• Testing the New Teams in Citrix VDI

    by Ray Davis, CTA & Jacksonville CUGC Leader

    The purpose of this blog post is to share my preliminary testing comparing classic Teams with the new Teams. It’s important to note that these findings are not suitable for production environments, and my testing has been limited to basic assessments. I did not employ any automated tools or use LoginVSI. Instead, I relied on fundamental tools like procmon and process explorer.

    My goal was to observe the differences and assess the backward compatibility of Hdxengine, Webrtc, and other components present in classic teams. In summary, the new Teams feels lighter, and I am optimistic that Microsoft and Citrix are moving in the right direction. Building something substantial takes time, and, as the saying goes, Rome was not built overnight. Great things require patience and careful development.

     With the public preview release of the “new Teams,” I was very curious to see how it performed in a VDI setup. During my testing, I installed both Classic (electron-based) and New (webview2-based). There is nothing fancy here; I will be using Process Explorer and Process Monitor. Here are my specs on the VDI I was testing.

    OSWindows 10 Enterprise
    CPU1 socket, 2 Cores
    OptimizerBase 22H2
    1. Classic vs new installers
    Installer formatInstall locationAuto update
    Classic Teams MSI with the ALLUSERS=1 flagC:\Program Files (x86)\Microsoft\TeamsDisabled
    Classic Teams .EXE%localappdata%/Microsoft/TeamsEnabled
    New Teams .EXE bootstrapperTeamsbootstrapper.exe is a lightweight wrapper online installer with a headless command-line interface. It allows admins to ‘provision’ (install) the app for all users on a given target computer/.Enabled (and can be disabled via regkey, coming soon
     It installs the Teams MSIX package on a target computer, making sure that Teams can interoperate correctly with Office and other Microsoft software. 
    1. Install the Citrix VDA first; this was a legacy Microsoft Teams requirement for Citrix, and at this time, I am still following the mindset.
    1. On your persistent or non-persistent VM, run the following command as an administrator: teamsbootstrapper.exe -p
    1. You can see the installer options as well, to understand what it offers at this time.
    1. Profile and Cache location for new Teams Client
      • All the user settings and configurations are now stored in:
      • C:\Users\usernameAppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams
      • C:\Users\davis\AppData\Local\Packages\MSTeams_8wekyb3d8bbwe\LocalCache\Microsoft\MSTeams
      • Make sure this folder is persisted for proper Teams functioning.
      • Installer location for all users with the “-p” option.
    1. In the Microsoft document, it states the following:
      • In addition, you must deploy the following registry key on the VDA for the new Teams client to be optimized:
        • Location: HKLM\SOFTWARE\WOW6432Node\Citrix\WebSocketService
        • Key (REG_Multi_SZ): ProcessWhitelist
        • Value: msedgewebview2.exe
    1. If this registry key is missing, the new Teams client functions in nonoptimized mode (server-side rendering).
    1. Note: it’s a REG_MULTI_SZ key not a REG_SZ key.
    1. Classic Teams resource consumption at launch.
      • Starting with an Idle CPU base
    1. Teams opened on the session. This is the default with GPU hardware acceleration on.
    1. CPU handles from the launch.
    1. Teams HDX Optimized
    1. Turn off GPU hardware acceleration to see if there were any differences on Classic Teams.
    1.  CPU handles from the launch. Compared to number 13, it does seem somewhat better.
    1. Allowing it to go Idle before jumping on a call/meeting
    1. Tested a call and used Process Explorer to watch the CPU go up and down.
    1. Now, I am going to repeat the process with the New Teams
    1. HDX optimized for new Teams using the same Webrtc and HDXEngine
    1. USB device Devices came through okay.
    1. CPU handles from the launch.
    1. It does seem lighter and balanced out faster than the classic teams.
    1. Upon Opening the new teams, and within 5-7 seconds, this happens below. You can see the CPU go up, then go back down in time.
    1. Test call on the new Teams.
    1. Test meeting with the new teams in a meeting from my VDI to a Windows 10 PC at home on a Tmobile HotSpot
    1. On W10 VDI, the Camera is on, screen sharing is enabled, and the background is defined.
    1. I tried to capture what process explorer was doing during this time.
    1. This shows the CPU cycles during the testing for “the Camera is on, screen sharing is enabled, and the background is defined.”
    1. What I saw on the W10 PC (non-VDI) on my T-Mobile hotspot. Outside the network. This would represent what the other people see. I am just testing in a meeting with myself on two different devices.
    1. Citrix Monitor in DaaS, and showing the WebSocketAgent on the VDA is still being used.
    1. The is the PC where I am running the Workspace App. You can see that the HDX RTC Engine is still used.
    1. The next test I wanted to see if Citrix Monitor (Director) would still pick up the Webrtc channel. I added this to the VDA to see if I can pick up the meeting stats from HDX Monitor
      • HKLM\SOFTWARE\WOW6432Node\Citrix\HdxMediaStream
      • reg key value:
      • name: WebrtcDirectorIntegration
      • type: DWORD
      • value: enable(1), disable(0)
    1. Reversed Sharing, Meeting from the Non-VDI device, to see how the Webrtc looked on the receiving end of the new Teams.
    1. Test meeting with Classic Teams. Running a meeting from my VDI to a iPhone running Teams
    2. On W10 VDI, Camera on, screensharing on, and background on.
    1.  This shows the CPU cycles during the testing for “the Camera is on, screen sharing is enabled, and the background is defined.”
    1. Reverse sharing from iPhone to VDI session
    1.  This shows the CPU cycles on reverse sharing etc, testing for “the Camera is on, screen sharing is enabled, and the background is defined.”

    Microsoft Team Process  while in use.

    1. The user initiates the Microsoft Teams application.
    2. Microsoft Teams undergoes authentication with Microsoft 365, which results in the enforcement of tenant policies within the Teams client.
    3. Relevant TURN and signaling channel details are communicated to the Teams application.
    4. Microsoft Teams recognizes its operation on a Virtual Desktop Infrastructure (VDA) and initiates API calls to the Citrix JavaScript API.
    5. Within Microsoft Teams, the Citrix JavaScript component establishes a secure WebSocket connection to WebSocketService.exe, running on the VDA. WebSocketService.exe operates under the Local System account and listens on
    6. WebSocketService.exe is responsible for TLS termination, user session mapping, and the initiation of WebSocketAgent.exe, which now operates within the user’s session.
    7. WebSocketAgent.exe establishes a generic virtual channel by interfacing with the Citrix HDX Browser Redirection Service (CtxSvcHost.exe).
    8. The HDX Engine of Citrix Workspace app, wfica32.exe, spawns a new process known as HdxRtcEngine.exe (or HDXTeams.exe in versions prior to Workspace app 2009.6). This new process serves as the WebRTC engine for Teams optimization.
    9. HdxRtcEngine.exe and Teams.exe establish a bidirectional virtual channel, enabling the processing of multimedia requests.
    10. User A initiates a call to User B. Teams.exe communicates with the Teams services in Azure to establish an end-to-end signaling pathway with User B.
    11. Teams running on the VDA consults HdxTeams (HdxRtcEngine) to acquire a set of supplementary call parameters, including codecs and resolutions, referred to as the Session Description Protocol (SDP) offer. These call parameters are then transmitted through the established signaling path to Teams services in Azure and onward to User B.
    12. The SDP offer/answer exchange and Interactive Connectivity Establishment (ICE) checks are successfully completed.
    13. ICE checks for NAT and firewall traversal are accomplished through Session Traversal Utilities for NAT (STUN).
    14. Secure Real-time Transport Protocol (SRTP) is used for the transmission of media between HdxRtcEngine.exe and User B.
    15. In the case of a meeting, SRTP is used for media transmission between HdxRtcEngine.exe and the Microsoft 365 conference servers

    Resources for references

    Optimization for Microsoft Teams

    Troubleshooting HDX Optimization for Microsoft Teams (updated frequently)

    Quick comparison.

    Classic Team launched

    CPU handles from the launch.

    Test call and used Process Explorer to watch the CPU go up and down.

    In a meeting      

    New Teams launched

    CPU handles from the launch.

    Test call and used Process Explorer to watch the CPU go up and down.

    In a meeting


    This wraps up my initial testing for now. As I mentioned, it was basic testing, and I anticipate that this will evolve into a more extensive and detailed discussion over time. In general, the new Teams exhibits a lighter feel and consumes less RAM. While the CPU does experience an impact compared to classic Teams, the duration of this impact is significantly shorter. I’ve noticed that the interface is much more responsive. It’s important to note that this testing focused specifically on meetings, calls, backgrounds, and sharing. It did not encompass tasks such as using Outlook, scheduling meetings, and engaging with Teams in a day-to-day context. Additionally, I want to emphasize that this is solely testing, and I strongly discourage using it in a production environment. There are still too many uncertainties in the VDI space.

