Citrix Advanced Troubleshooting PDF

Citrix XenApp 6.
5 Advanced
Administration
Citrix Course CXA-301-1I

2 © Copyright 2011 Citrix Systems, Inc.
Citrix XenApp 6.5 Advanced
Administration
Citrix Course CXA-301-1I
October 2011
Version 1.0
Table of Contents
Module 1: Troubleshooting the XenApp Environment ................................... 13
About Coolidge Consolidated Holdings, Ltd. ........................................................................ 15
Lab Scenario ........................................................................................................................ 16
Lab Environment .................................................................................................................. 17
User Credentials ................................................................................................................... 19
Exercise 1-1: Troubleshooting an AppCenter Issue .............................................................. 20
Replicating the Issue with Citrix AppCenter ....................................................................... 20
Fixing an IMA Service Issue .............................................................................................. 21
Fixing a Citrix AppCenter Permission Issue ....................................................................... 23
Exercise 1-2: Troubleshooting Web Interface and XML Issues .............................................. 25
Troubleshooting Web Site Issues ...................................................................................... 25
Troubleshooting XML Service Issues ................................................................................ 26
Verifying the XML Service Fix ............................................................................................ 28
Exercise 1-3: Troubleshooting Launching a Hosted Application ............................................ 29
Troubleshooting an Application Launch Failure ................................................................. 29
Troubleshooting a Network Issue ...................................................................................... 31
Verifying the Connection Changes .................................................................................... 32
Exercise 1-4: Troubleshooting Streaming Applications ......................................................... 34
Investigating Absent Streaming Applications ..................................................................... 34
Implementing and Verifying a Fix for Absent Streaming Applications ................................. 36
Fixing a Published Streaming Profile Path Issue ................................................................ 36
Fixing an AppHub Permissions Issue ................................................................................ 37
Module 2: Scaling the XenApp Environment ................................................. 39

Exercise 2-1: Preparing to Clone a XenApp Server ............................................................... 41
Creating a Sysprep Answer File ........................................................................................ 41
Preparing the XenApp Server for Imaging ......................................................................... 43
Exercise 2-2: Cloning a XenApp Server ................................................................................ 45
Performing Sysprep on XenAppWorker ............................................................................ 45
Viewing the Results .......................................................................................................... 46
Exercise 2-3: Preparing a XenApp Server for Scripted Configuration .................................... 47
Creating the Powershell Configuration Script .................................................................... 47
Creating the Kickoff Batch File .......................................................................................... 48
Modifying a Sysprep Answer File for a Scripted Configuration .......................................... 49
Exercise 2-4: Performing a Scripted Configuration ................................................................ 51
Performing Sysprep on XenAppController-2 ...................................................................... 51
Viewing the Results of the Scripted Configuration ............................................................. 52
Module 3: Creating Farm Redundancy ......................................................... 53

Exercise 3-1: Load Balancing Web Interface and XML Services Using Citrix NetScaler ........ 55
© Copyright 2011 Citrix Systems, Inc. 5

Setting Up Load Balancing ............................................................................................... 55
Verifying the Load Balancing Configuration ...................................................................... 56
Configuring DNS to the Virtual Servers ............................................................................. 57
Updating the Web Interface Servers to Use the Load-Balanced XML Brokers .................. 58
Exercise 3-2: Testing Load Balancing through Citrix NetScaler ............................................. 59
Testing the Current State .................................................................................................. 59
Simulating Loss of Service to XenAppController-2 and WebInterfaceServer-2 .................. 59
Simulating Complete Loss of the XML Broker and Web Interface Services ....................... 60
Restoring the XML Services .............................................................................................. 61
Exercise 3-3: Installing and Configuring Web Interface on Citrix NetScaler ........................... 63
Installing Web Interface ..................................................................................................... 63
Configuring a XenApp Web Site ........................................................................................ 64
Configuring a XenApp Services Site .................................................................................. 64
Configuring an Auto-Redirect to the Web Interface Site .................................................... 65
Reconfiguring DNS for Web Interface Citrix NetScaler ...................................................... 66
Testing Web Interface on Citrix NetScaler ......................................................................... 67
Module 4: Maintaining the XenApp Environment .......................................... 69

Exercise 4-1: Updating the Mozilla Firefox Streaming Profile ................................................. 71
Viewing Mozilla Firefox ...................................................................................................... 71
Preparing the Firebug Extension ....................................................................................... 72
Modifying a Streaming Profile ........................................................................................... 72
Verifying the Changes in Mozilla Firefox ............................................................................ 73
Exercise 4-2: Performing Data Store Maintenance Commands ............................................ 75
Performing Data Store Maintenance with DSMaint ........................................................... 75
Recreating the Local Host Cache ..................................................................................... 76
Exercise 4-3: Configuring Power and Capacity Management .............................................. 77
Setting Configuration Details Through Group Policy .......................................................... 77
Joining the Servers to the Farm ........................................................................................ 78
Configuring Server Preference and Capacity Limits ........................................................... 78
Creating a Workload Schedule ......................................................................................... 79
Exercise 4-4: Creating a Restart Schedule for the XenApp Servers ...................................... 80
Implementing a Restart Schedule ..................................................................................... 80
Module 5: Optimizing the XenApp Environment ............................................ 83

Exercise 5-1: Enabling Multi-Stream ICA Policies for Specific ICA Traffic .............................. 85
Enabling the Multi-Stream ICA Computer Policy ............................................................... 85
Allowing Users Access to Multi-Stream ICA ...................................................................... 86
Verifying Multi-Stream ICA ................................................................................................ 87
Exercise 5-2: Enabling CPU and Memory Optimization ......................................................... 88
Enabling Memory and CPU Optimization Policies ............................................................. 88
Applying Session Importance to Specific Users ................................................................ 89
Module 6: Optimizing the User Environment ................................................. 91

Exercise 6-1: Configuring Profile Management ..................................................................... 93
Configuring a Profile Share ............................................................................................... 93
Installing Profile Manager .................................................................................................. 94
Configuring Profile Management ....................................................................................... 94
Testing Profile Management ............................................................................................. 95
Exercise 6-2: Profiling an Application Requiring a Service ..................................................... 97
Profiling an Application with a Service ............................................................................... 97
Publishing Bonjour Print Services as a Streaming Application ........................................... 98
Testing and Implementing Support for Windows Service .................................................. 99
Module 7: Optimizing Printing ..................................................................... 103

Exercise 7-1: Verifying Printer Driver Compatibility with XenApp ......................................... 105
Installing Non-Native Printer Drivers ................................................................................ 105
Testing Non-Native Printer Drivers Using StressPrinters .................................................. 106
Exercise 7-2: Replicating Printer Drivers Using PowerShell ................................................. 108
Manually Replicating a Printer Driver Using PowerShell ................................................... 108
Auto-Replicating a Printer Driver Using PowerShell ......................................................... 109
Exercise 7-3: Troubleshooting a Printer Issue with the Citrix Group Policy Modeling
Wizard ................................................................................................................................ 111
Viewing the Existing Policies ........................................................................................... 111
Viewing the Resultant Policy for a User in the Finance Group ......................................... 112
Implementing a Test Fix ................................................................................................. 113
Verifying the Test Fix ....................................................................................................... 113
Module 8: Securing XenApp ....................................................................... 115

Exercise 8-1: Creating and Distributing Root CA Certificates .............................................. 117
Installing Active Directory Certificate Services ................................................................. 117
Creating a Root CA on NetScaler ................................................................................... 118
Distributing the Root Certificate ...................................................................................... 119
Exercise 8-2: Encrypting External ICA Traffic Using ICA Proxy ............................................ 121
Creating a Server Certificate ........................................................................................... 121
Creating and Securing a New Web Interface Site ........................................................... 122
Adding a DNS Entry for Access Gateway ....................................................................... 124
Testing ICA Proxy ........................................................................................................... 124
Exercise 8-3: Restricting External Application Access ......................................................... 126
Implementing a Pre-Authentication Policy ....................................................................... 126
Testing the Pre-Authentication Policy .............................................................................. 127
Exercise 8-4: Encrypting XML Traffic With SSL Relay ......................................................... 128
Creating an SSL Relay Certificate Template .................................................................... 128
Creating and Exporting an SSL Relay Certificate From Template .................................... 129
Configuring SSL Relay .................................................................................................... 130
Updating Web Interface to Use SSL Relay ...................................................................... 131
Verifying the SSL Relay Settings ..................................................................................... 131

Module 9: Monitoring XenApp with Standard Utilities ................................. 133
Exercise 9-1: Using Desktop Director to View Session Data ............................................... 135
Installing Desktop Director .............................................................................................. 135
Viewing Session Data ..................................................................................................... 136
Exercise 9-2: Monitoring XenApp using Performance Monitor ............................................ 138
Restricting Sessions to Use XenAppController-1 ............................................................. 138
Using Performance Monitor ............................................................................................ 139
Exercise 9-3: Monitoring XenApp Using Command-Line Utilities ....................................... 141
Using the QFarm Command ........................................................................................... 141
Restoring Logons to All XenApp Servers ........................................................................ 143
Module 10: Monitoring XenApp with EdgeSight ......................................... 145

Exercise 10-1: Viewing EdgeSight Historical Data ............................................................... 147
Viewing Overall and Specific Category Usage Data ......................................................... 147
Exercise 10-2: Viewing EdgeSight Real-Time Data ............................................................. 148
Measuring Session Logon Times ................................................................................... 148
Monitoring With a Real-Time Dashboard ....................................................................... 148
Creating an EdgeSight E-mail Alert ................................................................................. 149

Notices
Citrix Systems, Inc. (Citrix) makes no representations or warranties with respect to the content or
use of this publication. Citrix specifically disclaims any expressed or implied warranties,
merchantability, or fitness for any particular purpose. Citrix reserves the right to make any changes
in specifications and other information contained in this publication without prior notice and
without obligation to notify any person or entity of such revisions or changes.
© Copyright 2011 Citrix Systems, Inc. All Rights Reserved.
No part of this publication may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording, or information storage and retrieval
systems, for any purpose other than the purchaser’s personal use, without express written
permission of:
Citrix Systems, Inc.
851 West Cypress Creek Road
Fort Lauderdale, FL 33309
http://www.citrix.com
The following marks are service marks, trademarks or registered trademarks of their respective
owners in the United States and other countries.
Mark Owner
Adobe®, Flash®, Acrobat® Adobe Systems Incorporated
Apache® Apache Micro Peripherals, Inc.
AutoCAD® Autodesk, Inc.
Mac® Apple, Inc.
Brother™ Brother Industries, Ltd.
Branch Repeater™, Citrix®, Citrix Access Citrix Systems, Inc.

Gateway™, Citrix Education™, Citrix Receiver™,
EdgeSight®, HDX™, ICA®, NetScaler®, MyCitrix™,
XenApp™, XenDesktop® , Provisioning Services™,
XenCenter™, SecureICA™, SpeedScreen™, Citrix
Developer Network™, AppCenter™, IMA®,
XenVault™
Mark Owner
Active Directory®, Hyper-V™, Internet Explorer®, Microsoft Corporation
Microsoft®, SQL Server®, Windows®, Windows
Server®, Excel®, Outlook®, PowerPoint®, Office®,
Windows 7™, Windows XP™, Windows Vista®,
Remote Desktop Services®, PowerShell®
Firefox® Mozilla Corporation
UNIX® The Open Group
Java®, JavaScript®, Oracle® Oracle Corporation
Pearson VUE® Pearson Education, Inc.
RC5™, RSA™ RSA Data Security, Inc.
Secure Computing®, SafeWord® Secure Computing Corporation
SecurID® Security Dynamics Technologies, Inc.
Toolwire® Toolwire
VMWare®, vSphere™ VMware, Inc.
Wireshark™ Wireshark Foundation, Inc.
Other product and company names mentioned herein might be the service marks, trademarks or
registered trademarks of their respective owners in the United States and other countries.
Credits
Instructional Designers: Jeremy Boehl, Dustin Clark, Ben Colborn, Lydia
Kellman, Karla Stagray
Product Specialist: Andrew Garfield
Graphic Artist: Joshua Jack, Nathan Jackson
Manager: Mike Young
Editor: Kathryn Morris
Subject Matter Experts: Leo Asencio, Amit Baranwal, Fernando Barbitta,

Gary Barton, Jenny Berger, Rob Blincoe,
Marcelo Brosiq, Ronald Brown, Blaise Cacciola,
Hugh Campbell, Mattie Casper, Victor
Cataluna, Ruben Centeno, Hari Chowlur, Mike
Connell, Diane Downie, Allen Furmanski, Bill
Haberkam, Jo Harder, Ann Harmison, Arnd
Kagelmacher, Eric Land, Cris Lau, Fred Liu,
Juliano Maldaner, Brad Moczik, Robert Morris,
Narender Muthyala, Joseph Nord, Nischay P,
Glenn Porter, Elisabeth Reynolds, Andrea
Rutherford, William Ryan, Guna Sekhar, Brian
Sheppard, Leo Singleton, Mark Simmons, Jay
Tomlin, Karthikeyan Vasudevan, Karen Weber,
Chris Wright, Norman Wright, Willie Wright,
Ning Ye, Andy Zhu
Connect with Citrix Education
Become a part of the Citrix Education community today! Stay connected with us, get the latest
updates on our offerings, and let us know how we are doing.
• Facebook - Become a fan of Citrix Education
• Twitter - Follow @citrixeducation
• LinkedIn - Join the Citrix Education group
Visit www.citrixtraining.com to find more information on training, certifications, and exams.
Module 1
Troubleshooting the
XenApp Environment
About Coolidge Consolidated Holdings, Ltd.
Coolidge Consolidated Holdings, Ltd. (CCH) is a large, privately-held financial company that is the
parent company to many smaller banking and investment companies that specialize in different
services that make up the CCH service portfolio. CCH currently has 300 employees who work
directly for the company but has thousands more that work in the child companies. As the parent
company, CCH oversees the child companies to provide a broad range of financial and investment
services to its clients. It also helps to support each child company with business services, including
IT services. The only CCH office is located in San Francisco, California.
CCH has been using Citrix XenApp 6 to host several tactically important applications for their
employees. To address the increasing technical and business needs for the company, the CTO
recently secured funding to upgrade to XenApp 6.5 and expand the XenApp environment to meet
strategic needs within the organization. The CTO also purchased licenses for Citrix Netscaler and
Citrix Access Gateway to augment the functionality and robustness of the environment.
In addition to using XenApp 6.5 for more strategic purposes, CCH management wants to
consolidate the IT infrastructure for all of the child companies by the end of next year. At present,
each of the child companies host and maintain its own XenApp farm and other key pieces of the IT
infrastructure. To lay the foundation for this consolidation, management wants to begin building a
XenApp infrastructure that is easily and quickly scalable.
© Copyright 2011 Citrix Systems, Inc. Module 1: Troubleshooting the XenApp Environment 15
Lab Scenario
CCH does not have the expertise to complete the transition from XenApp 6 to XenApp 6.5 within
the company so they needed to reach out to you, a XenApp Advanced Administrator, to help bring
their environment up to their needs. Due to business needs, CCH needs to get their environment
up-to-speed to fit their needs within the next 5 days. CCH has communicated that there may be a
few pitfalls along the way, so hopefully you are up to the challenge.
CCH’s Citrix team used the Citrix Migration tools to create a copy of their current XenApp 6
production environment into a staging environment running XenApp 6.5. During their migration
they encountered a few hiccups that prevented the environment from immediately coming up.
Unfortunately, an overzealous member of the team began attempting to troubleshoot the issues and
ended up further damaging the environment. They do not know how to recover and need you to
help troubleshoot the environment and bring it back to health.
16 Module 1: Troubleshooting the XenApp Environment © Copyright 2011 Citrix Systems, Inc.
Lab Environment
The following table provides descriptions and roles of each virtual machine in the lab environment:
Virtual Machine Role OS Hostname

DomainController • Domain Controller Windows Server 2008 DC
R2
• SQL Server
• EdgeSight Server
• License Server
• Filer
• Print Server
EndUserSimulator A simulated user Windows 7 EUS

desktop for performing
XenApp and
deployment testing.
NetScaler A Netscaler virtual FreeBSD NS

appliance.
This virtual
machine may
not be
directly
visible in
your
environment.
Profiler-Win7 A virtual machine used Windows 7 P-W7

to profile streaming
Windows 7
applications.
WebInterfaceServer-1 A Web Interface Windows Server 2008 WIS-1

server. R2
WebInterfaceServer-2 A Web Interface Windows Server 2008 WIS-2

server. R2
Virtual Machine Role OS Hostname
XenAppController-1 A full XenApp server, Windows Server 2008 XAC-1
with IMA services. It R2
also is the Power and
Capacity Management
Concentrator.
XenAppController-2 A full XenApp server, Windows Server 2008 XAC-2

with IMA services. R2
XenAppWorker A XenApp server Windows Server 2008 XAW-1

configured for Session- R2
host only mode.
User Credentials
Please use the following credentials as you complete these exercises:
CCH\CitrixAdmin
• Username: CCH\CitrixAdmin
• Password: Password1
• Member of: CCH\Domain Admins; CCH\TestAccounts
• Description: This account was created to facilitate the initial phase of deployment for all Citrix
administrators. When the environment is launched, it will be replaced by specific accounts for
each administrator. This is the account that will be used most often throughout the initial
deployment.
XAC-1\Administrator
• Username: XAC-1\Administrator
• Member of: Local Administrators
• Description: This account is a local administrator for the XenAppController-1 virtual machine.
CCH\Administrator
• Username: CCH\Administrator
• Member of: Administrators; CCH\Domain Admins
• Description: This account is the main administrator in the CCH domain.
CCH\TestAdmin
• Username: CCH\TestAdmin
• Member of: CCH\Domain Admins
• Description: This account simulates a another admin in the farm.
CCH\TestUser
• Username: CCH\CitrixUser
• Member of: CCH\TestAccounts
• Description: This account simulates an account of the average user of the XenApp farm.
citrixadmin@cch.local
• Username: citrixadmin@cch.local
• Description: This account is used exclusively to log on to and manage EdgeSight.
Exercise 1-1: Troubleshooting an AppCenter
Issue
Scenario
Other administrators are complaining that they are unable to connect to the farm with Citrix
AppCenter. You sense it may have something to do with user permissions. You need to verify and
resolve this issue.
Estimated time to complete this exercise: 35 minutes
Replicating the Issue with Citrix AppCenter

Use the XenAppController-1 virtual machine logged in as the CCH\CitrixAdmin user for this task.
1. Log on to the XenAppController-1 virtual machine as the CCH\CitrixAdmin user.
2. Open the Citrix AppCenter and allow for the console to connect to the farm. View any errors
that occurred in the discovery process.
a. Click Start > Administrative Tools > Citrix > Management Consoles > Citrix
AppCenter.
b. Double-click Errors occurred when using XAC-1 in the discovery process and view the
error details.
c. Click Close and then click OK.
After several moments an error appears, specifying that an error occurred. It suggests
checking to make sure that XenApp is installed and that the MFCOM service is running.
3. Navigate to the Uninstall a program control panel and verify that Citrix XenApp 6.5 appears to
be installed correctly.
a. Click Start > Control Panel and click Uninstall a program.
b. Verify that Citrix XenApp 6.5 appears in the list of installed programs.
Citrix XenApp 6.5 is listed as installed along with all of the other XenApp components.
4. Navigate to the Services control panel and ensure that the MFCOM is started. Attempt to
restart the service.
a. Click Start > Administrative Tools > Services.
b. Verify that the Citrix MFCOM Service appears in the list with a Starting status.
c. Right-click the Citrix MFCOM Service and attempt to click the Restart option.
The option to restart the service is not present.
Because you are unable to start or control the service, check for error logs.
5. Navigate to the Error Viewer console and view the Administrative Events. View the displayed
errors.
a. Click Start > Administrative Tools > Event Viewer.
b. Expand the Custom Views node and click Administrative Events.
c. View the General and Details tabs for the errors that appear.
With the large volume of errors in the log, you suspect that the issue is much more serious
than anticipated. You spot an IMAService error which supports your theory.
6. View one of the IMAService errors from the last several days.
a. Find an Error level IMAService event.
b. Double-click the IMAService event.
c. Read the error listed and click Close.
d. Repeat substeps a-c on the nearby IMAService error events.
The errors indicate that it may that the IMA Service is not configured correctly or could
be otherwise broken. The error events state that an ACCESS.mdb file is missing. Because
the IMA Service is integral to the proper functioning of a XenApp farm this issue requires
further investigation.
7. Within the Services console, verify whether the Citrix Independent Management Architecture
service is started and running correctly.
a. Select the Citrix Independent Management Architecture service from the Services
console.
b. Verify that the Status field is empty and Automatic appears in the Startup Type field.
There is an issue with the Citrix Independent Management Architecture. Though it is set
to run automatically, the service is not running.
Fixing an IMA Service Issue

