Home

  • CUGC XL Texas 2023: A Day at the Zoo

    by Scott Banewski, Houston CUGC Leader

    In case you missed it, there was a great CUGC XL event in Houston on February 23rd.  The CUGC groups from Houston, Dallas/Fort Worth and Austin all met at the Houston Zoo and learned about how toilets work in space!  Well, honestly, that wasn’t the only reason we met, but if you missed the speech from retired astronaut Clayton Anderson on his journey to space, it was incredible.  Of course, we also learned a lot about Citrix, security, how NetScaler is back, and we got to see demos from some great sponsors.  

    CUGC XL Texas - Clayton Anderson
    Retired astronaut Clayton Anderson at CUGC XL Texas. “Never a Commander, Always a Leader.”

    The event started with Clayton sharing stories about his long list of rejections on trying to join the Space Shuttle program and how he never gave up.  He continued toward his goal, was eventually accepted, and did indeed fly on the Space Shuttle and visited the International Space Station. 

    Clayton spoke of his journey to become an astronaut, the training involved, and how not to get discouraged if something does not work out the way you expected it the first time. This connected with a lot of the attendees … NetScaler firmware upgrade anyone??  Even if the expected outcome was not what you had planned for, do not give up, you just keep going, you must adapt and overcome. His determination and positive attitude helped him fulfill his dream and set a great example that can be used in everyday life. He told stories of floating in space, looking down at Earth from the ISS…oh, and in case you didn’t know, they wear diapers when they launch on the Shuttle. 

    CUGC XL Texas Panel Discussion
    CUGC XL Texas Panel Discussion hosted by Alchemy.

    We had a panel discussion provided by Alchemy about CVAD, NetScaler and how hybrid cloud is a topic people are asking about. The panel had some great audience participation with thoughtful questions on how the cloud and hybrid CVAD environments are becoming the next “go-to.” 

    CUGC XL Texas - Jake Rutski, NetScaler
    CUGC XL Texas – Jake Rutski, NetScaler

    Next up was Jacob Rutski and the topic everyone was excited about, NetScaler is back!  Jacob talked to us about new features in NetScaler, including some that people may not even know are included with their licenses. He shared some best practices, how certificates are not your enemy, and how ADC is not a bad word.

    CUGC XL Texas - Patrick Coble
    CUGC XL Texas – Patrick Coble talks Security.

    After a delicious lunch, we had a presentation from CTP and security expert Patrick Coble. If you have never heard Patrick talk or read any of his blogs, do yourself a favor and Google him, you can thank me later.  He talked about how we all have a “Swiss army knife” to help secure our CVAD and NetScaler environments. He explained what two-factor is and why you should use it, not to use the NetScaler nsroot account, and what happens to a VDI when you put too many tools on the image. 

    CUGC XL Texas - Scott Lane
    CUGC XL Texas – Scott Lane sharing Citrix updates.

    Finishing up the XL event was Scott Lane who spoke of the latest and greatest from Citrix. He delivered a “State of Citrix” update and the DaaS model from Citrix. A lot has happened at Citrix so far this year, but it was good to have a person explain what was going on and that there are new innovations coming soon with Citrix products. 

    This was an XL event to be remembered, great topics and an incredible location.  A big thank you to our speakers and sponsors to make this event what it was, without them it would not have been possible.

    Miss the event? We have more XL and Xchange events on the horizon – check out our calendar!

  • Configure NetScaler ADM Service with VPX On-Premises

    by Ray Davis, CTA & Jacksonville CUGC Leader

    Summary

    I wanted to sync my NetScaler up with the ADM service, and I have personally never done this before with the ADM service. I have done this many times with an on-prem ADM setup. I figured I would make a quick blog on how to do this. It doesn’t look complicated, and sharing it with the community would be good. Note: I have set this up in a lab, and it’s not running in a live production setup. The steps will be the same but around your company’s policies and security guidelines.

    Citrix ADM Agent, the virtual appliance, is available for XenServer, VMWare ESX, Microsoft Hyper-V and Linus KVM. Nutanix AHV is based on KVM. Running the ADM Agent on AHV seems possible to me. I overlooked that KVM works on AHV. Not sure why, as I now have a couple of NetScalers running on the AHV lab. Jarian Gibson reminded me of that. Thanks, man.

    Let’s get started.

    Open the required ports for communications between Citrix ADC instances and Citrix ADM agent or Citrix SD-WAN instances and Citrix ADM agent.

    Support Ports

    ADM Agents

    Log into your Citrix cloud account, navigate to the “Application Delivery Management” tile, and click Manage.

    ADM Tile

    Select “Get Started”

    ADM Get Started

    Select “Custom deployment”

    Custom Deployment

    The VPX is on-premises.

    Deployment Environment
    Select App Type
    Enable ADC Instance Communication with ADM

    Extract the MAS-Agent-KVM.tgz file.

    MAS agent extraction

    It will then output a MAS-Agent-KVM.tar.

    MAS Agent output

    Now Extract that to get the “MASAGENT-KVM-13.1-36.23.qcow2”

    Extract

    I am doing this on AHV, which will not cover other hypervisors.

    Now, hit the Gear sign in the top right side.

    Click Image configuration, and upload the Image.

    NTX Cluster

    Browse.

    Create Image

    KVM is now uploaded.

    ADM Agent

    Create a new VM. On the Disk area, click the plus sign and select. Add a disk by cloning from Image Services and selecting your uploaded disk image. Add your NIC for whatever VLAN you use. I have two cores and two sockets, with 4GB of RAM.

    Add Disk

    Now, I remember when I did this for the VPX, I had to run a command to make it bootable.

    • acli vm.serial_port_create <VM Name> type=kServer index=0
    • acli vm.serial_port_create ADMAgent type=kServer index=0

    Putty into the CVM, then paste this:

    • acli vm.serial_port_create ADMAgent type=kServer index=0
    CVM

    Now boot it up, connect with the console from AHV(Prism Element).

    Booting

    At the login, enter the default login.

    • nsrecover and nsroot

    Once logged in, run the networkconfig command.

    The menu is straightforward. Please enter all the information to get it configured and on the network.

    ADM Agent on Network

    Navigate to mps directory.

    Run the deployment_type.py

    It will output the Service URL and activation code.

    MPS Directory
    MPS Directory

    Enter the Service URL and Activation Code from the ADM Service wizard. It will display under “select the type of  HyperVisor”

    Setup Agent

    Now go back and click register Agent after completing the CLI part. The ADM Agent will reboot. Please give it about 5 minutes to reboot and come online.

    ADC communication

    You will notice your Agent IP address will appear.

    ADC Communication

    Enable communication by adding the NetScaler Information.

    ADC host name

    Under the authentication profile, click edit. The page will be directed to another area to configure the credentials.

    instance authentication profile

    Input your information accordingly to your environment.

    create profile

    Note: I had to create another profile so the ADM could talk to this. It did not like the default one, which makes sense to me.

    select profile
    connecting
    adding instances
    finish

    As you can see, it is now two within the ADM service.

    ADM service

    Adding another NetScaler will be a bit simpler.

    Have more NetScalers to add? Navigate to Infrastructure > Citrix ADC > Add

    add more NetScalers
    ADC VPX
    Agents
    Add Citrix ADC VPX
    Modify device config
    ADC Instances

    As you can see, the firmware is different. Let’s fix that.

    Firmware mismatch
    Infrastructure menu

    Click on “Create Job.”

