Access

CTX-Blog

powered by Ecki's Place

August 26, 2013

Office 2013 on Server 2012 (Windows Installer Loop)

Not long ago I was asked to install a new XenDesktop 7.0 RDS host. Office 2013 should run on this system also. An easy one was my first thought and I went to work. After installing Server 2012, Office 2013 and all the needed Windows Updates (more than 3GB, incredible) I discovered an unpleasant surprise. With every start of Outlook, a Windows Installer window popped up, telling me that Office would now be configured. After that, Outlook worked fine without errors but the Windows Installer popped up again and again with every start of Outlook :-(

The Windows Event Log didn’t really help much because it only showed some informational messages of the Windows Installer but no error messages, see the following screen-shot:

Outlook2013_Windows_Installer_Eventviewer

An Office repair didn’t help as was the case with several other “rescue attempts” with registry keys mentioned in an article about Office 2010 problems: Office-2010-Professional-Plus-configures-each-time-i-launch-fixed. Even a brand new installed system showed the same symptoms.

After a long search on the Internet I stumbled upon the following thread that helped me to solve the problem: Outlook-2013-starts-configuration-every-time

Outlook 2013 on Server 2012 needs the Windows Search service to finalize its setup. If this service is not installed, which is the default for RDS, then Outlook tries at every start to “fix” the problem. After installing the Windows Search service feature and setting it to “disabled” in the Services manager, the Windows Installer pop-ups disappeared :-)

Regards
Ecki

March 8, 2013

IE 10 + Access Gateway Enterprise Logon Screen Issue

People who already use IE 10 will have probably seen this phenomenon while connecting to an Access Gateway Enterprise site. The browser window remains empty after connecting to the AGEE URL. The logon prompt is only visible after switching to compatibility mode. A similar problem has been described on this site a few years ago, s. AAC und IE 8.0

The solution is similar but the files are different.

With Access Gateway Enterprise the file “/netscaler/ns_gui/vpn/index.html” has to be changed according to the following listing (red/bold line added):

<HTML><HEAD><TITLE>Citrix Access Gateway</TITLE>
<link rel="SHORTCUT ICON" href="/vpn/images/AccessGateway.ico" type="image/vnd.microsoft.icon">
<META http-equiv="X-UA-Compatible" content="IE=EmulateIE9" />
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META content=noindex,nofollow,noarchive name=robots>
<LINK href="/vpn/images/caxtonstyle.css" type=text/css rel=STYLESHEET>
<script type="text/javascript" src="/vpn/resources.js"></script>
<script type="text/javascript" language="javascript">
var Resources = new ResourceManager("resources/{lang}", "logon");
</script>

If the fix is working (! close the browser and reopen it !), don’t forget to make this change persistent since the Access Gateway Enterprise “forgets” all the modifications during a reboot! The following Citrix KB article describes, how to make changes survive a reboot: How to Retain the Custom Settings made to the NetScaler Appliance after it is Restarted

Regards
Ecki

October 17, 2010

Missing XML file for Offline-Plugin 6.0.1 for Merchandising Server

If you are already working with Merchandising Server, you will probably know this problem.

Citrix provides an update for his Offline –Plugin that eliminates 45 bugs. The update 6.0.1 is available as regular download since many weeks now but if you try to find the update on your Merchandising Server you won’t find it. Even a manual rescan of the available plugins doesn’t help :-(

The reason is a missing XML file, which Merchandising Server needs to control the installation and configuration of the plugins. Apparently Citrix won’t make this XML file available to the public, see Citrix Blog: App Streaming-6.0.1 LCM Update

I have therefore taken the time to have a look at the following resources:

Citrix-TV
Citrix eDocs
Metadata Reference

and finally created my own XML file.

To save your time, I will provide you with the XML file needed here: XenAppStreamingMetaData.xml

On the Merchandising Server it is now possible to upload the actual Offline-Plugin together with the new XML file. After that step you can deploy the update through standard deliveries as usual.

Why Citrix doesn’t provide this file itself is a miracle to me. In fact this behavior doesn’t help to convince people to use Merchandising Server. I hope Citrix is rethinking the way they provide updates to Merchandising Server in the future…

Regards
Ecki

July 11, 2010

32bit icon option missing from the XenApp farm properties

I recently stumbled uppon a really weired problem with 32bit icon support in XenApp. Under certain circumstances the AMC won’t show the option for 32bit icon support in the farm properties even if all prerequisites are perfectly met. We found out the reason for that behaviour only by accident.

