Citrix Receiver Your Logon Has Expired Please Login Again to Continue

Navigation

• Change Log
• VDA Virtual Machine Hardware
• Windows Configuration
• Install – Virtual Delivery Agent 7.xv.8000 LTSR
  • Install – Profile Management 7.15.7000 Hotfix 1 – security fix
  • Install – VDA seven.15.6000 Security Updates
  • Microsoft FSLogix – Outlook OST, OneDrive, etc.
  • Browser Content Redirection add-on
  • Citrix Desktop Service
  • Customer Experience Improvement Programme (CEIP)
  • Connexion Quality Indicator
  • Adaptive Transport
  • Tedious Logons
  • Change Controller Registration Port to something other than port 80
  • Verify VDA Registration with Controller
•  Receivers:
  • Receiver 4.nine.8000
  • Citrix PDF Printer 7.11.0 for Receiver for HTML5
  • Citrix File Admission 2.0.iii for Receiver for Chrome
• Framehawk Configuration
• Remote Desktop Licensing Configuration
• Reduce C: Drive Permissions
• Configure Pagefile for Provisioning Services
• Direct Access Users Group – allow non-administrators to RDP to the VDA
• Enable Windows Profiles v3/v4 – Windows 2012 R2 only
• Registry Settings – black screen, published Explorer, Screen Saver, Smart Card, HTML5 Clipboard, HTML5 Upload Folder, 4K Monitors, COM Ports
• Restore Legacy Customer Drive Mapping
• Print Commuter for Mac and Linux Clients
• HTML5 Receiver – SSL for VDA
• Anonymous Accounts
• Antivirus
• Optimize Performance
• Seal and Shut Downward
• Troubleshooting – Graphics
• Uninstall VDA

💡 = Recently Updated

Alter Log

• 2021 Aug eleven – updated Install VDA and VDA Port section screenshots for vii.15.8000 (Cumulative Update 8)
• 2021 July 13 – Profile Management 7.fifteen.7000 Hotfix ane – security gear up
• 2021 Feb 9 – updated Install VDA and VDA Port section screenshots for 7.15.7000 (Cumulative Update 7)
• 2021 Jan 29 – vii.15.6000 Security Updates – updated for Hotfix 6005
• 2020 Nov 10 – 7.15.6000 Security Updates
• 2020 Jun 30 – updated Install VDA and VDA Port department screenshots for 7.xv.6000 (Cumulative Update half-dozen)
• 2019 Nov 16 – Optimize Performance – added link to Citrix Weblog Post Citrix Optimizer two.6 – What's new.
• 2019 November nine – Browser Content Redirection – ADMX GPO template updated in November 2019
• 2019 Oct 23 – updated Install VDA and VDA Port section screenshots for seven.fifteen.5000 (Cumulative Update v)
• 2019 Aug 30 – upgrade LTSR Receiver to version 4.nine.8000
• 2019 Aug 15 – Slow Logons – added alert from Citrix Policies aren't reapply / refreshed during Reconnect at Citrix Discussions.
• 2019 Jun 22 – upgrade LTSR Receiver to version 4.9.7000
• 2019 May 11 – Optimize Functioning – added link to Microsoft Docs Optimizing Windows ten, version 1803, for a Virtual Desktop Infrastructure (VDI) function
• 2019 April 23 – updated Install VDA and VDA Port department screenshots for vii.fifteen.4000 (Cumulative Update 4)
• 2019 Mar 4 – Desktop Helper – added link to Jeremy Saunders Controlling the Starting of the Citrix Desktop Service (BrokerAgent)

Hardware

Hypervisor Host Hardware

• Citrix Blog Post Citrix Scalability — The Dominion of v and 10: Simply have the number of physical cores in a hypervisor host, multiply it past 5 or x, and the effect will be your Unmarried Server Scalability. Use 5 if you're looking for the number of XenDesktop VMs you can host on a box, and use 10 if you're looking for the number of XenApp user sessions yous can host on a box.

Virtual Motorcar Hardware

1. Hypervisor Support – CTX131239 Supported Hypervisors for XenDesktop and Provisioning Services
   • 7.15 LTSR Cumulative Update iii (merely not Cumulative Update 2) supports vSphere 6.vii Update 1
2. VDA virtual machine sizing:
   1. For virtual desktops, requite the virtual machine: 2+ vCPU and ii+ GB of RAM
   2. For Windows 2008 R2 RDSH, give the virtual automobile 4 vCPU and 12-24 GB of RAM
   3. For Windows 2012 R2 RDSH, requite the virtual automobile 8 vCPU, and 24-48 GB of RAM
   4. Run into Daniel Feller Sizing Windows 2016, Windows 2012 And Windows 10 Virtual Machines
      
