Category: Citrix

Deploy Citrix ADM Stylebooks using Ansible

I’ve created an Ansible playbook to deploy Citrix ADM (previously Citrix NetScaler MAS) Stylebooks. It will upload the latest version of the stylebook, migrate existing configpacks that are using the older version and then remove the old version from MAS.

There are still a lot to do with this playbook, for example handle parameters being added to a new version and delete Stylebooks if they’ve been removed from the playbook.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • Logs on to MAS
  • Locates all stylebooks in files/stylebooks
  • Identifies stylbook versions
  • Uploads stylebook if it that version doesn’t exist
  • Migrates configpacks to the new version
  • Removes the old version(s) of the stylebooks

Right now, there are four stylebooks:

  • xenit-srvobject.yml – Adds one or more server objects
  • xenit-svcgroup.yml – Adds a service groups with one or more server objects
  • xenit-csvserver.yml – Adds a cs vserver
  • xenit-lbvserver.yml – Adds an lb vserver using service group and binds it to a cs vserver

Feel free to try it out and any feedback is welcome! Or maybe even do a pull request?



Citrix ADC base configuration with Ansible and Citrix ADM

I’ve created an Ansible playbook to configure a base line on Citrix ADC (previously Citrix NetScaler) using Ansible and Citrix ADM (previously Citrix NetScaler MAS). The only thing you will have to do is change the parameters in the playbook and run it.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • NSIP parameters
  • HA Node parameters
  • SNIP parameters
  • VLANs
  • Policy Based Routing
  • Access Lists
  • SSL profiles
  • TCP Settings
  • HTTP Profile
  • NS Parameters
  • LB Parameters
  • SNMP Parameters
  • Cache parameters
  • Compression parameters
  • NetScaler modes
  • NetScaler features
  • NTP Configuration

I hope this can be of some help and feel free to give feedback or contribute to the playbook!



Configure Citrix ADC HA pair using Ansible and Citrix ADM

I’ve create an Ansible playbook to configure two Citrix ADCs (previously Citrix NetScaler) into an HA pair using Citrix ADM (previously NetScaler MAS). The only thing you will have to do is change the parameters in the playbook and run it with the credentials and IP-addresses as parameters and you’ll have an HA pair.

The playbook has been published to Azure DevOps and can be found here. The readme contains the latest information.

The playbook configures the following (as of this blog post):

  • Creates or updates a device profile
  • Creates or updates a datacenter (mps_datacenter)
  • Adds Citrix ADC instances to Citrix ADM
  • Creates an HA pair of the Citrix ADC instances using the ns_hapair_template maintenance job
  • Configures a new rpcNode password

I hope this can be of some help and feel free to reach out if you have any feedback or questions!



Configure Citrix ADM using Ansible

I’ve created an Ansible Playbook to configure Citrix ADM (previously Citrix NetScaler MAS). Instead of configuring all the different parts using the GUI, you can now change the parameters in a configuration file and the playbook will apply and update your configuration for you – making giving you Infrastructure as Code and documentation in one place!

The playbook has been published to Azure DevOps and can be found here. Read the readme for the latest information.

What the playbook configures (or at least at the time of writing this blogpost):

  • nsroot password
  • DNS servers
  • time zone
  • system settings
  • prune policy
  • syslog purge settings
  • backup policy
  • device backup policy
  • NTP sync and servers (reboots server if required)
  • LDAP servers and enables them as external authentication servers
  • Adds groups

Feel free to try it out and get back to me with any feedback! It’s a work in progress and I’ll try to keep the information up to date in the readme.



Deploy Citrix ADC to Azure using ARM Templates and Ansible

I’ve created an Ansible playbook to deploy Citrix ADC (previously Citrix NetScaler) to Azure using ARM Templates. You can find the playbook here in Azure DevOps, see the readme for the latest information about the playbook, how to use it and the per-requisites.

The main points for creating a new one instead of using the Citrix provided ones are (or at least were):

  • Deploy HA using Availability Zone
  • Using HA Ports for internal LB
  • Generates the external LB rules based on the number of Public IPs and Ports automatically
  • Naming convention that matches all other resources

Feel free to try it out and get back to me if you have any questions!



