When a Citrix Farm is created, by default, the data store is created on the first server using an Access database. From this article you will learn how to backup an Access data store and how to recover from the loss of an Access data store. This is possible ONLY if you have a backup of the data store. If there is no backup of the data store, the only way to recover is to rebuild the Farm from scratch.
For this article, VMware Workstation 6.5.1-126130 will be used with Windows Server 2008 Standard (x86) and Citrix XenApp for Windows Server 2008 Platinum (x86). The following Virtual Machines (VM) will be used:
CitrixDC has a file share named CTXBACKUP that will contain the data store backup. XenApp 5 for Windows Server 2008 was installed on CitrixXA1 and a new Farm named Webster was created. After restarting the VM, XenApp 5 for Windows Server 2008 was installed on CitrixXA2 and joined to the Webster Farm. Two applications were published: Notepad and Paint. Both applications are configured to run from both XenApp servers.
From a command prompt on CitrixXA1, the following command was run:
dsmaint backup \\CitrixDC\CTXBackup
The command "dsmaint backup" makes a copy of the MF20.mdb Access data store to the location specified. "dsmaint backup" is used only to backup an Access data store and must be run on the XenApp server hosting the Access data store. It cannot be used to backup a data store using MSDE, SQL Server 2005 Express, SQL Server, Oracle or DB2.
This article will use the concepts from Citrix support article CTX677542.
To simulate the loss of the Access data store, CitrixXA1 was powered off and CitrixXA2 was then restarted. This forced a break with the original data store.
When CixtrixXA2 restarted, there were two errors in the System Event Log.
Starting the Access Management Console (AMC) gave the following errors:
Double-clicking on each error gives more detail.
To recover from the loss of the data store, exit the AMC and start a Command Prompt session running as Administrator.
Type in cd\Program Files\Citrix\Independent Management Architecture and press Enter.
Note: A shortcut method is:
cd\pr* Enter
cd c* Enter
cd in* Enter
You command prompt should read C:\Program Files\Citrix\Independent Management Architecture>_
Copy your backup copy of the MF20.MDB data store file to this folder. For this article: copy \\CitrixDC\CTXBackup\mf20.mdb
Notice there is no MF20.DSN file. You will learn how to create the necessary DSN file.
Click Start -> Administrative Tools -> Data Sources (ODBC)
Click the File DSN Tab.
Change the Look in to C:\Program Files\Citrix\Independent Management Architecture.
Click the Add button.
Click on Microsoft Access Driver (*.mdb) and click Next.
Type in C:\Program Files\Citrix\Independent Management Architecture\MF20.dsn and click Next.
Click Finish.
Click Select.
Change Directories to C:\Program Files\Citrix\Independent Management Architecture and double-click mf20.mdb.
Click Advanced.
Delete admin from the Login name and click OK.
Click OK.
Your new MF20 DSN file is created. Click OK.
Return to your Command Prompt session, type in dir and press Enter. Your new mf20.dsn file is there.
To see the contents of mf20.dsn, type TYPE MF20.DSN and press Enter.
From your Command Prompt session, type in DSMAINT FAILOVER CitrixXA2 and press Enter.
Note: This needs to be done on all XenApp servers in your Farm.
Type in DSMAINT CONFIG /DSN:"C:\Program Files\Citrix\Independent Management Architecture\mf20.dsn" and press Enter.
Stop and restart the IMA service. Type in NET STOP IMASERVICE && NET START IMASERVICE and press Enter.
If there are other XenApp servers in your Farm, the IMA service must be stopped and restarted on all XenApp servers in the Farm.
Exit the Command Prompt session and start the AMC.
You will receive an error with the dead server's name.
Opening the AMC shows the two published applications, both XenApp servers and the Default Zone. This proves you have successfully read from the recovered Access data store.
The dead server needs to be forcefully removed from the Farm. Citrix Best Practice for removing a XenApp server from a Farm is to uninstall all XenApp software components. Removing the XenApp software components will cleanly remove all traces of a server from the data store. For this article, our "dead" server needs to be forcefully removed.
Click the server to be removed in the left column and then in the middle column under Other Tasks, click Remove from farm.
Click Yes to forcefully remove the server from the Farm.
The dead server has been removed from the Farm and from both published applications.
To verify that the two published applications still work, use Program Neighborhood.
When Program Neighborhood starts, it sees the Webster Farm.
After successfully authenticating to the Farm, the two published application icons appear. Double-click each icon to start the published applications.
Both Notepad and Paint successfully launch.
Troubleshooting
There is one common error when installing XenApp with an Access data store that can trip up recovery efforts: logging into the local server instead of the domain. This can happen when the default account name of Administrator is used to logon to the server.
When a new Farm is created, the Domain field is the server name and not the domain name. In this screen shot, the Domain is CitrixXA1 instead of WebstersLab.
Taking the time to verify information on the install screens can prevent issues later. This screen shot shows the Farm administrator will be CitrixXA1\Administrator and not WebstersLab\Administrator. This will be a major problem when attempting to recover the Access data store. You will be logged in on another server and will not be allowed to access the data store due to an invalid login name. With this install option, only the one account, Administrator, on the server CitrixXA1 has rights to the Farm. Unless you added additional Full Farm Administrators, you will have no access to the Farm information in the data store.
When joining additional XenApp servers to the Farm, you are required to enter the account credentials from CitrixXA1 to access the Access data store.
Even if you enter the proper domain account credentials, it will not work. The Domain Admin account does not have rights to the Access data store.
After successfully running the recovery steps above, you get the starting the AMC for the first time after recovery. You will get two errors during the Discovery process. The 1st error on CITRIXXA1 is because the server crashed and is no longer available.
The 2nd error on CITRIXXA2 is because the logged in account is not a Farm administrator and cannot access the data store.
When you return to the AMC, you see there are no Applications, no Servers and no Zone.
There is one possible way of recovering from this. Use a virtualization tool to bring up a server image with the same name as the original server and go through the recovery steps above. When the AMC loads with no errors, add additional Full Farm Administrators using local administrator accounts from the other servers in the Farm. Copy the data store file, MF20.MDB, to another server and rerun the recovery steps on a different server.
You learned how to:
-
backup and restore an Access data store
-
Create a new File DSN for an Access data store
-
Failover to the new data store
-
Configure the new host server to host the Access data store
-
Stop and restart the IMA service on the new host server
-
Stop and restart the IMA service on all remaining servers in the Farm
-
Forcefully remove a XenApp server from the Farm
-
Verify published application functionality
-
Prevent a common error and how to recover from that error
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
If you would like to read the other parts in this article series, please go to:
In Part 6 of this 7-part article, you learned how to create a Web Interface site and do basic configuration of that site to allow users access. In Part 7, you will create a test user account, learn to publish applications, test access to the published applications from the Web Interface site and learn basic XenApp server administrative tasks.
When you completed Part 6, you were in the Access Management Console (AMC). The first thing you need to do is create a test user account.
Click Start and right-click Command Prompt and select Run as Administrator.
Type in net user Test P@$$w0rd /add and press Enter. This creates a standard user account named Test with a password of P@$$w0rd. Type in net user and press Enter to verify the account was created.
Remember from Part 4 that any user account that needs access to any XenApp server must be a member of the Remote Desktop Users security group. Does that mean you need to add this new user account, Test, to the Remote Desktop Users security group? No, you do not. One of the decisions you made in Part 4 was to add the Authenticated Users to Remote Desktop Users. Any user account that successfully authenticates with Windows is automatically placed in Remote Desktop Users and has the necessary security privileges.
Type Exit and press Enter to exit the command prompt session.
You will now learn to publish the Notepad text editor. Click the "+" sign next to your farm name, Learning, which is in the left column of the AMC.
Click Applications.
Note: Applications is actually a folder and you can create sub-folders to segregate various applications. For example, you could have underneath Applications, folders for Payroll, Accounting, Graphics, Intranet, Microsoft Office, etc. Sub-folders can have sub-folders. How many sub-folder levels can you create? In my testing, I stopped once I reached a sub-folder depth of 16 levels.
In the middle column, under Common Tasks, click New, then Publish application.
The Publish Application wizard starts. Click Next.
Enter Notepad for the display name then click Next.
Note: The Display name must be unique to an Application Folder.
Application description is optional and the wizard will make it the same as the display name if nothing is entered.
Note: If the same Display name is used in another folder then an alphanumeric suffix is added to the Application Description so that the Application Description is unique to the Farm. In my testing, I created two sub-folders, test1 and test2, under Applications. I published Notepad in each folder and then checked their Application Description setting. The original published Notepad in the Applications folder had an Application Description of "Notepad". The one in the test1 sub-folder had an Application Description of "NotepadA2EA" and the one in the test2 folder was "Notepad102E". Why is this important? If you publish three versions of Notepad and all three have the same display name, how does the server know which one to run when a user clicks the Notepad icon in the Web Interface? Simple, it browses on the Application Description - not the Display Name. The Display Name is the name displayed to the user and to you in the AMC. The internal processes of the Farm and Data Store use the Application Description.
There are three types of applications you can publish for your users:
-
The server's desktop, so that users can access all of the resources available on the server. Citrix recommends that you not publish server desktops unless they are sufficiently locked down so that users cannot access sensitive areas of the operating system.
-
Content such as documents, spreadsheets, Web pages, media files and URLs.
-
Applications installed on XenApp servers.
Click Next to accept the default of Application Accessed from a server.
When entering the command line for an application, you can either type in the full command line or browse to the executable. Click Browse.
Note: If the full path to the program executable contains spaces then you must put double quotes around the command line. For example, you want to publish the Access Management Console for your Farm Administrators. The command line would be "C:\Program Files\Common Files\Citrix\Access Management Console - Framework\CmiLaunch.exe". The Working Directory does not need the double quotes.
Double-click C:.
Double-click Windows.
Scroll down to and double-click System32.
Scroll down to and double-click notepad.exe and click OK.
Click Next.
The Servers screen allows you to select which XenApp server(s) will serve this Published Application.
One common misconception an Accidental Citrix Admin may have is to believe that every XenApp server must have the same applications installed. It is possible to have five XenApp servers each with one installed application. Citrix terms this an Application Silo. This may be necessary for a processor or graphics intensive application or a badly written application that is business critical. One example of a badly written application is one that requires a specific version of a DLL and crashes if another version exists on the server. Microsoft calls this DLL Hell.
You may also decide to not add a server at this time. Doing so marks this application as disabled. This prevents users from seeing it on the Web Interface.
You can also Import a list of servers from an XML file with a ".asl" file extension. You will learn about that type of file later in this article.
Click the Add button.
Select Servers will show you all the XenApp servers in your Farm. You use the standard Windows selection process to select your server(s).
Double-click CITRIXONE and click OK.
Click Next.
Citrix Best Practice is to control access to Published Applications with Security Groups and not individual users. For this article, our users are in the Users group. Click the Add button.
Double-click CITRIXONE.
Note: If you have a large Directory structure, you can click the Add List of Names button and enter a semicolon separated list of names in the format domain\username. To manually enter your Users security group, you would click the Add List of Names button and type in CitrixONE\Users.
Scroll down and double-click Users.
Click OK.
Click Next.
On the Shortcut Presentation dialog, you can change the application's icon and select a location where to place a shortcut to the application.
Click Next.
There is one annoying default setting you need to change. By default every application will play the Windows startup sound when it is launched. I recommend disabling this "feature".
Check Configure advanced application settings now and click Next.
Advanced Access Control is beyond the scope of this article.
Click Next.
For this article, you are not using a XenApp Services site or the Program Neighborhood Agent. Content redirection from client to server is available only for users connecting with the Program Neighborhood Agent. When a file type is selected here, the registry on the client's device gets updated so that the Published Application is run. If you select the ".txt" file type, then on the client, any file with the extension ".txt" is opened with this Published Application and not an application on the client's device.
Click Next.
You can use the Limits dialog to help enforce license restrictions and how many copies of a Published Application a user may run at one time. For example, you have a license for five copies of Photoshop. You could check to Limit instances allowed to run in server farm and change the number to 5. XenApp will now only allow five instances of Photoshop to run on all XenApp servers in the farm. Even if you had Photoshop installed on ten XenApp servers, the sixth user who attempted to launch Photoshop would be denied.
It is also possible that one user could launch five instances of Photoshop. To prevent this, you can limit how many instances of an application a user can launch.
Note: Enabling either or both of these options can have a negative impact on application performance. As an extreme example, say you had 50 XenApp servers in your farm and were serving 100 users per server. That would give you 5,000 users in your environment. Every time a user attempted to launch Photoshop, the Data Collector would have to collect data on all 50 servers and 5,000 users to determine how many instances of Photoshop were running in the farm and if the user exceeded their instance allowance. Imagine the network and application performance impact this would have if everyone attempted to log in to the Web Interface and launch Photoshop between 8AM and 8:15AM!
CPU priority level is used for the new Preferential Load Balancing which is available only on XenApp 5 for Server 2008 - Platinum Edition. This allows for preferential treatment for users and applications. In our Microsoft Word example, you could make sure the company executives could use Microsoft Word without performance worries. You would create this Published Application and only allow the Executive security group access, set the CPU priority level to high and set the corresponding Citrix Policy so the Executive security group was also a high priority. Once both items have been set, your Executives would never have to worry about the performance of Microsoft Word.
Click Next.
Uncheck the box Enable legacy audio to remove all Windows sounds from this Published Application and click Next.
