconfigure the security settings on your computer to install or run the file.”,
SecurityInformationTitle: “SECURITY INFORMATION”,
SessionExpiresInMinutes: “Citrix Receiver will time out in {0} minutes and {1} seconds due to inactivity.”,
SessionExpiresInSeconds: “Citrix Receiver will time out in {0} seconds due to inactivity.”,
SessionsListFailure: “Cannot start your session. Wait a few minutes and try to log on again. If you still experience problems, contact your help desk.”,
SessionTimedOut: “Your session has timed out due to inactivity.”,
SingleApprovedApp: “Your request to add this app is approved.”,
SingleDeniedApp: “Your request to add this app is denied.”,
SkipToLogon: “Log on”,
SkipToLogonTip: “Click here to skip to log on”,
SoftwareNotDetected: “Software not detected”,
SoftwareNotDetectedDetails: “Citrix Receiver cannot be detected on your computer. If you know that Citrix Receiver is installed, you can click Continue to log on. If you need assistance, contact your help desk.”,
Start: “Start”,
StartApp: “Start App”,
StartAppMessage: “Please start this app from the Home screen of your phone or tablet.”,
Store: “Store”,
SwitchToExplicit: “Switch to user name and password”,
SwitchToSmartcard: “Switch to smart card”,
ThirdPartyNotices: “Third Party Notices”,
ThirdPartyNoticesWeb: “Citrix Receiver for Web”,
ThirdPartyNoticesHtml5: “Citrix Receiver for HTML5”,
TopRated: “Top Rated”,
TotalRefreshFailure: “Refresh Failed”,
TryAgain: “Try again”,
TryAnotherLogonOption: “Try another logon option”,
TrySearchingInApps: “Try searching in Apps.”,
UnblockCitrixPlugin: “Unblock the Citrix plug-in”,
UnsupportedDevice: “Unsupported device”,
UnsupportedDeviceMessage: “Please use a supported phone, tablet or desktop to access your apps and desktops.”,
Update: “Update”,
UpdatedCat: “Updates Available”,
Upgrade: “Update”,
UpgradeAvailable: “Update available”,
UpgradeCloseBrowser: “You may be asked to close your browser during the installation process.”,
UpgradeInProgress: “Upgrading Citrix Receiver software…”,
UpgradeLater: “Upgrade later”,
UpgradeLaterTip: “Click here to continue without upgrading Citrix Receiver”,
UseAnotherLogonOption: “Use another logon option”,
UseChromeApp: “Use the Citrix Receiver for Chrome App to access this site”,
UseFullVersion: “Use full version”,
UseLightVersion: “Use light version”,
UseReceiver: “Use Receiver to access your applications and desktops.”,
UsingFullVersion: “You are currently using the full version of Receiver. Would you like to change to the light version?”,
UsingLightVersion: “You are currently using the light version of Receiver. Would you like to change to the full version?”,
WaitAppInstallMessage: “Your app will be installed in a few minutes.”,
WaitWhileConfirmInstall: “Please wait while we confirm that Receiver was installed…”,
WebVersion: “Web version”,
WelcomeToReceiver: “Welcome to Receiver”,
YouCannotUseAppsOrDesktops: “There are no apps or desktops available to you at this time.”,
YouCannotUseDesktops: “There are no desktops available to you at this time.”,
YouCanUseLightVersion: “If you do not want to install Receiver you can use the light version, with fewer features, in your browser.”,
YouHaveLoggedOff: “You have logged off successfully.”

Author: Dale Scriven

LiquidwareLabs ProfileUnity 6.5 allows your users to install their own applications within a myriad of configurations including physical desktops and non-persistant desktops. ProfileUnity UIA or User Installed Applications utilises the VHD file format which is mounted within the Operating System and captures any applications that are installed by redirecting the content to the mounted VHD.

This then allows the user to hot desk around physical desktops or be members of a non-persistent desktop group and still receive their own applications from wherever they login too.

For administrators setting up the feature is also extremely simple and ProfileUnity as a whole is a fantastic end to end solution for managing profiles applications and all the other items that used to cause headaches for Desktop Admins.

Setting up FlexApp UIA

1/ Open the ProfileUnity web console and login which is usually set to https://FQDN:8000

2/ Now select the Configuration Management button on the right hand side and then edit the existing configuration bundle.

3/ Now from the large amount of options you get open the FlexApp UIA opton.