1. Attempt to start the Citrix Independent Management Architecture service in the Services
console.
a. Right-click the Citrix Independent Management Architecture service and click Start.
b. Click OK after viewing the Services error message.
An error message appears specifying that the IMA service could not start.
2. View the log on credentials of the Citrix Independent Management Architecture service.
a. Right-click the Citrix Independent Management Architecture service and click
Properties.
b. Click the Log On tab.
It appears that all settings are set correctly.
c. Click OK to close the Citrix Independent Management Architecture Properties.
Because all the settings of the service appear okay, you need to confirm that the local host
cache is not corrupt.
3. Access the C:\Program Files (x86)\Citrix\Independent Management
Architecture directory and view the file metadata for the imalhc.mdb file.
a. Navigate to the C:\Program Files (x86)\Citrix\Independent Management
Architecture folder.
b. View the file information for the imalhc.mdb file.
The imalhc.mdb file does not exist! It appears that the other administrator was working
in this area and deleted the local host cache database file.
4. Use a command prompt to run the dsmaint command to recreate the Local Host Cache
database.
a. Click Start > Command Prompt.
b. Type dsmaint recreatelhc and press Enter.
c. Verify that the "Recreating LHC database finished successfully" message appears.
5. Use the Services console to start the Citrix Independent Management Architecture Service, and
Citrix WMI Service services.
a. Right-click Citrix Independent Management Architecture Service in the Services console
and select Start.
b. Right-click Citrix WMI Service and select Start.
6. Restart the XenAppController-1 virtual machine.
8. Open Citrix AppCenter and allow the console to discover the CCH farm. View any errors that
occur.
AppCenter.
b. Double-click Errors occurred when using XAC-1 in the discovery process to view the
error details.
An error occurs stating that this user account is not a member of the farm. The
administrator who installed XenApp must have installed it as a local administrator.
Fixing a Citrix AppCenter Permission Issue

Use the XenAppController-1 virtual machine logged in as the XAC-1\Administrator user for this
task.
1. Log off from the XenAppController-1 virtual machine and log back on as the XAC-
1\Administrator user.
2. Use Citrix AppCenter to proceed through the farm discovery process. Do not enable Single
Sign-on. Add the local computer to the discovery.
AppCenter.
b. Click Next, clear the Single Sign-On checkbox, and click Next.
c. Click Add Local Computer and click Next.
d. Click Next and then click Finish.
3. View the administrators configured for the farm and verify if the CCH\CitrixAdmin is listed.
a. Expand the Citrix Resources > XenApp > CCH nodes.
b. Click Administrators and view the current administrators of the farm.
The CCH\CitrixAdmin user is not an administrator of the farm. The only administrator is the
XAC-1\Administrator user.
4. Adding the CCH\CitrixAdmin user as a new administrator to the farm.
a. Right-click Administrators and click Add Administrator.
b. Click Add and click Add List of Names.
c. Type CCH\CitrixAdmin and click Check Names.
d. Click OK when all account names have been validated successfully and click OK.
5. Configure the CCH\CitrixAdmin user as a full administrator of the farm.
a. Click OK and then click Next.
b. Select Full Administration, and click Finish.
6. Log out of the XenAppController-1 virtual machine and log back on as the CCH\CitrixAdmin
user.
7. Use Citrix AppCenter to verify that the CCH\CitrixAdmin user is now able to view the farm.
AppCenter.
b. Verify that the discovery process is completed successfully and that the CCH farm appears
in the Citrix AppCenter node list.
The CCH\CitrixAdmin user is able is now able to view the farm in Citrix AppCenter. Just to
verify that the farm is working correctly you want to launch an application from Web
Interface.
8. Use Internet Explorer to connect to the Web Interface at http://wis-1.cch.local.
The Web Interface does not come up. A standard IIS page is displayed indicating issues
with the configuration of the Web Interface server.
Exercise 1-2: Troubleshooting Web Interface
and XML Issues
Scenario
You recently fixed issues with the IMA Service and Citrix AppCenter console. But when trying to
access applications from Web Interface, you noticed that you could not. You need to troubleshoot
and fix the issues to access applications through Web Interface.
Troubleshooting Web Site Issues

Use the WebInterfaceServer-1 virtual machine logged in as the CCH\CitrixAdmin user for this task.
1. Log on to the WebInterfaceServer-1 virtual machine as the CCH\CitrixAdmin user.
2. Use the Citrix Web Interface Management console to verify that a XenApp Web site exists on
the server.
a. Click Start > All Programs > Citrix > Management Consoles > Citrix Web Interface
Management.
b. Select the XenApp Web Sites node and verify that "XenApp" appears as a site name.
Though it was inaccessible, a XenApp web site does exist.
3. Switch to the EndUserSimulator virtual machine and log on as the CCH\CitrixAdmin user.
4. Use Internet Explorer to attempt to access the XenApp Web site directly at http://wis-
1.cch.local/Citrix/XenApp. Verify that the site is available and then close Internet Explorer.
The site is accessible when connecting through its direct URL. The issue must be in the
redirection page of this site.
5. Switch to the WebInterfaceServer-1 virtual machine.

6. Use the Citrix Web Interface Management console to view the settings summary of the
"XenApp" XenApp Web site. Access the site's IIS hosting settings and set the site as the default
page for the IIS site.
a. Right-click the XenApp site and select Site Maintenance > Manage IIS Hosting.
b. Select Set as default page for the IIS site and click OK.
7. Switch to the EndUserSimulator virtual machine.
8. Use Internet Explorer to access the Web Interface server at http://wis-1.cch.local.
The web site displays as intended.
9. Log on to Web Interface using the CCH\CitrixAdmin user.
If you are unable to log on, verify that the credentials are being typed correctly and try only
once more.
An error continues to appears asking you to verify your name and password.
10. Attempt a single time to log on to Web Interface as the CCH\TestAdmin.
An error still appears indicating an incorrect username or password.
11. Close Internet Explorer.
Troubleshooting XML Service Issues

2. View the Event Viewer console and review any errors displayed in Administrative Events.
c. View the General and Details tabs for the most recent Citrix Web Interface errors.
Web Interface displays several error messages indicating that the XML Services are failing
to respond.
3. Use the Citrix Web Interface Management console to view the farm settings for the "XenApp"
XenApp Web site. Verify that all XML settings are correct.
a. Right-click the XenApp Web site in the Citrix Web Interface Management console and
select Server Farms.
b. Verify whether all of the settings appear correct.
All of the XML and farm information appears to be correct, except for the server name.
No server named "xml.cch.local" exists.
4. Edit the farm information to specify xac-1.cch.local as the server name.

a. Select the CCH farm and click Edit.
b. Select the xml.cch.local server and click Edit.
c. Type xac-1.cch.local in the Server name field and click OK.
d. Click OK in the Edit Farm dialog box and click OK to close the Manage Server Farms
dialog box.
6. Log on to Web Interface using the CCH\CitrixAdmin user.
If you are unable to log on, verify that the credentials are being typed correctly and try only
once more.
An error continues to appears asking you to verify your name and password.
7. Switch to the XenAppController-1 virtual machine.

8. Use the Services console to ensure that the Citrix XML Service is started and appears to be
configured correctly.
b. Double-click the Citrix XML Service.
c. Verify that Automatic is selected as the Startup type in the General tab.
d. Select the Log On tab and verify that the Log On account is Network Service.
Everything appears to be working correctly. You think it may have to do with the XML
port in use.
9. Use the netstat utility from a command line to view the current XML Port.
a. Click Start > Commant Prompt.
b. Type netstat -nab and press Enter.
c. Scroll to the ctxxmlss.exe entry and verify if port 80 is being used.
The local address of the port is listed as 0.0.0.0:8080 indicating that 8080 is the port in use. You
need to change the port to 80.
10. Stop the Citrix XML Service from the Services console and use the ctxxmlss command line
utility to unregister the XML Service.
a. Select the General tab in the Services console and click Stop.
b. Click OK.
c. Type ctxxmlss /u at the command prompt and press Enter.
11. Refresh the Services console to verify that the Citrix XML Service is no longer present. Re-
register the Citrix XML Service to run on port 80 using the ctxxmlss command at the
command prompt.
a. Click Actions > Refresh in the Services console.
The Citrix XML Service is no longer present.
b. Type ctxxmlss /r80 at the Command Prompt and press Enter.
The Citrix XML Service is now registered on port number 80.
12. Refresh the Services console to verify that the XML Service is present and then start the XML
Service.
a. Click Actions > Refresh in the Services console.
b. Right-click Citrix XML Service and select Start.
13. Use the netstat utility to verify that the Citrix XML Service is now listening on the correct port
(80).
a. Type netstat -nab in the command prompt and press Enter.
b. Scroll to the ctxxmlss.exe entry and verify if port 80 is being used.
The local address of the port is listed as 0.0.0.0:80 indicating that 80 is the port in use.
14. Close all open windows.
Verifying the XML Service Fix

Use the EndUserSimulator virtual machine logged in as the CCH\CitrixAdmin user for this task.
2. Use Internet Explorer to access the Web Interface server at http://wis-1.cch.local. Log on with
the CCH\CitrixAdmin credentials.
You are able to log on to Web Interface without any problems. All published resources appear.
3. Attempt to launch Notepad to ensure that the farm is working properly.
An error message appears in Web Interface. The application failed to launch.
Exercise 1-3: Troubleshooting Launching a
Hosted Application
Scenario
You recently fixed issues with the IMA Service, Citrix AppCenter, Web Interface, and XML Service,
but you are still unable to launch a hosted application from Web Interface. You need to continue
troubleshooting the problems as they happen until you can successfully launch an application.
Troubleshooting an Application Launch Failure

2. Use the Event Viewer console to view any MetaFrame or related error events.
c. Scan the Source error column for MetaFrameEvents.
You find several errors from a MetaFrameEvents source.
3. View the first MetaFrameEvents error.

a. Double-click the MetaFrameEvents error.
b. View the errors listed in the General and Details tabs.
The error message indicates that no servers can be found that can launch the application. As a
guess, you want to check the server loads of both servers in the farm.
4. Use the qfarm command in a command prompt to view the load values for each server in the
farm.
b. Type qfarm /load and press Enter.
The load value of xac-1 is 10000, indicating a very high load.
5. Use Citrix AppCenter to check if any users who are connected to XAC-1 may be causing a
high load on the server.
a. Click Start > All Programs > Administrative Tools > Citrix > Management Consoles >
Citrix AppCenter.
b. Expand the Citrix Resources > XenApp > CCH > Servers node and click XAC-1.
c. Click the Users tab and view any connected users.
No ICA users are connected to the xac-1 server. There must be another reason why xac-1
is showing a full load.
6. Use the Group Policy Management console to edit the "Old_XA_GPO" policy and view the
Unfiltered Citrix Computer Policy.
a. Click Start > Administrative Tools > Group Policy Management.
b. Expand the Forest: cch.local > Domains > cch.local > Group Policy Objects node.
c. Right-click Old_XA_GPO and click Edit.
d. Expand the Computer Configuration > Policies nodes and click Citrix Policies.
e. View the Summary tab for the Unfiltered policy.
The summary suggests that a Load Evaluator is specified.
7. Remove the load evaluator and close all open windows.

a. Click Remove for the Load Evaluator Name setting.
b. Click Yes to confirm.
c. Close all open windows.
8. Use the GPUpdateALL script on the desktop to update the group policy on all XenApp servers.
9. Use the qfarm command line utility to view the load values for each server in the farm.
b. Type qfarm /load and press Enter.
Both servers show normal loads.
11. Use Internet Explorer to access and log on to the Web Interface at http://wis-1.cch.local using
the CCH\CitrixAdmin credentials. Launch Notepad.
No immediate errors appear, the ICA ticket is issued normally, and Citrix Receiver is launched.
The application will not launch and Receiver seems to halt. An error eventually appears
indicating that a XenApp server does not exist at the specified address.
Troubleshooting a Network Issue
2. Use the Event Viewer console to view any related error events.
b. Expand the Custom Views tab and click Administrative Events.
c. View the General and Details tabs for the recent errors.
There are no new error events related that seem to relate to this issue.
3. Use the Services console to verify that the Citrix XTE Server service is started and appears to
be running normally.
b. Double-click the Citrix XTE Server.
c. Verify that the Service status is Started.
The service seems to be running normally. It may be a networking issue.

5. Access the \\dc\filer\Software folder and copy the PortCheck folder to the desktop.
6. Use a Command Prompt and access the
C:\Users\CitrixAdmin\Desktop\PortCheck folder. Use the CtxPrtChk command
in this folder to check ports 80, 1494, and 2598 on the XAC-1 server.
b. Type cd Desktop\PortCheck, and press Enter.
c. Type CtxPrtChk xac-1 80 and press Enter.
d. Type CtxPrtChk xac-1 1494 and press Enter.
e. Type CtxPrtChk xac-1 2598 and press Enter.
The test for port 80 is successful, but the utility is unable to connect to xac-1 on 1494 and
2598. This indicates that networking is set up correctly, but the utility still cannot connect
on either the ICA or Session Reliability ports. This needs further investigation.

8. Access the \\dc\filer\Software folder and copy the PortCheck folder to the desktop.
9. Use a Command Prompt and access the
C:\Users\CitrixAdmin\Desktop\PortCheck folder. Use the CtxPrtChk command
in this folder to check ports 80,1494, 2598 on the XAC-1 server.
a. Type cd Desktop\PortCheck in the command prompt and press Enter.
b. Type CtxPrtChk xac-1 80 and press Enter.
c. Type CtxPrtChk xac-1 1494 and press Enter.
d. Type CtxPrtChk xac-1 2598 and press Enter.
The CtxPrtChk utility is able to make successful connections to all three ports. Because
the ports are accessible locally but not from another machine on the network, the issue
might likely be a firewall blocking ports to other machines on the network.
10. Use the Windows Firewall with Advanced Security console and view the inbound rules. Verify
that the Citrix ICA and Citrix Session Reliability rules allow traffic.
a. Click Start > Administrative Tools > Windows Firewall with Advanced Security.
b. Click Inbound Rules.
c. View the Action column for the Citrix ICA and Citrix Session Reliability rules.
Rules for inbound traffic are configured to block both Citrix ICA and Citrix Session
Reliability.
11. View the properties of both rules and allow all connections.
a. Right-click the Citrix ICA rule and click Properties.
b. Select Allow the connection, click Apply, and then click OK.
c. Repeat substeps a and b for the Citrix Session Reliability rule.
Verifying the Connection Changes

2. Use the command prompt to rerun the CtxPrtChk utility on ports 1494 and 2598.
The utility is able to connect to both ports successfully.
3. Use Internet Explorer to access and log on to the XenApp Web site at http://wis-1.cch.local
using the CCH\CitrixAdmin credentials. Launch Notepad.
Notepad launches successfully.
Another administrator who is also troubleshooting issues with the farm noticed that an
incorrect Group Policy Object linked to the All XenApp Servers OU is responsible for
many of the problems. You need to delete this GPO.
6. Access the Group Policy Management console and view the group policy objects attached to
the All XenApp Servers organizational unit. Delete the Old_XA_GPO group policy object.
b. Expand the Forest: cch.local > Domains > cch.local nodes and click the All XenApp
Servers node.
c. Right-click the Old_XA_GPO group policy and click Delete.
d. Click OK to delete the GPO link.
Exercise 1-4: Troubleshooting Streaming
Applications
Scenario
You recently fixed all issues so that hosted applications can be launched through Web Interface.
But you noticed another problem: published streamed applications are not being displayed in the
Web Interface. You need to troubleshoot this issue and ensure that streamed applications can
launch successfully for both administrators and users.
Investigating Absent Streaming Applications

2. Use Internet Explorer to access and log on to Web Interface at http://wis-1.cch.local using the
CCH\CitrixAdmin user. Verify whether Firefox is listed in the applications.
As expected, Firefox—which is a streamed application—is not listed. You need to verify

whether the application is published.

4. Use Citrix AppCenter console to verify that the Firefox application is published.
Citrix AppCenter.
b. Click the Citrix Resources > XenApp > CCH > Applications node.
c. Click Mozilla Firefox.
d. Verify that the Mozilla Firefox application is enabled and streamed to client in the
information tab.
The Firefox application is published as expected.
6. Access the Citrix Receiver preferences to change the server of the Online Plug-in to http://wis-
1.cch.local.
a. Right-click the Citrix Receiver icon in the icon tray and click Preferences.
b. Right-click Online Plug-in and click Logon.
c. Click I will enter the URL now, type http://wis-1.cch.local, and click Update.
d. Click OK.
7. Log on to Citrix Receiver using the CCH\CitrixAdmin and verify if the Firefox application
appears in the Start menu.
Firefox also does not appear in the Start menu.
8. Navigate to the Uninstall a Program section of the Control Panel and verify that the Offline
Plug-in is installed.
a. Navigate to Start > Control Panel and click Uninstall a program.
b. Scan the list of installed programs for the Offline Plug-in.
The Offline Plug-in is not currently installed. You need to install it now.
9. Launch the XenApp installer from the DVD media.

a. Click Start > Computer.
b. Double-click CD Drive (D:) XA6.5_2008R2_ML and double-click autorun.
10. Follow the prompts to launch the Citrix Offline Plug-in installer common component.
a. Click Manually install components and then click Common Components.
b. Click Plug-ins and Streaming Profiler and then click Citrix Offline Plug-in.
11. Install the Citrix Offline Plug-in using the default settings. When prompted, restart the virtual
machine.
a. Click OK and click Next.
b. Select I accept the license agreement and click Next.
c. Click Install and then click Finish once the wizard completes the installation.
Several additional software installation begins.
d. Click Yes to restart the virtual machine.
12. Log on to the EndUserSimulator virtual machine as the CCH\CitrixAdmin user.
13. Log on to Citrix Receiver using the CCH\CitrixAdmin credentials, when prompted. Verify that
Firefox is now listed in the Start menu.
Firefox now appears in the Start > All Programs menu.
Firefox is still not listed on the XenApp Web site. A streaming application is available on
the XenApp Service site but not the XenApp Web site, indicating that something is wrong
with the XenApp Web site.
Implementing and Verifying a Fix for Absent Streaming
Applications
2. Use the Citrix Web Interface Management console to view the "XenApp" XenApp Web site's
summary information and see if anything looks incorrect in the configuration.
Management Console.
b. Click XenApp Web Sites node and view the information from the Summary tab.
The Resource types for the site specifies only Online content. This could be an issue
preventing streaming applications from appearing on the Web Interface site.
3. Change the resource type of the "XenApp" XenApp Web site to dual mode.
a. Right-click the XenApp Site Name and select Resource Types.
b. Select Dual Mode and click OK.
4. Close all open windows and switch to the EndUserSimulator virtual machine.
The Firefox streaming application shows up as intended within Web Interface.
6. Attempt to launch Firefox and verify if it can be launched correctly.
An error occurs stating that the profile path may be incorrect.
7. Attempt to launch Firefox through the Start menu to see if the same error appears.
The same error appears as before. There must be an issue with the profile path.
Fixing a Published Streaming Profile Path Issue

2. Use the Citrix AppCenter console to view the Firefox application location property. Verify
whether it looks correct.
a. Right-click Mozilla Firefox from the Applications node in Citrix AppCenter and select
Application properties.
b. Click Location and view the Citrix streaming application profile address.
The profile address is incorrect. The profile address must be a UNC path and not a local
path.
3. Change the Z:\ in the profile address to the share's UNC path \\dc\filer\ and select
Mozilla Firefox as the application to launch.
a. Select Z:\ from the Citrix streaming application profile address field and type
\\dc\filer.
The updated path is now \\dc\filer\AppHub\Firefox\Firefox.profile.
b. Select Mozilla Firefox from the Application to launch menu.
c. Click Apply and then click OK.
6. Launch the Firefox streaming application from the Start menu and verify whether it now
launches as expected. If it does, specify not to import any data.
a. Click Start > All Programs > Mozilla Firefox.
b. Select Don't import anything and click Next.
Firefox launches correctly for an administrator account. You now need to verify that a non-
administrator can access streaming applications.
7. Log off of the EndUserSimulator virtual machine and log back on as the CCH\TestUser
account.
8. When prompted enter the URL for the Web Interface (http://wis-1.cch.local) and log on to
Citrix Receiver using the CCH\TestUser credentials.
a. Click I will enter the URL now.
b. Type http://wis-1.cch.local and click Update.
c. Log on to Citrix Receiver using the CCH\TestUser credentials.
9. Launch Firefox from the start menu and verify that you are able to launch the application
successfully. When prompted, enter the CCH\TestUser credentials.
Windows Security reports that access is denied. There must be a permissions issue on the
\\dc\filer share.
Fixing an AppHub Permissions Issue

Use the DomainController virtual machine logged in as the CCH\Administrator user for this task.
1. Switch to the DomainController virtual machine and log on as the CCH\Administrator user.
2. Access the C:\Filer folder and view its file sharing permissions. Verify whether everything
seems to be correct.
a. Click Start > Computer and navigate to C:\.
b. Right-click the Filer folder and select Properties.
c. Select the Sharing tab and click Share.
d. Verify the file sharing permission levels for each user.
e. Click Cancel and then Close to exit File Properties.
All permissions seem to be correct. The Domain Users group has permissions to read/write to
the share.
3. Access the C:\Filer\ folder and view the AppHub folder file sharing permissions. Verify if
everything seems to be correct.
a. Double-click the Filer folder, right-click AppHub, and select Properties.
b. Select the Sharing tab and click Share.
c. Verify the file sharing permission levels for each user.
There appears to be an issue. This folder is only available to administrators when it must
be available for all Domain users.
4. Add the CCH\Domain Users group and give it a read level permission.
a. Type CCH\Domain Users in the File Sharing and click Add.
b. Verify that the Permission level drop-down arrow for CCH\Domain Users is Read.
c. Click Share, click Done, and then click Close.
7. Launch Firefox from the Start menu and verify that it launches correctly.
The application launches successfully.
8. Close all windows and log off of the EndUserSimulator virtual machine.
9. Switch to the DomainController virtual machine and restart it.
Module 2
Scaling the XenApp

Environment
Exercise 2-1: Preparing to Clone a XenApp
Server
Scenario
To ensure quick and easy expansion of the farm as the company grows, you decide to create a
XenApp template that can be cloned, can be easily brought online into the farm, and can host
applications.
In order to create a cloned, yet completely unique server, you need to use the Sysprep tool to
generalize the clone. You must also create a Sysprep answer file using Microsoft System Preparation
Tool to be used to automate the restoration process from the Sysprep state into an active member
of the Active Directory tree.
After you have completed the necessary answer file, a member of your team who is very
experienced in scripting and creating answer files will verify your work and return to you a fully
tested and fully functioning answer file.
Creating a Sysprep Answer File

Use the XenAppWorker virtual machine logged in as the CCH\CitrixAdmin user for this task.
1. Log on to the XenAppWorker virtual machine as the CCH\CitrixAdmin user.
2. Launch the Windows System Image Manager tool and create a new answer file.
a. Click Start > All Programs > Microsoft Windows AIK > Windows System Image
Manager.
b. Click File > New Answer file and click Yes.
3. Select the "install_Windows Server 2008R2 SERVERENTERPRISE.clg" Windows image file
located on the filer at \\dc\filer share and view all of the Windows Image Components
nodes.
a. Type \\dc\filer in the File name text box and press Enter.
b. Double-click the install_Windows Server 2008R2 SERVERENTERPRISE.clg Windows
image file.
c. Expand the Components node in the Windows Image pane to view the component
settings.
4. Add the amd64_Microsoft-Windows-UnattendedJoin component to the specialize node and set
the JoinDomain setting in the Identification node to "cch.local".
a. Right-click the amd64_Microsoft-Windows-UnattendedJoin setting and select Add
setting to pass 4 specialize.
© Copyright 2011 Citrix Systems, Inc. Module 2: Scaling the XenApp Environment 41
b. Expand the amd64_Microsoft-Windows-UnattendedJoin > Identification nodes in the
Answer File pane.
The Identification properties are displayed in the right pane.
c. Click JoinDomain field in the Settings node, type cch.local and press Enter.
5. Specify the Domain as "cch.local," password as "Password1", and username as
"CCH\Administrator" within the credentials node.
a. Click the Credentials node in the Answer File pane.
The Credentials Properties are displayed in the right pane.
b. Click the Domain field in the Settings node and type cch.local.
c. Click the Password field in the Settings node and type Password1.
d. Click the Username field in the Settings node and type CCH\Administrator.
This component provides information to automatically join the Active Directory domain
during Sysprep.
6. Add the amd64_Microsoft-Windows-Shell-Setup and x86_Microsoft-Windows-Shell-Setup

settings to the specialize node.
a. Right-click the amd64_Microsoft-Windows-Shell-Setup setting and select Add setting to
pass 4 specialize.
b. Right-click the x86_Microsoft-Windows-Shell-Setup setting and select Add setting to
pass 4 specialize.
These settings are required to be added to perform an Unattended Join.
7. Add the amd64_Microsoft-Windows-IE-ESC setting to the specialize node. Specify "false" for
both the IEHardenAdmin and IEHardenUser.
a. Right-click the amd64_Microsoft-Windows-IE-ESC setting and select Add setting to pass
4 specialize.
b. Click the amd64_Microsoft-Windows-IE-ESC node in the Answer File pane.
The Microsoft-Windows-IE-ESC properties are displayed in the right pane.
c. Click the IEHardenAdmin field in the Settings node and select false.
d. Click the IEHardenUser field in the Settings node and select false.
This component disables the Internet Explorer enhanced security control that is usually
on by default.
8. Repeat the previous step for the x86_Microsoft-Windows-IE-ESC setting.

