Friday, 7 September 2012

XenDesktop 5.6 Express–Licensing

I’ve just spent a frustrating hour trying to license the XenDesktop express proof of concept farm I built a couple of weeks ago.  The problem was truly strange and appears to be a bug on the Citrix site at the moment. 

After installing XenDesktop Express with the Licensing component, it went into a trial period.  So I went about getting a proper license…

In the Desktop Studio, under Configuration > Licensing you will see you are still in a trial mode. 


To sort this out, I tried to go here in my local Chromium browser:

After entering details you get the chance to download the biggest license ever – nearly 1gb!


Luckily its a typo.  Mine was 11kb.  This saved itself in my Downloads folder as a file called “XenDesktop_Express_Edition_License.lic”. 

I put this in the folder C:\Program Files (x86)\Citrix\Licensing\MyFiles on my XenDesktop service and restarted the license service. 

Back in Desktop Studio I selected Add License:


Bang.  The “Citrix License Server currently unavailable” bit sounds bad.  I check services.msc and the service has indeed fallen over - in the event log you get this helpful message:

Faulting application name: lmadmin.exe, version:, time stamp: 0x4f02e435
Faulting module name: MSVCP80.dll, version: 8.0.50727.6195, time stamp: 0x4dcddc6c
Exception code: 0xc0000005
Fault offset: 0x000038db
Faulting process id: 0xb78
Faulting application start time: 0x01cd8ce15b8b4c3d
Faulting application path: C:\Program Files (x86)\Citrix\Licensing\LS\lmadmin.exe
Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
Report Id: 9aa66add-f8d4-11e1-a99d-02faf2a05cc2

Then this post on the Citrix forums suggested I check my .lic file’s contents, and indeed it is an HTML file!  The download page for the file I actually want in fact. I remove it from MyFiles and the Citrix Licensing service will start at least. So I move and rename my .lic file to .html and open it in the browser I just used and hey presto!


I click “Download your file manually” and it downloads another file called XenDesktop_Express_Edition_License.lic, which this time is the actual file.  Madness.  Saved this in the MyFiles folder on the XenDesktop server again, restart the Licensing service again and refresh the Configuration > Licensing part of the Desktop Studio, and its all working fine:


I think something needs fixing on Citrix’s website! 

One more issue in my case was the licenses were now in the wrong mode.  I could see the Concurrent licenses but also had the message “Can’t find a valid license – no suitable licenses are available”


To fix this, I selected “Edit Product Version” in the actions tab…


Then changed the model to Concurrent rather than User/Device Licensing.  No idea how this ended up on the wrong mode…


Finally!  All licensed.


Friday, 24 August 2012

Installing XenDesktop 5.6 Express

This is a basic implementation of XenDesktop Express 5.6, intended as a proof of concept.  This is the edocs link for XenDesktop 5.6 by the way:

XenDesktop 5.6 Express is essentially the trial version of XenDesktop and is limited to 10 VDI machines.  This is a comparison of all the editions:

Download XenDesktop Express from your My Citrix account – this is the direct link at the moment…

Click Try It Free and download the zip.  This contains three ISOs, including XenServer.  Extract the XenDesktop56.iso using 7zip or another program.

I’m installing the core components of XenDesktop on a XenServer virtual running on a fairly powerful server.  The XenDesktop controller VM has got 2 vCPUs and 2gb RAM, running Windows Server 2008 R2.  On the same XenServer farm, install a Windows 7 VM as well.  This will later become your master VM.

When your XenDesktop server is installed, run AutoSelect from the root of the extracted XenDesktop56 folder, then when this menu eventually comes up, select Install XenDesktop….


Accept the EULA…


You then have a comprehensive list of options.  You might well just click Next to install everything, but lets have a think about things first…


For a proof of concept, this might well all be best on the same server, but this is going to be a quite heavy set of applications, and there might be parts of this you don’t need.  If you have a shared SQL Server machine, you can save quite a lot of load on the box by not installing SQL Server Express for instance – but you have extra steps to set up the database elsewhere.  The license server part could well be existing elsewhere if you are running XenApp, though be aware that it needs to be v11.10, the version which shipped with XenApp 6.5, not the XenApp 6.0 version or earlier.  On a production system the other roles might well be split over multiple systems as well.  For this simple implementation, I’ve left everything ticked.