    Upgrade Jobs - create
    Create maintenance job
    upgrade citrix adc
    ADM upgrade ADC
    ADC images
    ADC software image select
    validation in progress
    pre-upgrade validation
    custom scripts
    schedule task
    create job

    It will take you back to the “upgrade jobs” page.

    upgrade jobs list

    If you want to see what it is doing, click on the circle and click Execution Summary.

    upgrade jobs check status
    execution summary

    You will see the progress of what is happening. You don’t need to watch it unless you are curious. I set up an email profile to send a report once completed. Note: This is a lab. However, this has been done in a production environment and works well.

    execution history
    execution history
    command log
    command log
    command log

    The code is now the same.

    firmware now the same

    After some time, I let the VPX instance bake. I did this because I wanted to show the neat feature of ADM service for CVEs.

    Navigate to > Infrastructure> Instance Advisory>Security Advisory. As you can see below, it picked up that the current VPX I have needs to be patched based on the Low CVE it is reporting on.

    security advisory

    It gives you information on the CVEs.

    current cves
    cve repository

    Another cool feature, it shows you the EOL on different NetScaler builds.

    upgrade advisory

    That concludes the setup for now. I hope you enjoyed it.

  • Tips for Choosing a Citrix Channel Partner

    by Steve Elgan, CTA, Omaha CUGC Leader, CUGC Steering Committee

    You may have read about the changes Citrix has made which will impact how customers purchase products and get support. I’m not going into detail on that in this blog. My understanding is that only named enterprise accounts will work with Citrix directly. All other customers will need to choose a Citrix partner with whom to work.  I want to focus on some suggestions for finding and selecting a Citrix channel partner.  

    As IT Director, I’m responsible for all IT procurement and vendor relationship management. I have worked with many partners for many products. You may be in a situation where you must work with a Citrix partner for the first time. It can be overwhelming as there are so many to choose from. Below is my preferred approach: 

    1. Start Locally 
      Look for partners with a local presence if possible. 
    1. Look for Integrity 
      Look for partners with integrity who don’t use pushy or dishonest sales tactics or try to buy your business with a fancy lunch. 
    1. Technical Competence 
      Choose partners with technical competence, and make sure their brightest technical people are involved in your initial meetings. 
    1. Community Involvement 
      Look for partners who are involved in the myCUGC community. Sales Engineers or other technical staff involved in the community are usually the best. Additionally, partners who have CTPs or CTAs on staff means they take community contributions and information sharing seriously. 
    1. Relationship Building 
      Choose partners who want to develop long-term relationships based on trust and mutual respect, and who retain their staff. 
    1. Hassle Factor 
      Look for partners who make it easy to do business with them, especially during the renewal and price negotiation processes. 

    These suggestions are a great starting place for evaluating a partner. If you have other good ideas, I invite you to comment on this blog so that other readers can benefit.  

    Are you a member of CUGC? Join free today!

  • Celebrating International Women’s Day

    by Esther Barthel, CUGC Women In Tech Leader, CTP

    When I was reflecting a few weeks ago on everything we have achieved with the CUGC Women In Tech mentorship program, I made the mistake of only looking at the number of women who have participated so far in the Citrix Technology Professionals (CTP) program over the past ten years. If you only look at those numbers, you can’t help but conclude that we (as a community) have made little to no progress when it comes to being more inclusive and diverse.

    In 2015, I was part of the first Diversity & Inclusion change in the CTP program. For the first time in the program’s history, four women joined the award program, consisting of 50 Citrix specialists worldwide that share their knowledge with the community and provide feedback to Citrix’s product managers with great passion. Now, in 2023, the CTP program consists of 63 people, including three women.

    In eight years’ time, the percentage of women in the program dropped from 8 down to 4.76. I think you can imagine that realization did not fill me with much joy. And it did make me question whether all that energy and passion to be a role model and work put into getting Diversity & Inclusion on the agenda in recent years was worth it.

    International Women’s Day (March 8) is a global day celebrating the social, economic, cultural, and political achievements of women. The day also marks a call to action for accelerating women’s equality.

    IWD has occurred for well over a century, with the first IWD gathering in 1911 supported by over a million people. Today, IWD belongs to all groups collectively everywhere. IWD is not country, group or organization specific. #IWD2023 #EmbraceEquity

    https://www.internationalwomensday.com/

    After doing some soul searching over the past few weeks, I have to admit I have not always been good at promoting all the work I have accomplished promoting women in tech. So what better day than today to change that? Let’s use this International Women’s Day to take the opportunity to reflect on some of those achievements.

    Today I will celebrate and thank all the Women in Tech for their contributions and the successes we have achieved with the CUGC Women in Tech mentorship program.

    The CUGC Women in Tech mentorship program was launched in 2016 in collaboration with the Citrix User Group Community (CUGC) and Citrix Technology Professionals (CTPs) Theresa Miller, Jo Harder, and myself, so that we could be the female role models we missed in our own tech careers.

    The mentorship program provides a network where women can share experiences in this tech workfield, encourage each other to be visible and heard, and have conversations with men about increasing diversity and inclusion in our daily work environments.

    So THANK YOU to all the mentors that helped shape the Women in Tech mentorship program:

    • Theresa Miller
    • Jo Harder
    • Jen Sheerin
    • Jackie Sanchez
    • Renee Reighard
    • Sarah Vogt
    • Heather Meyer
    • Tiffany Renrick
    • Jane Cassell
    • Cathleen Leik
    • Gaby Grau

    And in particular our allies who persistently kept asking me how they could help and have enthusiastically joined the mentor team to support more women in tech:

    • Jim Moyle
    • Mike Nelson
    • Neil Spellings
    Esther Barthel, Eva Helén, Mike Nelson, Jim Moyle & Neil Spellings discuss how men can be allies for women in tech.

    And to those who became personal allies and sponsors during the IGEL DISRUPT23 Women in Tech panel discussion:

    • Jed Ayres
    • Christian Reilly
    Women In Tech Session at IGEL Disrupt 23 Munich
    Gaby Grau, Britta Loew, Jed Ayres, Esther Barthel & Christian Reilly at IGEL DISRUPT23 Munich.

    Additionally, I would like to thank Eva Helén who made me aware of the many allies and sponsors that do offer help and who have challenged me to keep the conversation going with the men too. I feel blessed being mentored by you!

    I would also like to thank CUGC’s Stephanie Boozer for the enthusiasm with which she supports the program and continues to brainstorm with me to explore new initiatives and add new activities to the program. You are the best partner in crime I can ask for on this adventure!

    As mentioned earlier, I haven’t always been good at promoting the mentorship program and making the program’s impact visible. Today, I would like to change that and reflect on a few special moments from the past seven years.

    My first mentee will always be special. Not only because I learned a lot from her, but mainly because of the friendship that quickly developed and still allows me to enjoy her growth and adventures in the Citrix community every day. It’s super cool to see someone grow not only professionally, but also in the active contributions they make to the community, as she is now the VP of one of the coolest Citrix User Groups.

    Another special moment is adding special activities to the program, by organizing themed sessions during Citrix Synergy to create more awareness and address topics like unconscious bias. Or even the thematic webinars we were able to organize together with CUGC, which are still available on YouTube (https://youtube.com/playlist?list=PLR5MnudZYab1-xdrYyaNzpTBhrFwWJLPc).

