Middleware Services: Operations Guide

MIDDLEWARE SERVICES
Operations Guide
For Tier Two Operations Associates
COPYRIGHT NOTICE
Copyright © 2005, 2006 SUPERVALU, INC., All rights reserved.
Trademark information
SUPERVALU® is a registered trademark of the NEW SUPERVALU®.
Albertsons® is a registered trademark of New Albertsons, Inc. ® or its subsidiaries.
All other registered trademarks or trademarks belong to their respective companies.
ADN00061-02 10/26/2006
Confidential and Proprietary to Albertsons, Inc.
MIDDLEWARE SERVICES
Revision History
Technical Writer Revision No. Description Date
Bruce Bacon Version 1.0 Initial Release. 5.15.06
Bruce Bacon Revision 2.0 Reformatted Guide using new 10.26.06
formatting standards.
ADN00061-02 ii 10/26/2006
MIDDLEWARE SERVICES CITRIX OPERATIONS GUIDE
Table of Contents
INTRODUCTION.................................................................................................................................................................. 1
INTENDED AUDIENCE ............................................................................................................................................................ 1
PREREQUISITES ..................................................................................................................................................................... 1
CITRIX CONCEPTS AND COMPONENTS – THE BASICS .......................................................................................... 2
CITRIX SERVER SOFTWARE ................................................................................................................................................... 2
CITRIX ICA CLIENTS............................................................................................................................................................. 2
ZONES AND FARMS ............................................................................................................................................................... 3
DATA COLLECTOR AND DATA STORE ................................................................................................................................... 4
Data Collector.................................................................................................................................................................. 4
Data Store ........................................................................................................................................................................ 4
Data Store Database ........................................................................................................................................................ 5
CITRIX SERVER FARM ........................................................................................................................................................... 5
Independent Management Architecture (IMA)................................................................................................................. 5
ICA Clients ....................................................................................................................................................................... 5
ICA Protocol .................................................................................................................................................................... 5
TERMINAL SERVER CLIENT ACCESS LICENSE (TSCAL) LICENSE SERVER ........................................................................... 6
CITRIX MANAGEMENT CONSOLE .......................................................................................................................................... 6
CITRIX WEB CONSOLE .......................................................................................................................................................... 6
CITRIX WEB INTERFACE ....................................................................................................................................................... 6
CITRIX SECURE GATEWAY .................................................................................................................................................... 7
FARM METRIC SERVER ......................................................................................................................................................... 7
SCENARIO ONE – DATA COLLECTOR INTERACTION WITH CLIENT AND CITRIX SERVER ....................................................... 8
SCENARIO TWO – DATA STORE INTERACTION WITH DATA COLLECTOR AND CITRIX SERVER .............................................. 9
SUPERVALU CITRIX FARM AND APPLICATIONS................................................................................................... 10
SUPERVALU CITRIX SECURE GATEWAY ................................................................................................................. 11
WHAT IS THE SECURE GATEWAY? ...................................................................................................................................... 11
WHAT ARE THE COMPONENTS?........................................................................................................................................... 11
Secure Gateway Servers ................................................................................................................................................. 11
Secure Ticket Authority (STA) Server............................................................................................................................. 11
Citrix XML Service......................................................................................................................................................... 11
Security Certificates ....................................................................................................................................................... 12
SUPERVALU Secure Gateway Flow Diagram .............................................................................................................. 12
CITRIX MANAGEMENT CONSOLE .............................................................................................................................. 13
LAUNCHING THE CITRIX MANAGEMENT CONSOLE ............................................................................................................. 14
DATA DISPLAYED IN THE CITRIX MANAGEMENT CONSOLE ................................................................................................ 15
Session Information Displayed in the Console............................................................................................................... 16
USING THE CITRIX MANAGEMENT CONSOLE ...................................................................................................................... 17
Determining Information about a Citrix Server ............................................................................................................. 17
Reviewing Applications Published on a Citrix Server.................................................................................................... 19
CONTROLLING LOGONS BY ICA CLIENTS ........................................................................................................................... 20
Enabling or Disabling Logons ....................................................................................................................................... 20
Allowing Group Access to a Published Application....................................................................................................... 22
Reviewing which Servers are Hosting Applications....................................................................................................... 23
VIEWING ICA SESSION INFORMATION ................................................................................................................................ 24
USING SESSION MANAGEMENT COMMANDS ....................................................................................................................... 25
Session Properties Tabs ................................................................................................................................................. 26
Disconnecting ICA Sessions ........................................................................................................................................... 27
Resetting a Connection................................................................................................................................................... 27
ADN00061-02 iv 10/26/2006
Connecting to Disconnected Sessions ............................................................................................................................ 28
Shadowing ICA Sessions ................................................................................................................................................ 28
Sending Messages to Users ............................................................................................................................................ 28
CITRIX FAQ ........................................................................................................................................................................ 30
WEB SERVER – THE METAFRAME SERVER FARM REPORTED AN UNSPECIFIED ERROR.............................. 30
WINDOWS ICA CLIENT CONFIGURATION ................................................................................................................ 31
HP PRINTER DRIVERS ......................................................................................................................................................... 35
WHAT ARE ROAMING FILES AND HOW DO THEY WORK? <NEEDS UPDATE-PLACEHOLDER> .................. 37
How It Works - Roaming Profiles................................................................................................................................... 38
OUTLOOK HAS TROUBLE OPENING HTML FILES ................................................................................................... 39
CITRIX TROUBLESHOOTING ....................................................................................................................................... 40
TROUBLESHOOTING BY TOPIC ............................................................................................................................................. 40
Printing .......................................................................................................................................................................... 40
Dropped Connections..................................................................................................................................................... 41
Windows User Problems ................................................................................................................................................ 41
APPENDIX A – CITRIX GLOSSARY OF TERMS......................................................................................................... 43
ADN00061-02 v 10/26/2006
INTRODUCTION
Heterogeneous computing environments are a fact of life in the Albertsons enterprise.
Computing infrastructures are typically built around incompatible components, including an
installed base of various client devices (PCs, terminals, network computers, and
portables), different operating systems, multiple network protocols, and various types of
network connections.
Regardless of differences in computing environments, Albertsons departments need to
make applications available to their users. The Citrix client-server environment bridges
differences in computing platforms. Citrix server-based application delivery allows
organizations to keep their desktops of choice and provide the best application fit for users
and the enterprise.
Because the Citrix-proprietary Independent Computing Architecture (ICA) Client protocol
supports numerous types of hardware, operating platforms, network connections, and
network protocols, it lets Albertsons deliver a common set of applications to different types
of client devices and to users in separate locations, with better performance than
alternative technologies.
Citrix simplifies administration and unifies the enterprise computing environment because
it centralizes application installation and management.
This Operations Guide is designed to help you, the Albertsons Tier Two IT associate,
understand, maintain, and support the Citrix infrastructure. It uses excerpts of existing
documentation and new material, some from the public domain, in addition to screen shots
from the Albertsons, Inc. Citrix Server farm management utilities.
INTENDED AUDIENCE
The intended audiences for this Guide are Albertsons Tier Two IT Operations associates
who are tasked with handling tier two service calls for the Albertsons Citrix farm.
PREREQUISITES
This Guide assumes that the administrator has intermediate to advanced network
administration and configuration skills with the following environments:
• Microsoft 2000/2003 Server
• Active Directory
• Domain Controller
Prior to using this Guide, readers should familiarize themselves with the terms described in
Appendix A, Citrix Glossary of Terms.
ADN00061-02 1 10/26/2006
CITRIX CONCEPTS AND COMPONENTS – THE BASICS

Citrix uses a number of concepts inherent and unique to the environment. Grasping these
concepts and understanding the relationship and interaction between the components is
critical for the Citrix Administrator.
The software components and technologies that enable server-based computing include
the Citrix application server suite, Independent Client Architecture (ICA) Client software,
the ICA protocol, and Independent Management Architecture (IMA), the foundation layer
that unifies the server-based computing environment.
The hardware components include one or more Citrix applications servers, a server
dedicated to dynamic infrastructure data collection (the Data Collector), a server dedicated
to long-term data storage (the Data Store) and additional (optional) servers dedicated to
web deployment, fail-over and security.
CITRIX SERVER SOFTWARE

Citrix Server is the application server component of Citrix’s server-based computing
technology. Citrix Server incorporates Citrix’s ICA protocol. The ICA protocol separates an
application’s logic from its user interface, so that only keystrokes, mouse clicks, and
screen updates are sent across the network.
Windows ICA Client
ICA protocol transfers only

keyclicks, mouse movements and
screen updates.
MAC ICA Client
Citrix Server
Tablet ICA Client
Citrix Client - Server Relationship
CITRIX ICA CLIENTS