What if you need audio for the application but don't want the Windows startup sound? The sounds the user receives are the sounds set on each XenApp server. You would need to go to Control Panel -> Sounds and Audio Devices -> Sounds and select Start Windows in Program Events and change the sound to "none". This would need to be done on every XenApp server hosting the application.
You can also set encryption levels. For this instance of Notepad you can keep the default encryption level of Basic. For a Payroll or HR application you may want to set the encryption level to 128-Bit (RC-5).
If the application needs printers prior to starting, uncheck the box. Otherwise, leave this box checked to speedup application launching.
You can set the windows size of the application, its color depth, hide the title bar and maximize the application when it starts.
Click Finish to accept all the defaults.
You are back at the AMC. Click the "+" next to Applications.
You see your new Notepad published application.
Now that you have been taught how to publish an application, it is your exercise to publish Microsoft Paint. The executable is MSPaint.exe located in the same folder as that of notepad.exe. Use a Display Name of Paint, all other settings will be the same as what you just learned with Notepad.
When you are done, your AMC should look like:
You are now ready to test accessing these two applications with a standard user account. Start Internet Explorer and go to http://CitrixONE/Citrix/XenApp.
Log in using user Test with password P@$$w0rd and click the Log On button.
Your Test user now has access to the two Published Applications.
Click the Notepad icon to launch Notepad.
Notepad appears.
Move Notepad to where you can see the Paint icon and click the Paint icon. The Paint application will now appear.
Both Paint and Notepad are successfully running.
You have successfully tested two Published Applications with a standard Windows user.
Exit Paint and Notepad and click Log Off and exit Internet Explorer.
There are a few basic Farm administrative tasks that The Accidental Citrix Admin needs to do to ease Farm maintenance and to aid for when disaster strikes.
First you need to create a folder to contain all the files you need to backup.
Click Start and right-click Command Prompt and select Run as Administrator.
Type in md c:\ctxbackup and press Enter. This will make a folder to contain the files we need to backup.
Type in cd c:\ctxbackup and press Enter.
You command prompt should say c:\ctxbackup>
To backup IIS:
Type in %windir%\system32\inetsrv\appcmd.exe add backup "XenApp IIS My Backup" and press Enter. This will back up the IIS 7 configuration.
Type in c:\ctxbackup>xcopy %windir%\system32\inetsrv\config /s /e /c /i /f c:\ctxbackup\iis7 and press Enter. This copies the IIS backup files to the c:\ctxbackup\iis7 folder.
To backup the Data Store:
Type in dsmaint backup c:\ctxbackup and press Enter. This backs up the Access Data Store only.
Minimize the command Window.
To backup the Web Interface site:
In the AMC, click your Web Interface site, http://CitrixONE/Citrix/XenApp, in the left column and then click Export configuration in the middle column in the Other Tasks area.
Save the file to the c:\ctxbackup folder and click Save.
Note: If you have multiple Web Interface sites, you will need to Export each site.
Note: If you have multiple Web Interface sites, you can change the name of the file. If you have two sites named Internal and External, you can, for example, name the files Internal.conf and External.conf.
To backup Published Applications:
Click a Published Application in the left column, then in the middle column in the Other Tasks section, click Export Application settings to a file and then click Entire Application. Save the file to the c:\ctxbackup folder and click Save.
You will need to repeat this for every Published Application.
You will notice that one of the options for the Export is "Server List Only". This will generate the XML file with the ".asl" extension you can use to import a list of servers when publishing an application.
Hint: You can back all your applications to one file. Click Applications in the left column, then in the right column, in the Application area, you can use the Windows selection methods to select applications to include in the backup file. Once your applications are selected, right-click one of the applications, click All Tasks, click Export application settings to a file and then click Entire Application. The default filename is the name of the first selected application in the list of applications. Be sure to change the name to one that makes sense for your backup scheme.
Restore your command window, type dir and press Enter. You should see all the files you need to include in your backup procedures.
In this section, you have created a test user account, learned to publish applications, tested access to the published applications from the Web Interface site and learned to perform basic XenApp server administrative tasks. This process took me 10 minutes and 25 seconds. The total time for Parts 2 through 7 is 1 hour 31 minutes and 31 seconds. So roughly 1.5 hours to go from creating a Virtual Machine to testing access to Published Applications and learning a few basic Farm Administrative tasks.
You have now learned how to complete all the goals set out for you in this 7-part series. You have:
-
Created your MyCitrix.com account
-
Requested your evaluation license code
-
Downloaded your product license file
-
Downloaded XenApp 5 for Windows Server 2008
-
Learned to install Windows Server 2008 x86
-
Installed the prerequisites for XenApp 5 for Windows Server 2008, Web Interface and the Citrix License Management Console
-
Updated Windows Server 2008 x86
-
Learned to install XenApp 5 for Windows Server 2008
-
Learned how to update XenApp 5 for Windows Server 2008
-
Learned how to create a Web Interface site and set basic configuration settings
-
Created a test user account
-
Learned how to publish applications
-
Tested access to the published applications
-
Learned basic XenApp farm maintenance procedures
If there is anything else you would like covered please send an e-mail to webster@carlwebster.com
Thanks
Webster
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
If you would like to read the other parts in this article series, please go to:
In Part 5 of this series, you learned how to find hotfixes and updates for XenApp 5 for Windows Server 2008 and tell if a hotfix applies to your farm.
In Part 6, you will learn to create a Web Interface site and do basic configuration of that site to allow users access.
At the end of Part 5, you were at the server's desktop.
To start the Access Management Console (AMC), click Start -> All Programs -> Citrix -> Management Consoles -> Access Management Console.
The first time you start the Access Management Console, the Configure and Run Discovery process starts. This process discovers all the Citrix Products, Components, XenApp Servers and Web Interface sites that are installed on this server. Click Next.
In a Best Practice scenario, the Web Interface component would be installed on a separate server in the DMZ. In that case, on the XenApp server, you would uncheck to discover Web Interface sites. Then on the Web Interface server, you would uncheck discovering Presentation Servers. For this article series, you are not using Password Manager, so uncheck Password Manager. Click Next.
The Configuration Servers screen is used to discover Web Interface Configuration Servers. Configuration Servers are an attempt by Citrix to ease the deployment of multiple Web Interface servers so that all sites maintain the same configuration. This central Configuration Server, while a good idea, rarely worked and was hard for Citrix to support. In XenApp 5 for Windows Server 2008, and all future versions of XenApp, the Configuration Server has been removed. Since this article is using only one server, click Next to accept the default of Discover sites installed on this computer.
Click Add Local Computer.
For your production Farm, you would then click the Add button and add every server in your Farm you wanted to manage from this XenApp server.
Click Next.
Click Next.
Click Finish.
You are now at the Citrix Access Management Console (AMC).
There are three ways to accomplish the same task in the AMC:
- Right-click an item and select an action
- Click the AMC Action menu and select an action
- Click an Action in the middle column of the AMC in either the Common Tasks or Other Tasks areas.
You will use the last of these methods in this article.
Click Web Interface in the left column under Citrix Resources -> Configuration Tools and then click Create site in the middle column under Common Tasks.
The Create Site wizard starts. Click Next to accept the default of XenApp Web.
The XenApp Services site is what is created to use the XenApp plugin (formerly known as the Program Neighborhood Agent client).
Click Next on the Specify IIS Location screen.
You can create separate IIS sites, for example, to have different sites for Internal and External users. With different sites you can configure different authentications methods. Users internal to your network can enter their username and password but you can require external users to use Smart Cards, Two Factor Authentication or one of several other authentication methods.
If you create separate IIS sites, you would enter their paths in the Path box.
In a Best Practice scenario where Web Interface is installed on a separate server, you would check the box for Set as the default page for the IIS site. Since you have both the License Management Console and Web Interface installed on the same server you must not check that box. Doing so will break the License Management Console.
Next is the Specify Point of Authentication. There are five options:
- At Web Interface
- At Microsoft AD FS account partner
- At Access Gateway
- At third party using Kerberos
- At Web server
The default is At Web Interface. The five screen shots explain the options better than I can. Click Next to accept the default of At Web Interface.
Click Next on the Confirm Settings screen.
Make sure Configure this site now is checked. Click Next.
Change the Farm name from Farm1 to Learning and then click the Add... button.
Enter CITRIXONE for the server name and click OK.
Click Next.
In Part 4, you selected to share the XML Service Port between IIS and the XML Service. If the port number had been changed during install, or from the command line after installation, you would enter the new port number here.
This information is taken from the Web Interface Administrator's Guide for Web Interface 5.0.1 pages 63 and 64.
You can configure the following authentication methods for the Web Interface:
Explicit. Users are required to log on by supplying a user name and password. User principal names, Microsoft domain-based authentication and Novell Directory Service are available. For XenApp Web sites, RSA SecurID and SafeWord authentication are also available.
Pass-through. Users can authenticate using the credentials they provided when they logged on to their Windows desktop. Users do not need to reenter their credentials and their resource set appears automatically. Additionally, you can use Kerberos authentication to connect to servers. If you specify the Kerberos authentication option and Kerberos fails, pass-through authentication also fails and users cannot log on.
Pass-through with smartcard. Users can authenticate by inserting a smart card into a smart card reader attached to the client device. Citrix XenApp prompts users for their smart card PIN when they log on to the client device. After logging on, users can access their published applications and content without further logon prompts. Users connecting to XenApp Web sites are not prompted for a PIN.
Smart card. Users can authenticate using a smart card. The user is prompted for a PIN.
Anonymous. Anonymous users can log on without supplying a user name and password and access resources published for anonymous users on the server.
Click Next to accept the default of Explicit.
When users go to the Web Interface site, they will need to enter a user name, password and a domain name. You may not want your users having to know or remember the domain name. You can pre fill-in the domain name to keep users from having to know this information. For this article, you will enter the domain name, which is the server name, of CITRIXONE.
Click Restrict domains to the following click the Add button.
Enter CITRIXONE for the logon domain name and click OK.
Click Next.
With Web Interface 5.0.1, you have the option of using a Minimal or Full user interface. Click Full and then click Next.
For this article series, you are not using streamed applications. Click Next to accept the default of Remote.
Click Finish on the Confirm Settings screen.
You are now back at the AMC with your Web Interface site created. Click the "+" next to Web Interface.
You now see your Web Interface site. Since this is not the default site for IIS you, and your users, will have to enter the entire site URL of http://CitrixONE/Citrix/XenApp.
The Create Site wizard has completed the basic configuration. Now you need to test whether your site will load and display the log on page.
Start Internet Explorer and go to http://CitrixONE/Citrix/XenApp.
Enter your name and password.
At this point, there are no Published Applications to run. You have verified your site was created, loaded and logged into successfully.
This process took me 3 minutes and 43 seconds. With the times from Parts 2 through 5 the total time is 1 hour 21 minutes and 6 seconds.
You learned to create a Web Interface site and do basic configuration of that site to allow users access. In Part 7, you will create a test user account, learn to publish applications, test access to the published applications from the Web Interface site and to perform other basic XenApp server administrative tasks.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
If you would like to read the other parts in this article series, please go to:
In Part 4 of this 7-part article, you installed XenApp 5 for Windows Server 2008 - Platinum Edition. In Part 5, you will learn to apply updates for XenApp 5 for Windows Server 2008, if there are any updates available.
When you completed Part 4, you had just restarted your Virtual Machine (VM) and installed any additional Windows updates.
You should see a dialog asking for the address of a XenApp Services Site Server Address. You will not be creating a XenApp Services Site in this article series, so anytime you see this dialog click Cancel.
Start Internet Explorer and go to http://support.citrix.com.
In the left column, click XenApp.
Click XenApp 5.0 for Windows Server 2008.
This is where you go to look for any Hotfix Rollup Packs or individual Hotfixes. This shows you there are only two individual Hotfixes and zero additional hotfixes available to see. Citrix recommends that you only apply individual Hotfixes if they apply to a specific issue you are experiencing in your production farm. To see what issue an individual Hotfix resolves, click Hotfix PSE450R03W2K3028.
Scroll down to the New Fixes in This Release section.
IT IS EXTREMELY IMPORTANT that you read ALL the documentation that comes with ALL Citrix Product and Component updates. Failure to do so can have disastrous consequences for your production XenApp Farm and Data Store.
In this article series you will not be using Installation Manager so this Hotfix does not apply.
You can also find Product and Component updates on your MyCitrix.com site. With Internet Explorer still open, go to http://www.mycitrix.com.
Login to your MyCitrix.com account.
Click Downloads.
Click the Dropdown by Search Downloads by Product.
Scroll down and click on Citrix XenApp (the new name for Presentation Server).
Scroll down to the Components section. There are two Component updates for Windows Server 2008: Installation Manager and Access Management Console (AMC). For this article series you will not be using Installation Manager. The AMC available here is a standalone snap-in to the Microsoft Management Console. The AMC available here was installed as part of the XenApp 5 installation covered in Part 4.
Exit Internet Explorer. You are now at the server's desktop.
Note: Most Citrix Farms have more than one XenApp server. When there are multiple XenApp servers, they must be upgraded in a specific sequence:
- Data Collectors
- Database Connection Server
- Member Servers
To find your Data Collectors, go to a command prompt and type in qfarm /zone.