3. If using RAM caching (MCSIO or PvS), add more than RAM for the cache
4. Remove the floppy drive
5. Remove any series or LPT ports
6. If vSphere:
   1. To reduce disk space, reserve memory. Memory reservations reduce or eliminate the virtual motorcar .vswp file.
   2. The NIC should be VMXNET3.
   3. For vGPU, if vSphere 6.vii Update 1 and seven.15 LTSR CU3, setvgpu.hotmigrate.enabled Advanced vCenter Server Setting to true. (source = William Lam How to enable vGPU vMotion in vSphere half-dozen.7 Update 1)
      
7. If this VDA will boot from Provisioning Services:
   1. For vSphere, the NIC must be VMXNET3.
      
   2. For vSphere, configure the CD-ROM to boot from IDE instead of SATA. SATA comes with VM hardware version x. SATA won't piece of work with PvS.
      
8. For Windows 10 – see CTX224843 Windows x compatibility with Citrix XenDesktop
   • Citrix provides partial back up for Semi-Annual Channel Targeted (aka Electric current Co-operative) versions of Windows 10
   • Citrix provides full support for Semi-Annual Channel (Wide) (aka Current Co-operative for Business) versions of Windows 10, starting with the VDA version released later a Windows ten version is designated as Broad (typically 4 monthly patches after initial release).
     • Windows 10 1703 Broad is supported by VDA 7.15, since VDA 7.15 was released later Windows 10 1703 was designated as Broad (after four monthly Windows patches).
     • Windows x 1709 Targeted: Citrix Product Manager in the comments mentioned that 7.xv will back up 1709. Citrix has a live article about all this: CTX229052. The Microsoft patches required for 1709 will come up out in 2 dates:
       • Nov 14th (Patch Tuesday KB4051314) volition allow you to upgrade from 1703 and older with a VDA already installed, to 1709.
       • '11D' patch (last week of November via Microsoft Update Catalogue) will allow you to do a fresh new VDA install on top of 1709.
     • Information technology's possible that LTSR seven.fifteen Cumulative Updates will back up newer versions of Windows 10.
9. Install the latest version of hypervisor drivers (east.g. VMware Tools).
   1. If Windows 7 on vSphere, don't install the VMware SVGA commuter. For more details, come across Citrix CTX201804 Intermittent Connection Failures/Black Screen Issues When Connecting from Multi-Monitor Client Machines to Windows vii VDA with VDA seven.x on vSphere/ESXi.
      
10. The vSphere Action Monitoring Feature with NSX Guest Introspection feature uses a TDI commuter (vnetflt.sys), which might cause a "Connection Interrupted" bulletin when users log off of Citrix. See VMware 2121307 Windows virtual machines using the vShield Endpoint TDI Manager or NSX Network Introspection Commuter (vnetflt.sys) commuter fails with a blue diagnostic screen and XenDesktop 7.12 logoff: Connection interrupted at Citrix Discussions.
    

If vSphere, disable NIC Hotplug

1. Users could apply the systray icon to Eject the Ethernet Controller. Obviously this is bad.
   
2. To disable this functionality, power off the virtual auto.
   
3. Once powered off, correct-click the virtual machine, and click Edit Settings.
   
4. On the VM Options tab, expand Advanced, and then click Edit Configuration.
   
5. On the bottom left, enter devices. hotplug. On the right, enter false. So clickAdd.
   
6. Then click OK a couple times to close the windows.
7. The VM tin so be powered on.
   

Windows Preparation

1. Computer Grouping Policy – Make certain the Master VM is in the same OU as the Linked Clones and so the Main VM volition get the calculator-level GPO settings in its registry. Run gpupdate on the principal after moving the VM to the right OU. When Clones are created from the Primary, the computer-level GPO settings will already be practical, thus eliminating a timing effect.
   
2. If RDSH (Server Bone), disable IE Enhanced Security Configuration in Server Managing director > Local Server.
   
3. Optionally, go to Activity Centre (Windows 8.ane or 2012 R2) or Control Panel >Security and Maintenance (Windows 10/2016) to disable User Account Command, and enable SmartScreen.
   
   1. In Windows 10 1703 and newer, search the Settings app forChange User Account Control settings.
      
   2. SmartScreen is configured in Windows Defender Security Center > App & browser control.
      
4. Run Windows Update.
   
   
5. Add your Citrix Administrators group to the local Administrators grouping on the VDA. Computer Management.
   
6. The Remote Desktop Services "Prompt for Password" policy prevents Single Sign-on to the Virtual Delivery Amanuensis. Bank check registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services. If fPromptForPassword = 1 then you need to ready group policy. The post-obit GPO setting will forestall Single Sign-on from working.

