XenApp Reboot Script

As many customers are still running XenApp 6.5, probably one of the most stable/successful XenApp releases, when time comes to reboot the servers on the farm the options available are quite limited.

After looking for some scripts I ended up finding the one fellow CTP Dane Young wrote and posted on his site. The problem IMHO it is overkill for many customers (what ends up making it complex, especially for people not very familiar with PowerShell).

I took his script as a starting point and created a much simpler version that works very well and does what most administrators need:

– Reboots the farm in groups of servers.
– Prevents new logons to the servers that will be rebooted.
– Sends messages to the users 15, 10 and 5 minutes before the reboot will happen.
– Reboots the servers, not waiting for the servers to be completely drained. To be honest I prefer this approach as if you need to wait until a server has no more users you may have to wait days in certain cases.
– Every interaction is logged to the event log (disabling logons, sending messages to users, servers being rebooted, etc).

In this example, the need was to reboot the farm in two passes. One covering half of the servers and another for the remaining servers, 30 minutes later. For this particular case the farm had to be rebooted twice a week. So this is what we did, preparation wise:

– Created four worker groups named TuesdaysRebootGroup1, TuesdaysRebootGroup2, FridaysRebootGroup1 and FridaysRebootGroup2.
– Added half of the servers to TuesdaysRebootGroup1 and the remaining servers to TuesdaysRebootGroup2. Did the exact same thing for the FridaysRebootGroup1 and FridaysRebootGroup2 worker groups.
– On the ZDCs (two of them), we created two scheduled tasks on each of them. On the first ZDC the two tasks are scheduled to run on Tuesdays and Fridays at 1:00am and on the second ZDC the tasks run on Tuesdays and Fridays at 1:30am. The tasks on the first ZDC take care of rebooting the servers on Group1 and the ones on the second ZDC take care of rebooting the servers on Group2.

Here you have the script:


# Reboot script for XenApp 6.5 Citrix Farms
# Simply disables new logons and issues warning messages every 5 minutes
# for 15 minutes in total.
# This script can be run as a schedule task from the Zone Data Collector to process
# reboots for all other application servers
# Created by Cláudio Rodrigues, Citrix CTP, Microsoft MVP, VMware vExpert
# WTSLabs Inc. Copyright 2010, 2011, 2012, 2013
# http://blog.wtslabs.com
# Loosely based on the work by Dane Young, Citrix CTP
# Check http://blog.itvce.com/?p=79 for more information
# Build 2014.11.24 Revision 6

Add-PSSnapin “Citrix.Xenapp.Commands” -ErrorAction SilentlyContinue

# Define which worker group should be processed.
# We are using one script per worker group so make copies and change the worker groups as needed.
# Can be easily modified to allow multiple worker groups (see Dane’s script)
$Global:WORKERGROUP = “TestCR”
$Global:EventLog = New-Object -type System.Diagnostics.Eventlog -argumentlist Application
$Global:EventLog.Source = “Citrix Reboot Script”
$EventLog.WriteEntry(“Starting scheduled task Citrix Reboot Script.”,”Information”,”111″) # Create test event entry to note the start time of the script

$Step1 =
param ([string]$server)

$Global:EventLog = New-Object -type System.Diagnostics.Eventlog -argumentlist Application
$Global:EventLog.Source = “Citrix Reboot Script”

function DisableLogons
# Prohibits logons until next restart for server passed as variable 0
set-XAServerLogOnMode -ServerName $args[0] -LogOnMode ProhibitNewLogOnsUntilRestart
Write-Host “Disabling Logons on $server” -foregroundcolor Blue

DisableLogons $server
$EventLog.WriteEntry(“Disabled logons until next reboot on ” + $server + “.”,”Information”,”411″)

$sessions = Get-XASession | ? {($_.servername -eq $server -and $_.state -eq “Active”)}
foreach ($session in $sessions)
$username = $session.Accountname
Write-Host “Sending message to user $username on $server” -foregroundcolor Blue
Send-XASessionMessage -servername $server -MessageTitle “Server maintenance” -Messagebody “Server will be rebooted in 15 minutes” -sessionID $session.sessionid -MessageboxIcon “error”
$EventLog.WriteEntry(“Fifteen (15) minutes warning on server ” + $server + “.”,”Information”,”311″)


$Step2 =
param ([string]$server)

$Global:EventLog = New-Object -type System.Diagnostics.Eventlog -argumentlist Application
$Global:EventLog.Source = “Citrix Reboot Script”

$sessions = Get-XASession | ? {($_.servername -eq $server -and $_.state -eq “Active”)}
foreach ($session in $sessions)
$username = $session.AccountName
Write-Host “Sending message to user $username on $server” -foregroundcolor Green
Send-XASessionMessage -servername $server -MessageTitle “Server maintenance” -Messagebody “Server will be rebooted in 10 minutes” -sessionID $session.sessionid -MessageboxIcon “error”
$EventLog.WriteEntry(“Ten (10) minutes warning on server ” + $server + “.”,”Information”,”311″)


$Step3 =
param ([string]$server)

$Global:EventLog = New-Object -type System.Diagnostics.Eventlog -argumentlist Application
$Global:EventLog.Source = “Citrix Reboot Script”