Qfarm /zone shows you the server that must be upgraded first in each Zone. The Database Connection Server is the XenApp server used by other XenApp servers to connect to the Data Store and is discussed in this article. Member servers are all XenApp servers that are not either Data Collectors or Database Connection Servers.
Since there are no updates available as of this writing, there is nothing to do. This article will be updated as updates are made available for XenApp 5 for Windows Server 2008 x86.
This process took 1 minute for me. With the time from Parts 2 through 4, the total time is 1 hour, 17 minutes and 23 seconds.
In Part 6, you will learn to create a Web Interface site and do basic configuration of that site to allow users access.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
If you would like to read the other parts in this article series, please go to:
In Part 3 of this 7-part article, you learned how to install the Windows Server 2008 prerequisites for XenApp 5, the License Server and Web Interface and all Windows security updates. In Part 4 of this article, you will learn how to install XenApp 5 for Windows Server 2008 - Platinum Edition and your Citrix product license.
When you finished Part 3, you had just verified there were no additional Windows Updates available and exited Internet Explorer. This left you at the server's desktop.
Click Start and Computer.
NOTE: Most people believe that XenApp can only be installed on a network that uses either Active Directory or eDirectory. That is not true. XenApp can be installed on a stand-alone workgroup computer, as well as UNIX versions for Solaris, AIX and HP-UX.
Navigate to C:\XA5, right-click Autorun.exe, select Run as administrator and click Continue on the User Account Control dialog.
Click Platinum Edition.
Click Application Virtualization.
Click I accept the license agreement and click Next.
Click Next.
Citrix does not recommend that the License Management Console and the Web Interface be installed on the same server. If you do, then the Web Interface must be installed first and then the Citrix License components. In the next screen, you will see that the Citrix Licensing is deselected by default.
NOTE: If you do not see the option for the Web Interface, that means IIS and ASP.NET have not been installed. Please cancel this installation, return back to Part 3 and make sure you follow all the steps to install the prerequisites.
Click on Citrix Licensing and select Entire feature will be installed on local hard drive. The Web Interface components will be installed first by the installer. This allows you to install both components on a single server. However, Best Practice is to install the Citrix Licensing on a server NOT in the XenApp Farm and to install the Web Interface on a separate server that is not a domain member in the DMZ. Since this learning server is not a production server, you can safely install all XenApp components on one server.
Click the "+" next to Passthrough Client.
Click Program Neighborhood, select Entire feature will be installed on local hard drive and click Next.
Citrix recommends enabling Pass-through Authentication for the Pass-through Client. When a user connects to applications published on different XenApp servers, pass-through client authentication enables XenApp to automatically pass the user's credentials from the initial server to the XenApp server hosting the next published application. This prevents the user from having to re-authenticate when opening applications on different XenApp servers.
Click Yes and then Next.
Click Next.
Answer Yes to the Microsoft Visual C++ 2005 SP1 Redistributable Package license agreement.
Click Next.
Click Next.
Click Finish.
Click Next.
Accept the default destination folder for the Web Interface components. Click Next.
Click Copy the clients to this computer and click Browse.
Browse to C:\XA5. Double-click the XA5 folder.
Double-click the Clients folder.
Click OK.
Click Next.
Click Next.
Click Finish.
Click Next.
Accept the default destination folder for Citrix Licensing and click Next.
Click Next.
Accept the default location for the license files. Click Next.
Click Next to accept the default license ports. Unless these two TCP ports are already in use on your network, Citrix recommends the ports be left at their defaults.
Note: With Citrix License Server 11.5, the static licensing ports are configured during the installation and are automatically open on the Windows Server 2008 firewall. The Macrovision License Manager software that Citrix uses, Lmgrd.exe, still uses default port 27000. Citrix.exe, the License Vendor Daemon, no longer uses a random port by default and now uses static port 7279. The licensing service has also been updated where newly added license files are automatically updated with the correct port numbers.
Click Next to accept the default Web server of IIS.
Click OK to restart Microsoft IIS Server and click Next. You cannot click Next until you select the option to restart IIS.
Click Next.
Click Finish.
Click Next.
Click Next.
You can select whether to create a new farm or join an existing farm. You will be creating a new farm for this Learning article.
NOTE: What is a Farm? A Farm is a group of servers running XenApp that can be managed as a unit, enabling the administrator to configure features and settings for the entire farm rather than being required to configure each server individually. All the servers in a farm share a single data store.
NOTE: What is a data store? The data store provides a repository of persistent information about the farm that each server can reference, including the following:
-
Farm configuration information
-
Published Application configurations
-
Server configurations
-
Static policy configuration
-
XenApp administrator accounts
-
Printer configurations
Click Create a new farm and then click Next.
You will use the default database of Access and keep the default zone name. There are several databases that can be used for the Farm Data Store but the Access database requires no preinstall configuration on your part. The databases available for selection are:
-
Access
-
SQL Server Express
-
SQL Server
-
Oracle
-
DB2
The Zone name is simply a descriptive name for the zone. By default XenApp 5 for Windows Server 2008 uses "Default Zone".
NOTE: What is a Zone? A Zone is a logical grouping of XenApp servers that share a common zone data collector. Zones allow the efficient collection of dynamic farm information. Each zone in a farm has exactly one data collector.
All of the member servers in a particular zone communicate their dynamic information to the data collector for their zone. The data collector then shares this information with all other data collectors in the farm.
NOTE: What is a zone data collector? A zone data collector is a server that stores and manages dynamic information about the servers in a zone, including:
Enter a new Farm name of Learning.
Click Next to accept the default installation account as the initial XenApp Farm Administrator and your server's name, CitrixONE, as the Domain.
.
For this Learning series, you do not need to enable IMA encryption. Since the data store is located on this XenApp server, there is no network traffic to encrypt.
Click Next
Enter CitrixONE as the Host name for the License Server and Click Next.
You will now install the license file downloaded from MyCitrix. Click Install license for this product now and then click Next.
If you decide not to install licenses at this time, you will receive an error upon logging into the VM and after 96 hours the XenApp server will refuse to run.
Click the Open License Management Console button.
Logon to the License Management Console with CitrixONE\YourUserName and password.
Click Step 2: Copy license file to this license server.
Click Browse.
Browse to your license file, click the license file and then click Open.
Click Upload.
Click close the browser window and return to the setup program.
Click Yes to close the License Management Console browser window.
Click Next to continue with the setup.
Shadowing can be a useful tool for user collaboration, training, troubleshooting and monitoring. This capability is useful for supervisors, help desk personnel, teachers, and anyone else who may need to examine another user's session. During Setup, you can limit or disable shadowing. You can disable shadowing of ICA sessions on all servers in a farm if, for example, legal requirements prohibit shadowing of user's sessions. Or, you may want to disable shadowing on servers that host sensitive applications such as Human Resources or Payroll.
The decision made on this screen cannot be changed without reinstalling XenApp. This is from page 71 of the XenApp Installation Guide for XenApp 5 for Windows Server 2008:
<quote>
Important: Shadowing restrictions are permanent. If you disable shadowing or enable shadowing but disable certain shadowing features during Setup, you cannot change the restrictions later. You must reinstall XenApp on the server to change shadowing restrictions.
Any user policies you create to enable user-to-user shadowing are subject to the restrictions you place on shadowing during Setup.
Shadowing is a server-level setting, so you can enable shadowing on one server and disable it on another. Because shadowing restrictions are permanent, you cannot rerun Setup to configure shadowing after you create your farm if you disabled the default shadowing support when you installed the server.
Citrix does not recommend disabling shadowing as a substitute for user- and group-specific connection policies.
</quote>
Click Next to accept the default of allowing shadowing.
Click Next to share the XML Port with IIS.
There are three main options and one sub-option for adding users to the Remote Desktop Users Group.
-
Add the Authenticated Users now. Authenticated Users includes all users and computers whose identities have been authenticated by Windows.
-
Add the list of users from the Users group now. The Users group is a built-in default group. Members of this group can perform common tasks, such as running applications, using local and network printers, and locking the server.
-
Skip this step and add users later. Allows you to manually add user to the Remote Desktop Users Group at a later time.
-
Add Anonymous users also. If checked will create 15 Anonymous user accounts named Anon000 through Anon014 and place them in the Anonymous Users Group. This group is then added to the Remote Desktop Users Group.
Note: What is the Remote Desktop Users Group? The Remote Desktop Users group allows the same access as the Users group, with the additional ability to connect remotely to the XenApp server. By using this group, you save administrative resources by not having to set up these rights for each user individually.
Click Add the Authenticated Users now and then click Next.
Note: Even if you uncheck Add Anonymous users also before you click Add the Authenticated Users now, the 15 anonymous user accounts are still created.
Click Finish on the Review screen.
Click Yes on the warning popup about security on the IIS Script folder.
Uncheck View the Readme file. and Click Close.
Click Next.
Click Next to accept the default destination for the Advanced Configuration files.
Click Next.
Click Finish.
Click Next.
Click Next to accept the default destination folder for the Document Library.
Click Finish.
Click Finish.
Click Yes to restart your VM.
When the VM has restarted, logon to Windows and recheck for any Windows Updates that are available.
You have now successfully installed XenApp 5 for Windows Server 2008. This process took 13 minutes and 4 seconds for me. With the time from Part 2 and Part 3, the total time is 1 hour, 16 minutes and 23 seconds.
In Part 5, you will install any necessary updates for XenApp 5 for Windows Server 2008.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
If you would like to read the other parts in this article series, please go to:
In Part 2 of this 7-part article, you created your Virtual Machine (VM) and installed Windows Server 2008 Standard x86. In Part 3 of this article, you will install the Windows Server 2008 prerequisites for XenApp 5, the License Server and Web Interface and all Windows security updates.
Installing XenApp 5 for Windows Server 2008 is very different than for XenApp 5 for Server 2003. The first thing you should do is to read the contents of the Citrix XenApp 5.0 for Microsoft Windows Server 2008 Installation Checklist EN. This checklist explains the Server 2008 Prerequisites that are needed for the various XenApp 5 software components and some required Microsoft Hotfixes that need to be installed before installing XenApp 5.
The two Microsoft Hotfixes needed are:
The third hotfix mentioned in the checklist is not needed for this article because you will not be streaming any applications. Go ahead and download both hotfixes to a location accessible by VMware Workstation.
You will be installing the following XenApp 5 software components:
-
License Server
-
License Management Console
-
XenApp 5.0 for Windows Server 2008 (32-bit)
-
Access Management Console
-
XenApp Advanced Configuration
-
Data Store Database
-
Web Interface
Many of the required Server 2008 Roles and Features are the same for the various XenApp software components. To summarize the Checklist document, you will need the following Roles installed:
The following Role Services need to be installed:
For Terminal Services:
-
Terminal Server
-
TS Licensing
For Application Server:
For Web Server (IIS)
Under Common HTTP Features
-
Static Content
-
Default Document
-
Directory Browsing
-
HTTP Errors
Under Application Development
-
ASP.NET
-
.NET Extensibility
-
ISAPI Extensions
-
ISAPI Filters
Under Health and Diagnostics
-
HTTP Logging
-
Request Monitor
Under Security
Under Performance
Under Management Tools
You will also need to manually install Microsoft .NET Framework 3.5 and Java Runtime Update 11.
When you completed Part 2, you were at the Windows CTRL + ALT + DELETE prompt.
You need to configure your Virtual Machine (VM) to allow access to the license and XenApp 5 files downloaded from your MyCitrix web site.
Right-click the VMware Workstation tab for your Learning XenApp 5 for Server 2008 VM and click Settings...
Click the Options tab.
Click Shared Folders
Click Always enabled
Check Map as a network drive in Windows guests
Click the Add button.
Click Next on the Add Shared Folder Wizard.
Click the Browse button.
Browse to the folder that contains the files downloaded from your MyCitrix web site, select that folder and then click OK.
Click Next on the Add Shared Folder Wizard.
Verify that Enable this share is checked and that Read-only is not checked and then click Finish.
Click OK on the Virtual Machine Settings.
Press CTR-ALT-Insert to logon to the VM with your user account and password. Close the Initial Configuration Tasks console and the Server Manager console. You need to install the two Microsoft Hotfixes first.
Click Start -> Computer.
You will now see your shared folder mapped as Drive Z.
Note: What is .host? .host is how VMware Workstation refers to the host computer running VMware Workstation.
Double-click the Z: drive and navigate to where you placed the two Microsoft Hotfix files. Double-click the first Zip file, click Run, click Continue, extract the Zip file to C:\HF1 and enter the password Microsoft sent you. Repeat for the second Zip file but extract it to C:\HF2.
You also need to copy your Citrix license file to the C: drive because of an issue with the Citrix License Management Console (LMC). The LMC is unable to access the Z: drive so the license file needs to be placed on the VM's local C drive. Navigate to where you placed your Citrix license file and copy the file to the root of the C drive.
Double-click the HF1 folder, double-click the Hotfix file, click Continue on the User Account Control dialog and install the hotfix. If the Hotfix requires a Restart, restart the VM, logon to Windows and return back to the C drive in Start -> Computer. Double-click the HF2 folder, double-click the Hotfix file, click Continue on the User Account Control dialog and install the hotfix. If the Hotfix requires a Restart, restart the VM, logon to Windows and return back to the Z drive in Start -> Computer.
Navigate to where you placed the XA50_WS2008_EN.Zip file you downloaded from your MyCitrix site in Part 1.
Double-click the Zip file and click Extract all files.