   Computer Configuration | Policies | Authoritative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Security | Ever prompt for password upon connection

   Or set the registry value HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\ Portica\AutoLogon (DWORD) = 0x1. This registry value only applies to Desktop OS, non Server Bone. (source = comments)

7. For Windows vii/2008 R2 VDAs that will use Personal vDisk, orAppDisk, or any other layering technology, install Microsoft hotfix 2614892 A computer stops responding considering of a deadlock situation in the Mountmgr.sys driver. This hotfix solved a Personal vDisk Prototype update issue detailed at Citrix Discussions.
   
8. If this VDA is Windows Server 2008 R2, come across https://www.carlstalhood.com/windows-server-2008-r2-postal service-sp1-hotfixes/.
   
9. To remove the born apps in Windows 10, run across Robin Hobo How to remove born apps in Windows 10 Enterprise.
10. For Remote Assist in Citrix Director, configure the GPO settingComputer Configuration | Policies | Administrative Templates | System | Remote Assistance | Offer Remote Assistance. See Jason Samuel – How to setup Citrix Director Shadowing with Remote Assistance using Grouping Policyfor more details.
    
11. If you intend to utilise Citrix's SCOM Management Packs for XenApp/XenDesktop, make sure WinRM is enabled on the VDA by runningwinrm quickconfig. Or you lot can enable WinRM using Group Policy.
    

Install Virtual Delivery Agent vii.15.8000 LTSR

Citrix periodically releases Cumulative Updates for LTSR versions of VDA. The latest Cumulative Update for 7.15 is CU8 (vii.15.8000). Get in the addiction of periodically upgrading your LTSR VDAs to the latest Cumulative Update.

Fix:

1. For virtual desktops, make sure you are logged into the console. The VDA won't install if you are connected using RDP.

CLI Install:

Command Line Install Options are detailed at Install using the command line at Citrix Docs.

The Citrix Telemetry Service seems to cause problems. You lot tin use the Command Line Installer to exclude Telemetry Service as detailed at VDA upgrade cmdlet at Citrix Discussions.

XenDesktopVDASetup.exe /quiet /noreboot /masterimage /Enable_HDX_PORTS /enable_framehawk_port /Enable_REAL_TIME_TRANSPORT /optimize /controllers "xdc01.corp.local xdc02.corp.local" /Exclude "Citrix Telemetry Service"

Citrix Blog Postal service Citrix VDA Commandline Helper Tool: a GUI to configure the VDA installation options.

GUI Install:

1. Mount the downloaded XenDesktop vii.15.8000 LTSR ISO.
2. Run AutoSelect.exe from the ISO.
   
   1. Alternatively, you lot can download the standalone VDA package and run that instead. Go the main XenDesktop 7.xv.8000 download folio. Aggrandize the section labelledComponents that are on the product ISO but too packaged separately to download the Standalone VDA installers. Notation: 7.15.8000 also has a VDA installer called Desktop Bone Core Services that is designed for Remote PC deployments and is not typically used on virtual machines.
      
   2. If yous desire to afterward install Browser Content Redirection, and so you'll need to install the VDA 7.15 CU8 with HTML5 disabled. You exercise that by including the /FEATURE_DISABLE_HTML5 command line switch when running XenDesktopVDASetup.exe.
      
3. Click Start side by side to either XenApp or XenDesktop. The only difference is the product name displayed in the installation sorcerer.
   
4. On the top right, click Virtual Delivery Agent for Windows Desktop Os, orWindows Server OS, depending on which type of VDA you are building.
   
   
5. In the Surroundings page, select Create a Master Image, and click Next.
   
   
6. For virtual desktops, in the HDX 3D Pro folio, click Next.
   
7. In the Core Components folio, if yous don't demand Citrix Receiver installed on your VDA, and so uncheck the box. Receiver is commonly only needed for double-hop connections (connect to first VDA, and then from there, connect to second VDA). Click Next.
   
8. In theAdditional Components page, uncheckCitrix AppDisk/Personal vDisk. This feature has been deprecated and is being replaced by Citrix App Layering (Unidesk). If you are installing VDA on Windows 10 1709 or newer, then it is critical that you uncheck this. ClickNext.
   
   
9. In the Commitment Controller folio, select Do it manually. Enter the FQDN of each Controller. Click Test connection. And so make sure y'all click Add together. Click Adjacent when done.
   
10. In the Features page, check boxes. Only the top box is checked by default. If y'all want to use the other features, check the boxes. So click Next.
    
11. In the Firewall page, click Next.
    
12. In the Summary page, click Install.
    
    
13. Click Close if you are prompted to restart.
    
14. After the reboot, login.
15. If you see aLocate 'XenDesktop LTSR CU8' installation media window:
    
    1. Don't close the Locate window.
    2. Mount theXenApp_and_XenDesktop_7.15.8000.iso.
       
    3. Go back to theLocate window.
    4. On the lesser left, nether This PC, click the mounted drive. Then click the Select Binder button.
       