$sessions = Get-XASession | ? {($_.servername -eq $server -and $_.state -eq “Active”)}
foreach ($session in $sessions)
$username = $session.AccountName
Write-Host “Sending message to user $username on $server” -foregroundcolor Yellow
Send-XASessionMessage -servername $server -MessageTitle “Server maintenance” -Messagebody “Server will be rebooted in 5 minutes. SAVE your work” -sessionID $session.sessionid -MessageboxIcon “error”

$EventLog.WriteEntry(“Five (5) minutes warning on server ” + $server + “.”,”Information”,”311″)


$RebootServer =
param ([string]$server)

$Global:EventLog = New-Object -type System.Diagnostics.Eventlog -argumentlist Application
$Global:EventLog.Source = “Citrix Reboot Script”

function StartReboot
# Creates a variable named server from the first passed variable
$server = “$args”
# Initiates shutdown on remote server
Invoke-Expression “Shutdown.exe /m $server /r /t 0 /c “”Shutdown scheduled by Citrix Reboot Script.”””
$EventLog.WriteEntry(“Initiating reboot process on ” + $server + “.”,”Information”,”911″)
Start-Sleep -s 120

StartReboot $server
# Main Script
$workergroup = $GLOBAL:WORKERGROUP
$workergroupservers = @(get-xaworkergroupserver -workergroupname $workergroup | sort-object -property ServerName)
foreach ($workergroupserver in $workergroupservers)
$server = $workergroupserver.ServerName
Write-Host “Step1 on $server” -foregroundcolor Blue

$EventLog.WriteEntry(“Processing server ‘” + $server + “‘ from worker group ‘” + $workergroup + “‘.”,”Information”,”211″)
Invoke-Command -ScriptBlock $Step1 -ArgumentList $server

Start-Sleep -s 300

foreach ($workergroupserver in $workergroupservers)
$server = $workergroupserver.ServerName
Write-Host “Step2 on $server” -foregroundcolor Green

Invoke-Command -ScriptBlock $Step2 -ArgumentList $server

Start-Sleep -s 300

foreach ($workergroupserver in $workergroupservers)
$server = $workergroupserver.ServerName
Write-Host “Step3 on $server” -foregroundcolor Yellow

Invoke-Command -ScriptBlock $Step3 -ArgumentList $server

Start-Sleep -s 300

foreach ($workergroupserver in $workergroupservers)
$server = $workergroupserver.ServerName
Write-Host “Rebooting $server” -foregroundcolor Red

Invoke-Command -ScriptBlock $RebootServer -ArgumentList $server

#### END

Yes, I do know this could be better and smaller, not to mention improved. The bottom line is, it is a simple script that does the job very well and at the same time it is simple and easy to follow, even for people not used to PowerShell.

I am sure it will help some of you out there. Any comments and suggestions (and even criticism) feel free to reach out. I am all ears.


6,463 total views, no views today

VMware Horizon 6. The only article you will ever need to read.

Ladies and Gentlemen,

We all knew this was going to happen and it happened yesterday. If you have no idea what I am talking about let me quickly summarize it for you and then give you my take on it.

VMware announced yesterday that it is adding support for Microsoft RDS Session Host (a.k.a. Terminal Server, Terminal Services, TS or simply RDS) on its product. So now they can deliver sessions from either Desktop OSs (what VMware View was all about since day one) and from Server OSs (with the RDS Session Host role enabled) using PCoIP.

Why I am saying this is the only article you will ever need about the subject? Well first of all I am the one writing it. Does not get better than that. Then I am not on VMware’s or Citrix’s payroll. Finally I am one of the so called ‘Dinosaurs’ in the RDS world (remember, I got the first MVP award ever for RDS specifically back in 2001). Oh and I drive a Lamborghini.

So seriously let’s take a look at the whole thing and what I think it is important with this release.

– RDS as a platform. I am very happy to see VMware doing this. Honestly. This just proves that all I have been saying all these years, that RDS is a solid platform AND not going to the grave in the near future is true. VMware now officially recognizes this. This also means a lot more work for all of us in this industry as now lots of VMware customers will start deploying this and will realize it is way more complex than a broker and a protocol. They have to deal with printing, profiles, logon times, session sharing, etc. The list goes on. For us, the industry dinosaurs, this is GREAT news. Be prepared to have hundreds of new customers lined up at your door, asking you to help them with their RDS issues.

– Citrix as a solution. There is no other way to put this. VMware is validating what Citrix has been saying for years WHILE acknowledging they (VMware) did have a big hole on their application delivery solution and that Citrix was correct all these years by addressing both the desktop and server OS application delivery mechanisms. Yes, a little tap in the back for Citrix.