4/ Select Add FlexApp UIA Rule

5/ Now heres the most complicated bit fill out the UNC details for the location where you would like to store the User installed VHD’s something like \\fileshare\folder\%username%\FlexApps.vhd will be sufficient. Choose a drive letter and change the size in GB’s that you want the VHD to be if required.
Then click Save.

6/ Click the Update button on the top right hand corner which will amend the configurations INI file with the new details.

7/ Now finally download the INI file to your deployment location, which by default is \\domain\NETLOGON\ProfileUnity and replace the existing ini file.

Thats it, within a few simple clicks you have enabled your users to install their own applications whether they are logging to physical or virtual desktops their own applications will follow them.

—Video Coming Soon—

Author: Dale Scriven

One thing I’ve noticed when upgrading to VMware Workstation 12 is that I saw a marked increase in the messages such as “The VM appears to be in use” and prompting you to “take Ownership” of the vm which always fails.

Now this is a new thing as I very rarely saw it on previous versions however it appears that VMware have changed the release vm process within workstation 12.

My situation was that my VMware Workstation is on a headless whitebox which I use to record all my video’s and lab stuff out and when I’d finished with my vm’s I would shut them down manually and then also the white box.

Now it seems that the LCK files for virtual machines are only deleted when you correctly exit Workstation by clicking the Red X or any other normaly method which I generally do not do. I just let windows handle the exit when the shutdown command executes.

In order to resolve the issue you will need to browse to the vm files location as exampled below (in my case its e:\vvss601\vvss601.vmx.lck for this vm). Then delete the file within the folder.

You should then be able to click away and click back to the virtual machine within workstation and be able to start it normally. I’m hoping that this is a bug and will go away with an update but in the mean time its an easy fix if somewhat annoying.

I’m using VMware Workstation 12 Pro but I’m also assuming that the issue will be prevelant on the standard version too.
Author: Dale Scriven.

Application laying appears to be a hot topic this year with everyone at least having a go. With vendors such as Citrix,VMware,Unidesk etc all in on the action.

Liquidware Labs however have bought together many currently missing elements of VDI and SBC such as UEM,Profiling user installable applications and now also department installed applications into one easily deployable and configurable application stack.

Where previously (and still in some cases) providing profiling and UEM and application laying requires several products and several different infrastructure designs Liquidware Labs do away with all that with a very simple single deployable solution.

This blog post however will outline the department installed applications feature and proceedures. So application laying is a step closer to the ideal SBC/VDI situation where you deploy a clean and customised base operating system and the applications that are used within sessions are deployed JIT (just in time) during logon cycles. This keeps the base operating system nice and fresh and also assists with application compatibility.

App-V and the like were kind enough to get us probably 70-80% of the way there but with application layering now maturing the application streaming components can be replaced or be complimented with application layering.

LiquidwareLabs ProfileUnity and its department installed applications allows you to capture and layer applications as it suggests to a large amount of people very simply. The process will be familiar to any of you who have performed any application capturing process before however it does have some really nice advantages over those that I have used before.

You can provide the application layering technology to any brokering providers so VMware Horizon View, Citrix XenDesktop/XenApp and Microsoft RDSH is all catered for. In addition physical machines are also supported due to the use of the standard Microsoft VHD format allowing the disks to be mounted inside the OS leaving no reliance upon a hypervisor or other proprierty software stack.

The basic premise of configuring and utilising DIA will be familiar to anyone who has used an application profiling tool before and you will need to have the following available to you.

A windows machine with the same target OS install preferrably with a snapshot
The FlexApp packaging console installed on the packaging machine
A spare UNC share location with which to store the created VHD file.

Downloading the FlexApp DIA packaging console

The first thing you’ll need to do is download the FlexApp packaging console. You can do this by logging into the normal ProfileUnity administration console then selecting your name in the top right hand corner and selecting the Administration option.

Now scroll to the ProfileUnity tools section and hit the “download FlexApp Packaging Console” hyperlink.

Install the packaging console on your target application packaging vm, (nothing special to see here so I wont screen shot it).

FlexApp packaging process

Once installed open the console and point it at your ProfileUnity server and provide some valid credentials.

By pointing the packaging console at your ProfileUnity server any packaged applications are imediately available through ProfileUnity to assign making a simple process even simplier!

Once logged in you will see the below screen, you’ll notice in this screen shot that I’ve already packaged a couple of applications. Hit the Create button to get started!

Once created you’ll get another minimal configuration page. Give your package a name and provide the installer location. The provilde the UNC path where the VHD file will be saved too and finally the size of the VHD file you wish to create. By default this is shown as 20GB’s but unlike other application packaging products you can define your own disk size or use their suggest 1,5,10 or 20 sizes. The other options here are self explanatory.