Save the files to C:\XA5. Leave the box, Show extracted files when complete, checked. You will manually install the .NET 3.5 Framework next.
When the file is extracted, double-click the Support folder.
Double-click the DotNet35 folder.
Right-click the file dotnetfx35 and select Run as administrator.
Click Continue on the User Account Control dialog. Click I have read and ACCEPT the terms of the License Agreement and then click Install.
When the Microsoft .NET Framework 3.5 Setup completes, click Exit and restart your VM. Logon to Windows and close the Initial Configuration Tasks console. On the Server Manager console, scroll down to the Security Information section. Click Configure IE ESC.
Click Off in both the Administrators and Users sections and then click OK. The Internet Explorer Enhanced Security Configuration needs to be disabled to prevent the annoyance of its popups when downloading updates from Microsoft and Citrix and when testing the Web Interface on this VM.
Exit the Server Manager console and start Internet Explorer.
Go to http://www.java.com/
Install Java Runtime 11, restart your VM and login to Windows with your username and password.
On the Initial Configuration Tasks console, click Add roles.
Click Next.
You will now install the Application Server, Terminal Services and Web Server (IIS) roles. Click Application Server.
Click Add Required Features.
Click Terminal Services and Web Server (IIS) and then click Next.
Click Next.
Click Terminal Server, TS Licensing and then click Next.
Click Next.
Click Do not require Network Level Authentication and then click Next.
Click Per User and then click Next.
One of the options when installing XenApp 5 is what Users or Groups to add to the Remote Desktop Users security group. When you install XenApp 5 in Part 4 this will be explained in more detail. For now, click the Add button.
Type in Authenticated Users, click Check Names and then click OK.
Click Next.
Click Next.
Click Next.
Click Next.
Click Next.
Click ASP.NET.
Click Add Required Role Services.
Click Windows Authentication, Client Certificate Mapping Authentication, IIS 6 Management Compatibility and then click Next. When you click IIS 6 Management Compatibility, the four sub options are automatically selected.
Click Install.
Click Close.
Click Yes to restart your VM.
When your VM has restarted, logon to Windows (notice how Terminal Services has changed the logon screen) and the installation of the three Roles resumes.
Click Close when the installation is complete.
With all the prerequisites, Roles and Roles Services installed you need to install the Windows Updates. For this articles series, the Server Manager console is no longer needed. Click Do not show me this console at logon and exit the Server Manager console.
Click Start -> Windows Updates.
You need to install all the Windows updates, reboot and repeat until there are no more Windows updates to install.
You have now installed all the prerequisites for XenApp 5, the License Server and Web Interface and installed all Windows security updates. This process took 40 minutes and 3 seconds for me. With the time from Part 2, the total time is 1 hour, 3 minutes and 19 seconds.
In Part 4 of this article, you will install XenApp 5 for Windows Server 2008 - Platinum Edition and your Citrix product license.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
If you would like to read the other parts in this article series, please go to:
In Part 1 of this 7-part article, you learned how to create a MyCitrix.com account, request an evaluation copy of XenApp 5, generate and download a new license file and downloaded your evaluation software. In Part 2 of this article, you will learn how to create your Virtual Machine (VM) and install Windows Server 2008 Standard x86.
To simplify this learning process, you will take most of the VMware Workstation VM creation defaults and make only minimal configuration changes to Windows Server 2008. Some of the VM creation options you have may be different than what I have because of possible hardware differences between our two lab server setups. First, make sure you have a Windows Server 2008 Product Key and ISO image file accessible.
Note: What if you don't have a copy of Windows Server 2008? To download a 60 day (extendable to 240 days) evaluation copy of Windows Server 2008 as an ISO image, go to http://www.microsoft.com/downloads/details.aspx?FamilyId=B6E99D4C-A40E-4FD2-A0F7-32212B520F50&displaylang=en. Save the file where it can be accessed by VMware Workstation.
Let's get started.
Start VMware Workstation 6.5 and then click File -> New -> Virtual Machine
Click Custom (Advanced) and then Next
Make sure Hardware compatibility says Workstation 6.5 and click Next
Click Installer disc image file (iso) and then click the Browse button
Browse to your ISO image file, select it and then click the Open button
Click Next
On this screen, enter your Product Key, change the Full name field from Administrator to a user name you want to use and enter a password. If you leave the Full name field set to Administrator, you will get a warning about a conflict with an existing system name. In my experience, when the VM attempts the automatic logon process during the Windows Setup process, you will get an "Invalid password" error and you will be locked out of the system. The only way to recover is to force a power off of the VM, delete the file from the hard disk and redo the VM creation process.
Once you have entered your Product Key, a user name and Password, click Next
If you wish, change the Virtual machine name to Learning XenApp 5 for 2008 to distinguish it from your other VMs.
When you change the Virtual machine name, the VM name in the Location field is also changed. Click Next
Accept the default of One for Number of processors and click Next
Change the Memory for the virtual machine to 4096 (or the maximum you can set if you do not have 4096 available for Guests).
Why 4GB of RAM for this VM? From my experience, Server 2008, with Terminal Services Licensing and Terminal Services in Application Server mode, runs best in a virtual environment with 1024MB of RAM. You will also be installing:
-
Citrix License Management Console which uses Java
-
Web Interface
-
Access Management Console
-
Presentation Server Console
-
Access Datastore database
-
Citrix Web Client
and you will be using Internet Explorer to test running a Published Application. Most of these will be open at the same time so the more RAM assigned to this VM the better.
Click Next
Accept the default Network connection of Use network address translation (NAT). Click Next
Accept whatever the recommended setting is for your setup for I/O adapter types. Click Next
Take the default Create a new virtual disk. Click Next
Accept the recommended Virtual disk type for your setup. Click Next
Accept the default Maximum disk size (GB) of 16.0 and check Allocate all disk space now. If you allocate all disk space now, it will take a little longer to create the empty VM but the installation of the server OS is much faster. Click Next
Accept the Disk File name generated. Click Next
Check Power on this virtual machine after creation. This saves a few seconds in the setup process that keeps you from having to manually power on the VM to continue the VM creation process. Click Finish
VMware Workstation now creates the disk for the VM and goes through the initial power on sequence. In my experience, the power on screen is always black and no status messages are displayed.
Once the VM creation process has completed, you are returned to the Guest OS work screen. Click Power on this virtual machine
After a few minutes, the Select the operating system you want to install dialog appears. Click Next to accept the default of Windows Server 2008 Standard (Full Installation).
Note: XenApp 5 for Windows Server 2008 cannot be installed on a Server Core Installation.
At this point, the Windows setup process takes over. You will not have anything to do for about 15 to 20 minutes. When the initial setup process is complete, you are at the CTRL + ALT + DELETE logon screen.
Press CTRL + ALT + INSERT to logon and click on your user account.
Enter your password and either click the arrow to the right of the password field or press Enter.
Wait a few minutes while the VMware Tools are installed and the VM restarted. You will then be back at the Windows logon screen. Click your user account, enter your password and click the arrow or press Enter.
Click Continue on the User Account Control dialog to continue the next phase of the server setup or wait two minutes and the dialog goes away.
There are only two tasks you need to complete on the Initial Configuration Tasks for Part 2: Set time zone and Provide computer name.
If you are not in the Pacific Time Zone, click Set time zone and click the Change time zone button.
Select your Time Zone, click OK and click OK on the Date and Time dialog.
Click Provide computer name and domain.
Click Change.
Type CitrixONE for the Computer name and click OK.
Click OK on Computer Name/Domain Changes dialog.
Click Close on the System Properties dialog.
Click Restart Now to restart the VM.
After the VM restarts you are now at the Windows CTL-ALT-DEL prompt.
You have now successfully created your VM and installed Windows Server 2008 Standard x86. This process took 23 minutes and 16 seconds for me.
In Part 3 of this article, you will install the Windows Server 2008 prerequisites for XenApp 5, the License Server and Web Interface and all Windows security updates.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
If you would like to read the other parts in this article series, please go to:
Learning the basics of Citrix XenApp 5 for Windows Server 2008 is a fairly easy process. However, understanding all the installation options, configuration settings, management consoles and administrative processes for all the various Citrix software and hardware components that can go into a Citrix farm can be a daunting task. This series of articles will lead you from the very first step to the very last step of installing, configuring and testing XenApp 5 on a single server running Windows Server 2008. The goal - to get you installing and running a Published Application in the shortest amount of time.
In Part 1 of this 7-part article, I will show you how to create a MyCitrix.com account, request an evaluation copy of XenApp 5, generate and download a new license file and download the necessary evaluation software. MyCitrix.com is your primary mechanism for interacting with Citrix and managing your company's use of their software. You must have a MyCitrix.com account to:
-
register your products
-
manage your licenses
-
download software
-
update your profile
-
and more
For this series of articles, VMware Workstation 6.5.1-126130 will be used with Windows Server 2008 Standard (x86) and Citrix XenApp for Windows Server 2008 Platinum (x86). The server's name will be CitrixONE. The Virtual Machine (VM) will be assigned one processor, 4GB of RAM and 16GB of Hard Drive space. If you already have a MyCitrix.com account and the XenApp 5 for Windows Server 2008 software then you may proceed to Part 2 of this series.
Note: You can use any virtualization product for this series of articles. There are several FREE virtualization products available:
To create your MyCitrix.com account, go to http://www.mycitrix.com. You will see this screen:
Click on New Users.
Fill in the required information and click Continue.
On this screen you will select your MyCitrix.com Login ID and Password. Once you have entered a Login ID and Password and successfully completed the validation process you will be taken to your personalized MyCitrix.com site.
You will also receive an e-mail from Citrix Customer Care with your MyCitrix.com registration information.
You are ready to start the process of requesting your license code. Click on Downloads:
Click the dropdown box under Search Downloads by Product:
Select Citrix XenApp (the new name for Presentation Server)
Under the Product Software section, you will see a Lock icon next to DVD Image for Windows Server 2008 (All Editions).
The Lock icon means you need to contact Citrix Customer Service to obtain your License Code. Click the highlighted words in "please contact Customer Service."
It is faster to call Customer Service instead of sending them an e-mail. The wait time is minimal and the customer service people are very friendly and helpful. Your customer service representative will put you in contact with the sales person for your geographic region. Once you talk to your sales representative you will be e-mailed your License Code and instructions. The License Code you receive will allow you to evaluate XenApp 5 Platinum Edition for 90 days and allow you to test with up to 99 concurrent users. It took less than five minutes to receive the e-mail when I followed this process. Once you have your License Code, click on "My Citrix" in the menu bar to return to the MyCitrix.com home page.
From the MyCitrix.com Home Page, on the left side under My Tools, in the Choose a Toolbox, select the toolbox called Activation System/Manage Licenses.
Click the drop down box by Current Tool and select Activate/Allocate.
Enter your License Code you received in the e-mail from Citrix Sales and then click Continue.
Don't be surprised if the License Code you receive doesn't work!
Just send your License Code and error number to your sales rep who supplied the License Code or to CustomerService@citrix.com.
When your Activation process works, you are taken to a screen to select a Solution Advisor. If you do not have a Solution Advisor, feel free to select my employer. Select your Solution Advisor and click Continue.
You now select the contact to assign to your MyCitrix.com account and click Submit. You will probably only have one entry here.
Enter your contact data and click Submit.
You are taken to the screen to start the License Server name process.
If you click the Determine License Server Name (host name) link, you receive the following instructions:
Click Continue and you are taken to the Select Licenses to Allocate screen. For this article, our License Server name is CitrixONE. Enter CitrixONE and click Allocate.
Next, verify the server's hostname is correct. If it is, then click Confirm. If it is not correct, click the back arrow and enter the correct name.
You are now ready to download your Citrix license file.
Click the Download License File button:
Click Save and save the license file to a location accessible when installing XenApp 5 in Part 4.
The license file may be renamed as long as the .lic file extension is kept. This is helpful when you have several license files to maintain.
We are now ready to download the XenApp 5 product files. Click on Downloads on the top menu bar.
Click the dropdown box under Search Downloads by Product:
Select Citrix XenApp (the new name for Presentation Server)
Under the Product Software section, click DVD Image for Windows Server 2008 (All Editions).
Scroll down past the Documents to download section, click the Download button to the right of the product name.
After clicking Download you should be presented with the Download Agreement dialog box. There are times where it may take multiple tries to get to this screen. The first time, you may see a "requested file does not exist" popup. Exit out of that popup and click Download again. The second time, you may see a "Your account does not allow you to access the requested resource". Exit out of that popup and click Download again. The third time is usually the charm and you should see the Download Agreement dialog. Click the box next to "I have read and certify..." and click Accept.
You now receive a Popup Window for the Download Manager. You can either use the Download Manager or not. Since you will be downloading multiple files go ahead and install the Download Manager add-on.
Save the XA50_WS2008_EN.zip file to a location accessible when installing XenApp 5 in Part 4.
Once the Download Manager has finished downloading the DVD image, you have completed all the steps for Part 1 in this series.
You may now Exit the Download Manager and your Internet browser. In Part 2 of this series, you will learn how to create your VM and install Windows Server 2008 Standard x86.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
Eventually every Citrix Administrator needs to add an additional server or servers to their farm. Adding additional servers to the farm, installing applications to them and then adding the new servers to the published applications allows XenApp to provide automatic load balancing of users of those applications across servers. XenApp uses the concept of Least Busy Server to determine which server will launch the application requested by the user.