The next screen lets you know that the windows firewall is going to be set up to allow the license server ports…


You then proceed to installation of the Windows features and XenDesktop components.  This takes a while.  Meanwhile in the background I connected to a shared SQL Server 2008 R2 machine, created a database manually and set up a SQL logon on it, with a really hard password.  In User Mappings I gave this login db_owner access to the new database.

image and later… image

Click Close to configure XenDesktop.  This took a full three minutes to come up…


Note that if you chose to not have the SQL Server Express R2 instance on this server, the whole Quick Deploy option is greyed out.  Assuming it is enabled, click it.

Incidentally, this is the information on Quick Deploy:

As it states, these are the pre-requisites for completing Quick Deploy:

  • A host with enough storage, CPU and RAM
  • An admin account which can create new machines on the XenServer host
  • Access to the AD domain containing the accounts of users
  • An account on that AD domain with the right to create computer accounts
  • A Master VM running the Virtual Desktop Agent
  • The XenDesktop server you just installed, including all components.

You installed that Windows 7 VM earlier, right?  The one that will be the Master VM.  If not, get installing! 

The first step of Quick Deploy is Site.  Give your site a name and click next on the Wizard.


The next step is Connection.  This is the connection to the virtualisation platform – either VMware, Hyper-V, or (more likely) XenServer.  Fill in the details for your environment.  In this case, I’m connecting to XenServer, so I put in http://[servername] and the root username and password.  It won’t let you proceed unless these details are correct.  After this you will see the Host screen, where you pick the Network your VMs should use (assuming multiple networks are defined) and the Storage screen where you pick where all the VMs you create will appear.


If you have not done this already, get your Windows 7 Master VM ready.  Install the tools for whatever VM host you are on (so, the XenServer tools in my case)…


Join it to the AD domain and install any applications you want on all the machines.  Then get the Virtual Desktop Agent installed.  You can get to this by running the AutoSelect utility on the XenDesktop56 disk and clicking Install Virtual Desktop Agent…


Select Quick Deploy and agree to everything.


Back to the Quick Deploy wizard on the server, select the Master VM, the location to store the newly created VMs and allow it to create a couple of VMs, giving it a default location


The next step is to allow users or groups to request VMs which do not have a specific user.  Create an AD group and put a test user in it.  Once you have tested this is working, this group will contain all your XenDesktop users.


This churns away for about 10 minutes…

image and eventually… image

You should now see most of the configuration options in the Desktop Studio…


And should also notice its created extra virtual machines in XenServer which can be logged onto via the web interface, which you can now make secure in IIS if you see fit.


Then I decided to check it was licensed okay, and the fun really began.  This is the post about that little issue:

Storefront 1.2 and Receiver 3.3 – default and featured apps

When users are first set up with a new Receiver client pointing at a Citrix StoreFront server, something which might be a bit confusing is that there are no applications displayed at all.  All you see is “Add Apps – Click to add and start using your apps”.  The idea with this is that you don’t see every icon to which you have permission (which is great for admins especially, who tend to have access to more apps than they use) but have to opt in (or “subscribe” in Citrix speak) to everything.  Storefront then does a good job of remembering those subscriptions over different devices.  If you ask me, all this is more about getting a good experience on mobile devices first and then making it consistent over all other devices you use than anything else.

Anyway, new users see just this:


When you click the big tempting Add Apps button a menu slides in from the left with folders containing icons, or even better users can search with the box at the top right.  But you might well have apps which just everyone will be interested in, or which you want to flag up.

Citrix have provided a bit of an odd way round this, using the Description field in an application's properties.  If you add the words KEYWORDS:Auto to the description using the AppCenter (or whatever your version of the management console for XenApp is called, they keep changing it), StoreFront will pick up on that and new users will get them already pinned by default.


There is another keyword – “KEYWORDS:featured”.  This will create a subfolder called “Featured” and put another copy of the icon in there.  You can also say “KEYWORDS: Auto Featured” to do both.