9. Add the amd64_Microsoft-Windows-Shell-Setup setting to the oobeSystem node. Specify "true"
on the HideEULAPage setting in the OOBE node.
42 Module 2: Scaling the XenApp Environment © Copyright 2011 Citrix Systems, Inc.
a. Right-click the amd64_Microsoft-Windows-Shell-Setup setting and select Add setting to
pass 7 oobeSystem.
b. Expand the amd64_Microsoft-Windows-Shell-Setup node in the Answer File pane.
c. Select the OOBE node.
The OOBE properties are displayed in the right pane.
d. Click the HideEULAPage field in the Settings node and select true.
This component sets the "oobe" or Out of Box Experience for the system. It is being set to
not display the EULA on first startup.
10. Repeat the previous step for the x86_Microsoft-Windows-Shell-Setup setting.

11. Add the x86_Microsoft-Windows-International-Core setting to the oobeSystem node. Specify
"en-US" for each of these settings.
a. Right-click the x86_Microsoft-Windows-International-Core setting and select Add
setting to pass 7 oobeSystem.
b. Click the x86_Microsoft-Windows-International-Core node in the Answer File pane.
The Microsoft-Windows-International-Core properties are displayed in the right pane.
c. Click the InputLocale field in the Settings node and type en-US .
d. Click the SystemLocale field in the Settings node and type en-US.
e. Click the UILanguage field in the Settings node and type en-US.
f. Click the UILanguageFallback field in the Settings node and type en-US.
g. Click the UserLocale field in the Settings node and type en-US.
This component sets the default language information for the system. By setting this
information during Sysprep, it will bypass a prompt for this information during first
startup.
12. Save the answer file as unattend_untested.xml on the

\\dc\filer\Sysprep_files share and close the Windows System Image Manager.
a. Click File > Save Answer File As.
b. Type \\dc\filer\Sysprep_files and press Enter.
c. Type unattend_untested.xml and click Save.
Preparing the XenApp Server for Imaging

2. Launch Citrix AppCenter and identify the servers in the CCH farm.
Citrix AppCenter.
b. Expand the CCH > Servers node, click the Servers node, and observe the servers listed.
3. Switch to the XenAppWorker virtual machine.
4. Use the Citrix XenApp Server Role Manager to edit the XenApp configuration.
a. Click Start > All Programs > Administrative Tools > Citrix > XenApp Server Role
Manager > XenApp Server Role Manager.
b. Click Edit Configuration.
After a few moments, the Citrix XenApp Server Configuration tool opens.
5. Prepare the server for imaging using the default provisioning options. Do not restart the virtual
machine.
a. Click Prepare this server for imaging and provisioning.
b. Click Next to accept the default provisioning options and click Apply.
c. Click Finish to complete the configuration.
Do NOT restart the virtual machine.

7. Use the Citrix AppCenter console to view the current servers in the farm.
a. Right-click Servers and click Refresh.
b. Verify that the XAW-1 server is no longer present.
The XAW-1 virtual machine is no longer present, because it was removed from the farm
for provisioning.
8. Switch to the DomainController virtual machine and log on as the CCH\Administrator user.
9. Use the Active Directory Users and Computers console to delete the XAW-1 computer object
from the domain.
a. Click Start > Administrative Tools > Active Directory Users and Computers.
b. Expand the cch.local node and click the Computers node.
c. Right-click the XAW-1 server in the right pane.
d. Click Delete and click Yes to confirm.
Exercise 2-2: Cloning a XenApp Server
Scenario
A member of your team performed testing and troubleshooting on your Microsoft Sysprep answer
file and returned to you a verified version of the file.
Previously, you prepared the machine for imaging by creating the Sysprep answer file and running
the XenApp imaging sequence. Now you must complete the process by performing a Sysprep on
the machine. Once completed, you will be able to provision a XenApp server from this template
and bring it online with no additional user intervention.
Performing Sysprep on XenAppWorker

Use the XenAppWorker virtual machine logged in as the CCH\CitrixAdmin user for this task.
1. Switch to the XenAppWorker virtual machine.
2. Copy the \\dc\filer\Sysprep_files\xaw1_tested.xml file to the
C:\Windows\System32\sysprep\ folder.
a. Click Start and type \\dc\filer\Sysprep_files\.
b. Right-click the xaw1_tested.xml file and select Copy.
c. Browse to the C:\Windows\System32\sysprep\ folder.
d. Click Organize and select Paste.
3. Start a command prompt and change the current directory to the
C:\Windows\System32\sysprep folder.
b. Type cd C:\Windows\System32\sysprep and press Enter to change your current
directory.
4. Run the sysprep utility specifying for the utility to generalize the system, set to an out of the
box experience, reboot, and to run through an unattended install using the
xaw1_tested.xml answer file.
a. Type sysprep /generalize /oobe /reboot /unattend:xaw1_tested.xml
and press Enter.
b. Allow the Sysprep process to complete and restart the system.
The restart will simulate bringing up a brand new clone of the system.
To create a template from this virtual machine, specify the /shutdown command
instead of the /reboot command.
Viewing the Results

1. Switch to the DomainController virtual machine.
2. Periodically refresh the Computers list in the Active Directory Users and Computers console
until the XAW-1 computer object is joined back into the domain. Once completed, move the
XAW-1 server to the "All XenApp Servers" organizational unit.
a. Right-click Computers and click Refresh.
b. Drag XAW-1 to the All XenApp Servers node and click Yes.
It may take as long as ten minutes for the XenAppWorker to recover from the sysprep
and rejoin the domain.

4. Periodically refresh the server list in Citrix AppCenter until the XAW-1 machine appears in the
server list.
It may take several more minutes for the XenAppWorker add itself back into the farm.
This technique can be used to add new XenApp servers to the farm without any additional action.
If the virtual machine was made into template while in its sysprepped state, a virtually unlimited
number of these virtual machines could be provisioned from it and added to the farm quickly and
without any OS or networking conflicts.
Exercise 2-3: Preparing a XenApp Server for
Scripted Configuration
Scenario
The Citrix Engineer also wants to create a sysprepped template that uses scripting to configure
XenApp on the system so administrators can customize the configuration to perform additional
actions as need arises.
Another administrator has prepared a virtual machine for this purpose. He has installed Citrix
XenApp 6.5 on a Windows Server 2008R2 SP1 virtual machine but has not started the XenApp
configuration. You need to perform the steps to prepare an answer file and the PowerShell script to
perform the configuration. Then you need to perform a Sysprep so that the virtual machine can
become a unique template.
Creating the Powershell Configuration Script

2. Use Notepad to create a new document. Save the file as
"scripted_configuration_untested.ps1" in the
\\dc\filer\LoginScripts\Scripts_untested directory.
a. Click Start > All Programs > Accessories > Notepad to open Notepad.
b. Click File > Save As .
c. Type \\dc\filer and press Enter.
d. Navigate to the LoginScripts\Scripts_untested folder.
e. Name the file scripted_configuration_untested.psl and click Save.
3. Type the following command on the first line of the Notepad document to change the scripts
working directory:
cd 'C:\Program Files (x86)\Citrix\XenApp\ServerConfig'
4. Specify the relative location of the XenAppConfigConsole tool on the next line and add the
flags to specify the join execution mode, the farm name as CCH, and the IMA worker mode to
false by typing:
.\XenAppConfigConsole.exe /ExecutionMode:Join /FarmName:CCH

/IMAWorkerMode:false
5. Continue on the same line, adding flags to specify the database username as
CCH\Administrator, password as Password1:
/OdbcUserName:CCH\Administrator /odbcPassword:Password1
6. Continue on the same line, adding flags to specify the license server name as dc and the
location of the DSN file as C:\Scripts\database_info.dsn:
/LicenseServerName:dc /DsnFile:'C:\Scripts\database_info.dsn'
7. Continue on the same line, adding flags to add all authenticated users to the Remote Desktop
User Group but to not add the anonymous users or the users group. Type
/AddAuthenticatedUsersToRemoteDesktopUserGroup:true
/AddAnonymousUsersToRemoteDesktopUserGroup:false
/AddUsersGroupToRemoteDesktopUserGroup:false
8. Type the Restart-computer PowerShell command on the next line to restart the computer
and then save the script.
a. Type Restart-computer on a new line.
b. Click File > Save.
The final code should look like the following:
cd 'C:\Program Files (x86)\Citrix\XenApp\ServerConfig'
.\XenAppConfigConsole.exe /ExecutionMode:Join /FarmName:CCH
/IMAWorkerMode:false /odbcUserName:CCH\Administrator
/OdbcPassword:Password1 /LicenseServerName:dc
/DsnFile:'C:\Scripts\database_info.dsn'
/AddAuthenticatedusersToRemoteDesktopUserGroup:true
/AddAnonymousUsersToRemoteDesktopUserGroup:false
/AddUsersGroupToRemoteDesktopUserGroup:false
restart-computer
The script above is designed to initiate the XenAppConfigConsole tool and provide the parameters
to configure and join the virtual machine to the farm. Once this is completed, the computer must
be restarted to complete joining the farm.
Creating the Kickoff Batch File

1. Use Notepad to create a new document. Save the file as "FirstLogonScript_untested.bat" in the
//dc/filer/LoginScripts/Scripts_untested directory.
a. Click Start > All Programs > Accessories > Notepad to open Notepad.
b. Click File > Save As.
c. Type \\dc\filer and press Enter.
d. Navigate to the LoginScripts\Scripts_untested folder.
e. Name the file FirstLogonScript_untested.bat and click Save.
2. Type powershell.exe -command "& {Set-ExecutionPolicy unrestricted -
Force}" to run a PowerShell command, forcing the initial execution policy to be
unrestricted.
The PowerShell's default execution mode is set to "Restricted", which prevents all non-
Microsoft scripts from running for security reasons. In order to run custom scripts, the
execution mode needs to be changed to unrestricted mode first.
3. Type powershell.exe -noexit

C:\Scripts\scripted_configuration_untested.ps1 on the second line to run
the script that was previously created.
4. Save the file and close Notepad.
The final code should look like the following:
powershell.exe -command "& {Set-ExecutionPolicy unrestricted -
Force}"
powershell.exe -
noexit C:\Scripts\scripted_configuration_script_tested.ps1
The script above will be executed by the Sysprep process which will then run the configuration
script through PowerShell.
Modifying a Sysprep Answer File for a Scripted

Configuration
1. Use the Windows System Image Manager tool to open the
\\dc\filer\Sysprep_files\xaw-1_tested.xml answer file. Save the answer file as
xac-2_untested.xml to the same location.
a. Click Start > All Programs > Microsoft Windows AIK > Windows System Image
Manager.
Windows System Image Manager opens.
b. Click File > Open Answer File and navigate to the \\dc\filer\Sysprep_files folder to open
the xaw-1_tested.xml file.
The answer file opens.
c. Click File > Save Answer File As and save the answer file as xac-2_untested.xml in
the same location.
2. Add the AutoLogon and FirstLogonCommands nodes from the amd64_Microsoft-Windows-
Shell-Setup component to the "7 oobeSystem" pass.
a. Expand the Components > amd64_Microsoft-Windows-Shell-Setup node in the
Windows Image pane.
b. Right-click the AutoLogon and click Add Setting to Pass 7 oobeSystem.
c. Right-click FirstLogonCommands and click Add Setting to Pass 7 oobeSystem.
3. Repeat the previous step for the x86_Microsoft-Windows-Shell-Setup component.
4. Specify the domain settings within the AutoLogon node as "CCH.local," and set the username
to "CitrixAdmin," and set Enabled to "true."
a. Click the AutoLogon node in the Answer file pane.
The AutoLogon properties pane appears.
b. Click the Domain field and type CCH.local.
c. Click the Enabled field and type true.
d. Click the Username field and type CitrixAdmin.
5. Specify "Password1" as the setting value for the Password node.
a. Expand the Autologon node and click Password.
b. Click the Value field in the Settings pane and type Password1.
6. Create a new SynchronousCommand in the FirstLogonCommand node. Specify the script
location C:\Scripts\FirstLogonScripts.bat as the command line, the order setting
as 1, and the RequiresUserInput setting to false.
a. Right-click FirstLogonCommands in the Answer File pane and click Insert New
Synchronous Command.
b. Click Synchronous Command.
The Synchronous Command Properties pane appears.
c. Click the CommandLine field and type C:\Scripts\FirstLogonScript.bat
d. Click in the Order field in the Synchronous Command Settings in the right pane and type
1.
e. Click in the RequiresUserInput field and type false.
7. Repeat the previous three steps for the x86_Microsoft-Window-Shell-Setup component.
8. Save the file and close all open windows.
Exercise 2-4: Performing a Scripted
Configuration
Scenario
A member of your team performed testing and troubleshooting on your batch, PowerShell scripts,
and the Sysprep answer file and returned to you tested versions of the files to use.
Previously you prepared the machine for imaging by creating the Sysprep answer file, created a
PowerShell script to perform the configuration, and created a batch script to initiate the process.
Now you must complete the process by performing a Sysprep on the system.
Performing Sysprep on XenAppController-2

2. Use the Active Directory Users and Computers console to delete the XAC-2 computer object
from the domain.
a. Click Computers in the cch.local node of the Active Directory Users and Computers
console.
b. Right-click XAC-2 and select Delete.
c. Click Yes to confirm.
4. Copy the \\dc\filer\Sysprep_files\xac2_tested.xml to the
C:\Windows\System32\sysprep\ folder.
a. Click Start and type \\dc\filer\Sysprep_files\.
b. Right-click the xac2_tested.xml file and select Copy.
c. Browse to the C:\Windows\System32\sysprep\ folder.
d. Click Organize and select Paste.
5. Copy the \\dc\filer\LoginScripts\Scripts folder to C:\.
a. Navigate to the \\dc\filer\LoginScripts\ folder.
b. Right-click Scripts and click Copy.
c. Browse to C:\, click Organize, and select Paste.
6. Start a command prompt and change the current directory to the
C:\Windows\System32\sysprep folder.
b. Type cd C:\Windows\System32\sysprep and press Enter to change your current
directory.
7. Run the sysprep utility specifying for the utility to generalize the system, set to an out of the
box experience, reboot, and to run through an unattended install using the xac2_tested.xml
answer file.
a. Type sysprep /generalize /oobe /reboot /unattend:xac2_tested.xml
and press Enter.
b. Allow the sysprep process to complete and restart the system.
The restart will simulate bringing up a brand new clone of the system. To create a
template from this virtual machine, specify the /shutdown command instead of the
/restart command.
Viewing the Results of the Scripted Configuration

2. Periodically refresh the Computers list in the Active Directory Users and Computers console
until the XAC-2 computer object is joined back into the domain. Once completed, move the
XAC-2 server to the "All XenApp Servers" organizational unit.
a. Right-click Computers and click Refresh.
b. Drag XAC-2 to the All XenApp Servers node and click Yes.
It may take up to ten minutes for the XenAppController-2 to recover from the sysprep
and rejoin the domain.

4. Periodically refresh the server list in Citrix AppCenter until the XAC-2 machine appears in the
server list.
It may take several more minutes for the XenAppController-2 virtual machine to add
itself back into the farm.
This technique can be used to add new XenApp servers to the farm without any additional action.
If the virtual machine was made into a template while in its sysprepped state, a virtually unlimited
number of these virtual machines could be provisioned from it and added to the farm quickly and
without any OS or networking conflicts.
Module 3
Creating Farm
Redundancy
Exercise 3-1: Load Balancing Web Interface
and XML Services Using Citrix NetScaler
Scenario
CCH has standard 09:00 to 17:00 working hours, which means that traffic dramatically increases at
09:00 as employees come into the office, start up their computers, access the Web Interface, and
launch their applications. To ensure that the request load is spread evenly during this time, you
decide to load balance the Web Interface servers as well as the XML service.
Another administrator created a domain user account called "HealthMonitor" for you to use in
configuring the Health Monitoring feature.
Setting Up Load Balancing

2. Use Internet Explorer to navigate to http://ns.cch.local and log on with the credentials
nsroot/nsroot.
a. Click Start > Internet Explorer and navigate to http://ns.cch.local/.
b. Log on to the Netscaler VPX Web Interface using the nsroot/nsroot credentials.
3. Use the Load Balancing node to launch the Load Balancing wizard for Citrix XenApp.
a. Click the Load Balancing node in the left pane.
b. Click the Load Balancing wizard for Citrix XenApp link under Getting Started in the
Load Balancing pane.
4. Begin configuring load balancing for the Web Interface servers by adding a new virtual server
with the address 192.168.1.180. Specify that the virtual server use port 80 and the HTTP
protocol.
a. Click Next to proceed to the Load Balance Web Interface servers page.
b. Type 192.168.1.180 in the Virtual Server IP Address field, and type 80 in the
Virtual Server Port field.
c. Select HTTP from the Protocol menu.
5. Add IP addresses for both WebInterfaceServer-1 (192.168.1.130) and WebInterfaceServer-2
(192.168.1.135) virtual machines on port 80.
a. Type in 192.168.1.130 in the Web Interface Servers IP Address field, type 80 in the
Port field, and click Add.
b. Type in 192.168.1.135 in the Web Interface Servers IP Address field and click Add.
© Copyright 2011 Citrix Systems, Inc. Module 3: Creating Farm Redundancy 55

6. Configure Health Monitoring by adding the CCH\HealthMonitor/Password1 credentials. Make
the site path "/Citrix/XenApp".
a. Select Validate Credentials.
b. Type HealthMonitor in the User Name field and Password1 in the Password field.
c. Type CCH in the Domain Name field.
d. Type /Citrix/XenApp/ in the Site Path field.
e. Click Next to proceed to the Load Balance XML Broker servers screen.
7. Configure load balancing for the XML Broker servers by creating a new virtual server with the
address 192.168.1.185. Specify for the virtual server to use port 80 and the HTTP protocol.
a. Type 192.168.1.185 in the Virtual Server IP Address field and type 80 in the
Virtual Server Port field.
b. Select HTTP from the Protocol menu.
8. Add IP addresses for both XenAppController-1 (192.168.1.110) and XenAppController-2
(192.168.1.115) virtual machines on port 80.
a. Type 192.168.1.110 in the XML Broker Servers IP Address field, type 80 in the Port
field, and click Add.
b. Type 192.168.1.115 in the XML Broker Servers IP Address field and click Add.
9. Ensure that Notepad is listed as the Health Monitoring Application Name and then complete
the Load Balancing Wizard for Citrix XenApp.
a. Verify that Notepad is present in the Health Monitoring Application Name field.
The Health Monitoring feature will verify the existence of this application within the feed
from the XML service to determine the health of the XML Broker.
b. Click Next to proceed to the Summary page.

c. Click Finish and Exit to close the Load Balancing Wizard for Citrix XenApp.
Verifying the Load Balancing Configuration

Use the XenAppController-1 virtual machine logged on as the CCH\CitrixAdmin user for this task.
1. View the Load Balancing virtual servers and verify that the Web Interface and XML entries
show green and "up" as their State and Effective State, respectively.
a. Expand the Load Balancing node and click on Virtual Servers.
b. Verify that the load balancing virtual servers titled XA_WI_EXT_192.168.1.180_80_lbvip
and XA_XML_192.168.1.185_80_lbvip appear and show green and "up" as their State and
Effective State, respectively.
56 Module 3: Creating Farm Redundancy © Copyright 2011 Citrix Systems, Inc.