There are two pieces of information you need before you can add an additional server to your Farm:
- Database type used for the data store
-
Server hosting the database
To find the information on the database and data store will require the use of regedit on a server already in the farm.
Important This section, method, or task contains steps that tell you how to access the registry. However, serious problems might occur if you access the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following to view the article in the Microsoft Knowledge Base:
DATA STORE USING MICROSOFT ACCESS
Start regedit: Start -> Run type regedit and then click OK.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA.
The value for DatabaseDriver tells you the type of database being used, ImaAccess.dll is Access.
DataSourceName shows the location of the DSN file you need to check to find the name of the server hosting the database.
Looking at the MF20.dsn from the server using Access:
Shows the Driver as Microsoft Access and the file is located on that server in C:\Program Files\Citrix\Independent Management Architecture.
You now have the two pieces of information necessary to add a new server to the Farm.
To see the entire XenApp 5 for Server 2003 installation process, please see this article: Learning the Basics of XenApp 5 Part 4 of 7. This article will only show the steps where a new server is added to an existing farm.
The Farm being used in this article was created for the series Learning the Basics of XenApp 5. For that series, the Farm was named Learning and two applications were published: Notepad and Paint. There is only one server in the Farm, CitrixONE, using Access for the data store. For this article, the server being added is named CitrixTWO.
On the Create or Join a Server Farm dialog, select Join an existing farm.
On the Join a Server Farm dialog, enter the name of the server, CitrixONE, that hosts the Access data store. Accept the default port 2512.
Note: Citrix calls this Indirect Connection mode to the data store. This server is using another server to connect to the data store. Direct Connection mode is made using the option Connect directly to the database using ODBC. The difference? If CitrixONE goes offline, then CitrixTWO no longer has a connection to the data store and farm functionality is severely crippled. Direct Connection mode does not rely on any other XenApp server for access to the data store.
Enter the credentials to access the Access database.
If the wrong credentials are entered, you get a warning message. Click OK and the entire data store selection process starts over.
Accept the default Use the global farm settings for the license server.
DATA STORE USING MICROSOFT SQL SERVER
Start regedit: Start -> Run -> regedit and then click OK.
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA.
The value for DatabaseDriver tells you the type of database being used, ImaSql.dll is Microsoft SQL Server.
DataSourceName shows the location of the DSN file you need to check to find the name of the server hosting the database.
Looking at the MF20.dsn from the server using SQL Server:
This shows:
-
The driver as SQL Server
-
UID (User ID) used to log into the SQL Server and database is Administrator
-
The server this MF20.dsn came from (WSID) is CITRIXPS.
-
The SQL Server hosting the data store is CitrixSQL
-
The DSN description is Citrix DS
To see the entire XenApp 5 for Server 2003 installation process, please see this article: Learning the Basics of XenApp 5 Part 4 of 7. This article will only show the steps where a new server is added to an existing farm.
The Farm being used in this article was created for the series Learning the Basics of XenApp 5. For that series, the Farm was named Learning and two applications were published: Notepad and Paint. There is only one server in the Farm, CitrixONE, using Access for the data store. For this article, the server being added is named CitrixTWO.
On the Create or Join a Server Farm dialog, select Join an existing farm.
Click Connect directly to the database using ODBC and click Next.
Enter a description and either type in the name of the SQL Server or click the drop down and select the SQL Server. Click Next.
Click Next.
Click Next.
Click Finish.
Click the Test Data Source... button.
Click OK.
Click OK.
Enter the user name and password to access the SQL Database.
If the wrong credentials are entered, you get a warning message. Click OK and the entire SQL Server selection process starts over.
Accept the default Use the global farm settings for the license server.
XENAPP 5 INSTALL IS COMPLETED
Looking at the IMA registry key from CitrixTWO:
Because this is an Indirect Connection, there is nothing in either the DatabaseDriver or DataSourceName registry keys. There are two new registry keys: PSSERVER and PSSERVERPORT. The presence of these two registry keys is how to tell if a XenApp server is using a Direct or, in this case, Indirect Connection to the data store. PSSERVER holds the name of the XenApp server hosting the data store.
When the XenApp install completes, restart the server, login to Windows and then apply all the same XenApp updates that are on the original XenApp server. Failure to have the new XenApp server at the same update level as the original will cause version mismatch errors in the Access Management Console (AMC) on the new server. For the Learning series, Hotfix Rollup Pack #3 was the most current XenApp update. After all the updates are applied, restart the server, login to Windows and start the AMC on the new server.
The Configure and run discovery wizard starts. Since the Web Interface is not installed on the new server, it is deselected.
To administer both servers from this AMC, click the Add Local Computer button.
Then click the Add button ..
.
and add the original server.
With both servers in the list of servers to administer, click Next.
Click Next on the Preview Discovery screen.
Click Finish.
Note: If you are running in a Windows Workgroup environment, you may see "access denied error 0x80041003" as an alert in the AMC. To resolve this error, add the account used to install XenApp 5 as a Full Farm Administrator.
The list of published applications and servers can now be seen.
Right-click the new server, CitrixTWO in this case, select Properties and then License Server. The new server is using the Farm settings for License Server.
The next steps to be taken are to:
-
Install applications to the new XenApp server in the same location with the same options as the existing XenApp server
-
Add the new server to the existing published applications
-
Publish any applications that exist only on this XenApp server
You have learned to add a server to a Farm, determine the type of database used for the data store and verify that your new server is using Farm settings.
If there is any other aspect of adding a XenApp server to a farm you would like to see covered, send an e-mail to webster@carlwebster.com.
If you have screen shots for Oracle or DB2 I could use, send them to me and I will make sure you receive credit in the article.
Thanks
Webster
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article was update January 5, 2009.
Will a stand-alone Citrix License Server running in a Workgroup service the licensing requests for XenApp Servers running in multiple farms in multiple directory service systems? Someone asked me this question and my first thought was yes it would. But would it?
NOTE: Most people believe that XenApp can only be installed on a network that uses either Active Directory or eDirectory. That is not true. XenApp can be installed on a stand-alone workgroup computer, as well as UNIX versions for Solaris, AIX and HP-UX.
This test will need five servers running Windows Server 2003 R2 x86 with all Windows Updates. The License Server will be a stand-alone server in a Workgroup. Microsoft Active Directory will be used for the Directory Service. Two Forests, each with one domain, will be built. One XenApp Server will be in each Domain as domain members.
Two server Virtual Machines (VM) were built for the first Forest/Domain. The Forest/Domain is called DomainA.com, with a Domain Admin account named AdminA with a password of P@$$w0rdA.
Two server VMs were built for the second Forest/Domain. The Forest/Domain is called DomainB.net, with a Domain Admin account named AdminB with a password of P@$$w0rdB.
The License Server was built as a stand-alone server in a Workgroup named Citrix with a local administrator account named AdminC with a password of P@$$w0rdC. The License Server is version 11.5.
Different user names and passwords were used to verify that the license server does no authentication of user credentials when checking out licenses.
The XenApp Server in DomainA is named CitrixA and the server in DomainB is named CitrixB.
A DNS "A" record was created in each domain for the name of the Citrix License Server, CitrixONE.
When XenApp is installed, one of the questions asked is the host name of the license server.
The installer needs to be able to resolve the name to an IP address. If there is no DNS record for the license server, name resolution fails and you receive an error message that the license server cannot be contacted.
The Citrix Farm in DomainA is named FarmA, the Farm in DomainB is named FarmB. Both XenApp servers are running XenApp 5 for Server 2003 - Platinum Edition with Hotfix Rollup Pack #3.
On CitrixA the Notepad text editor was published and on CitrixB, Microsoft Paint was published.
To begin the test both CitrixA and CitrixB were powered off.
This screen shows no Server Start-up licenses or Citrix XenApp Platinum licenses checked out.
CitrixA in DomainA.com was then powered on.
This shows that one Citrix Start-up License has been checked out. CitrixB in DomainB.net was then powered on.
This shows that two Citrix Start-up licenses have now been checked out. Click the box next to the number 2 in the In Use column to get a detailed usage report on the checked out licenses.
Here you see the Fully Qualified Domain Names of the two XenApp servers.
Program Neighborhood was used to run the Notepad published application on CitrixA.
This shows that one Citrix XenApp Platinum Concurrent User license has been checked out.
Program Neighborhood was used to run the Paint published application on CitrixB.
This shows that two Citrix XenApp Platinum Concurrent User licenses have been checked out.
Will a stand-alone Citrix License Server running in a Workgroup service the licensing requests for XenApp Servers running in multiple farms in multiple directory service systems? Yes.
It does not matter what user accounts were used in installing the Citrix License Server or XenApp 5. It does not matter what user accounts are setup on the license server or used to run the published applications. The Citrix License Server simply listens, by default, on TCP Port 27000 for license requests. If the license server has the licenses for the Citrix product being requested and has available user licenses, a license is checked out.
This article was updated January 9, 2009.
If you would like to read the other parts in this article series, please go to:
In Part 6 of this 7-part article, you learned how to create a Web Interface site and do basic configuration of that site to allow users access. In Part 7, you will create a test user account, learn to publish applications, test access to the published applications from the Web Interface site and learn basic XenApp server administrative tasks.
When you completed Part 6, you were in the Access Management Console (AMC). The first thing you need to do is create a test user account. Click Start -> Run and type in net user Test P@$$w0rd /add and click OK. This creates a standard user account named Test with a password of P@$$w0rd. Remember from Part 4 that any user account that needs access to any XenApp server must be a member of the Remote Desktop Users security group. Does that mean you need to add this new user account, Test, to the Remote Desktop Users security group? No, you do not. One of the decisions you made in Part 4 was to add the Authenticated Users to Remote Desktop Users. Any user account that successfully authenticates with Windows is automatically placed in Remote Desktop Users and has the necessary security privileges.
You will now learn to publish the Notepad text editor. Click the "+" sign next to your farm name, Learning, which is in the left column of the AMC.
Click Applications.
Note: Applications is actually a folder and you can create sub-folders to segregate various applications. For example, you could have underneath Applications, folders for Payroll, Accounting, Graphics, Intranet, Microsoft Office, etc. Sub-folders can have sub-folders. How many sub-folder levels can you create? In my testing, I stopped once I reached a sub-folder depth of 16 levels.
In the middle column, under Common Tasks, click New, then Publish application.
The Publish Application wizard starts. Click Next.
Enter Notepad for the display name then click Next.
Note: The Display name must be unique to an Application Folder.
Application description is optional and the wizard will make it the same as the display name if nothing is entered.
Note: If the same Display name is used in another folder then an alphanumeric suffix is added to the Application Description so that the Application Description is unique to the Farm. In my testing, I created two sub-folders, test1 and test2, under Applications. I published Notepad in each folder and then checked their Application Description setting. The original published Notepad in the Applications folder had an Application Description of "Notepad". The one in the test1 sub-folder had an Application Description of "NotepadA2EA" and the one in the test2 folder was "Notepad102E". Why is this important? If you publish three versions of Notepad and all three have the same display name, how does the server know which one to run when a user clicks the Notepad icon in the Web Interface? Simple, it browses on the Application Description - not the Display Name. The Display Name is the name displayed to the user and to you in the AMC. The internal processes of the Farm and Data Store use the Application Description.
There are three types of applications you can publish for your users:
-
The server's desktop, so that users can access all of the resources available on the server. Citrix recommends that you not publish server desktops unless they are sufficiently locked down so that users cannot access sensitive areas of the operating system.
-
Content such as documents, spreadsheets, Web pages, media files and URLs.
-
Applications installed on XenApp servers.
Click Next to accept the default of Application Accessed from a server.
When entering the command line for an application, you can either type in the full command line or browse to the executable. Click Browse.
Note: If the full path to the program executable contains spaces then you must put double quotes around the command line. For example, you want to publish the Access Management Console for your Farm Administrators. The command line would be "C:\Program Files\Common Files\Citrix\Access Management Console - Framework\CmiLaunch.exe". The Working Directory does not need the double quotes.
Note: Isolate application has been removed in XenApp 5 for Server 2008. Citrix recommends that application streaming be used instead of Application Isolation Environments.
Double-click C:.
Double-click Windows.
Scroll down to and double-click System32.
Scroll down to and double-click notepad.exe and click OK.
Click Next.
The Servers screen allows you to select which XenApp server(s) will serve this Published Application.
One common misconception an Accidental Citrix Admin may have is to believe that every XenApp server must have the same applications installed. It is possible to have five XenApp servers each with one installed application. Citrix terms this an Application Silo. This may be necessary for a processor or graphics intensive application or a badly written application that is business critical. One example of a badly written application is one that requires a specific version of a DLL and crashes if another version exists on the server. Microsoft calls this DLL Hell.
You may also decide to not add a server at this time. Doing so marks this application as disabled. This prevents users from seeing it on the Web Interface.
You can also Import a list of servers from an XML file with a ".asl" file extension. You will learn about that type of file later in this article.
Click the Add button.
Select Servers will show you all the XenApp servers in your Farm. You use the standard Windows selection process to select your server(s).
Double-click CITRIXONE and click OK.
Click Next.
Citrix Best Practice is to control access to Published Applications with Security Groups and not individual users. For this article, our users are in the Users group. Click the Add button.
Double-click CITRIXONE.
Note: If you have a large Directory structure, you can click the Add List of Names button and enter a semicolon separated list of names in the format domain\username. To manually enter your Users security group, you would click the Add List of Names button and type in CitrixONE\Users.