Now click CREATE. What you will see is that the packager now creates a VHD file and then invokes the installer for the application.

Run through the standard installation of the installer and then open the application to ensure it is working as expected. Close the application and click Finish in the packaging console.

What you will notice here is that the application’s installation has been directly written to the VHD file so when the cleanup process runs within the packaging console and the VHD is unmounted the installed application disappears from the vm. This does mean that theoretically you do not need to roll back snapshots etc which has been a traditional method of cleaning up application installations for these types of products. But of course having a snapshot in the back pocket or an automated method of recreating the vm such as MDT is always handy.

Now that is the end of the packaging routine and nothing further is needed, you should now see your application listed within the packaging consoles main window.

Publishing the DIA application

We are getting round to the exciting bit. Switch back to your ProfileUnity admin console by navigating to https://FQDN:8000. and edit the computers policies by either double clicking on the configuration name or selecting the edit button on the right hand side of the window.

Select the FlexApp DIA configuration element (you can see in my example I already have 1 application published denoted by the red 1).

Now select Add FlexApp DIA Rule from the right hand side.

As mentioned previously you connect the packaging console to ProfileUnity so you will see that ProfileUnity is already aware of the packaged application and all that is left to do is give the application a description, choose a filter if appliable and drag the application to the main window. Then hit the save button.

Finally click Update to append the configuration INI file.

You have now configured an application or group of applications to be published to your users en masse with nothing left to do other than download the .INI file to your configuration repository,which is generally the %NETLOGON% share where the ProfileUnity client files exist.

The process is very simple and streamlined all the way through with some nice additional features that you dont see in other products of a similar nature. Its also worth remember that this feature is thrown in along with an extensive UEM capability with cross OS profile migration support, user installed applications support (see HERE) privilege elevation FlexDisk hypervisor support. Profile Unity also supports ThinApp packages and has a super simple archtecture with one click clustering support… Ohh yes and its very compeitively priced too.

A fully featured trial version is available HERE and It is definately worth trialing if you find yourself lacking in UEM capability.

Author: Dale Scriven

Ravello Systems kindly provide vExpert’s with 1000 hours per month of usage. This is great for building almost no holds barred environments within the cloud for labbing etc.

However for me it does have one huge drawback, there are no available windows OS’s to choose from. With the Ravello system you can upload your own ISO files or vm files to the cloud system for use which is great except I have a 1.5Mbps upload on my broadband connection (on a good day). This is also if you can believe it on a fibre line where my download maxes out a 17Mbps.

As you can see that uploading any content will be a time consuming excersice and as my line also suffers from dropouts can also be frustrating.

So I’m using the Ravello cloud to perform all this intial ISO seeding function for me by utilising a Xubuntu desktop as my download and importing tool.

Creating a Ravello application

1/ Login to the ravello cloud and select the applications node on the left hand side. Create a new application (or if you already have one you can use that as well).

2/ Give the application a name and click Create.

3/ You will then be directed straight to the import VM screen, click and drag the Xubuntu Desktop vm to the main visio type design page.

4/ You’ll get a design error straight away which in a new application will be the key pair request, so you can resolve that by clicking on the general tab and either creating and downloading a new keypair or selecting an existing one if you have one. The click Save on the bottom right hand side of the screen.

5/ The last step of the application creation is publishing the application which is the step where all the cloudy backend gubbins kicks off so this could take 5 minutes or so to complete. So hit publish and grab a quick cup of tea!

Configuring Xubuntu

6/ Once the environment is ready you’ll notice a nice green play button on the vm when its running click on the console button on the bottom right hand side which will launch the vnc connection.

7/ To login to the desktop at present the default password is “ravelloCloud”

8/ Use the web browser in the vm to login to your ravellosystems.com account and then select Library\Disk Images and then click the import disk image button.

9/ The browser will redirect you to the import tool detector which of course at the moment will fail. Click the link to download the GUI version (or the CLI version if your feeling saucy). The browser will ask you which program you want to use with the download so just select the default archive program and extract the downloaded files to a specific location (I’ve put mine in a desktop/install folder).

10/ Launch the terminal CLI and navigate to your downloaded files.
The import tool requires python to be installed so first you’ll need to grab those by typing:

sudo apt-get install -y python-setuptools

Once python is installed follow on that by typing which will install the import tool:

sudo ./installer.sh

11/ Now all you need to do is start the service by typing in ravello_vm_import_server which will then also launch a browser. You can use that browser to log back into your ravellosystems account.