Users access applications running on Citrix servers using ICA Client software installed on
their client devices. ICA lets virtually any type of client device access applications over any
type of network connection, including LAN, WAN, dial-up, and direct asynchronous
connections. Because ICA does not download applications to client devices (as in the
Network Computing architecture), application performance is not limited by bandwidth or
device performance.
ADN00061-02 2 10/26/2006
ZONES AND FARMS

To simplify and streamline the transfer of information in large enterprise environments,
Citrix has subdivided the architecture into the concept of zones and farms. A zone is a
physical grouping of servers, in a single location. A farm consists of one or more zones.
Zones in a farm perform two functions. The first is to collect data from member servers in
a hierarchical structure. The second is to efficiently distribute changes to all servers in the
farm. All member servers must belong to a zone.
In the Albertsons environment there is one farm (Albertsons) and one zone consisting of
Albertsons and Shaws application servers, located at the Westpark Data Center.
ADN00061-02 3 10/26/2006
DATA COLLECTOR AND DATA STORE
In every Citrix farm, one server is dedicated to data collection and another server
dedicated to data storage; the Data Collector and the Data Store.
Data Collector
The Data Collector maintains all dynamic load and session information for all servers in a
single zone. Some examples of this dynamic Data Collector information are:
• Client logons and logoffs
• License acquisition and release
• Published application changes
• Server application and load usage
If no communication is received from a member server in its own zone within the
configured time interval, the zone Data Collector pings (IMA Ping) that server to verify that
it is online.
Data Store
The Data Store provides a database repository of information about the server farm for all
servers to reference. The Data Store retains information that does not change frequently,
including:
• Published application configurations
• Server configurations
• Citrix administrator accounts
• Trust relationships
• Licenses
• Printer configurations and drivers
CAUTION: If the Citrix Data Store database is lost, you must recreate the farm.
You cannot recreate the Data Store from an existing farm.
Data Store/Data Collector Relationship
ADN00061-02 4 10/26/2006
Data Store Database
With the exception of indexes, all information in the Data Store is in binary format.
Meaningful queries cannot be executed directly against the Data Store. Neither Citrix
administrators nor users should attempt to directly query or change information in the
Data Store. Use only IMA-based tools, such as the Management Console for Citrix, to
access the information in the Data Store.
CITRIX SERVER FARM

The Albertsons Citrix server farm provides a flexible way of deploying applications to ICA
Client users. A Citrix server farm is a group of Citrix servers managed as a single entity.
These servers share some form of physical connection. As mentioned in the previous
section, the servers in the server farm share a single IMA-based Data Store.
Independent Management Architecture (IMA)

The Citrix environment incorporates the Citrix server communications and management
foundation, the Independent Management Architecture (IMA). The integration of the
application server software with IMA is central to the enhanced functionality of Citrix and
the scalability of Citrix’s server-based computing environment.
IMA is a unified, enterprise-wide platform for installation, management, maintenance,
support, and security for Albertsons server-based computing and application hosting
services. It is both an architectural model and a protocol for server-to-server
communications. IMA is constructed on a collection of core subsystems that define and
control execution of Citrix products. IMA enables Citrix servers to be arbitrarily grouped
into server farms that do not depend on the physical locations of the servers. IMA allows
Citrix servers to be in a single server farm even if the servers are on different network
subnets.
IMA runs on all servers in the farm and communicates though messages passed by the
IMA service through default TCP ports 2512 and 2513. The IMA Service can be manually
started or stopped though the operating system Services utility.
ICA Clients
ICA Clients are the components of Citrix that users run on their computers to access
applications running on Citrix servers. ICA Clients combine ease of deployment and use,
and offer quick, secure access to applications, content, and entire computer desktops
published on Citrix servers.
All users running the ICA Program Neighborhood Agent connect to a central configuration
file. Once launched, this client periodically downloads its configuration data from a
configuration file on a server running the Web Interface. You can modify the configuration
data at any time as a means to manage and control the client population throughout your
network from a single location and in real time. As a result, you can dynamically manage
and control your client population network-wide from a single location and in real time.
ICA Protocol
Users can access applications on a server through ICA connections and ICA sessions. ICA
connections are network protocol specific listener ports that are set up on a computer
running Citrix Server. When a client links to a server through an ICA connection, it
establishes an ICA session. The ICA session is an active link that runs on the server until
the user logs off and ends the session. The ICA protocol transports an application’s screens
ADN00061-02 5 10/26/2006
from the server it is running on to the user’s client device, and returns the user’s input to
the application on the server. As an application runs on a server, MetaFrame Presentation
Server intercepts the application’s display data and uses the ICA protocol to send this data
to the client software running on the user’s client device.
TERMINAL SERVER CLIENT ACCESS LICENSE (TSCAL) LICENSE SERVER

TS CALs are for named user accounts in the domain, and the license server issues them on
a per-seat basis.
CITRIX MANAGEMENT CONSOLE

The management interface for Albertsons Citrix servers and server farm is the Citrix
Management Console, an extensible Java-based tool that operates in the framework of
IMA. The console communicates with Citrix servers and other IMA-based Citrix servers
using the IMA protocol over TCP/IP.
Citrix Management Console and IMA allow management of Citrix servers and server farms
from any location. Authorized administrators can run the console on any connected
Windows NT or above workstation, in addition to Citrix server consoles. Refer to the
section titled Citrix Management Console for a more in-depth look at this tool.
CITRIX WEB CONSOLE

Citrix Web Console lets you monitor the Albertsons Citrix server farm using the Internet
Explorer web browser. Although less feature-rich than the Citrix Management Console, you
can still view much information about the server farm, including its active sessions,
published applications, servers, and users. With the Web console, you can also manage
sessions by logging off sessions, shadowing sessions, disconnecting sessions, and sending
messages to users, the same as you would with the Management Console.
CITRIX WEB INTERFACE

Web Interface (also referred to as WI) is a highly customizable application delivery
mechanism that integrates the capabilities of Citrix server software with Web application
deployment.
ADN00061-02 6 10/26/2006
Web Interface uses Java object technology executed on a Web server to dynamically
create an HTML-based representation of the Citrix server farm. Every user sees a web
page customized with the applications available in the server farm for that user.
Web Interface includes an application programming interface and a simple wizard. The API
lets you create customized Web server scripts for your environment, while the wizard
creates scripts that you can use or modify according to the Web Interface API. Web
Interface provides complete control over application deployment. Using the Web Interface
API, you can configure all ICA session options without entering any settings at users’
desktops.
CITRIX SECURE GATEWAY

Secure Gateway is an infrastructure component used to secure access to resources and
applications for those Albertsons associates and partners who are located outside the
boundaries of the local intranet. The Secure Gateway transparently encrypts and
authenticates all user connections to protect against data tampering and theft. Secure
Gateway consists of additional servers located in the Albertsons DMZ, outside of the core
server farm. The section titled Albertsons Citrix Secure Gateway provides more detailed
information.
FARM METRIC SERVER

The Farm Metric Server is used for application and server monitoring. The Farm Metric
Server gathers its information from the Data Collector Server. Because the Farm Metric
Server accesses the Data Collector every fifteen seconds, configuring Data Collectors to
also perform the role of the Farm Metric Server and the backup Farm Metric Server can
improve performance. The Farm Metric Server can also perform the role of the Database
Connection Server. In the Albertsons farm, server SBOIPCTX01 is configured as the
Primary Metric Server and SBOIPCTX07 is configured as the Back-up Metric Server.
ADN00061-02 7 10/26/2006
SCENARIO ONE – DATA COLLECTOR INTERACTION WITH CLIENT AND CITRIX

SERVER
Refer to the following diagram to understand the high-level interaction between the ICA
Client, the Data Collector, the web server and the multiple Citrix servers hosting the
application.
The ICA Client wants to execute the program Invoice Activity (1). The request is passed to
the Data Collector which in turn checks the current load of all MetaFrame servers hosting
the application (2). The Data Collector determines the appropriate server, based on load
evaluation, and points the client to that application server (3). The application server then
updates the data collector with the new information about itself, e.g. current license,
connected session, and new load level (4). The client connects to the application.
Data Collector Interaction with Client and Citrix Server
ADN00061-02 8 10/26/2006
SCENARIO TWO – DATA STORE INTERACTION WITH DATA COLLECTOR AND CITRIX
SERVER
Refer to the following diagram to understand the high-level interaction between the ICA
Client, the Data Store, Data Collector, and the multiple Citrix servers hosting the
application.
Administrator removed the folder Third Party Accounting from SBOIPCTX05 (2). The Data
Collector passes the information to the Data Store (3) which updates the DBMS with the
current information (4).
Data Store Interaction with Data Collector and Citrix Server
ADN00061-02 9 10/26/2006
SUPERVALU CITRIX FARM AND APPLICATIONS
ADN00061-02 10 10/26/2006
SUPERVALU CITRIX SECURE GATEWAY

WHAT IS THE SECURE GATEWAY?
Secure Gateway is a Citrix infrastructure component that Albertsons uses to secure access
to resources and applications hosted on servers. The Secure Gateway transparently
encrypts and authenticates all user connections to protect against eavesdropping, data
tampering, and theft.
Secure Gateway eases firewall traversal and provides a secure Internet gateway between
Citrix servers and client devices. All data traversing the Internet between a remote
workstation and the Secure Gateway is encrypted using Secure Sockets Layer (SSL) or
Transport Layer Security (TLS) security protocols.
WHAT ARE THE COMPONENTS?