– Citrix as a company. One thing I have been saying to Citrix for YEARS, even though I am a Citrix CTP as well, was the fact Citrix was milking the XenApp cow for VERY long, without really innovating much. Minor improvements here and there, evolution (albeit slow IMHO) instead of revolution. Then the world, according Brian Madden, would flip everything to VDI and RDS would die, Citrix jumped into the VDI bandwagon and more than that, started to back stab the product (XenApp) that made Citrix, well, Citrix. Decided to rename XenApp to XenDesktop “Customers are stupid” Edition (ok, App Edition), chop off some features that made XenApp 6.5 a very solid platform and then released XenApp 7.5 “Phoenix” again, still a limping version of XenApp 6.5, not really offering anything better than its previous release. Basically screwing its customers, partners and itself along the way. Cannot get better than this, screwing up wise. Not sure who they hired for the job of screwing things up but whomever that is, this guy is a GENIUS at the subject. Next time I want to screw up something I will definitely give Mr. G a call.
So VMware announcement means two things for Citrix: first, RDS is indeed an important platform what leads to XenApp is important and has to be fixed, if you do not want people starting to test Horizon 6 to jump ship or not buy your product. Secondly, and the most important thing here is, Citrix now has someone on their back and if they want to stay on top they will have to become the Ol’good Citrix we, the dinosaurs in the industry (RickD, DougBrown, SteveG, SBass, Benny, etc) learned to love. The one that innovates, that pushes the industry as a whole forward. And not the current Citrix that looks more like a bunch of farmers that know nothing more than milking a cow. And supervised by a marketing clown. Yep, it is that bad. Hopefully this will be great for the industry, leading to the same type of war we saw at the protocol level, where years ago Citrix was the king by a huge lead and now for 99% of the use cases the protocol is almost irrelevant (this helped the industry so much that even Microsoft released something great, RDP8.1, what is something borderline mystical as they do have a history of releasing stuff from their asses – you know what that is). So the lesson here: this is great for the industry, great for Citrix – if they see this as a challenge and live up to the expectations – and great for VMware, that is broadening its reach and addressing the problem properly. Great.

– XenApp as a product. Well thanks to customer feedback (more like customer wrath really) Citrix had to bring it back from the ashes. Then VMware comes and tells the world RDS is amazing. I hope this is a wake up call to Citrix so they realize how important XenApp is and always has been for their strategy and more than that, for them as a company. This move by VMware hopefully will guarantee XenApp is a product customers can trust in the long run, what many feel was not the case since Citrix almost renamed itself Cindesktop.

– Horizon 6 itself. If you have been in the industry for long you know there is more to RDS than simply having a way for people to connect to an RDS Session Host over a protocol. Problems that are not there with VDI (app compatibility, session sharing, etc) will definitely be there when you throw RDS to the mix. Right now, no one has played with Horizon 6. No one knows what it can do as a complete solution, as something that goes beyond brokering a session to an RDS SH host using PCoIP. How does it handle printing? How does it handle the user environment? How does it handle the server build itself? How much automation there is to increase farm capabilities? The list goes on and for now no one has an answer to that. That is why no decent blogger should say Horizon 6 is great or it sucks. No one knows that. And I can bet things will change from what some analysts saw today to what will be actually shipping. My take is, if VMware is intelligent, they carefully looked at what is out there, the competition, and addressed most of the needs when it is out. If that is not the case, customers may get burnt with a solution that falls short from its promises and may go for a competitor. Or, if you are really loyal to the brand and NOT in a hurry to have that working, you may just say “Oh well it is a V1 product so half of the things not working properly is to be expected – they will get better”. My personal take is I hope it is good as again this will drive the competition and the industry forward. And I will have years of consulting on the RDS space still to go. Great. But until I see it in the wild I cannot say how good or bad it is. Period.

– UX is important. Yes, the user experience is key. And how seamless things integrate with all the platforms that can work as an endpoint is very important. As Shawn Bass mentioned, Citrix ignored a lot of platforms with their receiver, to the point the receiver on OSX for example sucks. I will say this is an industry trend in general as Microsoft apps on OSX do suck too. But there is one point we cannot forget: the AX (the Admin eXperience) has to be good. No matter how good the UX is, if the AX sucks big time and the whole thing is a PITA to get going and to maintain, IT departments will certainly back slash it and bury it somewhere. Lesson here is it has to be polished in all fronts, especially if you are the last player to the game, the one that had years of research available, studying everything that sucks with your competitors. So yes, we do expect VMware offering to be polished in all fronts.

– VDI as a platform. Well thanks to the first point on this article, Horizon 6 puts the last nail in the VDI coffin. What I mean is, in the coffin that says VDI is everything, VDI is better than sex, I want to do a MILF with a VDI tattoo on her lower back (I bet you pictured it). VDI is simply another option, another tool in your tollbox and VMware finally acknowledges it. Plus this goes beyond Citrix and VMware. This is also a wake up call to all the VDI fanboys out there, that were blinded by Brian’s predictions (failed by the way) that VDI was going to take over the world and Claudio would retire due to lack of work for him as an RDS guru. Lesson here, VDI fanboys, go learn RDS and stop thinking BrianMadden.com is the bible. Brian is no Jesus. He does not even have a long beard. And he lives in San Francisco.

To conclude this post I just want to say this: 2014 is the fucking year of RDS and this is not a prediction.

Thanks VMware for confirming what I have been saying all along.

And VMware, welcome to the RDS world. I have my arms wide open.

[Hugging sound]
[VMware fanboys crying in background]


18,084 total views, 5 views today

Citrix vs. Cloud Platforms. Yawn.