12/ Finally you can navigate back through your Library\Disk Image and Upload image as in step 8 however this time it will work and ask you to login using your ravellosystems credentials.

With all these steps in place you can login to your various partner portals and download the iso’s to the vm for importing into your ravello cloud account.

Couple of points that i have noticed when using this method though:

• Upload speed varies wildly during an import
• The import tool will only recognise ISO files if the the file extention is in lowercase (iso not ISO)
• By default applications have a two hour limited before shutting down so you can reset or extend that by clicking the hyperlink

I know that it seems a bit of a long way round to do this but as I mentioned at the top of the blog my fibre connection isn’t the most reliable in the world and is probably the best and quickest way for me to get up and running.
Author: Dale Scriven

Bit of a fringe post this but I couldnt find out too much info on this so I tested it myself.

I’ve been trying to find out if I can upgrade some old NetScaler VPX 9.3’s to version 11’s running on XenServer 5.6 SP2, Information seems sparse to say the least.

My initial query came about because previously I was limited to upgrading a customer from NetScaler 9.3 to 10.1 because 10.5 had a networking problem on XenServer 5.6 SP2.

The below is taken directly from the release notes of a 10.5 firmware release. which in other 10.5 release notes change slightly to signify that networking may fail after a reboot.

When an instance of NetScaler VPX, which is provisioned on XenServer version 5.6 or earlier, is upgraded to release 10.5, the instance may become unresponsive after a restart.

Now being semi optimistic I trawled the NetScaler 11 release notes for compatibility with XenServer 5.6 but could find no definate compatibility matrix nor mention that the issue has been fixed.

So I dusted off the XenServer 5.6 lab and gave it a go myself, and I’m pleased to say that so far I’ve not experienced any issues upgrading a NetScaler HA pair from 9.3 to 11 (.65). The only complication that I have is that my customer needing this upgrade utilises the Web Interface install on the NetScaler itself and from version 10.5 onwards a different OpenJDK is used so you have to reinstall Web Interface using the NetScaler Gateway 11 Web Interface component and the OpenJDK currently available from here. This wipes out the Web Interface config but is easily recreatable from the backed up NS.conf files, you did back those up first right!?

Author: Dale Scriven

Performing a Citrix NetScaler firmware upgrade is generally a pain free process however its not without its pitalls.

If you’ve recently upgraded your NetScaler from one major revision to another for instance and then gone to login to the management GUI you may have come across this little error message that is blocking your progress once you put your credentials in.

Login Command failed over API. Reason; Response not of type text/xml/text/html

Luckily this can be rectified easily, this issue is caused by having a custom Access Gateway logon page which should not be carried over to the newer firmware revisions.

In order to rectify this you’ll need to logon to the NetScaler using Putty or similar and then run the following command.

set vpn parameter -UITHEME DEFAULT

If you are upgrading to a version 11 firmware release the beauty of version 11 is that many of the customisations can be done from the Access Gateway GUI now anyway so all the old css/js file system copying and configuring of old is no longer needed.

Author: Dale Scriven

I’ve recently attended a conference call that finally confirmed something we’ve all known for a good number of years.

From the next release of VMware vSphere there will be no desktop C# client management app (HERE).

This has been a drawn out announcement and clearly coming for several major versions of the hypervisor as feature disparity grew between the available web client and the tradition C# client, now finally VMware has knocked it on the head.

The main issue will be that the current offerings of the web client and the fling HTML5 client still do not offer all the necessary management options or performance that the old desktop client used to and for a little while vSphere admins have been forced to switch back and forth between consoles to perform simple hypervisor tasks, I’m a Citrix consultant so I feel your pain!

The challenge for VMware will now be to bridge the gap and very quickly between the features in the desktop client and the web client ready in time for the next version. If they get this right then the cheering from VMware admins will be the same as the Citrix bods when Citrix finally got rid of the java requirement and went fully HTML only.

The main issue will be that of plugin’s and vendors usual feet dragging making their plugins available on the new clientless platform. Also with the explosion of Cloud adoption recently VMware really do have to get this right otherwise they may end up driving more customers to the cloud frustrated by administrative complications.

So now with the end of the vSphere client announced I wonder how long it will be before the Windows based vSphere management server goes the same way.

 
Author: Dale Scriven

I’ve recently been involved in a large project to deploy Citrix StoreFront for a company with a global presence for 100,000 users. They were using an in-house built front end for their Citrix environment and wished to replace it with the “out of the box” solution. I say “out of the box” because it quickly became highly customised to achieve the results that we required.