These virtual servers will take incoming Web Interface and XML connections and forward
the traffic to their respective servers based on state.
It may take a few moments for the virtual servers to register as "up." Refresh the Load
Balancing Virtual Servers pane after a minute, if they appear to be "down."
2. View the Load Balancing Service Groups and verify that the Web Interface and XML entries
show green and "up" as their State and Effective State, respectively.
a. Click the Service Groups sub-node in the left-hand pane.
b. Verify that the service groups titled XA_WI_EXT_192.168.1.180_80_svcg and
XA_XML_192.168.1.185_80_svcg appear and show "enabled" and "up" as their State and
Effective State, respectively.
These service groups indicate the state of the servers that the NetScalers will forward
connections to for each service.
3. View the network IP addresses of the NetScaler and verify that there are new virtual IP
addresses 192.168.1.180 and 192.168.1.185 and that they are listed as "Active" and "Enabled."
a. Expand the Network > IPs node in the left-hand pane.
b. Verify that virtual IP addresses 192.168.1.180 and 192.168.1.185 appear and that they are
listed as "Active" and "Enabled."
Configuring DNS to the Virtual Servers

2. Use the DNS Manager console to add a new host to the cch.local forward lookup zone.
a. Click Start > Administrative Tools > DNS.
b. Expand the DC > Forward Lookup Zones nodes and click the cch.local node.
c. Right-click cch.local and select New Host (A or AAAA).
The New Host dialog box appears.
3. Specify xmlbrokers as the name, 192.168.1.185 as the IP address, and add the host.
a. Type xmlbrokers in the Name field.
b. Type 192.168.1.185 in the IP Address field.
c. Click Add Host and click OK to create the new host entry.
4. Add another new host to the cch.local forward lookup zone. Specify "webinterface" as the name
and 192.168.1.180 as the IP address.
a. Type webinterface in the Name field.
b. Type 192.168.1.180 in the IP Address field and click Add Host.

c. Click OK and click Done to close the New Host dialog box.
Updating the Web Interface Servers to Use the Load-

Balanced XML Brokers
2. Use the Citrix Web Interface Management console to view the farm settings of the existing
"XenApp" XenApp Web site.
Management.
b. Click the XenApp Web Sites node.
c. Right-click XenApp and click Server Farms.
d. Double-click the CCH farm.
3. Update the Server Farms settings to list a single XML server named xmlbrokers.cch.local.
a. If present, select the xac-2.cch.local server and click Remove.
b. Double-click the xac-1.cch.local server, change the name to xmlbrokers.cch.local,
and click OK.
c. Click OK and click OK to close the Manage Server Farms dialog box.
4. View the farm settings of the existing PNAgent XenApp Services site.
a. Click the XenApp Services Sites node.
b. Right-click PNAgent and select Server Farms.
c. Double-click the CCH farm.
5. Update the Server Farms settings to list a single XML server named xmlbrokers.cch.local.
a. Select the xac-2.cch.local server and click Remove.
b. Double-click xac-1.cch.local, change the name to xmlbrokers.cch.local, and click
OK.
c. Click OK twice to close the Manage Server Farms dialog box.
7. Repeat steps 2-6 on the WebInterfaceServer-2 virtual machine as the CCH\CitrixAdmin user.

Exercise 3-2: Testing Load Balancing
through Citrix NetScaler
Scenario
You have just implemented load balancing of the Web Interface servers and the XML broker
services through the NetScaler. Now you need to test and verify that the load balancing is working
as intended.
Testing the Current State

1. Log on to the EndUserSimulator virtual machine as the CCH\CitrixAdmin user.
2. Use Internet Explorer to access the Web Interface at http://webinterface.cch.local, and log on as
the CCH\CitrixAdmin user.
a. Click Start > All Programs > Internet Explorer.
b. Navigate to http://webinterface.cch.local/.
c. Log on to the Web Interface as CCH\CitrixAdmin user.
3. Verify that the Notepad application is present. Log off of the Web Interface site and close
Internet Explorer.
Accessing the http://webinterface.cch.local site successfully confirms that the NetScaler is correctly
configured as a virtual server and providing load balancing for Web Interface. Logging on
successfully and verifying that the Notepad application is present confirms that the same is true for
the XML broker services.
Simulating Loss of Service to XenAppController-2 and

WebInterfaceServer-2
1. Switch to the XenAppController-2 virtual machine and log on as the CCH\CitrixAdmin user.
2. Use the Services console to stop the Citrix XML Service. Leave the Services console open.
b. Right-click the Citrix XML Service and click Stop.
4. Use the Services console to stop the World Wide Web Publishing Service.

b. Right-click the World Wide Web Publishing Service and click Stop.
6. Switch to the XenAppController-1 and use Internet Explorer to view the NetScaler console.
7. Save and refresh the current NetScaler configuration.
a. Click Save and click Yes to save the current configuration.
b. Click Refresh All and click Yes to refresh the configuration.
8. View and refresh the load balancing service groups and notice that the effective states of both
services still are listed as "up" but display a yellow icon.
a. Expand the Load Balancing node and click the Service Groups node.
b. Verify the state of the service groups.
Both service groups should appear as a yellow "up," signifying that part of the service
group is "down."
9. View the XA_XML_192.168.1.185_80_svcg service group and notice that it shows the
192.168.1.115 server as "down."
a. Double-click the XA_XML_192.168.1.185_80_svcg service group and notice that the
192.168.1.115 service is "down."
b. Click Close to close the Configure Service Group dialog box.
10. View the XA_WI_EXT_192.168.1.180_80_svcg service group and notice that it shows the
192.168.1.135 server as "down."
a. Double-click the XA_WI_EXT_192.168.1.180_80_svcg service group and notice that the
192.168.1.135 service is "down."
b. Click Close to close the Configure Service Group dialog box.
13. Verify that the Notepad application is present. Log off of the Web Interface site and close
Internet Explorer.
Even though one XML service and one Web Interface service are down, the NetScaler automatically
reroutes all incoming connections to the working server.
Simulating Complete Loss of the XML Broker and Web

Interface Services

2. Use the Services console to stop the World Wide Web Publishing Service.
b. Right-click the World Wide Web Publishing Service and click Stop.
5. Use the Services console to stop the Citrix XML Service. Leave the Services console open.
b. Right-click the Citrix XML Service and click Stop.
6. Use Internet Explorer to refresh and view the load balancing service groups. View the effective
state of the XML and Web Interface Service Groups.
a. Click the Load Balancing > Service Groups node in the NetScaler VPX Configuration
Utility.
b. Click Refresh and verify the state of the service groups.
The Effective state of the Service Group XA_XML_192.168.1.180_80_svcg and

XA_WI_EXT_192.168.1.180_80_svcg is "down."
7. View the XA_XML_192.168.1.185_svcg service group and notice that now both servers are
listed as "down." Close the window.
a. Double-click the XA_XML_192.168.1.185_80_svcg service group.
b. Verify that both services are "down."
c. Click Close to close the Configure Service Group dialog box.
9. Use Internet Explorer to navigate to http://webinterface.cch.local.
a. Click Start > All Programs > Internet Explorer and browse to
http://webinterface.cch.local/.
Now that both Web Interface servers are completely offline, the NetScaler is unable to
load balance, which causes a complete loss of connectivity.
Restoring the XML Services

2. Use the Services console to start the Citrix XML Service.

a. Right-click Citrix XML Service in the Services console and select Start.
b. Click File > Exit to close the Services console.
3. Repeat steps 1-2 with the XenAppController-2 virtual machine.
4. Switch to the XenAppController-1 virtual machine and use Internet Explorer to view the
NetScaler console.
5. View and refresh the load balancing service groups. Verify that the effective
XA_XML_192.168.1.185_80_svcg service state is listed as "up" and has a green icon.
a. Select the Load Balancing > Service Groups node in the NetScaler VPX Configuration
Utility and verify the state of the service groups.
b. Click Refresh.
It may take a few moments before the XML service group registers as "up." The
XA_WI_EXT_192.168.1.180_80_svcg service group is still listed as "down."
6. Perform a cold restart of the NetScaler. Close Internet Explorer and allow several minutes for
the NetScaler to restart before continuing.
a. Click the System node and click Reboot.
b. Click Yes to confirm and click No to perform a cold restart.
c. Close Internet Explorer and allow several minutes for the NetScaler to restart.

Exercise 3-3: Installing and Configuring Web
Interface on Citrix NetScaler
Scenario
After careful consideration of recommendations from you and your team, management has
reconsidered its risk analysis on redundancy. Instead of using load-balanced Web Interface servers,
management now thinks that a single NetScaler could easily handle the 09:00 logon request spike.
Now you must install and configure the NetScaler itself to host the Web Interface and use this
setup to effectively replace the use of the load-balanced Web Interface servers.
After the new Web Interface sites are configured, you need to change the webinterface DNS record
to point to the new site and create an auto redirect on the NetScaler to point to the
/Citrix/XenApp site.
Installing Web Interface

Use the XenAppController-1 virtual machine logged in as the CCH\Admin user for this task.
1. Use Internet Explorer to navigate to http://ns.cch.local and log on with the credentials
nsroot/nsroot.
a. Click Start > Internet Explorer and navigate to http://ns.cch.local/.
b. Log on to the Netscaler VPX Web Interface using the nsroot/nsroot credentials.
2. Start the wizard to install Web Interface from within the Web Interface node of the NetScaler.
a. Click the Web Interface node and click Install Web Interface in the Getting Started
menu.
b. View the Install Web Interface screen.
3. Use the browse local function to specify the Web Interface Tar File Path as
\\dc\filer\WebInterface\nswi-1.3.tgz.
a. Click the down arrow to the right of the Web Interface Tar File Path and click Local.
b. Navigate to \\dc\filer\WebInterface\, select nswi-1.3.tgz, and click Open.
4. Use the browse local function to specify the JRE Tar File Path as
\\dc\filer\WebInterface\diablo-latte-freebsd6-amd64-1.6.0_07-
b02.tar.bz2.
a. Click the down arrow to the right of the JRE Tar File Path and click Local.
b. Navigate to \\dc\filer\WebInterface\, select diablo-latte-freebsd6-amd64-
1.6.0_07-b02.tar.bz2, and click Open.
5. Change the maximum number of sites to 3 and install Web Interface.

a. Select 3 from the Maximum number of sites drop down menu and click Install.
The Web Interface Wizard begins to go through the installation process.
b. Click OK after the installation completes.
Configuring a XenApp Web Site

1. Start the Web Interface Wizard and continue to the Configure Web Interface Site screen.
a. Click Web Interface Wizard to start configuring Web Interface.
b. Click Next to proceed to the Configure Web Interface Site page.
2. Verify that XenApp Web Site is selected as the site type with /Citrix/XenApp as the Site
Path and DualMode as the published Resource Type.
a. Verify that XenApp Web Site is selected in the Site Type menu.
b. Verify that /Citrix/XenApp/ appears in the Site Path field.
c. Select DualMode from the Published Resource Type menu.
3. Verify that Direct Mode is selected and that the wizard will create a new LB Virtual Server.
Specify IP address 192.168.1.190 as the IP address using port 80.
a. Verify that Direct Mode and Create new LB Virtual Server are selected.
c. Click Next to proceed to the Configure XenApp Farm page.
4. Configure the XenApp farm using CCH as the farm name and xmlbrokers.cch.local as the
XML Service address.
a. Click Add and type CCH in the Name field.
b. Type xmlbrokers.cch.local in the XML Service Addresses field and click Create.
5. Finish the wizard and allow it to configure the XenApp Web site.
a. Click Next to proceed to the Summary page.
b. Click Finish and click Exit to complete the configuration.
Configuring a XenApp Services Site

1. Start the Web Interface Wizard and continue to the Configure Web Interface Site screen.
a. Click Web Interface Wizard to start configuring Web Interface.
b. Click Next to proceed to the Configure Web Interface Site page.
2. Specify the Site Type as a XenApp Services site. Verify that the Site Path changed to
/Citrix/PNAgent and that DualMode is the published Resource Type.

a. Select XenApp Service Site from the Site Type menu and verify that
/Citrix/PNAgent/ is now listed as the Site Path.
b. Select DualMode from the Published Resource Type menu.
3. Verify that Direct Mode is selected and that the wizard will create a new LB Virtual Server.
Specify IP address 192.168.1.190 as the IP address using port 80.
a. Verify that Direct Mode and Create new LB Virtual Server are selected.
c. Click Next to proceed to the Configure XenApp Farm page.
4. Configure the XenApp farm using CCH as the farm name and xmlbrokers.cch.local as the
XML Service address.
a. Click Add and type CCH in the Name field.
b. Type xmlbrokers.cch.local in the XML Service Addresses field and click Create.
5. Finish the wizard and allow it to configure the XenApp Web site.
a. Click Next to proceed to the Summary page.
b. Click Finish and click OK to ignore the error message.
c. Click Exit to complete the configuration.
Configuring an Auto-Redirect to the Web Interface Site

1. Access and enable the Responder feature using the Citrix NetScaler VPX Configuration Utility.
a. Right-click the Responder node and click Enable Responder Feature.
b. Expand the Responder node and click Actions.
2. Add a new redirect Responder action with the name "Redirect_to_WebInterface_Path".
a. Click Add to open the Create Responder Action dialog box.
b. Type Redirect_to_WebInterface_Path in the Name field.
c. Select Redirect in the Type field.
3. Specify the Web Interface site URL in quotation marks
"http://webinterface.cch.local/Citrix/XenApp", bypass the safety check, and
then create the action. Close the Create Responder Action screen.
a. Type "http://webinterface.cch.local/Citrix/XenApp" in the Target field
and select the Bypass Safety Check checkbox.
b. Click Create and Close to close the Create Responder Action dialog box.

4. Add a new Responder policy called "Web_root_path" with the action
Redirect_to_WebInterface_Path.
a. Click Policies in the Responder node and click Add.
b. Type Web_root_path in the Name field.
c. Select Redirect_to_WebInterface_Path from the Action menu.
5. Create a Responder policy using the Add wizard to construct an expression that returns a
"true" value if the HTTP request URL path is "/".
a. Click Add to open the Add Expression dialog box.
b. In Construct Expression, select HTTP, REQ, URL, Path, EQ(string) from each successive
menu.
c. Type / in the String field.
d. Click OK.
e. Click Create and click Close to close the Create Responder Policy dialog box.
The expression should end up looking like HTTP.REQ.URL.PATH.EQ("/").
6. Use the Policy Manager to view the 192.168.1.190_80 LB virtual server.

a. Click Policy Manager to open the Responder Policy Manager dialog box.
b. Click LB Virtual Server and double-click 192.168.1.190_80.
7. Insert the "Web_root_path" policy for the 192.168.1.190_80 virtual server.
a. Click Insert Policy and select Web_root_path.
b. Click Apply Changes and click Close to close the Responder Policy Manager.
Reconfiguring DNS for Web Interface Citrix NetScaler

2. Use the DNS Manager console to edit the webinterface entry in the Forward Lookup Zones of
cch.local.
a. Click Start > All Programs > Administrative Tools > DNS to launch the DNS Manager
console.
b. Expand the DC > Forward Lookup Zones node and click the cch.local node.
c. Double-click webinterface.
3. Update the webinterface entry to use IP address 192.168.1.190 and apply the changes.
a. Type 192.168.1.190 in the IP Address field.
b. Click Apply and click OK.

Testing Web Interface on Citrix NetScaler
4. Switch to the XenAppController-1 virtual machine and use Internet Explorer to view the
NetScaler configuration screen.
The NetScaler is now acting as the primary Web Interface for the farm. The redirect responder
policy setup is working as intended because the web browser was automatically redirected to the
/Citrix/XenApp Web Interface site.

Module 4
Maintaining the XenApp

Environment
Exercise 4-1: Updating the Mozilla Firefox
Streaming Profile
Scenario
The web development team that maintains the CCH web site has identified a specific need for their
team. The team requires a Mozilla Firefox browser extension called "Firebug" to aid in their web
development. Mozilla Firefox is an application that is streamed to a client device through the CCH
XenApp farm. To accommodate this request and ensure the extension is in place when the farm
goes into production, you need to update the Mozilla Firefox streaming profile to include the new
browser extension.
You were notified by management that they want you to restrict the default search engines installed
with Mozilla Firefox to Google and Bing.
A member of your team has already downloaded the Firebug extension and placed it on a share for
you. You need to extract and install it into the profile.
Viewing Mozilla Firefox

3. Launch Mozilla Firefox from the Web Interface and view the default search engines that are
installed with the browser.
a. Click Firefox.
b. Select Don't import anything and click Next, if prompted.
c. Click the down arrow on the left of the Firefox search toolbar to view the default search
engines.
4. View the Mozilla extensions and confirm that Firebug is not installed.
a. Click Firefox > Add-ons to open the Add-ons Manager.
b. Click the Extensions tab.
c. Verify that the Firebug extension is not installed.
5. Close Mozilla Firefox, log off the Web Interface, and close all open windows.
© Copyright 2011 Citrix Systems, Inc. Module 4: Maintaining the XenApp Environment 71
Preparing the Firebug Extension
Use the Profiler-Win7 virtual machine logged in as the local CitrixAdmin user for this task.
1. Log on to the Profiler-Win7 virtual machine as the local CitrixAdmin user.
2. Launch 7-Zip and open the Firebug extension file located at
\\dc\filer\Software\firebug.xpi.
a. Click Start > All Programs > 7-Zip > 7-Zip File Manager.
The 7-Zip File Manager opens.
b. Type \\dc\filer\Software\ in the 7-Zip File Manager navigation bar and press
Enter.
3. Extract the firebug.xpi file into a folder called "firebug" within the
\\dc\filer\Software folder.
a. Select firebug.xpi and click Extract on the 7-Zip File Manager toolbar.
b. Verify that the default extract location \\dc\filer\Software\firebug and click
OK to accept all other defaults.
The firebug.xpi file is extracted to a newly created firebug folder.
4. Copy the firebug folder to the desktop and rename it to "firebug@software.joehewitt.com".
a. Drag the firebug folder to the Desktop and close all open windows.
b. Right-click firebug and click Rename.
c. Type firebug@software.joehewitt.com and press Enter.
Modifying a Streaming Profile

Use the Profiler-Win7 virtual machine logged in as the local CCH\CitrixAdmin user for this task.
1. Launch Streaming Profiler and open the Firefox profile located at \\dc\filer\AppHub.
a. Click Start > All Programs > Citrix > Streaming Profiler > Streaming Profiler to open
the Streaming Profiler.
b. Click Open Profile.
c. Navigate to \\dc\filer\AppHub\firefox.
d. Select Firefox.profile and click Open.
2. Start the Update Application wizard on the Windows Vista/7/2008 profile. Perform an
Advanced Installation to select files and folders to add to the profile.
a. Expand the Firefox node in the left pane.
b. Right-click the Windows Vista [All service packs] node and click Update/Install
Application.
c. Click Next, select Advanced Install, and click Next.
d. Select Select files and folders and click Next.
3. Navigate the Select files pane to C:\Users\CitrixAdmin\Desktop.
72 Module 4: Maintaining the XenApp Environment © Copyright 2011 Citrix Systems, Inc.
4. Navigate the Current files pane to C:\Program Files\Mozilla Firefox\extension.
5. Copy the firebug@software.joehewitt.com folder to the extensions folder.
a. Select the firebug@software.joehewitt.com folder in the Select files pane.
b. Click the green Arrow button.
After a few moments, the firebug@software.joehewitt.com folder appears in
the Current files pane.
6. Navigate to C:\Program Files\Mozilla Firefox\searchplugins in the current
files pane. Permanently delete all of the files except google.xml and bing.xml.
a. Navigate to C:\Program Files\Mozilla Firefox\searchplugins in the
Current Files pane.
b. Control-click amazondotcom.xml, ebay.xml, wikipedia.xml, and yahoo.xml.
c. Click the red X button to delete the files and click Yes to confirm the deletion.
7. Finish the Update Profile wizard using the default settings and save the profile.
a. Click Next, select Finish installations, and click Next.
b. Click Next in the Run Application, Select Applications, and Add Virtual Hard Disk
screens.
c. Click Next in the Sign Profile screen and click Finish.
The Firefox profile is updated.
d. Click File > Save.
The profile is saved to the AppHub on the filer.
Verifying the Changes in Mozilla Firefox

3. Launch Mozilla Firefox from the Web Interface and view the default search engines that are
installed with the browser.
a. Click Firefox to launch the application.
b. Click the drop-down arrow on the left of the Firefox search toolbar to view the default
search engines.
The installed default search engines list only Bing and Google.
4. View the Mozilla extensions and confirm that Firebug is now installed.
a. Click Firefox > Add-ons to open the Add-ons Manager.
b. Click the Extensions tab.
c. Verify Firebug is listed as an enabled extension.
5. Close Mozilla Firefox, log off the Web Interface, and close all open windows.
Exercise 4-2: Performing Data Store
Maintenance Commands
Scenario
The new XenApp 6.5 farm has been up for quite some time at this point, and there have been
many configuration changes. In order to verify that things are running smoothly, you want to run a
few maintenance commands to check and optimize the data store and Local Host Cache on the
XenApp servers.
A member of your team is working on a script to perform most of these commands automatically
at regular intervals, but until this script is complete, you must run them yourself.
In addition, another member of your team noticed a strange issue on the XenAppController-2
virtual machine. You have investigated it without finding anything, but you want to delete and
recreate the Local Host Cache on this machine just to be sure.
Performing Data Store Maintenance with DSMaint