The problem can be seen with all versions of Presentation Server 4.5 and XenApp 5.0 for w2k3 as well as for w2k8.

If the problem hits you, the farm properties won’t show the option for 32bit icon support, but there will only be a blank space :-(

No 32bit icon support in the AMC

The reason for this odd behaviour can be found in the configuration of the farm-discovery. I sometimes use LOCALHOST as the hostname for discovery. This is helpful in situations where you have roaming profiles and IIS is not installed on the XenApp servers.

But if you configure discovery that way there will be no 32bit icon option in the AMC.

Configured with LOCALHOST

If you change the discovery option back to the local server

Konfiguriert mit "Local Server"

the missing option reappeares again.

32bit icon support available

You can toggle that behaviour as you like. Admittedly this is not a common problem but it is odd and if you happen to see it, you will be warned…

Regards
Ecki

May 4, 2010

Homedrive fails silently to mount at logon (Vista/Windows 7)

After the update to Vista/Windows 7, mapping of the UserHome drive fails silently at logon. All other drive mappings made by a logon script are successful. This happens always if the UserHome is mapped through the AD user-object. UserHome mapping configured by GPO is not affected. There are no error messages logged and it is hard to find a reason for this behavior :-(

Disabling UAC helps, but should not be the final solution, since it opens up many security holes.

Not really a Citrix problem but annoying if you happen to stumble upon it. Since it took me some time to find a solution, i thought it might be a good idea to post it here.

The following registry key allows again for a successful UserHome mapping:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
“EnableLinkedConnections”=dword:00000001

The original solution has been posted here.

Regards
Ecki

July 2, 2009

Laptop and XenServer with GNOME on USB disk

Wouldn’t it be nice to have your XenServer environment allways with you on a USB disk ?

Wouldn’t it be nice, if this USB disk would function with your own notebook ?

And that you don’t need a second machine to run XenCenter on it ?

That this is possible and how to achieve this, is documented in my last tutorial. In this tutorial we will install XenServer on a USB harddisk attached to a laptop, then install X server and GNOME on this disk and then run an RDP session to a VM running on the XenServer and providing us with XenCenter.

A “demo in a box” :-)

The tutorial can be downloaded here: “XenServer_and_Gnome_on_your_USB_disk_EN.pdf”
For the moment, this tutorial is availabel only in German, but i will upload an english version soon, so stay tuned…
The english version is now available too…

Regards
Ecki

March 24, 2009

AAC and IE 8.0

Some days ago, Microsoft officialy released IE 8.0. Since IE 8.0 will be available trough Windows Update soon, more and more users will hit existing AAC deployments with this browser. Unfortunately this is not working as expected. This is, how an AAC portal page looks like in IE 8.0 with default settings:

Portal
OWA

The layout is crushed, links are missing and OWA is nearly unusable :-(

A small change in the file C:\Inetpub\wwwroot\CitrixSessionInit\NUI.aspx solves the display issue by forcing IE 8.0 into IE 7.0 compatibility mode.

It is sufficient to add the following line in the header of the NUI.aspx file:

<meta http-equiv=”X-UA-Compatible” content=”IE=EmulateIE7″ />

Your header might look like this after the change:

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Citrix Access Gateway</title>
<meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" />
<meta name="GENERATOR" content="Microsoft Visual Studio .NET 7.1" />
<meta name="CODE_LANGUAGE" content="C#" />
<meta name="vs_defaultClientScript" content="JavaScript" />
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5" />
<link rel="SHORTCUT ICON" href="themes/default/images/favicon.ico" type="image/vnd.microsoft.icon" />
<base id="baseElement" href="" runat="server" />
<link id="cssElement" rel="stylesheet" href="" runat="server" />
<!--[if IE]>
<style type="text/css">

Immediately your portal is rendered again as it should be :-)

Portal
OWA

This is not a final solution for the problem, but until Citrix releases a fix for this issue it will do…

Regards
Ecki

October 21, 2008

Smart Card Single Sign On with PNAgent

All available documentation regarding “Single Sign On” or “Credential pass-through” with Smart Card and Citrix clients is limited to the Program Neighborhood client only, as can be seen exemplarily at Brianmadden . I don’t use this client in customer projects for a couple of years now but use the PNAgent or the Web client instead.