This is what the featured folder looks like, through the web browser this time…


Note that if a user removes an “auto” icon from their list, Storefront remembers that and will only add it back if they do it manually – this page has a hack to prevent users from removing auto icons, which is highly tempting.  Hopefully a “sticky” keyword will be added in future releases.

Tuesday, 21 August 2012

Installing Receiver Storefront 1.2 – Standalone, single server

Citrix do love inventing new products!  Even if they then replace ones that work just fine.  Anyway, get used to the fact that Web Interface is going to be retired, because that is the way we’re now going.  Web Interface will not have any new versions – the future is StoreFront!  Or Cloud Gateway Express, I’m a little unclear – to be honest the terms seem to be used interchangeably. 

StoreFront is all new and exciting – and oddly old fashioned.  To be honest it looks oddly like Program Neighborhood!  One word of warning – it does not work at all with Citrix Presentation Server v4.0 because there is no way of disabling launch references, which were only introduced in Presentation Server 4.5.  Just an aside – this test system will be with XenApp 6.0

To be honest, Web Interface is working fine for now, except for the Chromebooks.  Chromebooks do not like Web Interface, they just claim (rightly) they have no Citrix client installed and give you the chance to download an ICA file, which (again rightly) you are informed cannot be opened in Google Docs.  You need StoreFront, and you also need to download the Receiver plug-in from the Google WebStore on your Chromebook.

So this is a quick guide to installing a standalone StoreFront server (just internal in this case, and without any 2 factor authentication) to allow a Chromebook to launch Citrix applications from XenApp.  I should really point out here that should should be just a proof of concept – any serious implementation will have at least two servers and a shared database.  I’m also going to use SQL Express which I would not recommend for live systems if you have full SQL Server available.


Login to My Citrix and click Downloads

Choose CloudGateway from the big drop down list.

Select CloudGateway Express from the list.  The other download is the full appliance, and if you have bought that you hopefully know what you are doing!


Choose StoreFront 1.2…


Now you have your installers, prepare the target server:

Install Windows Server 2008 R2 with SP1 – I’ve not tested this on Windows Server 2012.  You might want to save time by installing the Web Server role with the IIS6 management options and ASP.NET as well.

Installing IIS and a secure web site

You can skip this if you wish and go straight to SQL installation, but at this point I am going to get IIS ready. I’ve set up a CNAME record on my internal DNS server called “storefront”, pointing to the server name of this new server. This means I’ll can now use the URL http://storefront, where I see a big graphic saying IIS and wishing me welcome. 


But I want SSL too – StoreFront will have usernames and passwords going through it and really should be secure. I have a Windows Certificate Authority already set up (whose certificates will be trusted by my PCs) so this bit is easy for me. If you don’t have that (and don’t want to put it in place), you could buy a commercial SSL certificate or use a self signed one and make it trusted with Group Policy. But I would consider using SSL somehow.

In my case, I launch “Internet Information Services (IIS) Manager”, then select the server on the left, then SSL Certificates. I created a certificate request (2048-bit), generated a certificate for it on my certificate server, completed the request back on my Storefront box, then added a binding on the default website for https and using my new Certificate. Phew. Now the secure URL https://storefront gives me the nice IIS welcome screen, but with that reassuring “https” in the address bar.

 image :-)

Installing SQL Server Express

Unlike the nice simple Web Interface which ran on text files, StoreFront needs a SQL database to work.  Since we are going to install in Standalone mode, the server needs to have an instance of SQL Server on it.  SQL Express 2008 R2 is required – the notes say that SQL Server 2012 is supported as well now, but if you install SQL 2012 Express, the option to “Deploy a single server” is greyed out, saying you need SQL 2008 R2 installed

Download SQL Server 2008 R2 Express (with SP1) and run the installer.  Select “New installation…” to start.


Agree to the License terms when they come up.

On the feature Selection screen, you don’t need the Replication or SDK options. 


Leave it on Named Instance, that should work fine.


Windows Authentication should be okay when it asks about that.  Click the Data Directories tab and make them sensible.  Personally I don’t like the DB files hidden somewhere in Program Files, so I make them like this (but choose whatever you want, this really is about personal preference):


Click Next, Next, Next until it actually installs.