2. Use a command prompt to run the dsmaint command to view the tools options and syntax.
a. Click Start > All Programs > Accessories > Command Prompt.
b. Type dsmaint at the command line and press Enter.
The tool options and syntax are listed.
3. Run the dsmaint command to verify the Local Host Cache and auto repair it if needed.
a. Type dsmaint verifylhc /autorepair and press Enter.
b. Ensure that the "LHC integrity has been verified successfully" message appears.
4. Run the dsmaint command to compact the Local Host Cache file and run dsmaint
command to compact the RADE offline data store.
a. Type dsmaint compactdb /lhc and press Enter.
b. Verify that the "Compact DB operation succeeded" message appears.
c. Type dsmaint compactdb /rade and press Enter.
5. Run the dscheck command to perform validation on the data store and clean any
inconsistent records.
a. Type dscheck /clean and press Enter.
b. Verify that the "Finished data store validation" message appears.
Typically, the data store should be backed up before performing this command.
Recreating the Local Host Cache

2. Use the Services console to stop the Citrix Independent Management Architecture service.
Keep the Services console open.
a. Select Start > Administrative Tools > Services.
b. Right-click Citrix Independent Management Architecture and click Stop.
c. Click Yes in the Stop Other Services dialog box.
After a few moments, the Citrix Independent Management Architecture service stops
running.
3. Use a command prompt to run the dsmaint command to recreate the Local Host Cache
database.
b. Type dsmaint recreatelhc and press Enter.
c. Verify that the "Recreating LHC database finished successfully" message appears.
4. Use the Services console to start the Citrix Independent Management Architecture Service, and
Citrix WMI Service services.
a. Right-click Citrix Independent Management Architecture Service in the Services console
and select Start.
b. Right-click Citrix WMI Service and select Start.
Exercise 4-3: Configuring Power and
Capacity Management
Scenario
Due to the variation in demand for XenApp resources throughout any given day or week, you want
to set up Power and Capacity Management for all XenApp servers to enable the Power
Management and Load Consolidation features. Using these features will also allow you to free up
server resources when they are not required so they can be used for other work.
The Power and Capacity Management Concentrator has already been set up on the
XenAppController-1 virtual machine and the Agents have been installed on each of the XenApp
server virtual machines by another member of your team. You just need to add each server to the
Power and Capacity Management farm and then configure Power Management and Load
Consolidation. Testing done by your consultant indicates that you should have at minimum three
servers running during the hours of 08:00 and 18:00 on weekdays and one server running on the
weekends.
Setting Configuration Details Through Group Policy

2. Use the Group Policy Management Console to edit the XenApp Domain Policy group policy
object.
b. Expand the Forest: cch.local > Domains > cch.local nodes.
c. Right-click XenApp Domain Policies and click Edit.
3. Access the Computer Configuration Citrix Policies and edit the Unfiltered policy.
a. Expand the Computer Configuration > Policies node and click the Citrix Policies folder.
After a few moments, the Citrix policies load in the right pane.
b. Click the Unfiltered policy and click the Edit button
4. Access the Power and Capacity Management settings and add a policy to make the farm name
"CCH-PCM".
a. Click the Settings tab and click the Power and Capacity Management category.
b. Click Farm name in the right pane and click Add.
c. Type CCH-PCM in the Value field and click OK.
5. Add a policy to set the workload name to "Regular" and then finish editing the policy.
a. Click Workload name in the right pane and click Add.
b. Type Regular in the Value field and click OK.
c. Click OK to close the Edit Policy dialog box.
The Summary tab displays the changes to the active settings.
Joining the Servers to the Farm

1. Launch the Power and Capacity Management console and wait a moment until the XAC-
1.cch.local machine appears in the XenApp Servers workload.
a. Click Start > All Programs > Citrix > Management Consoles > XenApp Power and
Capacity Management.
b. Click the Servers tab in the All Workloads pane.
c. Verify XAC-1.cch.local appears in the Server list.
3. View the Power and Capacity Management console and verify that all three XenApp servers
are registered in the console.
If all servers are not in the farm, restart any servers that are not present and wait for them
to join. The Power and Capacity Management console will auto-refresh when new servers
join the farm.
Configuring Server Preference and Capacity Limits

1. Enable power management and load consolidation on the regular workload.
a. Right-click the Regular workload and click Enable Power Management.
b. Right-click the Regular workload again and click Enable Load Consolidation.
2. Change the XAC-2.cch.local machine controller preference to 2nd choice.
a. Right-click XAC-2.cch.local and click Server Properties.
b. Select 2nd choice in the Power controller preference menu and click OK.
3. Change the XAW-1.cch.local machine controller preference to 3rd choice.
a. Right-click XAW-1.cch.local and click Server Properties.
b. Select 3rd choice in the Power controller preference menu and click OK.
4. Use the Server Profile Properties to change the typical session capacity to 10.
a. Click the Capacities tab.
b. Right-click the VM: IntelXeon L5420 server profile and click Server Profile Properties.
c. Type 10 in the Typical Session Capacity field.
d. Click OK.
Creating a Workload Schedule

1. Create a new Power Management entry for Monday for 08:30 specifying three minimum
available servers.
a. Click the Regular workload and click the Schedule tab.
b. Select Allow edit.
A new editable field appears for each week day.
c. Beneath Monday, click the Time column editable field and type 08:30.
d. Click the Minimum Available Servers column and type 3.
2. Create another entry for Monday at 18:30 specifying two Minimum Available Servers.
a. Click the Time column editable field beneath the 08:30 entry for Monday.
b. Type 18:30, click the Minimum Available Servers column, and type 2.
3. Copy the Monday schedule for Tuesday, Wednesday, Thursday, and Friday.
a. Click Copy Monday's schedule to copy the workload schedule to Tuesday.
b. Repeat substep a for the Wednesday, Thursday, and Friday schedules.
4. Create an entry for Saturday at 06:00 specifying one minimum available server and copy the
Saturday schedule to Sunday.
a. Click the Time column editable field for Saturday.
b. Type 06:00, click the Minimum Available Servers column, and type 1.
c. Click Copy Saturday's schedule to copy the new workload schedule to Sunday.
5. Disable Power Management and Load Consolidation and close all open windows.
a. Click Disable Power Management in the right pane and click Disable Load
Consolidation.
b. Close all open windows.
Exercise 4-4: Creating a Restart Schedule
for the XenApp Servers
Scenario
As part of the default maintenance of the XenApp farm, you want to implement a regular restart
schedule to ensure that the servers are running free of memory leaks, print spooler problems, and
other issues that commonly arise with a computer that stays running for long periods of time.
Upon analysis of the work habits of CCH employees, your team finds that the most opportune time
to perform the restarts is weekly on Sunday mornings around 03:00. You need to implement this
restart schedule on all XenApp servers.
Implementing a Restart Schedule

object.
3. Create a new Citrix Computer Policy called "Weekly Restart Schedule for All Servers."
a. Expand the Computer Configuration > Policies node and click the Citrix Policies folder.
b. Click New in the right pane to create a new Citrix computer policy.
c. Type Weekly Restart Schedule for All Servers in the Name field and click
Next.
4. Add a new setting to enable scheduled reboots.
a. Click the Server Settings > Reboot Behavior category.
b. Click the Schedule reboots setting and click Add.
c. Select Enabled in the Add Setting dialog box and click OK.
5. Add a new setting to set the reboot schedule frequency to every seven days.
a. Click the Reboot Schedule Frequency and click Add.
b. Type 7 in the Days field and click OK.
6. Add a new setting to set the reboot schedule start date to this Sunday.
a. Click the Reboot schedule start date setting and click Add.
b. Enter the date for the upcoming Sunday in the MM/DD/YYYY format and click OK.
7. Add a new setting to set the reboot schedule time to 03:00.
a. Click the Reboot schedule time setting and click Add.
b. Type 3:00 AM in the Time field and click OK.
8. Add a new setting to set a Reboot schedule randomization interval to 30 minutes.
a. Click the Reboot schedule randomization interval setting and click Add.
b. Type 30 in the Minutes field and click OK.
9. Add a new setting to disable logons to a server to 15 minutes before a restart.
a. Click the Reboot logon disable time setting and click Add.
b. Select Disable 15 minutes before reboot from the Value menu and click OK.
10. Add a new setting to start warning the users 30 minutes before a reboot.
a. Click the Reboot warning start time setting and click Add.
b. Select Start 30 Minutes Before Reboot in the Value menu and click OK.
11. Add a new setting to enable reboot warnings to users.
a. Click the Reboot warning to users setting and click Add.
b. Select Enabled in the Add Setting menu and click OK.
12. Add a new setting to warn users of the reboot every 10 minutes.
a. Click the Reboot warning interval setting and click Add.
b. Select Every 10 Minutes from the Value menu and click OK.
13. Add a new filter to apply the policy to the All Servers worker group.
a. Click Next to access the filters screen.
b. Click the Worker Group filter in the Filters pane and click Add.
The New Worker Group Filter dialog box opens.
c. Click Add, ensure that Allow is selected in the Mode menu, and then click Browse.
After a few moments, the Select a worker group dialog box opens.
d. Double-click All Servers from the Worker groups pane and click OK.
14. Finish the New Policy Wizard and enable the policy.
a. Click OK in the New Filter dialog box.
b. Click Next in the New Policy Wizard.
c. Ensure that Enable this policy is selected and click Create.
Module 5
Optimizing the XenApp

Environment
Exercise 5-1: Enabling Multi-Stream ICA
Policies for Specific ICA Traffic
Scenario
CCH employees often host their meetings in a hosted GoToMeeting application. However, in the
previous XenApp 6 environment, employees had trouble using the GoToMeeting VoIP audio
bridge during meetings held at peak network times. Observation of network traffic indicated that
making some QoS improvements to the ICA stream could correct this problem.
Enabling the Multi-Stream ICA Computer Policy

object.
3. Create a new Citrix computer policy called "Enabling Multi-Stream ICA for VoIP Traffic on
All Servers."
a. Expand the Computer Configuration > Policies node and click Citrix Policies.
b. Click New in the right pane to create a new Citrix Computer Policy.
c. Type Enabling Multi-Stream ICA for VoIP Traffic on All Servers in the
Name field.
d. Click Next.
4. Add a new setting to enable multi-stream.
a. Click Multi-Stream Connections in the Categories pane.
b. Click the Multi-Stream setting and click Add.
5. Add the Multi-Port Policy setting to assign CGP port 1282 as port1 with a very high priority.
a. Click the Multi-Port Policy setting and click Add.
b. Type 1282 in the CGP port1 field.
c. Select Very High in the CGP port1 priority menu and click OK.
6. Add the Audio UDP Port Range setting to assign audio to use the UDP ports 16500 and 16509.
© Copyright 2011 Citrix Systems, Inc. Module 5: Optimizing the XenApp Environment 85
a. Click the Audio UDP Port Range setting and click Add.
b. Ensure that the ports 16500,16509 are in the Value field.
c. Click OK.
a. Click Next, click the Worker Group filter, and click Add.
b. Click Add, ensure that Allow is selected in the Mode menu, and then click Browse.
c. Select All Servers from the Worker groups pane and click OK.
d. Click OK to close the New Filter Element screen.
Allowing Users Access to Multi-Stream ICA

1. Create a new Citrix user policy called "Granting Domain Users Multi-Stream ICA Abilities".
a. Expand the User Configuration > Policies node and select Citrix Policies.
b. Click New in the right pane to create a new Citrix user policy.
c. Type Granting Domain Users Multi-Stream ICA Abilities in the Name field
and click Next.
2. Add a new setting to enable Multi-Stream.
a. Click Multi-Stream Connections in the Categories pane.
b. Click the Multi-Stream setting and click Add.
3. Add a new filter to apply the policy to all domain users.
a. Click Next, click the User or Group filter, and click Add.
The New User or Group Filter dialog box opens.
b. Click Add.
c. Ensure that Allow is selected in the Mode menu and Enable this filter element is selected.
d. Type CCH\Domain Users in the User or group name field and select OK.
86 Module 5: Optimizing the XenApp Environment © Copyright 2011 Citrix Systems, Inc.
5. Restart the XenAppController-1 , XenAppController-2 , and XenAppWorker virtual machines.
Verifying Multi-Stream ICA

2. Use the netstat command within a command prompt to view all of the ports the server is
listening on and verify the XTE process is using port 1282.
a. Click Start > All Programs > Accessories > Command Prompt.
b. Type netstat -nab to view all ports the server is listening on.
c. Verify 0.0.0.0:1282 appears as using XTE.exe and its state is Listening.
4. Repeat steps 1-3 on the XenAppController-2 and XenAppWorker virtual machines.
All of the XenApp servers are now using XTE to listen on ports 2598 and 1282 for ICA
connections.
Exercise 5-2: Enabling CPU and Memory
Optimization
Scenario
In the short term, memory is going to be limited within the environment. To make more efficient
use of each XenApp server memory allocation, you decide to implement memory optimization.
In addition, two different groups of users have been identified as requiring special CPU resource
requirements. The CCH web team's graphic designers need more CPU resources to run their CPU-
intensive graphics suites, while the Customer Support Representative team require lower CPU
resources.
You need to enable the CPU and Memory Optimization features in order to better make use of
XenApp server resources.
Enabling Memory and CPU Optimization Policies

object.
3. Create a new Citrix Computer policy called "Enabling Memory and CPU Optimization on All
Servers."
a. Expand the Computer Configuration > Policies node and click Citrix Policies.
b. Click New in the right pane to create a new Citrix Computer policy.
c. Type Enabling Memory and CPU Optimization on All Servers in the Name
field and click Next.
4. Add a setting that enables memory optimization.
a. Click Memory/CPU in the Categories pane, click the Memory Optimization setting, and
click Add.
b. Select Enabled in the Add Setting dialog box and click OK.
5. Add a setting that sets the memory optimization interval to occur daily.
a. Click the Memory optimization interval setting and click Add.
b. Verify that Daily is selected from the Value menu and click OK.
6. Add a setting that schedules the memory optimization to occur at 03:00.
a. Click the Memory optimization schedule: time setting and click Add.
b. Verify that 3:00 AM is in the Time field and click OK.
7. Add a setting to specify the preferential load balancing CPU management server level.
a. Click the CPU management server level setting and click Add.
b. Select Preferential Load Balancing from the Value menu and click OK.
a. Click Next, click the Worker Group filter, and click Add.
b. Click Add, ensure that Allow is selected in the Mode menu, and then click Browse.
c. Select All Servers from the Worker groups pane and click OK.
d. Click OK to close the New Filter Element screen.
Applying Session Importance to Specific Users

1. Create a new Citrix User policy called "High Session Importance to Graphic Design Group."
a. Expand the User Configuration > Policies node and click Citrix Policies.
b. Click New in the right pane to create a new Citrix User policy.
c. Type High Session Importance to Graphic Design Group in the Name field
and click Next.
2. Add a setting to set session importance to high.
a. Click Server Session Settings in the Categories pane, click the Session importance setting,
and click Add.
b. Select High from the Value menu and click OK.
3. Add a new filter to apply the policy to the CCH\Graphic Design and CCH\Domain Admins
groups.
b. Click Add. Ensure that Allow and Enable this filter element are selected.
c. Type CCH\Graphic Design in the User or group name field and select OK.
d. Click Add, type CCH\Domain Admins in the User or group name field, and click OK.
5. Create a new Citrix User policy called "Low Session Importance to Customer Support Group".
a. Click New in the right pane to create a new Citrix User policy.
b. Type Low Session Importance to Customer Support Group in the Name field
and click Next.
6. Add a setting to set Session importance to Low.
a. Click Server Session Settings in the Categories pane, click the Session importance setting,
and click Add.
b. Select Low from the Value menu and click OK.
7. Add a new filter to apply the policy to the CCH\Customer Support group.
b. Click Add. Ensure that Allow and Enable this filter element are selected.
c. Type CCH\Customer Support in the User or group name field and click OK.
Module 6
Optimizing the User

Environment
Exercise 6-1: Configuring Profile
Management
Scenario
CCH employees often work at many different company-provided computers in a single work day.
The employees need to have their application customization and preferences available regardless of
the computer they use to access them.
To meet this need, you must install and configure Citrix Profile Management within the XenApp
farm.
Configuring a Profile Share

1. Switch to the DomainController machine.
2. Create a folder called Profiles on the C: drive.
a. Click Start > Computer.
b. Double-click Local Disk (C:) and click New folder.
c. Type Profiles and press Enter.
3. Share the C:\Profiles folder and specify the share name as "Profiles$".
a. Right-click the Profiles folder and click Properties.
b. Click the Sharing tab and click Advanced Sharing.
c. Select Share this folder.
d. Type Profiles$ in the Share name field.
4. Use the advanced sharing permissions to give everyone full control.
a. Click Permissions.
b. Select Full Control under Allow and click OK to exit the Permissions screen.
c. Click OK to close the Advanced Sharing screen.
5. Access the Advanced Security Settings for the C:\Profiles folder to change the
permissions.
a. Click the Security tab.
b. Click Advanced.
c. Click Change Permissions.
6. Verify that the CCH\Administrators has full control of this folder, subfolders, and files.
a. Click Administrators (CCH\Administrators) and click Edit.
© Copyright 2011 Citrix Systems, Inc. Module 6: Optimizing the User Environment 93
b. Verify that Full control is allowed and applied to this folder, subfolders, and files, and click
OK.
7. Add the Domain Users group to the permission entries.
a. Click Add.
b. Type CCH\Domain Users in the Enter object name to select field and click Check
Names.
c. Click OK.
8. Grant the Domain Users group the rights to list folder / read data, create folders / append data,
and create files /write data for this folder only.
a. Select This folder only is selected from the Apply to menu.
b. Select Allow for the List folder / read data permission.
c. Select Allow for the Create folders / append data permission and click OK.
d. Click OK to exit the Permissions Entry screen.
e. Click OK to close the Advanced Security Settings and click Close.
Installing Profile Manager

2. Access \\dc\filer\Software\ProfileManagement and start the
profilemgt4.0.0_x64 installer.
a. Click Start > Network and navigate to DC > Filer > Software > ProfileManagement.
b. Double-click the profilemgt4.0.0_x64 installer file.
3. Accept the license agreement and install the software using the default values. Close the
installer when completed and restart the virtual machine.
a. Click Next, select I accept the terms in the License Agreement, and click Next.
b. Click Next to accept the default installation location.
c. Click Install and click Finish when the installation is completed.
d. Click Yes to restart the virtual machine.
Configuring Profile Management

Use the DomainController virtual machine logged on as the CCH\Administrator user for this task.
2. Use the Group Policy Management console to create and edit a group policy object named
"ProfileManagement" that is linked to the All XenApp Servers organizational unit.
94 Module 6: Optimizing the User Environment © Copyright 2011 Citrix Systems, Inc.
b. Expand the Domains > cch.local > All XenApp Servers.
c. Right-click the All XenApp Servers organization unit and click Create a GPO in this
domain, and Link it here.
d. Type ProfileManagement in the Name field and click OK.
e. Right-click the ProfileManagement group policy object in the right pane and click Edit.
3. Add the ctxprofile4.0.adm administrative template located in the
C:\Filer\Software\ProfileManagement\ADM_Templates\en folder to the
Administrative Templates for the Computer configuration.
a. Expand the Computer Configuration > Policies node.
b. Right-click Administrative Templates and click Add/Remove Templates.
c. Click Add and browse to
C:\Filer\Software\ProfileManagement\ADM_Templates\en.
d. Select ctxprofile4.0.0.adm and click Open.
e. Click Close.
4. Access the Citrix Profile Management policy settings and enable profile management.
a. Expand the Computer Configuration > Policies > Administrative Templates > Classic
Administration (ADM) > Citrix nodes and click Profile Management.
b. Double-click Enable Profile management.
c. Click Enabled and click OK.
5. Add the CCH\Domain Users group to the processed groups for profile management and
enable the processed groups.
a. Double-click Processed groups.
b. Click Enabled and click Show.
c. Type CCH\Domain Users in the Value field and click OK.
d. Click OK to close the Processed groups dialog box.
6. Specify \\DC\Profiles$\%username%\ as the path to the user store.
a. Double-click Path to user store.
b. Click Enabled.
c. Type \\DC\Profiles$\%username%\ in the Absolute path or path relative to the
home directory field and click OK.
Testing Profile Management

Use the EndUserSimulator virtual machine logged on as the CCH\TestUser user for this task.
1. Switch to the EndUserSimulator virtual machine. Log off from the current user and log on as
the CCH\TestUser user.
2. Use Internet Explorer to navigate to http://webinterface.cch.local and log on using the
CCH\TestUser credentials.
a. Click Start > Internet Explorer.
b. Navigate to http://webinterface.cch.local.
c. Log on using the CCH\TestUser credentials.
3. Use Notepad to save a blank text file called Test.txt to the Desktop. Close Notepad and log
off from Web Interface.
a. Click Notepad to open the published Notepad application.
b. Click File > Save and click Desktop.
c. Type Test.txt and click Save.
d. Click File > Exit to close Notepad.
e. Click Log Out on the Web Interface.
6. Verify that a new folder called testuser was created. View the
TestUser\UPM_Profile\Desktop folder for the Test file.
a. Click Start > Computer and navigate to C:\Profiles.
b. Verify that a folder called testuser exists.
c. Navigate to TestUser\UPM_Profile\Desktop and verify that the Test file is
present.
8. Use Internet Explorer to navigate to http://webinterface.cch.local and log on using the
CCH\TestUser credentials.
b. Navigate to http://webinterface.cch.local.
c. Log on using the CCH\TestUser credentials.
9. Launch the XenApp Server Desktop and verify that the Test.txt file is present on the
Desktop.
a. Click the Desktops tab in Internet Explorer.
b. Click XenApp Server Desktop to launch the server desktop.
c. Verify that the Test.txt file is located on the desktop.
10. Log off from the server desktop and Web Interface and close all open windows.
11. Log off from the EndUserSimulator virtual machine.
Exercise 6-2: Profiling an Application
Requiring a Service
Scenario
The CCH Graphic Design department occasionally has to print from streamed applications to
special high-quality printers using Bonjour Print Services. The Bonjour print services make use of a
Windows service in order to work correctly. The Citrix Engineer wants you to profile Bonjour so
that the service can be linked into other profiles. You need to then test it to ensure that the
Windows service works correctly when streamed through XenApp.
Profiling an Application with a Service

