Monthly Archives: July 2010

XenApp Web Interface True Passthrough Authentication

Posted on by
Reply

It’s always something that seemed to be quite tricky and hard to find out exactly how to do – enable single sign on and true passthrough authentication in the Web Interface.

Typically an administrator would enable passthrough in the web interface settings. This would allow a user to bring up the web interface and see their applications, however upon launch the user would be presented a MS GINA based prompt for credentials. The end result is if they don’t enter credentials into the web interface they just have to do it at the MS prompt.

Here is the solution:

Depending on the client the steps vary, but here are the steps for 12.x of the client:

  1. Add the web interface to the trusted sites
  2. Add the SSOnRegUpx32 or x64 registry key (can be found here http://support.citrix.com/article/CTX124871)
  3. Either globally or just on the client inject the ICACLIENT.ADM administrative template extension to group policy. Then enable the local username and password setting. Here’s a detailed explanation: http://support.citrix.com/article/CTX124871
  4. Configure Passthrough authentication at the web interface setting

This worked for me and I hope it works for you too!

Citrix Support Tools – Master List

Posted on by
1

Citrix has a huge number of utilities and support tools. So many that it’s hard to keep track. That was until I found this awesome list:

http://community.citrix.com/display/ocb/2010/07/16/Complete+List+of+Citrix+Support+Tools

Troubleshooting Tool Name Download Link Overview & Demo Video Blog
UPM Log Parser Tool CTX123005 CitrixTV Video Blog
CDFMarker Tool CTX124577 CitrixTV Video Blog
SsOnExpert Tool CTX124918 CitrixTV Video Blog
XDPing Tool CTX123278 CitrixTV Video Blog
Logoff Sessions Tool CTX124949 CitrixTV Video Blog
Quick Launch Tool CTX122536 CitrixTV Video Blog
MedEvac Tool CTX107935 CitrixTV Video Blog
Printing Tool CTX122962 CitrixTV Video Blog
XenApp 6 Migration Tool CTX125471 CitrixTV Video Blog
CDFAnalyzer Tool CTX122741
CDFControl Tool CTX111961
ICA File Creator Tool CTX113472
License Path Utility Tool CTX111344
Port Check Utility Tool CTX122450
Profiler Template for SQL 2000 Tool CTX120629
Profiler Template for SQL 2005 Tool CTX120630
XenAppPrep Integration Utility for XenApp and PVS Tool CTX116063
Client IP Extraction Module – ISAPI – for use with NetScaler CTX119347
CTX_SmaUser Re-creation Tool CTX117330
CtxCPMDiag – For Password Manager Agent CTX124811
CtxHideEx32 CTX110341
CTXReports CTX119955
CtxsLicChk – Citrix License Check Utility CTX123935
DSCHECK – XenApp Data Store Checker Tool Commands CTX124406
DSCHECK Version 5.15 CTX117329
DSInfo 1.2 CTX114916
DSRepCheck – SQL Replication Test Tool – For XenApp 6 CTX124815
DSView CTX106232
EdgeSight Database Size Estimation Tool CTX122146
EdgeSight Load Testing XenApp Using Office 2007 CTX122568
Enabling Remote Installation for Citrix Receiver CTX121355
Endpoint Analysis Antivirus Scan Package Autoupdate Scripts CTX111343
FTACLN CTX106280
HDX Experience Monitor for XenDesktop CTX123058
Health Monitoring and Recovery Test Pack CTX123197
JetTest CTX116532
LBDiag – XenApp 6 Load Balancing Diagnostic Tool CTX124446
MFCOM to Powershell Script Searcher CTX125089
MigrateToSqlExpress CTX118693
NetScaler CPU tight-loop (LCT) monitor CTX121569
NetScaler CPU Usage Conditional Profiler CTX121568
Nsconmsg to Excel Tool CTX122317
PDBFinder for 32-bit and 64-bit Platforms CTX110629
Print Detective CTX116474
QueryDC CTX106317
SQL Replication Test Tool Version 4.2 CTX111656
SysPool Tool CTX122204
SystemDump 3.1 for 32-bit and 64-bit platforms CTX111072
TSUserLog CTX114179
Wireshark for Netscaler CTX122318
XenApp Console Discovery Repair CTX124805
XenApp Template for BGInfo CTX121339
XenDesktop 4 Client Identity Pack CTX124963
XenDesktop Client Identity Utilities CTX120323
XenDesktop Session Parser CTX124012
XenDesktop VDA Farm Changer CTX124379
XenServer Database Tool CTX121564
XenServer Workload Balancing Administration Tool CTX125365
StressPrinters 1.3.2 for 32-bit and 64-bit Platforms CTX109374
MessageHistory 2.0 for 32-bit and 64-bit platforms CTX111068
WindowHistory 4.0 for 32-bit platforms CTX106985
ScreenHistory 1.0 for 32-bit and 64-bit platforms CTX113046
Repair Clipboard Chain 2.0.1 CTX106226
WindowHistory64 4.0 for x64 platforms CTX109235
WindowHistory Mobile Version 2.2 CTX110775
TestDefaultDebugger v1.0 for 32-bit and 64-bit platforms CTX111901
ADSCleaner 2.0 CTX108542
ProcessHistory v1.1 for 32-bit and 64-bit platforms CTX111408
Citrix DumpCheck Explorer Extension version 1.4 CTX108825
Citrix DumpCheck Utility (Command Line) version 1.4 CTX108890