To secure ICA traffic coming in from the Internet, the Secure Gateway server is installed in
the DMZ as a security perimeter that protects Citrix resources and applications on the
corporate intranet. Secure Gateway involves the interaction of five network components:
• A Secure Gateway Server
• A Secure Ticket Authority server
• A Citrix Web Interface enabled Microsoft IIS 6.0 Server
• A Client device with a ICA client, version 6.20 or later installed
• Citrix Server Farm
• Security Certificates
Secure Gateway Servers

To provide for fail-over protection in the Albertsons environment, the Secure Gateway
Service (Windows service) is installed on two servers in Albertsons DMZ. These servers are
SBOIPSGS01 and SBOIPSGS02. These Secure Gateway servers represent a single point of
access to the Albertsons access server farm. The Secure Gateway Service brokers every
connection request originating from the Internet to the enterprise network.
Secure Ticket Authority (STA) Server

The STA servers are responsible for issuing session tickets in response to connection
requests for published resources. These session tickets form the basis of authentication
and authorization for access to published resources in the server farm. In Albertsons
environment, (again to provide for fail-over) two servers are used for STA; SBOIPSTA01
and SBOIPSTA02.
Citrix XML Service

The Citrix XML service runs on every server in the Citrix Farm. When the Secure Gateway
provides secure access to published resources available in the server farm, the Citrix XML
Service is contacted for published resources availability and location. The Citrix XML
Service is the point of contact for the server farm and provides an HTTP interface to the
ICA Browser. It uses TCP instead of UDP, which allows connections to work across the
firewalls. The port for the Citrix XML Service in the Albertsons environment is 8086.
ADN00061-02 11 10/26/2006
Security Certificates
Security Certificates provide Secure Socket Layer encryption between clients and Secure
Gateway services.
SUPERVALU Secure Gateway Flow Diagram

To understand the process more clearly, refer to the following diagram following the
numerical sequence of events.
Albertsons Citrix Secure Gateway and Flow Diagram
ADN00061-02 12 10/26/2006
CITRIX MANAGEMENT CONSOLE

The Citrix Management Console (also known as CMC) is the central console program that
you use to monitor and manage the Albertsons Citrix server farm. CMC is a Java-based,
extensible program.
You can use the CMC to:
• Configure server and farm settings.
• Create Citrix administrator accounts and assign access to tasks.
• Create policies for users or user groups.
• View information about current sessions, users, and processes.
• Set up and manage printers for ICA Client users.
• Publish applications and monitor application usage.
• Enter, activate, and assign Citrix licenses.
• Monitor, reset, disconnect, and reconnect ICA Client sessions.
• Send messages to users and shadow their ICA sessions.
To use the Management Console, you must be a Citrix administrator. Administrators can
have varying levels of access to areas of Citrix farm management. For example, you can
be a Citrix administrator but have view-only access or even no access to some areas of
Citrix administration. If you try to access an area of the console that you are not
authorized to use, the right pane of the console may be blank.
When the CMC is launched, it gathers information from several different sources. It pulls
static information such as the server list from the data store, dynamic data session
information from the data collector, and Resource Manager-specific information from the
farm metric server.
ADN00061-02 13 10/26/2006
LAUNCHING THE CITRIX MANAGEMENT CONSOLE

To log in to a Citrix server farm with the console, specify any Citrix server in the server
farm. The console connects to the Citrix server and then displays information for the entire
Citrix server farm and for the individual servers in the farm.
1. From the Start menu, choose Programs → Citrix → Citrix Management
Console, or click the console button on the ICA Administrator Toolbar. When the
console starts, a dialog box asks you to log on to a Citrix server.
2. In the Citrix Server log on dialog box, enter the name of a Citrix server in the
server farm, or select a server from the drop-down menu. You can connect to any
server in a farm to manage the entire farm.
Type your User Name, Password, and Domain, for your Windows user account. The
account must be in the Citrix Administrators group in the console.
3. Click OK.
Citrix Server Log on Dialog
ADN00061-02 14 10/26/2006
DATA DISPLAYED IN THE CITRIX MANAGEMENT CONSOLE

When you are connected to a Citrix server farm, Citrix Management Console displays a
window with two panes. The left pane shows a hierarchical list of the components of a
Citrix server farm. The right pane displays information about the object selected in the left
pane.
Citrix Management Console

The object at the top of the tree in Citrix Management Console represents the Albertsons
Citrix server farm. The next level of objects under the server farm represents management
features and components in the server farm. These objects are called nodes. In the Citrix
environment, the nodes represent Applications, Printer Management, Licenses, and
Servers.
ADN00061-02 15 10/26/2006
Session Information Displayed in the Console
Highlight a server displayed in the Servers node to reveal session information for that
server in the right pane. On the tabs that display ICA session information, each row
represents one ICA session. You can click the column headings to sort the information.
When you click the active sort heading, you reverse the sort order. You can rearrange the
information in the table by dragging a column heading to a new position.
Citrix Management Console - Session Information

The session information that appears in the console includes details that help you identify
the various types of sessions and the users associated with the sessions. The following
column labels appear on tabs that display session information.
User The name of the user account that initiates a session appears in the User column for
each session.
Session The Session column identifies a session with a name that includes the protocol
that the session uses, usually ICA or RDP (for Microsoft’s Remote Display Protocol). The
name also includes the network protocol for the session, and a number that distinguishes
the session from other sessions that are running on the server.
Session ID The Session ID is a unique number that begins with 0 for the first connection
to the console. Listener sessions are numbered from 65,537 and numbered backward in
sequence.
State A session’s state is listed as Active, Listen, Idle, Disconnected, or Down.
Client Name This column displays the name of the client device that is running the
session.
Application This column displays the application currently in use.
In Citrix Management Console, you can select ICA sessions and choose commands to
manage the sessions. You can use the Actions menu and the toolbar buttons in the console
to choose session management commands. You can also right-click on a session in the
console and choose session management commands from the context menu that appears.
ADN00061-02 16 10/26/2006
USING THE CITRIX MANAGEMENT CONSOLE
Citrix Management Console provides centralized monitoring and management of your
users’ ICA sessions and server information. You can use the console to:
• Monitor ICA sessions according to the published applications and Citrix servers to which
they are connected.
• Send messages to users in active ICA sessions.
• Reset or disconnect sessions and log off users.
• Use shadowing to monitor and remotely control selected sessions.
• Determine information about the Citrix server.
• Determine which applications are published on a server.
Determining Information about a Citrix Server

1. Highlight a server in the tree in Citrix Management Console, and select Properties
from the Actions menu. In the following example, we selected SBOICTX17.
Server Properties Context Menu
ADN00061-02 17 10/26/2006
2. Review the summary information about the MetaFrame Presentation Server
installation, the server's operating system, and the network on which the server
resides.
Server Information Dialog
ADN00061-02 18 10/26/2006
Reviewing Applications Published on a Citrix Server
1. Select Published Applications in the left pane of a server's Properties page to list all
applications published on the server. Rearrange the columns by clicking on a
column heading and dragging it to the required location.
Published Applications Dialog

Name: The name of the application as it appears to users.
Folder: The name of the folder in the Console where the application is located.
Type: One of two values - Application or Desktop. The value depends on the option
selected in Application Location.
Status: Indicates whether the application is enabled or disabled.
User Connection Type: One of two values - Explicit or Anonymous.
Required Encryption: The encryption level required for the application. The value
depends on the option selected in Client Options.
ADN00061-02 19 10/26/2006
CONTROLLING LOGONS BY ICA CLIENTS

You can control the ability of ICA Client users to establish sessions on the Citrix servers in
a server farm by enabling or disabling logons. By default, logons are enabled when you
install Citrix software. You might want to disable logons to servers when you install
software or perform other maintenance or configuration tasks.
Enabling or Disabling Logons

