Melvin’s Citrix Blog

•Where do you start?

•What course should you attend?

•What exams do you take to become Citrix Certified?

 Given the various name changes that Citrix products have undergone - it can be a bit confusing!!!

 Before explaining the Citrix training and certification tracks, I’ll start off with some of the Citrix products and the names that they have been known as - hopefully this will clarify things for you.

 Then…

In the early days of Citrix there was Citrix MultiUser and then WinView  for OS2. Microsoft came up in the world and WinFrame was born. Winframe grew until it became Citrix Metaframe 1.8.

 Metaframe 1.8 became Metaframe XP. One of the big improvements in Metaframe XP was the consolidation of all the Metaframe 1.8 consoles into the sing Citrix Management Console (CMC).  The CMC is what we would now {2007 / 2008} refer to as the Presentation Server Console). 

 Metaframe XP had its additions in the form of Feature Releases (FR) - Metaframe XP FR1, Metaframe XP FR2, Metaframe XP FR3. FR3 saw the Program Neighborhood Agent Admin Tool feature appear - no more manual editing of XML files!!!

 Metaframe XP then made way for Citrix Presentation Server 3.0.  Presentation Server 3.0 saw the birth of the all new and improved licensing strategy and Access Suite Console.

 Hot on the heels of Presentation Server 3.0 came Citrix Presentation Server 4.0 with the new Isolation Environments features. It was around this time the Citrix decided to brand many of their other products to the version 4.0 convention. 

• Presentation Server 4.0
• Password Manger 4.0
• Access Gateway 4.0

Now…

Presentation Server 4.5 followed next with Application Streaming, Configuration Logging, Health Monitoring and Recovery and the newly named Access Management Console.  Presentation Server 4.5 saw the introduction of Feature Pack 1 with Smart Auditing, as well as Platinum licensing etc. Once again Citrix standardised the naming of many products to 4.5 at this time.

The big name change….

As of April 11, 2008 the nomenclature of Presentation Server 4.5 courses, exams and related certifications have been updated to include the Citrix XenApp name. This name change brings Presentation Server into line with other Citrix Products such as XenServer and XenDesktop.  In case you have been on a different planet recently - Citrix acquired XEN Source in 2007 for $500 million.

Just over the horizon…

Project Delaware is the code name for XenApp 5.0 which is scheduled for release very soon (probably late 2008).  It has many improvements - namely support for Windows Server 2008 and most noticeably the sexy black Web Interface 5.0!! See my previous posting for some screen shots of this.

Now let’s have a look at the training and certification tracks…

The Citrix Access Suite includes, Citrix XenApp, Citrix Password Manager and Citrix Access Gateway. 

Foundation level certification for the Access Suite includes the following levels of certification.

• Citrix Certified Administrator (CCA) for Citrix XenApp (Presentation Server 4)
• Citrix Certified Administrator (CCA) for Citrix Password Manager 4
• Citrix Certified Administrator (CCA) for Citrix Access Gateway 4

Advanced certification for the Access Suite includes the following levels of certification.

• Citrix Certified Enterprise Administrator (CCEA) for XenApp (Presentation Server 4)
• Citrix Certified Infrastructure Architect (CCIA) for XenApp (Presentation Server 4)

FOUNDATION

What should you do to become a CCA for Citrix XenApp (Presentation Server 4)?

 What should you do to become a CCA for Citrix Password Manager 4?

 What should you do to become a CCA for Citrix Access Gateway 4?

ADVANCED

What should you do to become a CCEA for Citrix XenApp (Presentation Server 4)?

 What should you do to become a CCIA for Citrix XenApp (Presentation Server 4)?

 * E-Learning Courses

• To be completed online at https://citrix.learning.accenture.com
• Includes an assessment which must be passed by the candidate.

 ** ILT = Instructor Led Training

 Useful info - look for the Enablement Guide on each of the exam information pages  - Enablement Guides provide exam length, number of questions and exam objectives.

 In some cases credit can be obtained for completing alternate exam. E.g. 1Y0-258 can be used instead of 1Y0-264 - please confirm this with Citrix Education before making any certification / exam decision.

 Please confirm all of these details on the Citrix web site.

Curious about Terminal Services in Server 2008 and XenApp?

Have a read of Brian Madden’s article in which he does a quick comparison… naturally Citrix came up trumps!!!     Check it out here.

Citrix announced the follow issues yesterday…

• Uninstalling Windows Server 2003 Service Pack 2 causes links to the Access Suite Console/Access Management Console to break.

Windows Server 2003 Service Pack 2 upgrades the Microsoft Management Console (MMC) to version 3.0. MMC 2.0 console files (.msc) with user preferences that are opened by MMC 3.0 are updated to the MMC 3.0 format. If MMC 3.0 is uninstalled, MMC 2.0 cannot open the console files that have these updated user preferences.