Ok after reading Gabe’s article and then Brian’s take on it, instead of replying I decided to write a whole post about it. That is why you are reading this.

First of all I want to resume Brian’s post for you. I think he should start working for Gartner as he is becoming the master of failed predictions (perfect fit if you want to work for Gartner – not sure if you know this but Gartner has a lot of mediums and Gypsies on staff and is responsible for buying 83% of all crystal balls made in America) and his latest post kind of falls into the same category.

The main idea on both posts is if VMware or another player releases seamless windows apps in their cloud offerings Citrix is fucked.

Here is the deal why IMHO that is not the case and even Brian seems to contradict himself on the post he wrote.

1. The cloud. Oh the cloud. Amazes me to see most CIOs seem to have learned nothing from the whole Snowden/NSA episode. If all corporate systems and intellectual property now lives in the cloud, you just made NSA much happier. The same way Snowden put up their arse, gathering all that information and sharing with the public, don’t you think it would be possible for a Snowden Jr, to get confidential corporate data and give the finger to the NSA and go living in China or Russia with all that info ready to be sold overseas? Do we really think a pharmaceutical company with crazy drugs being developed will consider doing anything in the cloud? Or Lockheed Martin, Bombardier, making Area 51 flying shit , etc? The list of corporations in the Fortune 500 that would be MASSIVELY affected by something like this happening is simply huge. So going to the cloud just makes NSA life easier. Bring the cloud onsite and at least you have a little bit more control and chances to guarantee NSA is kept out of the door.

2. Ok I mentioned bringing the cloud onsite and Brian does mention that, meaning a common platform is there for on-premise and off-premise deployments. But on the same article he also states “Microsoft has started talking about how future versions of Windows Server will be more like “mini on-premises instances of Azure.””. That means this does NOT exist today and only Jesus knows exactly when it will see the light of the day (Nadella or Nutella as I prefer, does not know the answer for that, trust me). So as of today and for at least 3-5 years this is not happening mainstream. Also keep in mind if Windows Server 2016 does have all this shit built-in and working 100% (what is never the case with anything Microsoft releases – for God’s sake they cannot even get RDS to work 100%) companies will still have to go through the exercise of testing and validating such platform what in itself takes years for many Fortune 500 companies. These guys cannot simply change platforms overnight. The FDA would shutdown ANY pharmaceutical attempting to do that overnight. Simple as that. So the reality here is this is still YEARS away.

3. Given point #2, that means a solution, to be called a SOLUTION, and not a HAE (Half Ass Effort) has to support BOTH on-premises and off-premises TODAY. So if someone (i.e. VMware) releases something that only works off-premises, in a cloud platform, we have a problem. What do I do with my on-premises stuff? Ignore it? Choose another vendor to deal with the on-premises scenario only? That is a fucking nightmare. Now dealing with two products and two vendors so I can address my on/off-premises needs. Keep in mind this would still be the case if someone releases a platform that can indeed deal with both scenarios flawlessly within the next year. Why? Because you will still need to test and validate such platform BEFORE going full production with it (point #2). Simple. Common sense here people.

Resuming: as of today and for at least the next two to three years things will still look very similar to what they are today and if you do want to be a leader down the road you must have a platform that deals with the IT landscape of TODAY and with the IT landscape of TOMORROW. Sorry to say but VMware is nowhere near it, in terms of addressing SBC/VDI on-premises and off-premises.

Now if you do not need to test or validate anything, do believe ‘cloudfying’ your whole IT infrastructure is a great idea, and the NSA does not exist, Brian is indeed into something with his article.


26,173 total views, no views today

Citrix Receiver for Windows 8 RT – How to get it working.

As you guys know I got a Windows Surface a couple months ago (at launch) and have been trying to use it as much as I can, integrating it to anything I may have up and running.

The first test I did was to get the Windows Server 2012 RemoteApp feed going with it. It does work and provides decent performance. Published apps in seamless windows, it is all there and works pretty much out of the box. How to get that working is the subject for another post and for the book I am finishing with Freek Berson (by the way, it is being officially sent to Apple March, 1st – what happens after, we will learn later).

As I do have a XenApp/XenDesktop environment I wanted to use the Surface as a client. That required me setting up StoreFront (and dealing with its SQL issues – addressed on this post) and the Access Gateway, running on a Netscaler VPX appliance.

So as of today this is what I have:
– Netscaler VPX NS10.0: Build 72.5.nc.
– StoreFront 1.2 running on Windows Server 2008 R2.
– Both running under VMware ESX 5.0. Yes, I did not update it.

The key thing with the Surface is to get the damn Access Gateway Session Policy/Profile done properly. The steps you need to follow are actually simple and you can potentially have all this configured in 5 minutes. I assume your Netscaler VPX with an Access Gateway virtual server is already up and running for this.

1. Under Access Gateway > Virtual Servers find your virtual server, right click it and select ‘Open’.
CAG1 2. Click on the Policies tab and then Clientless. Then click ‘Insert Policy’ at the bottom.
3. Under ‘Profile’ simply select ‘ns_cvpn_default_profile’. It will have all the options pre-set for you.
4. For the expression what you need is this: HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“WindowsRT”)
CAG4 So this is what your clientless policy will look like.

