Archive
Bug in Citrix Receiver 13 for Linux – cannot connect with multiple STAs – @CitrixSupport, @CitrixReceiver, #Citrix
Ok, we’ve had some issues with Citrix Receiver version 13 for Linux.. and it’s not just ONE issue. I found one that I thought I just have to share… so it’s lab Saturday for me at the office in a true geek manner with two XenClients and my favourite MacBook!
I guess that some of you have tried the Linux Receiver and knows how hard it is to get working, especially on a 64-bit distribution of Linux like Ubuntu 12.04 LTS och 13.10 LTS.
If you follow these instructions you can get it onto the device and then login through a browser (local Receiver UI may still not be full functioning!)..
https://help.ubuntu.com/community/CitrixICAClientHowTo
What I’m about to show you is that it’s not just only getting Receiver on the device and ensuring that the SSL certificates are trusted. You then have to be able to use it as well externally through a NetScaler Gateway (NSG) into StoreFront and your XenApp/XenDesktop VDA’s.
Just assume that you have a production environment that consists of a NetScaler Gateway and a StoreFront server, if you then in StoreFront have configured your NetScaler Gateway correctly and the appropriate STA configuration (with MULTIPLE STA’s) then you will notice that you can’t launch a session.
BTW, the recommendation from Citrix is to use multiple STA’s, right! See this from edocs:
For all deployments, if you are making resources provided by XenDesktop, XenApp, or VDI-in-a-Box available in the store, list on the Secure Ticket Authority (STA) page URLs for servers running the STA. Add URLs for multiple STAs to enable fault tolerance, listing the servers in order of priority to set the failover sequence. If you configured a grid-wide virtual IP address for your VDI-in-a-Box deployment, you need only specify this address to enable fault tolerance.
Important: VDI-in-a-Box STA URLs must be entered in the form https://serveraddress/dt/sta in the Add Secure Ticket Authority URL dialog box, where serveraddress is the FQDN or IP address of the VDI-in-a-Box server, or the grid-wide virtual IP address.
The STA is hosted on XenDesktop, XenApp, and VDI-in-a-Box servers and issues session tickets in response to connection requests. These session tickets form the basis of authentication and authorization for access to XenDesktop, XenApp, and VDI-in-a-Box resources.
If you want XenDesktop, XenApp, and VDI-in-a-Box to keep disconnected sessions open while Citrix Receiver attempts to reconnect automatically, select theEnable session reliability check box. If you configured multiple STAs and want to ensure that session reliability is always available, select the Request tickets from two STAs, where available check box. Read more…
True or False: Always use Provisioning Services – #Citrix, #PVS, #MCS
Another good blog post from Daniel Feller:
Test your Citrix muscle…
True or False: Always use Provisioning Services
Answer: False
There has always been this aura around Machine Creation Services in that it could not hold a candle to Provisioning Services; that you would be completely insane to implement this feature in any but the simplest/smallest deployments.
How did we get to this myth? Back in March of 2011 I blogged about deciding between MCS and PVS. I wanted to help people decide between using Provisioning Services and the newly released Machine Creation Services. Back in 2011, MCS an alternative to PVS in that MCS was easy to setup, but had some limitations when compared to PVS. My blog and decision tree were used to help steer people into the PVS route except for the use cases where MCS made sense.
Two and a half years passed and over that time, MCS has grown up. Unfortunately, I got very busy and didn’t keep this decision matrix updated. I blame the XenDesktop product group. How dare they improve our products. Don’t they know this causes me more work? 
It’s time to make some updates based on improvements of XenDesktop 7 (and these improvements aren’t just on the MCS side but also on the PVS side as well).
So let’s break it down:
- Hosted VDI desktops only: MCS in XenDesktop 7 now supports XenApp hosts. This is really cool, and am very happy about this improvement as so many organizations understand that XA plays a huge part in any successful VDI project.
- Dedicated Desktops: Before PVD, I was no fan of doing dedicated VDI desktops with PVS. With PVD, PVS dedicated desktops is now much more feasible, like it always was with MCS
- Boot/Logon Storms: PVS, if configured correctly, would cache many of the reads into system memory, helping to reduce the Read IOPS. Hypervisors have improved over the past 2 years to help us with the large number of Read disk operations. This helps lessen the impact of the boot/logon storms when using MCS.
Latest Security Intelligence Report Shows 24 Percent of PCs are Unprotected
Interesting and scary facts from Microsoft… why not just add a simple cloud based solution like Webroot to your PC’s and Mac’s? Read more about Webroot that I think is a great product here from one of my earlier posts: 1st Test of Webroot SecureAnywhere – #Webroot, #SecureAnywhere, #BYOD
Today, Microsoft released new research as part of its Security Intelligence Report, volume 14, which takes a close look at the importance of running up-to-date antivirus software on your computer. The research showed that, on average, computers without antivirus software are 5.5 times more likely to be infected.