Click here to see the full article from Citrix

I wish I found this article a week ago … I have been fighting with ASP.NET in 32-bit mode on a 64-bit server!!! This article describes how to run Web Interface 5.0 in a 64-bit Internet Information Services (IIS) process.

Background

This article applies to Citrix Web Interface 5.0 running on Microsoft Internet Information Services (IIS) 6.0 or 7.0 with an appropriate version of Visual J#.NET 2.0 Second Edition on a 64-bit computer.

Web Interface 5.0 is a .NET application that is compiled so that it can be used on both 32-bit and 64-bit versions of ASP.NET. Web Interface makes use of Visual J# and 64-bit support is added by Visual J#.NET 2.0 Second Edition. This allows the Web Interface to run inside a 64-bit IIS process.

The ability to run inside a 64-bit process can prove particularly useful on IIS 6.0, where the entire IIS Web site is either a 32-bit process or a 64-bit process. This makes it easier for the Web Interface to coexist with 64-bit Web applications on the same IIS site.

Procedure to allow the Web Interface to run as a 64-bit process on IIS 7.0

1. Open the Microsoft Management Console (MMC) IIS Manager snap-in on the server running the Web Interface.

2. In the left pane, click Application Pools and, in the Features View, select the application pool that your Web Interface site uses (usually called CitrixWebInterface5.0.xAppPool).

3. In the Actions pane, click Advanced Settings.

4. In the General section, change the Enable 32-Bit Applications setting to False.

To allow the Web Interface to run as a 64-bit process on IIS 6.0

1. When you install the Web Interface, allow the installer to switch IIS to 32-bit mode.

2. To switch IIS back to 64-bit mode and register the 64-bit version of ASP.NET, click Start, click Run, type cmd, and then click OK.

3. From the command prompt, type the following command to disable 32-bit mode:

cscript <systemdrive>\inetpub\adminscripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 0

4. Type the following command to install the version of ASP.NET 2.0 and to install the script maps at the IIS root and under:

<systemroot>\Microsoft.NET\Framework64\version\aspnet_regiis.exe -i

where version is the build version number of ASP.NET.

5. Open the MMC IIS Manager snap-in on the server running the Web Interface.

6. Click Web Service Extensions under the server running the Web Interface and ensure that the status of the appropriate ASP.NET version is set to Allowed in the details pane.

• For more information about ASP.NET on IIS 6.0, see Microsoft Support Article 894435

How cool is this !!! Check out Jason Congers site www.jasonconger.com

The hotfix name gives all required information on the supported product, platform and language.

AAAB000C11DDDDDDD222  = PSE400R01W2K3X64001     

First set of characters (AAA) - Supported Product

Presentation Server (PS), MetaFrame Presentation Server (MPS)

Second set of characters (B) - Product Language

English (E), German (G), French (F), Spanish (S), Japanese (J)

Third set of characters (000) - Product Version

400 (4.0), 450 (4.5)

Fourth set of characters (C) - Product Rollup

R

Fifth set of characters (11) - Product Rollup version

01, 02, 03

Sixth set of characters (DDDDDDD) - Operating System

Windows 2000 (W2K), Windows 2003 (W2K3), W2K3 64Bit (W2K3X64)

Seventh set of characters (222) - Hotfix number

001 up to 999

Sometimes the Web Interface login page takes a while to open - this could be due to the fact that background worker processes go idle. Subsequent requests are fast due to the fact that the background worker processes have started. If they are idle for 20 minutes, then they get closed and new logins will once again take a while.

Prevent the background worker processes going into an idle state by doing the following on Windows Server 2003 with IIS 6.0.

Open the IIS Manager  –>  Application Pools  –>  CitrixWebInterface4.xAppPool  –>  Properties –> Untick the checkbox: Shutdown worker processes after being idle for (time in minutes) 

Here is a really handy link to a .pdf download which contains all the troubleshooting guides that you could poke a stick at.  http://support.citrix.com/article/CTX106727 

Requirement

• Web Interface 4.x
• A locally stored webinterface.conf configuration file
• IIS 6.0

Procedure for backing up Web Interface 4.x sites:

1. Back up the Citrix\AccessPlatform folder that is in the <root directory>\inetpub\wwwroot location.

2. Export the CitrixWebInterfaceAppPool to a file, as per the screenshot below:

a. In the Web Interface Console, expand Application Pools, then right-click CitrixWebInterface4.xAppPool.

b. Select All Tasks.

c. Click Save Configuration to a File…

d. Select a location to save the configuration backup file and click OK.

3. This step creates an XML file containing all the application pool configuration of the sites.

Procedure for restoring Web Interface 4.x sites:

1. Import the previously saved XML file to the IIS application pools section.

a. In the Web Interface Console, right-click Application Pool.

b. Select New.

c. Click Application Pool (from file)…

d. The Import Configuration dialog box containing a list of application pools stored in the XML file. Select the application pool configuration to restore and click OK. 

