NetScaler VPX Firmware Update 8015 series or 10 Series Procedure

VPX appliance upgrade Procedure:

Backup Procedure:

1. Backup the NetScaler VPX before upgrade as follows:

      i. Log into NetScaler VPX command line interface through Putty Session by entering username and password

      ii. Save the NetScaler configurations by running the command  

            >save nsconfig

      iii. Create the backup file by running the command

            >create system backup NS01_02_10_2018 -level full 

      iv Now, type "Shell" in order to login to the root of NS VPX

      v  Navigate as follows

          > cd /var

          > ls (notice that you will see a folder created as "ns_sys_backup" )

          > cd ns_sys_backup

          > ls (notice that the backup file will be created with .tgz extension Ex:  NS01_02_10_2018.tgz)

Note: You can perform above steps through GUI as follows:

1. Login to NetScaler VPX through GUI 

2. Click on Configuration Tab and Expand System

3. Click on Backup and Restore

4. Select Backup on the right side

5. Enter file name:  NS01_02_10_2018

6. Type: Full

7. Select Backup and it will create the backup file.

Upgrade Procedure:

1. Download firmware update from mycitrix.com

2. Extract the zip file to a folder: Command: tar –zxvf build-12.0-56.20_nc_32.tgz

3. Upload the firmware update entire folder to the netscaler VPX appliance using WinSCP at the following location /var/nsinstall/build-12.0-56.20_nc_32

4. Log into Net Scaler VPX through Putty session, after entering username and password, type as follows

> Shell

> cd /var/nsinstall

> cd build-12.0-56.20_nc_32

> ./installns

Note: That sometimes permissions are denied error. Change the permissions of the file

> chmod +x ./installns

Verify  whether permissions are applied or not by typing the following command

> ls -l

> ./installns ( this command will begin the installation)

Message appear that to reboot the applicance [Y / N] - Y

If you miss that message. then, go back to the main page and type the command as follows to reboot the appliance. 

> reboot [-warm]

After some time verify by logging into the appliance through browser and check whether update is successful or not.

Note: You can perform above steps through GUI as follows:  

1. Download Netscaler Gateway Firmware update 12.0 Build 56.20 to local workstation downloads

2. Log into Netscaler VPX portal through browser

3. Click on Configuration Tab

4. Under System Information, Click on System Upgrade

5.  Under Select Firmware Option > Choose File > Make sure Local is selected

6. Select the file from downloads

7. Uncheck "Enable Call Home" and Select " Reboot after successful installation"

8. Click on Upgrade

End of Procedure

Cannot start app "application name" Xendesktop/ Xenapp 7.5/7.6/7.7/7.8

Issue:

Working on Citrix XenApp 7.7 - Configured Storefront, Delivery Controller and Configured Server VDA, Installed application and Created Machine Catalog and delivery group.I can see the machine as registered in citrix studio.
Now when I am tried to launch the application through store front url, getting an error called - Cannot Start App "Application name"?

In our case, I implemented the following solution as I saw the following error message in one of the delivery controller

Event ID is 2100

General :

The Citrix Broker Service failed to validate a user's credentials on an XML service.
Verify the trust relationships between your domains.

Error details:
User:  ''
Error: 'AccessDenied'
Message: 'ID only credentials received but TrustRequestsSentToTheXmlServicePort=false'
Stack Trace: ''

Solution I implemented is as follows:

Logged into both Citrix Delivery Controllers and Launch Powershell from Citrix Studio

Ran the following commands on both delivery controllers.

1. Add-pssnapin Citrix*
2. Set-brokersite -TrustRequestsSentToTheXmlServicePort $True
3. Get-BrokerSite

Now launched the application without any issues from storefront URL.

Thank you
Kesavpani Patnala

MS outlook not launching within New VDI environment

Encountered the following issue when standing up VDI Environment.

1.       Outlook was not launching.

2.       Checked with Exchange team and networking team on whether the mailboxes are created or not and all required ports are opened or not for outlook and lync to access as inbound and outbound access are tightly restricted between firewall.