Scroll down and double-click Users.
Click OK.
Click Next.
On the Shortcut Presentation dialog, you can change the application's icon and select a location where to place a shortcut to the application.
Click Next.
There is one annoying default setting you need to change. By default every application will play the Windows startup sound when it is launched. I recommend disabling this "feature".
Check Configure advanced application settings now and click Next.
Advanced Access Control is beyond the scope of this article.
Click Next.
For this article, you are not using a XenApp Services site or the Program Neighborhood Agent. Content redirection from client to server is available only for users connecting with the Program Neighborhood Agent. When a file type is selected here, the registry on the client's device gets updated so that the Published Application is run. If you select the ".txt" file type, then on the client, any file with the extension ".txt" is opened with this Published Application and not an application on the client's device.
Click Next.
You can use the Limits dialog to help enforce license restrictions and how many copies of a Published Application a user may run at one time. For example, you have a license for five copies of Photoshop. You could check to Limit instances allowed to run in server farm and change the number to 5. XenApp will now only allow five instances of Photoshop to run on all XenApp servers in the farm. Even if you had Photoshop installed on ten XenApp servers, the sixth user who attempted to launch Photoshop would be denied.
It is also possible that one user could launch five instances of Photoshop. To prevent this, you can limit how many instances of an application a user can launch.
Note: Enabling either or both of these options can have a negative impact on application performance. As an extreme example, say you had 50 XenApp servers in your farm and were serving 100 users per server. That would give you 5,000 users in your environment. Every time a user attempted to launch Photoshop, the Data Collector would have to collect data on all 50 servers and 5,000 users to determine how many instances of Photoshop were running in the farm and if the user exceeded their instance allowance. Imagine the network and application performance impact this would have if everyone attempted to log in to the Web Interface and launch Photoshop between 8AM and 8:15AM!
CPU priority level is used for the new Preferential Load Balancing which is available only on XenApp 5 for Server 2008 - Platinum Edition. This allows for preferential treatment for users and applications. In our Microsoft Word example, you could make sure the company executives could use Microsoft Word without performance worries. You would create this Published Application and only allow the Executive security group access, set the CPU priority level to high and set the corresponding Citrix Policy so the Executive security group was also a high priority. Once both items have been set, your Executives would never have to worry about the performance of Microsoft Word.
Click Next.
Uncheck the box Enable legacy audio to remove all Windows sounds from this Published Application and click Next.
What if you need audio for the application but don't want the Windows startup sound? The sounds the user receives are the sounds set on each XenApp server. You would need to go to Control Panel -> Sounds and Audio Devices -> Sounds and select Start Windows in Program Events and change the sound to "none". This would need to be done on every XenApp server hosting the application.
You can also set encryption levels. For this instance of Notepad you can keep the default encryption level of Basic. For a Payroll or HR application you may want to set the encryption level to 128-Bit (RC-5).
If the application needs printers prior to starting, uncheck the box. Otherwise, leave this box checked to speedup application launching.
You can set the windows size of the application, its color depth, hide the title bar and maximize the application when it starts.
Click Finish to accept all the defaults.
You are back at the AMC. Click the "+" next to Applications.
You see your new Notepad published application.
Now that you have been taught how to publish an application, it is your exercise to publish Microsoft Paint. The executable is MSPaint.exe located in the same folder as that of notepad.exe. Use a Display Name of Paint, all other settings will be the same as what you just learned with Notepad.
When you are done, your AMC should look like:
You are now ready to test accessing these two applications with a standard user account. Start Internet Explorer and go to http://CitrixONE/Citrix/XenApp.
Log in using user Test with password P@$$w0rd and click the Log In button.
Your Test user now has access to the two Published Applications.
Click the Notepad icon to launch Notepad.
The Client File Security popup appears. For a full explanation of Client File Security, please see this article.
Click Full Access and Never ask me again and then click OK.
Notepad appears.
Move Notepad to where you can see the Paint icon and click the Paint icon. The Paint application will now appear.
Both Paint and Notepad are successfully running.
You have successfully tested two Published Applications with a standard Windows user.
Exit Paint and Notepad and click Log Off and exit Internet Explorer.
There are a few basic Farm administrative tasks that The Accidental Citrix Admin needs to do to ease Farm maintenance and to aid for when disaster strikes.
First you need to create a folder to contain all the files you need to backup.
Click Start -> Run, type in CMD and click OK.
Type in md c:\ctxbackup and press Enter. This will make a folder to contain the files we need to backup.
Type in cd c:\ctxbackup and press Enter.
You command prompt should say c:\ctxbackup>
To backup IIS:
Type in cscript //h:cscript and press Enter. This sets the default script host for VBScript files to cscript.exe.
Type in iisback /backup and press Enter. This will back up the IIS Metabase and Schema to c:\windows\system32\inetsrv\metaback.
Type in copy c:\windows\system32\inetsrv\metaback and press Enter. This copies the iisback backup files to the c:\ctxbackup folder.
To backup the Data Store:
Type in dsmaint backup c:\ctxbackup and press Enter. This backs up the Access Data Store only.
Minimize the command Window.
To backup the Web Interface site:
In the AMC, click your Web Interface site, http://CitrixONE/Citrix/XenApp, in the left column and then click Export configuration in the middle column in the Other Tasks area.
Save the file to the c:\ctxbackup folder and click Save.
Note: If you have multiple Web Interface sites, you will need to Export each site.
Note: If you have multiple Web Interface sites, you can change the name of the file. If you have two sites named Internal and External, you can, for example, name the files Internal.conf and External.conf.
To backup Published Applications:
Click a Published Application in the left column, then in the middle column in the Other Tasks section, click Export Application settings to a file and then click Entire Application. Save the file to the c:\ctxbackup folder and click Save.
You will need to repeat this for every Published Application.
You will notice that one of the options for the Export is "Server List Only". This will generate the XML file with the ".asl" extension you can use to import a list of servers when publishing an application.
Hint: You can back all your applications to one file. Click Applications in the left column, then in the right column, in the Application area, you can use the Windows selection methods to select applications to include in the backup file. Once your applications are selected, right-click one of the applications, click All Tasks, click Export application settings to a file and then click Entire Application. The default filename is the name of the first selected application in the list of applications. Be sure to change the name to one that makes sense for your backup scheme.
Restore your command window, type dir and press Enter. You should see all the files you need to include in your backup procedures.
In this section, you have created a test user account, learned to publish applications, tested access to the published applications from the Web Interface site and learned to perform basic XenApp server administrative tasks. This process took me 10 minutes and 25 seconds. The total time for Parts 2 through 7 is 2 hours 2 minutes and 17 seconds. So roughly 2 hours to go from creating a Virtual Machine to testing access to Published Applications and learning a few basic Farm Administrative tasks.
You have now learned how to complete all the goals set out for you in this 7-part series. You have:
-
Created your MyCitrix.com account
-
Requested your evaluation license code
-
Downloaded your product license file
-
Downloaded XenApp 5 for Server 2003 and the XenApp 5 Components
-
Learned to install Windows Server 2003 R2 x86
-
Installed the prerequisites for XenApp 5 for Server 2003, Web Interface and the Citrix License Management Console
-
Updated Windows Server 2003 R2 x86
-
Learned to install XenApp 5 for Server 2003
-
Learned how to update XenApp 5 for Server 2003
-
Learned how to create a Web Interface site and set basic configuration settings
-
Created a test user account
-
Learned how to publish applications
-
Tested access to the published applications
-
Learned basic XenApp farm maintenance procedures
If there is anything else you would like covered please send an e-mail to webster@carlwebster.com
Thanks
Webster
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
If you would like to read the other parts in this article series, please go to:
In Part 5 of this series, you successfully updated the License Server to version 11.5, installed the Microsoft Visual C++ 2005 SP1 Redistributable Package, upgraded the Access Management Console to version 4.6.2 and installed Hotfix Rollup Pack 3 for XenApp 5 for Server 2003.
In Part 6, you will learn to create a Web Interface site and do basic configuration of that site to allow users access.
At the end of Part 5, you restarted your Virtual Machine (VM). Login to Windows and you are at the server's desktop with the Citrix ICA Toolbar at the far right.
Since the ICA Toolbar has been removed from XenApp 5 for Server 2008 and all future XenApp versions, you will not use it in the article. This will also give you more space on your screen for the management consoles. Right-click an empty spot on the toolbar and select Exit.
What is ICA? Independent Computing Architecture (ICA) is a proprietary protocol designed by Citrix for application servers. The ICA protocol lays down a specification for passing data between server and clients, but is not bound to any one platform.
Click No on the ICA Administrator Toolbar popup.
To start the Access Management Console, click Start -> All Programs -> Citrix -> Management Consoles -> Access Management Console.
The first time you start the Access Management Console, the Configure and Run Discovery process starts. This process discovers all the Citrix Products, Components, XenApp Servers and Web Interface sites that are installed on this server. Click Next.
In a Best Practice scenario, the Web Interface component would be installed on a separate server in the DMZ. In that case, on the XenApp server, you would uncheck to discover Web Interface sites. Then on the Web Interface server, you would uncheck discovering Presentation Servers. Click Next.
The Configuration Servers screen is used to discover Web Interface Configuration Servers. Configuration Servers are an attempt by Citrix to ease the deployment of multiple Web Interface servers so that all sites maintain the same configuration. This central Configuration Server, while a good idea, rarely worked and was hard for Citrix to support. In XenApp 5 for Server 2008, and all future versions of XenApp, the Configuration Server has been removed. Since this article is using only one server, click Next to accept the default of Discover sites installed on this computer.
Click Add Local Computer.
For your production Farm, you would then click the Add button and add every server in your Farm you wanted to manage from this XenApp server.
Click Next.
Click Next.
Click Finish.
You are now at the Citrix Access Management Console (AMC).
There are three ways to accomplish the same task in the AMC:
- Right-click an item and select an action
- Click the AMC Action menu and select an action
- Click an Action in the middle column of the AMC in either the Common Tasks or Other Tasks areas.
You will use the last of these methods in this article.
Click Web Interface in the left column under Citrix Resources -> Configuration Tools and then click Create site in the middle column under Common Tasks.
The Create Site wizard starts. Click Next to accept the default of XenApp Web.
The XenApp Services site is what is created to use the PNAgent client. Conferencing Manager has been discontinued with XenApp 5 for Server 2008.
Click Next on the Specify IIS Location screen.
You can create separate IIS sites, for example, to have different sites for Internal and External users. With different sites you can configure different authentications methods. Users internal to your network can enter their username and password but you can require external users to use Smart Cards, Two Factor Authentication or one of several other authentication methods.
If you create separate IIS sites, you would enter their paths in the Path box.
In a Best Practice scenario where Web Interface is installed on a separate server, you would check the box for Set as the default page for the IIS site. Since you have both the License Management Console and Web Interface installed on the same server you must not check that box. Doing so will break the License Management Console.
Next is the Specify Point of Authentication. There are two options: At Web Interface and At Microsoft AD FS account partner. The default is At Web Interface. The two screen shots explain the two options better than I can. Click Next to accept the default of At Web Interface.
Click Next on the Confirm Settings screen.
Make sure Configure this site now is checked. Click Next.
Change the Farm name from Farm1 to Learning and then click the Add... button.
Enter CITRIXONE for the server name and click OK.
Click Next.
In Part 4, you selected to share the XML Service Port between IIS and the XML Service. If the port number had been changed during install, or from the command line after installation, you would enter the new port number here.
This information is taken from the Web Interface Administrator's Guide for Web Interface 4.6 pages 72 and 73.
You can configure the following authentication methods for the Web Interface:
Explicit. Users are required to log on by supplying a user name and password. User principal names, Microsoft domain-based authentication and Novell Directory Service are available. For XenApp Web sites, RSA SecurID and SafeWord authentication are also available.
Pass-through. Users can authenticate using the credentials they provided when they logged on to their Windows desktop. Users do not need to reenter their credentials and their application set appears automatically. Additionally, you can use Kerberos authentication to connect to servers. If you specify the Kerberos authentication option and Kerberos fails, pass-through authentication also fails and users cannot log on.
Pass-through with smartcard. Users can authenticate by inserting a smart card into a smart card reader attached to the client device. The Program Neighborhood Agent prompts you for a smart card PIN when you log on. After logon, you can access your set of published applications and content without further logon prompts. Users connecting to XenApp Web sites are not prompted for a PIN.
Smart card. Users can authenticate using a smart card. The user is prompted for a PIN.
Anonymous. Anonymous users can log on without supplying a user name and password and launch applications published for anonymous users on the server.
Click Next to accept the default of Explicit.
When users go to the Web Interface site, they will need to enter a user name, password and a domain name. You may not want your users having to know or remember the domain name. You can pre fill-in the domain name to keep users from having to know this information. For this article, you will enter the domain name, which is the server name, of CITRIXONE.
Click Restrict domains to the following click the Add button.
Enter CITRIXONE for the logon domain name and click OK.
Click Next.
Click Next.
Your users can access your Web Interface site directly, using a URL like http://citrix.domain.com/ or using Advanced Access Control.
You can also allow your users to save links to Published Applications in their Favorites list, shortcuts list or on their desktop.
From the Web Interface Administrator's Guide, page 52:
"
Using Advanced Access Control as your access method controls user access to resources through the use of access control policies and filters. This permits the use of endpoint analysis as a condition for application access, along with other factors.