  • Citrix WEM Database Migration

    by Ray Davis, CTA & Jacksonville CUGC Leader

    In the exciting journey of the past year, I embarked on a project that took me back in time to 1912 (not literally, of course). My mission? To perform a daring upgrade from  CVAD 1912 LTSR to 2203 LTSR for one of our cherished customers. But that’s not all; this adventure included migrating databases to a new SQL Availability Group (AG).

    To make things even more thrilling, I also had to revamp the Citrix WEM environment from 1912 to 2206 (at that time). Also, remember that there is no LTSR for Citrix WEM, only the current release. Citrix Workspace Environment Management is covered by the Current Releases (CR) lifecycle of Citrix Virtual Apps and Desktops. Current Releases will reach the End of Maintenance (EOM) 6 months after general availability (GA). Current Releases will reach End of Life (EOL) 18 months after GA. You can find more information about this here: Citrix Product Matrix – Citrix

    I won’t delve into the nitty-gritty details of those upgrades because there are already countless blogs out there that can walk you through the process. I even have one on CUGC that you can use as a reference if needed. It goes over just about everything. It’s older, but it will guide you. How I Upgraded My Site From 7.15 Flat All the Way to 1912 | BLOGS (mycugc.org)

    Instead, I’m here to guide you through a vital aspect of this escapade – the seamless migration of the WEM database from one SQL environment to another. It’s essential to keep in mind that there are numerous paths to achieving the same goal. In my humble opinion, there’s no definitive “right” or “wrong” way to accomplish this task. The world of database migration is versatile, and many different tools and methods can lead you to success.

    For my particular journey, I chose a specific route to perform this migration. Your journey might take a different path, and that’s perfectly okay. What matters most is the end result of a successful database migration that meets your unique needs and preferences. So, let’s explore my chosen method and keep in mind that flexibility is the key to mastering this process.

    Before we dive into the details of this blog, please note that what you’ll find here is essentially an outline based on my lab experience, serving as a roadmap for the steps I performed for my customer.  I want to stress the importance of collaboration in the process. Working closely with your Database Administrator (DBA) and security team is a smart move to ensure everything is set up correctly and securely before you kick off this operation.

    Often, one question I get asked is, Is there downtime? Technically speaking, no. The reason is the WEM agent Cache DB on the VDAs if the backend WEM environment is down. Now, this doesn’t mean performing this during the day. What I am saying is WEM has great resilience built into the product. However, it’s crucial to clarify that this doesn’t imply you should perform the migration during regular working hours. What I’m emphasizing is that WEM boasts impressive resilience built into its core functionality. So, while planning your migration, keep in mind that there won’t be downtime, but it’s still wise to choose a suitable window for this operation to ensure a smooth transition.

    These are the required Ports that Citrix WEM needs, more importantly, the SQL side.

    Infrastructure serviceAgent hostTCP49752“Agent port”. Listening port on the agent host which receives instructions from the infrastructure service.
    Administration consoleInfrastructure serviceTCP8284“Administration port”. Port on which the administration console connects to the infrastructure service.
    AgentInfrastructure serviceTCP8286“Agent service port”. Port on which the agent connects to the infrastructure server.
    Agent cache synchronization processInfrastructure serviceTCP8285“Cache synchronization port”. Applicable to Workspace Environment Management 1909 and earlier; replaced by Cached data synchronization port in Workspace Environment Management 1912 and later. Port on which the agent cache synchronization process connects to the infrastructure service to synchronize the agent cache with the infrastructure server.
      TCP8288“Cached data synchronization port”. Applicable to Workspace Environment Management 1912 and later; replaces Cache synchronization port of Workspace Environment Management 1909 and earlier. Port on which the agent cache synchronization process connects to the infrastructure service to synchronize the agent cache with the infrastructure server.
    Monitoring serviceInfrastructure serviceTCP8287“WEM monitoring port”. Listening port on the infrastructure server used by the monitoring service. (Not yet implemented.)
    Infrastructure serviceMicrosoft SQL ServerTCP1433To connect to WEM Database
     Citrix License ServerTCP27000“Citrix License Server port”. The port on which the Citrix License Server is listening and to which the infrastructure service then connects to validate licensing.
      TCP7279The port used by the dedicated Citrix component (daemon) in the Citrix License Server to validate licensing.

    If you’re anything like me, you’re a stickler for data and details. It’s only natural to want to see concrete evidence of how things are progressing, especially when undertaking a task as critical as database migration. While enabling logging isn’t mandatory, I highly recommend it. Why, you ask? Well, logging allows you to track and verify the entire process, ensuring that your database migration is reporting accurately.

    Enabling logs also provides a sense of satisfaction when you can look back and say, “I did it, and I did it right!” So, let’s dive into this journey, take control of our data, and bask in the glory of a successful database migration with confidence.

    Logging if needed.

    1. Open the WEM Infrastructure Service Configuration Utility from the Start menu.
    2. On the Advanced Settings tab, select Enable debug mode.
    3. Click Save Configuration and click Yes to start the service to apply the change.
    4. Close the WEM Infrastructure Service Configuration Utility window.
    5. By default, this log file is located in %PROGRAMFILES(X86)%\ Norskale\Norskale Infrastructure Services
    6. Citrix WEM Infrastructure Service Debug.log is the name of the log
    Citrix WEM Infrastructure Service Config

    Step 1

    1. Snapshot WEM Servers
    2. Backup from old SQL server
    snapshot WEM servers
    1. I left the defaults, and you would want to put it on a SAN/NAS like a Exagrid or data domain. Depending on your SQL backup requirements.
    2. Click OK to start the backup.
    Backup database WEM lab
    Backup database WEM lab

    Step 2

    1. Copy the account over with command.
    2. You need to import the DBA tools (Note: other 3rd party SQL tools can do this for you.)
    3. In this instance, I did it with dbatools
    4. If you have tools that do this then it may not be needed
    5. No internet access https://github.com/dataplat/dbatools/discussions/7984
    6.  if you have internet access move to c)
    7. Internet access “Install-Module dbatools”
    8. Check both ways : Get-Module dabtools -ListAvailable
    9. You need to copy the accounts over but using this: Copy-DbaLogin -source SQLServer -Destination SQLServer
    copy dbalogin

    Step 3

    Restore to new SQL server.

    1. I will post some pictures from another blog post I did, where I restored a CVAD DB. The steps are the same. Ignore the Server name and DB names, though.
    2. We need to remote into the new SQL Server and Restore the Databases.
    3. In this case, it’s LABSQL02. Do this for each Database independently.
    restore new SQL server
    restore database
    restore database
    select backup devices
    Restore databases - Citrix lab site
    1. Verify mappings and VeumUser accounts

    Step 4

    1. Open WEM Infrastructure Service Configuration on the WEM Infrastructure servers.
    2. It will show the Old Database here.
    WEM infrastructure service configuration
    1. In the Database Settings. Set the Name in the Database Server and Instance to the New Name.
    WEM infrastructure service config
    config management
    1. Don’t set anything in “Database Failover server and instance.”
    2. Put the Database name in “Database Name.”
    3. Save settings.
    4. Open Workspace Service Configuration, ensure all settings match, then click save.
    5. WEM will now open and connect to the Database along with the configuration sets.
    6. Check Event Logs for Errors
    event logs
    refresh agent host settings

    Step 5 Verify Logs for successful migration

    1. The log file is located in %PROGRAMFILES(X86)%\ Norskale\Norskale Infrastructure Services
    2. Citrix WEM Infrastructure Service Debug.log is the name of the log.

    With that, we wrap up our database migration journey. My hope is that the insights shared here will prove beneficial to someone within the vibrant Citrix community. The world of IT is all about sharing knowledge and experiences, and I’m thrilled to have had the opportunity to contribute to that ethos. So, as we conclude this chapter, remember that every step in your IT adventure is an opportunity to learn, grow, and support others. Here’s to successful migrations and the spirit of collaboration in the Citrix community!

    More recent CUGC blogs:

  • On-Prem New and Cool

    by Amir Trujillo, Product Engineer Specialist, Citrix

    Time flies, and during the last year Citrix has released multiple new features for On-Prem environments based on customers feedback and how technology is evolving using advanced features such as automation, zero trust security access, new user experience and homogeneous administration.

    As a supplement to the material presented at our CUGC XL Great Plains on Oct 4 in Omaha, NE, in this blog post, I’m going to summarize why Citrix On-Prem is New and Cool.

    Let’s focus on three main pillars of this On-Prem new release: enhanced User Experience, Citrix Administration and Security.

    Everybody knows that time is money or can save lives, and being on the phone trying to resolve easy issues could take hours. As a result, Citrix ITSM service + ServiceNow has so many benefits for end users, including:

    • Reducing problem resolution and resources procurement by utilizing the Self-service / Virtual agent from 30-45min to less than 5 min.
    • Request access Desktops and Applications (automatic approval), VM power management, Profile reset and troubleshooting.
    • Cost optimization. Success stories show that customers can save thousands of dollars based on the correct resource planning based on the Data generated from the ServiceNow and Citrix Statistics feature.
    • Quick access to knowledge base

    The above video shows how Session Reset works from an end user experience using the Citrix ITSM + ServiceNow using the Virtual Agent.

