Exporting XenDesktop / XenApp 7.6 Policies

If you’re looking for a way to export your policies in XenDesktop / XenApp 7.6, these two methods export XML files for archival or reporting.

Method 1

Download XenApp Migration Script:

http://www.citrix.com/downloads/xenapp/product-software/xenapp-76-platinum-edition.html

Extract the readIMA folder

Do not load any modules before performing this operation.

PS C:\readima> Import-Module .\ExportPolicy.psd1

PS C:\readima> Export-Policy -XmlOutputFile .\MyPolicy.XML -LogFile .\MyPolicy.log

PS C:\readIMA> Export-Policy -XmlOutputFile .\MyPolicy.XML -LogFile .\MyPolicy.log

XenApp 6.x to XenApp/XenDesktop 7.6 Migration Tool Version 20141125-1515

Exporting user policies

Exporting policy “Unfiltered”

Exporting policy “Disconnected Session Timer”

Exporting policy “HTML5”

Exporting policy “Printing”

4 user policies exported

Exporting computer policies

Exporting policy “Unfiltered”

Exporting policy “HTML5”

2 computer policies exported

Policy export completed

Log has been saved to .\MyPolicy.log

PS C:\readIMA>

*NOTE* This creates one policy file with filters included

Method 2

Download Scout

http://support.citrix.com/article/CTX130147

From the Scout\Current\Utilities folder, copy Citrix.GroupPolicy.Commands.psm1 to C:\

PS C:\> Mkdir C:\MyPolicy

PS C:\> Add-PSSnapin Citrix.Common.GroupPolicy

PS C:\> Import-Module .\Citrix.GroupPolicy.Commands.psm1

PS C:\> New-PSDrive Site –PSProvider CitrixGroupPolicy –Root \ -Controller localhost

PS C:\> Export-CtxGroupPolicy –Drive Site C:\MyPolicy

*NOTE* Using this method exports three files, one contains policy settings, a separate contains filters

Customizing Citrix Web Interface 5.4

When Citrix released Web Interface 5.4, there were some major changes in the UI.  Some people were receptive to the changes, whereas others did not like the magnitude of the UI differences.  Companies always strive to keep a consistent look to their internal and external resources and it is cvery difficult for Citrix to cater to everyone’s desired look.

Personally, I like a dark site that is easy on the eyes.  That is the reason behind my black themed site that I have modified.  This modification contains documentation of all the changes made along with visual reference.  Looking through this package should enable anyone to modify the Web Interface to their liking once they figure out where to make their desired changes.

I hope this helps anyone out there looking to customize their own site.

Disclaimer – This is meant as a guide to customizing the Web Interface 5.4 Software provided by Citrix.  Any testing and QA is the responsibility of the implementer.  This has not been tested with Access Gateway deployments.  Only the modifications are present in this package.  The original software must be obtained from Citrix.

Download here:

WI 5.4 Black

Reserving Citrix Licenses to Server(s)

One major concern in my company regarding Citrix is license usage.  Because we have many different business units who all have different cost centers, budgets, etc., everyone wants their licenses for thir use only.  This was a strong argument from their side to have multiple farms, but where there’s a will there’s a way, and I don’t want multiple farms to manage.  I like the KISS method (Keep It Simple Stupid).  So, here is how I managed to reserve licenses for servers and make everyone happy.

Firstly, I am still awaiting official documentation from Citrix regarding these commands.  I attempted using their documentation and the results were not as expected.  If you have tried using the RESERVE and MAX commands, you may know what I am talking about.  After some support calls and working with the development team, we got everything straight and licensing is working correctly now.  Understand that moving to a license reservation scheme like this will no longer give a large pool for all servers to dip in.  Every server you add to the farm must be added to a reservation group in order to receive user licenses.

License reservations are constructed in the Citrix.opt file located in the program filescitrixlicensingmy files directory (unless you changed the path).  License reservations can be made at a server group boundary.  These groups can contain one or many servers.

I hardly remember my original Citrix.opt file, but I think it only had a couple of lines regarding Logging and the ReportLog file.  Be prepared for a long file after this. In this example, I will use the following scenario:

Server Group1 – ServerA.domain.com, ServerB.domain.com, ServerC.domain.com
Server Group2 – ServerD.domain.com, ServerE.domain.com
Server Group3 – ServerF.domain.com

This will give us 3 groups (pools) of licenses that only each group can “dive” into.

The first lines in the Citrix.opt file are server group reservations. Here is the syntax for our scenario:

HOST_GROUP GROUP1 servera.domain.com serverb.domain.com serverc.domain.com
HOST_GROUP GROUP2 serverd.domain.com servere.domain.com
HOST_GROUP GROUP3 serverf.domain.com

Each group reservation line can only contain a maximum of 2048 characters.  If you have more servers than will fit on a line, just start a new line and use the same HOST_GROUP _____ as before.  I.e. I can have multiple lines including servers in GROUP1.