An option to enable and disable logons is available on the MetaFrame Settings tab in each
server’s Properties dialog box.
1. Highlight a server in the tree in Citrix Management Console, and select Properties
from the Actions menu.
Server Properties Context Menu
ADN00061-02 20 10/26/2006
2. Select MetaFrame Settings. To disable logons by ICA Client users, clear the
checkbox labeled Enable logons to this server in MetaFrame Settings Control
Options.
Server Properties Settings Dialog

3. To restore the ability of ICA Clients to connect to the server, select Enable logons to
this server.
ADN00061-02 21 10/26/2006
Allowing Group Access to a Published Application
To allow group access to an application after it has been published, perform the following
steps:
1. Highlight the selected application in the node pane, then right-click your mouse.
Select Properties from the menu.
Published Application Context Menu

2. In the properties dialog that appears, highlight Users in the left pane, then highlight
a group from the Users Pane. Click Add to add the group to the Configured
Accounts pane. Click OK when you are done.
Application Properties - Allowing Group Access
ADN00061-02 22 10/26/2006
Reviewing which Servers are Hosting Applications
To review which servers are hosting an application, select Servers in the left pane of an
application's Properties page.
Available Servers: The servers that belong to the farm. By default, all servers are
displayed.
Filter Servers By: Opens a dialog box in which you can limit your Available Servers list to
only those servers that support specific features or capabilities.
Configured Servers: This lists the servers that have been selected from the Available
Servers list. These are the servers on which users can run the application.
Edit Configuration: This button is enabled only after one or more servers are selected
from the Configured Servers list. Click this button to open a dialog box in which you can
change the command line and working directory for the application on the selected server.
Refresh Available Servers: Requests an update of configurable servers for the Available
Servers list.
ADN00061-02 23 10/26/2006
VIEWING ICA SESSION INFORMATION

Several tabs in Citrix Management Console display information about ICA sessions in table
format. Each row in the table lists details for one ICA session. You can use different views
in the console to monitor user sessions based on the published applications to which the
users are connected, or the servers where the ICA sessions are established.
Active sessions appear on several tabs when a Citrix server has active ICA Client sessions:
• When you select a published application in the tree, sessions that are running the
application appear on the Users tab.
• When you select a server, sessions that are running on the server, including console
sessions, appear on the Users and Sessions tabs.
• When you select the Servers node in the tree, the Users tab displays sessions running all
servers; console sessions do not appear on this tab.
For example, if you select a published application, the Users tab in the right pane displays
the sessions in which the selected application is running. The information appears in
columns, which display the User name, Server, Client (device) Name, Session (type),
Session ID number, the State of the session, and the Logon Time.
ICA Session Information – Current Users of Albertsons Desktop
ADN00061-02 24 10/26/2006
USING SESSION MANAGEMENT COMMANDS

In the Management Console for Citrix and Citrix Web Console, you can select ICA sessions
and choose commands to manage the sessions.
In the Management Console, use the Actions menu and the toolbar buttons to choose
session management commands.
Management Console Actions Menu

Right-click a session in the console and choose a command from the context menu that
appears.
Management Console Context Menu
ADN00061-02 25 10/26/2006
Session Properties Tabs
Session Processes Tab Session Information Tab
Client Modules Tab Client Cache Tab
Session Properties Tabs
ADN00061-02 26 10/26/2006
Disconnecting ICA Sessions
To disconnect an ICA session, highlight the session, right-click your mouse, and choose
Disconnect. When you disconnect a session, you close the connection between the ICA
Client and the Citrix server. However, this does not log off the user, and programs that
were running in the session still run on the server. If the ICA Client user then connects to
the server (by selecting a published application or custom connection to the server), the
disconnected session is reconnected to the client.
Management Console Session Disconnect
Resetting a Connection
Resetting a connection with the Reset command terminates all processes that are running
in that session. You can use the Reset command to remove the remaining processes in the
case of a session error. However, resetting a connection can cause applications to close
without saving data.
Management Console Session Reset
ADN00061-02 27 10/26/2006
Connecting to Disconnected Sessions
When an ICA session is disconnected, the word Disconnected appears in the State column
on the tabs in Citrix Management Console where session information appears. You can
connect to a user’s disconnected session by choosing Connect. Your session must be
capable of supporting the video resolution of the disconnected session. From the system
console, you can connect only to sessions that were disconnected from the console.
Shadowing ICA Sessions

Shadowing allows you to view the user’s actions and take remote control of the user’s
keyboard and mouse.
Sending Messages to Users

You can send a message to a user by selecting the user’s sessions, right-clicking, and
choosing Send Message. You can select multiple sessions to send a message to multiple
users at the same time.
Management Console Send Message

To broadcast a message to all users, you can select all active user sessions in the right
pane in the console.
In the Send Message dialog box, you can type a message title; the user name of the Citrix
administrator who is logged on to the console and the current time appear in the Title box
by default. Type the message text in the Message box. The text you type automatically
wraps to the next line if you type past the right margin.
ADN00061-02 28 10/26/2006
When you finish typing the message, click OK to send the message to the selected
sessions.
Send Message Dialog
ADN00061-02 29 10/26/2006
CITRIX FAQ
Information in this FAQ was gleaned from Internet resources using the Citrix environment
in configurations potentially different from the Albertsons Citrix environment. This FAQ is
for informational purposes only and should not be considered a step-by-step instructional
guide for maintaining the Albertsons Citrix farm.
WEB SERVER – THE METAFRAME SERVER FARM REPORTED AN

UNSPECIFIED ERROR
You may see the message The MetaFrame server farm reported an unspecified error when
trying to launch an application from a web server. Unfortunately this is a rather generic
error message that can mean several things.
Things to Look For:
1. (Most common cause) The XML service used by the web server by default runs on
port 80. If you are running IIS or some other web service on the server (for
example a server management tool such as Compaq's web based insight manager)
you may want to change XML to run on a different port. Shut down the XML service
via the services control applet, then fire up a command prompt and type netstat -a
-n to display what ports are currently in use. Find something that's clear (such as
8081) and then change the XML service to use that port. This is done by typing
ctxxmlss /U to unregister Citrix XML, then type ctxxmlss /R8081 (or /R [the port
number you want to use]). Now restart the service. Although you shouldn't have
to, just to make sure you may want to restart the server just to make sure
everything comes back up correctly. You can then go onto the admin console, right
click on the server, and choose properties/metaframe settings and check that the
port there is what you want it to be. Now go to nfuseadmin on the NFuse server(s)
and make sure they are also configured to use the same port. Of course if there is
a firewall (this includes personal firewall software) somewhere between the
workstation and the server(s), then make sure that all the ports can get through.
2. Licenses (Citrix) - make sure that you have enough and that they haven't expired
(if you've been using demo versions).
3. Licenses (Microsoft) - as above. Remember that with Win2k server you must have a
license server running otherwise after 90 days terminal services & Metaframe will
stop working
4. Even if you've done step one some time ago, if you get the "unspecified" error, or
some other XML error it's always worth checking everything in step one again just
in case.
5. Name resolution - PNAgent can have issues if the client can't properly resolve the
name of the server(s). The readme file for NFuse on the CD states:
"Users of PNAgent may experience problems listing and launching applications if the DNS
domain name of the NFuse Classic Web site they are using is not configured in the client's
list of search domains. To resolve this, either upgrade to the latest available PNAgent
version and add the Web server's DNS domain to the clients search domain, or fully qualify
all host names in the config.xml file located on the Web server."
At the most recent site I've installed Metaframe into, the error was caused by a corrupted
wins database.
ADN00061-02 30 10/26/2006
6. If you get a "Cannot connect to Citrix server: The Citrix Server you have selected
cannot be located" for local ICA clients, and a "The MetaFrame server farm reported
an unspecified error." for NFuse clients go to the server and open a command
prompt. Now, type query farm /app to see what the load is like on the server. If
you find that it's maxed out on one or more of the published apps/desktops then
that's the problem - either the server is overloaded OR the load evaluator you are
using on one/more of the apps/desktops is too low. I have recently found an issue
with XPFR2 where one of the settings in the Advanced load evaluator seems to
increment whether or not people are using the server - this ends up with the server
no longer responding to client requests until - eventually - the server decides
everything is OK again. This may take hours or days to do, and a reboot may not
clear the counters either. Then the server may be fine again for a week or month or
more until without warning it seems to die again but without any messages in the
error logs etc. The fix? Detach the evaluator from the server/app. Do the query
farm /app again and check it's OK. FYI I believe that the default load evaluator
does not have this problem.
WINDOWS ICA CLIENT CONFIGURATION