Citrix Quick Launch Tool – Goodbye Program Neighbourhood

Posted on by
Reply

A lot of newer Citrix Administrators probably think of Program Neighbourhood Agent (PNAgent) when I mention Program Neighbourhood (PN). This is not the same thing, Program Neighbourhood was the original Citrix Presentation Server and Metaframe (now XenApp) Client. It was a manually configured client the relied on the administrator to point it to a farm for enumerating applications. Compare this to the PNAgent which communicates with a Web based Citrix XenApp services site, for its easier centralized configuration.

One may ask why do we care about the Program Neighbourhood client then? The reason is, it is really useful when troubleshooting. Because it is manually configured it can test whether an issue lies with the Web Interface, or something more troublesome with the actual XenApp farm. It also allows for a more varied method of testing giving quick and easy control to the administrator.

So with the Program Neighbourhood being gone I often found my troubleshooting a bit more complicated. That was until I found out about the Citrix Quick Launch tool. It allows a administrator (or user) to access applications quickly and directly and bypass dependency on any web interface or pnagent sites.

Hope it helps you too! Here is the link to the tool:

Citrix Quick Launch Tool – CTX122536

Port Requirements – Citrix Xenapp and other services behind a firewall!

Posted on by
Reply

I recently had a project which required an element of high security causing many of the Citrix XenApp servers to be isolated behind firewalls and from each other, yet still need full functionality. I found this article which listed the following port requirements very handy!