Monitoring vDisk Rebalance Enabled

In a recent use-case that I stumbled across, I wanted to monitor a few different things in a Citrix-environment with Provisioning Services technology.

In this specific blog-post I’ll show you how I configured monitoring for whether Rebalance Enabled is configured for active vDisk, with Provisioning Services (PVS) Powershell SnapIn.



Monitoring vDisk Replication

In a recent use-case that I stumbled across, I wanted to monitor a few different things in a Citrix-environment with Provisioning Services technology.

In this specific blog-post I’ll show you how I configured monitoring of vDisk Replication with Provisioning Services (PVS) Powershell SnapIn.




Black screen at session logon with VDA newer than 7.15 CU1

The black screen of death

Introduction

The logon process for users accessing a XenApp/Virtual App-environments is not completely simple to explain or understand in its entirety. There are several processes and services that need to work together, to let a user log on and begin to work in a virtual session. An issue that is not especially uncommon with regards to the logon process is what I would like to call the Black screen of death, BSOD. This should not be confused by the other BSOD! 🙂 When an environment has black screen issues I know that the troubleshooting and eventually finding a solution could most likely be long and challenging.

There have been several discussions regarding black screens at logon lately, especially when looking at Virtual Apps (i.e. XenApp) and published desktops. There are some obvious, and quite straight forward reasons why users get a black screen at logon. I’m not going to get into those in this blog post, apart from mentioning two really good articles from Citrix on the subject; XenApp/XenDesktop : Black Screen Is Displayed While Launching A Published Applications From Windows Server 2016 VDA [1] and XA/XD – Black or Blue Screen Connecting to Published Desktop [2].

I would also like to shed some light on a second ”Black Screen-issue” also currently discussed, the Windows-service AppReadiness and black screen at logon. Funnily enough, it seems like that issue is also introduced with VDAs newer than 7.15 CU1. If there’s an interest in diving into that issue too, I’m happy to do so in another blog post. My explanation of that issue can be found on the Citrix Discussion forum [3].

Last but not least, the latest of all ”Black Screen-issues” I have encountered, and the topic of today’s blog post.

Scenario

Users log on to a published desktop where the VDA is newer than 7.15 CU1, in my case i tried them all, 7.16, 7.17, and the newly released version 7.18. The session went black at logon and explorer.exe did not start. Even after waiting for more than 30 minutes. It did not matter if it was new profile or existing, in this case Citrix User Profile Mgmt, nor did it matter if the VDA was newly installed or updated from 7.15 CU1. Sending CTRL+ALT+DEL did not do a thing.

Everything worked fine on VDA 7.15 CU1 and previous versions, the only change I did to the MCS image when this occured was updating the VDA.

BSOD when initiating a new user session

Troubleshooting

I did some initial trial and error without any luck, so I decided to use my favorite troubleshooting tool, Process Monitor (aka Procmon). Within a couple of minutes I noticed that there was a process stuck in some kind of never-ending loop when a user tried to log on to the VDA. The process stuck was the ”Citrix Profile management message utility”upmEvent.exe [4].

What I also could see was that the process upmEvent.exe was the last process during the logon before the login process got stuck, and the user got the BSOD. I could not at the time identify exactly why, other than I knew which process broke the attempted login. It didn’t matter if it was a new or existing profile.

After having identified the culprit process I forcefully terminated it, and boom, the login process progressed as we are used to. Explorer.exe and all the other processes eventually started like nothing was wrong. From a user perspective, everything began to work and the desktop was shown as soon as the process upmEvent.exe was terminated.

From experience I knew that this was not the first time that specific process have have had different kind of issues. If you do a quick Google search on “upmEvent.exe” you will see that there have been some interesting issues with it over the past. The last change I know of, were when customers needed help because Citrix made a change in how it should be configured to upload data to Citrix Director. In short that change was needed because we hade to change from using UpmUserMsg.exe to upmEvent.exe. I also knew that the startup of the process had been changed previously, from the Run-key to the Userinit-key. From this I had reason to believe that this scenario might not be very different from last time [5] [6].