With these clients, a pass-through of the Smart Card PIN didn’t work, because they do not read their settings from the APPSRV.INI, which would allow for the neccessary settings.

Since client version 10.0, an Active Directory Group Policy Template can be found in every client installation directory, named “icaclient.adm”. All clients, starting with 10.0 now read the policy settings first and make use of the APPSRV.INI only in case, no policy is defined. This new feature allows now for a “Single Sign On” with SmartCard and PNAgent.

Here is, what you need to do, to get it up and running:

1. On the Presentation Server /XenApp Server

  • Confirm proper operation by logging in to a full desktop on the Citrix server. Insert a Smart Card and it should begin reading it. Enable “Trust requests sent to the XML Service”. This is necessary if using smart card pass through logon.

2. On the Web Interface Server

  • SSL must be configured and active (a web server certificate has to be installed) and the “Directory Service Mapping” has to be activated. This option can be found in the IIS Manager below the properties of the “Web Sites” folder:
  • Web Sites propertiesDirectory Service Mapper

  • The Web Interface site itself must now be configured. Open the Citrix Access Suite Management Console on the Web Interface server and run discovery if necessary to find the Web Interface site you wish to work with.
    Under “Configure Authentication” select “Smart Card with Passthrough”.

3. Registry

  • Check HKLM\System\CurrentControlSet\Control\TerminalServer\WinStations\ICA-tcp the value for “UseDefaultGina” should be 0 (1 disables the CtxGina).

4. Active Directory Policy

  • Import the ADM template into a Policy
  • Go to the “User Configuration” of the policy, leave the Computer part set to “not configured”. The following settings have to be enabled:
  • Citrix Policy

  • <PolicyName>\User Configuration\Administrative Templates\Citrix Components\Presentation Server Client\User Authentication\Smart Card Authentication has to be “Enabled” and “Allow Smart Card Authentication” and “Use pass-through authentication for PIN” have to be activated.
  • Leave everything else to “Not Configured”, provided that you are testing just Smart Card and PIN pass-through.

Now “Single Sign On” with Smart Card and PNAgent should work :D

Unfortunately these instructions only work for Windows XP and Server 2003. At the moment, no Citrix client, including 11.0, allows for PIN pass-through with Vista and 2008 Server :-(

Here are some more interesting links:

Regards
Ecki

July 29, 2008

Update – AAC tuning, part 4

I had to upgrade the document, because a customer wanted to set the color of the bar to a dark blue. The caption inside the bar could not be read anymore after this change, so we had to change the color of the caption to white. This way we got the contrast needed back. How to do that is added to the document now.

The howto is written in german. A translation into english is not available at the moment. Since the pdf utilizes a lot of pictures, you might be able to understand it anyway. As soon as i find the time, i will provide a translated version. Until then, you can download the german version here: AAC4_5_CustomizeLogonPoint_Rev1.1_DE.pdf

Regards
Ecki

July 12, 2008

AAC tuning, part 4

To adjust the look of an AAC LogonPoint at the CI of a company is not as easy as it is with a Citrix Web Interface deployment. In the following PDF i will show you a way to get there anyway.

The howto is written in german. A translation into english is not available at the moment. Since the pdf utilizes a lot of pictures, you might be able to understand it anyway. As soon as i find the time, i will provide a translated version. Until then, you can download the german version here: AAC4_5_CustomizeLogonPoint_Rev1.1_DE.pdf

This is, what your LogonPoint could look like after reading this document:
Angepasster LogonPoint - LoginAngepasster LogonPoint - Portal

Additional documentation about customizing an AAC LogonPoint can be found here:

  • Basic Customization of the Advanced Access Control 4.x Logon Point
  • How to Customize the Default View for Web Interface 4.6 When it is Embedded in Access Gateway Advanced Edition
  • And here you can find a currently very interesting article about AAC and FireFox 3.0:

  • Access Interface Appears Incorrectly with Firefox 3.0
  • Regards
    Ecki