Wednesday, August 28, 2013

Browser Market Share Changing Over Time


Firstly I don't run an analytics company but I found one on the web ( and as a part of planning which browsers should be tested for a terminal services project I wanted to know the winners, losers and where IE6 still is.

Below are the last twelve months of browser change. Overall I will be testing on IE10. The others will all be tier 2 for business.


The big winners here are IE10 and losing out are IE8 and IE9. IE7 is still in slow decline, but what scares me is IE6 is static at 6% (Siebel use ActiveX controls). The total of IE releases is around 54%

Chrome with auto update is always the current release about 12% and the others falling away to a total 17%

Firefox is much the same around the 14% mark

Safari, Opera, Sleipnir, Maxthon, Comodo are ALL in the other 18% – here, have one






Saturday, August 24, 2013

Changing the Citrix Provisioning Server TFTP IP/NIC


If it works (it did not for me) there is a control panel applet…

C:\Program Files\Citrix\Provisioning Services\tftpcpl.cpl


And just make the change, easy (if it works)





If that did not work, do it via the registry.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards

Find the network card you want to use and copy the ‘ServiceName’ data

Export the key as you need one of the ‘ServiceName’


Change the data for "Adapter" with what you just copied

Restart the "Citrix PVS TFTP Service"

Check you got the right adaptor, if not try again…


To find what port is listening look for UDP:69

netstat -an -p udp | find ":69"


This is it working on a VM guest


You can test this by using the Windows TFTP client


tftp Computer.Name.or.IP GET ardbp32.bin ardbp32.bin


Thanks for the insight:


Monday, August 19, 2013

Citrix Printing, history and tips


Back in the days of old, Windows printer drivers are written in either ‘user mode’ (version 3 drivers) or ‘kernel mode’ (version 2 drivers). Because Windows NT, was sooooo…. slow Microsoft moved the print drivers to the kernel improve performance. I bet you can get what colour the screen when on NT4 when a print driver failed? As systems got fast the print drivers were moved out to user mode to protect the system and improve reliability.

From Windows Server 2008 and later, the operating system blocked the installations of kernel-mode print drivers. So in cases you can but if you can avoid it don't use kernel-mode drivers on a XenApp servers anymore, best spend some money on a new printer or move to the universal driver.

You can still us user-mode (Version 3) if they are supported on the platform (ie 32bit v 64bit).

If you are on an old system and you are upgrading check whether a driver that you have installed is user mode or kernel mode, do the following:

  1. Click Server Properties on the TS.
  2. Click the Drivers tab.
  3. Look at the Version column for a specific driver. Windows NT 4.0 = kernel-mode driver. Windows 2000, Windows XP and Windows Server 2003 = user-mode driver.

Universal Printer Driver (UPD)

The Citrix Universal Printer Driver or the Universal Print Server can support really old printers if they are still needed, so use this if you can?

In traditional Windows the XPS drivers outperforms EMF drivers, but not the Citrix Universal Printer Drivers. Also the output of print jobs using the EMF UPD will be started as soon as the first page has been transferred to the client, which is way better for the end user.



  1. Always render print jobs on the server

  2. Execute print drivers in isolated processes

  3. Point to Print Restrictions (set to localhost)

  4. Restrict Print Drivers From Being Installed on Servers Hosted on Windows Server 2008/R2

  5. Disallow RDP printers from being created via GPO

  6. How to Restrict Print Drivers from Being Installed on XenApp Servers
  7. Use the driver that came with the OS first, if there is none, look for a TS compatible driver, if there are none look for the Windows Cluster compatible and newest driver
  8. When you use 3rd party printer driver do not use any with print monitors (HP Master Monitor, Lexmark MarkVision, or a utility that is loaded in the Notification Area of the user’s Windows Desktop with many economy printers.)


Information for this came from here:

Friday, August 16, 2013

Citrix Receiver for Windows Phone 8

Receiver on Win Phone 8


IT’s real!

Citrix Receiver for Windows Phone 8 is in the Windows Phone Store today.

When used with the Citrix Mobility Pack, Receiver automatically displays the device keyboard when an editable field has the focus. And, the desktop session scrolls if needed to make the input area visible.

It works with Citrix XenApp 5 and up, XenDesktop 5.6 and up, StoreFront 1.2, 2.0, Web Interface 5.4, Access Gateway 9.3 and 10, as well as Netscaler Gateway 10.1.