    5. Installation will resume.
16. Note:NT SERVICE\CitrixTelemetryService needs permission to login as a service.
17. In the Telephone call Home page, clickConnect, enter your MyCitrix.com credentials, and and so clickAdjacent.
    
    
18. In theEnd folio, click Finish to restart the machine once more.
    
    
19. Co-ordinate to CTX225819 When Launching an Application Published from Windows Server 2016, a Blackness Screen Appears for Several Seconds Earlier Application is Visible, HKLM\SOFTWARE\Citrix\Citrix Virtual Desktop Amanuensis\DisableLogonUISuppression (DWORD) should be set to 0.
    

Contour Management seven.15.7000 Hotfix 1 – Security Fix

This update fixes a Local privilege escalation as detailed at CTX319750 Citrix Virtual Apps and Desktops Security Update. This hotfix might not exist needed if you are running VDA seven.15.8000.

1. Download Hotfix ProfilemgtWX64_7_15_7001 and extract it.
2. From the ProfilemgtWX64_7_15_7001 folder, run profilemgt_x64.msi.
   
3. In theWelcome to the Citrix Profile management Setup Sorcerer page, click Next.
   
4. In the Terminate-User License Agreement folio, bank check the box next to I accept the terms and click Side by side.
   
5. In theDestination Folder page, click Side by side.
   
6. In the Gear up to install Citrix Profile direction page, click Install.
   
7. Click OK if prompted to update existing files.
   
8. In the Completed the Citrix Profile direction Setup Wizard folio, click Cease.
   
9. Click Yep when asked to restart at present.
   

Also update the UPM VDA Plugin.

1. Download Hotfix UPMVDAPluginWX64_7_15_7001 and extract it.
2. From the UPMVDAPluginWX64_7_15_7001 folder, run UpmVDAPlugin_x64.msi.
   
3. In the Welcome to the UpmVDAPlugin Setup Magician page, click Adjacent.
   
4. In theStop-User License Understanding folio, check the box next to I have the terms and click Next.
   
5. In the Destination Folder page, click Next.
   
6. In the Set up to install UpmVDAPlugin folio, click Install.
   
7. Click OK if you see Files in Apply.
   
8. Click OK to update existing files.
   
9. In the Completed the UpmVDAPlugin Setup Wizard folio, click Cease.
   

Microsoft FSLogix

If yous need to roam the user's Outlook .OST file (Outlook Buried Mode), Outlook Search Index, OneDrive cache, OneNote data, SharePoint data, Skype data, and/or Teams data, then download, install, and configure Microsoft FSLogix. FSLogix has more Part roaming features than Citrix Contour Management. A common architecture is to enable FSLogix Part Container for the Office cache files and use Citrix Contour Direction for all other roaming contour files and registry keys.

Microsoft FSLogix is gratuitous for all Microsoft RDS CALs, Microsoft Virtual Desktop Admission per-user CALs, and all Microsoft Enterprise E3/E5 per-user licenses. Notice that per-device licenses are excluded.

G0-EUC tested FSLogix Profile Container (not Part Container) and found that information technology reduces capacity by 27%. (source = The bear on of managing user profiles with FSLogix)

Do the following to install Microsoft FSLogix on the VDA car:

1. Go to https://docs.microsoft.com/en-us/fslogix/install-ht and click the download link.
   
2. Extract the downloaded .zip file.
3. In the FSLogix \x64\Release binder, run FSLogixAppsSetup.exe.
   
4. Bank check the box next toI agree to the license terms and conditions and click Install.
   
5. In theSetup Successful folio, click Restart.
   
6. Brand sure theWindows Search service is set to Automatic and Running.
   
7. If Part is already installed, then repair the Office installation afterward installing and starting the Windows Search Service.
   

FSLogix is configured through Group Policy or past editing registry values on each FSLogix Agent motorcar.

Browser Content Redirection

Browser Content Redirection (BCR) can optionally be added to VDA 7.15 Cumulative Update 3 or newer. This is a back port of the aforementioned BCR feature in Citrix Virtual Apps and Desktops (CVAD) 1811.

BCR requires Workspace app and will not work on Receiver, including the LTSR version of Receiver.

To install BCR on VDA 7.15.8000:

1. Download Browser Content Redirection 15.15. The BCR add-in has not been modified for 7.xv.8000.
   
2. If you installed the VDA using AutoSelect.exe, and then y'all'll demand to uninstall the VDA and reinstall it, simply this time from the command line.
   
   
   1. On the 7.15.8000 ISO, become to \x64\XenDesktop Setup and copy the path to theXenDesktopVDASetup.exe file.Copy every bit path appears when you concord downwardly Shift while right-clicking.
      
   2. Open a control prompt and paste the path.
   3. At the cease of the path, enter/FEATURE_DISABLE_HTML5 and printing Enter.
      