This blog post will outline the design desicions as well as the features we enabled and disabled to provide the required experience. I will try and condence the detail down to blog post friendly size but it still might end up being a bit of a read.

Current Environment

The environment consisted of the following consideration factors:

60 XenApp/XenDesktop farms and sites with varying versions
Global userbase with datacentres across continents UK/USA Asia and Africa
A desired support for around 500 login actions per minute per server from customer during high usage or failure scenario’s UK groups need to service more users.

Design
The StoreFront design layout itself is fairly run of the mill for anyone used to it the only difference being theres a heck of a lot of it. The company already utilised F5 LTM and GTM devices so we had to use those for load balancing duties along with various new NetScalers for the AGEE features. We load balanced XML for the XenApp and XenDesktop simplifing and reducing the required StoreFront farm configurations.

Across the globe there are 7 locations where the StoreFront servers would reside.

2x UK locations
1x US location
3x Asia locations
1x African location

Server virtual hardware sizing

For the virtual hardware design we took the leading practices from Citrix and made two standard hardware specifications based upon the expected usage for the server group.

The small server was given 2vCPU’s and 8GB of RAM which during normal operation would support 500 logins per minute or 30,000 logins per hour.
While the large server was allocated 8vCPU’s and 16GB’s of RAM which would support around 1,300 logins per minute or 80,000 logins per hour.

Based upon the anticipated BAU logins plus failover from F5 GTM if required we required 26 StoreFront servers across the globe and a number of server groups as outlined below.

Now this is of course dependant on the host hardware being performant but during our load testing we comforably got the small servers up to around 2,000 logins per minute before the stress began to show which for us was a great result.

In regards to the subscription database, Citrix recommends allocating a minimum of 5MB disk space plus 8MB for every 1000 application subscriptions. Now these numbers are not something you would normally even consider but due to the number of possible users this suddenly becomes a concern.

Now your milage may vary but we calculated an average of 10 application subscriptions per user which in our largest server group which we anticipated around 58,000 staff this works out as the following:-

58,000 staff x 10 applications = 580,000 subscriptions

580,000 subscriptions / 1000 = 580 8MB chunks

580 chunks x 8MB = 4.640GB

Allocating an additional 4.640GB per virtual machine for the subscription store is not a huge amount in the scheme of things but still worth considering when designing for scale.

Server Groups
To service the users across the globe we utilised several server groups all the server groups were built with a minimum of an N+1 configuration for expected server load and were backed up with NetScalers and F5 GSLB to provide a single url with the desired failover and location awareness features.

The server groups at there largest (which was in the UK) had 6 large servers within the group and the smallest were out in Asia with 2 small servers within the group.

Subscription Synchronisation
However there were two locations near Japan requiring a seperate server group for each location but the staff could log into either one during a normal working day as they had a localised F5 GTM GSLB requirement so this presented a different challenge.

Users logging into lets say Japan1 server group would subscribe to Word and Excel and then logout, but during their next login they might actually hit the Japan2 server group which did not share the same application subscription database so users would have to subscribe to their applications again there as well.

Citrix StoreFront however does allow you to sync the database of an identically named store with one in the in another server group. The article HERE describes how to configure this but it basically boils down to making sure port 808 is open between the servers in the two groups, adding in computer names to the CitrixSubscriptionSyncUsers group in each server and then running a couple of powershell commands.

it is quite important to note that during the initial database sync between server groups the entire database is replicated, however subsequent sync’s are delta files so while the initial sync has a danger of being a good bit of traffic going down the wire that will be it for painful data transer.

XenApp/XenDesktop enumeration

So theres no getting away from it 60 seperate sites and farms is an eye watering amount of infrastructure to try and amalgamate behind StoreFront. The possible load it would place during logon would normally be quite excessive as each time a person logs on the delivery controllers for each farm would be quiered for applications available to the user.

In this instance to resolve and ease the issue we had to utilise two customisations.

User Farm Mapping
XML brokering

By default User Farm Mapping is meant to direct users to particular farms based on user groups and act either as primary and failover type configuration or as a method of presenting a single icon for duplicate applications across farms and sites.

We used UFM for neither of those purposes really just purely for the directing users based on group memberships with a very light smattering of aggregation. This had the advantage of fantastically reducing the query traffic sent to the sites and farms as only the farms the user has a group membership linked to is queried during a logon. (easily verified utilising wireshark or similar tool).

I’ve already written a quite extensive blog post on how to set up and configure user farm mapping which you can view HERE so I’m not going to repeat the basics. However the basic framework of the configuration is as below.

