Welcome to Kraft Kennedy

As we try to engineer the best available working environment for our end users, more and more clients have tried to store user cache in memory.  While this does provide the best performance, it also has it’s limitations discussed in this blog post by my colleague Jeff Silverman.  If you have the ability to store the user cache in memory it’s important to also monitor just how full that memory allotment is getting.  If it fills up, and Windows has no where to write user information, the system most likely end in a BSOD for the user.

Citrix provides a nice PowerShell command to query the RAM cache used via the MCLI PowerShell snap-in.  This snap-in (McliPSSnapIn.dll) comes standard with Provisioning Server Console install and is located in C:\Program Files\Citrix\Provisioning Services Console.  Before it can be added to PowerShell, the dll must be registered on any system wish to run the query from.

To register the dll on a 64-bit machine, run the following PowerShell command:

• C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe ‘C:\Program Files\Citrix\Provisioning Services Console\McliPSSnapIn.dll’

To add the snap-in to a PowerShell command prompt, run the following command:

• Add-PSSnapin -Name McliPSSnapIn

Run the following command against a XenApp server to see how much RAM cache is used:

• mcli-get deviceinfo -p devicename={servername} -f status

The second number returned in the status section is the percentage of the RAM Cache used.

Citrix Provisioning Server supports two methods of Windows volume activation – MAK and KMS.  I’ve found the latter to be the preferred approach, since when set up properly it requires little if any maintenance.  There are occasions, however, where you need to use MAK – perhaps it’s the only key you have available or your implementation is smaller than KMS’s 25-computer activation threshold.  In these cases you’ll want to follow Citrix’s guidance for implementing MAK activation (MAKtivation) here.  This post isn’t intended to cover those steps in detail.  Rather, it’s intended to cover the situation where you need to run MAK activation again after it’s been run successfully.  By design, the option to “Manage MAK Activations” disappears from the Provisioning Server console after it’s been run successfully, and this post describes how to get that option back.

First, let’s take a quick look at the MAKtivation process.
Continue reading…

Several weeks ago I posted about my shiny, new Chromebook and the notable lack of a Citrix receiver for the Chrome OS, despite it being unveiled at Citrix Synergy back in May.  It appears my weeks of patient waiting have finally paid off: earlier today, Citrix released a “tech preview” of its receiver for the Chrome OS via the Chrome Web Store.

As expected, the new receiver requires some updates to your existing XenApp or XenDesktop environment to work (you’ll need a MyCitrix login to download them).  Additionally, the receiver currently only supports XenDesktop 5.0 and XenApp 6.0 environments running on Windows Server 2008 R2.  Whether that list will be expanded as the receiver matures – given that this is still listed as a tech preview – remains to be seen.

The release of this new receiver, though currently limited to a very small market, could be the start of a much broader shift in how remote users access Citrix environments, and we’re quite excited to finally get our hands on it.  We’ll work on getting our environment set up in the next day or two to give the new receiver – as well as that Chromebook that’s been sitting on my desk – a run for its money.

It’s not too often that I get excited by the release of a new product.  I’ve certainly never waited outside a store to be one of the first people to have a new device, and, in fact, I almost always wait a few months until the bugs are worked out before I commit to buying something. When I got an invitation from Google a few weeks ago to be part of their Chromebook pre-release, however, I jumped on the opportunity about as quickly as I could.
Continue reading…

As server and storage hardware continues to evolve, and now that Citrix has introduced Machine Creation Services (MCS) as an alternative deployment methodology to conflict with compliment Provisioning Server (PvS), architects and engineers have more complexity flexibility than ever with regard to virtual desktop infrastructure (VDI) design.  While MCS is somewhat limited, PvS provides flexibility with regard to write cache and vDisk location.  There are performance, redundancy, and other tradeoffs associated with these choices, however, and it’s important to fully understand them when designing a solution.

Continue reading…

Sometime last year, Citrix released support for an integrated Web Interface for the NetScaler nCore.  This was a welcome addition to the already versatile NetScaler appliance.  Most of my clients had leveraged a couple Windows Server 2008 R2  hosts to serve as the Citrix Web Interface and used a NetScaler to load balance them.  Integrating the Web Interface function within the NetScaler itself seemed like a no brainer as it reduces two Windows hosts (which need to be patched, managed, maintained, etc.) and unifies management on the NetScaler appliance itself.  The idea of replacing the Web Interface on a NetScaler sounds like a great idea at first blush, but the Web Interface is usually branded and customized to at least some degree that poses a challenge.  Specifically, most of my clients perform at least some level of customization to their Web Interface.  This might be something as simple as adding a logo or disclaimer, deploying the Online Plugin, or something more involved that includes adding multiple links and changing to a custom skin.  Citrix’s own documentation is lacking when it comes to making these customizations on the NetScaler and Web Interface in the form of disparate knowledge base articles.  In practice, most Citrix administrators (myself included) would likely feel more comfortable customizing a Web Server running under the IIS platform over one running on Apache Tomcat, so in this post I step through different ‘basic’ customizations that I expect every organization would want to do if they had a NetScaler nCore running the integrated Web Interface.