    But what makes me the most proud are the mentees and mentors who stepped out of their comfort zones and actively contribute to our community through various award programs and local user groups.

    And last but not least one more shout out to all the women that reached out to me personally. Your encouraging words, positive feedback and enthusiasm to get connected warms my heart and boosts my energy and enthusiasm to keep improving the program, reach out to more women in tech and be that vocal role model to others.

    Today I am super excited about the future as I can see beyond sheer numbers, and see more women in tech being visible, finding allies and sponsors, building stronger networks and offering each other help

    Today I celebrate YOU, your accomplishments and our shared passion for technology.

    Let’s start many more geeky adventures together!

  • Install-Language Breaks Citrix HDX Teams Optimization on Azure Windows 10 Multi-User

    by Marco Hofmann, CTA

    While building a Citrix DaaS Standard for Azure environment, we made use of the new Install-Language PowerShell command. Sadly, this broke the Citrix HDX Teams optimization. In this article, I show you how to work around this issue.

    HDX Error

    Install-Language…

    During this project, we decided to build our Citrix Master images through Packer of Microsoft marketplace images. These images are en-US only, and the administrator has to provide a language pack as needed. For this use-case, Microsoft has introduced a new PowerShell command in the latest builds of Windows 10 and Windows 11 multi-user: Install-Language

    This command replaces everything from the past and can be used as a simple one-liner during your master image build process:

    Install-Language -Language de-DE -CopyToSettings

    …breaks the OS

    But as far as we know, this is currently bugged. As Patrick van den Born discovered, Windows is not reachable anymore if you reboot the operating system after the mentioned command. In his blog post, he discovered a workaround to fix this issue. If you trigger a complete Windows update run directly after the installation of the language pack, the issue can be circumvented. To solve that issue, my Packer HCL currently looks like this:

    Packer 010 Language

    Teams HDX services won’t start

    As we are now once again able to complete a Packer master image build process, I was able to connect to my Citrix DaaS deployment and check out the image quality. I then soon noticed that the Microsoft Teams HDX optimization wasn’t working. With the help of Balint Oberrauch I discovered that four Citrix Services weren’t starting:

    1. Citrix HDX Browser Redirection Service (CtxBrowserSvc)
    2. Citrix HDX Teams Redirection Service (CtxTeamsSvc)
    3. Citrix HDX Port Forwarding Service (CtxPortFwdSvc)
    4. Citrix HDX MediaStream Service (CtxRaveSvc)

    During the investigation of the problem I created Citrix Case #81670738 which led me to: When installing VDA 7 1906.2 to a Windows server with Danish language pack some services fail to start due to login issues. (citrix.com)

    I took me a while to understand how that old CTXKB was linked to my issue, but as it turned out, this is still relevant with VDA 2212 on Azure in 2023, as the VDA still seems to have issues with language packs. And as all Azure marketplace images are en-US and Microsoft helps us out with the new and easy to use Install-Language PowerShell command, I expect this to become a real issue in the future.

    Solution

    The underlying issue seems to be that these services have a wrong logon name set in the registry, when a language pack is installed. After a bit of testing, comparing and a few reboots, I found a logon name combination that works reliable on a de-DE master image build:

    CtxBrowserSvcLocalSystem
    CtxTeamsSvcLocalSystem
    CtxPortFwdSvcNT Authority\LocalService
    CtxRaveSvcNT Authority\LocalService

    To automate these fixes for my Packer deployment, I added the following commands to my Citrix VDA 2212 PowerShell script:

    Write-Host "##[command]Fix service logon names"

    Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\CtxBrowserSvc' -Name 'ObjectName' -Value 'LocalSystem' -Type String -Force

    Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\CtxTeamsSvc' -Name 'ObjectName' -Value 'LocalSystem' -Type String -Force

    Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\CtxPortFwdSvc' -Name 'ObjectName' -Value 'NT Authority\LocalService' -Type String -Force

    Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\CtxRaveSvc' -Name 'ObjectName' -Value 'NT Authority\LocalService' -Type String -Force

    Now with the tip from Patrick and the fix to the service logon names, the Packer build process creates a Windows 10 Multi-User master image, with a de-DE language pack and working Citrix HDX Teams optimization.

    Marco is an IT-System administrator and IT-Consultant with 10+ years experience. He is specialized in the delivery of virtual Apps and Desktops with Citrix solutions. In 2017 he was awarded Citrix Technology Advocate by Citrix for his community work. His second core area is availability & performance monitoring with Zabbix, a leading open-source solution. His employer is the German IT-Company ANAXCO, which is developing a Transport Management Software (TMS) based on Microsoft Dynamics AX.

    See more posts by Marco Hofmann here.

    Are you a member of CUGC? Join for free today!

  • Local Host Cache (LHC) | Citrix DaaS

    by Uddave Jajoo, Indianapolis CUGC Leader, CTA

    With enterprises moving towards cloud, their first strategy would be to deploy solution which will be highly available and resilient. With this recent outage (Networking issues impacting Azure Services in Central US Region), a subset of customers experienced issues with their services and intermittent connection issues.

    To overcome outage scenarios like this and to make your business operations highly resilient, Citrix offers two great features allowing users to access their resources from Cloud even if there is an outage reported within those regions.

    In this blog post, I describe in detail how these features could benefit customers and why they should be implemented within your Citrix DAAS deployments.

    Local Host Cache

    Local Host Cache enables brokering of connections in Citrix DaaS (formerly known as Citrix Virtual Apps and Desktop Service) deployment to continue, in case of disconnection to Citrix Cloud Service for more than 60 seconds.
    In Citrix DaaS deployment, Local Host Cache is always enabled. You don’t have to do anything else to configure or manage it.

    As noted previously, the Microsoft SQL Server Express LocalDB database is installed automatically when you install a Cloud Connector in a resource location. Do not attempt to disable or remove it. Citrix updates the Cloud Connector regularly. If you disable or remove the SQL Server Express LocalDB software manually, the next Cloud Connector update replaces it.

    Requirements

    • Local Host Cache requires a customer deployed on-premises Storefront
    • All cloud connectors should be added as a single site within the store as delivery controllers. Refer the blog post for detailed information.
    • StoreFront should be able to communicate with the cloud connectors over port 80/443.
    • StoreFront minimum supported version should be 1912 CU1 and above.
    • Advanced Health Check feature should be enabled on each store.
    • For deployments with no on-premises StoreFront, use the service continuity Citrix workspace platform feature to allow users to connect to resources during outages. For more information, see Service continuity.

    During Normal Operations

    During an Outage

    How to enable Advanced Health Check Feature

    To ensure resource availability you could do the following:

    1: Ensure resources are published in each resource location
    2: Or publish resources to at least one resource location and use the following procedure to enable Advanced Health Check feature in each storefront store:

    1. Upgrade the StoreFront installation in each resource location to minimum version 1912 CU4. For guidance, see the StoreFront documentation.
    2. For each StoreFront store, enable the advanced health check option. In the store’s web.config file, under farmsets, add advancedHealthCheck=”on”.
      Option example:
    1. After you update the file, manually restart IIS. Repeat the web.config file update and IIS restart for other stores.