2. Restore the previously saved Citrix\AccessPlatform folder to the <root directory>\inetpub\wwwroot location.

3. Restart IIS by issuing the iisreset command.

By default, Web Interface 4.5 pushes the Ica32Pkg.msi file instead of ica32t.exe*. This may cause problems for customers who do not wish to push an MSI file. The ica32t.exe is also a smaller file to download.

Procedure

1. Copy the ica32t.exe file to the \Program files\citrix\Web Interface\4.5\Clients\ica32 folder on the Web Interface Server.

2. Open the WebInterface.conf file located in \inetpub\wwwroot\citrix\AccessPlatform\conf.

3. Locate the line that reads:

Win32Client=Default

4. Change it to read:

Win32Client=Citrix ICA Client for Windows&/Citrix/AccessPlatform/ Clients_common/ica32/ica32t.exe

5. Save the file.

The link in the Message Center to download the file should now link to the ica32t.exe file.

* Please consider which ICA client version you are deploying.

Some administrators want to prevent the default response when a user logs out of the Web Interface. (By default a page appears saying “You have logged off“. You may wish to redirect users back to the original Web Interface page or a custom page of your choice.

Procedure

1. Open the Access Management (Suite) Console.

2. Select the Web Interface site to change the logout behavior.

3. Under Other Tasks, click Control Diagnostic Logging.

4. Select Use a customized error callback URL and enter the URL you want to redirect to.

5. Click OK.

Procedure

1. Copy the ica32web.msi or ica32pkg.msi file to the \Program Files\Citrix\Web Interface\4.x\ICAWEB\en\ica32 folder.

1. Open the WebInterface.conf file with Notepad. The file’s default location is \inetpub\wwwroot\Citrix\MetaFrame\conf (for Web Interface 4.5, the default location is \inetpub\wwwroot\Citrix\AccessPlatform\conf).

For Web Interface 4.0 to 4.2:

1. Locate the following line in the WebInterface.conf file:

   Win32Client=Default

1. Replace the line described above with the following:

   Win32Client=Download the ICA Client for Windows&/Citrix/MetaFrame/ICAWEB_common/en/ica32/ica32web.msi

1. Save the file.

1. Restart the services.

For Web Interface 4.5:

1. Locate the following line in the WebInterface.conf file:

   Win32Client=Default

1. Replace the line described above with the following:

   Win32Client=Download the ICA Client for Windows&/Citrix/AccessPlatForm/Clients_common/ica32/ica32web.msi

In Web Interface versions earlier than 4.5, you can obtain the ICA file contents using Internet Explorer by using the Save Target As… option when using a link in the applications page (or a similar operation in other Web browsers). When using Web Interface 4.5 or later, this operation no longer results in the ICA file being downloaded.

Procedure

For Web Interface 4.5:

Complete the following procedure:

When using an unsecured transport mechanism (HTTP):

1. Change the file type association property. To do so:
2. Open Windows Explorer.
3. From the Tools menu, click Folder options…
4. Select the File Types tab.
5. Select the ICA / Citrix ICA Client extension.
6. Click Advanced and select the Confirm open after download check box.
7. Click OK and then click Close.

Once this is done, each time the application launch is attempted (by clicking the application launch link), a dialogue displays asking if you want to open or save the ICA file. Clicking Open launches the application. Clicking Save allows you to save the ICA file to the desired location.

When using a secure transport mechanism (HTTPS) with Internet Explorer:

When using a secure transport mechanism, the ActiveX control (ICO) is used to launch the application (this does not involve saving the ICA file), hence the file cannot be saved. However, changing some settings in Internet Explorer can revert this behavior so that the ICA file is downloaded. To do this, configure Internet Explorer so that it does not trust the ActiveX control and therefore reverts to downloading the ICA file. Use the following procedure:

1. If the site is currently in the Trusted sites or Local intranet zone list, remove it (the site should be displayed in the Internet zone).
2. If you are using an operating system that has the Enhanced Internet Explorer Security Configuration enabled, this feature must be disabled (go to the Control Panel > Add or Remove Programs > Add/Remove Windows Components section).
3. Adjust the settings so that Internet Explorer can download files using the following procedure:

Go to Tools > Internet Options from the Internet Explorer menu.

Select the Security tab.

Click the Custom level… button to display the Security Settings dialog.

Ensure that File download is set to Enabled in the Downloads section.

Once these changes have been made, follow the same operations as described in the HTTP section above.

For Web Interface 4.6:

1. Use a Firefox browser to enumerate the application icons.
2. Remove the “RemoveICAFile=yes” line so that the ICA file is not deleted when the application is accessed. Edit the file in Notepad.
3. If the server farm only contains Presentation Server 4.5 servers, use the Presentation Server Console from Presentation Server 4.0 (Note: Do not use this console to make other changes) and use the built-in feature to create the ICA file by right-clicking the published application. Else, use the Presentation Server Console as normal.
4. Use Web Interface 4.5 or an earlier version to create the desired ICA file.