By default, pass-through authentication is enabled for users accessing the Web Interface using Advanced Access Control. Users log on using Advanced Access Control and do not have to reauthenicate to the Web Interface to access their applications. To increase security, you can disable pass-through authentication by selecting the
Prompt user for password before displaying the application list check box.
You can update these settings at any time using the Manage access method task."
Using Advanced Access Control is beyond the scope of this article.
Click Next.
Click Finish on the Confirm Settings screen.
You are now back at the AMC with your Web Interface site created. Click the "+" next to Web Interface.
You now see your Web Interface site. Since this is not the default site for IIS you, and your users, will have have to enter the entire site URL of http://CitrixONE/Citrix/XenApp.
The Create Site wizard has completed the basic configuration. Now you need to test whether your site will load and display the log in page.
Start Internet Explorer and go to http://CitrixONE/Citrix/XenApp. You will see a link that says "Please click here if you are not automatically redirected". Do not click that link. Wait for the log in page to display.
On my VM, it took 33 seconds for the log in screen to appear.
Why so long? It takes a long time because the web site has to be compiled before it can be displayed the first time it is accessed each day.
Will your users have to wait that long? Yes, but only their first time each day.
By default, the site is set to be recompiled every day at 2AM. The only way to speed up getting to the log in page is to click the link to be automatically redirected. The site will continue to compile in the background.
Hint: An Exchange MVP friend showed me how to get around this delay. Change to c:\Windows\Microsoft.NET\Framework\v2.0.50727 and type in aspnet_compile -v /Citrix/XenApp (ignore all the "value is never used" messages). The web site access should now take less than 2 seconds. This is only valid when done immediately after creating the site.
Enter the Administrator's name and password.
At this point, there are no Published Applications to run. You have verified your site was created, loaded and logged into successfully.
To verify there is no 33 second wait to get back into the site, click the Log Off button and exit Internet Explorer. Start Internet Explorer again and go back to http://CitrixONE/Citrix/XenApp. The log in screen appears very quickly now. Exit Internet Explorer.
This process took me 3 minutes and 43 seconds. With the times from Parts 2 through 5 the total time is 1 hour 51 minutes and 52 seconds.
You learned to create a Web Interface site and do basic configuration of that site to allow users access. In Part 7, you will create a test user account, learn to publish applications, test access to the published applications from the Web Interface site and to perform other basic XenApp server administrative tasks.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
This article was updated on January 2, 2009.
If you would like to read the other parts in this article series, please go to:
In Part 4 of this 7-part article, you installed XenApp 5 for Server 2003 - Platinum Edition. In Part 5, you will upgrade the License Server to version 11.5, install the Microsoft Visual C++ 2005 SP1 Redistributable Package, update the Management Console to version 4.6.2 and install the Hotfix Rollup Pack 3 for XenApp 5 for Server 2003.
When you completed Part 4, you had just restarted your Virtual Machine (VM). Log into Windows, start Internet Explorer and go to http://support.citrix.com/.
In the left column, click XenApp.
Click XenApp 5.0 for Windows Server 2003
Click View all (1 more) to the right of Hotfixes for XenApp 5.0 for Windows Server 2003 x86.
Click Hotfix Rollup Pack 3 for Citrix XenApp 5.0...
Click the Download button or the Down Arrow button or PSE450W2K3R03.msp. 
Note: Deciphering the file name PSE450W2K3R03.msp.
-
PSE - Presentation SErver
-
450 - Version 4.5
-
W2K3 - For Windows Server 2003 x86. For Windows Server 2003 x64 this would be W2K3X64.
-
R03 - Hotfix Rollup Number 3.
-
msp - MicroSoft Patch file format.
In Citrix lingo, this file is called HRP03 for Hotfix Rollup Pack #3.
Save this file...
To the server's desktop.
Once HRP03 has finished downloading, back on the web page, scroll down until you get to the Important Note(s) about This Release section.
It is extremely important that you ALWAYS read the documentation that comes with Citrix product and Component updates. You will see a note that "your Citrix License Server must be at version 11.5 to install this hotfix rollup pack". Missing this prerequisite would cause you a lot of grief if your server had stopped working when you applied HRP03 BEFORE upgrading your license server. There is also a note that "the Microsoft Visual C++ 2005 SP1 Redistributable Package (x86) must be installed on all servers before installing this hotfix rollup pack". Please notice this says "...on ALL servers BEFORE installing...". This means this Visual C++ package MUST be installed on ALL of your XenApp servers BEFORE you install HRP03 on the FIRST XenApp server.
Let me stress again - IT IS EXTREMELY IMPORTANT that you read ALL the documentation that comes with ALL Citrix Product and Component updates. Failure to do so can have disastrous consequences for your production XenApp Farm and Data Store.
Click Microsoft Web site.
Click the Download button.
Save the file...
To the server's desktop.
After the file finishes downloading, click No thanks on the Microsoft Download Center beta offer.
The next two updates you need are found on your MyCitrix.com site. With Internet Explorer still open, go to http://www.mycitrix.com.
Login to your MyCitrix.com account.
Click Downloads.
Click the Dropdown by Search Downloads by Product
Scroll down and click on Citrix XenApp (the new name for Presentation Server).
Scroll down to the Components section and click Access Management Console for Windows Server 2003.
Click Download.
After clicking Download you should be presented with the Download Agreement dialog box. There are times where it may take multiple tries to get to this screen. The first time, you may see a "requested file does not exist" popup. Exit out of that popup and click Download again. The second time, you may see a "Your account does not allow you to access the requested resource". Exit out of that popup and click Download again. The third time is usually the charm and you should see the Download Agreement dialog. Click the checkbox next to "I have read and certify..." and click Accept.
Click Yes on the Security Alert popup.
You now receive a Popup Window for the Download Manager. You can either use the Download Manager or not. Since you will be downloading two files, go ahead and install the Download Manager add-on.
Select the Desktop as the location to save XA5_W2K3_AMC.zip.
When the file has finished downloading, minimize Download Manager.
Click Back to results.
Scroll down to the License Server section. Click License Server - Version 11.5 for Windows NEW!.
Click Download.
After clicking Download you should be presented with the Download Agreement dialog box. There are times where it may take multiple tries to get to this screen. The first time, you may see a "requested file does not exist" popup. Exit out of that popup and click Download again. The second time, you may see a "Your account does not allow you to access the requested resource". Exit out of that popup and click Download again. The third time is usually the charm and you should see the Download Agreement dialog. Click the checkbox next to "I have read and certify..." and click Accept.
Click Yes on the Security Alert popup.
Save the CTX_Licensing.exe file to the server's desktop.
When both files have finished downloading, exit Download Manager.
Answer Yes to the confirmation popup.
Exit Internet Explorer. You are now at the server's desktop.
Note: Most Citrix Farms have more than one XenApp server. When there are multiple XenApp servers, they must be upgraded in a specific sequence:
- Data Collectors
- Database Connection Server
- Member Servers
To find your Data Collectors, go to a command prompt and type in qfarm /zone.
Qfarm /zone shows you the server that must be upgraded first in each Zone. The Database Connection Server is the XenApp server used by other XenApp servers to connect to the Data Store and is discussed in this article. Member servers are all XenApp servers that are not either Data Collectors or Database Connection Servers.
Double-click the CTX_Licensi... icon.
Change the Unzip to folder location to C:\LIC11.5 and click the Unzip button.
Click OK.
Click the Close button.
Click Start -> Run and type in c:\lic11.5\Licensing\CTX_Licensing.msi and then click OK.
Click Next.
Click Next.
Click Finish.
You are back to the server's desktop. Double-click the vcredist_x8... file and then click Run.
Click Yes to the Microsoft License Agreement.
After the Microsoft Visual C++ 2005 SP1 Redistributable Package installs, you are back to the server's desktop. Double-click the XA5_W2K3_.. file and, using the unzip utility you installed in Part 4, extract the file to C:\AMC462.
Click Start -> Run and type in c:\amc642\CtxInstall.exe and then click OK.
Click Next.
Click I accept the license agreement and then click Next.
All the Access Management Console components to be upgraded have been checked by the installer. Click Next.
Click Next.
Click Finish.
Click Yes to restart your VM.
After your VM restarts, login to Windows. Double-click the PSE450W2... file and click Open.
Click Next.
Click Close.
Click OK to restart your VM.
You have now successfully updated the License Server to version 11.5, installed the Microsoft Visual C++ 2005 SP1 Redistributable Package, upgraded the Access Management Console to version 4.6.2 and installed Hotfix Rollup Pack 3 for XenApp 5 for Server 2003. This process took 17 minutes for me. With the time from Part 2, Part 3 and Part 4, the total time is 1 hour, 48 minutes and 9 seconds.
In Part 6, you will learn to create a Web Interface site and do basic configuration of that site to allow users access.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
This article was updated January 6, 2009.
If you would like to read the other parts in this article series, please go to:
In Part 3 of this 7-part article, you learned how to install the Windows Server 2003 prerequisites for XenApp 5, the License Server and Web Interface and all Windows security updates. In Part 4 of this article, you will learn how to install XenApp 5 for Server 2003 - Platinum Edition and your Citrix product license.
When you finished Part 3, you had just verified there were no additional Windows Updates available and exited Internet Explorer. This left you at the server's desktop. There are a few things that need to be done before you start installing XenApp 5 - Platinum Edition. First, you need to install your favorite unzip utility. The unzip capability in Windows Server 2003 R2 cannot be used to extract the files you downloaded from the MyCitrix web site. Downloading and installing your unzip utility is left for you to complete.
Note: The commercial WinZip and WinRAR utilities are an option for this, as are the freeware utilities InfoZip and 7-Zip.
After you install your unzip utility, you need to configure your Virtual Machine (VM) to allow access to the license and XenApp 5 files downloaded from your MyCitrix web site.
Right-click the VMware Workstation tab for your Learning XenApp 5 VM and click Settings...
Click the Options tab.
Click Shared Folders
Click Always enabled
Check Map as a network drive in Windows guests
Click the Add button.
Click Next on the Add Shared Folder Wizard.
Click the Browse button.
Browse to the folder that contains the files downloaded from your MyCitrix web site, select that folder and then click OK.
Click Next on the Add Shared Folder Wizard.
Verify that Enable this share is checked and that Read-only is not checked and then click Finish.
Click OK on the Virtual Machine Settings.
You will now be back at the server's desktop. Click Start and My Computer.
You will now see your shared folder mapped as Drive Z.
Note: What is .host? .host is how VMware Workstation refers to the host computer running VMware Workstation.
Double-click the Z: drive and navigate to where you placed the XenApp 5 Server Zip file XA5_EN_W2K3.zip. XA5_EN_W2K3.zip is the XenApp Server CD image you downloaded from your MyCitrix site in Part 1.
Double-click the Zip file. Answer Yes to the security message. The "potential security flaw" is a protection feature that Microsoft added in update 921398 referenced as MS06-045.
Extract the Zip file to C:\XA5CD1.
After that file is unzipped, navigate to the XenApp 5 Components Zip file, XA5_EN_COM_W2K3.zip. XA5_EN_COM_W2K3.zip is the XenApp 5 Components CD image you downloaded from your MyCitrix site in Part 1.
Double-click the Zip file. Answer Yes to the security message. The "potential security flaw" is a protection feature that Microsoft added in update 921398 referenced as MS06-045.
Extract the file to C:\XA5CD2. Close all open Programs and Windows except the C:\XA5CD2 Explorer Window.
You now need to fix a bug in the installation files. The version of the Web Interface that will be installed with XenApp 5 on Server 2003 is not Web Interface 5 but Web Interface 4.6. The Citrix Clients that will be installed are the Version 11 clients. Web Interface 4.6 does not know how to use the Version 11 client files. You need to rename one of the client files to allow Web Interface 4.6 to work properly in your testing environment. This has been documented in Citrix Support Article CTX118567.
Double-click the Clients folder.
Double-click the ica32 folder.
You now see the three Version 11 Citrix Client files.
The file you need to rename is XenAppWeb.msi. Right-click XenAppWeb.msi and select Copy.
Right-click an empty area just underneath XenAppWeb.msi and select Paste.
You will now have a file named Copy of XenAppWeb.msi. Right-click that file and select Rename.
Rename the file to ica32web.msi.
You have completed the steps documented in CTX118567. You are now ready to begin installing XenApp 5.
NOTE: Most people believe that XenApp can only be installed on a network that uses either Active Directory or eDirectory. That is not true. XenApp can be installed on a stand-alone workgroup computer, as well as UNIX versions for Solaris, AIX and HP-UX.
Navigate to C:\XA5CD1 and double-click Autorun.exe.
NOTE: XenApp was previously known as Presentation Server and before that as MetaFrame. Citrix renamed Presentation Server to XenApp in February 2008. This is very confusing but you will still see references to all three product names in various places. The Citrix web site, MyCitrix.com and tech support articles refer to XenApp. The installation and most product documentation refer to Presentation Server. Most of the event log entries still refer to MetaFrame. The MetaFrame product name has not been used since 2005. Another point of confusion is the product component name Web Interface. Web Interface has been the component name since sometime between 2001 and 2003. The prior component name was nFuse. You will still see the name nFuse in many Citrix configuration files.