Antivirus software from Microsoft, McAfee, Symantec and others helps to guard against viruses, remove infections and protect your privacy. It can help protect your computer from malware trying to steal your credit card information, e-mail address book or even the files you’ve saved to your computer. It is one of the most crucial defenses computer users have to help protect against cybercriminals.
If you have been using computers as long as I have, long before almost every device was constantly connected to the Internet, you’ll recall the days when viruses were typically spread via sneaker-net, through infected floppy disks. Read more…
Vulnerability in Remote Desktop Client – #RDS
Microsoft Security Bulletin MS13-029 – Critical
Vulnerability in Remote Desktop Client Could Allow Remote Code Execution (2828223)
Published: Tuesday, April 09, 2013 | Updated: Wednesday, April 10, 2013
Version: 1.1
This security update resolves a privately reported vulnerability in Windows Remote Desktop Client. The vulnerability could allow remote code execution if a user views a specially crafted webpage. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Remote Desktop Connection 6.1 Client, Remote Desktop Connection 7.0 Client, and Remote Desktop Connection 7.1 Client where affected on Windows XP, Windows Vista, and Windows 7. It is rated Moderate for Remote Desktop Connection 6.1 Client, Remote Desktop Connection 7.0 Client, and Remote Desktop 7.1 Client where affected on Windows Server 2003, Windows Server 2008, and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that Remote Desktop Client handles objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Most customers have automatic updating enabled…
Continue reading here!
//Richard
Demystifying Citrix Excalibur Architecture – via @kbaggerman
A great blog post by Kees Baggerman! 🙂
For all XenApp admins and consultants out there Project Avalon will bring a big change as we are used to having XenApp servers running on the (what seemed to be) everlasting Citrix Independent Management Architecture and we’re heading to Citrix FlexCast Management Architecture (already included in XenDesktop at this moment) and will be included in the Citrix Excalibur Architecture.
IMA
When looking up IMA in the eDocs you’ll find:
Independent Management Architecture (IMA) is the underlying architecture used in XenApp for configuring, monitoring, and operating all XenApp functions. The IMA data store stores all XenApp configurations.
Basically IMA exists to manage the XenApp or Presentation Server farms by enabling the communications between servers. As stated it transfers information about all XenApp functions like licenses, policies, sessions and server loads. All management tooling within these versions of Citrix’s PS/XA rely on this service for information.
According to Communication ports used by Citrix Technologies IMA uses the following ports:
| Ports | Source | Prot. | Comment |
| 2512 | Common Citrix Communication Ports | TCP | Independent Management Architecture (IMA) |
| 2513 | Access Gateway 5.0 Controller administration | TCP | IMA-based Communication |
As we can see IMA uses 2512 (by default) to communicate with other servers and the Access Gateway Controller uses 2513 (by default) for IMA-based communication. The port IMA uses can be changed or queried via the commandline tool IMAPORT.
Brian Madden did a blogpost way back in 2007 but it’s definition of IMA is still current:
Independent Management Architecture is:
- A data store, which is a database for storing MetaFrame XP server configuration information, such as published applications, total licenses, load balancing configuration, MetaFrame XP security rights, and printer configuration.
- A protocol for transferring the ever-changing background information between MetaFrame XP servers, including server load, current users and connections, and licenses in use
FMA
With the introduction of XenDesktop we got a new architecture called Flexcast Management Architecture. This new architecture has got an agent-based setup where we can install the operating system including the basic applications that need to be installed and after that we can install an agent. This agent registers itself to a controller and is offered through StoreFront to the end user.
This will be delivered by two different types of agents, one to support Windows Server OS’s and one for Windows Desktop OS’s.
Andrew Wood did an article on Excalibur and used this diagram to explain the architecture:
Citrix FlexCast Management Architecture
- Receiver provides users with self-service access to published resources.
- StoreFront authenticates users to site(s) hosting resources and manages stores of desktops and applications that users access – Web Interface as a platform is essentially resting, but it will cease to be.
- Studio is a single management console that enables you to configure and manage your deployment, a dramatic reduction over the 23 consoles you could well have today. Studio provides various wizards to guide you through the process of setting up an environment, creating workloads to host applications and desktops, and assigning applications and desktops to users.
- Delivery Controller distributes applications and desktops, manages user access, and optimizes…
Continue reading here!
//Richard
#Lync 2013 March VDI Update
Microsoft has released an update for Microsoft Lync 2013. This update provides the latest fixes for Lync 2013.
This update fixes several bugs in the RTM versions of Lync 2013 Virtual Desktop Infrastructure (VDI) clients. Additionally, after you apply this update, you do not have to re-enter a username and password when you pair a Lync 2013 VDI plugin with a Lync 2013 Desktop client.
You can apply this hotfix on both Lync 2013 VDI clients and Lync 2013 Desktop clients.
Continue reading and download the update here!
//Richard
The IT Melting Pot! 