    CVAD ITSM Adapter Service

    In addition, here is the Architecture Diagram for your reference, which summarizes integration in 3 easy steps:

    1. Install the ITSM connector on your ServiceNow instance. You can download it from the ServiceNow store.
    2. Create a Citrix Cloud account and Install the Cloud Connector software on a dedicated Windows server. This is going to be the agent to make the connection between your on-prem environment and the Citrix ITSM service (site aggregation).
    3. Connect you ServiceNow Instance to ITSM service.
    Architecture diagram

    You can also find great resources in Citrix documentation, podcasts, and don’t forget to watch the CUGC webinar: ITSM + ServiceNow: From Zero to Hero where we discussed ITSM administration, configuration and user experience.


    The new WebStudio console comes with new features for your On-prem environment that only were available for Citrix Cloud (DaaS). With that, we bring all the technology to CVADs too.

    I’m going to show you two of the new advanced cool features: Backup and Restore and Autoscale.

    • Backup and Restore

    With this feature you can back up and restore the current state of your on-prem Citrix Site. Think of this as a snapshot that creates configuration files (.yaml files) that you can manually edit and use for either restore your site or make some changes to it.

    This feature is based on the Automated Configuration Tool, which is a PowerShell SDK that is installed on your environment to connect to your site and run the backup and restore.

    The flexibility of this tool allows you to restore granular components by specifying either a single app, delivery group, machine catalog and so forth.

    The step-by-step configuration guide is available in the Citrix TechZone.

    Citrix on-prem new features - CVAD Backup
    • Autoscale

    This Power Management feature historically is used for cost management in hybrid environments, no matter if you have all your workload in your own Datacenter or hybrid with any cloud provider.

    Autoscale allows you to create policies to schedule VM power management based on date or user load, also if this is during peak hours on a special event. In addition to that, it evaluates the session state and allows you to determine actions based on disconnection and log off times, triggering the VMs to be either suspended or powered off.

    As a summary, you have the following options with Autoscale for On-Prem:

    • Scheduled-based and load-based setting for power management
    • Dynamic session timeouts
    • Autoscale tagged machines
    • User Logoff notifications

    The above video explains how Autoscale works and you can get more detail of the configuration by referring to the Citrix Documentation.

    Manage Autoscale

    Pillar 3: SECURITY

    Great news, Secure Private Access (SPA) for On-Prem environments is now GA!

    Secure Private access is part of the ZTNA (Zero Trust Network Access) solution that will use your existing Netscaler and Storefront integration to provide access to Web and SaaS applications with enhanced Security Policies trough Workspace App and the use of Citrix Enterprise Browser as centralized-managed browser.

    In addition, the Secure Private Access solution for on-premises provides the following benefits:

    • No changes required to the existing architecture or deployments to use this solution.
    • Enables single sign-on to the apps and reduces the dependency on the traditional VPNs.
    • Enable contextual security controls based on the context (user group, device, network location)

    In the following video, you can watch 3 use cases and the user experience of SPA On-Prem:

    How to configure SPA on your On-Prem environment? We can summarize the deployment in four steps:

    1. Publish the apps
    2. Publish the policies for the apps
    3. Enable routing of traffic through NetScaler Gateway
    4. Configure authorization policies

    For a step-by-step configuration guide, please refer to the following documentation.

    Citrix On-Prem new features diagram

    As you can see, On-Prem has a lot of new features that allows you to maximize the Administration of your environment use of all the advanced technology through the new WebStudio console, provide an enhanced and secure user experience through Secured Private Access (SPA) and reduce cost and wait times with the use of AI through Citrix ITSM service + ServiceNow integration.

    Stay tuned for more information about new features and don’t forget to register for the next CUGC events!

    Recent CUGC blog posts:

  • Recap: CUGC Great Plains XL 2023

    by Steve Elgan, CTA & Omaha CUGC leader

    The 5th CUGC Great Plains XL event on October 4th, 2023, hosted by the Omaha, Kansas City, and Central Iowa groups, was a resounding success! It took place at Charles Schwab Field, known as the home of the College World Series. As the pioneers of the XL platform within CUGC, our region has consistently drawn significant attendance to our XL meetings year after year. This year, we are proud to report an impressive 85% retention rate for sign-ups!

    We greatly appreciate our sponsors for helping to make sure these events continue:







    Owen Reynolds kicked off our event as the first speaker of the day. Do you recall the OSI Model we studied during our IT degree programs back in college? Owen emphasized the continued importance of this model and how we can harness free tools to troubleshoot issues in our IT environments. One intriguing insight he shared was the distinction between the IT profession and engineering. He drew an analogy by pointing out that the building in which we sat was constructed following established frameworks and engineering principles. Many engineers wear a ring featuring a bridge as a reminder of “that bridge that failed.” In contrast, IT lacks an equivalent set of principles, but our OSI Model serves as the closest thing we have.

    Jason Samuel was our next presenter, and he delved into the significant changes that have transpired at Citrix in the past year. He emphasized how these changes have shifted the focus towards meeting customer needs rather than solely catering to investor interests. It was evident that Citrix is keen on gathering valuable feedback from customers to enhance their offerings. Additionally, Jason showcased a demo of Web Studio, a feature that has been accessible to Citrix Cloud customers for several years but is now extended to on-premises customers starting with version 2212. He showed the audience a video created by Scott Osborne in which the features and layout of Web Studio are identical to the legacy MMC version of Studio. This will make it much easier for operational transition to the new version.

    Scott Lane, the Citrix demo expert, effectively dispelled our post-lunch drowsiness with a captivating presentation. He showcased the contrasting effects of Microsoft Teams optimized configurations versus standard configurations. To illustrate these differences, Scott presented video examples showcasing the user experience disparities between optimized and non-optimized Teams experiences on Citrix. In meticulous detail, he elucidated how Citrix can offload processing to endpoints, optimizing video calls within the Virtual Delivery Agent (VDA) for enhanced efficiency. Moreover, he delved into the various deployment scenarios, shedding light on their respective trade-offs in terms of user experience, performance, and management overhead. Citrix is poised to swiftly adapt and provide comprehensive support for optimizations and feature parity when Teams 2.0 is launched.

    Shane Kleinert delivered an engaging presentation on Citrix Session Recording. Citrix has improved this tool by adding features like analytics, triggers, and other mechanisms to help users navigate recordings and identify incidents more efficiently. If you’re a Citrix Cloud customer, you’ll appreciate a web interface that resembles Web Studio in its appearance. On-premises customers can access many of the new features but need to use the legacy MMC console, at least for now.

    Amir Trujillo concluded our presentations by showcasing the exciting new features recently introduced by Citrix. These features include the integration of Citrix with ITSM/Service Now and the introduction of Citrix Secure Private Access with Enterprise Browser. Enterprise Browser has been available for Citrix Cloud Customers but is now available on-prem.

    Thank you to our CUGC Staff for all of their help to make this event successful. We could not do this without your support. Thank you to the local leaders of Omaha, Kansas City, and Central Iowa.

  • How to Migrate GPOs from Microsoft to Citrix WEM

    by Ray Davis, CTA & Jacksonville CUGC Leader

    In this quick post, I will go over how to successfully migrate native group policy objects (GPOs) and inject them into Citrix Workspace Environment Manager (WEM). Many organizations rely heavily on GPO in their current Citrix VDA space. Some often wonder how to put them all in WEM or if it’s a good idea or not. I say it depends on the use case.

    WEM, hands down, will take the login experience and dramatically reduce the login times by simply moving the GPP aspects into WEM. On the computer side of the GPO, I am not 100% sure if the juice is worth the squeeze. Computer GPO applies at machine startup, and it is speedy. But a good use case is where the Citrix Admin doesn’t have rights to GPO to manage them. This will enable them to control these aspects from a Citrix Administrative side by using WEM to apply all GPO from this product.

    I was working with a client to migrate all the current GPOs they had applied the native way. Then, migrate them to WEM. When I speak of the word migrate, I am referring to backing up the GPOs, importing/migrating them into Citrix WEM, and applying them to a subset of VDAs for testing. This ensures that the current production setup is not impacted if something does not apply correctly in the use case here.

    If you need more information, I encourage you to read James Kindon’s “Migrating GPO settings to WEM” blog. Migrating GPO settings to WEM | James Kindon (jkindon.com). In this blog, he goes over more examples for different use cases.

    (See also WEM Advanced Guidance – 2023, recently updated by James Kindon.)