3.       For Exchange team we found out that some mail accounts are created as deskless workers (outlook web access) they cannot use the outlook client.

4.       We checked common ports like 25(smtp), 135(msrpc), 443(https), 993(imaps), 995(pop3s), 7575, 7576, 7830 and dynamic ports range 60000+

5.       Checked for Lync port required are 5061 and 443 and made sure we opened a firewall request to network team to open the required outlook and lync by providing the server name and port numbers

6.       Exchange team changed the deskless workers to standard mailboxes (MBX=5GB; Type=EP2D)

Telnet test from the VDI desktop to 10.XX.XXX.XXX on ports 135, 443, 993 and 995 all worked fine.

However telnet tests on ports 80 and 25 failed.(Do we need it for outlook connectivity?)

SO I’m not sure if this is a firewall issue or an Outlook issue.

Telnet command : telnet 10.XX.XX.XX 135

7.       Firewall ports are opened Now(read the attached email chain). the final troubleshooting helped the issue resolved which is as follows.

8.       Under Citrix Policies on Xendesktop 7.6,  - “!ctx_localappdata!\Microsoft\Outlook” is in the Exclusion list – directories – Removed it from the policies

9.       This change helps to create a folder for users profile(wmantooth is the user name) location - D:\Users\CitrixProfiles\wmantooth.Domain\Win7x64\UPM_Profile\AppData\Local\Microsoft\Outlook\wmantooth - wmantooth.ost

10.   User logged into VDI Desktop and followed the attached instructions(Outlook access) and user was able to log into outlook.

!!!Walla!!!!!

Citrix Licensing in Citrix Presentation Server 4.0

I had a task to find out how many licenses are available on a Metaframe Presentation Server 4.0.

1. Got access to Mangement console to Metaframe Farm.
2,. Right click on the Farm and select "Properties"
3. Click on License Server Tab on Farm Properties.
4. License Server information is specified along with port number 27000
5. Log into License Server and go to the path: C:\Program Files\Citrix\Licensing\LS - You will see list of Citrix License Commands.
6. On the same server, go to path: C:\Program Files\Citrix\Licensing\MyFiles, you will see the actual license files ending with .lic
7. Open Command prompt in Administrative Mode and type the following command
      "lmstat -c @localhost -a
The output of lmstat -c@localhost -a looks similar to:

License server status: 27000@license_server1 
License files on license_server1: C:\Program Files\Citrix\Licensing\MyFiles\citrix_startup.lic:  
C:\Program Files\Citrix\Licensing\MyFiles\citrixlic_20031001094430.lic:  
 
license_server1: license server UP (MASTER) v9.2  
 
Vendor daemon status (on license_server1):  
 
CITRIX: UP v9.2  
 
Feature usage info:  
   Users of CITRIX: (Total of 5000 licenses issued; Total of 1 license in use)  
     "CITRIX" v2002.0101, vendor: CITRIX  
     floating license  
       MPS mps_server1 MPS MPS_ENT_2004.0227 (v1.0)  
       (license_server1/27000 101), start Tue 3/16 16:59  
 
   Users of MPS_ENT_CCU: (Total of 30 licenses issued; Total of 1 license in use)  
     "MPS_ENT_CCU" v2004.1201, vendor: CITRIX  
     floating license  
     MPS mps_server1 MPS 25fb337e:MPSCLIENT  
     (v2004.0227) (license_server1/27000 203), start  
     Wed 3/17 11:56

Also , If you open .lic file with a word pad and search the document with "CM-" or "LA-" you will get information related to license like who purchased citrix license? what is the start up date? what is the serial number so that when we call citrix we can refer to that serial number.

In my case, the output is as follows.

SERVER this_host HOSTNAME=
VENDOR CITRIX
USE_SERVER
INCREMENT MPS_ENT_CCU CITRIX 2007.0601 permanent 100 \
VENDOR_STRING=;LT=Retail;GP=720;CL=ENT,ADV,STD,AST;SA=1;ODP=0 \
DUP_GROUP=V ISSUED=07-Feb-2007 NOTICE=Sensormatic \
SN=CM-XXXXXXX-XXXXX:804308 START=5-feb-2007 SIGN="0A69 3E8D \

One more useful command is lmhostid - this will give the FLEXlm host ID of the machine.