Before you ask, yes it has to be WindowsRT and NOT WinRT. I know WinRT is what is used for Windows 8 but for RT for some reason is WindowsRT. I tried and tested with Jarian the WinRT and no go. Does not work with the Surface. Once we switched to WindowsRT, all good.

5. Now on the Policies tab, Session you will need a policy (and a profile for it) with the lowest number for the priority (so it is top priority) that will look like this (do not worry, let’s see how to create it step-by-step):
CAG5 To create it, click on ‘Insert Policy’ at the bottom and once the screen shows up you will need to create a new profile first (click ‘New’ beside ‘Request Profile’. The first thing to be changed is on the Client Experience tab. You need to change:
– Home Page: set it to your StoreFront site. Mine for example is set to https://sf.iqbridge.ca/Citrix/IQBridgeWeb (checked).
– Clientless Access: ON (checked).
– Single Sign-on to Web Applications: checked.
– Credential Index: Primary (checked).
CAG6 On the Security tab:
– Default Authorization Action: ALLOW (checked).
CAG7 On the Published Applications tab:
– Make sure ICA Proxy is NOT checked (has to be showing as OFF).
– Web Interface Address: the EXACT same as you set as Home Page on the Client Experience tab. So in my case https://sf.iqbridge.ca/Citrix/IQBridgeWeb.
– Single Sign-on Domain: your AD Domain name.
CAG8Now all you need is to make sure the actual Session Policy looks like this (by adding the expression):
CAG9That is all regarding Session Policies/Profiles and Clientless policies/profiles for the Windows RT.
Once you launch the Citrix Receiver on the Surface simply enter the address for the Access Gateway like https://mycag.mydomain.com. It will ask you for credentials and once entered you should see your apps (assuming you already set apps) or it will allow you to pick the available apps.
I then tested this internally and externally (over an LTE Hotspot) and it worked flawlessly in both cases. It is worth mentioning that every time I would screw something app on the AG configuration (i.e. use WinRT instead of WindowsRT on the expressions) the Surface Receiver not only did not find the apps (would throw an error) but once the AG was configured properly it would still refuse to work requiring an uninstall and a reinstall of the Citrix Receiver on the Surface. Keep that in mind. The current version is still a little temperamental…

If you see anything wrong with this post or need more info just give me a shout.



32,393 total views, 1 views today

StoreFront 1.2 Install and how to avoid SQL issues.

As I promised a couple days ago on Twitter, here you have the scripts I used to install StoreFront. It is pretty annoying to realize if you install it using the installer provided by Citrix and let it deal with the database you will get screwed at one point. You will see stupid errors on the StoreFront Web Site, errors on the event log and so on. Resuming: A PITA.

Now if you use the scripts, well then everything gets fixed magically. That leads us to the question why the installer does not clearly state you MUST use the damn scripts to create the database? Or why the installer cannot use the scripts by itself? As I always joke we put people on the moon but we still fail to have installers that can actually install things properly. Amazing.

The first script deals with installing the pre-requisites. I usually use one like this:
powershell -nologo -executionpolicy bypass “& “c:\Installs\SF-PreReq.ps1”

So basically I have a folder on the C: drive called Installs and on it a script called SF-PreReq.ps1 (PowerShell), setting the required execution policy (basically, leave me alone). The contents of SF-PreReq.ps1 are:

Import-Module ServerManager
Add-WindowsFeature as-net-framework
Add-WindowsFeature Web-Server
Add-WindowsFeature Web-Asp-Net
Add-WindowsFeature Web-Windows-Auth
Add-WindowsFeature Web-Metabase
Add-WindowsFeature Web-Http-Redirect
Add-WindowsFeature Web-App-Dev
Add-WindowsFeature Web-Basic-Auth
Add-WindowsFeature Web-Digest-Auth
Add-WindowsFeature Web-Client-Auth
Add-WindowsFeature Web-Cert-Auth
Add-WindowsFeature Web-Url-Auth
Add-WindowsFeature Web-IP-Security
Add-WindowsFeature Web-Dyn-Compression
Add-WindowsFeature Web-Scripting-Tools
Add-WindowsFeature Web-Mgmt-Service
Add-WindowsFeature Web-Mgmt-Compat

I can tell you it works as I did install my production StoreFront 1.2 using it.
Once the pre-requisites are done, then you connect to your SQL box (RDP for example) and using the SQL Management Studio with the proper credentials you will run four scripts in sequence. Make sure to adjust the database name, paths, etc to match whatever you have/decide to use.