    1. The first thing is to back up a GPO and store it in a location you can import into WEM.
    2. The example below shows me backing up my AV exclusions.
    GPO Backup
    Backup Group Policy Object
    Backup dialog
    Backup progress
    1. The GPO must be a ZIP format for WEM to process it.
    Create zip file
    1. In these examples, I am using the WEM service. But the process is the same for those who have Citrix WEM on-premises.
    2. Go to DaaS and use either the Web WEM console or Legacy WEM console.
      1. WEB
    3. Select your desired configuration set.
    configuration sets
    1. Click on “Group Policy Settings”
    GPO Settings
    1. Click Import
    GPO settings dialog
    1. Browse to the backup of where you store the GPO after it was backed up.
    Import GPOs
    File library
    1. Import the Zip file
    Import GPO dialog
    1. Below shows the import of the GPO from Microsoft GPO into WEM.
    Import display
    1. If you are using the Legacy WEM console, here are some screenshots of the same process.
    Legacy console GPO import
    Legacy console
    Legacy console
    Legacy import
    1. I already have this GPO; I will select and overwrite in this case. This example shows you how to do it via the legacy console. Then click Start Import,
    legacy import start
    legacy group settings
    1. To see the settings, edit the imported file.
      1. Legacy Console
    legacy console import edit
    1.  It takes the GPO and imports all the Registry settings that contain what the GPO is made up of, such as all the registry settings.
    registry settings
    1. To see the settings, edit the imported file.
      1. WEB Console
    Web console settings
    Edit GPO
    1. Assigning the action.
      1. WEB Console
    GPO assign actions
    1. In this example, I chose everyone, which applies to users and computers. In most production cases, you can do groups or conditions.
    2. **NOTE**
      “You can assign the GPO to different AD groups, just like you assign other actions. If you assign GPOs to an individual user directly, the settings do not take effect. A group can contain users and machines. Machine-level settings take effect if the related machine belongs to the group. User-level settings take effect if the current user belongs to the group.”
    Manage assignments
    1. Reference for the Legacy Console, for comparison in showing if you do it via the Web console. It will show like this in the Legacy console.
    2. The Priority is how it is applied.
      1. https://docs.citrix.com/en-us/workspace-environment-management/current-release/user-interface-description/actions/group-policy-settings.html#contextualize-group-policy-settings
      1. “Type an integer to specify a priority. The greater the value, the higher the priority. Settings with higher priority are processed later.”
    File directory
    1. Assigned the action.
      1. Legacy Console
    2. In this example, I chose everyone, which applies to users and computers. In most production cases, you can do groups or conditions.

      “You can assign the GPO to different AD groups, just like you assign other actions. If you assign GPOs to an individual user directly, the settings do not take effect. A group can contain users and machines. Machine-level settings take effect if the related machine belongs to the group. User-level settings take effect if the current user belongs to the group.”
    File directory
    Assign filter
    Assigned filter
    1. Reference for the WEB Console, for comparison in showing if you do it via the legacy console. It will show like this in the WEB console.
    GPO regisrty
    1. Let’s reboot a VDA and see the results.
    2. I logged in before, as I have this applied already, But I updated it with the new WEM AV exclusion they released in May 2023. The registry will update the list to reflect what I am missing.
    file directory
    1. Last cache sync
    1. Rebooting now.
    Restart screen
    welcome screen
    connection status
    1. GPO were successfully updated.
    filed directory
    1. Before the antimalware was around 47%-50% of CPU.
    task manager
    1. Event Logs
    2. I can see the GPO proceed, but I am unsure how to show what GPO applied from logs yet. This could be me not knowing where it logs it yet. Perhaps it does, and I am missing it. So, the only thing I can see is that the computer GPO components are processed. (More to this on line 34).
    gpo components
    WEM agent service
    WEM agent service
    1. After researching this, I had Sharp Gou reach out and explain to me where these logs are located.

      View log files | Workspace Environment Management 2303 (citrix.com)
    1. Citrix WEM Agent Host Service Debug.log. The log that lets you troubleshoot issues with the Citrix WEM Agent Host Service. By default, this log file is located in %PROGRAMFILES(X86)%\Citrix\Workspace Environment Management Agent. To enable logging, be sure to enable Debug Mode for the relevant configuration set on the Administration Console > Advanced Settings > Configuration > Service Options tab. You now will see the GPO processing in that log file. Thank you, Sharp Gou. In this log, you will see the GPO applied and processed.
    1. We can verify in the Windows Defender section (windows) as well for the GPOs.
    1. What happens if I need to remove it? What happens if now?
    2. Go back to the area and unassing it.
    GPO Settings
    Manage assigntments
    1. Reference for the Legacy Console, for comparison in showing if you do it via the Web console. It will show like this in the Legacy console:
    web consol - legacy
    1. Reboot the VDA again. According to Citrix, if you restart the WEM Agent Host, it will take effect immediately. (Machine Level GPO)
    WEM tip
    1. User level
    WEM tip
    1. Before:
    file directory before
    WEM agent host restart
    Restart other services
    1. After: it’s empty now:
    Registry editor
    Registry editor
    1. I will reboot anyway, to show you how vital AV exclusion is needed.
    2. CPU % with Antimalware process.
    Task manager
    1. Processing is slower as well.
    Agents summary
    Task manager WEM
    1. Add the GPO back in WEM
    2. The WEM agent processed exceptionally quickly in my testing.
    3. Other questions I get at times: what is the purpose of Migrating vs. Importing?

      a. The Migrate button in the legacy console below allows you to convert user GPPs into a readable XML file that WEM can use in user actions, where Import takes the whole GPO and imports it in. From what I found where you have GPP policies, the migrate option does the trick.  In cases where you have the standard GPO settings, the Import will bring over the settings that make up the ADMX.
    config screen
    1. Example: I have a GPP applying some mapped drive with Item-level targeting on myself.
    2. Loopback is set to replace being I am applying a user policy to the Citrix VDA.
    drive maps

    d. Added more to show you the value of a quick summary of how GPP/loopback can potentially slow logins down. This is not a lousy login, but it’s just a tiny example.

    drive maps
    Devices and drives

    e. By adding a couple of drives, it added 1.4-1.6 seconds. Sure, that is not bad. But that is 1.4-1.6 seconds more than I did not have before—another reason why WEM is the go-to here, IMHO.

    WEM code
    1. I will back up the GPO as I did above.
    Backup group policy object
    1. I will unlink the Mapped Drive GPO before importing it for testing.
    2. Now, I will migrate the GPP to an XML format for WEM to understand.
    Upload button
    configuration screen
    migrate file
    1. I kept getting the error, and I did not understand why. After messing around for a bit, I discovered that when I create a customer folder for the GUID and zip it. It was not too fond of that.
    2. So, When I backed up the GPO, I only kept the GUID name instead.
    Migrate progress
    file directory
    migrate file
    migrate conversion
    migration summary
    1. Now click on Restore.
    config set
    restore wizard
    restore actions
    1. You will see the File you named when you converted it from the GPO backup. Also, you will see the Network drive icon light up, ready for it to be selected.
    restore source
    restore actions
    restore actions processing
    restore wizard

    Now, you will see the Network drive in the actions for the user side.

    user side network
    1. Assign it to the user of your choice. Everyone in my example.
    file directory
    assign drive letter
    assigned list
    1. I needed to go into the “Advanced settings > Main Configuration > Check= Process Virtual Drives.”
    config set
    1. I am going to reboot the VDA now. Remember, GPO was unlinked, GPO was backed up, Converted to the WEM XML format, Then WEM XML format, we restored with the Actions, and lastly, it was assigned to a user. (Everyone in this case.)
    file directory
    1. To verify WEM is doing it.
    wem verify
    1. Another way is to put in a description of the actions.
    action descriptions
    1. You can let WEM update on its own or refresh the cache.
    2. As you can see below, the Drives that I had in the native GPMC is now applying via WEM.
    filed directory

    I hope you found this helpful in your journey if you are considering this technology. Citrix WEM is an excellent product and keeps improving as time goes on. Thank you, Citrix, for the great tool 😊

    Another option, before WEM could do this, was to use a tool made by Arjan Mensch. It allowed you to convert the GPPs via PowerShell. I still use this today, and it’s another excellent tool to save as an ace in your back pocket. Powershell Module for Citrix WEM – Part 1 – Application actions | msfreaks (wordpress.com)


    Group Policy Settings | Workspace Environment Management 2308 (citrix.com)

    Workspace Environment Management service (citrix.com)

    Agent system Settings around GPO
    Agent | Workspace Environment Management 2308 (citrix.com)

  • Configure NVIDIA License Server On-Prem and Integrate with MCS Provisioned Persistent Catalog

    Uddave Jajoo by Uddave Jajoo, CTA & Indianapolis CUGC Leader

    In 2021, I was asked to migrate the vGPU enabled VMs from one platform to another as our customer was migrating from VMWare Horizon to Citrix XenDesktops. I did not have enough knowledge about NVIDIA and how the GPU processing work in highly intensive graphics processing applications.

    I took help from community members and support teams (both Citrix and NVIDIA) and deployed the solution to provision NVIDIA vGPU-enabled Citrix VDIs on vSphere. This blog post was created 2 years ago but was not published that time. However, I am happy to publish it now to the community so that others could also benefit from it.

    (See also: Configuring NVIDIA vGPU VMs in Azure with Citrix DaaS.)

    Below are the overall configuration steps covering deployment of all the major infrastructure and other components.