The win32 ICA clients store most of their configuration data in ini files stored in the
(normally hidden) user profile application data directory (eg c:\documents and
settings\[user name]\application data\icaclient).
Note: These files aren't removed after an uninstall so if you want to do a "fresh"
install you need to delete these files. Also, upgrading to a newer
version of the client does not necessarily update the files!
To find out what the various ini settings are, get yourself a copy of
Win32ClientINIFileRef.pdf (Citrix Doc ID CTX14753) and have a bit of a read and
experiment. You can also make changes via the gui client and then check out what
happens to the ini files! Of course as with most things, be careful what you change as you
may end up no longer being able to connect to the server, or perhaps having unreliable
connections or even increased utilization on the server itself - always test first before
distributing it out to all the users.....
To create a default client install that has all the changes you want already setup (eg single
sign on enabled), you need to modify the *.ini and *.src files in the original client
installation directory. Another way of doing this is to modify the files that are in the *.msi
distribution. To find out how to do this, get yourself a copy of Ready_Connect_Client.pdf
(Citrix Doc ID CTX4187) and just follow the instructions.
If you only want to make a few minor changes, then you may find you can do this by
simply adding some command line options when installing the client software (eg "msiexec
/i ica32.msi /qn+ server_location=http://servername enable_sson=yes allow_reboot=no"
). This is discussed in ica_win32_guide.pdf (Citrix Doc ID CTX101283)
Another way of handling things is to write a script that modifies these ini files - this is
useful if you want to update these after the client software has been installed. This is
almost indispensible if you have a large number of clients to manage. A program that a
number of people have been using for some time is "kix" - available from
http://www.kixtart.org . This is a very powerful scripting program that may be fairly
daunting at first, but is also very flexible. Using this you can have the login script check if
it's running on a server or workstation and act accordingly, create or modify the ini files
if/as required, map drives, map printers, etc. Definitely recommended checking out. If you
ADN00061-02 31 10/26/2006
do a bit of a search (http://www.google.com), you may also be able to find some sample
scripts people have already written that you can modify.
To get you on the track, following is a sample kix script. Basically to use it setup a "clean"
workstation and configure the ICA client as you desire. Now grab the ini files from the
hidden data directory on the workstation - these files will be your standard ini files. The
script copies the default ini files from a shared directory (modify the $TOOLSDIR line to
point to where you store these files) every time a user logs on and then modifies them as
required (eg changes the username). This ensures the files are always correct even if a
user makes some changes to them (if someone has a problem you can then just ask them
to log off & log back on again and everything should be back to normal). It also checks if
it's being run on a server and, if so, exits.
; -----------------------------------------------------------------
; Kixtart Version: Kixtart 2001 V4.20
; -----------------------------------------------------------------
; Note - the following script has been tested on 6.x versions of the ICA
client. It may need to be modified to work properly with different
versions....
BREAK OFF
$VarSet = SetConsole("ALWAYSONTOP")
$Script_version="1.05"
$VarSet = SetTitle("Citrix Config Script - Ver. "+$Script_version)