So with this snippet of code looking through UserMapping1-3 if I was a user of group-hk when I logged in mapping 1 and 2 would apply and queries to those farms would be sent but not to the farm in mapping 3, as I’m not a member of group-UK.

Its worth noting that within our design from the old infrastructure upto 5 user groups would apply to some of the farms so within our StoreFront configuration we had around 100 seperate user farm mapping code blocks, which during testing there was no noticable performance issues or errors due to the extremely extensive UFM configuration.

StoreFront Server domain mismatch and XML brokering
Another complication of the design is that as the solution was global the StoreFront servers sat in a different domain to those of the majority of the users logging in and backend XenApp/Xendesktop servers.

There is an issue/feature which presents itself when using SSO from within receiver. When logging in with SSO from a desktop your group memberships are gathered from your endpoint and sent through to IIS on StoreFront which is in Domain1 for example. Now if your user groups that you have utilised for user farm mapping or just even application access are domain local groups in Domain2 (where the user account and XA/XD servers are) these are not visable to the StoreFront servers IIS instance which results in no apps being displayed.

This does not occur using standard browser access as the authentication method is different.
In order to resolve this issue  the Citrix article outlined here which changes the enumeration of the groups to SID’s from IIS to the Citrix XML service is required.

Automation is key (sort of)
Now for everyones sanity during this project we tried to automate the build process as much as possible however it was troubled slightly by some less than desirable powershell cmdlet’s. As a consultant I make extensive use of the Microsoft Deployment Toolkit (never leave home without it) so we already had the basic StoreFront install in the bag however what it didn’t do was set up the stores or additional farms so I fleshed out the script to include all the farms that we needed to add along with the initial configuration.
The basic install of Citrix StoreFront is the below batch script.

@ECHO OFF
REM Set variables
SET SOURCE=%~dp0
SET SOURCE=%SOURCE:~0,-1%
IF NOT DEFINED LOGDIR SET
LOGDIR=%SystemRoot%\TEMP
ECHO – Installing Citrix StoreFront
START /WAIT CitrixStoreFront-x64.exe
-silent
ECHO – Disable IIS Logging to reduce
excessive logging (enable for troubleshooting)
%windir%\system32\inetsrv\appcmd.exe set
config /section:httpLogging /dontLog:True

Then we switched over to powershell for the rest of the configuration which could be invoked from the batch file by using “powershell.exe -exec bypass -file c:\script\location”.

# Set variables
# SET SOURCE=%~dp0
# SET SOURCE=%SOURCE:~0,-1%
# IF NOT DEFINED LOGDIR SET LOGDIR=%SystemRoot%\TEMP

Echo – Importing Citrix Powershell Modules

cd ‘c:\program files\citrix\receiver storefront\scripts’
./importmodules.ps1

# ./c:\program files\Citrix\Receiver\Scripts\importmodules.ps1

ECHO – Configuring Citrix StoreFront

set-dsinitialconfiguration -hostbaseurl https://LB.company.com -farmname “farm1” -port 80 -transporttype HTTP -sslrelayport 443 -servers @(“xenapp01.company.com”) -loadbalance $false -farmtype XenDesktop -storevirtualpath /Citrix/Company -webreceivervirtualpath /Citrix/CompanyWeb

ECHO – Configuring additional Farms

set-dsxdfarm -farmname “farm2” -servers xenapp02.company.com -port 80 -transporttype HTTP

The set-dsxdfarm option can be replicated as many times as you need to script the addition of the XenDesktop sites. This command however has a MASSIVE issue in StoreFront 3.0.1, there is no way to specify what type of delivery controller you are configuring so running the above command will insert every item in as a XenDesktop controller rather than allowing you to chose XenApp or VIAB (lol). Really hope that gets sorted soon.

As I created the enteries for the script using excel and formula’s it was still way quicker and less error prone to do it this way and then go into the c:\Inetpub\wwwroot\Citrix\Store\Web.conf and alter the farm types manually for the XenApp farms than it was to do the whole thing manually.

What in actual fact we ended up doing was copy the entire farm configuration ( signified by the <farmsets></farmsets> tags)from a completed server group and then paste them into the first server within a server group once the initial install and configuration had been completed. This could then be propagated to the other servers within the farm and configured 60 farms within StoreFront by a simple copy and paste action, not exactly slick but it was quick and easy and repeatable!

Prettification!

Within the environment there were two major use cases for StoreFront one being standard fat client access generally through external or internal access and the second was for thin client access. I say thin client but in actual fact most were running a highly locked down version of Windows on a standard desktop but it did the job. We created two stores for these use cases so each store could be modified to suite the use case.