I Hope this article is informative and forgive me for any mistakes. 

Visual Effects - Windows 7 XenDesktop VDI Optimization - Group Policy

I encountered an issue after we build XenDesktop 7.6 Desktop OS Pooled (Random) and (Static) VDI Desktop. Users complained about slow performance. I searched for best practice and thanks alot to Terry, i applied the following settings in our GPO and it worked wonders. 

By default, performance options of Windows 7 is best appearance.

However, domain users cannot modify the performance settings. I should assign the Group Policy to modify performance options for all users.

1. At Domain Controller, log in as Domain Administrator.

2. Launch "Group Policy Management".

3. Right-click a group policy which is assigned to the users, select "Edit".

4. Expand "User Configuration > Policies > Administrative Templates > Control Panel > Personalization".

5. At right pane, double-click "Load a specific theme".

6. Select "Enabled".

7. Under "Path to theme file", type "%Systemroot%\Resources\Ease of Access Themes\basic.theme".

8. Click "OK".

9. At left pane, expand "Preferences > Windows Settings > Registry".

10. Right-click "Registry", select "Registry Item".

11. Next to "Action", select "Update".

12. Next to "Hive", select "HKEY_CURRENT_USER".

13. Next to "Key Path", type "SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VisualEffects".

14. Under "Value name", type "VisualFXSetting".

15. Next to "Value type", select "REG_DWORD".

16. Next to "Value data", type "2".

17. Click "OK".

18. Close "Group Policy Management Editor".

As a result, when a domain user logs in the Windows, the user will be assigned best performance setting of performance options.

Remark: "Windows 7 basic theme" will be applied to a domain user who first logs in.

Remark: If the "Load a specific theme" setting is not applied correctly on a computer, please read the following web site and install the Hotfix.

The "Load a specific theme" Group Policy setting is not applied correctly on a computer that is running Windows or Windows Server 2008 R2

http://support.microsoft.com/kb/980628

Courtesy: http://terrytlslau.tls1.cc/2011/06/configuring-performance-options-of.html

McAfee Issue - Z drive Mapping Issue - Resolved - Citrix XenApp 6.5

Issue: We have 8 Citrix XenApp 6.5 Servers which a Published Desktop configured on it – A total of 75 production users connect to them daily. Users started to experience severe latency in their applications from published desktop and also unable to see z drive and also unable to log into desktop itself, getting access denied error as well.

Troubleshooting and Root Cause: Found out that Cyber Security Operations team installed/ pushed McAfee Virus Scan Enterprise (VSE) / McAfee Agent on all citrix servers

Resolution:

1.       Reached out to security operations team and co-ordinated the effort to uninstall McAfee VSE / McAfee Agent from all citrix servers

2.       While security operations team uninstalled McAfee VSE remotely from their console. I uninstalled Mcafee Agent manually from all the citrix servers as follows as I was getting error “McAfee Agent Cannot be removed while it is in managed mode”

3.       Stopped/ Disabled McAfee related services - Framework Service, McAfee McShield, McAfee Task Manager, McAfee Validation Trust Protection Service,

4.       Killed McAfee Service – McTray.exe *32 (Mc tray Application)

5.       Launched Command Prompt in Administrative Mode and went to the path: C:\Program Files (x86)\McAfee\Common Framework\ then type command “FrmInst.exe /remove=agent” (without quotes)

6.       That is how McAfee agent removed successfully from all machines. Now, I need to take care of Z drive issue which was resolved by going to registry location on each citrix xenapp 6.5 server - HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\ICA Client\Engine\Configuration\Advanced\Modules\ClientDrive

7.       Changed the NativeDriveMapping Reg_sz from FALSE to TRUE

8.       Asked used to log off and log back now, they were able to see the Z Drive.

!!! Walla !!!!