    1. NVIDIA vGPU License Server Deployment
    2. Pre-Requisites Open JDK installation
    3. NVIDIA License Server Installation
    4. Access License Server management Interface
    5. Creating license server on NVIDIA portal
    6. Creating VDI Master Image (NVIDIA Driver Installation and vGPU profile)
    7. VDA installation and Machine Catalog creation
    8. Configuring Virtual Machine to enable vGPU profiles
    1. Install OpenJDK JRE on the server as prerequisite component before installing vGPU License server component
    2. Download java-1.8.0-openjdk-
    OpenJDK Dialog
    1. Run the MSI installer and proceed with the installation wizard
    2. Click Next
    3. Click Next and Install
    4. Monitor the installation and click Finish
    OpenJDK Setup
    Open JDK Custom Setup
    Installing OpenJDK
    OpenJDK Install Complete
    1. Configure system environment variable on the server pointing to jdk location.
      • Edit the System Environment Variables.
      • Add the location of the bin folder of the JDK installation to the PATH variable in System Variables.
      • The following is a typical value for the PATH variable: C:\WINDOWS\system32;C:\WINDOWS;”C:\Program Files\Java\jdk-11\bin”
    System Properties Dialog
    1. Set JAVA_HOME: 
      • Under System Variables, click New. 
      • Enter the variable name as JAVA_HOME
      • Enter the variable value as the installation path of the JDK (without the bin sub-folder). 
      • Click OK. 
    System Variables dialog
    1. Configure the PATH environment to enable to run JAVA from a command prompt
      • Select the System variables “Path”
      • Click Edit
      • Click on New
      • Type “%JAVA_HOME%\bin” 
      • Click OK.
      • And OK again to apply changes.
    Java home directory
    Java home
    1. Verification:  
      • Change to the Java directory 
      • Type java.exe -version 

    Legacy License server is set to EOL by July 2023, hence NVIDIA offers two different methods for provisioning license server. (DLS) On Premise and Cloud(CLS). In this blog, I am going to cover how to setup a CLS based license server. Steps are very simple and described properly in the NVIDIA documentation as well.

    License System User Guide – NVIDIA Docs – Converting Legacy NVIDIA vGPU Software License Servers to NLS License Servers

    1. Right click the setup file and select run as administrator to proceed with configuration of license server
    Application Tools
    1. Open administrative command prompt and navigate to the setup folder and launch setup.exe
    2. When prompted select allow the file to launch, select Allow this file and click OK.
    3. Wait for the setup file to launch and navigate through the wizard.
    4. Click Next in the Introduction Tab
    5. Click Next for EULA
    6. Click Next for Accepting the Apache License
    NVIDIA License Server Intro
    NVIDIA Licens Agreement
    NVIDIA Apache License Agreement
    1. Select the location as default and proceed further with installation, click Next.
    2. In the Choose Firewall Options dialog box, select the ports to be opened in the firewall.
    3. To enable remote clients to access licenses from the server and prevent remote access to the management interface, use the default setting, which sets ports as follows:
      • ‣ Port 7070 is open to enable remote clients to access licenses from the server.
      • ‣ Port 8080 is closed to ensure that the management interface is available only through a web browser running locally on the license server host.
    4. Click Install and proceed further with the installation process.
    NVIDIA Choose Install Folder
    NVIDIA Choose Firewall Options
    NVIDIA Pre Install Summary
    1. Wait for the License Server installation script to execute
    2. Click Done once installation is complete.
    Executing NVIDIA License Server script
    NVIDIA Install Complete
    1. In a web browser, visit the home page for license server management interface HTTP: http://localhost:8080/licserver
    2. If administrative security is enabled for the license server, log in to the license server.
      • In the license server management interface, select Login.
      • In the Login page that is displayed, enter your user name and password for logging in to the license server and click Authorize.
    NVIDIA Licensed Clients

    The default credentials for the license server administrator account are as follows:
    ‣ admin

    1. Record the license server’s MAC address, by launching the license server management console and navigating to configuration
      MAC Address – 00-XX-XX-XX-XX-XX-00 Note to change the MAC address binding on vecneter level
    2. Add Environment variable on the license server as below, this is needed to ensure the nvidialsadmin utility commands run perfectly fine.
      Variable Name:- FLEXNETLS_BASEURL
      Variable Value:- http://localhost:7070/api/1.0/instances/~
    3. Reboot the server
    4. Enable Administrative security for license server
      Perform this task in a command shell on the license server host.
      Set the property security.enabled to true.
      nvidialsadmin -config -set security.enabled=true Updated the property:security.enabled with value:true successfully
    Edit System Variables
    Admin C:
    1. Authenticating with license server
      To provide your password in the command, specify the credentials as follows:

      nvidialsadmin -authorize username password

      In any subsequent nvidialsadmin command, users must provide the required credentials for authenticating with the license server
    2. Run status check on the license server
      nvidialsadmin -authorize admin Admin@123 -status
    Check license server
    Check license server version
    1. Login to NVIDIA Dashboard link to register the license server on portal
    2. Login with the Organization user credentials and create License Server
    License Servers login
    1. On the NVIDIA Licensing Portal dashboard, click CREATE LICENSE SERVER.
    2. If you are adding a license server to an organization or virtual group for which a license server has already been created, click CREATE SERVER.
    3. Enter the details as below:
      ServerName: TestNVIDIA
      Description: License Server for NVIDIA vGPU
      MAC Address: 00-XX-XX-XX-XX-XX-00
      Select product – Virtual PC 2.0-10 Licenses
      Click Add Click create license server
    Create License Server
    1. Verify the License server details along with the available license displayed in portal
    License Server verify
    1. Download the License File
    Download license file
    1. Login to License server and upload the license file to the server.
    2. Navigate to Licensed Feature Usage
      Verify the details for the License added to the console.
    License Management
    Licensed feature user

    For vGPU card installation on vSphere or hypervisor please refer to the links: https://blogs.vmware.com/apps/2018/09/using-gpus-with-virtual-machines-on-vsphere-part-3-installing-the-nvidia-grid-technology.html


    1. Create a new VM and install NVIDIA and VDA agent.
    2. In our case virtual machine was cloned from existing WIN10 Master image.
    3. Uninstall VDA from the image.
    4. Shutdown the machine
    5. Navigate to VMware vcenter, and locate the virtual machine.
    6. Click on Edit settings and add Shared PCI Device, Click Add and select the vGPU profile and click Reserve all Memory
    7. The New Shared PCI device with vGPU profile will show as configured
    8. Select Ok to complete the configuration
    Edit Settings
    1. Power on the virtual machine and monitor through remote console.
    2. Login as administrator
    3. Open Device Manager, it will show Microsoft Basic Display Adapter with exclamation mark, which is normal

      NVIDIA vGPU vSphere VIB version and NVIDIA driver for Windows version need to match
    4. Locate the media for NVIDIA driver and copy to local C Drive
    5. Right click on the NVIDIA driver setup file and run as administrator
    6. Select Yes to allow the UAC
    7. Leave the extraction path as default and click OK.
    Device Manager
    NVIDIA Display Driver
    NVIDIA Display Driver International
    1. In the installation wizard, select Agree and Continue and proceed further
    2. Installation options select, Custom (advanced), it would let you select components to install as needed.
    3. Click Next, in the next window, it will display the list of components which will be install on the image.
    NVIDIA Software agreement
    NVIDIA Graphics Driver Install Options
    1. Select the check box to Perform a Clean Installation and select Next.
    NVIDIA Graphics Driver Custom Install Options
    1. Wait for the installation to complete and monitor the progress.
    NVIDIA Install in Progress
    1. Select restart now on successful installation of NVIDIA Driver.