Use the Profiler-Win7 virtual machine logged in as the local CitrixAdmin user for this task.
1. Switch to the Profiler-Win7 virtual machine.
2. Use the Streaming Profiler to begin profiling a new application called "Bonjour."
a. Click Start > All Programs > Citrix > Streaming Profiler > Streaming Profiler.
b. Click New Profile in the Welcome dialog box and click Next.
c. Type Bonjour in the Profile name field and click Next.
3. Use the default Enable User Updates, Support Legacy Offline Plug-ins, and Set up Inter-
Isolation Communication options and verify that Windows 7 is selected as the target operating
system. Specify the setting to profile for all languages.
a. Click Next to accept the Enable User Updates defaults.
b. Click Next to accept the Support Legacy Offline Plug-ins defaults.
c. Click Next to accept the Set up Inter-Isolation Communication defaults.
d. Verify that Windows 7 is selected as a target operating system.
The Windows Vista and Windows Server 2008 are also selected by default.
e. Select All languages for the Target language and click Next.
4. Use the Quick Install option to specify the
\\dc\filer\Software\BonjourPSSetup.exe installer.
a. Select Quick Install is selected as the installation option and click Next.
b. Click Browse and navigate to \\dc\filer\Software\.
c. Double-click BonjourPSSetup.exe and click Next.
5. Launch the Installer, agree to the license agreement, and install Bonjour Printing Services using
the default options.
a. Click Launch Installer.
Please wait for the Bonjour Print Services installer to open before continuing. This may
take a few moments.
b. Click Next, accept the terms in the license agreement, and click Next.
c. Click Next and click Install to begin the installation process.
6. Finish the installer and complete the New Profile wizard using the default options. You may
need to terminate processes that are still running.
a. Click Finish and then click Next.
b. Click Next and click OK in the Invalid Shortcuts screen.
c. Click Next again to accept the defaults in the Add Virtual Hard Disk screen and click Next
in the Sign Profile screen.
d. Click Terminate All to terminate any running processes and then click Next.
e. Click Finish.
7. Access the Windows Vista target properties in the Bonjour profile and view the Windows
services installed in the profile. Verify that the Bonjour Service is listed and it will be run using
the local system. Close the Target Properties.
a. Expand the Bonjour node, right-click Windows Vista [All service packs], and click
Properties.
b. Click Services and verify that Bonjour Service appears in the List of Services and it is
designated as LocalSystem.
c. Click OK to exit the Target Properties dialog box.
8. Save the profile to the \\dc\filer\AppHub folder and close the Streaming Profiler.
a. Click File > Save.
b. Type \\dc\filer\AppHub in the Profile directory field and click Save.
Publishing Bonjour Print Services as a Streaming

Application
2. Use Citrix AppCenter to start publishing a stream to client application called "Bonjour Print
Services."
Citrix AppCenter.
b. Expand the XenApp > CCH > Applications nodes.
c. Right-click Applications and click Publish application.
d. Click Next to begin the Publish Application wizard.
e. Type Bonjour Print Services in the Display Name field and click Next.
3. Specify the application to be streamed to client by using the \\dc\filer
\AppHub\Bonjour\Bonjour.profile profile. Specify Bonjour Printer wizard as the
application to launch from the profile.
a. Select Streamed to Client and click Next.
b. Click Browse, navigate to the \\dc\filer\AppHub\Bonjour folder and double-click
the Bonjour.profile file.
c. Select Bonjour Printer wizard from the Application to launch from the Citrix streaming
application profile menu and click Next.
d. Click Next to use the default settings for offline access.
4. Publish Bonjour Printing Services to all Domain Admins and the Graphic Design group.
a. Click Add to open the Select Users or Groups screen.
b. Click Add List of Names and type CCH\Domain Admins;CCH\Graphic Design.
c. Click Check Names and click OK if the name validates successfully.
d. Click OK to close the Add List of Names window and then click OK.
5. Complete the Publish Application wizard using the default settings.
a. Click Next to proceed to the Shortcut presentation screen.
b. Click Next and click Finish to complete the Publish Application wizard.
Testing and Implementing Support for Windows Service

3. Open Bonjour Printing Services and note the error indicating that the Bonjour Service is not
running. Log off from Web Interface and close Internet Explorer.
a. Click Bonjour Print Services to launch the application.
b. Read and verify the error message and click OK.
The error indicates that the Bonjour Service is not available and therefore the application
cannot start.
c. Click Log off and close Internet Explorer.

4. Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE > Software > Citrix >
Rade.
a. Click Start, type regedit in the Search field, and press Enter.
b. Expand the HKEY_LOCAL_MACHINE > Software > Citrix node.
c. Click Rade.
5. Within the Rade key, create a new String Value called "AppHubWhiteList." Specify
"dc;dc.cch.local" as the value.
a. Right-click the Rade folder and click New > String Value.
b. Type AppHubWhiteList in the Name field.
c. Double-click the AppHubWhiteList string value.
d. Type dc;dc.cch.local in the Value data field and click OK.
6. Create a new DWord value called "AppHubWhiteListRequired." Specify 1 as its value. Close the
Registry Editor.
a. Right-click the Rade folder and click New > DWORD (32-bit) Value.
b. Type AppHubWhiteListRequired in the Name field.
c. Double-click the AppHubWhiteListRequired Dword value and type 1 in the Value data
field to mark the value as true.
d. Click OK and close the Registry Editor.
7. Use the Services console to restart the Citrix Streaming Helper Service. Allow it to restart the
Citrix Streaming service. Keep the Services console open.
a. Click Start and type services in the Search field. Click Services from the results.
b. Right-click the Citrix Streaming Helper Service and click Restart.
c. Click Yes to restart any dependent services.
9. Open Bonjour Printing Services and allow it to start. Scan the Services console for the new
Bonjour service and notice that it is now running.
a. Click the Bonjour Printing Services icon in the Web Interface.
b. Switch to the Services console, right-click Services (Local) in the left pane and click
Refresh.
The names of streamed Windows services begin with an 8-digit portion of the app's
isolation environment unique id. This key is unique for each student. For example, a
running Bonjour Service may appear as "fd5e45b9-Bonjour Service" within the Services
console.
10. Log out of the EndUserSimulator virtual machine.
Module 7
Optimizing Printing
Exercise 7-1: Verifying Printer Driver
Compatibility with XenApp
Scenario
CCH recently established a new support contract with Brother Industries Ltd. to provide printers
and support for the CCH offices. Brother representatives and the CCH IT department deployed
several new printers of varying models around the office. However, some of the models included in
the deployment were printers with non-native printer drivers. In addition to the new Brother
printers, one HP printer model is still in limited use within the organization due to a specific
required feature.
Though the Citrix Universal Printer driver will be used predominately throughout the company, IT
wants to use the vendor-supplied drivers for these three specific printers because of a few features
specifically offered through these drivers.
Your job is to verify whether these printer drivers are compatible for production use within
XenApp or whether the Citrix Universal Printer Driver must be used.
Installing Non-Native Printer Drivers

2. Open the BrotherPrinters.exe installer within the \\dc\filer\Software folder
and decompress the files into the same folder.
a. Navigate to \\dc\filer\Software and double-click BrothersPrinters.exe.
b. Click Decompress(X) to decompress the installer files to the default directory and click
OK.
3. Create a new folder called "HPPrinters". Launch the HPPrinters.exe installer within
the \\dc\filer\Software folder and decompress the files into the same folder.
a. Click New folder in the \\dc\filer\Software\ directory and type HPPrinters.
b. Double-click HPPrinters.exe.
c. Click Browse, navigate to \\dc\filer\Software, click HPPrinters, and click OK.
d. Click Unzip and then click OK.
e. Click Close.
4. Use the Devices and Printers console to add a new local printer using the existing LPT1 printer
port.
a. Click Start > Devices and Printers and click Add a Printer.
© Copyright 2011 Citrix Systems, Inc. Module 7: Optimizing Printing 105

b. Select Add a local printer, select Use an existing port, and select LPT1: (Printer Port)
from the menu.
c. Click Next.
5. Browse to \\dc\filer\software\64 within the Have Disk screen, use the brimc10a
file and continue with the installation process.
a. Click Have Disk.
b. Click Browse and navigate to \\dc\filer\software\64 and click brimc10a.inf.
c. Click Open and click OK.
6. Install the Brother MFC-9970CDW Printer driver using the default printer name. Do not share
the printer and then finish the Add Printer wizard.
a. Click Brother MFC-9970CDW from the Printers pane and click Next.
b. Click Next to accept the default printer name.
c. Select Do not share this printer and click Next.
d. Click Finish.
7. Repeat steps 4-6 to add the Brother DCP-9055CDN Printer.
8. Add another new local printer using the existing LPT1 printer port.
a. Select Add a local printer, select Use an existing port, and select LPT1: (Printer Port)
from the menu.
b. Click Next.
9. Browse to \\dc\filer\software\HPPrinters\ within the Have Disk screen, use the
hpc4x50t file, and continue with the installation process.
a. Click Have Disk.
b. Click Browse, navigate to the \\dc\filer\software\HPPrinters\ folder, and
click HPPrinters.
c. Click Open and then click OK.
10. Install the HP LaserJet 4350 PCL 5e driver using the default printer name. Do not share the
printer and then finish the Add Printer wizard. Close the Devices and Printers window.
a. Click HP LaserJet 4350 PCL 5e from the Printers pane and click Next.
b. Click Next to accept the default printer name.
c. Select Do not share this printer and click Next.
d. Click Finish.
e. Close the Devices and Printers window.
Testing Non-Native Printer Drivers Using StressPrinters

1. Navigate to the \\dc\filer\Software folder, copy the Stress Printers folder to the
desktop, and launch the StressPrinters64 application located in this folder.
106 Module 7: Optimizing Printing © Copyright 2011 Citrix Systems, Inc.

a. Copy the Stress Printers folder from the \\dc\filer\Software folder to the
desktop.
b. Open the Stress Printers folder from the virtual machine desktop and double-click the
StressPrinters64 application.
2. Change the number of concurrent add events to 5 and enable verbose mode. Specify the option
to apply these settings to all printers.
a. Type 5 in The number of concurrent add events field and select Verbose mode.
b. Select Apply these settings to all printers.
3. Run the test on both of the Brothers printers. Allow the test to run and display the results.
View the log to see if there are any errors reported.
a. Select the Brother DCP-9055CDN and Brother MFC-9970CDW printers.
b. Click Run.
c. Click OK after the test completed.
d. View the log and click Close when finished.
The test returns 0 errors, which indicates that it is safe for use with XenApp.
4. Run the test on the HP LaserJet 4350 PCL 5e printer. Allow the test to run and display the
results. View the log to see if there are any errors reported.
a. Clear the Brother DCP-9055CDN and Brother MFC-9970CDW printers.
b. Select the HP LaserJet 4350 PCL 5e printer and click Run.
c. Click OK after the test completes.
d. View the log and click Close when finished.
The HP LaserJet 4350 PCL 5e printer test returns several errors in the results.

The results reveal that both of the Brother printers are compatible with XenApp but the HP printer
is not. Therefore it is safe to use the non-native driver for the Brother printers, but the Citrix
Universal Printer Driver will need to be used for the HP printer instead of its non-native driver.

Exercise 7-2: Replicating Printer Drivers
Using PowerShell
Scenario
Both of the Brother printers have been installed and tested and confirmed to be compatible with
XenApp. Now you must replicate these printer drivers to all XenApp servers to make them
available.
Manually Replicating a Printer Driver Using PowerShell

1. Open Windows PowerShell and type the command to load all of the Citrix PowerShell snap-
ins.
a. Click Start > All Programs > Accessories > Windows PowerShell > Windows
PowerShell.
b. Type Add-PSSnapIn Citrix.* and press Enter.
2. Use the PowerShell command to view all of the XenApp printer drivers on the XAC-1
machine. Verify that MFC-9970CDW and DCP-9055CDN Brother Printer drivers are listed.
a. Type Get-XAPrinterDriver -Servername XAC-1 and press Enter.
b. Verify Brother MFC-9970CDW Printer and Brother DCP-9055CDN Printer appear in the
DriverName list.
3. Use the PowerShell command to perform a test printer replication of the Brother MFC-
9970CDW Printer to XAC-2.
a. Type Start-XAPrinterDriverReplication and press Enter.
b. Type Brother MFC-9970CDW Printer at the DriverName[0] prompt and press
Enter.
You can copy the name of the printer by highlighting the name from the printer list and
then paste it by right-clicking where it needs to be pasted.
c. Press Enter at the DriverName[1] prompt to submit a blank entry.

d. Type XAC-2 at the TargetServerName[0] prompt and press Enter.
e. Press Enter at the TargetServerName[1] to submit a blank entry.
4. After a few moments view the printer drivers available on the XAC-2 machine. Verify that the
Brother MFC-9970CDW Printer is now available in the list.

b. Verify Brother MFC-9970CDW Printer appears in the DriverName list.
It may take several minutes for the replication to complete and display in the list.
5. Perform the printer replication of the Brother MFC-9970CDW Printer to the XAW-1 machine
using the following compound PowerShell command:
Start-XAPrinterDriverReplication -DriverName "Brother MFC-9970CDW
Printer" -TargetServerName XAW-1
6. After a few moments, view the printer drivers available on the XAC-1, XAC-2, and XAW-1
machines. Verify that the Brother MFC-9970CDW Printer is now available in the list.
a. Type Get-XAPrinterDriver -Servername XAC-1, XAC-2, XAW-1 and press
Enter.
b. Verify that the Brother MFC-9970CDW Printer appears three times in the DriverName
list: once each for the XAC-1, XAC-2, and XAW-1 machines.
It may take several minutes for the replication to complete and display in the list.
Auto-Replicating a Printer Driver Using PowerShell

1. Use the PowerShell command to view all of the XenApp printer drivers on the xac-1 server.
Verify that MFC-9970CDW and DCP-9055CDN Brother Printer drivers are listed.
b. Verify that Brother MFC-9970CDW Printer and Brother DCP-9055CDN Printer appear in
the DriverName list.
2. Add a new auto replication of the Brother DCP-9055CDN printer by typing the following
command:
Add-XAAutoReplicatedPrinterDriver –DriverName “Brother DCP-

9055CDN Printer”
You can copy the name of the printer by highlighting the name from the printer list and
then paste it by right-clicking where it needs to be pasted.
3. Use the command to verify that auto replication was set up correctly. Verify that the Brother
DCP-9055CDN printer is now available in the list.

a. Type Get-XAAutoReplicatedPrinterDriver and press Enter.
b. Verify that Brother DCP-9055CDN Printer appears in the DriverName field.
4. Use the PowerShell command to view the printer drivers available on the xac-2 and xaw-1
machines after several minutes. Verify that the Brother DCP-9055CDN Printer is now available
in the list.
a. Type Get-XAPrinterDriver -Servername XAC-2,XAW-1 and press Enter.
b. Verify that Brother DCP-9055CDN Printer appears two times in the DriverName list: once
for each of the different servers listed in ServerName.
It may take several minutes for the replication to finish and display the printer driver in
the list.
5. Close the Windows PowerShell window.

Exercise 7-3: Troubleshooting a Printer Issue
with the Citrix Group Policy Modeling Wizard
Scenario
While testing some of the implementation requirements, another administrator noticed that
something was not quite right. According to the company's plan, users in the Finance department,
which is part of the Accounting department, should have the same policy setting: auto-create client
default printer. The Accounting department should be restricting the auto-creation of client
printers in accordance with company policy.
However, during testing it was found that no client printers were auto-created for those users in
Finance, while auto creation was working as expected for those in Accounting.
Your job is to troubleshoot this problem, determine the cause, and then identify a solution to
ensure that the implementation is completed according to plan.
Viewing the Existing Policies

object.
2. View the policy summary of the Citrix user policy "Do Not Auto Create Client Printers for
Accounting Department" and ensure that they are set correctly to not auto-create client
printers. Also verify that the policy is correctly filtered to the CCH\Accounting group.
a. Expand the User Configuration > Policies node and click Citrix Policies.
b. Click the Do Not Auto Create Client Printers for Accounting Department user policy
and click the Summary tab.
c. Verify that the active setting for Auto-create client printer is set to Do not auto-create
client printers.
d. Verify that the User or Group filter is set to "Allow - CCH\Accounting".
3. View the "Allow Default Client Printer Auto Creation for Finance Department" policy
summary and ensure that it is set correctly to auto-create the default client printer. Also verify
that the policy is correctly filtered to the CCH\Finance group.
a. Click the Allow Default Client Printer Auto Creation for Finance Department user
policy and click the Summary tab.

b. Verify that the active setting for Auto-create client printers is set to Auto-create the client's
default printer only.
c. Verify that the User or Group filter is set to "Allow - CCH\Finance".
You have now verified that the implementation seems correct and that the existing policies contain
no errors.
Viewing the Resultant Policy for a User in the Finance

Group
1. Close the Group Policy Management Editor.
2. Use the Group Policy Management window to begin the Citrix Group Policy Modeling Wizard.
Run the wizard on any available domain controller within the cch.local domain.
a. Right-click the Citrix Group Policy Modeling node in the Group Policy Management
window and click Citrix Group Policy Modeling Wizard.
b. Click Next.
c. Select cch.local from the Show domain controller in this domain menu.
d. Verify that Any available domain controller running Windows Server 2003 or later is
selected and click Next.
3. Specify the CCH\TestFinanceUser user within the User Information field.
a. Select User within the User Information field.
b. Click Browse, type CCH\TestFinanceUser in the Enter the object name to select
field, and click Check Names.
c. Click OK.
4. Specify CCH\All XenApp Servers organization unit as the container within the Computer
Information field and then proceed to the final page of the wizard without collecting additional
data.
a. Select Container within the Computer Information field.
b. Click Browse, click the CCH > All XenApp Servers organization unit, and click OK.
c. Select Skip to the final page of this wizard without collecting additional data and click
Next.
5. Verify the summary of selections and run the modeling wizard. When it is completed, close the
wizard and view the results.
a. Verify the summary of selections.
b. Click Run to run the modeling wizard and click Close.
6. View the Citrix Group Policy User Configuration and verify the Auto-create client printer
setting.
a. Click the TestFinanceUser node.

b. Navigate to User Configuration > Citrix Group Policy in the summary.
c. Verify that the Auto-create client printers setting and that the Do Not Auto Create Client
Printers for Accounting Department policy is the winning group policy object.
The setting being applied to this user appears to be incorrect. The winning GPO says it is
being applied by the "Do Not Auto Create Client Printers for Accounting Department"
policy.
Upon further reflection, you have determined that this issue exists because the Finance group is
part of the Accounting department. Perhaps the policy applied to the Accounting department is
overriding the one assigned to the Finance group. A test fix is required.
Implementing a Test Fix

1. Use the Group Policy Management console to edit and view the XenApp Domain Policies
Citrix user policies.
a. Right-click XenApp Domain Policies and click Edit.
b. Navigate to User Configuration > Policies > Citrix Policies.
2. Edit the User or Group filter of the "Do Not Auto Create Client Printers for Accounting
Department" and add a new filter element.
a. Click the Do Not Auto Create Client Printers for Accounting Department user policy.
b. Click the User or Group filter for Active Filters and click Edit.
3. Specify to Deny the filter to the CCH\Finance group and complete editing the filter.
a. Click Add and select Deny from the Mode menu.
b. Type CCH\Finance and click OK.
c. Click OK in the Edit Filter dialog box.
Adding a filter to deny the policy to the Finance group should allow for the resultant policy to
bypass the policy for this group and apply later policies.
Verifying the Test Fix

1. Close the Group Policy Management Editor.
2. Delete the existing TestFinanceUser group policy wizard result.
a. Right-click TestFinanceUser and click Delete.
b. Click Yes.
3. Use the Group Policy Management window to begin the Citrix Group Policy Modeling Wizard.
Run the wizard on any available domain controller within the cch.local domain.

a. Right-click the Citrix Group Policy Modeling node in the Group Policy Management
window and click Citrix Group Policy Modeling Wizard.
b. Click Next.
c. Select cch.local from the Show domain controller in this domain menu.
d. Verify that Any available domain controller running Windows Server 2003 or later is
selected and click Next.
4. Specify the CCH\TestFinanceUser user within the User Information field.
a. Select User within the User Information field.
b. Click Browse, type CCH\TestFinanceUser in the Enter the object name to select
field, and click Check Names.
c. Click OK.
5. Specify CCH\All XenApp Servers organization unit as the container within the Computer
Information field and then proceed to the final page of the wizard without collecting additional
data.
a. Select Container within the Computer Information field.
b. Click Browse, click the CCH > All XenApp Servers organization unit, and click OK.
c. Select Skip to the final page of this wizard without collecting additional data and click
Next.
6. Verify the summary of selections and run the modeling wizard. When it is completed, close the
wizard and view the results.
a. Verify the summary of selections.
b. Click Run to run the modeling wizard and click Close.
7. View the Citrix Group Policy User Configuration settings and verify that the Auto-create client
printers setting is now showing the desired result "Auto-create the client's default printer only."
Verify that the desired group policy object is listed as the winning group policy object.
a. Click the TestFinanceUser node.
b. Navigate to User Configuration > Citrix Group Policy in the summary list.
c. Verify that the Auto-create client printers setting value is "Auto-create the client's default
printer only" and the winning group policy object is from "Allow Default Client Printer
Auto Creation for Finance Department."
The fix worked as expected. The users from the finance group are now displaying the correct
settings.