      Important Note:
      Local Host Cache works only with customer-deployed StoreFront. It does not support workspace.
      Local Host Cache supports server-hosted applications and desktops, and static (assigned) desktops.
      For Pooled delivery groups perform following changes on Delivery group level to enable them to broker connections during outage:

      Per DG
      Set-BrokerDesktopGroup -Name “name” -ReuseMachinesWithoutShutdownInOutage $true
      Per Site
      Set-BrokerSite -DefaultReuseMachinesWithoutShutdownInOutage $true
      Reference – https://support.citrix.com/article/CTX272155/enable-local-host-cache-with-citrix-cloud

    Resource Locations with Multiple Cloud Connectors

    During an outage mode, if the primary broker fails to connect to the Configuration Sync Service, the election process resumes and secondary broker would be elected amongst the remaining cloud connectors in the resource location.
    If an elected secondary broker fails to communicate during an outage, another secondary broker is elected to take over. VDAs would register with the newly secondary elected broker.

    What happens if a cloud connector is restarted:

    1. If that Cloud Connector is not the elected broker, restart has no impact.
    2. If that broker is the elected broker, a different cloud connector will be elected, causing VDAs to register. After restart, it automatically takes over the brokering, which cause VDAs to register again.

    Note: Always schedule different maintenance windows on your cloud connectors, refer the deployment guidelines highlighted in this post.

    Verify Local Host Cache is Working

    Follow through all the requirements mentioned above to verify LHC is functioning as expected. Review all the event logs during synchronization and outage occurrence to get better understanding.

    Below are important links to identify what different event logs may be generated during normal and outage mode.
    Config Synchronizer Service
    High Availability Service Event Logs

    You would also want to test the LHC functionality by forcing an outage deliberately in a resource location.

    • To force an outage, edit the registry of each Cloud Connector server. In HKLM\Software\Citrix\DesktopServer\LHC, create and set OutageModeForced as REG_DWORD to 1.

      This setting instructs the Local Host Cache broker to enter outage mode, regardless of the state of the connection to Citrix Cloud.

      Setting the value to 0 takes the Local Host Cache broker out of outage mode.
    • To verify events, monitor the Current_HighAvailabilityService log file in C:\ProgramData\Citrix\workspaceCloud\Logs\Plugins\HighAvailabilityService.
    • Events will be generated under Application logs with source Citrix Remote Broker Provider, confirming the ForcedOutageMode
    • Session Launched successfully in outage mode
    • Delete the registry entry from all the cloud connectors and monitor for the logs in event viewer and High Availability service

    Reference Links
    https://docs.citrix.com/en-us/citrix-daas/manage-deployment/local-host-cache.html#verify-that-local-host-cache-is-working
    https://docs.citrix.com/en-us/citrix-daas/manage-deployment/local-host-cache.html

  • Service Continuity | Citrix Workspace with DaaS Deployments

    by Uddave Jajoo, Indianapolis CUGC Leader, CTA

    With enterprises moving toward cloud, their first strategy would be to deploy a solution which will be highly available and resilient. With this recent outage, Networking issues impacting Azure Services in the Central US Region, a subset of customers experienced issues with their services and intermittent connection issues.

    To overcome this outage scenario and enable your business operations to be highly resilient, Citrix offers two great features which would let users access their resources from Cloud even if an outage is reported within the region. In my previous blog post, I talked about Local Host Cache. In this post, I will describe in detail on how Enabling Citrix Service Continuity could benefit customers in Citrix DaaS deployments.

    Citrix Service Continuity enables users to connect to their DaaS Apps and Desktops during outages, by using workspace connection leases to allow users access. Workspace connection leases are long-lived authorization tokens that reside on the user’s local machine. Workspace connection lease files are securely cached on user device.

    Workspace connection lease files are signed and encrypted and are associated with the user and the user device. When service continuity is enabled, a workspace connection lease allows users to access apps and desktops for seven days by default. You can configure workspace connection leases to allow access for up to 30 days.

    Requirements and Limitations

    • Supported in all editions of Citrix DaaS and Citrix DaaS Standard for Azure, when using Workspace Experience.
    • Not supported for Citrix Workspace with site aggregation to on-premises Virtual Apps and Desktops.
    • Not supported when on-premises Citrix Gateway is used as an ICA Proxy. (Using Citrix Gateway as a Workspace authentication method is supported.)
    • VDAs joined to Azure AD aren’t supported. All VDAs must be joined to an AD domain.
    • VDAs must be online for users to access VDA resources during an outage. VDA resources aren’t available when the VDA is affected by outages in:
      • AWS
      • Azure
      • Cloud Delivery Controller, unless Autoscale is enabled for the delivery group delivering the resource

    Configure Citrix Service Continuity

    To enable service continuity for your site:

    1. From the Citrix Cloud menu, go to Workspace Configuration > Service Continuity.
    2. Set Connection leasing for the Workspace to Enable.
    Citrix Workspace configuration
    1. Set connection lease period to the number of days a workspace connection lease can be used to maintain a connection.
    2. Click Save. When you enable service continuity, it is enabled for all delivery groups in your site.
    Workspace configuration

    To disable service continuity for a delivery group, use the following PowerShell command:

    Set-BrokerDesktopGroup -name <deliverygroup> -ResourceLeasingEnabled $false

    Replace deliverygroup with the name of the delivery group.

    By default, Workspace connection leases are deleted from the user device if the user signs out of Citrix Workspace during an outage. If you want Workspace connection leases to remain on user devices after users sign out, use the following PowerShell command:
    Set-BrokerSite -DeleteResourceLeasesOnLogOff $false

    How service continuity works

    • If there’s no outage, users access virtual apps and desktops using ICA files. Citrix Workspace generates a unique ICA file each time a user selects a virtual app or desktop icon.
    • Each ICA file contains a Secure Ticket Authority (STA) ticket and a logon ticket that can be redeemed only once to gain authorized access to virtual resources.
    • The tickets in each ICA file expire after about 90 seconds. After the ticket in an ICA file is used or expires, the user needs another ICA file from Citrix Workspace to access resources. When service continuity isn’t enabled, outages can prevent users from accessing resources if Citrix Workspace can’t generate an ICA file.
    • When service continuity is enabled, Citrix Workspace also generates the unique set of files that make up a Workspace connection lease.
    • When a user signs in to Citrix Workspace, connection lease files are generated for every resource published to that user.
    • Workspace connection leases contain information that gives the user access to virtual resources. If an outage prevents a user from signing in to Citrix Workspace or accessing resources using an ICA file, the connection lease provides authorized access to the resource.

    How sessions launch during outages

    When users click an icon for an app or desktop during an outage, the Citrix Workspace app finds the corresponding Workspace connection lease on the user device.

    When the Citrix Cloud broker is online, the Cloud Connector uses the Citrix Cloud broker to resolve which VDA is available. When the Citrix Cloud broker is offline, the secondary broker for the Cloud Connector (also known as the High Availability service) listens for and processes connection requests.

    Users who are connected when an outage occurs can continue working uninterrupted. Reconnections and new connections experience minimal connection delays. This functionality is similar to Local Host Cache, but does not require an on-premises StoreFront.

    The workspace app would show the icons as below during an outage mode (image is from the Citrix Docs, as I was not able to force outage to verify Citrix Service Continuity).

    Error Message: “Unable to connect to some of your resources. Some virtual apps and desktop may still be available.” Some virtual apps and desktop may still be available.”

    Users see apps and desktops that they can connect to during the outage. If the app or desktop isn’t available, the icon appears dimmed.

    citrix workspace


    Depending on how Citrix Workspace app and VDAs are configured, during an outage the VDA might prompt users to enter their credentials into the Windows Logon user interface.