Do you have users connecting in from home over a slow connection? Tired of having to fight with users who try to print from non-supported printers via web interface? Try this…

Add CPMAllowed=Off to the WFClient section of the Template.ica file on the external-facing Web Interface server(s).

The CPMAllowed=Off is used to disable LPT port redirection. Voilà!  No printing via Web Interface.

First thing to know is that most USB sticks pre-formatted when you buy them and are prepared for the FAT32 file system.   This makes them ready to use right out of the box and makes them compatible with the largest set of computer systems. 

The Application Streaming code will not isolate anything formatted FAT32.  It assumes this is user document space and leaves it alone.  If it doesn’t isolate that space, it can’t store the execution image there and from a “before” view, this means that you can’t store the RadeCache on removable media - but that’s not the complete story.  The steps below show how to format a USB stick for NTFS and how to tell the streaming system to use that stick for storage of the RadeCache.  Interestingly, even when formatted NTFS, the isolation system will still not isolate user documents stored to the stick as the media is removable and the isolation system leaves removable media alone.

Back on subject - what has to happen to store the RadeCache on a USB stick? 

Step 1:

Format the USB stick NTFS.  The steps to do it are documented rather nicely, here.

Step 2:

Tell the Streaming Client that the RadeCache location is on the USB stick.  Note: This must be done using the utility below and not with registry edits.  A DACL is applied to the directory that gives the Streaming Service user account permission to write to the directory.  Without the DACL, runtime cache populates will not occur and you’ll get an error messages on failed cache fills.   The “why” is that the streaming service actually runs on a pretty dumbed-down user account as compared to local system.  It can only write to certain places, like the RadeCache.

Start / Run: C:\Program Files\Citrix\Streaming Client\ClientCache.exe

Browse to the USB stick. Tell it where to create the directory. The utility must CREATE the directory.

Step 3:

Reboot to have the change take effect. 

If you’re impatient for reboots, terminate all running streamed applications and from a command prompt issue “net stop radesvc” and “net start radesvc“.

Nice!

I found this a little while ago - very useful for understanding Application Streaming. The two articles were written by Joe Nord (Product Architect Application Streaming, Citrix Systems, Fort Lauderdale)

—————————-oo00oo—————————-

Application Streaming - Deploy Folder Location

Application Streaming stores stuff isolation layers.   The main one that holds the executable content is stored in the “RadeCache” directory below the Citrix Streaming Client installation directory.  The sub-directory name is a GUID that uniquely identifies the execution image.  There is a corresponding user layer that is sandwiched on top and the application at runtime views the machine through the 3 layers of isolation. 

Here’s a picture of the layers.  

The majority of the applications installation image is in the middle layer.  This layer is “actually” stored below the RadeCache directory, below the installed to directory for the Streaming Client.

It can be big - Customers commonly want to “move it”. 

Setting the location of this directory is easy; run the ClientCache.exe utility that is included with the streaming client; done.   It’s even documented in KB article: http://support.citrix.com/article/CTX115137

The ClientCache utility does a few jobs

-          Sets a registry string to tell the Streaming Service where the Cache is located

-          Creates the directory

-          Adds a DACL to the directory to give the Streaming Service privilege to write stuff to the cache.

-          Note that the streaming client service actually runs on a dumbed down account and without this DACL, even though it’s a service, it lacks privilege to write to anything important.

Deploy folder

Consider offline “streaming”.  How do you “Stream” when disconnected from the company network?

Answer: Everything that would normally be on a central store to support the streamed execution of the app, is actually copied onto the execution machine.  At runtime, execution content is “streamed” from this local copy into the execution cache, as it is needed - just like the online case.

The directory, \Program Files\Citrix\Deploy holds all the profiles copied to the execution machine to support offline execution.  Neatly, the streaming client core doesn’t distinguish between online and offline.  It just knows where the execution cache is located (Installation/Execution image) and runtime populates stuff into the cache.  The source for the runtime populate when offline is actually a CAB file local to the execution machine; a nit.  It keeps the architecture simple when the client doesn’t have to worry about online vs. offline. 

Changing the location of the deploy folder

We already covered changing the location of the RadeCache, this is easy.  Use the ClientCache.exe utility, done.   

Imagine my surprise when someone asked me about setting the location of the Pre-Deploy folder; there’s no ClientDeploy.exe utility!  Hum.

Can it be done?  Sure.  There’s no utility to do it for you, so it becomes a manual process - documented below.

Configuring the location of the directories

Key directories:

-          The RadeCache location defaults to \Program Files\Citrix\RadeCache.

-          The PreDeploy location defaults to \Program Files\Citrix\Deploy.

The Streaming Service (RadeSvc.exe) queries the location of each of these key directories by reading strings from the registry as part of its startup logic.   

Here are the registry keys that set the location of the RadeCache and PreDeploy folders.  These are both stored below HKLM\Software\Citrix\Rade.