First Script – Creates the database

USE [master]

( NAME = N’MyApps’, FILENAME = N’C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\DATA\CitrixStoreFront.mdf’ , SIZE = 4096KB ,
( NAME = N’MyApps_log’, FILENAME = N’C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\DATA\CitrixStoreFront_log.ldf’ , SIZE = 560KB ,
COLLATE latin1_general_CI_AS_KS

EXEC [CitrixStoreFront].[dbo].[sp_fulltext_database] @action = ‘enable’


Second Script – Creates the tables

USE [CitrixStoreFront]

/****** Object: Table [dbo].[User] ******/


CREATE TABLE [dbo].[User](
[id] [int] IDENTITY(1,1) NOT NULL,
[username] [nvarchar](100) COLLATE latin1_general_CS_AS_KS NOT NULL,
[id] ASC

[username] ASC

/****** Object: Table [dbo].[Subscription] ******/


CREATE TABLE [dbo].[Subscription](
[id] [int] IDENTITY(1,1) NOT NULL,
[subscription_ref] [varchar](32) COLLATE latin1_general_CS_AS_KS NOT NULL,
[resource_id] [nvarchar](400) COLLATE latin1_general_CS_AS_KS NOT NULL,
[user_id] [int] NOT NULL,
[status] [int] NOT NULL,
[metadata] [nvarchar](max) NULL,
[secure_metadata] [nvarchar](max) NULL,
[id] ASC

[subscription_ref] ASC

CREATE NONCLUSTERED INDEX [user_resource_idx] ON [dbo].[Subscription]
[user_id] ASC,
[resource_id] ASC

/****** Object: Default [DF_subscriptions_status] ******/
ALTER TABLE [dbo].[Subscription]
ADD CONSTRAINT [DF_subscriptions_status]
DEFAULT ((0)) FOR [status]

/****** Object: ForeignKey [FK_subscriptions_user_id] ******/
ALTER TABLE [dbo].[Subscription]
WITH CHECK ADD CONSTRAINT [FK_subscriptions_user_id]
FOREIGN KEY([user_id])
REFERENCES [dbo].[User] ([id])

ALTER TABLE [dbo].[Subscription]
CHECK CONSTRAINT [FK_subscriptions_user_id]

CREATE TABLE [dbo].[SchemaDetails](
[major_version] [int] NOT NULL,
[minor_version] [int] NOT NULL,
[details] [nvarchar](max) NULL

INSERT INTO [dbo].[SchemaDetails] ([major_version], [minor_version])
VALUES (1, 0)

Third Script – Assigns the correct login to the database. This one you need to create on the SQL server a local group with whatever name and add the StoreFront servers to it. In my case I used StoreFrontServers as the local group on the SQL Server.

A local group on the SQL Server must be created.
A local group on the SQL Server must be created.

USE [master]

Fourth Script – Fixes permissions on the database

USE [CitrixStoreFront]
CREATE USER [CitrixSubscriptionDBUsers] FOR LOGIN [YOUR_SQL_SERVER\StoreFrontServers];

EXEC sp_addrolemember N’db_datawriter’, N’CitrixSubscriptionDBUsers’;
EXEC sp_addrolemember N’db_datareader’, N’CitrixSubscriptionDBUsers’;

That is it. Once you have all the scripts done (in sequence) on the SQL Server you can then fire up the StoreFront installation. All the pre-requisites will be already in place and the database created. You simply follow the wizard and you are all set.
Make sure you do have a certificate installed on the StoreFront server before you fire up the install (do the whole certificate thing right AFTER you run the pre-requisites script and make sure HTTPS is bound to IIS) .

That is all. StoreFront should now install properly.


10,449 total views, no views today

THE BriForum Session

So this year for BriForum I have submitted two sessions so far and as one of these is potentially massive, here I am asking for help.

The session will basically attempt to cram in 75 minutes a review of the so called Citrix Best Practices and check which ones still hold water to this day. The main reason for that is I still see, believe me, people looking for the (in)famous “Metaframe Tuning Tips” that my buddy RickD wrote when dinosaurs roamed the earth. Seriously, the reasons are many. To this day I still see many projects being done following these best practices and I am certain, given how hardware, software and solutions in this space have been evolving, many do not apply or have to be slightly modified to still be valid today.

Now the question you are probably asking yourself now is, “Well you are the Mr. CTP/MVP so you know better what is valid or not, what these best practices are and so on. So why the hell are you asking us?”. Well first of all my time is limited. That means I cannot be working on 1,000 projects at the same time. But if I ask 1,000 people in the community that are currently working on projects I am sure we will be able to gather a lot of great info that I would not be able to get and/or see myself.

And finally I do not know it all. Well no one does. Not even Shawn Bass. The power of this community I think is what can make a session like this great.

All that said I would like to ask you guys a couple things:

– What do you see to this day in terms of so called best practices? As an example I see all the time “do not use virtual PVS servers”. So what are these best practices?
– Any best practices you know for sure should be discarded and never used again? Example: some NT4 registry settings I am sure do not do shit on 2008 R2 or they actually do shit on your environment, throwing shit at the fan for the fun of it.
– If you will be at BriForum, are you brave enough to join me and a bunch of other clowns on stage? As you know I am probably one of the most well behaved, polite and politically correct presenters at BriForum, not to mention the All-Time GeekOut champion. So fear nothing, you will be well treated and gain respect from your peers (not me. LOL).

Resuming: whatever you have to say in terms of best practices (good, bad, old, new, etc) PLEASE let’s talk. Feel free to either post here or to email me directly at CR at WTSLabs dot com. If you put [BriForum Session] in the subject, that would help a lot sorting out the two emails I am expecting.

Cheers guys, appreciated. See you (hopefully) at BriForum.


