Learning the Basics of Citrix XenApp 5 for Windows Server 2008 (Part 4 of 7)

If you would like to read the other parts in this article series, please go to:

In Part 3 of this 7-part article, you learned how to install the Windows Server 2008 prerequisites for XenApp 5, the License Server and Web Interface and all Windows security updates.  In Part 4 of this article, you will learn how to install XenApp 5 for Windows Server 2008 – Platinum Edition and your Citrix product license.

When you finished Part 3, you had just verified there were no additional Windows Updates available and exited Internet Explorer.  This left you at the server’s desktop.

Click Start and Computer.

NOTE:  Most people believe that XenApp can only be installed on a network that uses either Active Directory or eDirectory.  That is not true.  XenApp can be installed on a stand-alone workgroup computer, as well as UNIX versions for Solaris, AIX and HP-UX.

Navigate to C:\XA5, right-click Autorun.exe, select Run as administratorand click Continue on the User Account Control dialog.

Click Platinum Edition.

Click Application Virtualization.

Click I accept the license agreement and click Next.

Click Next.

Citrix does not recommend that the License Management Console and the Web Interface be installed on the same server.  If you do, then the Web Interface must be installed first and then the Citrix License components.  In the next screen, you will see that the Citrix Licensing is deselected by default.

NOTE: If you do not see the option for the Web Interface, that means IIS and ASP.NET have not been installed.  Please cancel this installation, return back to Part 3 and make sure you follow all the steps to install the prerequisites.

Click on Citrix Licensing and select Entire feature will be installed on local hard drive.  The Web Interface components will be installed first by the installer.  This allows you to install both components on a single server.  However, Best Practice is to install the Citrix Licensing on a server NOT in the XenApp Farm and to install the Web Interface on a separate server that is not a domain member in the DMZ.  Since this learning server is not a production server, you can safely install all XenApp components on one server.

Click the “+” next to Passthrough Client.

Click Program Neighborhood, select Entire feature will be installed on local hard drive and click Next.

Citrix recommends enabling Pass-through Authentication for the Pass-through Client.  When a user connects to applications published on different XenApp servers, pass-through client authentication enables XenApp to automatically pass the user’s credentials from the initial server to the XenApp server hosting the next published application.  This prevents the user from having to re-authenticate when opening applications on different XenApp servers.

Click Yes and then Next.

Click Next.

Answer Yes to the Microsoft Visual C++ 2005 SP1 Redistributable Package license agreement.

Click Next.

Click Next.

Click Finish.

Click Next.

Accept the default destination folder for the Web Interface components.  Click Next.

Click Copy the clients to this computer and click Browse.

Browse to C:\XA5.  Double-click the XA5 folder.

Double-click the Clients folder.

Click OK.

Click Next.

Click Next.

Click Finish.

Click Next.

Accept the default destination folder for Citrix Licensing and click Next.

Click Next.

Accept the default location for the license files.  Click Next.

Click Next to accept the default license ports.  Unless these two TCP ports are already in use on your network, Citrix recommends the ports be left at their defaults.

 

Note:  With Citrix License Server 11.5, the static licensing ports are configured during the installation and are automatically open on the Windows Server 2008 firewall. The Macrovision License Manager software that Citrix uses, Lmgrd.exe, still uses default port 27000. Citrix.exe, the License Vendor Daemon, no longer uses a random port by default and now uses static port 7279. The licensing service has also been updated where newly added license files are automatically updated with the correct port numbers.

 

Click Next to accept the default Web server of IIS.

Click OK to restart Microsoft IIS Server and click Next.  You cannot click Next until you select the option to restart IIS.

Click Next.

Click Finish.

Click Next.

Click Next.

You can select whether to create a new farm or join an existing farm.  You will be creating a new farm for this Learning article.

NOTE:  What is a Farm?  A Farm is a group of servers running XenApp that can be managed as a unit, enabling the administrator to configure features and settings for the entire farm rather than being required to configure each server individually.  All the servers in a farm share a single data store.

NOTE: What is a data store?  The data store provides a repository of persistent information about the farm that each server can reference, including the following:

  • Farm configuration information
  • Published Application configurations
  • Server configurations
  • Static policy configuration
  • XenApp administrator accounts
  • Printer configurations

Click Create a new farm and then click Next.

You will use the default database of Access and keep the default zone name.  There are several databases that can be used for the Farm Data Store but the Access database requires no preinstall configuration on your part.  The databases available for selection are:

  • Access
  • SQL Server Express
  • SQL Server
  • Oracle
  • DB2

The Zone name is simply a descriptive name for the zone.  By default XenApp 5 for Windows Server 2008 uses “Default Zone”.

NOTE: What is a Zone?  A Zone is a logical grouping of XenApp servers that share a common zone data collector.  Zones allow the efficient collection of dynamic farm information.  Each zone in a farm has exactly one data collector.  All of the member servers in a particular zone communicate their dynamic information to the data collector for their zone. The data collector then shares this information with all other data collectors in the farm.