-          CacheLocation

-          PreDeploy

Changing the location of the Deploy folder can also be done, but it is a manual process.

How to change the location of the Deploy directory:

1)      Create a directory

2)      Fix the registry string to point to the new location

3)      Give the Streaming Service Full rights to the created directory

4)      Terminate all presently streamed applications

5)      Unload and Reload the streaming service

Example steps from a command prompt:

-          net stop radesvc

-          Mkdir C:\NewLocation

-          cacls c:\NewLocation /E /G Ctx_StreamingSvc:F

           Alternate to above is to MOVE the existing folder, and its contents.

-          reg add hklm\software\citrix\rade /v PreDeployDir /t REG_SZ /d C:\NewLocation

-          echo y| reg delete hkcu\Software\Citrix\Rade\Offline

-          net start radesvc

Finally, PNAgent  - Right Mouse Button, refresh applications - and the new location will be used for the Deploy folder.  Depending on how the administrator has published the application, it may be necessary to actually run an application before the “bring it to deploy folder” logic kicks off. 

The above will work with Streaming Client 1.0 (Presentation Server 4.5) and with Streaming Client 1.1 (Presentation Server 4.5 HRP1).   There will be some changes in this logic going forward and when we get there, I can update this post with the particulars.

 —————————-oo00oo—————————-

RadeRunSwitches - Application Streaming

Supporting administrators using Application Streaming, one of the items that comes up from time to time is RadeRunSwitches.  They can be a good tool for running applications and even more important, for debugging the operation of a streamed application. 

This post describes the undocumented switches…

The Application Streaming client exists as part of Presentation Server 4.5 and later versions.  It works in conjunction with the PNAgent Win32 ICA Client as well as the Web Interface clients that run on the Windows platforms.  This is true both on user machine “client side” as well as server hosted, stream to server.

The icon placement and decision to launch an application happen in PNAgent and/or the Web Interface. These two components eventually toss the execution over the wall to the Streaming Client who does the actual work of running the Streamed application.  In the diagram below, the Streaming Client components are in green and the publishing components are in blue.

The executable that receives the launch request is RadeRun.exe.    RadeRun’s mission is to carry out the launch request, via a single set of code that may be called from multiple sources.  Classic computer science stuff here; implement the launch logic once and you can be confident that if it works for one, it will work for the other and you get a single point of maintenance.    The “true” flow between the various components is a bit more involved than the above, but in principle, this is how it works.

Back to the beginning

In the earliest days of Application Streaming development, the PNAgent and Web Interface teams were not yet engaged.   All execution of applications started with RadeRun.   Early programming, testing and proof of concept were all done using RadeRun.exe as a command line utility to trigger the execution of streamed applications.  Some of this legacy remains even though PNAgent and the Web Interface are now quite capable of communicating with the streaming service without an intermediary. 

Isolation layers

In a minute, I will go through each of the switches to RadeRun - but first it helps to have an understanding of the isolation layers used in Application Streaming.

The application views the machine from above looking down.  The higher levels are like panes of glass laid on top of a business desk. The desk represents the true disk and true registry of the execution machine.  The application is above looking down and the layers of isolation glass “mask” the application’s view of the true machine.    The layer of glass in the middle is read only at application execution, but was writable during profiling.  This layer represents the execution image for the application and is sometimes called the “InstallRoot” in documents describing Application Streaming.

The top layer is a per-user image and is writable at application runtime.  The application view of the true machine is masked from top to bottom, first by the per-user space and then by the installation image.   The application runs from above, looking down through the panes of isolation glass and since the middle layer represents what was written during profiling and since the top layer of glass starts clear, the initial application view of the machine is what existed at profiling.  The application believes it is installed - when it is not.  Each user gets their own top layer of glass and it is this layer that is writable at runtime.  This way, if an application writes to isolated spaces at runtime, that write is held in the per-user space.  Put it all together and applications not written for clean execution on a multi-user system can run without conflict.  More, the per-user pane of glass stays with the user’s profile and can follow them from session to session.

The above applies to both disk and registry.  It also applies to COM objects and the systems named addressable items like PIPES and named semaphores.  

Lies, damn lies and statisticians:

The execution image (middle layer) is not really there.  Instead the isolation system lies and tells the application that the installation image is present on the machine and this reduces the amount of stuff that has to be brought down to the execution machine to run the application.  Many applications, particularly big ones, only reference a small portion of the stuff they install.  More classic computer science stuff says that if you can put off copying that data to the execution machine long enough, maybe you can avoid it permanently. 

Now - you’ll notice a few important things.  Files that need to be there aren’t and the isolation system has to do stuff to make them look like they are there and eventually, when actually needed, it has to make them really there, pausing and resuming the executing application while filling the missing content.  Worse, complicated things like Short File Names exist on the profiling machine and these names need to be maintained all the way to execution machine even if the TRUE short file name on the execution machine doesn’t match the one that was used during profiling.  The application must see the SAME name no matter what and there is no reliable system API to make this happen.  The list goes on - bottom line is that there’s lots of work to make these layers work and this means that there is lots of testing needed to prove that it works.