    If this prompt occurs, users enter their Active Directory (AD) credentials or smart card PIN to access the app or desktop. This step is required when user credentials aren’t passed through during outages. Before accessing an app or desktop, users must reauthenticate to the VDA.

    When a user launches a session during an outage, this window appears indicating that Workspace connection leases were used for the session launch:

    starting dialogue


    After the session is launched, within the Citrix workspace app, right click and select Connection Center to view session details:

    Citrix workspace connection center

    Service Continuity can allow users to launch resources during outages in double hop scenarios, explained very well in the Citrix Docs section – Double Hop Scenarios- VDA Launch

    Service Continuity in Browser

    Extensions for Google Chrome and Microsoft Edge make service continuity available to Windows users who access their apps and desktops using those browsers. The extensions are called Citrix Workspace Web Extension and are available at the Chrome web store and the Microsoft Edge Add-on website.

    These browser extensions require a native Citrix Workspace app on the user device to support service continuity.
    The native Workspace app communicates with the Citrix Workspace Web extension using the native messaging host protocol for browser extensions. Together, the native Workspace app and the Workspace Web extension use Workspace connection leases to give browser users access to their apps and desktops during outages.

    To use service continuity in a browser, users must perform the following steps on their devices:

    1. Download and install a version of Citrix Workspace app that is supported for browser users.
    2. Download and install the Citrix Workspace Web extension for Chrome or Edge.

    References
    https://docs.citrix.com/en-us/citrix-workspace/optimize-cvad/service-continuity.html

  • CVAD Guide to Microsoft Teams

    by Ray Davis, CTA

    This CVAD Guide to Microsoft Teams was built from Slack posts, Citrix URLs, and Citrix consultants from the field who shared how they successfully got Teams working 90 – 95% within Citrix Virtual Apps and Desktop Environment. But the information is shared among many people and shows promising results. I keep it updated around new blogs and actual experience installing teams in a CVAD environment. If you disagree and find something different, then reach out and let’s update it. Please understand that all these tips/tricks may not apply to your environment. I encourage you to know what you are using from this blog.

    Suppose you are unfamiliar with running Microsoft Teams in a Citrix Virtual Apps or Desktop. I see it all the time, and it will bite you. I recommend you start here. Reading and understanding these links will ensure you know the VDI aspect and don’t apply the typical desktop assumption as there are many transitions from a desktop space into a VDI space.

    For those who need Microsoft Teams help in CVAD, I recommend bookmarking the links below. Many may be aware, like me. For those who are not, these will help you tremendously.

    Teams deep dive around performance by go-EUC:
    https://lnkd.in/eZFMN9fM

    Teams around Citrix-related fixes:
    https://lnkd.in/eDzQNqKG

    Updates Microsoft Teams versioning:
    https://lnkd.in/empxGdbT

    Overall documentation:
    https://lnkd.in/eJTvftUM

    eG, Key Considerations for Teams on Citrix:
    Microsoft Teams on Citrix: Best Practices (eginnovations.com)

    1. Different installers for Teams
      • If you install Team.exe, this is the user installer. It will either install in the user profile or program data—mostly user profiles like the traditional desktop rollout I have seen at companies.
      • If you install the MSI version of Teams, this is the Machine Wide installer. Citrix states they need the machine-wide installer.
    1. Uninstall Teams per user -clean up and redeployment procedure
      • Uninstall the user per Team’s installer before proceeding with the Team machine installer.
      • You can have Citrix WEM run this for the user inside their profile.
      • Location: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run
    1. Option 1: 
      • %LOCALAPPDATA%\Microsoft\Teams\Update.exe –uninstall –msiUninstall –source=default
      • %Programdata%\Microsoft\Teams\Update.exe –uninstall –msiUninstall –source=default
    2. Option 2:
      • Source Scripts https://github.com/Deyda/Teams
      • https://docs.microsoft.com/en-us/microsoftteams/msi-deployment  (Read this)
      • C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -command set-execution policy bypass -Scope CurrentUser
      • C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -File “\\domain\NETLOGON\CitrixScripts\WemExternalTask\TeamsUninstall-Users\TeamsUser-Uninstall.ps1” -NoProfile -Noninteractive
      • The PS1 Script is from here https://github.com/Deyda/Teams
      • But I changed the part in the Script to do it while the user is logged in.
      • $TeamsStartMenuShortcut = “c:\users\$env:USERNAME.$env:USERDOMAIN\Start Menu\Programs\Microsoft Corporation”
        $TeamsDesktopShortcut = “c:\users\$env:USERNAME.$env:USERDOMAIN\Desktop\MicrosoftTeams.lnk”
      • Originally it was:
        $TeamsStartMenuShortcut = “\\domain\share\$env:USERNAME.$env:USERDOMAIN\Start Menu\Programs\Microsoft Corporation”
        $TeamsDesktopShortcut = “\\domain\share\$env:USERNAME.$env:USERDOMAIN\Desktop\Microsoft Teams.lnk”
      • Then I used a WEM external Task to run it. Put the Script in a location that users can read. It will execute and do the cleanup inside the user profile for you.
    Teams installer
    1. Block user installs
      • Deny access to C:\Users\*\AppData\Local\Microsoft\Teams
      • Use FSLogix AppMasking
      • Quick Rule
    FSLogix RuleEditor
    • If, by chance, a user tried to install it. They would get this:
    install failed message
    • Logs point out what AppMasking is doing:
    logs
    • Note: if you have a machine installed already installed and a user tries to click a link in Outlook, it will open with the installed machine version on the VDI.
    1. Citrix Requirements: (Highly advise using more updated versions)
    1. Microsoft VDI guidance
      • https://docs.microsoft.com/en-us/microsoftteams/teams-for-vdi#install-the-teams-desktop-app-on-vdi
      • These examples also use the ALLUSERS=1 parameter. When you set this parameter, Teams Machine-Wide Installer appears in Programs and Features in Control Panel and in Apps & features in Windows Settings for all computer users. All users can then uninstall Teams if they have admin credentials. It’s essential to understand the difference between ALLUSERS=1 and ALLUSER=1. The ALLUSERS=1 parameter can be used in non-VDI and VDI environments, and the ALLUSER=1 parameter is used only in VDI environments to specify a per-machine installation.
    1. Dedicated VDI (updated)
      • You have Windows 10 dedicated, persistent VDI environments. You want the Teams application to auto-update and would prefer Teams to install per-user under Appdata/Local. (I don’t know if they will be optimized for Citrix, though?) Use the .exe installer or the MSI without ALLUSER=1.
      • Update 8/18/2020, 2/6/2023
        I confirmed that it’s still optimized as well on the user install. I was wondering about this, and now I know.
      • Non-Persistent VDI or RDSH (XenApp)
        • ALLUSERS=1:  Teams Machine-Wide Installer appears in Programs and Features in Control Panel and in Apps
        • ALLUSER=1: used only in VDI environments to specify a per-machine installation and turns off auto-updater in non-persistent machines.
        • noAutoStart=true: tells it when installing set it not to autostart.
    1. Per-machine installation for VDI
      • /l*v  ALLUSER=1 ALLUSERS=1
      • msiexec /i <path_to_msi> /l*v <install_logfile_name> ALLUSER=1 ALLUSERS=1
      • msiexec /i Teams_windows_x64.msi ALLUSER=1 ALLUSERS=1
      • msiexec /i Teams_windows_x64.msi OPTIONS=”noAutoStart=true” ALLUSER=1 ALLUSERS=1
      • msiexec /i “%temp%\Teams_windows_x64.msi” /QN OPTIONS=”noAutoStart=true” ALLUSER=1 ALLUSERS=1
    1. Container Profile exclusions
      • <Exclude Copy=”0″>AppData\Local\Microsoft\Teams\Current\Locales</Exclude>
      • <Exclude Copy=”0″>AppData\Local\Microsoft\Teams\Packages\SquirrelTemp</Exclude>
      • <Exclude Copy=”0″>AppData\Local\Microsoft\Teams\current\resources\Locales</Exclude>
      • <Exclude Copy=”0″>AppData\Roaming\Microsoft\Teams\Service Worker\CacheStorage</Exclude>
      • <Exclude Copy=”0″>AppData\Roaming\Microsoft\Teams\Application Cache</Exclude>
      • <Exclude Copy=”0″>AppData\Roaming\Microsoft\Teams\Cache</Exclude>          
      • <Exclude Copy=”0″>AppData\Roaming\Microsoft Teams\Logs</Exclude>
      • <Exclude Copy=”0″>AppData\Roaming\Microsoft\Teams\media-stack</Exclude>
    1. UPM File based
    1. Warnings and issues (JSON Files are a pain and don’t seem to get honored very well.)
      • Running the MSI in VDI mode by using the switch Alluser=1 makes teams completely ignore  JSON files.  It ignores the setup.json, and it ignores the desktop-config.json file. Redirecting it to any other json file anywhere else won’t help as it doesn’t respect JSON files. It must be a bug. Still trying to work through this.
    1. Disable Teams auto-launch.
      • I see this in many environments, Teams auto-launch starts when the user logs in. Teams is heavy on CPU, and I recommend not doing this. However, some places seem to ignore this and take the desktop approach.
        • Disable Teams auto-launch after installation.
        • Delete Teams reg keys following locations
        • HKEY_LOCAL_MACHINE \SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run 
        • HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
        • HKEY_CURRENT_USER \SOFTWARE\Microsoft\Windows\CurrentVersion\Run
        • Then apply GPO, not to auto Launch Teams. 
      • It is not currently possible to disable Auto-start even if using the command line flag OPTIONS=”noAutoStart=true” with the machine-wide MSI and the ALLUSER=1 property. Deleting the reg key described in bullet#2 (bullet#2 is on the citrix doc) should fix this.
      • Group Policy setting, make sure you first set the Group Policy setting to the value you want before you run this Script. If you have profiles that have already set auto-launch, you will have to run this Script to clear out the settings. Suppose you want to use the “Prevent Microsoft Teams from starting automatically after installation. 
      • Doing Auto Launch with Teams is CPU intensive. Control it with WEM on auto-launch, and It will allow the Shell to load first.
    1. James Rankin method of disabling auto-setup, enabling auto-start once the setup is triggered manually by the user, and also making sure that the openAsHidden flag is actually respected. Scroll down to “Solving It”
    1. Disable GPU offload because teams will have HIGH CPU usage (no video card)