      After restarting, the mouse cursor may not track properly using VNC or vSphere console. If so, use Remote Desktop.
    NVIDIA complete
    1. RDP to the virtual machine and verify the device manager configuration.
    2. Upon login to machine you may receive a prompt that NVIDIA license is not present. Ignore the alert for now.
    3. In order to validate the successful installation of the graphics drivers as well as the vGPU device, open Windows Device Manager and expand the Display Adapter section.
    4. It will show NVIDIA GRID M60-8Q adapter.’
    5. New Device NVDIA GRID V100D-8Q, it will show up as this in the display adapters
    NVIDIA License Container
    File menu
    New Device
    1. Shutdown the virtual machine and remove the Shared PCI device added on the master image.
    2. Right click machine, edit settings
    3. Click on the x mark against the Shared PCI device
    4. It will show as device will be removed, click OK.
    5. The recent Task Pane will display the status of completion once the device will be removed. A XenDesktop machine catalog can be safely configured now.
    Recent Task Pane
    1. RDP to the virtual machine, copy the media to C:\Support
    2. Run the AutoSelect.exe file
    3. It will detect the VDA to be installed in Single Session OS by default.
    4. Select the option for VDA in single session OS and click Next.
    1. In the next screen select Create a Master MCS image, click Next.
    2. VDA will be selected by default, click Next.
    CVAD Config
    CVAD Core Components
    1. In the component screen, select the option, Citrix Supportability Tools, Citrix User profile manager and Citrix User profile manager_WMI Plugin. Click Next.
    Citrix Supportability Tools
    1. In the controller’s Tab, select configure later and click Next.
    2. In the Features Tab, select the options- Optimize Performance, use windows Remote Assistance, Enable Real Time Audio Transport for audio and MCS IO, click Next.
    CVAD Features
    1. In the Firewall Tab, leave the default and click Next.
    CVAD Firewall Tab
    1. In the Summary Tab, review the selected configuration and proceed with Install. Click Install.
    CVAD Summary Tab
    1. Uncheck the box and click Next.
    2. Click Finish and Restart the machine, it will reboot.
    3. Login to the machine again to resume the VDA installation process.
    CVAD Diagnostics
    1. RDP to the machine and run Citrix Optimizer against the respective windows OS version template.
    2. Shut down the master image and take snapshot for the virtual machine.
    3. Login to Citrix studio and create machine catalog using the snapshot taken in above step.
    4. Navigate to the Machine Catalog Tab and select create Machine catalog, in the wizard select Next.
    5. In the next screen select Single Session OS and click Next.
    6. Select the options as highlighted and click Next.
    7. Check the option for Machines that are Power Managed
      Check Citrix MCS and select the resources corresponding to Cluster (ESXi Grid Server, where vGPU Cards and driver was configured) and click Next.
    Machine Catalog Setup
    Stuido MCS
    1. Select the options as highlighted and click Next.
    2. In the Master Image, select the Snapshot created for the master image.
    3. Select the minimum functional level for this catalog as 2206 or newer.
    4. In the Network cards tab, keep the VLAN selected and change if needed.
    MCS Desktop
    1. In the Virtual Machines page, select the number of virtual machine and allocate the memory:
      2 Machines with 32 GB RAM
    MCS VMs
    1. Create the Active directory machine accounts for the Desktops
    2. Name the Machine Catalog with Description:
    3. Monitor the Catalog creation process in studio and vcenter.
    1. Assign vGPU profiles as per the requirement
    2. Assign B series profile to the provisioned desktops for allocating Virtual PC
    Manage License
    NVIDIA Control Panel
    1. Assign a series profile to the provisioned desktops for allocating virtual Apps.

    License System User Guide – NVIDIA Docs – Converting Legacy NVIDIA vGPU Software License Servers to NLS License Servers



    License System User Guide – NVIDIA Docs

    Legacy License server is set to EOL by July 2023

    See More Recent Posts:

  • Recap: CUGC West Xchange 2023

    by Donald Wong, CTA & Bay Area CUGC Leader

    The CUGC West Xchange 2023 was held at the famous Computer History Museum located in Mountain View, CA.  We sometimes take for granted that our devices simply work.  This historic venue can take you down memory lane to see how computer technology all got started and to see the legacy left behind by the pioneers of our industry.  Needless to say, what a great location to see the history of computers.

    The event was moderated by Dane Young, Bay Area co-leader and Citrix Technology Professional (CTP), shown here with Kimberly Ruggero, Sr. Manager – Community Strategy & Programs, Citrix at the registration desk.

    Kimberly Ruggero and Dany Young, CUGC West Xchange 2023

    Our 1st session of the morning was a briefing by Pooja Vivekanandan – Citrix Senior Product Manager on What’s new with Citrix Monitoring.  There has a been lot of new development on this topic recently, especially around API integrations and we are glad Pooja was able to share some insights.

    Pooja Vivekanandan, Citrix at CUGC West Xchange 2023

    Knowing how to use data and metrics is one of the foundations to effective troubleshooting.  But it doesn’t stop there, analytics can also help establish patterns and when things don’t behave normally, it’s easier to identify a cause.  If you want to get some hands-on in trying Monitoring and Analytics tech previews, please use the QR codes shown in the next picture.

    Citrix Monitoring Tech Preview setup

    Our event couldn’t be as successful without the support of Citrix and our sponsors.  Our second session was a roundtable with panelists from IGEL, Login VSI, Nutanix, Liquidware, and LG, who gave introductions to their EUC related line of business while engaging in an interactive Q&A with the moderator and audience.  Best comment from a panelist – “Did you know LG manufactures more than just washers, dryers, and TVs?” 

    Sponsor Panel Discussion

    After lunch, we were honored to have Citrix VP of Product Management, Milind Mohile, present about Secure Private Access.

    Milind Mohile, Citrix at CUGC West Xchange 2023

    The use cases where Secure Private Access (SPA) can extend and enhance traditional virtualization scenarios were discussed, including audience questions from SPA users and evaluators of the technologies.

    Finally, the afternoon wrapped up with a presentation from Mathew Varghese, a long time Citrix and Netscaler leader to share the latest brand launch, product and capability updates.

    Matthew Varghese, Citrix at CUGC West Xchange 2023

    Once all the sessions were concluded, the prizes delivered, and the Computer History Museum tour was about to start, the happy hour commenced with all the finest appetizers and refreshments!

    CUGC West Xchange 2023 Happy Hour

    On behalf of all of the CUGC leaders and support staff (Jennifer Gibbons and Stephanie Boozer), thank you to all who were able to attend.  We hope to see you at the next CUGC event.

    CUGC leaders
    CUGC leaders Dane Young, Donald Wong, John Bucud, Jarian Gibson and Mani Kumar.

    Written by…

    Donald Wong – Bay Area CUGC Co-Leader
    Twitter / X: @Dywwong 
    LinkedIn: https://www.linkedin.com/in/the-dwong/
    Citrix Technology Professional (CTP)

    Special thanks for additional contributions made by…

    Dane Young – Bay Area CUGC Co-Leader
    Twitter / X: @youngtech
    LinkedIn: https://linkedin.com/in/youngtech  
    Citrix Technology Professional (CTP)

    More recent posts from CUGC:

  • Configuring NVIDIA vGPU VMs in Azure with Citrix DaaS

    Uddave Jajoo by Uddave Jajoo, CTA & Indianapolis CUGC Leader

    Recently, I started working on a project for one of the customers performing research work in healthcare on molecule studies, who needed them to run CUDA-based applications using High Graphics processing utilizing NVIDIA vGPU Tesla V100 cards.

    I had already worked on a similar requirement previously in an on-prem datacenter. However, this time the requirement was to configure that in Azure with Citrix DaaS. Hence, I decided to implement the solution in Azure using Azure Native VM Family size supporting NVIDIA vGPU enabled cards. Azure already offers N Series VM Family Size supporting vGPU cards, there are several offerings depending on the graphics card OEM.

    Before we deep dive into the setup and configuration for the NVIDIA vGPU enabled workloads in Azure, lets talk about Accelerated computing:

    Accelerated computing is the use of specialized hardware to dramatically speed up work, often with parallel processing that bundles frequently occurring tasks. It offloads demanding work that can bog down CPUs, processors that typically execute tasks in serial fashion. Born in the PC, accelerated computing came of age in supercomputers. It lives today in your smartphone and every cloud service. And now companies of every stripe are adopting it to transform their businesses with data.
    Accelerated computers blend CPUs and other kinds of processors together as equals in an architecture sometimes called heterogeneous computing
    .” –Rick Merritt, What is Accelerated Computing, NVIDIA blogs.

    Let’s walk through the below configuration steps on how to deploy and configure the VDAs to utilize vGPU enabled VMs in Azure:

    • Requirements
    • Configuring Cloud License Server
    • Install Driver on Master Image in Azure
    • Provision Catalog and Create VDIs
    • Configure Licensing on Client VDIs
    • Identify the VM Family Size supporting NVIDIA vGPU Tesla cards – NCv3 Series
    • Identify the supported Driver version – NVIDIA supported Tesla Drivers
    • Windows 10 Client OS 22H2
    • Citrix VDA Agent 2305
    • New Cloud License Server appliance
    • Firewall requirements to enable communication with Cloud license server

    Legacy License server is set to EOL by July 2023. Hence, NVIDIA offers two different methods for provisioning license server. (DLS) On Premise and Cloud(CLS). In this blog, I am going to cover how to setup a CLS-based license server. Steps are very simple and described properly in the NVIDIA documentation as well.

    NVIDIA vGPU Azure Citrix DaaS

    1. Login to NVIDIA Licensing Portal to create the new CLS based license server.
    2. In the Dashboard, click on License Servers and select Create Server.

    NVIDIA vGPU Azure Citrix DaaS

    3. In the next screen, provide details for the license server creation.
    4. In Step 1, Enter the details as below:

    Description – This is a cloud license Server

    NVIDIA vGPU Azure Citrix DaaS

    5. In Step 2 Features, select the available features based on the purchase of licenses.
    6. Select NVIDIA virtual PC and NVIDIA Virtual Applications and enter the amount of license that needs to be added.
    Example: I have just added 1 license for each.

    NVIDIA Environment

    7. In Step 3 Environment, select the option CLOUD (CLS).
    8. Select Express Installation.


    9. In Step 4 Configuration, select Standard configuration, which will configure all the default settings for Cloud License Server.