   4. Reinstall the VDA similar normal.
3. After VDA seven.xv CU8 is installed with the HTML5 Feature disabled, run the downloaded BCR_x64.msi. It installs silently and quickly.
   
4. To verify it is installed, open Programs and Features (or Apps and Features) and findCitrix Browser Content Redirection version15.15.0.ten.
   
5. If you open Services on the VDA, yous'll see theCitrix HDX services.
   

BCR GPO Admin Templates

vii.15 does not take the Citrix Policy settings to control BCR and so you'll instead need to install a GPO ADMX template. This template was updated in November 2019.

1. In the same download page for Browser Content Redirection 15.xv, scroll down to find theADMX Files and and then download it.
   
2. Extract the .zip file.
3. Inside the extracted ADMX folder, open the64bit folder and copyMultimediaGroupPolicy.admx to the clipboard.
   
4. Go to your PolicyDefinitions binder (in Sysvol, or C:\Windows) and then paste the .admx file.
   
5. Back in the extracted ADMX files, go up a folder to the root of the ADMX files and copyMultimediaGroupPolicy.adml to the clipboard.
   
6. Become to your PolicyDefinitions binder (in Sysvol, or C:\Windows), open theen-United states of america folder, and then paste the .adml file.
   
7. When you open a Group Policy that applies to the VDA Computers, in the Computer half of the GPO, nether Administrative Templates, you lot'll see a new node namedHDX Browser Content Redirection. The settings in this binder are the same ones configured in Citrix Policy in newer versions of Citrix Virtual Apps and Desktops (CVAD). See https://www.carlstalhood.com/published-applications/#browsercontentredirection for configuration details.
   

BCR requires Workspace app and will not work with Receiver, including the LTSR version of Receiver.

Citrix Desktop Service

To forbid Citrix Desktop Service (BrokerAgent) starting and registering with the Commitment Controllers earlier the boot procedure is consummate, see Jeremy Saunders Controlling the Starting of the Citrix Desktop Service (BrokerAgent).

Customer Feel Comeback Program (CEIP)

Customer Feel Comeback Program (CEIP) is enabled by default. To disable information technology, create the registry valueHKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Telemetry\CEIP\Enabled (DWORD), and set it to 0 (naught). Also run into CEIP at Citrix Insight Services at Citrix Docs.

Meet https://world wide web.carlstalhood.com/delivery-controller-seven-15-ltsr-and-licensing/#ceip for additional places where CEIP is enabled.

Connexion Quality Indicator

The Connection Quality Indicator tells the user the quality of the connection. Position of the indicator is configurable by the user. Thresholds are configurable through grouping policy.

Download it from CTX220774 Connexion Quality Indicator and install information technology. The article is very detailed.

Group Policy templates are located at C:\Programme Files (x86)\Citrix\Connection Quality Indicator\Configuration. Re-create the files and binder to <Sysvol>\Policies\PolicyDefinitions, or C:\Windows\PolicyDefinitions.

Observe the settings nether Computer Config | Policies | Administrative Templates | Citrix Components | Virtual Desktop Amanuensis | CQI

Version 1.two adds the GPO settings to the user half of a GPO.

Notification display settings lets y'all customize the user notifications, or disable them.

Connection Threshold Settings lets you ready the notification thresholds.

Adaptive Transport

XenApp/XenDesktop 7.15 includes Adaptive Send, which uses EDT protocol, which uses UDP Ports 1494/2598 for HDX connections to the VDA. The UDP ports should already be open in the Windows Firewall.

Adaptive Transport is disabled by default, but can be enabled in the Citrix Policy settingHDX Adaptive Ship.

Deadening Logons

Citrix Discussions Xenapp seven.9: Wait for local session manager: "I have a Xenapp vii.9 surroundings on Windows 2012 R2. When logging in through Citrix I got message "Wait for local session manager" for 20-30 seconds. When logging in to the server with RDS, I do not take to wait for this."

"Add the post-obit 2 registry keys to your seven.ix VDA server – then try connecting to information technology using ICA to come across if the issue all the same occurs:

Add reg keys in "HKLM\SOFTWARE\Citrix\GroupPolicy"
Dword: "CacheGpoExpireInHours" – Value = 5-24 (# of Hours) ***offset with value of v***
Dword: "GpoCacheEnabled" – Value = one

Restart the motorcar afterward adding these registry keys and attempt an ICA connection (at to the lowest degree twice) to see if that helps the Login filibuster."

Mark DePalma at XenApp irksome logon times, user become blackness screen for twenty seconds at Citrix Discussions says that pushing Tile Refresh to a background job speeds upwards logons.