    $ErrorActionPreference = ‘SilentlyContinue’
    $JsonFile = [System.IO.Path]::Combine($Env:AppData, ‘Microsoft’, ‘Teams, ‘desktop-config.json’)
    $ConfigFile = Get-Content -Path $JsonFile -Raw | ConvertFrom-Json
    Try {
        $ConfigFile.appPreferenceSettings.openAtLogin = $False
       $ConfigFile.appPreferenceSettings.disableGpu = $True
    } Catch {
        Write-Host  “JSON element doesn’t exist”
    }
    $ConfigFile | ConvertTo-Json -Compress | Set-Content -Path $JsonFile -Force 

    • Update as of November 4, 2021
    • if (!(Test-Path $env:AppData\Microsoft\Teams\desktop-config.json)) {Exit} $JSONFile = $env:AppData+”\Microsoft\Teams\desktop-config.json” $User = $env:USERDOMAIN+’\’+$env:USERNAME $JSON = Get-Content $JSONFile | ConvertFrom-Json if ($JSON.appPreferenceSettings.disableGpu -eq $False) { Get-Process -Name ‘Teams’ -IncludeUserName -ErrorAction SilentlyContinue | Where-Object UserName -eq $User | Stop-Process -Force $JSON.appPreferenceSettings.disableGpu = $True $JSON | ConvertTo-Json | Out-File $JSONFile -Encoding ASCII & “C:\Program Files (x86)\Microsoft\Teams\current\Teams.exe” }
    • Other Sources:
    • Microsoft Teams Optimization on Citrix – JGSpiers.com
      • For this, I did a WEM external Task that does the following:
      • C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -command set-executionpolicy bypass -Scope CurrentUser
      • C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -File “\\domain.org\NETLOGON\CitrixScripts\WemExternalTask\DisableGPUTeams_VDI\disableGPUTeams.ps1” -NoProfile -Noninteractive
      1. Monitoring Teams with HDX Monitor

        On 1912 VDAs (or higher), you can monitor an optimized active call using HDX Monitor (3.5.2 or higher).To turn this on, create the following WebrtcDirectorIntegration reg key on the VDA:

        HKLM\Software\Citrix\HDXMediaStream\
        Or
        HKLM\SOFTWARE\WOW6432Node\Citrix\HdxMediaStream
        – reg key value:
        name: WebrtcDirectorIntegration
        type: DWORD
        value: enable(1), disable(0)
      1. Enable Team in Citrix
        Enable optimization of Microsoft Teams:
        To enable optimization for Microsoft Teams, use the Studio policy described in Microsoft Teams redirection policy (it is ON by default). In addition to this Policy being enabled, HDX checks to verify that the version of the Citrix Workspace app is equal to or greater than the minimum required version. If you enabled the Policy and the Citrix Workspace app version is supported, the HKEY_CURRENT_USER\Software\Citrix\HDXMediaStream\MSTeamsRedirSupport registry key is set to 1 automatically on the VDA. The Microsoft Teams application reads the key to load in VDI mode.

      NOTE:

