It is the middle of your maintenance window and you are updating Storefront Servers...
All of sudden, you receive one of those helpful errors that mean absolutely nothing to you!!!!
In my experience, all roads lead to the Telemetry service. I stop this service before any upgrade on Storefront Servers. It has fixed the issue and helped me finish my upgrade each time.
No clue, but at least if you run into this at 2 a.m. and you are really sleepy...you can try it and save you hours of researching via Google!!! You're welcome!!!
Built a new 2019 server. Installed the same software as the 2016 Server. Users log on but do not successfully log off. You try uninstalling the VDA and reinstalling the VDA, but you get the same result. Note the Event Logs and you may see Metaframe warnings. If you see Metaframe warnings for XPS printers, then this may be your culprit.
Open your Citrix Policies and check your XPS Session Printer filter. The default rule for the XPS printer does not include an asterisk (*). This means there can be a conflict between the one on the 2019 server and the one on the user's machine.
Edit the XPS Document Writer to include "*". Try having users log off and log back in. This should resolve the issue.
So for this configuration, I used Carl's article (https://www.carlstalhood.com/netscaler-gateway-12-pcoip-proxy/) and Duo Radius Configuration (https://duo.com/docs/radius).
When configuring the Duo Auth Proxy, use the Auto instead of iFrame. iFrame will give you the Duo auth page only via the web, but you will also not be able to see the apps after the login. The Horizon Client will not never show the iFrame.
So you upgraded to 13.0 79.64 and your LDAPs stopped working?
So, there are few options to fix this.
You can modify your LDAP to use 389. 👎👎👎 This is not a good idea and please don't do that.
You can edit your LDAP monitor and remove the secure checkbox. 👎👎 I wouldn't do this either, but if you must! Just don't tell anyone that I said it.
The best solution and what worked for me is to make sure in your monitor, you have a filter, cn=builtin. If this doesn't fix the issue, then also make sure your service account isn't locked out. After the upgrade, the monitor tries to do its job and it fails (likely locking the account out).
So one of my most frequently asked questions is....(drum roll) which profile management solution do you use?
My answer today is always FSLogix! Why? It's truly the simplest way to deliver a persistent profile solution in a non-persistent environment!
If you combine FSLogix with Folder Redirections, then you can provide a great experience for users.
FSLogix is a small agent that can be installed within all VDI/Published Apps environments. It is the default profile management solution for Microsoft's Azure Virtual Desktop.
FSLogix settings can be applied via registry keys or Group Policy. The preferred and easier method would be to use Group Policy which requires copying the admx/adml files that come with the download into your domain environment.
If you've never used FSLogix, then it is worth noting it does require a storage location. It works great on most storage solutions, but do not place FSLogix on a DFS with Replication enabled.
My favorite and suggested GPO settings:
- Swap component names: Please make sure to do this. If you do not do this before your deployment, then it show the user's SID first and then their samAccountName. So basically, you will sort on their SID which can be very difficult to manage.
- Do separate out the Profile and Office containers. FSLogix allows you to use only the Profile Container or the Office Container. My recommendation is to use both. This configuration allows you to be able to remove the Office Container without having to remove their other Profile data or vice versa.
- Move temp, tmp, and inetcache to the local profile. This setting reduces bloat in the profile.
- Use Dynamic instead of Fixed. Unless you just have storage to waste, then do not set the profile to fixed. Also use VHDX if your storage solution supports it.
- DO NOT use the Windows Search feature for any Windows 10/Windows 2016 and above. It will just work if you don't use this feature.
- Use the redirections.xml file to reduce the amount of data within the Profile Container.
So I bet you are wondering why?
So there's a bug. You may never encounter the bug. But if you do, then you will regret removing the Windows Store.
Let me start by saying, the Citrix Optimizer is by far one of the best around. I use it even when I'm not optimizing for Citrix. However, if you are using it on a Windows 10 machine then it will likely try to optimize by removing the Windows Store. DO NOT LET IT!!!
What should you do? Remove all other apps and use a GPO to disable the Windows Store.
What happens if I remove it? Well, the symptoms are pretty widespread, and unfortunately opening a ticket may not lead you to this conclusion.
What I've seen in the field is this: Customer has OneDrive files on-demand GPO in place and customer is using Office 365 with SSO. If OneDrive loads first, then Office prompts for credentials no matter what. It will literally never SSO. If the customer turns off files on-demand GPO, then the SSO works properly.