When Citrix released XenApp 5 for Server 2008 they also rebranded Presentation Server 4.5 with Feature Release 1 as XenApp 5 for Server 2003. There is NO core difference between XenApp 5 for Server 2003 and Presentation Server 4.5 with Feature Release 1. Even though you are installing what Citrix calls XenApp 5, ALL the installation screens, prompts and documentation still refer to the product as Presentation Server 4.5.
After you double-click Autorun.exe, the XenApp 5 installation starts.
Click Product installations and updates.
Click Install Citrix Presentation Server 4.5 and its components.
Click I accept the license agreement AND scroll all the way down to the end of the Citrix License Agreement or click in the License Agreement box and press Ctrl+End. If you do not scroll to the bottom, you will receive an error. Click OK on the error.
Click Next.
Click Next.
Citrix does not recommend that the License Management Console and the Web Interface be installed on the same server. If you do, then the Web Interface must be installed first and then the Citrix License components. In the next screen, you will see that the Citrix Licensing is deselected by default.
NOTE: If you do not see the option for the Web Interface, that means IIS and ASP.NET have not been installed. Please cancel this installation, return back to Part 3 and make sure you follow all the steps to install the prerequisites.
Click on Citrix Licensing and select Entire feature will be installed on local hard drive. The Web Interface components will be installed first by the installer. This allows you to install both components on a single server. However, Best Practice is to install the Citrix Licensing on a server NOT in the XenApp Farm and to install the Web Interface on a separate server that is not a domain member in the DMZ. Since this learning server is not a production server, you can safely install all XenApp components on one server.
All six components are now selected. Click Next.
Click Next.
You need to install all the Access Management Consoles for this Learning series. Click Next.
Click Next.
The Access Management Console components are installed.
Click Finish.
You will see either see pop-ups or pop-unders showing Microsoft Visual J# and the initial Web Interface components are being installed without user interaction.
Click Next.
Accept the default destination folder for the Web Interface components. Click Next.
Click Install the Clients from the Components CD-ROM and click Browse.
Browse to C:\XA5CD2. Double-click the XA5CD2 folder.
Double-click the Clients folder.
Click OK.
Click Next.
Click Next.
Click Finish.
The Java Runtime is now installed. Even if you install Java Runtime, Update 11 (or later) prior to installing XenApp 5 or Web Interface, the XenApp installer will still install the Java Runtime, Update 9.
Click Next.
Accept the default destination folder for Citrix Licensing and click Next.
Click Next.
Accept the default location for the license files. Click Next.
Click Next to accept the default Web server of IIS.
Click OK to restart Microsoft IIS Server and click Next. You cannot click Next until you select the option to restart IIS.
Click Next.
Click Finish.
Click Next.
Scroll down until you see Program Neighborhood Agent.
Click Program Neighborhood Agent and select Entire feature will be unavailable and click Next. Program Neighborhood Agent requires access to a Web Interface site that doesn't exist yet and that you will not be creating in this series. To prevent the error message from appearing every time you login to the VM, you should just not install the Agent.
Citrix recommends enabling Pass-through Authentication for the Pass-through Client. When a user connects to applications published on different XenApp servers, pass-through client authentication enables XenApp to automatically pass the user's credentials from the initial server to the XenApp server hosting the next published application. This prevents the user from having to re-authenticate when opening applications on different XenApp servers.
Click Yes and then Next.
You can select whether to create a new farm or join an existing farm. You will be creating a new farm for this Learning article.
NOTE: What is a Farm? A Farm is a group of servers running XenApp that can be managed as a unit, enabling the administrator to configure features and settings for the entire farm rather than being required to configure each server individually. All the servers in a farm share a single data store.
NOTE: What is a data store? The data store provides a repository of persistent information about the farm that each server can reference, including the following:
-
Farm configuration information
-
Published Application configurations
-
Server configurations
-
Static policy configuration
-
XenApp administrator accounts
-
Printer configurations
Click Create a new farm and then click Next.
You will use the default database of Access and keep the default zone name. There are several databases that can be used for the Farm Data Store but the Access database requires no preinstall configuration on your part. The databases available for selection are:
-
Access
-
SQL Server Express
-
SQL Server
-
Oracle
-
DB2
The Zone name is simply a descriptive name for the zone. By default XenApp uses the Subnet ID. In XenApp 5 for Server 2008, the default Zone name is "Default Zone".
NOTE: What is a Zone? A Zone is a logical grouping of XenApp servers that share a common zone data collector. Zones allow the efficient collection of dynamic farm information. Each zone in a farm has exactly one data collector.
All of the member servers in a particular zone communicate their dynamic information to the data collector for their zone. The data collector then shares this information with all other data collectors in the farm.
NOTE: What is a zone data collector? A zone data collector is a server that stores and manages dynamic information about the servers in a zone, including:
Enter a new Farm name of Learning.
Click Next to accept the default Administrator account as the initial XenApp Farm Administrator and your server's name, CitrixONE, as the Domain.
.
For this Learning series, you do not need to enable IMA encryption. Since the data store is located on this XenApp server, there is no network traffic to encrypt.
Click Next
Enter CitrixONE as the Host name for the License Server.
Click Next.
You will now install the license file downloaded from MyCitrix. Click Install license for this product now and then click Next.
If you decide not to install licenses at this time, you will receive an error upon logging into the VM and after 96 hours the XenApp server will refuse to run.
Click the Open License Management Console button.
Click Step 2: Copy license file to this license server.
Click Browse.
Browse to your license file, click the license file and then click Open.
Click Upload.
Click close the browser window and return to the setup program.
Click Yes to close the License Management Console browser window.
Click Next to continue with the setup.
Shadowing can be a useful tool for user collaboration, training, troubleshooting and monitoring. This capability is useful for supervisors, help desk personnel, teachers, and anyone else who may need to examine another user's session. During Setup, you can limit or disable shadowing. You can disable shadowing of ICA sessions on all servers in a farm if, for example, legal requirements prohibit shadowing of user's sessions. Or, you may want to disable shadowing on servers that host sensitive applications such as Human Resources or Payroll.
The decision made on this screen cannot be changed without reinstalling XenApp. This is from page 66 of the XenApp 4.5 with Feature Release 1 (AKA XenApp 5.0 on Server 2003):
<quote>
Important: Shadowing restrictions are permanent. If you disable shadowing or
enable shadowing but disable certain shadowing features during Setup, you
cannot change the restrictions later. Any user policies you create to enable user-to-
user shadowing are subject to the restrictions you place on shadowing during
Setup. Do not disable shadowing as a substitute for user- and group-specific
connection policies.
Prohibit shadowing of user sessions on this server. Select this option to
permanently disable shadowing of user sessions on the server. If you disable
shadowing during Setup, you cannot enable it using other Citrix Presentation
Server configuration utilities or by creating connection policies.
</quote>
Click Next to accept the default of allowing shadowing.
Click Next to share the XML Port with IIS.
There are three main options and one sub-option for adding users to the Remote Desktop Users Group.
-
Add the Authenticated Users now. Authenticated Users includes all users and computers whose identities have been authenticated by Windows.
-
Add the list of users from the Users group now. The Users group is a built-in default group. Members of this group can perform common tasks, such as running applications, using local and network printers, and locking the server.
-
Skip this step and add users later. Allows you to manually add user to the Remote Desktop Users Group at a later time.
-
Add Anonymous users also. If checked will create 15 Anonymous user accounts named Anon000 through Anon014 and place them in the Anonymous Users Group. This group is then added to the Remote Desktop Users Group.
Note: What is the Remote Desktop Users Group? The Remote Desktop Users group allows the same access as the Users group, with the additional ability to connect remotely to the XenApp server. By using this group, you save administrative resources by not having to set up these rights for each user individually.
Click Add the Authenticated Users now and then click Next.
Note: Even if you uncheck Add Anonymous users also before you click Add the Authenticated Users now, the 15 anonymous user accounts are still created.
Click Finish on the Review screen.
Click Yes on the warning popup about security on the IIS Script folder.
Uncheck View the Readme file.
Click Close.
Click Next.
Click Next.
Click Finish.
Click Next.
Click Next to accept the default destination folder for the Document Center.
Click Finish.
The Installation Summary screen contains some incorrect information. XenApp 5 for Server 2003 installs the ICA Client 11.000 for Windows and the Citrix Streaming Client 1.2.
Click Finish.
Click Yes to restart your VM.
You have now successfully installed XenApp 5 for Server 2003 (Finally!). This process took 30 minutes and 4 seconds for me. With the time from Part 2 and Part 3, the total time is 1 hour, 31 minutes and 9 seconds.
In Part 5, you will upgrade the License Server to version 11.5, install a Microsoft Visual C++ prerequisite, update the Management Console and install Hotfix Rollup Pack 3 to XenApp 5.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
This article was updated on December 8, 2008.
If you would like to read the other parts in this article series, please go to:
In Part 2 of this 7-part article, you created your Virtual Machine (VM) and installed Windows Server 2003 R2 Standard x86. In Part 3 of this article, you will install the Windows Server 2003 prerequisites for XenApp 5, the License Server and Web Interface and all Windows security updates.
When you completed Part 2, you were at the Windows CTRL-ALT-DELETE prompt.
Before you start, the Windows Server 2003 R2 ISO image needs to be mounted to the VM's CD/DVD drive. Right-click the Learning XenApp 5 tab and click Settings...
Click CD/DVD (IDE)
Click Use ISO image file and then click Browse
Browse to your Windows Server 2003 R2 ISO image file, click the file and then click Open
Click OK
Press CTR-ALT-Insert to logon to the VM. The Administrator password is the password you entered in Part 2.
Because of a bug in VMware Workstation 6.5.1, the Windows' Computer Name must be changed before any prerequisites are installed. If the Computer Name is not changed, you will run into major issues in Part 4 and Part 5 with the Citrix License Management Console.
Click Start -> All Programs, right-click My Computer and click Properties.
Click the Computer Name tab.
Click Change.
In the Computer name box, type in CitrixONE and click OK.
Click OK on the popup.
Click OK on the System Properties dialog.
Click Yes to restart the VM. When the VM has restarted, login to Windows.
Click Start -> Control Panel -> Add or Remove Programs
Click Add/Remove Windows Components in the left column
Click the box next to Application Server and the click the Details... button
Click the box next to ASP.NET and then click OK
Scroll down to Internet Explorer Enhanced Security Configuration and click the box to remove the check mark. The Internet Explorer Enhanced Security Configuration needs to be disabled to prevent the annoyance of its popups when downloading updates from Microsoft and Citrix and when testing the Web Interface on this VM.
Scroll down and check the boxes next to Terminal Server and Terminal Server Licensing and click Next
Click Next on the Terminal Server setup notice
Click Next on the next Terminal Server Setup notice about Security. For this article you will not be installing any legacy software so the default selection of Full Security is OK.
Microsoft does not make Terminal Server Licenses for evaluation and testing purposes. The default time period for Temporary Terminal Server Licenses is 120 days. That should be more than sufficient for Learning the Basics of XenApp 5. Click I will specify a license server within 120 days and click Next
You will now chose to put your Terminal Server License Server in Per User mode. Per User mode is not tracked by Windows Server 2003, but is tracked by Windows Server 2008. You should always make sure you are in compliance with all of Microsoft's software license terms.
Click Per User licensing mode and click Next
Click Next
Windows will start installing the options you are adding and removing the option you deselected.
When the Windows Components Wizard is complete, click Finish
Adding Terminal Server in Application Server mode requires the server to be restarted. Click Yes to restart the VM
When the VM restarts, log back in to Windows. The Terminal Server Checklist appears. Click the "X" in the upper right corner of the Terminal Server Checklist window to Exit.
Now that you have installed all the prerequisites for XenApp 5 and components you can start installing Windows Updates. Click Start -> All Programs -> Windows Update
Windows Update needs to install an ActiveX control. Click Install on the Internet Explorer - Security Warning popup.
Windows Update now needs to install updated Windows Update software. Click Install Now.
Windows Update will download and install the updated software.
Once the updated software has been installed, the Windows Update screen appears. Scroll down until you can see the Custom button and click it.
The list of available High Priority updates is shown.
Scroll down until you see Windows Internet Explorer 7 for Windows Server 2003 (IE7). Click the box to the left of the "+" sign to unselect IE7 and then click the box to the left of Don't show this update again. IE7 is not necessary for your learning of XenApp 5. Removing IE7 also keeps you from having to download numerous updates.
In the left column, click Software, Optional. Scroll down until you see Microsoft .NET Framework 2.0: x86 (KB829019) and click the box to the left. Downloading the .NET Framework 2.0 and all its updates now speeds up the installation of XenApp 5. It also prevents you from having to download additional Windows Updates after XenApp 5 is installed.
Click Install Updates in the upper left column.
Click the Install Updates button on the Review and Install Updates screen.
Windows will now download and install the selected updates.
When the updates have been installed, click Restart Now on the Installation complete popup.
When the VM restarts, log back into Windows and keep installing Windows Updates until there are no High Priority updates and no Software, Optional updates for the .NET Framework 2.0.
You may now exit Internet Explorer. You have now installed all the prerequisites for XenApp 5, the License Server and Web Interface and installed all Windows security updates. This process took 36 minutes and 34 seconds for me. With the time from Part 2, the total time is 1 hour, 1 minute and 5 seconds.
In Part 4 of this article, you will install XenApp 5 for Server 2003 - Platinum Edition and your Citrix product license.
(c) Copyright 2009 Carl Webster, All Rights Reserved
This article brought to you by:
More Posts
Next page »