Module 8
Securing XenApp
Exercise 8-1: Creating and Distributing Root
CA Certificates
Scenario
The staging of the new XenApp 6.5 farm is going very well and is on schedule. The last step is to
enable the security layers to ensure that the farm is taking advantage of the state-of-the-art security
technology. Before you can start securing XenApp, you must create the security certificates.
The Citrix Engineer wants to create an in-house Certificate Authority instead of purchasing
certificates from an outside source. To satisfy this request you need to install the Active Directory
Certificate Services, create the root CA, and then distribute it to all servers through Group Policy.
Installing Active Directory Certificate Services

2. Use Server Manager to add the Active Directory Certificate Services Role to the system.
a. Click Start > Administrative Tools > Server Manager.
b. Click the Server Manager (DC) > Roles node and click Add Roles in the Roles Summary
pane.
c. Click Next, select Active Directory Certificate Services, and click Next.
d. Click Next.
3. Add the Certification Authority Web Enrollment Service, and any required services. Specify
that you are creating an Enterprise Root CA.
a. Select Certification Authority Web Enrollment, click Add Required Role Services, and
click Next.
b. Verify that Enterprise is selected and click Next.
c. Verify that Root CA is selected and click Next.
4. Create a new private key using the default cryptography for the CA. Use the default CA name
and specify a validity period of 10 years.
a. Verify that Create a new private key is selected and click Next.
b. Click Next to accept the default CA cryptography.
c. Click Next to accept the default CA name.
d. Type 10 for the validity period and select years. Click Next.
5. Use the default certificate database and then install the role using the default settings.
© Copyright 2011 Citrix Systems, Inc. Module 8: Securing XenApp 117

a. Click Next to accept the default certificate database location.
b. Click Next to accept the defaults for Web Server (IIS).
c. Click Next to accept the defaults for Role Services.
d. Click Install and wait until the installer is completed.
Creating a Root CA on NetScaler

2. Access the NetScaler web interface at http://ns.cch.local and log on using the nsroot/nsroot
credentials.
3. Access the SSL Settings and start the Root-CA Certificate Wizard.
a. Click the NetScaler VPX ns.cch.local > SSL node in the left pane.
b. Click Root-CA Certificate Wizard from the SSL pane.
4. Create an RSA Key with the filename "cch-ca.key" and a key size of 2048 bits.
a. Click Next.
b. Type cch-ca.key in the Key Filename field and 2048 in the Key Size field.
c. Click Next.
5. Create a CSR with the file name "cch-ca.req" and the password "Password1". Use the following
information for the Distinguished Name fields:
• Common Name: cch.local
• City: San Francisco
• Organization Name: Coolidge Consolidated Holdings, Ltd
• State/Province Name: CA
• Email Address: citrixadmin@cch.local
• Organization Unit: IT
a. Type cch-ca.req in the Request File Name field.
b. Type Password1 in the PEM Passphrase field.
c. Use the provided information to complete the Distinguished Name Fields and click Next.
6. Create a Certificate called "cch-ca.cer" with the password "Password1".
a. Type cch-ca.cer in the Certificate File Name field.
c. Click Next.
7. Install the Certificate with a Certificate-key pair name of "cch-ca.keypair" with the password
"Password1" and then finish and exit the wizard.
118 Module 8: Securing XenApp © Copyright 2011 Citrix Systems, Inc.

a. Type cch-ca.keypair in the Certificate-Key Pair Name field.
b. Type Password1 in the Password field.
c. Click Next and then click Finish.
d. Click Exit.
8. Start the Manage Certificates tool, create a new folder location for \\dc\filer\certs
folder, and download the cch-ca.cer certificate to the newly created folder location.
a. Click Manage Certificates/Keys/CSRs in the SSL pane.
b. Click cch-ca.cer and click Download.
c. Click Browse, navigate to the \\dc > filer folder, and click the Create New Folder icon.
d. Type Certs for the new folder name.
e. Select the Certs folder and click Select.
f. Click Download.
9. Close the Manage Certificates tool.
Distributing the Root Certificate

2. Use Internet Explorer to access the Certificate Services site at http://dc/certsrv and download
the root CA Certificate in the base 64 encoding method.
a. Start Internet Explorer and navigate to http://dc/certsrv.
b. Click Download a CA certificate, certificate chain, or CRL and click Yes.
c. Click Current [cch-DC-CA] in the CA certificate field and select Base 64 as the encoding
method.
d. Click Download CA certificate and click Save.
3. Use the Group Policy Management console to edit the CCH Domain Policy.
b. Expand the Forest: cch.local > Domains > cch.local node.
c. Right-click CCH Domain Policies and select Edit.
4. Access the Public Key Settings Security Settings in the Computer Configuration and begin
importing the certificate into the Trusted Root Certification Authorities.
a. Expand the Computer Configuration > Policies > Windows Settings > Security Settings
> Public Key Policies nodes.

b. Right-click the Trusted Root Certification Authorities node and click Import.
5. Import the certnew.cer from the Downloads folder using the default values.
a. Click Next, click Browse, and click Downloads.
b. Double-click certnew.cer and click Next to specify the file to import.
c. Click Next to accept the default certificate location and click Finish.
d. Click OK when the wizard completes the import process.
6. Import the cch-ca.cer certificate from the \\dc\filer\Certs folder into the Trusted Root
Certificate Authorities using the default values.
a. Right-click the Trusted Root Certification Authorities node and click Import.
b. Click Next and click Browse.
c. Navigate to the \\dc\filer\Certs folder and double-click cch-ca.cer.
d. Click Next to specify the file to import.
e. Click Next to accept the default certificate location and click Finish.
f. Click OK when the wizard completes the import process.
10. Check the security settings in Internet Explorer to verify that the new root certificate
authorities are present in the Trusted Root Certificate Authorities.
a. Start Internet Explorer and click Tools > Internet Options.
b. Select the Content tab and click Certificates.
c. Click the Trusted Root Certification Authorities tab and verify that the new cch.local and
cch-DC-CA root certificate authorities appear in the list.

Exercise 8-2: Encrypting External ICA Traffic
Using ICA Proxy
Scenario
The Citrix Engineer also wants to try testing out encrypting external ICA traffic. To do this, you
decide to set up the Access Gateway Enterprise Edition functionality of the NetScaler system to act
as an ICA proxy.
To configure it correctly, you need to create a public server certificate, configure the Access
Gateway, and then create a new Web Interface site to handle the new traffic.
Creating a Server Certificate

2. Access the NetScaler web interface at http://ns.cch.local and log on using the nsroot/nsroot
credentials.
3. Access the SSL settings and begin the Server Certificate Wizard.
a. Click the NetScaler VPX ns.cch.local > SSL node in the left pane.
b. Click Server Certificate Wizard in the SSL pane.
4. Create a new key with the file name "cch-server.key" with a key size of 2048.
a. Click Next.
b. Type cch-server.key in the Key Filename field and 2048 in the Key Size field.
c. Click Next.
5. Create a CSR with the file name "cch-server.csr" and the password "Password1". Use the
following information for the Distinguished Name fields:
• Common Name: ag.cch.local
• Organization Name: Coolidge Consolidated Holdings, Ltd
• State/Province Name: CA
• E-mail Address: citrixadmin@cch.local
• Organization Unit: IT
a. Type cch-server.csr in the Request File Name field.
c. Use the provided information to complete the Distinguished Name Fields and click Next.

6. Create a certificate called "cca-server.cer". Use the "cch-ca.cer" CA certificate file name, "cch-
ca.key" CA file name, "ns-root.srl" CA serial number file that are on the NetScaler with the
password "Password1".
a. Type cch-server.cer in the Certificate File Name field.
b. Click Browse for the CA Certificate File Name field, select cch-ca.cer, and click Select.
c. Click Browse for the CA Key File Name field, click cch-ca.key, and click Select.
d. Click Browse for the CA Serial Number File field, click ns-root.srl, and click Select.
e. Type Password1 in the PEM Passphrase field and click Next.
7. Install the certificate using the key pair name "cch-server.keypair" and the password
"Password1". Finish and exit from the certificate wizard.
a. Type cch-server.keypair in the Certificate-Key Pair Name field.
b. Type Password1 in the Password field and click Next.
c. Click Finish to complete the wizard and click Exit.
8. Access the certificates node and link the "cch-server.keypair" to the "cch-ca.keypair."
a. Expand the SSL node and click Certificates.
b. Click the cch-server.keypair from the SSL Certificates pane and click Link.
c. Select cch-ca.keypair from the CA Certificate Name menu and click OK.
Creating and Securing a New Web Interface Site

1. Access the Web Interface site on the NetScaler and begin adding a new site. Set the site path to
/Citrix/Secure/ with a "DualMode" published resource type.
a. Expand the Web Interface node, click the Sites nodes, and click Add.
b. Click Next and type /Citrix/Secure in the Site Path field.
c. Select DualMode from the Published Resource Type menu.
2. Use Gateway Direct Mode and create a new LB virtual server. Create a new virtual server with
the IP address 192.168.1.195 and the name "ica_proxy_server".
a. Select Gateway Direct Mode, click New Virtual Server, and select New Virtual Server.
A new window opens.
b. Click Next, type 192.168.1.195 in the IP Address field, and type
ica_proxy_server in the Virtual Server Name field.
c. Click Next.
3. Use the cca-server.keypair installed certificate and private keypair. Set the DNS server to
192.168.1.100.
a. Select Use an installed certificate and private key pair from the Certificate Options
menu.
b. Select the cca-server.keypair from the Server Certificate menu and click Next.

c. Confirm that 192.168.1.100 in the Configured DNS Server field and click Next.
4. Use LDAP as the authentication type and specify IP address 192.168.1.100. Configure the
connection settings with the following information:
• Base DN: dc=cch,dc=local
• Administrator Bind DN: cn=Administrator,cn=users,dc=cch,dc=local
• Administrator Password: Password1
• Confirm Administrator: Password1
a. Select LDAP from the Select an authentication type menu and type 192.168.1.100 in
the IP Address field.
b. Complete the Connection Settings fields using the provided information.
5. Retrieve the attributes from the LDAP server. Specify the following other settings:
• Server Logon Name Attribute: sAMAccountName
• Group Attribute: memberOf
• Sub Attribute Name: cn
• SSO Name Attribute: sAMAccountName
• Security type: SSL
a. Click Retrieve Attributes and click OK.
b. Complete the Other Settings fields using the provided information and click Next.
6. Allow configure authorization and redirect non-secure requests to "https://ag.cch.local".
Configure the clientless access to allow using the plugin and to allow access scenario fallback
and then finish and exit the wizard.
a. Select Allow for Configure Authorization, select Redirect to Secure Web address, and
type http://ag.cch.local.
b. Click Next, select Use the Access Gateway Plugin and allow access scenario fallback, and
click Next.
c. Click Finish and click Exit.
7. Access the Access Gateway VServer settings to name the settings "ICA Proxy Settings".
Override the global Single Sign-on Domain and configure it as "cch".
a. Click Settings for the ica_proxy_server Access Gateway VServer.
b. Type ICA Proxy Settings in the Name field, select Override Global for the Single
Sign-on Domain, and type cch in the Single Sign-on Domain field.
c. Click OK.
8. Do not add a DNS entry for the server. Specify http://xac-1.cch.local/scripts/ctxsta.dll as the
STA server URL and enable session reliability.
a. Deselect Add DNS Entry.
b. Type http://xac-1.cch.local/scripts/ctxsta.dll in the STA Server URL
field and select Session Reliability.
c. Click Next.

9. Add "xmlbrokers.cch.local" as the XML Service address with the farm name CCH. Finish and
exit the wizard.
a. Click Add.
b. Type CCH in the Name field and type xmlbrokers.cch.local in the XML Service
Addresses field.
c. Click Create and click Next.
d. Click Finish and click Exit to close the wizard.
Adding a DNS Entry for Access Gateway

2. Use the DNS console to add a new DNS entry for the hostname "ag" and IP address
192.168.1.195.
a. Click Start > Administrative Tools > DNS.
b. Expand the DNS > Forward Lookup Zones > cch.local nodes, right-click cch.local, and
click New Host (A or AAAA).
c. Type ag in the Name field, type 192.168.1.195 in the IP address field, and click Add
Host.
d. Click OK to confirm the new host and click Done.
Testing ICA Proxy

2. Access the https://ag.cch.local site. Log on using the CCH\CitrixAdmin user's credentials.
3. Launch Notepad and verify that it is secured using SSL/TLS 128-bit encryption.
a. Click Notepad to launch the hosted Notepad application.
In a few moments, the Notepad application launches.
b. Right-click the Citrix Receiver icon in the Notification tray and click Online Sessions >
Connection Center.
c. Click Properties.
d. View the encryption level and ensure that 128-bit SSL/TLS is listed.
4. Close Connection Center and Notepad, log off of Web Interface, and close all open windows.


Exercise 8-3: Restricting External Application
Access
Scenario
CCH has several employees that work remotely in their daily company roles. In the near future,
management will be mandating that all remote employees must run McAfee Antivirus on their
computers in order to work remotely. Knowing that this mandate will be implemented soon, your
manager wants you to implement a policy on the Access Gateway that will do this. He then wants
you to ensure that the policy will prevent all employees who are not running the antivirus software
from gaining access. Since the corporate antivirus mandate is not yet in effect, he wants you to
disable the policy, once tested.
Implementing a Pre-Authentication Policy

2. Use the NetScaler interface to access the ica_proxy_server Access Gateway virtual server and
the pre-authentication policies.
a. Expand the Access Gateway node and click the Virtual Servers node.
b. Double-click ica_proxy_server.
c. Click Policies and click Pre-authentication.
3. Insert a new policy called "McAfee Anti-Virus Check". Create a new request profile called
"Deny Access" and specify the deny action.
a. Click Insert Policy and click New Policy.
b. Type McAfee Anti-Virus Check in the Name field and click New in the Request
Profile menu.
c. Type Deny Access, verify that Allow is selected, and click Create.
4. Specify the anti-virus pre-defined named expressions and add the McAfee Anti-Virus
expression to the policy and then create the policy. Complete the virtual server configuration.
a. Select Anti-Virus from the Named Expressions menu, click Mcafee Antivirus, and click
Add Expression.
b. Click Create and click OK to exit the Access Gateway virtual server configuration window.

Testing the Pre-Authentication Policy
2. Access the Access Gateway site at https://ag.cch.local. Allow the endpoint analysis software to
scan the system.
a. Start Internet Explorer, navigate to https://ag.cch.local, and click OK.
The Access Gateway Endpoint Analysis tool automatically launches.
b. Click Yes to run the scan.
3. Verify that access is denied to log on to the Access Gateway.
5. Use the NetScaler interface to access the ica_proxy_server Access Gateway virtual server and
the pre-authentication policies.
a. Expand the Access Gateway node and click the Virtual Servers node.
b. Double-click ica_proxy_server.
c. Click Policies and click Pre-authentication.
6. Unbind the policy and close the virtual server configuration window.
a. Click the Mcafee Anti-Virus Check policy and click Unbind Policy.
b. Click OK to close the window.
7. Close all open windows, saving the NetScaler settings.

Exercise 8-4: Encrypting XML Traffic With
SSL Relay
Scenario
The Citrix Engineer is looking into several ways of encrypting XenApp-related traffic. Even though
communications are internal, the XML traffic contains the logon information of employees. The
Engineer wants to look into the feasibility of implementing SSL Relay to encrypt this important
data.
Because the XenApp farm is starting to get more use, he wants you to test the setup of SSL Relay
using one of the Web Interface servers so that regular farm use is not interrupted.
Creating an SSL Relay Certificate Template

2. Access the Certificate Authority console and manage the certificate templates.
a. Click Start > Administrative Tools > Certification Authority and expand the cch-DC-
CA node.
b. Right-click Certificate Templates and click Manage.
3. Duplicate the Web Server template as a Windows Server 2003 Enterprise template. Rename the
display name and template name as "SSL Relay". Allow the private key to be exported.
a. Right-click the Web Server template and click Duplicate Template.
b. Verify that Windows Server 2003 Enterprise is selected and click OK.
c. Type SSL Relay in the Template display name field.
d. Click the Request Handling tab and select Allow private key to be exported.
e. Click Apply and click OK.
f. Close the Certificate Templates console.
4. Issue the SSL Relay certificate template.
a. Right-click the Certificate Templates node and click New > Certificate Template to
Issue.
b. Click SSL Relay and click OK.
5. Close the Certification Authority console.

Creating and Exporting an SSL Relay Certificate From
Template
2. Access the certificate server at http://dc.cch.local/certsrv and submit a new advanced certificate
request.
a. Start Internet Explorer and navigate to http://dc.cch.local/certsrv.
b. Click Request a certificate and click Advanced Certificate Request.
c. Click Create and submit a request to this CA and click Yes at the Web Access
Confirmation warning screen.
3. Use the SSL Relay certificate template and enter the following identifying information:
• Name: xac-1.cch.local
• E-Mail: citrixadmin@cch.local
• Company: Coolidge Consolidated Holdings, Ltd.
• Department: IT
• State: California
• Country: US
a. Select SSL Relay from the Certificate Template menu.
b. Complete the Identifying Information fields using the information provided.
4. Add the friendly name "xac-1" and submit the request. Install the certificate and close all open
windows.
a. Type xac-1 in the Friendly Name field.
b. Click Submit and then click Yes.
After a few moments, the certificate is issued.
c. Click Install this certificate.
d. Close all open windows.
5. Use an MMC console and add the certificate snap-in for my user account.
a. Click Start, type mmc.exe in the search bar, and press Enter.
b. Click File > Add/Remove Snap-in.
c. Click Certificates and click Add.
d. Select My user account and click Finish.
e. Click OK.
6. Access the personal certificates and begin exporting the xac-1.cch.local certificate.
a. Expand the Certificates - Current User > Personal nodes and click Certificates.
b. Right-click xac-1.cch-local and click All Tasks > Export.

c. Click Next.
7. Specify to export the private key, use the default export file format, and use the password
"Password1".
a. Select Yes, export the private key and click Next.
b. Click Next to accept the default Export File Format.
c. Type Password1 in the Password and Confirm Password fields and click Next.
8. Specify to export a file called "xac-1" and save it in the \\dc\filer\certs folder. Finish
the wizard using the default values.
a. Click Browse and navigate to \\dc\filer\certs.
b. Type xac-1 in the File name field and click Save
c. Click Next, click Finish, and click OK.
Configuring SSL Relay

1. Within the MMC console, add the Certificates snap-in for the computer account on the local
computer.
a. Click File > Add/Remove Snap-in, click Certificates, and click Add.
b. Select Computer account and click Next.
c. Click Finish and click OK.
2. Begin importing a certificate in the local computer personal certificate store.
a. Expand the Certificates (Local Computer) node.
b. Right-click Personal and click All Tasks > Import.
c. Click Next.
3. Import the xac-1 certificate from \\dc\filer\Certs folder. Use "Password1" for the
password and ensure that the key is marked as exportable. Finish the import wizard using the
default settings.
a. Click Browse and navigate to \\dc\filer\Certs.
b. Select All Files (*.*), double-click the XAC-1 certificate file, and click Next.
c. Type Password1 in the Password field, select Mark this key as exportable, and click
Next.
d. Click Next and click Finish.
e. Click OK to confirm the import.
4. Close all open windows; do not save the MMC snap-in.
5. Use the Citrix SSL Relay Configuration Tool to enable SSL relay using the xac-1.cch.local
certificate.
a. Click Start > Administration Tools > Citrix > Administration Tools > Citrix SSL Relay
Configuration Tool.

b. Click OK and select Enable SSL relay.
c. Click xac-1.cch.local in the Server Certificate menu.
6. View the connection settings and delete the IP address server name. Ensure that only a single
server name, xac-1.cch.local, is listed to use ports 1494 and 80.
a. Click the Connection tab.
b. Click the IP address from the Server Name column and click Delete.
c. Click OK and then click OK to verify the changes.
7. Close the Citrix SSL Relay Configuration Tool and restart the XenAppController-1 virtual
machine.
Updating Web Interface to Use SSL Relay

2. Use the Services console to start the World Wide Web Publishing Service.
b. Right-click World Wide Web Publishing Service and click Start.
3. Use the Citrix Web Interface Management console to edit the farm settings of the "XenApp"
XenApp Web site.
Management.
b. Click the XenApp Web Sites node, click XenApp, and click Server Farms.
4. Replace the xmlbrokers.cch.local server with the server xac-1.cch.local.
a. Click the CCH server and click Edit.
b. Click xmlbrokers.cch.local and click Remove.
c. Click Add, type xac-1.cch.local in the Server name field, and click OK.
5. Set the transport type for SSL Relay and complete the configuration.
a. Select SSL Relay from the Transport type menu.
b. Click OK to close the Add Farm screen and click OK to close the Manage Server Farms
dialog box.
Verifying the SSL Relay Settings


2. Use the netstat utility at a command prompt to verify that the XTE.exe process is listening on
0.0.0.0:443.
a. Start the command prompt, type netstat -nab, and press Enter.
b. Verify that local address 0.0.0.0:443 has a LISTENING state and is in use by the XTE.exe
process.
4. Access and log on to the http://wis-1.cch.local using the CCH\CitrixAdmin credentials.
Because you were able to log on successfully and view the user's Application list, then SSL
Relay has been configured correctly.