If you reinstall the Windows Store (it is a pain to do as you must use the Inbox Apps iso), then the SSO and OneDrive files on-demand all work fine.
So that means to me, just don't remove it. Yes, you've heard it helps to reduce login times. However, that is still true if you remove all the apps and only keep the Store.
You can "Turn off the Store" via GPO and remove the ability to use it. But at least it is still there for when random odd things like the above occur.
After pounding my head against the wall a few times, I figured I might save others the same frustration.
You set up Citrix App Layering.
You set up FSLogix.
You create a published image.
App Layering is working great. You see the FSLogix VHDs getting created. However, no profile data is being saved. Basically, you get an FSLogix VHD completely formatted with no data.
Why is this happening?
Fun times in Microsoft world?!?! No, not funny?? Ok, so ultimately, it is all a matter of timing. The app layering driver is called prior to the FSLogix driver in an order that Microsoft calls Altitude. The prevent this from occurring in that order, you have set the altitude for FSLogix to occur before App Layering.
Yeah ok, How do I fix it?
Open up the layer, you installed FSLogix on
Set the value 138010
Then reboot the machine.
Yeah, if you banged your head against the wall, then join the club. If you found this post, then it was my pleasure to save you the pain.
So if you haven't had an opportunity to work with Citrix App Layering, then you should totally check it out. This particular product was acquired by Citrix when it purchased Unidesk a few years ago. Since then, the original product has definitely evolved. At the time of this blog, Citrix App Layering is at version 4 and the appliance can be deployed to most of the common backend hypervisors.
Citrix App Layering allows an organization to separate the typical image into separate parts: Platform, OS, and Applications; which creates management separated from the infrastructure. This allows the management of updates to be separate and once finalized created a whole image. For more information on Citrix App Layering, head over to Citrix Docs. I won't go into details regarding deploying the appliance as that information is within the Citrix Docs.
Working with Citrix App Layering
So as you may already know, I build images onto of XenServer. This is intentional as it is easier to package Citrix on top of Citrix versus the other hypervisors. Basically, I've seen less driver compatibility with XenServer than other hypervisors. However to work with Citrix App Layering, the hypervisor you choose really doesn't matter when you are creating these layers.
In order to begin, you will create an OS Layer. You can create multiple OS Layers based on the Operating Systems used within your organization ie. Windows 2012 R2 and Windows 2016. So let's login and take a look at App Layering. Important note: Citrix App Layering is not supported inside of Chrome due to Silverlight . As a workaround, I use IE Tab inside of Chrome. Once you navigate to your App Layering appliance, you will see the login screen.
Select Layers->OS Layers
Create OS Layer. Give it a simple Layer Name and provide a description (avoid periods if using PVS). I would start with version 1 and a version description of something like “Base”. You can leave the Max Layer Size as 60GB.
If this is a new appliance deployment, then you will likely only have a network file share option. If you click New, then you can select your backend platform. For the purposes of this blog, it will be XenServer.
A new window will open for you to configure your XenServer Connector. Give a Config Name like “XenServer-HostName or PoolName”. You will want to fill in the information from left to right. Please note: You need to have at least one virtual machine template inside the pool/host selected without a virtual disk attached. You can use a hostname or ip address for the XenServer Address. Enter the credentials for the host/pool. I always choose to ignore the certificate errors and select “Check Credentials”.
Once the credentials are verified, then you can select the template for the OS Layer. For selection of templates (PVS only), make sure that your OS layer and Platform Layers match or at least the OS Layer CPUs are larger than the ones specified via the Platform Layer. After you’ve entered the appropriate information, then select Test. Then Save.
The next screen, you must select the OS Disk Virtual Machine. If you click Select Virtual Machine, then it will open a new screen for you to select a VM within the Pool/Host.
After you select a virtual machine, the screen updates with the OS Machine Name and Disk Size.
You can select an existing icon or if you have your own icon you’d like to use then you can select Browse.
The last screen gives you a summary of your selections. If everything looks good, then select Create Layer.
To be continued….
Don't stop upgrading... I have noticed over time that many organizations are picking LTSR and forgetting to upgrade. I have updated quit...
By the title alone, most of us cringe at the topic or idea. The reverse imaging process for a PVS target device has greatly evolved over the...
This issue actually occurs on-prem as well, but I have only seen it recently with my customers who have machines in Azure and in their on-pr...