      • If you are using version 1906.2 VDAs or higher with older Controller versions (for example, version 7.15), which do not have the Policy available in Studio, you can still be optimized because HDX optimization for Microsoft Teams is enabled by default in the VDA.
      • If you click About > Version, the Citrix HDX Optimized legend displays:
      • Optimized for Citrix legend
      Citrix HDX optimized
      1. Troubleshooting MS teams in Citrix 
        This material is copied from other sources and is not my material. You will see word-for-word references in blogs. This is me trying to pull it all together in one area.
      • Check Teams are optimized.
        • When Teams are running optimized, the HdxRtcEngine.exe process runs on the endpoint and the WebSocketAgent.exe process runs on the VDA.
        • Check status of services.
        • There are a couple of services required to be running on the VDA for successful Teams optimization.
      • Citrix HDX Teams Redirection Service: Provides establishment of virtual channel used with Microsoft Teams.
      • Citrix HDX HTML5 Video Redirection Service: Responsible for TLS termination of secure WebSockets and spawning the WebSocketAgent.exe process into user sessions when Teams starts. This service also runs as WebSocketService.exe and needs to be listening on 127.0.0.1:9002. You can confirm this using command netstat -anob -p tcp | findstr 9002 on the VDA.
      • On successful connection, the state turns to ESTABLISHED.
      • Using HDX Monitor
      • The latest versions of HDX Monitor allow you to see some information about active Teams calls.
      • When viewing session information via HDX Monitor, if the Number of connections under Webrtc is set to 0, either Teams has not been launched within the session or has been launched but is not optimized.
      • When Teams is running optimized, the number of connections for the session will change to 1.
      • When a Teams call is in progress, the Virtual channel state will switch from Idle to Active. HDX Monitor will also show you the maximum Kbps outgoing and incoming bandwidth used for the entire HDX session over all Teams calls.
      1. Gathering Logs
        There are various logs you can turn to when troubleshooting HDX Optimization for Teams.
        Client Endpoint (Windows)
        Folder: %LocalAppData%\Temp\HdxRtcEngine
        Contains hdxrtcengine.log and webrpc.log.
        Additionally, there are log files stored on Mac and Linux endpoints, and you also have the option of enabling CDF tracing using specific trace providers.
      1. To prevent Teams from installing in Office updates:
        If your organization isn’t ready to deploy Teams and you use Group Policy, you can enable the Don’t install Microsoft Teams with new installations or updates of Office policy setting. Most placed I see take the defaults. Which will install Teams from the 0365 media. Build a custom XML file and exclude Teams.
      • It will add this key:
      • If you do get Teams to install from Office updates (which I had, and I didn’t realize it), you will see Teams auto-start upon logging in. 
      • You will see this:
        • User auto Start HKCU\Software\Microsoft\WIndows\Current Verison\Run
          • C:\Users\%username%\AppData\Local\Microsoft\Teams\Update.exe –processStart “Teams.exe” –process-start-args “–system-initiated”
        • Machine auto Start
          • HKLM\Software\\WOW6432Node\Microsoft\WIndows\Current Verison\Run
          • %ProgramFiles%\Teams Installer\Teams.exe –checkInstall –source=PROPLUS
        1. Outlook Plugin appears to break at times or may never load.
        1. Outlook Plugin appears to break at times, and this is what I have found so far that fixes it.
          • Nick Panaccio shared a great script with me that helped a lot in this area:

        $ErrorActionPreference = 'SilentlyContinue'

        #We need to add the following items to allow Teams meeting links to open Teams and not have IE prompt to allow the action

        If (!(Test-Path "HKCU:\Software\Microsoft\Internet Explorer\ProtocolExecute\msteams")) {

            New-Item "HKCU:\Software\Microsoft\Internet Explorer\ProtocolExecute\" -Name "msteams" -Force | Out-Null

        }

        New-ItemProperty "HKCU:\Software\Microsoft\Internet Explorer\ProtocolExecute\msteams\" -Name "WarnOnOpen" -Value 0 -PropertyType "DWORD" -Force | Out-Null

        If (!(Test-Path "HKCU:\Software\Classes\msteams")) {

            New-Item "HKCU:\Software\Classes\msteams\shell\open\" -Name "command" -Force | Out-Null

        }

        New-ItemProperty "HKCU:\Software\Classes\msteams\" -Name "(Default)" -Value "URL:msteams" -PropertyType "String" -Force | Out-Null

        New-ItemProperty "HKCU:\Software\Classes\msteams\" -Name "URL Protocol" -Value "" -PropertyType "String" -Force | Out-Null

        New-ItemProperty "HKCU:\Software\Classes\msteams\shell\open\command\" -Name "(Default)" -Value """C:\Program Files (x86)\Microsoft\Teams\current\Teams.exe"" ""%1""" -PropertyType "String" -Force | Out-Null

        If (!(Test-Path "HKCU:\Software\Classes\TeamsURL")) {

            New-Item "HKCU:\Software\Classes\TeamsURL\shell\open\" -Name "command" -Force | Out-Null

        }

        New-ItemProperty "HKCU:\Software\Classes\TeamsURL\shell\open\command\" -Name "(Default)" -Value """C:\Program Files (x86)\Microsoft\Teams\current\Teams.exe"" ""%1""" -PropertyType "String" -Force | Out-Null

        #We need to add the following items to get the 'New Teams Meeting' button to appear in Outlook

        New-ItemProperty "HKCU:\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts\" -Name "msteams_msteams" -Value 0 -PropertyType "DWORD" -Force | Out-Null

        New-Item "HKCU:\Software\Microsoft\Office\Outlook\AddIns\" -Name "TeamsAddin.FastConnect" -Force | Out-Null

        New-ItemProperty "HKCU:\Software\Microsoft\Office\Outlook\AddIns\TeamsAddin.FastConnect\" -Name "Description" -Value "Microsoft Teams Meeting Add-in for Microsoft Office" -PropertyType "String" -Force | Out-Null

        New-ItemProperty "HKCU:\Software\Microsoft\Office\Outlook\AddIns\TeamsAddin.FastConnect\" -Name "LoadBehavior" -Value 0x3 -PropertyType "DWORD" -Force | Out-Null

        New-ItemProperty "HKCU:\Software\Microsoft\Office\Outlook\AddIns\TeamsAddin.FastConnect\" -Name "FriendlyName" -Value "Microsoft Teams Meeting Add-in for Microsoft Office" -PropertyType "String" -Force | Out-Null

        #We need to add the following items to preconfigure Teams

        If (!(Test-Path "$Env:AppData\Microsoft\Teams")) {

            New-Item "$Env:AppData\Microsoft\Teams\" -ItemType "Directory" -Force | Out-Null

        }

        Copy-Item -Path "$PSScriptRoot\desktop-config.json" -Destination "$Env:AppData\Microsoft\Teams" -Recurse -Force

        If (!(Test-Path "HKCU:\Software\Classes\CLSID\{00425F68-FFC1-445F-8EDF-EF78B84BA1C7}")) {

            New-Item "HKCU:\Software\Classes\CLSID\{00425F68-FFC1-445F-8EDF-EF78B84BA1C7}\LocalServer\" -Force | Out-Null

        }

        New-ItemProperty "HKCU:\Software\Classes\CLSID\{00425F68-FFC1-445F-8EDF-EF78B84BA1C7}\LocalServer\" -Name "(Default)" -Value "C:\Program Files (x86)\Microsoft\Teams\current\Teams.exe" -Force | Out-Null

        If (!(Test-Path "HKCU:\Software\Classes\WOW6432Node\CLSID\{00425F68-FFC1-445F-8EDF-EF78B84BA1C7}")) {

            New-Item "HKCU:\Software\Classes\WOW6432Node\CLSID\{00425F68-FFC1-445F-8EDF-EF78B84BA1C7}\LocalServer\" -Force | Out-Null

        }

        New-ItemProperty "HKCU:\Software\Classes\WOW6432Node\CLSID\{00425F68-FFC1-445F-8EDF-EF78B84BA1C7}\LocalServer\" -Name "(Default)" -Value "C:\Program Files (x86)\Microsoft\Teams\current\Teams.exe" -Force | Out-Null

        1. I was updated that screen sharing may act up. If this happens, remove the Contents from AppData and all Teams data. Then allow it to rebuild the files etc.


        This blog will continue to be updated…questions and comments are welcome below!

        See more posts by Ray Davis here.

        Are you a member of CUGC? Join FREE today!

      1. Update Snapshot – MCS Provision Static Pool Catalog in Azure using Citrix DaaS and PowerShell

        by Uddave Jajoo, Indianapolis CUGC Leader

        In my previous blog post – Update Snapshot for Static Pooled Machine Catalog, I highlighted a few steps on how to change the snapshot for an existing MCS provisioned static pooled catalog so that new desktops provisioned would receive the latest updates and components included in the recent snapshot.