Module 9
Monitoring XenApp with

Standard Utilities
Exercise 9-1: Using Desktop Director to View
Session Data
Scenario
Eventually the Help Desk team will be taking over day-to-day tier-1 support for the XenApp farm.
They will be using the Desktop Director tool in order to monitor session and farm data and
perform basic troubleshooting. In advance of this hand off to Help Desk, you want to familiarize
yourself with the Desktop Director tool.
Installing Desktop Director

Use the WebInterfaceServer-1 virtual machines logged in as the CCH\CitrixAdmin user for this
task.
2. Access the XenApp 6.5 additional components disk and launch the DesktopDirector installer.
a. Navigate to D:\Desktop Director.
b. Double-click InstallDesktopDirector.
3. Accept the license agreement, install the software, and install the application using the default
values.
a. Click I accept the terms and conditions and click Next.
b. Ensure that Desktop Director is selected and that the address of the XenDesktop
Controller field is blank.
c. Click Next and click Yes.
d. Click Install.
e. Click Close when the installation is completed.
4. Use the Internet Information Services (IIS) Manager to access the Desktop Director site.
a. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
b. Expand the WIS-1 (CCH\citrixadmin) > Sites > Default Web Site nodes.
c. Click Desktop Director.
5. Add a new settings to the Applications settings called Service.AutoDiscoveryAddressesXA with
the value xac-1.cch.local. Close the Internet Information Services (IIS) Manager.
a. Double-click Application Settings.
b. Click Add.
c. Type Service.AutoDiscoveryAddressesXA in the Name field.
© Copyright 2011 Citrix Systems, Inc. Module 9: Monitoring XenApp with Standard Utilities 135
d. Type xac-1.cch.local in the Value field and click OK.
e. Close the Internet Information Services (IIS) Manager
7. Use the winrm command to enable it using a quick configuration of Windows Remote
Management service.
b. Type winrm quickconfig and press Enter.
c. Type y to perform the action when prompted and press Enter.
d. Close Command Prompt.
8. Repeat the previous step using the XenAppController-2 and XenAppWorker virtual machines.
10. Use Internet Explorer to navigate to http://wis-1.cch.local/DesktopDirector and log on as the
CCH\CitrixAdmin user.
b. Navigate to http://wis-1.cch.local/DesktopDirector.
It will take a few moments for the Desktop Director log on page to appear.
c. Log on using the CCH\CitrixAdmin credentials.
Viewing Session Data

Use the EndUserSimulator virtual machine logged in as the CCH\TestUser user for this task.
1. Switch to the EndUserSimulator virtual machine, log off of the current user and log on as the
CCH\TestUser user.
2. Log on to Citrix Receiver as the CCH\TestUser and launch Notepad.
a. Log on using the CCH\TestUser credentials.
b. Click Start > All Programs > Notepad to launch the Notepad application.
4. Use Desktop Director to view the sessions for the TestUser user. View all of the different
session details available.
a. Type TestUser in the Search for users field in Desktop Director and press Enter.
b. View the different session details available including latency, profile path, Receiver type
and version, profile load time, and group policies applied.
5. View the server details and the CPU/Memory/Network activity.
6. Rearrange the page layout to minimize the HDX information and put the Activity field into
the right column.
136 Module 9: Monitoring XenApp with Standard Utilities © Copyright 2011 Citrix Systems, Inc.
a. Click on the header of the HDX section to minimize that field.
b. Drag the Activity section to the right column.
7. Send a message to the TestUser's session indicating that the user will be logged off soon.
a. Click Send Message.
b. Type You will be disconnected soon! and click Send.
8. Switch to the EndUserSimulator virtual machine, acknowledge the message, and switch back to
the XenAppController-1 virtual machine.
9. Disconnect the TestUser session and verify that the session now indicates disconnected.
a. Click Session Control and click Disconnect.
b. Verify that the CCH\TestUser session now indicates that it is disconnected.
10. Log off of Desktop Director and close all open windows.
Exercise 9-2: Monitoring XenApp using
Performance Monitor
Scenario
The Citrix Engineer wants you to start performing some basic monitoring of the XenApp farm to
collect some preliminary data on memory and bandwidth on the performance hit of a single user
performing an average workload on a server.
To obtain this preliminary data, you decide to use Microsoft Performance Monitor to estimate the
single-user impact numbers.
Restricting Sessions to Use XenAppController-1

1. Use the Citrix AppCenter console to access the list of XenApp servers within the farm.
Citrix AppCenter.
b. Expand the Citrix Resources > XenApp > CCH > Servers node.
2. Access the Login Controls for the XAC-2 server and set it so that all logons and reconnections
are prohibited.
a. Right-click the XAC-2 server from the Servers node and click Other Tasks > Logon
control > Prohibit logons and reconnections.
3. Repeat the previous step for XAW-1.
4. Switch to the EndUserSimulator virtual machine, log off of the current user and log back on as
the CCH\CitrixAdmin user. Close the logon prompt without logging on, if prompted.
5. Use Citrix Receiver to change the Online plug-in server to http://webinterface.cch.local.
a. Right-click the Citrix Receiver icon in the notification area and click Preferences.
b. Click Plug-in status, right-click Online Plug-in, and click Change Server.
c. Type http://webinterface.cch.local and click Update.
6. Log on to Citrix Receiver using the CCH\CitrixAdmin credentials, and launch Notepad from
the Start menu. Type "Hello World!" in the Notepad document.
a. Log on to Citrix Receiver using the CCH\CitrixAdmin credentials.
b. Click Start > All Programs > Notepad.
c. Type Hello World! in the new notepad document.
8. Use the Citrix AppCenter console to view the connected users and verify that the CitrixAdmin
user is using Notepad on the XAC-1 server.
a. Click the Servers node in the Citrix AppCenter console.
b. Click the Users tab in the XAC-1 pane.
c. Verify that the Notepad application is running for the CitrixAdmin user.
Using Performance Monitor

1. Open the Performance Monitor console. Navigate to the Performance Monitor monitoring
tool.
a. Click Start > Administrative Tools > Performance Monitor.
b. Navigate to the Monitoring Tools > Performance Monitor node in the left pane.
2. Delete the default % Processor Time counter and navigate to the Add counter screen.
a. Click the Properties icon from the toolbar in the right pane.
b. Click \Processor Information(_Total)\%Processor Time from the Data tab and click
Remove.
c. Click Add.
3. Navigate to the ICA Session counters and add the "Input Session Bandwidth," "Latency -
Session Average," and "Output Session Bandwidth" counters.
a. Expand the ICA Session node.
b. Click Input Session Bandwidth and click Add.
c. Click Latency - Session Average and click Add.
d. Click Output Session Bandwidth and click Add.
4. Navigate to the Memory counters and add the "Available MBytes" and "Page Faults/sec"
counters. Close the Add Counter screen.
a. Expand the Memory node.
b. Click Available MBytes and click Add.
c. Click Page Faults/sec and click Add.
d. Click OK to close the Add Counters dialog box.
e. Click Apply and then click OK to close the Performance Monitors Properties dialog box.
5. View the real-time graph of the performance. Navigate to the Page faults/sec counter and view
the real-time updated numbers. Change the graph to Report view.
a. Click the Page faults/sec counter. View the real-time data specific to the selected counter.
b. Click the Change graph type icon arrow and click Report.
Many counters will not appear on the graph because their values are too high or too low
to be visible.
7. Open Notepad to transfer and view the Performance Monitor as the session is transferred from
the EndUserSimulator virtual machine. Adjust the windows so that Notepad is on top but
Performance Monitor can been seen in the background. Then manipulate Notepad and view
how the values change.
a. Click Notepad to open the application.
b. Bring Performance Monitor into focus and view how the numbers change as the session is
transferred.
Notice that the Notepad window says "Hello World!", which indicates that this is the same
session as previously used.
c. Adjust the windows so that Notepad is in the foreground and Performance Monitor in the
background.
d. Manipulate Notepad and watch how the numbers change on the Performance Monitor
screen.
8. Switch back to the Graph view and verify that there is activity in the ICA Session counters.
a. Click the Change graph type menu and click Line.
b. Verify that the ICA Session values reflect the recent activity.
9. Close Internet Explorer and Performance Monitor.
After viewing the bandwidth, latency, and memory counters on the server, you report to the Citrix
Engineer that ICA bandwidth does not seem to be a problem. However, due to the large amounts
of page faults and the low memory available on the servers you recommend that each XenApp
server be given additional memory before putting the farm into production.
Exercise 9-3: Monitoring XenApp Using
Command-Line Utilities
Scenario
The Citrix Engineer is very pleased with the recommendations you have given him. He wants some
more information about what kind of a load a single standard user would generate on the servers in
their current configuration.
To get this recommendation, you decide to use command utilities such as qfarm.
Using the QFarm Command

1. Use the command line to view the qfarm program's help information.
b. Type qfarm /help and press Enter. View the qfarm help options.
2. Use the qfarm command that ouputs all of the servers in the farm. Verify that all three of the
XenApp servers are visible and present.
a. Type qfarm /servers and press Enter.
b. Verify that XAC-1, XAC-2, and XAW-1 appear below Server Name.
3. Use the qfarm command that outputs all of the application server loads for each server.
a. Type qfarm /app and press Enter.
b. View the server load for each application and identify the corresponding host. An
application may appear more than once if it corresponds to a different server.
4. Use the qfarm command to view the load off each server in the farm. Notice that the server
load is only on the XAC-1 server and that XAC-2 and XAW-1 have prohibited logons.
a. Type qfarm /load and press Enter.
b. Verify that ProhibitLogons appears as the Logon Mode for the XAC-2 and XAW-1 servers.
5. Use Citrix AppCenter to disconnect the CitrixAdmin user's Notepad connection and view if
there are any results in the load of XAC-1 by using the qfarm command.
a. Click the Servers > XAC-1 node in the Citrix AppCenter console.
b. Click the Users tab, right-click the CitrixAdmin user running the Notepad application,
and click Disconnect.
c. Click Yes to confirm.
d. Type qfarm /load in the command line and press Enter.
e. Verify that the server load for XAC-1 did not change.
6. Use the Citrix AppCenter to completely reset the CitrixAdmin Notepad connection and view if
there are any results in the load of XAC-1 by using the qfarm command.
a. Right-click the CitrixAdmin user running the Notepad application in Citrix AppCenter
and click Reset.
c. Type qfarm /load in the command line and press Enter.
d. Verify that the server load for XAC-1 has been lowered significantly.
It may take a few moments for any results to register.
7. Switch to the EndUserSimulator virtual machine. Log out of the CitrixAdmin user and log back
on as the CCH\TestUser user.
8. Log on to Citrix Receiver using the CCH\TestUser credentials and open the XenApp Server
Desktop.
a. Log on using the CCH\TestUser credentials when the Citrix Receiver logon prompt
appears.
b. Click Start > All Programs > XenApp Server Desktop.
9. Within the XenApp Server Desktop open Paint, Wordpad, and Calculator.
a. Click Start > All Programs > Accessories > Paint within the XenApp Server Desktop.
b. Click Start > All Programs > Accessories > Wordpad within the XenApp Server Desktop.
c. Click Start > All Programs > Accessories > Calculator within the XenApp Server
Desktop.
11. Use the qfarm command to view changes to the XAC-1 server load.
a. Type qfarm /load in the command line for the XenAppController-1 virtual machine
and press Enter.
b. Verify that the server load for XAC-1 has increased.
12. Switch to the EndUserSimulator virtual machine and open the hosted Notepad application
from the Start menu.
13. Switch to the XenAppController-1 virtual machine and use the qfarm command to view
changes to the XAC-1 server load.
and press Enter.
b. Verify that the server load for XAC-1 has increased.
15. Close all applications in the XenApp Server Desktop and then log off of the Desktop. Close all
open windows and log off the virtual machine.
16. Switch to the XenAppController-1 virtual machine and use the qfarm command to view
changes to the XAC-1 server load.
and press Enter.
b. Verify that the server load for XAC-1 has decreased.
Restoring Logons to All XenApp Servers

1. Use Citrix AppCenter and set XAC-2 to allow logons and connections.
a. Right-click XAC-2 from the left pane of Citrix AppCenter and click Other Tasks > Logon
control > Allow logons and reconnections.
2. Repeat the previous step for XAW-1.
3. Use the qfarm command to verify that all servers now allow logons and then close the
command prompt.
a. Type qfarm /load at the command prompt and press Enter.
b. Verify that AllowLogons appears as the Logon Mode for all servers.
4. Close all open windows except Citrix AppCenter.
Module 10
Monitoring XenApp with

EdgeSight
Exercise 10-1: Viewing EdgeSight Historical
Data
Scenario
The new XenApp 6.5 environment has yet to go into production, but your team has allowed a few
select teams all over the company to begin testing the server with non-critical workloads. As such,
you now have some historical usage data from this time period that the Citrix Engineer wants to
use to help predict how users will be using XenApp resources.
The EdgeSight monitoring tool was installed earlier this week by another member of your team.
The Citrix Engineer wants you to view the historical data of the farm for the last seven days and
report back with an analysis of overall usage and also with specific usage for all XenApp programs.
Viewing Overall and Specific Category Usage Data

1. Use Internet Explorer on the XenAppController-1 virtual machine to navigate to
http://dc/edgesight. Log on to the site using the citrixadmin@cch.local/Password1 credentials.
2. Create and run a new process summary for dates spanning the last 7 days for all processes.
a. Click the Plan and Manage tab and click Process Summary.
b. Set the date to seven days prior to the current date for the Start field.
c. Set the date to the current date for the End field.
d. Verify that [All Processes] is selected in the Category menu.
e. Click Go.
3. View the displayed graph data and identify key data points.
4. Create and run a new process summary for dates spanning the last seven days on only XenApp
Programs.
a. Select XenApp Programs from the Category menu.
b. Click Go.
5. View the displayed graph data and identify key data points.
© Copyright 2011 Citrix Systems, Inc. Module 10: Monitoring XenApp with EdgeSight 147
Exercise 10-2: Viewing EdgeSight Real-Time
Data
Scenario
Since the farm has been opened for testing, you want to check how well it is doing with the
increase in traffic. You need to check the real-time data pertaining to logon times and see if there
are any farm alerts.
In addition, you want to set an EdgeSight alert and subscribe to some EdgeSight reports.
Measuring Session Logon Times

1. Use the User Troubleshooter to find the sessions for the CCH\TestUser user.
a. Click the Troubleshoot tab and click User Troubleshooter.
b. Type CCH\TestUser in the Enter a User field.
c. Click Find Sessions.
2. Set the credentials for the farm to use the CCH\CitrixAdmin user name and password.
a. Click the ... icon located in the Credentials column for the CCH farm.
b. Enter the credentials for the CCH\CitrixAdmin account.
c. Click OK and click Next.
3. Use the top result to view the session start details. Verify that the session startup duration is
only a few thousand milliseconds in duration.
a. Click the top result and click the Session Start Detail tab.
b. Verify that the session startup duration is only a few thousand milliseconds in duration.
4. Repeat the previous step using the next session results, if listed.
5. View some of the other information offered in other tabs throughout the User Troubleshooter
interface.
Monitoring With a Real-Time Dashboard

1. Access the Real-Time Dashboards and create a new Real-Time Configuration. Specify the name
"XenApp Basics" and create the configuration.
148 Module 10: Monitoring XenApp with EdgeSight © Copyright 2011 Citrix Systems, Inc.
a. Click the Configure tab and click Real-Time Dashboard from the Company
Configuration menu.
b. Click New Real Time Configuration.
c. Type XenApp Basics in the Configuration name field, accept all other default values,
and click Create the Configuration.
2. Access the existing devices from all departments and add XAC-1 and XAC-2 to the
configuration.
a. Click Go to search for all existing devices.
b. Double-click each of the devices listed in the Existing Devices list.
c. Click Next.
3. Add the following counters with their default thresholds and then finalize the configuration:
• % Total Processor Time
• % Committed Bytes in Use
• Page Faults per Second
• Average ICA Round Trip Time
• Peak ICA Round Trip Time
a. Select the % Total Processor Time, % Committed Bytes in Use, Page Faults per Second,
Average ICA Round Trip Time, and Peak ICA Round Trip Time counters.
b. Click Next and view the final configuration.
c. Click Finish.
4. View the Dashboard. Start the dashboard update and view the results.
a. Click the Monitor tab and click Dashboard from the Monitor menu.
b. Click Start Updating in the Dashboard pane.
It appears as though the "% Committed Bytes" counter is red, indicating that the
committed memory is over the set threshold of 40%.
Creating an EdgeSight E-mail Alert

1. Navigate to the alert action screen and create a new alert action that sends an e-mail
notification.
a. Click the Configure tab and click Alerts > Actions in the Company Configuration menu.
b. Click New Alert Action.
c. Select Send an email notification and click Next.
2. Specify "Email CitrixAdmin" as the action name. Specify to send the e-mail to
citrixadmin@cch.local with the subject "Major XenApp Issue."
© Copyright 2011 Citrix Systems, Inc. Module 10: Monitoring XenApp with EdgeSight 149
a. Type Email CitrixAdmin in the Name field.
b. Select citrixadmin@cch.local from the Existing Addresses menu.
c. Type Major XenApp Issue in the Subject field.
d. Click Next.
3. Verify the current settings and add the action to the CCH department. Assign the action to the
alert that indicates that the IMA service is unresponsive.
a. Verify the Alert Action Settings and click Next.
b. Click CCH and click Next.
c. Select Assign Actions to Alerts and click Next.
d. Select IMA Service is Unresponsive and click Next.
4. Use the Email CitrixAdmin alert action for this rule and finish the wizard.
a. Select Email CitrixAdmin and click Next.
b. Click Finish.
5. View the alert actions to verify that the action was created successfully.
a. Click Alerts > Actions in the Company Configuration menu.
b. Verify Email CitrixAdmin appears in the Alert Action list.
150 Module 10: Monitoring XenApp with EdgeSight © Copyright 2011 Citrix Systems, Inc.
851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA (954) 267 3000 www.citrix.com
Rheinweg 9 8200 Schaffhausen Switzerland +41 (0) 52 63577 00 www.citrix.com
© Copyright 2011 Citrix Systems, Inc. All rights reserved.

Citrix Advanced Troubleshooting PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Citrix Advanced Troubleshooting PDF

Hochgeladen von

Copyright:

Verfügbare Formate

Citrix XenApp 6.

Citrix Course CXA-301-1I

Module 2: Scaling the XenApp Environment ................................................. 39

Module 3: Creating Farm Redundancy ......................................................... 53

© Copyright 2011 Citrix Systems, Inc. 5

Module 4: Maintaining the XenApp Environment .......................................... 69

Module 5: Optimizing the XenApp Environment ............................................ 83

Module 6: Optimizing the User Environment ................................................. 91

6 © Copyright 2011 Citrix Systems, Inc.

Module 7: Optimizing Printing ..................................................................... 103

Module 8: Securing XenApp ....................................................................... 115

© Copyright 2011 Citrix Systems, Inc. 7

Module 10: Monitoring XenApp with EdgeSight ......................................... 145

8 © Copyright 2011 Citrix Systems, Inc.

Apache® Apache Micro Peripherals, Inc.

AutoCAD® Autodesk, Inc.

Mac® Apple, Inc.

Brother™ Brother Industries, Ltd.

Branch Repeater™, Citrix®, Citrix Access Citrix Systems, Inc.

Firefox® Mozilla Corporation

UNIX® The Open Group

Java®, JavaScript®, Oracle® Oracle Corporation

Pearson VUE® Pearson Education, Inc.

RC5™, RSA™ RSA Data Security, Inc.

Secure Computing®, SafeWord® Secure Computing Corporation

SecurID® Security Dynamics Technologies, Inc.

VMWare®, vSphere™ VMware, Inc.

Wireshark™ Wireshark Foundation, Inc.

Product Specialist: Andrew Garfield

Graphic Artist: Joshua Jack, Nathan Jackson

Manager: Mike Young

Editor: Kathryn Morris

Subject Matter Experts: Leo Asencio, Amit Baranwal, Fernando Barbitta,

Virtual Machine Role OS Hostname

EndUserSimulator A simulated user Windows 7 EUS

NetScaler A Netscaler virtual FreeBSD NS

Profiler-Win7 A virtual machine used Windows 7 P-W7

WebInterfaceServer-1 A Web Interface Windows Server 2008 WIS-1

WebInterfaceServer-2 A Web Interface Windows Server 2008 WIS-2

XenAppController-2 A full XenApp server, Windows Server 2008 XAC-2

XenAppWorker A XenApp server Windows Server 2008 XAW-1

Replicating the Issue with Citrix AppCenter

Fixing an IMA Service Issue

Fixing a Citrix AppCenter Permission Issue

Troubleshooting Web Site Issues

Though it was inaccessible, a XenApp web site does exist.

5. Switch to the WebInterfaceServer-1 virtual machine.

10. Attempt a single time to log on to Web Interface as the CCH\TestAdmin.

An error still appears indicating an incorrect username or password.

11. Close Internet Explorer.

Troubleshooting XML Service Issues

4. Edit the farm information to specify xac-1.cch.local as the server name.

7. Switch to the XenAppController-1 virtual machine.

Verifying the XML Service Fix

An error message appears in Web Interface. The application failed to launch.

Troubleshooting an Application Launch Failure

You find several errors from a MetaFrameEvents source.

3. View the first MetaFrameEvents error.

The load value of xac-1 is 10000, indicating a very high load.

The summary suggests that a Load Evaluator is specified.

7. Remove the load evaluator and close all open windows.

12. Close all open windows.

The service seems to be running normally. It may be a networking issue.