*note: These FQDN’s are case sensitive. From my understanding, the licensing software is ported from Unix, so the server names are case sensitive.  If you are unsure of the case, go to program filesCitrixLicensingLS and run “lmstat.exe -a”, this will show you your current license usage by server and will show you the correct case usage.

Now that our group reservation are made, it’s time to assign licenses to the groups. Each License file in Citrix has an increment line like this:

INCREMENT MPS_ENT_CCU CITRIX 2009.1001 permanent 20
VENDOR_STRING=;LT=Retail;GP=720;CL=ENT,ADV,STD,AST;SA=1;ODP=0
DUP_GROUP=V ISSUED=21-Feb-2009 NOTICE=”Your Company”
SN=CM-1234567-12345:123456 START=7-dec-2008 SIGN=”xxxx xxxx
xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx
xxxx xxxx xxxx xxxx”

I removed a lot of the identifying material in the license, but you can see what I am referring to.  This particular license is for 20 concurrent users and is valid for enterprise, advanced, or standard versions.  The most important part of the license is the “SIGN=” and the version (MPS_ENT_CCU). In the next line, I will reserve this license for our “GROUP1” server group.

INCLUDE “MPS_ENT_CCU:SIGN=xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx” HOST_GROUP GROUP1

You can see that the command is “INCLUDE”, followed by the license version, then the sign, then the group assignment. Also make note of the quotation mark locations and the fact that it is word wrapped, but should all be on one line. Now I have 20 licenses assigned to my GROUP1 server group.  Subsequent lines can follow that include any number of other licenses for this group or the other groups.  If I had 3 license files that I wanted to assign to GROUP2, for example, I would have lines like this:

INCLUDE “MPS_ENT_CCU:SIGN=xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx” HOST_GROUP GROUP2
INCLUDE “MPS_ENT_CCU:SIGN=xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx” HOST_GROUP GROUP2
INCLUDE “MPS_ENT_CCU:SIGN=xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx” HOST_GROUP GROUP2

The above statements would assign 3 license files to the GROUP2 server group.

So, that’s the general idea.  The hardest part is keeping everything organized in the file.  You can comment as much as you want in the file, jsut begin each comment line with “#”.  An example comment line:

# This license is from the ABC123.lic file

To bring the idea altogether, here is an example of a complete Citrix.opt file after reservations:

# CAUTION:  Editing this file without understanding the
# license allocation scheme can really mess things up.  Please
# consult your Citrix administrator.
# NOTE: Server names are case sensitive
# NOTE: SA Renewals must use the UPGRADE SIGN for license reservations. Do not
# use the old SIGN from the INCREMENT portion

# Suppress Check-ins and Check-outs
# NOLOG IN
# NOLOG OUT
# Suppress denied and unsupported feature messages
# NOLOG DENIED
# NOLOG UNSUPPORTED

# Host Group Reservations start
# Note:  You can only enter a max of 2048 chars per line.  Please use additional
# lines if necessary, prepending each line
HOST_GROUP GROUP1 servera.domain.com serverb.domain.com
HOST_GROUP GROUP1 serverc.domain.com
HOST_GROUP GROUP2 serverd.domain.com servere.domain.com
HOST_GROUP GROUP3 serverf.domain.com

# License reservations start
#This license is for GROUP1
INCLUDE “MPS_ENT_CCU:SIGN=xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx” HOST_GROUP GROUP1

# These licenses are for GROUP2
INCLUDE “MPS_ENT_CCU:SIGN=xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx” HOST_GROUP GROUP2
INCLUDE “MPS_ENT_CCU:SIGN=xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx” HOST_GROUP GROUP2
INCLUDE “MPS_ENT_CCU:SIGN=xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx” HOST_GROUP GROUP2

# This license is for GROUP3
INCLUDE “MPS_ENT_CCU:SIGN=xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx xxxx” HOST_GROUP GROUP3

REPORTLOG +”D:Program FilesCitrixLicensingReportLog.rl”

Above, we made three server groups (using four lines), reserved one license for GROUP1, three licenses for GROUP2, and one license for GROUP3. Now, we can restart our license service or use the re-read option in the LMC to begin using these reservations.

To verify that licenses are being allocated correctly, use the LMSTAT command mentioned above.  I typically run an “LMSTAT -a > usage.txt” command and then open the usage.txt file to view the results.  You should see each license listed followed by which servers are using it.  With these reservations, you should only see members of the assigned server group using the license.

Citrix – Migrating an Access data store to SQL

I recently migrated a local Access data store to SQL and I didn’t find a lot of detailed instructions on the net, so here’s my tutorial.

First, determine which server holds your data store.  This article helped (CTX105257).  I basically looked on a couple of server at the registry value HKLMSOFTWARECitrixIMAPSServer.  This value was my data store holder.