        As organizations slowly transition to DaaS and Public Cloud platforms, there will also be a need for administrators and engineers to manage their images in Azure gallery and also roll out the latest updates to all the end users. Here’s another blog to walk you through what changes need to be included in the PowerShell command and how Citrix Cloud Console lets you make those changes from the GUI to replace the updated snapshot in the catalog.

        Delivery Group to Machine Catalog Change in Snapshot

        There are two different ways to accomplish this:

        1. Using PowerShell commandlets
        2. GUI option – Directly from the Citrix Cloud Console

        Method 1. Using PowerShell Commandlets

        1. Login to one of the Cloud Connector servers or any management server, where the Citrix PowerShell SDK modules are installed and you would have connectivity to the Citrix Cloud Sites and Services.

        2. Utilize stored profiles to authenticate successfully to Citrix cloud using command below:

        Set-XDCredentials -ProfileName CitrixCloudPRD

        Note: I am utilizing stored profile credentials from the memory itself, for configuring the profile, you would need access to the Citrix Cloud Client ID and Client Secret.

        Powershell commandlet

        3. Identify the name of the catalog, the MasterImageVM and the Snapshot details before proceeding further with the below commands:

        Catalog Name: TestCatalog

        Snapshot Name: SnapshotUpdated_Jan2023

        4. Get the provisioning Scheme details for the TestCatalog. Make a note of the MachineProfile MasterImageVM details from the output of the PowerShell command.

        Example:
        Get-ProvScheme -ProvisioningSchemeName "TestCatalog"

        TestCatalog

        5. Run the command below:

        asnp Citrix*
        Get-ChildItem -Recurse -Path XDHyp:\HostingUnits\azr-centralUs-udjajoo-hostingconnection\image.folder\udjajoo-centralus-RG.resourcegroup\azrw10master.vm

        Make note of the details for attributes PSPathPSParentPath

        Parent Path

        PSPath : Citrix.Host.Admin.V2\Citrix.Hypervisor::XDHyp:\HostingUnits\azr-centralUs-udjajoo-hostingconnection\machineprofile.folder\udjajoo-centralus-RG.resourcegroup\azrw10master.vm

        PSParentPath : Citrix.Host.Admin.V2\Citrix.Hypervisor::XDHyp:\HostingUnits\azr-centralUs-udjajoo-hostingconnection\machineprofile.folder\udjajoo-centralus-RG.resourcegroup

        PSChildName : azrw10master.vm

        PSDrive : XDHyp

        PSProvider : Citrix.Host.Admin.V2\Citrix.Hypervisor

        6. Run the command below:

        Publish-ProvMasterVmImage -ProvisioningSchemeName TestCatalog” -MasterImageNote "January Month Updates with latest components" -MasterImageVM “Citrix.Host.Admin.V2\Citrix.Hypervisor::XDHyp:\HostingUnits\azr-centralUs-udjajoo-hostingconnection\machineprofile.folder\udjajoo-centralus-RG.resourcegroup\azrw10master_Snapshot_1-14-2023_AllUpdates_MSU_LatestReseal.snapshot

        Note: In on-prem environments, the snapshots were getting tagged with the individual master image itself, however in Azure, the snapshots are just treated as a separate resource within your subscription, so the major difference would be there will be no VM name in the command while entering the PSPath parameter.

        Verify the status of the command results as completed and monitor in the console. The catalog would now be showing the latest snapshot in the Template properties under machine catalogs tab.

        Catalog

        7. Right click on the machine catalog and Select Add Machines to provision new desktops within the Catalog using the updated image.

        Method 2. GUI option – Directly from the Citrix Cloud Console

        1. Login to the Citrix Cloud Console and identify the respective Machine Catalog which needs to updated with the latest snapshot.

        2. Select the catalog and then Select option Change Master Image

        Cloud Console
        change master image

        3. In the master image tab, click on the option +Select an Image.

        4. In the select image tab, point to the respective resource group and select the respective updated snapshot for the master image.

        select image

        5. Click Done.

        6. Verify the Name of Snapshot and enter the Note to include the changes included in the latest snapshot.

        master image

        7. Click Next.

        change master image

        8. Click Finish.

        9. Once the snapshot is updated in the catalog, try adding new machines to the catalog. All the new desktops provisioned within the catalog will utilize the latest updated snapshot.

        References:

        https://blogs.mycugc.org/2022/12/05/update-citrix-mcs-snapshot-for-static-pooled-machine-catalog/
        https://support.citrix.com/article/CTX129205/how-to-update-master-image-for-dedicated-and-pooled-mcs-catalog-using-powershell-sdk

        See more posts by Uddave Jajoo here.

        Are you a member of CUGC? Join FREE today!

      2. HDX Screen Sharing

        by Serdar Göksu, Senior Solutions Architect

        The screen sharing feature allows a VDA user to share screen content and screen controls with other users.

        System Requirements:

        • Single or Multi Session VDA
        • Only desktop sessions can be shared
        • Studio Policy for Screen Sharing and Graphics Status Indicator
        • Screen Sharing feature during VDA installation
        • By default, the screen sharing feature works over TCP ports 52525-52625. These ports must be added to the firewall exception list

        LAB Environment:

        • 2 X Windows 10 VDI (MCS)
        • 2 X Test Users (citrix01, citrix02)
        • CVAD Site and VDA Versions: CVDA 2209
        • Citrix Workspace 2209

        Let’s start!

        The configuration steps are listed as follows:

        During the installation of the VDA role, we need to check the “Screen Sharing” feature.

        HDX Screen Sharing

        We have completed the VDA installation. Now, we create 2 VDIs using the Master Image machine via Citrix Studio.

        After completing the VDI creation processes, Click Policies menu on Citrix Studio and Create a new policy. (Citrix Studio -> Policies -> Create New Policy)

        We type “Session Sharing” in the search bar and enabled this policy.

        HDX Screen Sharing
        HDX Screen Sharing

        Then again, we type “Graphics Status” in the search bar and enabled the policy.

        HDX Screen Sharing
        HDX Screen Sharing

        This setting configures the graphics status indicator to run in the user session. This tool lets the user see information about the active graphics mode.

        You can assign this policy to user group, Delivery Groups etc. In this example, I will assign the VDI Delivery group.

        HDX Screen Sharing

        We give the policy a name and activate it.

        HDX Screen Sharing

        Let’s connect to the VDI machine and test it with our test users.

        When we connect to the VDI machine, we will see the “Graphics Status” icon. Right-click on it to display the menu and select Screen share > Share my screen.

        HDX Screen Sharing

        Click Copy to clipboard or manually select and copy the entire string shown in the dialog box. A red outline appears around the screen as an indicator that the session is now being shared and is visible by others.

        HDX Screen Sharing

        Right-click on the “Graphics Status” icon in the other user’s VDA session and select Screen share > View someone else’s screen.

        HDX Screen Sharing

        Enter or paste the connection string that was provided by the user sharing the session into the text box. Click Connect to establish the connection.

        HDX Screen Sharing

        On the HDX Screen Sharing Viewer screen, you can make keyboard and mouse requests.

        HDX Screen Sharing

        That’s it! I hope it was useful for you.

        See more posts by Serdar Göksu here.

        Are you a member of CUGC? Join FREE today!