$VarSet = SetOption("ASCII","ON")
$VarSet = SetOption("DisableDebugging","ON")
$Domain = @LDOMAIN ;// Logon domain //
$WinSys = @LANROOT ;// windows\system32 directory //
$DesktopDir=
ReadValue("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders", "Desktop")
$AppDir =
ReadValue("HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell
Folders", "AppData")
$TOOLSDIR = "Y:\Citrix\ICAINI\" ;// Where you have the default ini files //
;**********************************************************************
;*** Set proper date format if running on a Citrix server
;**********************************************************************
$OS = OSVersion ;// Determine OS Version //
ADN00061-02 32 10/26/2006
IF $OS = "CITRIX"
WRITEVALUE ("HKEY_CURRENT_USER\Control Panel\International", "sShortDate",
"dd/MM/yyyy", "REG_SZ")
EXIT
EndIf
;**********************************************************************
;*** Exit if run on a server
;**********************************************************************
IF $OS = "SERVER" EXIT EndIf
;**********************************************************************
;*** Check/update Citrix PN.INI settings - allow for different program
locations
;*** depending on manual installs or OS versions
;**********************************************************************
If Exist("C:\program files\citrix\ica client\pn.ini")
$PNPath = "C:\program files\citrix\ica client"
$Result = UpdatePN($PNPath)
Endif
If Exist("D:\program files\citrix\ica client\pn.ini")
$PNPath = "D:\program files\citrix\ica client"
Endif
If Exist($AppDir+"\ICAClient\pn.ini")
$PNPath = $AppDir+"\ICAClient"
Endif
;**********************************************************************
;*** Update Citrix INI files with standard and update unique settings
;**********************************************************************
WRITEVALUE ("HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ICA Client", "ClientName",
"@WKSTA", "REG_SZ")
Function UpdatePN($PNPath)
ADN00061-02 33 10/26/2006
; Note - the above sets the client name but will not work on win9x
workstations that save the name in an ini file in the root directory of the
workstation.....
COPY $TOOLSDIR+"PN.INI" $PNPath
COPY $TOOLSDIR+"APPSRV.INI" $PNPath
COPY $TOOLSDIR+"WFCLIENT.INI" $PNPath
COPY $TOOLSDIR+"UISTATE.INI" $PNPath
$iniVal=READPROFILESTRING($PNPath+"\PN.INI","Program Neighborhood",
"Username")
$VarSet = writeprofilestring($PNPath+"\PN.INI","Program Neighborhood",
"Username", @userid)
$iniVal=READPROFILESTRING($PNPath+"\APPSRV.INI","WFClient", "LogFileWin16")
$VarSet = writeprofilestring($PNPath+"\APPSRV.INI","WFClient",
"LogFileWin16", $AppDir+"\ICAClient\wfcwin.log")
$iniVal=READPROFILESTRING($PNPath+"\APPSRV.INI","WFClient", "LogFileWin32")
"LogFileWin32", $AppDir+"\ICAClient\wfcwin32.log")
$iniVal=READPROFILESTRING($PNPath+"\APPSRV.INI","WFClient",
"PersistentCachePath")
"PersistentCachePath", $AppDir+"\ICAClient\cache")
$UpdatePN=0 ; nothing to return
EndFunction
;**********************************************************************
;*** OSVersion() - Determines platform runnings - NT4, W2K, XP -
Workstation, Server
;**********************************************************************
Function OSVersion()
$os=""
$os_dos=@dos
$os_product=ReadValue("HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions"
,"ProductType")
$os_productSuite=ReadValue("HKLM\SYSTEM\CurrentControlSet\Control\ProductOpt
ions","ProductSuite")
SELECT
CASE (INSTR(UCASE($os_productSuite), "TERMINAL")) ; - Windows 2K
Terminal Server
$os="CITRIX"
CASE ($os_product <> "WinNT") AND ($os_dos = "5.1") ; - Windows XP
Server
ADN00061-02 34 10/26/2006
$os="SERVER"
CASE ($os_product = "WinNT") AND ($os_dos = "5.1") ; - Windows XP
Professional
$os="XP"
CASE ($os_product <> "WinNT") AND ($os_dos = "5.0") ; - Windows 2000 -
$os="SERVER"
CASE ($os_product = "WinNT") AND ($os_dos = "5.0") ; - Windows 2000
Professional -
$os="W2K"
CASE ($os_product = "LANMANNT") OR ($os_product = "ServerNT")
$os="SERVER"
CASE $os_product = "WinNT"
$os="NT"
ENDSELECT
$OSVersion=$OS
EndFunction
This is not a comprehensive list of what you can do - for example there are modified
versions of the pn.exe file that allow you to store the ini files in different locations - so for
example you may be able to share them between workstations by storing them in one
location. And let's not even start on what you may be able to do with Novell's Zenworks,
or Microsoft's AD and/or SMS.
HP PRINTER DRIVERS
Most Citrix Engineers have come across the inherent problems with many of the HP print
drivers used within a Terminal Server/Citrix environment (especially the PCL 6 drivers).
The question is how do you address the problem once the cat is out of the bag, and a
faulty print driver has been introduced into your Citrix environment? Or what happens if
your office has standardized on certain models of HP printers, and it is imperative that you
resolve the driver issue for your proposed Citrix solution to fly? There are several options
available, and depending on the size, complexity, and/or design of your environment, you
will need to apply the solution that best fits for your needs:
1. Redirect the new faulty driver to a known good driver
There is a solution that exists for Terminal Server 4.0 that involves driver redirection. In
this solution, if an attempt is made by an ICA client to map a driver that you are aware to
be problematic, the server can use an INF file to map an alternate, compatible driver
instead. The INF file that the server uses for this purpose is the WTSUPRN.INF file (You’ll
probably find this file as a text file within the server’s WTSRV\SYSTEM32 directory). Citrix
has published an article pertaining to this problem (Citrix document ID: CTX626451). I
contacted Citrix, and their official recommendation is to use solely the print drivers which
came included with Terminal Server. Any newly released printers added to a Terminal
Server environment, should have a redirection performed on the new print driver pointing
to an older, compatible driver. This does not mean that that every new print driver
developed will not work on Terminal Server, just that Citrix cannot guarantee it. If you
ADN00061-02 35 10/26/2006
need to use a new print driver in your environment, follow Citrix Engineer's advice, load it
on a test environment before releasing it into your production environment. Microsoft also
has an article # Q221509 discussing this issue. The article can be accessed through the
following link:
http://support.microsoft.com/support/kb/articles/Q221/5/09.ASP?LN=EN-
US&;SD=gn&FR=0&qry=Q221509&rnk=1&src=DHCS_MSPSS_gn_SRCH&SPR=NTS
2. Remove the driver all together.
This option does involve Registry tinkering, so approach this solution with caution.
Windows NT Terminal Server lists its loaded print drivers within the
HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\PRINT\ENVIRONMENTS\ WINDOWS NT
x86\DRIVERS\VERSION-2 Key (W2K3: Version-3 Key). Within this key, you can perform
the following:
• Document the files associated with the driver that are listed within the registry key
(printscreen usually works nicely)
• Delete the associated key
• Stop the spooler service and set startup to manual
• Reboot the machine
• Delete the files associated with the driver within the
system32\spool\drivers\w32x86\2, or 3 folder
• Map to TSE drivers found in Citrix Document CTX626451
3. Prevent Terminal Server from installing print drivers from print servers.
There may be times that a client’s default printer is a network printer created on a
dedicated print server. In this event, when the client connects to a Citrix server, server will
attempt to download this driver from the Print Server directly. At times, this is not
desirable as the driver may function fine for direct prints from Windows 95 stations, but is
problematic off of Terminal Server environments. In this case, you can add a registry key
onto Terminal Server to instruct it to solely install print drivers located within a trusted
share that is specified. The Microsoft article # Q239536 discussing this issue can be found
on the following link:
http://support.microsoft.com/support/kb/articles/Q239/5/36.ASP?LN=EN-
US&;SD=gn&FR=0&qry=Q239536&rnk=1&src=DHCS_MSPSS_gn_SRCH&SPR=NTS
In Windows NT you can install printer drivers from a trusted share, rather than from the
remote print server to which your print service is connected.
MORE INFORMATION
WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to
reinstall your operating system. Microsoft cannot guarantee that problems resulting from the
incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
For information about how to edit the registry, view the "Changing Keys and Values" Help topic in
Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit
Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you
edit it. If you are running Windows NT or Windows 2000, you should also update your Emergency
Repair Disk (ERD).
ADN00061-02 36 10/26/2006
WHAT ARE ROAMING FILES AND HOW DO THEY WORK? <NEEDS
UPDATE-PLACEHOLDER>
I'm going to assume Windows NT4 TSE with MetaFrame 1.8 for this document, since, at
the time of writing, it is the most common platform. The principles are the same for
WinFrame, Windows 2000 or XP and MetaFrame XP, but the tools used and some file
locations are different.
The most effective form of profile for most businesses is the roaming profile. These can be
easily implemented, and allow for a wide range of administrator control over user activity
when combined with system policies. The added advantage is that roaming profiles can be
made mandatory, thus allowing for even tighter control. This is of obvious benefit to
educational establishments or public access kiosks.
In the ideal setup, the server holding the users' profiles will be separate to the MetaFrame
server. This central profile store is not to be confused with the locally cached profiles to be
found in %systemroot%\profiles (%systemroot%\Documents and Settings on Windows
2000). It is simply set up by sharing a folder (eg called "profiles") from a file server. For
preference, this folder should be in the root.
To utilize this share, go to Server Manager on the File Server (located in Administrative
Tools\Common), and, under the Computer menu, select Shared Directories. Create a New
share to the folder you have created, and set the Permissions to allow your MetaFrame
users Read and Write access.
Next, log in as the Domain Administrator on one of your MetaFrame servers. In User
Manager for Domains, click on the Profile button for the users you wish to assign roaming
profiles. In the Terminal Server Profile Path (if you are not on a Terminal Server you will
not see this box!), enter the path to your share, including the %username% variable eg
\\myserver\profiles\%username%.
When the user first logs onto a Terminal Server, he/she will get a copy profile from the
Default User profile on that Terminal Server. If this profile is wrong, then the administrator
must amend it in one of two ways.
1. The Default Users' ntuser.dat can be loaded into the Registry and edited directly.
This is not my favorite option, since all manner of things could go wrong - and it's
time-consuming.
2. Create a new user with administrator rights, log in *(see note below) and modify
the profile until it is as generic as it can be (ie don't set an Outlook profile, or all
users will get that Outlook profile!) and then log out. Copy ntuser.dat from that
user to the Default User, and all users will get identical settings the first time they
log in. ++(see How It Works below)
Here are several tips to consider before you log in as the new default user:
1. Stop Internet Explorer from going through its initial routines by editing the
following registry key; HKCU\Software\Microsoft\Active Setup\Installed
Components - delete everything below this subkey (ie leave the Installed
Components key intact).
2. Stop My Briefcase from appearing by adding HKCU\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon\RunSyncApp REG_DWORD 0, and rename the file
%systemroot%\System32\syncapp.exe to syncapp.old
3. Use System Policies to lock down access to "dangerous" applications, and to remap
user file paths to other shares on the File Server. Files stored inside roaming
ADN00061-02 37 10/26/2006
profiles can cause "profile bloat", which leads to excessive login times and other
user problems. Give the user appropriate permissions, and test your new roaming
profile by logging on as that user from a variety of clients at different locations.
To make the profile mandatory, simply rename the ntuser.dat of that user in the central
profile store to ntuser.man. If it will be mandatory that the user reads the profile from the
server, and if logon will be denied unless this is the case, add the extension .man to the
User Profile path; for example:\\myserver\myshare\mydomainuser.man (From Microsoft's
whitepaper, part 2. http://support.microsoft.com/support/kb/articles/Q185/5/87.ASP.
How It Works - Roaming Profiles