108,840 total views, no views today

Citrix Evaluation Licenses – PITA

As part of one of our Citrix projects, we are helping out a customer with a brand new XenApp 6.5/XenDesktop 5.6 deployment. For the pilot we do not intend to run more than 20-30 users so the typical Citrix evaluation license should do the trick. These are usually good for 90-days/99-users what in most cases is all you need to see how things work, how they perform and so on.

My initial thought was to go on the Citrix website and grab evaluation licenses. Simple, correct? Well not that simple as it turned out. The Citrix XenApp license, not a problem at all. You simply select you want to do-it-yourself and after entering some information you do get a license key that you can fulfil on MyCitrix so you end up with your .LIC file. Perfect.

Problem is for XenDesktop it is not like that for some unknown reason and it should be. After you select the DIY route, first it assumes you will use the Express version (so you get 10-users). Once you enter all the info you see the following screen:

Licensing Error 1

As you can see on the right there is indeed a “Try XenDesktop Platinum Edition” link and I though that would be all I needed. So there I clicked…

Licensing Error 2

So what do we get? Oh, a 404 error. The page is nowhere to be found and you cannot get your XenDesktop Platinum trial license. Grrrrr.

Extremely annoying and a shame that for a flagship product for Citrix like XenDesktop, there is no damn anyone at least testing the stupid website to make sure potential customers can at least get a trial license.

And please do not give me the bullshit that all they need is to contact a reseller.


5,663 total views, 3 views today

RDS Projects

As many of you know I am kind of biased towards RDS, especially with 2012. That said it does not mean I will recommend or force down your throat RDS for all use cases. Our main concern as a company is to always provide the correct solution to a problem/business need and never the other way around, seen many times in this market, where they try to find a problem/business need that matches a particular product that has to be sold to the customer.

With that in mind, regardless of the product or solution to be used, it is important you do your homework before attempting to come up with a pilot. That is where things get weird with RDS. As it is now completely part of the OS, what means you do not need to call a reseller or download crap from a vendor, most people think “Well it is part of the OS and I know Windows so I am sure I can pull this RDS thing off” and guess what, these attempts either fail or create a wave of tweets saying RDS stands for “REGRET DAT SHIT”. Not the case.

There are many reasons for that. RDS, even though it is right there on the OS and can be installed with a couple clicks, it is still RDS. That means many things are still at play like RDS Flags, Shims, Profiles, Load Balancing, certificates (ahh these damn certificates) and so on. Exactly the stuff most people are not aware of or simply do not understand.

Add to that tons of resellers out there that need to sell product A or B to keep their Silver/Gold/Unobitanium status, and we have a mess. Now without the knowledge of what is under the hood (RDS) they are now recommending and saying the solution is product A or B and that RDS is shite. BS.

One example (real world) we had was a major company, owners of several high end brands in many spaces (from watches to wineries) that approached us regarding a Citrix project they were working on. Before moving ahead they wanted to understand if Citrix was deemed necessary or not.

After reviewing the whole thing with them I was confident we could pull it off with plain RDS and as XenApp runs on top of RDS I told them to go from pure RDS to XenApp down the road, if we do see the need after the RDS pilot, is not rocket science.

Making a long story short, the environment is pure RDS to this day and has been working great down south. And getting ready to get it upgraded to 2012 RDS!

The lesson here is simple. A proper assessment of your SBC/VDI plan by someone that understands all this craziness is a must have and something that at the end of the day will cost you only a couple bucks, with the potential for saving several thousand dollars down the road.

For this reason we were the first ones to offer such packaged service, properly named TSEspresso (that you can read more about it here, http://www.wtslabs.com/tsespresso.html). To give you a fair and correct assessment of your SBC/VDI plans, with quick turnaround and on the cheap.

It is not Aspirin but guaranteed it will save you from headaches with your SBC/VDI plans.



962 total views, 1 views today

Windows Surface + XenApp + RDS 2012

As part of my work I try as much as I can to be up to date on all the platforms and its clients out there in the VDI/SBC space. That said of course I did have to get a Windows Surface tablet.

Before going a little deeper on my review, let’s clarify a couple things. This is the ARM based device (what means no Intel CPU inside) running Windows 8 RT. It is basically Windows 8 as you will find on any other device that runs it but as it is not Intel based, its software has to be compiled to run on the ARM CPU. Secondly, Microsoft has tighter controls on this device than on its sibling (the upcoming Windows Surface Pro) what means you can only install apps that come from the Windows Store.

Before you bitch about that, keep in mind the iOS devices are no different. You can only, officially, install apps from the Apple AppStore and whatever you can run on your Mac (running OSX 10.X) does NOT run on the iOS devices as they run on a different CPU than the Mac ones (Intel at this stage). So pretty much the exact same scenario with the Windows Surface device.

So what have I tested so far? A couple things:

– Offline usage (running locally installed apps, varying from games to real office ones)
– Accessing hosted apps on Windows Server 2012 (RDS Session Host with RemoteApps installed) over RDP8.
– Accessing hosted apps on Windows Server 2008 R2 with XenApp 6.5 installed over ICA/HDX.
– Accessing hosted desktops running Windows 7, hosted under ESX 5.0 with XenDesktop 5.6.