To summarize

I knew that upmEvent.exe by default has moved from the legacy Run-key to Userinit starting the process in user context. I also knew that the way the process needs to be configured has historically changed depending on what VDA-version is used. What I finally knew was that the configuration of the process is usually controlled in one way or another, for example with a scheduled task, GPP, GPO, registry, or something completely else.

I did a quick check to verify that the Key changed between my two VDA-versions.

Citrix VDA 7.15 CU1 is not using the Userinit registry key

Citrix VDA 7.18 is using the Userinit registry key

Indeed, there’s a difference! Closer to the solution, great!

In this specific environment I found out that the user-context startup of the upmEvent.exe-process was made with a GPO. When looking at the configuration I could see that it was configured in the old way of using upmEvent.exe. Not the new way of doing it!

The GPO configuration

Solution

When the VDA was updated to a newer version than 7.15 CU1 the GPO was reconfigured at the same time. In this case we removed the logon script and let the VDA configure the Userinit registry value. When the MCS machine was rolled out everything worked as it should, even though the VDA was updated!

I didn’t do more digging than needed, as I could see that everything started to work after the reconfiguration. It seems like newer versions of the VDA, and the move to Userinit, collide with the GPO configuration. Because of the collide the users gets a black screen at logon. A deadlock occurs when the script and Userinit is configured to run the process at the same time.

Hope this helps someone out there!

References

[1] https://support.citrix.com/article/CTX135782

[2] https://support.citrix.com/article/CTX235681

[3] https://discussions.citrix.com/topic/394538-continued-problems-with-black-screen-at-session-start-with-windows-10/?do=findComment&comment=2006811

[4] C:\Program Files\Citrix\Virtual Desktop Agent\upmEvent.exe

[5] https://www.jgspiers.com/reduce-citrix-director-interactive-session-time/

[6] https://tech.xenit.se/oregelbunden-loggning-av-inloggningar-citrix-director/



Double-hop configured with Citrix Receiver inside a published desktop

 

We started a new project with one of our clients creating a new MCS master with Windows Server 2016. One of their most critical business applications do not support Windows Server 2016 with their current version of the application. In the best of world it woulds, we would just update the application, but sometimes this is just not possible or an option. One of our ideas to solve this was to create a second master with Windows Server 2008R2 and publish the application in the Windows Server 2016 start menu with Citrix Receiver. I will guide you below how we managed to get this to work very smoothly.

 

The first thing you will want to do is to install Citrix Receiver on to the Windows Server 2016 Master. If you installed Citrix Receiver with the VDA-agent, you may skip this step. If not, you must install Citrix Receiver using below parameters:

 

After this you will want to create a new GPO, apply it to all your Windows Server 2016 Targets and configure the following settings:

When the user logs in we want Citrix Receiver to start immediately and connect to the StoreFront. Since we are using redirected start menus for all users we published the following icon in the ”startup” folder.

Starting Citrix Receiver with the tag ”ipoll” will contact the server to refresh application details, but if no authentication context is available, prompt the user for credentials. You may read more about the Citrix Receiver tags here.

 

The next thing you will want to do is to log in with a test user. Citrix Receiver should now start for the user in the background and connect to the StoreFront. Log in as an administrator to the session host and browse to ”HKEY_USERS\{SID_FOR_TEST_USER}\Software\Microsoft\Windows\CurrentVersion\Uninstall”. You may now see all published applications as keys.

You’ll want to focus on the registry setting ”LaunchString”. Copy the value in ”LaunchString”. It should look something like below.

 

This string is unique for every application. This string is not unique for every user. We will want to use this string with Citrix Receiver.

 

Optimal would of course be to publish a shortcut in the redirected start menu, but since the string is to long the shortcut is capped with max characters. We must therefore create a script like below.

 

Browse to the redirected start menu and create a shortcut with target like below.

When the user logs in to the session and launches the application it should start from the Windows Server 2008R2 machines like below.

 

Hope this works as well for you as it does for me. Give me a comment below if you have any problems.