Proving it works

Once the execution cache becomes “full”, very few runtime cache fills occur.  If you’re in the business of testing the cache fill logic, this is no good.   Consider “stress” test in one of the Citrix labs.  The test is 100s of servers, 30 users on each server with all the users all running a variety of streamed applications.   The test then runs for about 24 hours and if anything ever fails, the test stops and your phone rings.  “They don’t call it the stress lab for nothing!”.

How can testers get the cache empty when the cache is being filled?

Answer: Backdoor logic to tell the streaming service to purge the cache before the application starts. Variations of this exist to control flushing all of the layers in the isolation system and to control “when” the flushing occurs.    This backdoor logic is controlled via command line arguments to RadeRun.exe.  There’s one trick.  RadeRun.exe is not directly used for testers or users to launch applications. Instead, the applications launch via the web interface or PNAgent.   

Quandary:  If you don’t “run” RadeRun directly, then how do you give it command line arguments? 

Answer: Registry key

HKLM\Software\Citrix\Rade\RadeRunSwitches (Reg_SZ)

RadeRun still accepts directly provided command line parameters, but it also checks a registry key for additional parameters.  With this, you can give command line arguments to the Streaming Client launcher even though you’re not directly using RadeRun to trigger the execution of an application.

Evertything so far has discussed “why” RadeRunSwitches exist.  We can finally get to what they are. RadeRun.exe command line parameters

Specify using registry: HKLM\Software\Citrix\Rade\RadeRunSwitches (Reg_SZ)

c    clear execution cache before app opens

C   clear execution cache and per-user cache before app opens

d    clear execution cache after app closes

D    clear execution cache and per-user cache after app closes

e    Pre-fill everything into the execution cache

x    launch cmd.exe inside of isolation when launch the streamed application

Example contents: “-C -x”

*Are they documented or undocumented?

Now that I’ve written this, they are documented.  That said, in theory, with the exception of -x, they aren’t needed much or more precisely - shouldn’t be needed much.   The sections below will give more color to each of the switches;  what they do and where they should be used.

-c

Useful for the Citrix test groups to cause high-exercise for the isolation systems cache fill logic. Not really useful for customers as it results in all application launches being a first time launch, and first time launches are “slow” compared to a second time launch.  

-C

Same as the lowercase version, but clears BOTH the execution cache and the per-user cache.  People still tend to code this as -c -C when running the switches.  It actually makes more sense to me that -c should control the execution cache and -C control the per-user cache, but that isn’t how it is.

-d

Useful for the Citrix test groups to cause high-exercise for the isolation systems cache fill logic.  In some cases, this one is useful for customers. If you have “secret” stuff that is part of your execution image and you want it “gone” after the application terminates, then -d can be an answer.  I’ll add that the execution cache is DACL protected and users who are not running the application “right now” can’t see it.  That said, some folks have good reason to be paranoid and this switch tells the streaming client to purge the cache when application terminates.  Notice that -d, like -c will cause the next launch to be “a first time launch” every time, and first time launches are “slow” compared to a second time launch.  

I normally recommend avoiding -c and -d and instead using a post-exit script to delete the just the smallest amount of secret stuff.  This way, the application launches are not first time penalized and the secret stuff is gone after execution.   The post exit script deletes the secret stuff and the next launch brings it back with a runtime cache fill.  Presumably, the secret stuff is small compared to the whole app.

-C

Same as the lowercase version, but clears BOTH the execution cache and the per-user cache.

-e

No longer needed.   In my first rounds of “documenting” RadeRunSwitches, I didn’t even put this one on the list.  -e was created during development to allow the isolation system to run applications even before the cache fill logic was coded.   Today, it is sometimes used to diagnose a suspected cache fill error - or more precisely, a suspected “escape” from isolation.  If an application “works” with -e and doesn’t work without it, then it implies that something isn’t being isolated right and needs to be diagnosed. I do not recommend the use of -e in production systems but it can be useful in debugging applications.

UPDATE (04-Apr-08): I have been told of a worthy use of -e.   If an application is run with -e enabled as a part of a maintenance activity, then the entire cache can be filled; and then -e turned off.  This as a means of ensuring fastest possible launch time for users even if no user has ever logged on that client machine or server.  Application Streaming still does all the central publishing and applicaiton isolation stuff, but the streaming part not really used.  Interestly in this scenario, RadeRun.exe can be used directly.  Its fun to see how stuff gets used.

-x

This is my absolute favorite of the bunch and the real reason for documenting the switches. 