Mapped Network Drives Xen App Published Desktop

First configured the mapped network drive at the Domain GPO Level by logging into GP Management > Group Policy Objects

User Configuration > Preferences > Windows Settings > Drive Maps > All Tasks and Created New Drive Mapping

Selected Action "Create"
Selected Location: \\Server Name\ Folder Name
Reconnect Checked and Label As " folder name"
User Drive letter
Show All Drives
Clicked on Common Tab and Run in logged on user's security context. 
Click OK - Refreshed GPO and Refreshed Domain GPO
Logged on to the server and Ran GPUpdate /force
Made sure GPO status as enabled.

Now logged on storefront URL and clicked on Desktop

Desktop tried to launch but got error " to log onto this box, you should be in remote desktop users group"

Even though, i am in the users list on the published desktop app in app center. Logged into both servers and added my test account to remote desktop users group.

Now logged off and logged back in again and launched published desktop, i was able to log in, but i was unable to see the drive i have configured through GPO. 

Went back to my GPO, clicked on Common Tab again and i have to select "Item-level targeting" and click on Targeting..

Courtesy: Found it in MS Tech Net Blog. Link is mentioned below.

http://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx

Click on “New Item” and select “Security Group” and select “Domain Users” group.

Make sure Domain Users group is in the Remote Desktop Users group or not. 

Now Save my GPO and Refreshed GPO. 

Now Logged into storefront URL and launched Published desktop. 

I am able to log in to published desktop. when i opened windows explorer, i can able to see the drive. 

but when i click on it, i was getting "Access Denied" error. 

Checked Shared and Folder level permission on the shared drive. 

Applied my test account read / write access to both shared level and folder level permissions. 

Now logged off and logged back in. I was able to see the drive from published desktop and also able to access. 

Success

But, this solution is not useful for my particular scenario. As my end users are from a different domain controller access the server in a different domain controller. Then thought of logon script. Whoever log onto the server will be able to access the share drive using logon script.

Created a simple batch file using net use command to map network share drive

@echo off
net use X: "\\network shared drive" /persistent:yes

Courtesy: Found it in one of the blogs as follows

****Try creating a batch file to issue the Net Use command and place it here:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Edit: Note when you open Notepad to create the file make sure you use "Run as Administrator" or it won't let you save the the directory above. Also if your network path has spaces be sure to enclose it in " ". ******
and kept in to the windows start up.

C:\programdata\microsoft\windows\start menu\programs\Startup

Now whoever log on to this server will be mapped to this share drive and if they have permission, the drive will be mapped and was able to access. If they don't it will simply say access denied and it won't even show up in the windows explorer.

We can also map the network drive and place it in the domain controller / Net Log on Scripts and configure under User profile in Active Directory in User Profile Tab.

Courtesy: helpdesk.egnyte.com

Thanks alot

Full Link is as follows: https://helpdesk.egnyte.com/hc/en-us/articles/201638304-Mapping-a-drive-using-a-net-use-command-and-logon-scripts-for-domain-users

Examples of logon scripts that can be used in AD

Auto map network drives on login for all users

1. Save the following batch file to the domain controller's NETLOGON share as logon.bat:
   @echo off
   net use * /delete /yes
   net use x: \\server_name\shared_directory_name
2. Active Directory Users and Computers
3. Right click domain name at top left and click Properties > Group Policy > Edit > User Configuration > Windows Settings > Scripts (Logon/Logoff) > Logon > Add...
4. Enter path to logon.bat (e.g., \\ACME.local\sysvol\ACME.local\scripts\logon.bat) and click OK three times
5. Login from workstation. Drive x: should appear in My Computer.

Auto map network drives on login for certain users:

1. Save the following batch file to the domain controller's NETLOGON share as logon.bat:
   @echo off
   net use * /delete /yes
   net use x: \\file_server_name\shared_directory_name
2. Active Directory Users and Computers > Users > Double click user > Profile
3. Enter "logon.bat" (no quotes) in the "Logon script" box and click OK
4. Login from workstation as user modified in step 2. Drive x: should appear in My Computer.

For Server 2008 Domains, there is an option using Group Policy Preferences

The following article will provide more information regarding map drive with GPP

 http://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx