I received an email from a reader wanting to know how to get my Citrix XenApp 6.5 Farm PowerShell documentation script to work remotely. After I wrote my original script and article, Citrix updated the XenApp 6.5 PowerShell SDK to support Remoting and a Default Computer Name. Even using the new –ComputerName parameter he was still unable to get my script to work.
What I did was install the Citrix XenApp 6.5 PowerShell SDK and Group Policy modules on my lab domain controller. All my lab servers have the Windows Firewall enabled and Server Manager Remote Management enabled.
I found this information in the SDK help file on Remoting Cmdlets:
This section explains how to invoke the XenApp Commands remotely. In XenApp 6.5 the cmdlets can be remoted using the -ComputerName parameter. In order to facilitate running existing scripts remotely without having to make significant changes, a default computer name can be set in the client machine. To do this a new set of cmdlets was introduced. When the default computer name is set, all the cmdlets will automatically remote to the server specified without having to explicitly use the -ComputerName parameter every time. To set the default computer name: Set-XADefaultComputerName server1
My lab XenApp 6.5 server is named XA65, so I entered
Set-XADefaultComputerName XA65
on my domain controller. When I ran my documentation script, I received:
Figure 1
I then ran Microsoft’s Sysinternals ProcMon to get a network trace and found that TCP Port 2513 needed to be opened (Figure 2).
Figure 2
My wife tells me I couldn’t find a 10 gallon (37.8541 Liter) jug of milk on the top shelf of the fridge! What does this have to do with anything? DOH! At the top of the help file I now see (Figure 3):
Figure 3
The help text says TCP Port 2513 must be opened on both computers but I found I only needed it opened on the XenApp server. To me, that is one less port open on my network.
I created a Windows Firewall Rule on my XenApp server to open TCP Port 2513 between the domain controller and my XenApp server (Figure 4). The “remoteip” will need to be the IP address of the computer used to run the script.
netsh advfirewall firewall add rule name="Citrix PoSH TCP Port 2513" dir=in action=allow description="Allow communication between XenApp and remote computer running PoSH scripts" enable=yes profile=any remoteip=192.168.1.100 protocol=tcp localport=2513
Figure 4
The Windows Firewall GUI shows my new rule created and enabled (Figure 5).
Figure 5
Now my scripts runs (Figure 6).
Figure 6
Now you can use my XenApp 6.5 PowerShell Documentation Script with absolutely no modifications and have it work with remoting. Thanks Citrix for making this so easy.
January 18, 2013 at 8:47 am
With remoting enabled, is there a way to authenticate from a foreign-domain client? IE, I’d like to have this script (and necessary modules) installed on my laptop and be able to use it against my customers’ environment without doing anything to their servers (eg, install the SDK).
January 18, 2013 at 10:45 am
I don’t know about the authentication piece but I bet Don Jones has a blog article somewhere about it.
XenApp 6.5 includes the standard PoSH stuff to gather everything but the policy data (well the policy data I gather). If you do not need info on the Citrix farm based policies you do not need to install the Citrix.GroupPolicy.Commands module on the servers. BUT, if you do want the policy info, you MUST install that module on the XenApp 6.5 server you will be using to remotely process the script on.
Webster
January 9, 2013 at 4:42 am
Hi Carl,
I wanted to thank you very much for this, I have made the changes to the firewall with TCP Port 2513 and now it works remotely. I just need to get my networks team to allow that port from my management server and Job Done. This has been extremely helpful.
I also had this open on the Citrix Forums, which received some other suggestions in case others receive different problems from me they can have a look.
http://forums.citrix.com/thread.jspa?threadID=323451&tstart=0
Can you query XenApp 5 environments with Powershell remotely from a management server? and if so does this also use the same TCP Port 2513?
Thanks for your help.
Chris