First step in the migration is to create a DSN file for the new SQL connection.  This can be done in wordpad and should contain this:

[ODBC]
DRIVER=SQL Server
UID= <user id>
LANGUAGE=us_english
DATABASE= <database name>
WSID= <Citrix server name>
APP=Citrix IMA
SERVER= <SQL server name>
Description= <description of connection>

Save the file as a *.DSN extension.  Citrix stores its DSNs in the IMA folder.  After creating this DSN, I placed it in c:program filescitrixindependent management architecture.  I read that some people recommend renaming the existing from mf20.dsn to something like mf20old.dsn and then naming the new DSN to mf20.dsn.  In my case, the original DSN file was not named mf20.dsn, so I just named my new DSN to mf20.dsn.  In any case, it is wise to backup the existing datastore in case something bad happens.  Run this command:

DSMAINT BACKUP c:

This will backup the existing datastore to a MDB (probably mf20.mdb) at C:. Next, we need to run “DSMAINT MIGRATE” to move the data from the local data store to SQL.  My command looked like this:

DSMAINT MIGRATE /srcdsn:”C:Program FilesCitrixIndependent Management Architecturemf20old.dsn” /srcuser:citrix /srcpwd:citrix /dstdsn:”C:Program FilesCitrixIndependent Management Architecturemf20.dsn” /dstuser:userid /dstpwd:userpw

THe default username and password for a local access data strore is citrix/citrix.  The dstuser and dstpwd should be your SQL username and password.  Don’t forget that this user needs dbowner priveleges to the database for Citrix to work properly.  The command will take the existing data in the local access data store and migrate it to SQL. Once ran, we see the following migration status box:

After the migration is complete, a prompt to compare the data is offered.  I selected Yes.

The comaprison will begin:

If everything goes smoothly, a confirmation will show in your command window:

Migration Complete

The next step is to point this server to the new data store.  This is done with the DSMAINT CONFIG command.  This will point the IMA service to use the new DSN.  My command looked like this:

DSMAINT CONFIG /user:userid  /pwd:userpw  /dsn:C:Program FilesCitrixIndependent Management Architecturemf20.dsn”

After execution, a message shows that changes will take effect after stopping and starting the IMA service.  I stopped the IMA service, ran DSMAINT RECREATELHC and then started the IMA service.  This way I knew I was rebuilding my local cache from my new datastore.  After the IMA service started successfully, it was then time to point my other farm members to the new datastore.  If you don’t point them to the new data store, they will continue to access the data store indirectly through the server we just changed.

Use the DSN we created above, but change the WSID to match each server  it is copied to. Once that DSN is copied to that server, run the DSMAINT CONFIG command to use the new DSN, then stop/start the IMA service.

I’ve read that if there are a lot of servers in your farm, the PsExec utility is a great way to execute these commands remotely on your servers.  I didn’t have too many, so I used RDP to run the commands on each server.

Mandatory Terminal Services Profiles and Novell Client

I like quick logins, and I hate managing profiles, so i typically use mandatory profiles on my Citrix servers if it serves only a couple of specific applications.  I recently noticed some wierd behavior on some of my server regarding the mandatory profiles.

If a user logged in, their username was appended to the profile location where the mandatory profile is stored.  I used Group Policy “Set TS Roaming Profile Path” and in this setting, checked the box “Do not append the user name to profile path”

TS Profile Path GPO

TS Profile Path GPO

I checked the registry where this option is stored (HKLMSoftwarePoliciesMicrosoftWindows NTTerminal ServicesWFDontAppendUserNameToProfile) and it existed and was enabled.  For some reason the server was just ignoring it.  I recreated the GPO, checked my system.adm template date, still not working.

I managed to find one forum post on the web with someone else attributing this problem to the Novell client, which is on this server.  He was running 4.91 SP2, I am running 4.91 SP3.  Novell is at SP4 at the time of this writing, so I upgraded asap.  Problem resolved.  Chalk another problem up to Novell client.  At least they fixed the issue in SP4, otherwise my mandatory profiles would be quite un-mandated.

Changing AAC SQL db

Today, one of our SQL servers went down. Unfortunately it held our Citrix Farm Datastore and AAC (Advanced Access Control) database. The dbas were able to get the dbs moved over to another SQL server quickly. Changing SQL servers for a farm is relatively simple; change the SQL server name in the DSN file on each server and restart the IMA service. But what about the AAC server? Where do I change it on there?
A call to Citrix revealed some registry keys to change and then the Configuration utility will run again. I was freaking out because the Server Configuration utility was not running and giving an error. Here’s what to do:

  1. Open Registry Editor and browse to HKEY_LOCAL_MACHINE/Software/Citrix/AccessObjects, backup the CitrixAGEServer key just in case you need to restore previous configuration, then delete the CitrixAGEServer key.
  2. Browse to HKEY_LOCAL_MACHINE/Software/Citrix/MSAM/ServerConfigured and change the value from 1 to 0.
  3. Run the server configuration wizard.

You’ll need to know your SQL server, database name, database credentials, and service account credentials.  It should then find your previous configuration once you complete the wizard.  Make sure that the SQL credentials are dbowner and IIS is currently running.