Receiver for Windows Phone supports these features in an application session:

  • Pan and zoom gestures

App bar buttons to:

  • Hide or show the menu, where users can return to the Receiver home page or switch between running apps
  • Hide or show the keyboard
  • Send Ctrl+Alt+Delete
  • Toggle between panning/zooming and app scrolling

Gestures for mouse clicks:

  • Single tap for left-click and long press for right-click

Citrix Mobility Pack features:

  • The use of mobile device controls instead of native Windows controls such as combo boxes.
  • Automatic display of the device keyboard when an editable field has the focus. The desktop session scrolls if needed to make the input area visible.

Wednesday, August 14, 2013

XenCenter not showing performance stats?


I have four new XenServers (old v5.6 due to testing, but anyway). One of the four showed performance stats and the other three did now. After looking around the problem was all four had different time settings (specifically odd dates that were years out) and of course no NTP Setup.

To check this open the server console and use the ‘date’ command.

To fix this do the following:

  1. Set manually the date/time. on the XenServer console use: date –s “14 AUG 2013 08:27:00”
  2. Check to make sure your NTP is running and accessible: ping NTP.server.IP.Address
    1. ‘vi /etc/ntp.conf’
    2. Add NTP servers at the end of the file in the following format:
      server ntp.server.dns.domainname
    3. Restart the NTP service: ‘/etc/init.d/ntpd restart’
  3. Check your server ntpd process: ps –ef | grep ntpd
  4. Make sure that your AD DCs and your XenServers are using the same NTP Server (optional)
  5. Restart XenCenter and BAM!

If your uptime stats are wrong you need to reboot the affected XenServers.


Information came from these sources:

Citrix Web Interface, notes about


There should be nothing new here, this is just a collection of notes I had kept.


First, don't use the Web Interface, use the Storefront v2. But if you are a laggard continue reading.


Web Interface (WI), uses Java and .NET to dynamically generates a list of resources available to users. Most settings are configured via the configuration console and under the covers in the file ‘WebInterface.conf’.

The WebInterface.conf file allows you to change many of the Web Interface properties.

  • Location Windows: \InetPub\WWWRoot\Citrix\XenApp\Conf\WebInterface.conf
  • Location NetScaler: /var/wi/tomcat/webapps/Citrix/XenApp/WEB-INF/WebInterface.conf

Changes made directly to the file can be overwritten by configurations made in the Web Interface Management console.


Web Interface Repair

The IIS site and the Web Interface installation can be repaired. It may be necessary to repair or reinstall the site using the Web Interface Repair option.

Always back up any custom scripts and the WebInterface.conf file before repairing.

  • If you reinstall Web Interface, any pre-existing scripts and the WebInterface.conf file will not be replaced

Repair the installation if files were mistakenly deleted, renamed, or corrupted.

  • Repair a Web Interface installation from the Windows control panel

Repair the site to address any configuration issues specific to the site or corruption.

  • If you repair a site, pre-existing scripts and the WebInterface.conf file will be replaced
  • After making a backup of scripts and the configuration file, repair a site using the Site Maintenance > Repair Site task in the Web Interface management console.

NTFS Permissions for Pass-Through Authentication

  • After windows authentication, IIS impersonates the current user account when accessing files on the web server hard drive. This requires the users’ domain account has at least Read permission on all scripts beneath the web server document root directory
  • Restricting NTFS permissions on the files beneath WWWRoot to allow access only by administrators or the IIS_IUSRS account will disable non-administrator users from being able to view Web Interface pages. In these cases, users are forbidden or cannot access Web Interface or the applications. To correct this issue, ensure that in addition to the IIS_IUSRS account, all users who will access the Web Interface have NTFS read permissions on all files beneath WWWRoot\Citrix on the web server.

Receiver Detection Redirection Error

Web Interface can  detect if a Receiver is not installed or the Receiver on a user device is not current. A download wizard allows users to download and install the latest Receiver.

Under certain circumstances, users may find that the wizard redirects them to instead of downloading a Receiver installer.

For example, the installer file for the Citrix Receiver should be copied to the %ProgramFiles(x86)%\Citrix\Web Interface\5.x.x\Clients directory.

Web Interface should detect the presence of the Receiver installer automatically; however, if the site is still redirecting users to, restart the web server.

If Prohibit User Installs is enabled in the Windows Installer option in the console tree of the Group Policy Management Console, users will not be able to install a plug-in on their user devices.