For the thin clients the client wanted as little option as possible for customisation of clicky stuff so in order to do that we configured the following:-

Full Screen launch

Disable session reconnect

Disabled Subscriptions

Configured SSO (single sign on)

Additionally the GUI of Storefront was highly customised to match the clients look and feel, now this I’ll freely admit was fairly new to me at the start of the project but boy did I pick up a lot in this project. I’m still not a css/js code junky but with Chrome developer mode/notepad and luck on my side I know enough to get by. I’m in the process of creating a blog post that explains a bit more on how you can change the UI of Receiver for Web so hopefully someone will find that useful in the future.

Full Screen Launch

Desktops have the ability to launch within a Window which in a thin client use case is often not desired. You can ensure that the Desktops are always launched in full screen mode by editing the Default.ICA file located in c:\inetpub\wwwroot\StoreName\App_Data\default.ica. Then within the Application section of the file insert the below line.

DesktopViewer-ForceFullScreenStartup=true

Disable Session Reconnect

By default, when staff authenticate to a StoreFront instance any disconnected applications or desktops attempt a reconnect option allowing staff to continue where they left off from before. Within the clients environment this is undesired so must be disabled. This can be configured within the web.conf file located in c:\inetpub\wwwroot\Citrix\StoreName\.

Now search the config file for the allowSessionReconnect=”true” statement and change to false.

Disable Subscriptions 

A major part of the StoreFront feature base is the ability to subscribe to your available applications which add’s them to the Favourites folder (also see THIS post on correcting the Americanism’s within StoreFront), for the thin client store the client did not want this. Happily though this is simple and requires no text hacking about in web.conf’s and the like. All you need to do is open up the StoreFront GUI and select the correct store. Then on the right hand window select Disable User Subscriptions.

Configuring Single Sign On 

Within the think client use case SSO is pretty much required for every client let alone this one. This required a bit of a major upheaval though as their desktops were still utilising the now deprecated Online plugin version 12 and when you think about the number of staff etc we are touching with this configuration a simple client upgrade suddenly becomes a bit of a task luckily though that is down to the internal IT department to sort out!  We advised them that an upgrade would be in order and  configured single sign on for a group of test machines in order for the thin clients to login effectively with their local windows credentials. This of course was affected by the XML Broker change we had to make (as mentioned above) in order for remote domain local group memberships to be enumerated correctly on the endpoints. Configuring Single Sign On has not really changed that much in recent history and there are plenty of step by steps to configure that if needs be (See here for the process which talks about it along side Desktop Lock).

Little Critters!

During our design and deployment phase we did come across a bug which menaced us utilising user farm mapping. We worked with Citrix engineering who provided us a hot fix for it. The bug in question presents a Cannot Complete Your Request error when a user logs in to a StoreFront store that has user farm mapping configured for certain circumstances. Additionally within the StoreFronts event viewer a log is created that states “an item with the same key has already been added”

This came about with one or two of the technical users within the pilot phase because they were assigned twice to a static delivery group within a single XenDesktop site. Where normally without user farm mapping the user would be presented with two desktops with the same name (except with the 1/2 monitor ) user farm mapping had a bug where it could not parse the duplicate entries it saw within the responses from the XenDesktop brokers. There is a Bug filed for StoreFront 3.0.1 within Citrix for this (BUG0622730) so if you come across this then refer to that bug and hopefully they’ll send you the private hot fix. I understood that they were looking to implement this in latter versions of StoreFront but I’ve not had the time to test if this has been resolved in StoreFront 3.5.

Summary

I think I’ll leave that here for this post I’ve tried to include the major points of interest from the project in delivering Citrix StoreFront to a large number of user and by and large it was a simple process with the exception of creating the user farm mapping configuration that was extraordinarily tedious but worked very well. Some elements of user farm mapping are now including in the GUI however this will only really suit aggregation or failover of resources for something more complicated you’ll still need to start crafting text configuration and its worth noting that as soon as you do that the StoreFront GUI locks out the ability to manage the controllers, no doubt fearing that someone will change something in the GUI that will mess up the ufm configuration royally.

I was pleasantly surprised how well the virtual hardware withstood the increase until failure test’s which pushed the logon’s per second way past the sizing guidelines given by Citrix and that the extensive user farm mapping did not cause any delay in login actions, however I will be watching the powershell and automation options for StoreFront closely as that did cause us some undesired manual steps which would have been far better if automation was an option.