Original Citrix Article

  • Application Performance Monitoring (powered by Citrix EdgeSight)
    • EdgeSight Agent to Edgesight Server – TCP 80/443 (Payload and alerts)
    • EdgeSight Web console (non-IMA) to RSCorSvc on EdgeSight Agent – TCP 9035
    • EdgeSight Agent internal communication – TCP 9036 (client-side database) NOTE: After EdgeSight 4.5, replaced with IPC)
    • EdgeSight database – SQL 1433 (configurable)
  • Client-side Application Virtualization -
    • Streaming Client to Application Hub (File Server/Share) – SMB 445
  • EasyCall -
    • To client – HTTP(S)-TCP 8443 (PSync)
    • To Admin console (non-IMA) – TCP 443
    • To LDAP Directory- TCP 389
    • To PBX – port varies by vendor
  • Independent Management Architecture (IMA) Services – TCP 2512, 2513
  • Licensing Service – TCP 27000, 27009 (configurable) – NOTE this has now changed that version 11.6.1 of the license server uses 27000 and a configurable port for the Vendor Daemon, defaulting to 7279 and Licensing administration port is 8082
  • Server-side Application Virtualization
    • Management Console (Using IMA) – TCP 2512, 2513
    • Application requests – TCP XML 80, 8080 or 443 (configurable)
    • Access to Applications Virtualized on the Server – ICA-TCP 1494, 2598 (Session Reliability)
  • Single Sign-on (powered by Citrix Password Manager)
    • Management Console (non-IMA) or Agent to Password Manager Service – TCP-443
    • Management Console (non-IMA), Agent or Service to credential store
      • Network File Share Credential Store – TCP/UDP 445 (CIFS) or TCP/UDP 135-139 (NetBIOS)
      • Active Directory Credential Store – TCP/UDP – 389, 636, TCP – 3268, 3269
      • Novell File Share Credential Store – TCP/UDP – 524
  • SmartAccess (powered by Citrix Access Gateway)
    • Standard and Advanced Edition
      • Client connections- TCP-SSL 443 (configurable)
      • Advanced Access Control (AAC) to Appliance communication – TCP 80 or 443 (configurable), 9001, 9002, 9005
      • Management Console
        • to Appliance (non-IMA) – 9001, 9002, 9005
        • to AAC – IMA-TCP-2513
    • Enterprise Edition
      • To client – SSL-TCP 443
      • To internal network – SSL-TCP 443, Native Authentication port (i.e. RADIUS 1812, LDAP 389), Native application ports (i.e. ICA-1494)
      • Management console (non-IMA) – SSH-TCP 22, HTTP(S)-TCP 80/443
  • SmartAuditor -
    • Management (non-IMA) – Use local console on Agent or on Server.
    • Agent to Broker (Recording and Policy Check) – TCP 80/443 (configurable)
    • Player to Broker – TCP 80/443 (configurable)
    • Agent to Server (Metadata and Video)- Microsoft Message Queuing,
      • Default – TCP: 1801; RPC: 135, 2101*, 2103*, 2105*; UDP: 3527, 1801 (*These port numbers may be incremented by 11 if the initia choice of RPC port is being used when Message Queuing initializes. A connecting QM queries port 135 to discover the 2xxx ports.)
      • Over SSL- TCP 80,443
  • WAN Optimizer -Guidance provided was to get it from Admin Guide
    • Appliance to Appliance – Pass-through native application port (e.g. ICA-1494, HTTP-80, LDAP-389)
    • Management Console (non-IMA) – TCP 80
    • Client to Appliance – TCP 443
  • Web Interface
    • Client connections – TCP 80/443 (configurable)
    • Server-to-server – TCP XML 80/8080, 443 (using SSL Relay)
    • Management console (partially IMA) – DCOM 135 (+ configurable high port range), IMA-TCP 2513, TCP 80/443

Another excellent article for working with firewalls and Citrix Communication is this article. It’s a little old but still very useful.
CTX109929 – Citrix Access Suite 4.2 Connections

Citrix Delivery Services Console: Unknown Error Occurred and Can’t Display Users?

Posted on by
2

Just ran into this issue which has popped up from time to time.

Sometimes when trying to view user sessions in the access management console, the console fails to display any users but rather displays an error message:

“An error occurred. Try performing the task again. If the problem persists, contact support.”  Then under details “Unknown error occurred”

This typically indicates the console is having trouble enumerating users or getting valid data back from the data collector. I then found that clicking on each individual server to display users pinpointed which server was not able to provide information as it popped up with its own error unknown message.

I then stopped the IMA service on this server which does not impact users sessions in progress (but will prevent new sessions from being directed to that server). I then ran dsmaint recreateLHC which recreates the local host cache, a subset of the datastore. Then I restarted IMA and made sure the server was back in the farm (verify with the QFARM command).

This then allowed me to discover users on that server, and when clicking on the server folder or top of the farm I could view all users on all servers and not that pain in the butt error!

Other things to check would be the event log on the data collector server, or any issues with communicating with the datastore, or datastore server.

Hope this helps..