Internet Explorer 9 is known to exhibit issues when used together with some Citrix products. For example, users commonly report that published applications fail to open from Web Interface in Internet Explorer 9. For additional information, including troubleshooting tips and workarounds, see Citrix article CTX129444.

Tuesday, August 06, 2013

Active Directory and XenDesktop


When you install the Virtual Desktop Agent (VDA) on a VDI computer, you can use Active Directory or the local computer Registry to find Desktop Controllers (DDCs). If you have multiple domain the VDI computers and the DDCs need to be in a common domain (or in a trusted AD domain).

To use AD an Organisational Unit (OU) is created and contains the DDCs for the site.  You can create the OU in the installation or if you create the OU manually run the PowerShell script called Set-ADControllerDiscovery.ps1

XenDesktop creates the following objects:

  • A Controllers security group (all controllers in the site must be in this group)
  • The DDCs must have the 'Access this computer from the network' permission so give the DDCs security group this privilege
  • A container called RegistrationServices is created in the OU for the each XenDesktop site. This contains one SCP object for each controller in the site
  • A Service Connection Point (SCP) object contains the information about the XenDesktop site
  • The SCP is created when the Set-ADControllerDiscovery.ps1 script is run. Each time the controller starts, it validates the contents of its SCP and updates them if necessary

Administrators of XenDesktop require permissions to create and delete children on the RegistrationServices container and to set properties on the Controllers security group.  These permissions are granted automatically by running the Set-ADControllerDiscovery.ps1 script as the new administrator.

Information is updated in Active Directory when the following happen:

  • Installing XenDesktop
  • Uninstalling XenDesktop
  • When a DDC starts
  • When a DDC update the information in its SCP
  • Or when Set-ADControllerDiscovery.ps1 is run

Thursday, August 01, 2013

Troubleshooting XenDesktop 5 Registration


The Desktop State column in the Desktop Controller provides information about the registration state of the desktop machine; values of Not Registered or Pending indicate that registration has not successfully completed.


Let me start with this, IT IS THE FIREWALL ! Client and Server, via the GPO !


Virtual Desktop Firewall

  • Registration fails if the firewall on the Virtual Desktop Machine has not had the appropriate exclusions configured to enable DDC’s communication.
  • Follow CTX116843 to fix this


Ok, if you made it this far it is more complicated. Start through this list:

Domain Name Services (DNS)

  • use ‘ping <>’ from each other to ensure resolution works

Time Synchronisation not Properly Configured

  • Ensure time is within 3 minutes – Setup NTP on the Hypervisor platform, the Domain Controllers if not already (or the clients if they dont get it from a DC)

XenDesktop VDA Registry Key

  • Verify that the following registry key exists and has correct information:
    (x86) HKEY_Local_Machine\Software\Citrix\VirtualDesktopAgent
    (x64) HKEY_Local_Machine \Software\Wow6432Node\Citrix\VirtualDesktopAgent
    • ‘ListOfDDCs’ REG String
    • ‘NameOfDDC’


Service Principal Names (SPNs)

  • The DDC determines the virtual desktop’s SPN by inspecting the servicePrincipalName attribute of the associated computer account in Active Directory. You can inspect the virtual desktop’s computer account using tools such as AD USers and Computers (attribute editor). If the servicePrincipalName attribute does not include an entry with the computer’s FQDN, editing it manually and check to see if that fixes registration problems.



Domain Membership Problems

  • Removing the machines in question from their domains and re-join them to the domains.

Multiple Network Adapters

  • If the virtual desktops contain multiple network adapters that can be used to communicate with the DDC, this might cause the security negotiation to fail. In that case, try disabling all network adapters except for the one used to communicate with the DDC.

Local Security Policy Settings

  • In case of some images, an overly restrictive security policy settings might prevent the VDA from registering.



User XDPing, ugly but helpful.