This blog post isn’t meant to be any sort of design guide for anyone rather than some pointers for the major decisions we made during the design and deployment although this by no means outlines all of the design just some of the more interesting elements. Anyway thanks for reading and as always comments welcome.

Author: Dale Scriven

So I’ve written previously a script (HERE) that allows you to easily tighten security on your Citrix NetScaler and score that all important A+ rating on Qualsys’s SSLlabs.com. This script has worked fine for a new revisions of the Citrix NetScaler that was up until firmware the new 11.1 release.

Running the old script on SSLlabs.com on Citrix NetScaler 11.1 now gets you a year A- rating and while thats still pretty good we know we can do better.

This script has been updated to utilise the SSL profile feature a little more within the NetScaler Gateway component.

As before there are a number of variables to change within the script to match your environment.

%NSG_NAME% you will need to find and replace all instances of this with the name of your NetScaler Gateway VIP.

%PUBLIC_IP% you’ll need to substitute this for your external public IP such as 208.67.222.231 or similar

%GROUP% this one will have to be changed to either show VPX_GROUP or MPX_GROUP depending on which NetScaler appliance you are running this against.

Once you have changed the variables fire up a putty session and copy and paste the script into the ssh session. Now obviously being a script and publicly available you need to test it within your environment to ensure compatibility and I cannot take responsibility etc for any failures of the script but it has worked perfectly in my numerous tests so you shouldn’t have any issues either.

set ssl vserver %NSG_NAME% -ssl3 disabled -tls11 enabled -tls12 enabled

create ssl dhparam DH-Key 2048 -gen 2

add ssl cipher “MPX_Group”
add ssl cipher “VPX_Group”
bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-DSS-AES-256-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-DSS-AES-128-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-ECDHE-RSA-DES-CBC3-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-ECDHE-RSA-AES256-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES128-GCM-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES256-GCM-SHA384
bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES128-GCM-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES256-GCM-SHA384
bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES128-GCM-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES256-GCM-SHA384
bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES-256-SHA384
bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES-256-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-AES-128-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES-128-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1.2-DHE-RSA-AES-256-SHA256
bind ssl cipher “MPX_Group” -cipherName TLS1-AES-256-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName TLS1-AES-128-CBC-SHA
bind ssl cipher “MPX_Group” -cipherName SSL3-DES-CBC3-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1.2-ECDHE-RSA-AES-128-SHA256
bind ssl cipher “VPX_Group” -cipherName TLS1-ECDHE-RSA-AES256-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1-ECDHE-RSA-AES128-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1-DHE-RSA-AES-256-CBC-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1-DHE-RSA-AES-128-CBC-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1-AES-128-CBC-SHA
bind ssl cipher “VPX_Group” -cipherName TLS1-AES-256-CBC-SHA
bind ssl cipher “VPX_Group” -cipherName SSL3-DES-CBC3-SHA

unbind ssl vserver %NSG_NAME% -cipherName ALL
bind ssl vserver %NSG_NAME% -cipherName VPX_Group
bind ssl vserver %NSG_NAME% -eccCurveName ALL

add rewrite action act_sts_header insert_http_header Strict-Transport-Security “\”max-age=157680000\””
add rewrite policy pol_sts_force true act_sts_header
bind vpn vserver %NSG_NAME% -policy pol_sts_force -priority 100 -gotoPriorityExpression END -type RESPONSE

set ssl parameter defaultProfile e
add ssl profile ssl-reneg -dh ENABLED -dhFile “/nsconfig/ssl/DH-Key” -eRSA DISABLED -sessReuse ENABLED -sessTimeout 120 -denySSLReneg NONSECURE
set ssl vserver %NSG_NAME% -sslProfile ssl-reneg
add certAction ca1 -twoFactor ON
add certPolicy cp1 ns_true ca1
add authorization policy certauthorize “REQ.SSL.CLIENT.CERT EXISTS && REQ.IP.DESTIP == %PUBLIC_IP%” ALLOW
unbind ssl profile ssl-reneg -cipherName All
bind ssl profile ssl-reneg -eccCurveName P_256
bind ssl profile ssl-reneg -eccCurveName P_384
bind ssl profile ssl-reneg -eccCurveName P_224
bind ssl profile ssl-reneg -eccCurveName P_521
bind ssl profile ssl-reneg -cipherName %VPX_Group% -cipherPriority 1

Once the script has run then head over to SSLLabs.com and test your site you should now find you get a lovely healthy looking A+ rating.

Author: Dale Scriven