When a user logs in to a Terminal Server, the Terminal Server looks to see whether there
is a local copy of a profile associated with that user. If there is not, it checks, via the users'
login credentials, whether there is a roaming profile available for that user.
If there is no roaming profile available (and there won't be the first time a user logs in),
then the Terminal Server copies the Default Users' profile to a folder with the users' login
handle. It also copies the contents of the users' ntuser.dat to HKEY_USERS in its registry,
under the users' SID.
When the user logs out, and roaming profiles have been implemented, then the Terminal
Server will copy the locally cached profile to the profile store location, and unload the
users' SID. This centrally stored copy will be downloaded the next time the user logs in.
If the user does not log out cleanly, or disconnects leaving files open, then the profile may
not copy to the central store correctly, and the SID may not be unloaded. This is
particularly a problem with Terminals, where users will choose the logoff option, and
switch the Terminal off before it has completed the full logoff process.
The next time the user logs in, in this case, a new local copy will be created in the folder
%systemroot%\profiles\newuser.001.
Generally, the only way to clear these profile copies down is to reboot and then delete the
folders. Alternatively, the files that the user is still holding open can be tracked down using
Server Manager on each of the servers that the users has opened files from, and closed
individually. The profile copies can then be safely deleted by the Administrator from the My
Computer icon, right-click, choose Properties, User Profiles (wait a while if you have a lot
of users). If the profile can't be deleted, then the user still has files open somewhere.
To restore a corrupted or just plain wrong profile, often the only way is to delete the
centrally stored copy and have the Terminal Server create a new one. If this is wrong,
then you need to update your default user again. If you have many load-balanced
Terminal Servers, check that the default user is identical on all of them.
Helpful Links;
Microsoft Guide to Policies and Profiles
http://support.microsoft.com/support/kb/articles/Q161/3/34.ASP
Debugging Profiles in Terminal Server
http://support.microsoft.com/support/kb/articles/Q154/1/20.ASP
Roaming Profile may be corrupted by Copy Hive
http://support.microsoft.com/support/kb/articles/q262/2/03.asp
ADN00061-02 38 10/26/2006
OUTLOOK HAS TROUBLE OPENING HTML FILES
1. Open Regedit.
2. Navigate to the ddeexec registry subkey under the following registry
key:
HKEY_CLASSES_ROOT\htmlfile\shell\opennew
3. Click the ddeexec registry subkey and then delete it.
4. Navigate to the command registry subkey under the following registry
key:
HKEY_CLASSES_ROOT\htmlfile\shell\opennew
5. Double click the Default value in the right hand pane.
6. Make sure the string looks exactly like the following, including the quotation
marks, and assuming that is where IE is installed:
"C:\Program Files\Internet Explorer\iexplore.exe" %1
7. Click OK.
8. Close the Registry Editor.
9. Restart Outlook and the attachment file opens correctly.
ADN00061-02 39 10/26/2006
CITRIX TROUBLESHOOTING
TROUBLESHOOTING BY TOPIC
Printing
QUESTION
How can I resolve printer problems, particularly auto-created, which may also be causing
spontaneous server reboots?
ANSWER
Your situation is almost universal in the WIN NT 4.0 sp 6 METAFRAME 1.8 environment.
There are a few issues here:
Printing generally and auto-created printers specifically just simply do not work as they
should. To get it to work as well as possible:
1. Never use any printer driver that is not on the WINDOWS NT TSE
INSTALLATION CD.
2. Whenever possible configure network printers rather than allowing
autocreation of printers.
3. It is vitally important to follow these rules. Otherwise you will have
occurrences of: printing failure necessitating restart of the spooler;
occasional server crashes (sometimes when an autocreated printer with
an improper driver auto-purges) and occasional profound server
slowdowns.
QUESTION
Where can I find good documentation on printing for Citrix?
ANSWER
http://www.thethin.net/helps.cfm#print
http://www.metaframebook.com - chapter 6 is all about printing.
http://knowledgebase.citrix.com/cgi-bin/webcgi.exe?New,KB=CitrixKB
http://www.its.esker.fr/Documents/990701003W.htm
Citrix Knowledge Base Document Numbers:
CTX681954
CTX631387
CTX366945
CTX668903
CTX871608
CTX626451
CTX458114
http://www.printingsupport.com - site dedicated to Citrix printing.
http://www.dabcc.com/pc/
ADN00061-02 40 10/26/2006
PROBLEM
Desktop printer does not appear within Citrix.
POSSIBLE CAUSE
Printer is not recognized by the application server.
SOLUTION
Log a job to _____________________ to have the printer driver installed on the
application server. Specify the printer driver name precisely as it is on the desktop.
Dropped Connections
QUESTION
We have an external client for whom we provide reporting via an Access DB. This is setup
as a Citrix app, which is then accessed through our secure web site using the Citrix ICA
Client (version 7).
This client has been accessing these reports without problems for sometime now.
However, now when they try to launch the database they get the Citrix "Connecting to..."
dialog for a few seconds, then it disappears and the Citrix icon disappears from the system
tray.
I know that having a large amount of temporary internet files sometimes causes strange
problems, so I got them to delete these, but no change.
ANSWER
Connection wasn't completing, and app was therefore not loading. No error was returned.
Removing and re-installing client software fixed problem.
Windows User Problems

PROBLEM
Application displays all in one box on Windows.
POSSIBLE CAUSE
User has configured window size to custom default or full screen on the PC.
SOLUTION
Use the setting toolbox on the applications web page and set the window size - standard
to “Seamless”. Note that this is stored as a cookie on the desktop.
PROBLEM
Connection to Citrix hangs and does not start the program on Windows 2000.
POSSIBLE CAUSE
User does not have permission to update Windows registry on PC.
SOLUTION
Start the application as administrator to create the MS Licensing folder in the registry and
then give write permission to all users on the registry folder.
PROBLEM
When starting any application on a particular desktop get a message box saying cannot
connect to Citrix server and count-down timer.
ADN00061-02 41 10/26/2006
POSSIBLE CAUSE
User does not have permission to update Windows 2000 registry on PC.
SOLUTION
Start the application as administrator to create the MS Licensing folder in the registry and
then give write permission to all users on the registry folder.
ADN00061-02 42 10/26/2006
APPENDIX A – CITRIX GLOSSARY OF TERMS