Local Machine::

  NetBIOS Name = OEH7004
  OS Version   = Microsoft Windows NT 6.1.7601 Service Pack 1
  Platform     = X64 Platform

  Computer Domain:
    Role       = Member Workstation
    Membership = Verified, SID:S-1-5-21-2723282484-2951877577-328923344-98806 [OK]


  User Name      = bennetsx
  User Domain    = DEC
  Authentication = Kerberos [OK]
     COLVIN\Domain Users
     NT AUTHORITY\Authenticated Users
     NT AUTHORITY\This Organization
Unable to translate group name from SPID  S-1-18-1
     COLVIN\Allowed RODC Password Replication Group

Local Machine Time::

  UTC   = 1/08/2013 12:32:54 AM
  Local = 1/08/2013 10:32:54 AM (AUS Eastern Standard Time)
  DST   = No
  NtpServer =,0x9

Domain Controller(s) Time::

Date/Time from : 1/08/2013 10:32:54 AM : Time difference (mins): 0 [OK]

Network Interfaces::

  NIC #0 "Local Area Connection":
    Network      = Ethernet, 2Gb/s, Up
    MAC          = DC:9F:E4:DF:14:6C
    DNS suffix   =
    DNS servers  =
    WINS servers =
    Gateways     =
    DHCP server  =
    Address #0   =, Preferred, Origin=Dhcp/OriginDhcp
           Lease = 694799/689961/689961

WCF Endpoints: WorkstationAgent::
C:\Program Files\Citrix\Virtual Desktop Agent\WorkstationAgent.exe
Version Number :

XenDesktop version 5
    Ping Service: /Citrix/VirtualDesktopAgent/ILaunch
      Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
      Service = Listening [OK]
    Ping Service: /Citrix/VirtualDesktopAgent/IDynamicDataQuery
      Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
      Service = Listening [OK]
    Ping Service: /Citrix/VirtualDesktopAgent/IConfiguration
      Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
      Service = Listening [OK]
    Ping Service: /Citrix/VirtualDesktopAgent/ISessionManager
      Connect = Tcp to ::1:80 via ::1 ("Loopback Pseudo-Interface 1") [OK]
      Service = Listening [OK]
Endpoint -> not Tested - net.pipe://localhost/CitrixIStackManagerEndPoint
Endpoint -> not Tested - net.pipe://localhost/Citrix/HDXConnect

Workstation Services::

  Service  : WorkstationAgent ("Citrix Desktop Service")
    Status = Win32OwnProcess, Running [OK]
    Prereq =
      LanmanServer (Win32ShareProcess), Running
      PorticaService (Win32OwnProcess), Running
      LanmanWorkstation (Win32ShareProcess), Running

  Service  : PorticaService ("Citrix ICA Service")
    Status = Win32OwnProcess, Running [OK]
    Prereq =
      picapar (FileSystemDriver), Running
      picakbm (KernelDriver), Running
      picadm (FileSystemDriver), Running
      dhcp (Win32ShareProcess), Running
      picaser (FileSystemDriver), Running
      picadd (KernelDriver), Running
      rpcss (Win32ShareProcess), Running

  Service  : Citrix CGP Server Service ("Citrix CGP Server Service")
    Status = Win32OwnProcess, Running [OK]

  Service  : Citrix Encryption Service ("Citrix Encryption Service")
    Status = Win32OwnProcess, Running [OK]
    Prereq =
      Winmgmt (Win32ShareProcess), Running

  Service  : cpsvc ("Citrix Print Manager Service")
    Status = Win32OwnProcess, Running [OK]
    Prereq =
      Spooler (Win32OwnProcess, InteractiveProcess), Running
      PorticaService (Win32OwnProcess), Running
      RpcSs (Win32ShareProcess), Running

DNS Lookups for Local Machine::

  Host Name  :
  Address #0 = (rDNS: [OK]

Client Details::
   (Session ID) (Status)    (Name)   (Client IP Address):
       1        WFActive   Console

   Estimated Latency:           6
   Estimated Bandwidth:         36.35 Mbps
   Estimated Network Condition: LAN_CONDITIONS
   Session Reliability:         True

Event Log Check::
  No importent XenDesktop events detected in the last hour.

Windows Firewall Settings::

Status : Disabled

Current Profile name : Domain
XenDesktop Farm::

  Farm GUID (GPO)   : Not Set
  Farm GUID (local) : NOT SET
  Farm GUID In Use  : NOT SET
Registry Based Configurations::

Registry based Controller list (ListOfDDCs) : [Configured]
   Controller :
Controllers (manually specified)::

    DNS Lookup(
      Host Name  =
      Address #0 = (rDNS: [OK]
    Ping Service: /Citrix/CdsController/IRegistrar
      Connect = Tcp to via ("Local Area Connection") [OK]
      Service = Listening [OK]

  ListOfDDC is set in the registry to enurmerate DDC list [OK]


    Checking version : You are using the latest version. [OK]
    Unable to translate group name from SPID  S-1-18-1 [WARNING]

Number of messages reported = 2






This information in this comes from here:

Blog Archive