NOTE: What is a zone data collector?  A zone data collector is a server that stores and manages dynamic information about the servers in a zone, including:

  • Published Applications usage
  • Server load
  • User sessions
  • Online servers
  • Connected sessions
  • Disconnected sessions
  • Load balancing information

Enter a new Farm name of Learning.

Click Next to accept the default installation account as the initial XenApp Farm Administrator and your server’s name, CitrixONE, as the Domain.

.

For this Learning series, you do not need to enable IMA encryption.  Since the data store is located on this XenApp server, there is no network traffic to encrypt.

Click Next

Enter CitrixONE as the Host name for the License Server and Click Next.

You will now install the license file downloaded from MyCitrix.  Click Install license for this product now and then click Next.

If you decide not to install licenses at this time, you will receive an error upon logging into the VM and after 96 hours the XenApp server will refuse to run.

Click the Open License Management Console button.

Logon to the License Management Console with CitrixONE\YourUserName and password.

Click Step 2: Copy license file to this license server.

Click Browse.

Browse to your license file, click the license file and then click Open.

Click Upload.

Click close the browser window and return to the setup program.

Click Yes to close the License Management Console browser window.

Click Next to continue with the setup.

Shadowing can be a useful tool for user collaboration, training, troubleshooting and monitoring. This capability is useful for supervisors, help desk personnel, teachers, and anyone else who may need to examine another user’s session.  During Setup, you can limit or disable shadowing.  You can disable shadowing of ICA sessions on all servers in a farm if, for example, legal requirements prohibit shadowing of user’s sessions.  Or, you may want to disable shadowing on servers that host sensitive applications such as Human Resources or Payroll.

The decision made on this screen cannot be changed without reinstalling XenApp.  This is from page 71 of the XenApp Installation Guide for XenApp 5 for Windows Server 2008:

<quote>

Important: Shadowing restrictions are permanent. If you disable shadowing or enable shadowing but disable certain shadowing features during Setup, you cannot change the restrictions later. You must reinstall XenApp on the server to change shadowing restrictions.

Any user policies you create to enable user-to-user shadowing are subject to the restrictions you place on shadowing during Setup.

Shadowing is a server-level setting, so you can enable shadowing on one server and disable it on another. Because shadowing restrictions are permanent, you cannot rerun Setup to configure shadowing after you create your farm if you disabled the default shadowing support when you installed the server. 

Citrix does not recommend disabling shadowing as a substitute for user- and group-specific connection policies.

</quote>

Click Next to accept the default of allowing shadowing.

Click Next to share the XML Port with IIS.

There are three main options and one sub-option for adding users to the Remote Desktop Users Group.

  • Add the Authenticated Users now.  Authenticated Users includes all users and computers whose identities have been authenticated by Windows.
  • Add the list of users from the Users group now.  The Users group is a built-in default group.  Members of this group can perform common tasks, such as running applications, using local and network printers, and locking the server.
  • Skip this step and add users later.  Allows you to manually add user to the Remote Desktop Users Group at a later time.
  • Add Anonymous users also.  If checked will create 15 Anonymous user accounts named Anon000 through Anon014 and place them in the Anonymous Users Group.  This group is then added to the Remote Desktop Users Group.

Note: What is the Remote Desktop Users Group?  The Remote Desktop Users group allows the same access as the Users group, with the additional ability to connect remotely to the XenApp server. By using this group, you save administrative resources by not having to set up these rights for each user individually.

Click Add the Authenticated Users now and then click Next.

Note:  Even if you uncheck Add Anonymous users also before you click Add the Authenticated Users now, the 15 anonymous user accounts are still created.

Click Finish on the Review screen.

Click Yes on the warning popup about security on the IIS Script folder.

Uncheck View the Readme file. and Click Close.

Click Next.

Click Next to accept the default destination for the Advanced Configuration files.

Click Next.

Click Finish.

Click Next.

Click Next to accept the default destination folder for the Document Library.

Click Finish.

Click Finish.

Click Yes to restart your VM.

When the VM has restarted, logon to Windows and recheck for any Windows Updates that are available.

You have now successfully installed XenApp 5 for Windows Server 2008. This process took 13 minutes and 4 seconds for me.  With the time from Part 2 and Part 3, the total time is 1 hour, 16 minutes and 23 seconds.

In Part 5, you will install any necessary updates for XenApp 5 for Windows Server 2008.

, , ,

About Carl Webster

Webster is a Sr. Solutions Architect for Choice Solutions, LLC and specializes in Citrix, Active Directory and Technical Documentation. Webster has been working with Citrix products for many years starting with Multi-User OS/2 in 1990.

View all posts by Carl Webster

One Response to “Learning the Basics of Citrix XenApp 5 for Windows Server 2008 (Part 4 of 7)”

  1. Evan Says:

    If you receive “Error 1068: The dependency service or group fail to start” advising that Windows could not start the Citrix Independent Management Architecture on Local Computer, check your services to ensure that the IPsec Policy Agent has not been disabled. You will need to enable this service or edit the registry as per CTX101931 to remove the dependency of IPsec from IMA. So much for being “independent”…

    Reply

Leave a Reply