1. Regedit:

   Windows Registry Editor Version 5.00   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Agile Setup\Installed Components\DisableUPMResetCache] @="DisableUPMResetCache" "Version"="1,1,1,1" "StubPath"="REG ADD HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\ImmersiveShell\\StateStore /v ResetCache /t REG_DWORD /d 0 /f" "Locale"="*"

2. UPM Exclusions:

   Directory - '!ctx_localappdata!\Microsoft\Windows\Caches' Registry - 'SOFTWARE\Microsoft\Active Setup\Installed Components\DisableUPMResetCache'

Marvin Neys at XenApp tiresome logon times, user get black screen for 20 seconds at Citrix Discussions says that deletingHKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC at logoff reduces logon times from 40 seconds to 6 seconds.

Remove-Item HKCU:\Software\Microsoft\Windows\CurrentVersion\UFH\SHC

For additional logon delay troubleshooting, see Alexander Ollischer XenApp/XenDesktop – "Please Look For Local Session Director" message when logging into RDS. He found some Windows Updates that caused a logon delay.

XenApp recalculates WMI filters on every reconnect. CTX212610 Session Reconnect 30 sec Delay – DisableGPCalculation – WMI Filters indicates that recalculation can exist disabled by setting HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Reconnect\DisableGPCalculation (DWORD) to ane. Annotation: this registry value might stop Citrix Policies from being re-evaluated when users reconnect (source = Citrix Discussions).

If your VDA is 2008 R2, then CTX207038 Awarding not launching and the session is stuck at the PreLogon state: The 'IgnoreRegUserConfigErrors' registry setting on the Terminal Server volition crusade Winlogon to ignore the fact that information technology cannot contact a DC in the domain of the authenticating user to go the information it is looking for.

• Key = HKEY_LOCAL_MACHINE\Arrangement\CurrentControlSet\Control\Terminal Server
  • Value (DWORD) = IgnoreRegUserConfigErrors = i

CTX212439 Desktop Session Stuck in Pre-Logon State with Bulletin "Please wait for the Local Session Manager":

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize (DWORD) = 48000
• Delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod\50$RTMTIMEBOMB

Controller Registration Port

Some environments will not accept the default port 80 for Virtual Commitment Agent registration, fifty-fifty though registration is authenticated and encrypted on port lxxx. To modify the port, practise the post-obit on the Virtual Commitment Agent:

1. Open Programs and Features. If Windows x 1703 or newer, openApps and Features.
   
2. Find Citrix 7.fifteen LTSR CU8 – Virtual Delivery Agent, and click Change orModify (Windows 10 1703 and newer).
   
3. Click Customize Virtual Delivery Agent Settings.
   
4. Edit the Delivery Controllers, and click Next.
   
5. On the Protocol and Port folio, change the port number, and click Next.
   
6. In the Summary folio, click Reconfigure.
   
7. If you see aCall Abode page, click Connect, enter mycitrix.com credentials, and so click Next.
   
8. In the Finish Reconfiguration folio, click Stop to restart the machine.
   
9. You must also change the VDA registration port on the Delivery Controllers by running C:\Program Files\Citrix\Broker\Service\BrokerService.exe -VDAPort
   
10. For Local Host Cache, on the Delivery Controller, run C:\Program Files\Citrix\Broker\Service\HighAvailabilityService.exe –VdaPort <Correct PORT #> . (Source = CTX229493 VDAs Do Not Register in LHC Mode When Registration Port is Not Fix To Default)
    

Verify that VDA registered with a Controller

1. If y'all restart the Virtual Commitment Agent machine, or restart theCitrix Desktop Service…
   
2. In Windows Logs > Application log, you should see an event 1012 fromCitrix Desktop Service saying that it successfully registered with a controller.
   
3. If you don't see successful registration, and so yous'll need to set the ListOfDDCs registry key.
   1. See VDA registration with Controllers at Citrix Docs.
   2. Run into The About Common VDA Registration Issues & Troubleshooting Steps at Citrix Blogs.
4. You can as well run Citrix's Wellness Assistant on the VDA.
   
   
5. See CTX220772 Technical Primer: VDA Registration for a very detailed explanation of the VDA Registration procedure.

Citrix Receiver 4.9.9002

If you want to run Receiver on the VDA auto, and then upgrade information technology to Receiver 4.ix.8000.

VDA 7.15.8000 comes with Workspace app 1912.1000 LTSR Cumulative Update 1. Update it to Workspace app 1912.5000 Cumulative Update 5

1. Download Citrix Workspace app 1912.5000 Cumulative Update 5.
   
2. On the VDA, every bit ambassador, run the downloadedCitrixWorkspaceApp.exe.
   
3. In theWelcome to Citrix Workspace page, clickCommencement.
   
4. In theLicense Agreement page, cheque the box next toI accept the license agreement, and clickAdjacent.
   
5. In theEnable Unmarried Sign-on page, bank check the box next toEnable single sign-on, and clickInstall.
   
6. In theInstallation successful page, clickCease.
   
7. ClickYes when asked to restart at present.
8. For configuration instructions, run into the Workspace app article.

Citrix PDF Printer 7.11.0 for Receiver for HTML5/Chrome

1. To allow printing from Receiver for HTML5/Chrome, install Citrix PDF Printer. Get it from the Receiver for HTML5 download page in the Additional Components department. Annotation: this PDF Printer is only used past Receiver for HTML5 and Receiver for Chrome.
   