    Server summary

    10. Review the summary and click Create Server.

    Create Server

    11. Wait for Cloud License Server to be created in the console and verify the required license configuration exists.

    License server enabled

    12. Verify the License server is created successfully.

    Config client

    13. Click on Actions and select Generate Client Config Token.
    14. Navigate to Settings to modify Lease Duration settings if needed.

    By default the lease time is 24 hours and upon expiration of lease time the client will acquire another license from the Cloud License server instance. It’s an automatic process that handles the licensing by communicating with the URL over port 443.

    api.cls.licensing.nvidia.com –
    Licensing operations, namely, the borrowing, renewal, and return of a license.
    Licensed client authentication

    api.licensing.nvidia.com –
    License return from a Windows licensed client that has not been shut down cleanly

    For the image to be created in Azure, first you need to finalize the VM Family size to go with it. This depends on multiple factors like supported driver version, supported vGPU cards, acquired licenses for vGPU cards. In my scenario, the customer already purchased the license for NVIDIA Tesla V100 vGPU Cards and in Azure NCv3 is the VM Family size that offers Tesla V100 vGPU card.

    The NCv3-series is focused on high-performance computing and AI workloads featuring NVIDIA’s Tesla V100 GPU

    Important Note: Please identify the discount with MS account rep before selecting any specific VM Family size, always prefer to go with Reserved Instances + Savings Plan to save cost by 80% from normal Pay-as-you-go pricing.


    1. Create a new Native Azure VM, by selecting NC6s_v3 as VM Family Size in Azure portal.

    Why do we need to create new VM in Azure?
    So that you can bind the catalog to the respective VM family size and select the required machine profile pointing to master image.

    VM Azure

    2. Login to the Azure Image using the local administrator account.
    3. Login to the Licensing portal and download the latest vGPU package including the guest drivers.

    LIcensing portal

    4. I preferred to go with the latest version – 16.1, released on Aug 29, 2023

    Note: You could also install driver using Azure VM Extensions, but there seems to be an issue with how binaries are pushed from Azure, some folder structure within the C:\ProgramFiles\NVIDIA Corporation\ seems to be missing post installation of the drivers.

    Program files

    5. Post download of the binaries from the portal, copy the zip folder to C:\Support
    6. Right click on the exe file and select Run As Administrator.
    7. Let the binaries extract to the local folder as displayed.

    License agreement

    8. In the System Check window make sure there are not computability errors. If yes, then restart the VM and proceed with the installation again.
    9. Under license agreement, select Agree and Continue to proceed further with the installation.

    graphics driver

    10. Under Installation options, select Custom(Advanced) to proceed with the clean install for drivers on the operating system. Click Next.

    custom installation options

    11. In the custom installation options, check the box for perform a clean installation. Click Next.

    NVIDIA installer

    12. Monitor the installation process and wait for the drivers to successfully install.
    13. Once installation has finished and status shows installed, click Close.

    14. Post Driver installation, create below registry key on location in the master image:

    Create FeatureType DWORD,
    Set Value2

    Reference: Client Licensing User Guide :: NVIDIA Virtual GPU Software Documentation

    Note: Do not download and copy the client configuration file token on the master image to avoid license consumption.

    Physical GPUs only: 
    Add the FeatureType DWord (REG_DWORD) registry value to the Windows registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvlddmkm\Global\GridLicensing.

    Note: If you’re licensing an NVIDIA vGPU, the FeatureType DWord (REG_DWORD) registry value is not required. 

    NVIDIA vGPU software automatically selects the correct type of license based on the vGPU type.
    If you are upgrading an existing driver, this value is already set. You can also perform this step from NVIDIA Control Panel.

    Set this value to the feature type of a GPU in pass-through mode or a bare-metal deployment:
    0: NVIDIA Virtual Applications
    2: NVIDIA RTX Virtual Workstation

    Limitation of Azure VM Extension
    Please do not utilize Azure VM Extension for Driver install on the native master image in Azure, as this does not properly configure drivers and misses some configuration folders in the System Drive with respect to NVIDIA corporation. I have already submitted the case with NVIDIA and provided feedback to Microsoft as well to adjust the binaries on Azure backend, so that with VM extension feature, proper version of drivers could be installed directly on the client VDIs.

    This will avoid hassle for admins to install the drivers directly on the image. However, my preferred way would be to install the drivers locally on the image, so all the subsequent newly provisioned VDIs will get the latest version installed on the VDIs.

    Reference: https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/hpccompute-gpu-windows

    Follow the process below to provision catalog and VDIs:

    1. Shutdown the master image in Azure.
    2. Login to Azure portal to Create Snapshot from the Native Azure Image.
    3. Login to Citrix DAAS console, navigate to the Machine Catalogs.
    4. Create a machine catalog by pointing to the respective snapshot and machine profile for the Azure Image.
    5. Follow through the catalog creation process, review the summary and monitor the VDI deployments.

    In this section, I walk through how to configure the license on the client VDIs to communicate successfully with the CLS (Cloud License Server). Ensure to have communication out to internet allowed over 443.

    Step 1 – Add the registry Key for FeatureType on the client VDIs. Open PowerShell as administrator and run the following command:

    New-ItemProperty -Path “HKLM:\System\CurrentControlSet\Services\nvlddmkm\Global\GridLicensing” -type DWORD -Name FeatureType -value “2”

    configure licensing

    Step 2 – Download the configuration token file from NVIDIA Licensing Portal and copy it to the default location:  %SystemDrive%:\Program Files\NVIDIA Corporation\vGPU Licensing\ClientConfigToken folder

    token file

    Step 3 – Restart the NvDisplayContainer service.

    Step 4 – On the client machine you will notice a notification stating that Acquiring NVIDIA License RTX Virtual Workstation, depending on the OS, immediately followed by the notification NVIDIA License acquired.

    NVIDIA container

    All the above Step 1 – Step 3 could be easily scripted and triggered remotely on the newly provisioned VDIs, either by running Script Based Action Triggers using ControlUp or Scripted Tasks using WEM.

    Note: Log location for NVIDIA licensing: This could help in troubleshooting issues related to the license acquiring process.

    NVIDIA logging

    From Start menu open NVIDIA Control Panel and select Manage License under Licensing, it will display the licensing status.

    manage license

    License System User Guide – NVIDIA Docs
    Azure VM sizes – GPU – Azure Virtual Machines | Microsoft Learn
    NCv3-series – Azure Virtual Machines | Microsoft Learn
    NVIDIA Virtual GPU Software License Server End of Life Notice (August 31, 2022) :: NVIDIA Virtual GPU Software News and Updates
    Client Licensing User Guide :: NVIDIA Virtual GPU Software Documentation
    NVIDIA GPU Driver Extension – Azure Windows VMs – Azure Virtual Machines | Microsoft Learn

    Latest CUGC blogs:

  • Webinar Wrap-up: Citrix Best Practices & Use Cases – Linux DaaS and VDI

    by Stephanie Boozer, CUGC HQ

    Allen Furmanski, Citrix Director of Product Management, and Terry Hou, Citrix Lead Product Manager, shared use cases, best practices, cost savings, features and more with Linux DaaS and Citrix VDI. They were joined by Citrix Software Engineer Zhen Fan and Site Director Johnny Zheng. CTP James Rankin moderated the Q&A discussion.

    Q: What about profile solutions like FSLogix?
    A: In Linux, we can leverage the remote home folder mount during the session launch to mimic the profile management like FSlogix or Citrix Profile management solutions.

    Q: Is there going to be more support for newer versions of xorg?
    Yes, we support what the OS distro defaults built-in for RHEL 8/9, Rocky 8/9, Ubuntu 20.04, 22.04, etc.

    Q: Is there any best practice guide for how to manage a non persistent machine on how to manage the User Profiles? So how would I mount the correct NFS share for each user?
    Here is a KB article for user profile roam through NFS at https://support.citrix.com/article/CTX231898/how-to-roam-linux-user-profile-through-network-file-system.

    Q: Any support for AMD GPUs for virtualization in Linux VDA?
    AMD GPU is supported through xdamage mode in Linux VDA which is a non-vGPU solution.

    Q: As per Slide 12 – how do you get the fps inside the LVDI session ?
    That is a web page with 3D rendered which offers the fps the web page generated.

    Q: Can we do multi-Session on Linux?
    Yes, we can do multi-session on Linux for publish apps or desktops.

    Q: What are the resource requirements min for research data science tools?
    That would depend entirely on the application, I would think

    Q: If we allow users to SSH / https to Linux VDAs doeas that count against concurrent usage?
    I don’t think the ssh session will consume the citrix license.

    Q: I don’t think it will be same as Windows, as Windows required more than Linux.
    Agree, but it would again depend on what the vendor stipulates as the minimum requirements on Linux.