(One last thing to note, to be fair, there are some Citrix KB articles that document some of the steps below that I used to help me compile some of this information, but it is not as organized and is disparate.)
Continue reading…

Why is VDI as a desktop replacement a non starter for so many law firms?  I attempt to answer this question pointedly in this post based on my experience over the last 18 months when talking to different law firms about VDI.  However, let me take a step back and frame the question.  While I don’t have actual statistics, I would make the statement that most law firms are still on Windows XP and have thought about or are planning a Windows 7 desktop in the near future.   Invariably, this will result in the firm entertaining a VDI (for desktop replacement) solution for their planned Windows 7 desktop.  The conversation usually doesn’t get far after that….  Why is that?  This post is a look at why VDI environments are non starters in law firms or specifically, why they have not seen the traction that the industry (Citrix, VMware, Gartner) would have you to believe.  I’ll preface once again that VDI might be seeing traction in other industries, however I’ll focus on the five reasons why I feel VDI is not gaining traction in the legal space.

(As an aside, this post is only talking to VDI and in particular as a desktop replacement and not other use cases that may include, but are not limited to training rooms, war rooms, remote access, etc.)
Continue reading…

For the longest time (read: forever), we were led to believe that Outlook simply does not run in Cached Mode on Windows Terminal Servers. But that has actually changed with Outlook 2010 and Server 2008 R2. This does not mean that you should deploy Outlook 2010 in Cached Moe on your Server 2008 R2 XenApp servers, but it means that you could.  From a Microsoft Technet article:

To achieve optimal results when you use Outlook with Remote Desktop Services, pay attention to how you customize your Outlook configuration. For example, in Outlook 2010 you can configure Cached Exchange Mode with Remote Desktop Services.

The article is careful to mention that you’d need to have enough disk space on the server to handle each user’s OST file. Maybe this makes sense for small environments with only one Terminal Server and tidy mailboxes. I can count on less than one hand how many firms fall into that category.

Based on our experience, we recommend disabling Cached Mode on any XenApp server we put in place. At the same time, we want to allow our users to run in Cached Mode on their Windows 7 desktops. How do we achieve this?  Through the use of Loopback Policy, we can ensure that when users log in to a XenApp server, Cached Mode will be disabled.  This policy will override the settings within a MAPI profile that is roamed or flexed to the XenApp server. When the user logs back into their Windows 7 desktop, they are happily working in Cached Mode again.

This is just another example of how technology can change without much fanfare.  For many years, we never hard to worry about this situation. The mere fact that the user was logging in to a Terminal Server with Outlook 2003 meant that Cached Mode would be disabled no matter what. But with Outlook 2010 and Server 2008 R2/XenApp, a successful implementation relies on a successful configuration of the environment. You can download the Microsoft White Paper on the planning considerations of Outlook 2010 on Server 2008 R2 here.

I recently encountered an issue on an iPad where the Citrix Receiver was able to connect to a XenApp farm and enumerate applications but was not able to launch them. Attempting to launch resulted in the black screen and spinning wheel, which eventually timed out and returned to the application list. The environment consisted of Citrix XenApp 5 for Windows 2003, Citrix Receiver for iPad 4.2.3, Citrix Web Interface 5.4, Citrix Secure Gateway 3.2.1.

I contacted Citrix support and learned that the Receiver does not currently support Subject Alternative Name (SAN) certificates (a.k.a. Unified Communications or UC certificates) unless the principal name (the “Issued to” name) is the first entry in the subject alternative name list.  Since the first entry in the subject alternative name list IS the principal name, this is another way of saying that subject alternative names are not currently supported.
Continue reading…

Another month, another new build of the Netscaler.  It seems that every month Citrix has a new incremental build of the Netscaler.  A few weeks ago, version 9.3 of the Netscaler (and along with the VPX) was released.  While these incremental builds are usually not blog worthy, 9.3  introduces some features, changes that are important to note as well as my thoughts on upgrading from a previous version.

Upgrading to Netscaler 9.3

It was a no brainer upgrading my 9.2 VPX 1000 Netscalers (running the “classic” code) to 9.3 by downloading the update from Citrix and following the GUI wizard.  The process took less than 20 minutes and went without error or any downtime since my Netscalers are setup in an HA pair.  It was pretty straightforward to perform a failover, upgrade, and repeat.

What is important to note is that after version 9.3 there will be no new releases of the Netscaler “classic” code in favor of the “nCore” code.  To provide some background, with the release of Netscaler 9.2 last year, Citrix made their nCore code available to the VPX appliances as it was previously only available for the physical MPX boxes.  At the same time, the existing code set was dubbed “classic” and each new revision of 9.2x was released in both classic and nCore flavors.  The change also bumped up the minimum requirements of the Netscaler VPX from 1 vCPU and 1 GB of RAM (running on classic) to a heftier 2 vCPU and 4 GB of RAM if you are running nCore.  For environments leveraging some of the advanced content caching and acceleration features, nCore might make sense, however for ones using the Netscaler for ICA/SSL proxy and application level load balancing, there is limited value in the nCore code.  (I don’t care to go into the specific improvements to the code, architecture that nCore brings over classic, but feel free to read this Citrix Whitepaper if you are interested.)  The notable here is that after version 9.3, Citrix will no longer be releasing updates to the “classic” version of the code, thus forcing you to run nCore going forward.
Continue reading…