2. Go to the extractedCitrixPDFPrinter_7.eleven.0 and run CitrixPDFPrinter64 .msi.
   
3. In the Please read the Citrix PDF printer License Agreement page, check the box next to I have the terms, and click Install.
   
4. In the Completed the Citrix PDF Universal Commuter Setup Sorcerer folio, click End.
   
5. In Programs and Features (or Apps & Features), information technology is shown every bit version 7.11.0.11.
   
   
6. Configure a Citrix Policy to enable the PDF printer. The setting is chosen Motorcar-create PDF Universal Printer in the user one-half of a Citrix Policy GPO.
   

Citrix File Access 2.0.3 for Receiver for Chrome

1. If you support Receiver for Chrome (Chromebook) and desire to open files on Google Drive using published applications, install Citrix File Access on the VDAs. Become it from the Receiver for Chrome download page, in the Boosted Components section.
   
2. Go to the extractedCitrix_File_Access_2.0.3, and runFileAccess.msi.
   
3. In thePlease read the File Access License Understanding folio, cheque the box next toI accept the terms, and clickInstall.
   
4. In the Completed the File Access Setup Wizard page, click End.
   
5. File Access is listed in Programs and Features (or Apps & Features) every bit version 2.0.3.33.
   
   
6. File Access has a default list of supported file extensions. The listing can be expanded past editing the registry on the VDA. See CTX219983 Receiver for Chrome Fault: Invalid command line arguments: Unable to open the file as it has an unsupported extension.
   
7. To open a file from Google Drive, right-click and and open the file using Citrix Receiver.

Framehawk Configuration

To enable Framehawk, run across https://www.carlstalhood.com/citrix-policy-settings/#framehawkconfig

Remote Desktop Licensing Configuration

On 2012 R2 and newer RDSH, the simply way to configure Remote Desktop Licensing is using grouping policy (local or domain). This procedure also works for 2008 R2 RDSH. This procedure is not needed on virtual desktops.

1. For local group policy, run gpedit. msc. Alternatively, you tin can configure this in a domain GPO.
   
2. Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Licensing.
   
3. Double-click Use the specified Remote Desktop license servers. Change it to Enabled, and enter the names of the RDS Licensing Servers (typically installed on XenDesktop Controllers). Click OK.
   
4. Double-click Gear up the Remote Desktop licensing way. Change it to Enabled and select Per User. Click OK.
   
5. Optionally, you can install theRemote Desktop Licensing Diagnoser Tool. In the Server Manager > Add Roles and Features Wizard, on the Features page, expand Remote Server Administration Tools, expand Function Assistants Tools, expand Remote Desktop Services Tools, and select Remote Desktop Licensing Diagnoser Tool. Then Finish the sorcerer.
   
6. If it won't install from Server Manager, y'all can install information technology from PowerShell by runningInstall-WindowsFeature rsat-rds-licensing-diagnosis-ui.
   
7. In Server Manager, open up the Tools menu, expand Remote Desktop Services (or Final Services), and click Remote Desktop Licensing Diagnoser.
   
   
8. The Diagnoser should find the license server, and signal the licensing style. If you're configured for Per User licenses, then it'south OK if at that place are no licenses installed on the Remote Desktop License Server.
   

Several people in Citrix Discussions reported the following issue: If you encounter a message about RD Licensing Grace Period has expired even though RD Licensing is properly configured, see Eric Verdumen No remote Desktop Licence Server availible on RD Session Host server 2012. The solution was to delete the REG_BINARY in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod only leaving the default. You lot must take ownership and give admin users total control to be able to delete this value.

C: Drive Permissions

This section is more than of import for shared VDAs similar RDSH (Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016).

The default permissions allow users to store files on the C: drive in places other than their profile.

1. Open the Backdrop dialog box for C:.
   
2. On the Security tab, click Advanced.
   
3. If UAC is enabled, clickAlter permissions.
   
4. Highlight the line containing Users and Create Folders, and clickRemove.
   
5. Highlight the line containing Users and Create files (orSpecial), and click Remove. Click OK.
   
6. Click Yes to ostend the permissions modify.
   
7. If you see any of these Mistake Applying Security windows, click Continue. This window should announced multiple times.
   