Notice that -x has nothing to do with cache management.   When profiling and testing profiled applications, it is often useful to have a command prompt or other utility running next to the streamed application and “seeing what the app sees”.   Adding CMD.exe to the application profile and then publishing it is one way to get this accomplished.  This was common during the early days of Application Streaming development - until the developers got tired of repeatedly publishing a command prompt with every created profile.   Adding a switch to the RadeRunSwitches allows very quick addition of an in-sandbox command prompt for any streamed application.  This simplifies diagnosis of failing systems because you don’t have to ask the person that created the profile to go back and change it to add debugging information.  Regedit to add the switch, launch the application and “poof!” a command prompt inside the same isolation environment as the launched application.

TIP: If you’re debugging more than one application at a time, it is useful to use the “title” command to label your command prompts.

If you run regedit, from the command prompt, then regedit will see the view of the system that the isolated application sees, handy.  Do know though that you need to not have regedit already running for this to work because a second instance of regedit kicks the execution over to the first and then terminates.

Killing sandboxes: If you’re running applications and particularly if you’re writing scripts for your profile, you need to know that the sandbox does not terminate until all of the isolated applications in that sandbox terminate.  The started command prompt is “part of the sandbox” so it too must close for the sandbox to end. 

Not only do these hotfix rollup packs fix issues, they also allow for improved compatibility with Office 2007 and Vista. The the respective documentation for all the benefits.

HRP2 for XenApp Presentation Server 4.5 for Windows Server 2003 32-bit Edition: PSE450W2K3R02 (see KB article CTX116289)

HRP2 for XenApp Presentation Server 4.5 for Windows Server 2003 64-bit Edition: PSE450W2K3X64R02 (KB article CTX116294)

HRP4 for Presentation Server 4.0 for Windows Server 2003: PSE400W2K3R04 (KB article CTX113484)

Limited release hotfix PSE400R04W2K012 for Presentation Server 4.0 for Windows 2000 Server (KB article CTX115555)

Citrix presents the CTP Award to thank individuals for their exceptional contributions to technical communities worldwide. Their websites are a valuable resource… so here they are:

• Effective April 11, 2008, the nomenclature of Presentation Server 4.5 courses, exams and related certifications have been updated to reflect the new XenApp product line name.
• Updates are limited to nomenclature only; course/exam content and certification requirements have not changed.
• New course/exam releases will adopt the XenApp name starting with Project Delaware
• No changes have been made to titles of Presentation Server 4.0 exams and courses.
• Certification records of existing Presentation Server 4 certificants have been updated to reflect the new certification name.
• Candidates who have already been certified and would like to receive certificates with the new designation, can request a new certificate by accessing their account on the Certification Manager website.
• All future certificants will receive certificates with the new nomenclature. The table below details the updated Presentation Server courses, exams and certifications, with new nomenclature: 

Hello everyone…

I took a much needed break and headed overseas to see family and friends. It was great to be back and to see everyone was even better.   On the other hand… the 23 hour journey across mutliple time zones takes a bit of recovery time.

A lot has happened in the month that I was away - so I guess I have some catching up to do. There are a few new developments on the Delaware side of things, so I hope to have a bit of news and information on that as soon as possible.

I checked my emails and noticed a few emails from past students. I will be onto those as soon as I am back at work on Monday - in between teaching a Microsoft course.

Watch this space…

Cheers

Melvin

Well I have spent way too much time transferring all my postings from my old blog to this one. Unfortunately there was no direct import option, so much of it was a manual process. Urrrgggh!

I hope you like it, it still needs a lot of work though.

Incidentally, after all this work I have done today… I’m going to take a break. I’ll be offline for a bit.

Cheers

Melvin

Is this the error you are getting ?

“Error: Errors occurred when using “Servername” in the discovery process“

Event ID 10006 with a source of DCOM appears with the following description: DCOM got error: “The component or the application containing component has been disabled…”

The Citrix knowledge base article explains as as follows…

The Access Management Console in Citrix Presentation Server 4.5 leverages MFCOM and CPSCOM interfaces. In order to use a remote Presentation Server in the Access Management Console discovery process, the remote Presentation Server must be enabled for network COM+ access. If the remote Presentation Server is not running Internet Information Services (IIS), then typically network COM+ access is not enabled.

Solution: It can be fixed in one of two ways. Either enable the Network COM+ access via Add/Remove WIndows Components or edit the Registry.

Find the complete solution here: http://support.citrix.com/article/CTX112853

Citrix have invited CCI’s (Citrix Certified Instructors) to feed in their comments regarding up and coming courseware for Project Delaware. I  would love to tell you all about it but it is all subject to NDA’s (Non Disclosure Agreements).

All I can say is… “It’s pretty cool.” I am really looking forward to the new product.

Heh heh heh!  - that whet your appetitie, didn’t it.

Cheers

Melvin

Application Streaming - In XenApp 4.5 (Presentation Server 4.5)

Citrix’s Admin Guide for Application Streaming says this:

The application streaming feature simplifies application deployment to end users. With the application streaming feature, you can install and configure an application on one file server and deliver it to any desktop or server on demand. Upgrading or patching an application is simple, because you are required only to update or patch an application stored in one place: on the file server.