    Q: Are Ubuntu variants/spins supported? Kubuntu, etc.?
    Ubuntu+KDE is worth a try. Some of the destop environments are supported, https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/system-requirements#supported-linux-distributions-xorg-versions-and-desktop-environments

    Q: Do you have some more information on how we could leverage the Active Directory Integration with ADSys starting with Ubuntu 22.04?
    More details can be found https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/system-requirements#active-directory-integration-packages

    Q: Is there anyway we can get Linux Session performance analysis like ICA Network Latency / RTT, Frames etc.?
    Yes, https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/configure/administration/tools-and-utilities, and https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/configure/administration/linux-vm-and-linux-session-metrics

    Q: Is there a AV exclusions recommendation for Linux?
    As LVDA is running in application level instead of kernel level, generally there are no AV exclusion recommendation as Windows VDA has.

    Q: How many can join a screen sharing with HDX?
    : By default is 10, but you can extend it mentioned at https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/configure/graphics/hdx-screen-sharing.html

    Q: Can you pls share all the command that was on last page?
    More details at https://docs.citrix.com/en-us/linux-virtual-delivery-agent/current-release/configure/administration/tools-and-utilities.html

    Q: Is there support for deploy image from app layering ?
    No app layering support for Linux

    Q: XDPing requires a Python 3.6 which is installed but XDping still fails to install asking for Python still. Is there an alternative option for XDPing to get the VDA configuration?
    It requires a python virtual env, any luck to try this

    Q: Where is the best place to get hands on support for Linux to test stuff in our lab?
    Best to connect through citrix support or your citrix TAM.

    Q: Any documentation from Citrix which shows how LVDA is a priority for Citrix since in the past it has never been a priority?
    LinuxVDA is a priority for years, you can find it from https://www.citrix.com/solutions/vdi-and-daas/linux-virtual-desktop.html

    Q: Is there any Citrix forum for Linux?
    : Yes, here is it https://discussions.citrix.com/forum/1561-linux-virtual-desktop/

    Have more questions about the session or want to discuss it with other Citrix users? Join the CUGC Slack and/or Discord channels and jump into the conversations!

    Are you a member of CUGC? Join free today and stay up to date on all things Citrix!

    More from the CUGC blogs:

  • Cisco Webex Install in Citrix Virtual Desktops

    by Ray Davis, CTA, Jacksonville CUGC Leader

    I have written blogs about how to run Zoom and how to optimize Teams in a Citrix Environment. This blog will highlight the necessary components that are needed to run Webex within Citrix Virtual Desktops environments.

    Many organizations run Webex and at times, if not setup correctly, your users will notice issues with screensharing, voice jitter and even Webex trying to auto update itself in a non-persistent. We all understand that there are many optimizations at times that go into any VDI solution that isn’t just Citrix related. It could be AVD, Horizon, Citrix, Frame and good old RDSH/TS. I wanted to ensure that the audience understands it’s not a Citrix related requirement, but how VDI works inside the hardware layer.

    I have been writing the quick guide for some time now and using it for clients. I wanted to share it out with the community to help close the gaps. Webex releases updates every two months. At the time of writing this, I was using 42.12 and I noticed they are on 43.4 now. This is a high level blog that will help you in your direction of Installing Webex in a Citrix VDI environment.

    There needs to be a Webex VDI installer in the Citrix VDI (VDA) machines. The installer requires the VDI parameters I have listed below. It tells the Citrix VDI devices that it’s a VDI install.

    A Webex App VDI plugin and a Webex Meeting VDI plugin will also need to be installed on local clients such as laptops, desktops, etc. The Webex VDI plugin and Webex Meeting VDI plugin will talk to the VDI backend with the VDI installer and optimize the call quality through the Citrix ICA virtual channels. Webex App VDI fallback mode offers short-term support for basic audio and video calls when VDI can’t establish the virtual channel. By default, Webex App on the HVD checks for version compatibility with the Webex VDI plugin on the thin client.

    The plugin version should not be more than 3 bi-monthly releases behind the Webex App. For example, if Webex App on the HVD is version 43.4 (April 2023), then the following plugin versions are compatible:

    • Fallback mode supports standard calls and call recording.
    • The full feature set isn’t supported.
    • Call quality is lower because of the server or network issues that cause the switch to fallback mode but remember that when users either don’t use the VDI optimized solution or are in fall back mode, HD video is disabled and Webex App shows a notification that you may see a media quality issue. At times users use VDI in unoptimized or fallback mode.
    • Their camera or headset may not work, and they may experience poor media quality.
    • More on Fallback mode and the details.
     Command or ActionPurpose
    Step 1Configure one of the following types of Hosted Virtual Desktop:

    Configure hosted virtual desktop and install Webex App

    Configure Azure Virtual Desktop for the Webex App
    To prepare for your users wanting to access the Webex App remotely from thin client devices, set up the Webex App on the centralized hosted virtual desktop (HVD) environment.
    Step 2Configure VDI optimization for Webex App in Control HubIn Control Hub, you can use an organization-level setting to either enable or disable VDI optimization and detection for your Webex App users. By default, the setting is enabled.
    Step 3Install the Webex App VDI plugin on thin client machines for the following platforms:

    WindowsInstall the Webex App VDI plugin on Windows thin client systems

    LinuxInstall the Webex App VDI plugin on Linux thin client systems

    macOSInstall the Webex App VDI plugin on macOS thin client systems
    After Webex App is installed on your central HVD environment, you next get your users to install a Webex App VDI plugin on their thin client devices. Thin clients are typically lightweight or repurposed computers that users use to establish a remote connection with a centralized HVD server where Webex App is hosted. The thin client plugins for supported platforms are available at https://www.webex.com/downloads/teams-vdi.html.
    Step 4(OptionalInstall Webex Meetings VDI plugin on thin client systems(Optional) For full featured meetings with the Webex App, you or your users must install two separate VDI plugins on a thin client. In addition to the Webex App VDI plugin already installed in the previous step, you must also install the Webex Meetings VDI plugin on the same machine. (You only need to install the Webex App on the virtual desktop.)
    1. Webex has two VDI plugins that you need to install on the clients, then the Webex HVD installer on the VDI itself. 
      • Webex VDI plugin.
      • Webex meeting VDI plugin.
    1. How I install the Webex VDI plugin
    1. Automated removal and install
      • In VDI I use the Cisco Webex Removal Tool. Upgrades in the past have broken Webex in VDI with the virtual channel.
      • ##Remove Previous Version of Webex###
      • C:\Users\Admin\Desktop\\CiscoWebexRemoveTool.exe /s
      • timeout 30
      • ##Installs new version###
      • msiexec /i webexapp.msi /qn ALLUSERS=1 ENABLEVDI=2 AUTOUPGRADEENABLED=0 ROAMINGENABLED=1 /log install.log
        timeout 300
    1. If you wanted to remove the ICON on the desktop-Not needed unless the environment calls for it.
      • ::## Removes the Icon on public desktop##
      • del “C:\Users\Public\Desktop\Cisco Webex Meetings.lnk”
    1. Webex VDI install on Citrix and Webex App VDI plugin/Webex meeting plugin on local clients = HDX audio/Video optimized quality
    2. High Level flow
    Webex in Citrix Virtual Desktops

    Webex VDI plugin

    1. Prepare Your Environment for Webex for VDI
    1. Deployment guide for Webex App for Virtual Desktop Infrastructure (VDI)
    1. Admin Guide
    1. Video that goes into it very well from a VDI aspect
      • (166) Webex App for VDI Overview – YouTube
      • Example of the Installer on the VDI devices. This puts Webex in a VDI mode that knows it is Citrix and uses the client’s plugin through the HDX ICA virtual channel.
      • msiexec /i webexapp.msi /qn ALLUSERS=1 ENABLEVDI=2 AUTOUPGRADEENABLED=0 ROAMINGENABLED=1 /log install.log
    1. Switches
    Webex in Citrix Virtual Desktops
    1. Webex Downloads
    Webex in Citrix Virtual Desktops
    1. Webex meetings VDI plugin (the second plugin that is needed on the clients as well)
    1. How to confirm VDI is set
      • After the install or upgrade, you can check to back sure WebEx is in “VDI” mode.


    Webex in Citrix Virtual Desktops
    1. New ICA virtual Channel Security
      • Put in ICA Virtual channels in Citrix Studio Policy. This will allow you to use the ICA virtual channels Webex made to hook into Citrix and offload the audio/Video, AKA out of band audio/video.
    Webex in Citrix Virtual Desktops
    1. How to verify WebEx is optimized
      • While in a meeting
    Webex in Citrix Virtual Desktops
    1. That’s a good status with the VDI plugin enabled and working. If it’s not optimized, there will be an error in Health Status mentioning VDI.
      • Two different Health Checkers – this screenshot is from the Webex app.
    Webex in Citrix Virtual Desktops
    Webex in Citrix Virtual Desktops

    The below screenshot is from within a meeting:

    Webex in Citrix Virtual Desktops
    1. Troubleshooting Logs
      • If you need to Troubleshoot WebEx and ICA virtual channel. The Log location is below.
      • UPM/Roaming: C:\users\%username%\Appdata\Local\Temp\WebExMeetingLogs
      • FSLogix: C:\users\local_%username%\Appdata\Local\Temp\WebExMeetingLogs
    Webex in Citrix Virtual Desktops
    Webex in Citrix Virtual Desktops