Installing StoreFront 1.2

Extract the installer you downloaded onto your server and run CitrixReceiverStorefront-x64.exe

Agree to .net install if needed

image .

Agree to the EULA


And agree to install windows roles if you did not do this earlier and begin the installation


The product should now install ok.

Click Start > Citrix > Citrix Receiver StoreFront

Select Deploy a Single Server.  Note this is greyed out if you don’t have SQL Server running locally.


I put in the URL I previously got working – there, it was worth all the effort after all!


You then get three options: Authentication, Stores, and Receiver for Web.


The only button you can click is Create Service (for authentication), so click it.  You then get three options – here are the explanations from the Citrix Edocs site:

  • User name and password : This is explicit authentication. Users enter their credentials when they access their stores.
  • Domain pass-through :  This enables pass-through of domain credentials from users' devices. Users authenticate to their domain-joined Windows computers and are automatically logged on when they access their stores. In order to use this option, pass-through authentication must be enabled when Receiver for Windows is installed on users' devices.
  • Pass-through from Citrix Access Gateway : With this, users authenticate to Access Gateway and are automatically logged on when they access their stores.

In my case I don’t have an Access Gateway at the moment (though as far as I can tell I am going to need one if I want to use two-factor authentication) and don’t want to use pass-through authentication, so I select User Name and Password to do simple authentication against AD. You might have different needs of course.  It then takes a while creating the service and dumps you back on the first options.  Click Create Store to… well, create the Store.  When prompted, give the store a name:


In this test, I have linked to XenApp, entering a server name and HTTP since this test farm is not using HTTPS.  As it notes, passwords will be send unencrypted.  I have a feeling the security guys are going to encourage me to use HTTPS.  Click Create to complete it.  Don’t worry if you have multiple farms and servers, extra configuration can be added later on, it just needs some basic settings to create the Store.


The Store you have now created can be used to service the new Receiver client on a PC, but you almost certainly want to create a web site as well.  Click Create Site…


Lots of stuff appears under the Default Web Site in IIS and I can now go to this URL to access my store:



The first time you go to this it will take an age, though it does speed up.


Very nice.  You seem to get these green bubbles no matter what client you want to use.  I can see a request coming down to customise them at some point though. 

Final configuration of StoreFront

Go back to your server and go into Citrix Receiver StoreFront from the Start Menu again.  You should now see all the options, so clicking Authentication shows you the method you selected.  Feel free to change this if you have changed your mind, or to customise it (by restricting the domains for instance).


Note the option to manage Merchandising Server.  If you have a Merchandising server installed, you can enter its URL here.  If you have no idea what this is, its a virtual appliance (Citrix are obsessed with these at the moment – basically a XenServer or VMware image of a pre-configured Linux VM running an application) which can distribute and update pre-configured clients.  Its a good way to get the new Receiver client out there, which is incidentally a requirement to actually use this on a PC.

Click Stores on the left to look at the Store you created earlier.  The main thing here you might want to do is to configure the server farms which the store will connect to, by selecting Store and clicking Manage Server Farms.  I suppose if you have multiple farms (say, for testing), you might create multiple Store URLs, so the test farms were not connected to the URL your users were logging into.  Note the other options here – an option for configuring Legacy support, so old Agent style clients can connect through the StoreFront system.  You can also connect to Citrix Online and set up Remote Access, which are way beyond this little proof of concept.

Click Receiver for Web and you should see your website.  You probably only need one of these.


Just a note in case you are not getting any connections through this, look in the Event Viewer. Under Applications and Services Logs, then Citrix Delivery Services.  If there is lots of errors, panic.


Customising the graphics

You know management will ask about this. 

The jolly green bubbles graphic is here:


(obviously the path will change depending on the store name and where you based your IIS site, but something like this at least, and there will be one per store).

Feel free to either replace this entirely or to just edit it.  Here, I think this looks perfect…


Content Redirection

By default this is turned on when you create a store.  This means that if your Citrix published applications are set up to use content redirection, users who connect to the StoreFront with the Citrix Receiver client will see files open with Citrix rather than any local applications they have.  To turn this off, find this file (its location will be different if you did not call your store “Store”…


Search this file for this string and change the “on” to “off”