For the Citrix stuff you need the latest Citrix Receiver for Windows 8 RT. It is on the Windows Store. Contrary to previous versions this one does NOT require Citrix StoreFront and DOES work with Citrix Secure Gateway (what was a big surprise for me). Here you have a screenshot showing the Citrix Receiver on the Microsoft Surface:

Citrix Receiver for Windows 8 RT

Performance wise it did work perfectly when connecting to all the scenarios above. With RDP8 I was even able to run some WAN scenarios using my Apposite box (the mighty LinkTropy Mini) as you can see in the following video:

Windows Surface – RDP 8 WAN Testing

So what do I think about the Windows Surface as a potential iPad replacement? Well there are some MAJOR advantages on it and let me explain all I can see:

– Windows Surface runs Microsoft OS/Software. That means a couple things. First, RDP support is simply unmatched. That means whatever Windows Server 2012 with RDP8 delivers, it is there for you. The same can be said of ICA/HDX. This is for sure a big thing if you are after the best experience possible when accessing remote servers/desktops.
– Office. No half-ass support for Office docs here. The full blown Word/Excel/Powerpoint apps are here and I can tell you they do work PERFECTLY. Sure I had to get some updates for these but now everything seems stable and fast. And again, FULL COMPATIBILITY with Office docs. That alone is for me the biggest advantage going right now for the Windows Surface. I tried pretty much any piece of software known to man that is available for iOS devices to deal with Office docs. NONE were able to render all documents I had  100%. The Surface did it out-of-the-box.

The main issue right now for sure is the lack of apps if compared to the iOS ecosystem. If Microsoft can indeed convince developers to step up their game and start pumping out tons and tons of apps for the platform, I would definitely say the Surface can potentially rise as a very good competitor. And so far, as an RDP 8 endpoint, nothing can come close to it what is indeed impressive.


1,347 total views, no views today

Tales from the Trenches: the Case of the Missing Server.

As most of you know, even though I run WTSLabs, I also spend quite a lot of time doing consulting work across the globe, having worked in all kinds of projects, from major App-V deployments to pure RDS Session Host setups. And that has been the case for several years and thanks to that I was blessed to be able to see all sorts of great and terrible things out there. So I decided to start a series of posts called “Tales from the Trenches” where not only myself, but other great names in the industry will share their best stories with us so we can all learn and realize there is indeed crazy people out there doing all sorts of unbelievable stuff.

So starting the series, this week, at one of my customers, very strange things started to happen with their XenApp 5 environment. Regardless of how it was architected and deployed (by the way, probably one of the worst environments I have seen in a LONG time, where pretty much every single worst practice out there was followed), the reasons and the outcome of how this whole thing happened is worth a post.

Couple weeks ago a maintenance window was scheduled due to some work on their electrical systems (generators, transformers, etc) and something went wrong. Really wrong. As far as I know one person got injured (or dead, do not remember – seriously) and power went out completely. No generators, nada. All gone.

This brought down the whole thing for a while and all Citrix servers were down. When power was restored, one of the six XenApp boxes (all Dell servers) had the hard drives toasted and it did not boot at all. They could access it remotely through the DRAC and it was indeed gone. So they let me know we had lost a Citrix server.

As I was away for that week after the power outage I told them I would check when back and to my surprise the farm was reporting the box as up and running and serving users. I checked my emails for any alerts from Resource Manager (yes, once I set it up for that, what they never did – please do not even start asking why EdgeShite is not there…) expecting to see a server unreachable message but no, nothing, nada.

So I go and RDP to that server IP address and indeed I get a session and it IS for sure a Citrix box, with the proper name, IP address and part of that farm. The funny thing once I started digging was this was no Dell server but an HP box…

At the same time most users started complaining their Outlook signature reverted back to what it was eight, nine months ago and some other very odd things…

After further investigation, here it is what happened… Someone had setup, back in July, 2010, a server for testing and as we had 5 boxes at the time on the farm, he created this sixth one and named it using the proper naming convention, just increasing the number at the end of the name so this became whatever-6. He also gave it a proper IP address and made the server part of the farm. Once he was done with his testing (what included allowing all users to use the server for a couple weeks) he simply shut it down, never removing it from the farm.

Later the need for a sixth server came up and a new Dell box was setup and given the EXACT name and IP as the now powered off HP one. When the power outage happened three to four weeks ago the guys at the data center powered on all servers that were off and as Dell #6 had a disk failure it did not boot but the HP one did and guess what? It started serving users immediately but as they keep the cached profiles on the servers, users started to get mixed things (meaning profiles started to get fucked up big time) thanks to 9 months old cached copies and the fact roaming profiles are not the most intelligent things in the world.

Thanks to great documentation and procedures in place no one knew or remembered about the HP server that was hiding somewhere in a rack. And of course due to the fact profiles were not properly handled with a decent and robust solution, hundreds of users got screwed up big time.

Next time you are done with your tests on a production environment (yes, this was production) try at least to disconnect the ethernet cables on the back.

Oh and do not forget to disable the wireless card on it, in case your company does think it is a great idea to use laptops as Citrix XenApp servers, serving users over the wireless card.

Well that is another story for another great post…


988 total views, no views today