Account Authority The platform-specific source of information about user accounts used
by a Citrix server; for example, a Windows NT domain, Active Directory domain, or Novell
Directory Services (NDS).
Activation Code An alphanumeric string displayed on the Citrix Activation System Web
page after you enter a license number. To activate a license, select the license number in
the Management Console for Citrix and enter the activation code.
Application Name A text string used to uniquely identify a published application within a
farm. The application name is used by the Citrix server farm and ICA Clients to recognize
individual applications that may have the same display name. The text string is
automatically generated based on the display name entered when the application was
initially published.
Application Launching and Embedding (ALE) A feature of Citrix servers and ICA
Clients that enables full-function, Windows-based applications to be launched from or
embedded into HTML pages without rewriting any application code.
Application Set A user’s view of the applications published on a server farm that the
user is authorized to access.
Certificate Store The location on the Citrix server running the SSL Relay that contains
the server certificate. The certificate for the SSL Relay should be in Local
computer/Personal so that you can manage it with the Certificate snap-in for Microsoft
Management Console.
Citrix Program Neighborhood Agent The Citrix Program Neighborhood Agent allows
you to deliver published applications directly to users’ desktops so users can access links
to published applications with or without a Web browser. With the Program Neighborhood
Agent, links to published applications appear in the Start menu, on the Windows desktop,
or in the Windows System Tray. Remote applications are integrated into the desktop and
appear to the user as local applications. You must use the Web Interface for Citrix to use
the Program Neighborhood Agent.
Citrix Program Neighborhood Agent Admin Tool Use the Citrix Program
Neighborhood Agent Admin tool to centrally configure user settings that are pushed out to
all users running the Program Neighborhood Agent.
Citrix SSL Relay A Windows service that runs on a Citrix server to support an SSL-
secured connection between a server running the Web Interface for Citrix and a server
running Citrix Server.
Citrix XML Service A Windows service that provides an HTTP interface to the ICA
Browser. It uses TCP packets instead of UDP, which allows connections to work across
most firewalls.
Client Device Any hardware device capable of running the ICA Client software.
Client Device Mapping The feature that enables remote applications running on the
Citrix server to access storage and peripherals attached to the local client device. Client
device mapping consists of several distinct features: client drive mapping, client printer
mapping, and client COM port mapping.
Client Drive Mapping The feature that enables applications running on the Citrix server
to access physical and logical drives configured on the client device.
ADN00061-02 43 10/26/2006
Client Printer Mapping The feature that enables applications running on the Citrix
server to send output to printers configured on the client device.
Client Update Database The database Citrix servers use to automatically update ICA
Clients. It contains copies of the clients themselves and configuration information about
how to perform the updates.
Connection Control The feature that allows you to set a limit on the number of
connections that each user can have simultaneously in the server farm. You can also limit
the number of concurrent connections to specified published applications, and you can
prevent users from launching more than one instance of the same published application.
Connection License A license that enables ICA connections between a client device and
a Citrix server farm. Connection license counts can be assigned to specific servers; they
are automatically pooled among all servers in the farm.
Content Publishing This feature allows you to publish document files, media files, Web
URLs, and any other type of file from any network location. Icons for published content
appear in Program Neighborhood, on the desktop, and on the user’s Web Interface logon
page. Users can double-click published content icons to access content in the same way
they access published applications.
Content Redirection This feature allows administrators to specify whether ICA Clients
open published content, applications, browsers, and media players locally or remotely.
There are two types of content redirection: from server to client and from client to server.
CPU Prioritization The feature that allows you to assign each published application in
the server farm a priority level for CPU access. This feature can be used to ensure that
CPU-intensive applications in the server farm do not degrade the performance of other
applications.
Data Store An ODBC-compliant database used by a Citrix server farm. The data store
centralizes configuration information about published applications, users, printers, and
servers. Each Citrix server farm has a single data store.
Disconnected Session An ICA session in which the ICA Client is no longer connected to
the Citrix server, but the user’s applications are still running. A user can reconnect to a
disconnected session. If the user does not do so within a specified time-out period, the
Citrix server automatically terminates the session.
Display Name A name you specify when you publish an application. The display name
appears in the newer Program Neighborhood client and in Application folders in the
Management Console for Citrix. You can also choose to use the display name in the Web
Interface for Citrix.
Dynamic Store A data store that contains frequently updated configuration data such as
application load and license usage information. A server farm replicates dynamic store
information across multiple servers.
ICA Independent Computing Architecture The architecture that Citrix uses to
separate an application’s logic from its user interface. With ICA, only the keystrokes,
mouse clicks, and screen updates pass between the client and server on the network,
while 100% of the application’s logic executes on the server.
ICA Protocol The protocol that ICA Clients use to format user input (keystrokes, mouse
clicks, and so forth) and address it to Citrix servers for processing. Citrix servers use it to
format application output (display, audio, and so forth) and return it to the client device.
ADN00061-02 44 10/26/2006
ICA Client Creator The Citrix server utility you use to create disks from which you can
install ICA Clients and the ICA File Editor on a wide range of client devices.
ICA Connection The logical port used by an ICA Client to connect to, and start a session
on, a Citrix server. 1. An ICA connection is associated with a network connection (such as
TCP/IP, IPX, SPX, or NetBIOS) or a serial connection (modems or direct cables). 2. The
active link established between an ICA Client and a Citrix server.
Independent Management Architecture (IMA) Citrix’s server-to-server infrastructure
that provides robust, secure, and scalable tools for managing any size server farm. Among
other features, IMA enables centralized platform-independent management, an ODBC-
compliant data store, and a suite of management products that plug in to the Management
Console.
License Pooling A feature of Citrix servers that enables you to combine license counts of
product and connection licenses into a common license pool for a server farm. All license
counts are pooled by default. Assigning a license count to a server removes it from the
pool.
Load Management A feature of Citrix that enables management of application loads.
When a user launches a published application that is configured for load management, that
user’s ICA session is established on the most lightly loaded server in the farm, based on
criteria you can configure.
Pass-Through Authentication When you enable pass-through authentication for the
Management Console for Citrix, the console uses your local user credentials from the
server on which the console is running. You can log on without re-entering credentials.
Users can also enable Pass-Through Authentication in ICA Clients that support this feature.
Pass-through Client An ICA Client installed on a Citrix server so that users of every ICA
Client platform can access published applications by connecting to them through Program
Neighborhood as a published application.
Policies Policies are used to apply Citrix settings, for client device mapping, for example,
to specific users or user groups. They override similar Citrix settings configured farm-wide,
at the server level, or on the ICA Client.
Product Code A nine-character string that identifies a Citrix server product.
Program Neighborhood The user interface for the ICA Win32 Program Neighborhood
Client, which lets users view the published applications they are authorized to use in the
server farm. Program Neighborhood allows access to application sets and custom ICA
connections.
Published Application An application installed on a Citrix server or server farm that is
configured for multi-user access from ICA Clients. With Load Manager, you can manage
the load for published applications among servers in the server farm. With Program
Neighborhood and the Web Interface for Citrix, you can push a published application to
your users’ client desktops.
Relay Listening Port The TCP port on the Citrix server that the Citrix SSL Relay
monitors for data from a Web server.
Session Tickets The Secure Ticket Authority servers are responsible for issuing session
tickets in response to connection requests for published resources. These session tickets
form the basis of authentication and authorization for access to published resources in the
Citrix server farm.
ADN00061-02 45 10/26/2006
Remote Node A client device that can connect to a LAN or WAN with a modem and
additional software, such as Microsoft’s Dial-Up Networking. When connected, the device
has access to the same network resources as any other node in the network, but is still
subject to bandwidth limitations and modem performance.
Seamless Window One of the settings you can specify for the Window Size property of a
published application. If a published application runs in a seamless window, the user can
take advantage of all the client platform’s window management features, such as resizing,
minimizing, and so forth.
Secure Sockets Layer (SSL)/Transport Layer Security (TLS) A standards-based
architecture for encryption, authentication, and message integrity. It is used to secure the
communications between two computers across a public network, authenticate the two
computers to each other based on a separate trusted authority, and ensure that the
communications are not tampered with.
Serial Number An alphanumeric string that you enter in the Management Console to
receive a license number for the software installed on a server.
Server Farm A group of Citrix servers managed as a single entity, with some form of
physical connection between servers and a database used for the farm’s data store.
Server-based Computing Citrix’s model for computing where applications are published
on centralized servers, or server farms, and users access and run those applications from
remote client devices. Server-based computing differs from traditional client-server
computing in that all the application logic executes on the host, consuming less network
bandwidth and requiring far fewer client resources.
Session ID A unique identifier for a specific ICA session on a specific Citrix server.
Shadow Taskbar The taskbar on a Citrix server desktop that you can use to shadow
multiple users and to quickly switch between shadowed sessions.
Shadowing A feature of Citrix servers that enables an authorized user to remotely join or
take control of another user’s ICA session for diagnosis, training, or technical support.
SOCKS SOCKS is a protocol for secured TCP communications through a proxy server.
SpeedScreen Browser Acceleration The feature that provides substantial performance
enhancements for users running HTML-capable applications, such as Internet Explorer,
published on Citrix servers. SpeedScreen Browser Acceleration requires less bandwidth
and allows users running ported applications to interact with the browser while graphically-
rich pages or largeimages are being downloaded.
SpeedScreen Latency Reduction A combination of technologies implemented in ICA
that decreases bandwidth consumption and total packets transmitted, resulting in reduced
latency and consistent performance regardless of network connection.
Universal Printing When you use Citrix Universal Printing you do not need to install and
duplicate a potentially large set of native printer drivers in your server farm. The universal
printer drivers can replace multiple native printer drivers that would otherwise be needed
in diverse printing environments. Later ICA clients can work with universal drivers
depending on the client device’s version and platform.
User-to-User Shadowing The feature that allows users to shadow other users without
requiring administrator rights. Multiple users from different locations can view
presentations and training sessions, allowing one-to-many, many-to-one, and many-to-
many online collaboration.
ADN00061-02 46 10/26/2006
Web-based ICA Client Installation A Web-based method for deploying ICA Client
software to users. You construct an ICA Client download Web site that users access to
download the ICA Client for their client devices.
Windows-Based Terminal (WBT) A fixed-function thin-client device that can run
applications only by connecting to a Citrix application server. WBTs cannot run applications
locally.
Zone A logical grouping of Citrix servers, typically related to the underlying network
subnets. All Citrix servers in a zone communicate with the Citrix server designated as the
data collector for the zone.
Zone Data Collector A Citrix server that stores dynamic data for one zone in a Citrix
server farm.
ADN00061-02 47 10/26/2006

Middleware Services: Operations Guide

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Middleware Services: Operations Guide

Diunggah oleh

Hak Cipta:

Format Tersedia

MIDDLEWARE SERVICES

For Tier Two Operations Associates

CITRIX CONCEPTS AND COMPONENTS – THE BASICS

CITRIX SERVER SOFTWARE

Windows ICA Client

ICA protocol transfers only

MAC ICA Client

Tablet ICA Client

Citrix Client - Server Relationship

CITRIX ICA CLIENTS

ZONES AND FARMS

Data Store/Data Collector Relationship

CITRIX SERVER FARM

Independent Management Architecture (IMA)

TERMINAL SERVER CLIENT ACCESS LICENSE (TSCAL) LICENSE SERVER

CITRIX MANAGEMENT CONSOLE

CITRIX WEB CONSOLE

CITRIX WEB INTERFACE

CITRIX SECURE GATEWAY

FARM METRIC SERVER

SCENARIO ONE – DATA COLLECTOR INTERACTION WITH CLIENT AND CITRIX

Data Collector Interaction with Client and Citrix Server

Data Store Interaction with Data Collector and Citrix Server

SUPERVALU CITRIX FARM AND APPLICATIONS

SUPERVALU CITRIX SECURE GATEWAY

WHAT ARE THE COMPONENTS?

Secure Gateway Servers

Secure Ticket Authority (STA) Server

Citrix XML Service

SUPERVALU Secure Gateway Flow Diagram

Albertsons Citrix Secure Gateway and Flow Diagram

CITRIX MANAGEMENT CONSOLE

LAUNCHING THE CITRIX MANAGEMENT CONSOLE

Citrix Server Log on Dialog

DATA DISPLAYED IN THE CITRIX MANAGEMENT CONSOLE

Citrix Management Console

Citrix Management Console - Session Information

Determining Information about a Citrix Server

Server Properties Context Menu

Server Information Dialog

Published Applications Dialog

CONTROLLING LOGONS BY ICA CLIENTS

Enabling or Disabling Logons

Server Properties Context Menu

Server Properties Settings Dialog

Published Application Context Menu

Application Properties - Allowing Group Access

VIEWING ICA SESSION INFORMATION

ICA Session Information – Current Users of Albertsons Desktop

USING SESSION MANAGEMENT COMMANDS

Management Console Actions Menu

Management Console Context Menu

Session Processes Tab Session Information Tab

Client Modules Tab Client Cache Tab

Session Properties Tabs

Management Console Session Disconnect

Management Console Session Reset

Shadowing ICA Sessions

Sending Messages to Users

Management Console Send Message

Send Message Dialog

WEB SERVER – THE METAFRAME SERVER FARM REPORTED AN