But what is Application Streaming?

In a nutshell, Application Streaming involves profiling an application and storing that profile on a file server which can then be deployed to a client desktop. I always think of it as a mixture of Application Isolation Environment mixed with Installation Manager.

But what does profiling mean?

Profiling is the process of recording all the installation changes (registry, file system, plug-ins etc) of an application, and then compiling them into a profile file (e.g. *.profile).

But what if I use different client operating systems with different service pack levels?

A profile is made up of potentially many targets - one for each operating system, or service pack, or language or drive letter.

The trick is to ensure that there will be only  one possible matching application to be streamed. That is to say, targets cannot overlap.

Targets will appear in the file system as *.cab files.

To clarify:

A Profile is made of targets.

PROFILE: Adobe

    TARGET: Adobe: Windows XP

    TARGET: Adobe: Windows XP + SP1

    TARGET: Adobe: Windows 2000 Professional

    TARGET: Adobe: Windows Server 2003

Ideally we would want to have one Profile with one Target, which suites all operating systems and service Packs etc.

How will you know if this will be the case? Testing, Testing and more Testing.

The application will be deployed to the client device if the client has the Streaming Client installed. If the client does not have the Streaming Client installed, then the application can be configured to either not launch or launch from the XenApp Server. The XenApp servers have the streaming client installed by default.

The process is of streaming is achieved as follows:

The client or server will receive a .RAD file from the web server. The .RAD file has instructions for the streaming client for setting up the isolation environment as well as the location of the file server which stores the .profile file. The .profile file has the targets which are then sent to the client device for launching in the isolation environment.

Useful links:

• Application Streaming Video from Citrix - it lists all the links below.
• Streaming Guide CTX112526 Presentation Server 4.5
• Streaming Guide CTX113700 Presentation Server 4.5 Feature Pack 1
• Streaming Internals CTX110303
• Application Streaming: Delivery and Profiling Best Practices CTX114663
• Streaming Implementation Guide CTX113428
• Enhanced Security in Application Streaming for Desktops CTX110304
• Troubleshooting Application Streaming Issues CTX113304
• Citrix Support Forums: http://support.citrix.com/forums - Look for Application Streaming under Presentation Server 4.5 and Components.

Andrew reminded me of this one today…Ever wanted or needed to backup and restore your Presentation Server policies?

Mark Elliot posted a very handy little VB script to do just that.

Go to Brian Madden’s website to get it.

Full posting here: http://www.brianmadden.com/content/article/VB-Script-to-Backup–Restore-CPS-policies 

This isn’t strictly a Citrix article but it is useful nevertheless. My students often ask me how we create the virtual images that we use in class. I use both VMWare Player and Virtual PC 2007. Many students have used Microsoft’s Virtual PC 2007, but not many have actually set it up themselves. This is an excellent way of setting up some computers to assist you with your studies.

I will admit, I never compiled this little document - I lifted it from Trevor’s blog at www.grounding.co.za. 

Thanks Trevor.

Download VPC2007 from Microsoft - it is free - get it here.

Install VPC2007. Be sure to have sufficient resources (CPU, memory etc.) on  your computer to host the guest operating systems.

After you have installed Virtual PC on your machine, now is the time to create a VPC, follow the steps below:

Creating a Virtual Machine

To create a custom virtual machine

1. Open Virtual PC Console.
2. In Virtual PC Console, click New.
   
3. In the New Virtual Machine Wizard dialog box, click Next.
   
4. In the Options dialog box, click Create a virtual machine, and then click Next.
   
5. In the Virtual Machine Name and Location dialog box, type a name for the new virtual machine, and then click Next.
   By default, the wizard creates a new virtual machine configuration file (.vmc) and a new folder, both with the same name, in the My Virtual Machines subfolder of the My Documents folder. If you want to store the new folder and configuration file in a different location, type the full path for this location or click Browse to find it.
6. In the Operating System dialog box, in the Operating system list, select the operating system that you want to run on this virtual machine, or click Other if the operating system is not listed, and then click Next.
   
7. In the Memory dialog box, do one of the following:
   

• To accept the recommended memory allocation, click Using the recommended RAM, and then click Next.
• To modify the recommended memory allocation, click Adjusting the RAM, change the setting by moving the slider or by typing the number of megabytes, and then click Next.

1. In the Virtual Hard Disk dialog box, do one of the following:To use a previously created virtual hard disk

• Click An existing virtual hard disk, and then click Next.
• In the Virtual Hard Disk Location dialog box, type the name of an existing virtual hard disk file (.vhd).
• Select or clear the Enable undo disks check box, and then click Next.By default, the wizard looks for the virtual hard disk file in the My Documents folder. If the file that you want to use is in a different folder, type the full path for this folder or click Browse to find it.

To create a virtual hard disk for this virtual machine 

1.  
   1. Click A new virtual hard disk, and then click Next.