8. Click OK to close the C: drive properties.

Pagefile

If this prototype will be converted to a Provisioning Services vDisk, and so you must ensure the pagefile is smaller than the cache disk. For case, if you classify xx GB of RAM to your Remote Desktop Session Host, and if the cache disk is only 15 GB, then Windows volition accept a default pagefile size of 20 GB, and Provisioning Services will exist unable to motion information technology to the cache disk. This causes Provisioning Services to cache to server instead of caching to your local cache deejay (or RAM).

1. Open System. In 2012 R2 and newer, you can correct-click the Commencement button, and click System. Notation: in Windows 10 1703 and newer, this method no longer opens the right tool.
   
2. Another choice is to open File Explorer, right-clickThis PC, and clickBackdrop. This works in Windows 10 1703.
   
3. Click Advanced system settings.
   
4. On the Advanced tab, click the peak Settings button.
   
5. On the Avant-garde tab, click Change.
   
6. Uncheck the box next to Automatically manage paging file size for all drives. And so either plow off the pagefile, or set the pagefile to be smaller than the enshroud disk. Don't leave it set to System managed size. Click OK several times.
   

Direct Access Users

When Citrix Virtual Delivery Agent is installed on a auto, non-administrators can no longer RDP to the motorcar. A new local group called Directly Admission Users is created on each Virtual Delivery Amanuensis. Add your non-administrator RDP users to this local grouping so they can RDP directly to the motorcar.

From CTX228128 What is the HKLM\Software\Citrix\PortICA\DirectAccessUsers registry function: TheHKLM\Software\Citrix\PortICA\DirectAccessUsers registry key determines which Local grouping the VDA references to determine if a user should be allowed Unbrokered RDP access. Members of the Local Administrators group will e'er be granted access. If the Registry Key does not exist, or gets deleted, VDA will always allow the Unbrokered RDP Connexion. The Registry key and local grouping are created as part of the VDA installation process.

Windows Profiles v3/v4/v5/v6

Roaming Profiles are compatible only betwixt the following client and server operating system pairs. The profile version is as well listed.

• v6 = Windows 10 (1607 and 1703) and Windows Server 2016
• v5 = Windows 10 (1511 and older)
• v4 = Windows eight.1 and Windows Server 2012 R2
• v3 = Windows eight and Windows Server 2012
• v2 = Windows 7 and Windows Server 2008 R2
• v2 = Windows Vista and Windows Server 2008

For Windows 2012 R2, install Microsoft hotfix 2890783, and set the UseProfilePathExtensionVersion registry value to 1.

CTX230343 Reset Contour Options Is Greyed Out In Citrix Director states that theUseProfilePathExtensionVersion registry value is required on Windows 2012 R2 to enable Director users to reset profiles.

Registry

Black Screen when launch Published Apps on Windows Server 2016

From CTX225819 When Launching an Awarding Published from Windows Server 2016, a Blackness Screen Appears for Several Seconds Before Application is Visible: Citrix and Microsoft take worked together together to deliver code fixes for both Windows Server 2016 and XenApp. Microsoft is targeting their KB4034661 patch for the third week of August 2017. This fix requires a registry edit to enable.

• Central = HKLM\SOFTWARE\Citrix\Citrix Virtual Desktop Agent
  • Value (DWORD) = DisableLogonUISuppression = 0

Published Explorer

From Citrix CTX128009 Explorer.exe Fails to Launch: When publishing the seamless explorer.exe application, the session initially begins to connect as expected. After the loading, the dialog box disappears, and the Explorer application fails to announced. On the VDA, apply the following registry change to set the length of time a customer session waits before disconnecting the session:

• Key = HKLM\Organization\CurrentControlSet\Control\Citrix\wfshell\TWI
  • Value (DWORD) = LogoffCheckerStartupDelayInSeconds = ten (Hexadecimal)

Bare Start Menu Icons

With VDA 7.15 Update 1, the icons on the Start Menu of Windows 2012 R2 and Windows 2016 are sometimes blank.

To workaround this result, employ Group Policy Preferences to set the following registry value at every logon:

• Key = HKCU\Software\Microsoft\Windows\CurrentVersion\ImmersiveShell\StateStore
  • Value (DWORD) = ResetCache = 1

Screen Saver

From Citrix CTX205214 Screensaver Not Working in XenDesktop: By default, Screen Saver doesn't work on Desktop Bone. To enable information technology, on the VDA, configure the post-obit registry value:

• Key =HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Graphics
  • Value (DWORD) =SetDisplayRequiredMode = 0

Smart Card

From CTX231942 Windows 10 Apr 2018 Update (v1803) – Citrix Known Issues – Smart Card Service (SCardSvr) will run only if a Smart Card reader is continued. As ICA sessions redirect the Smart Carte, it finds the service not to be running and fails.  💡

• Key =HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\Cryptography\Calais
  • Value (DWORD) =AllowServiceAccessWithNoReaders =ane

Logon Disclaimer Window Size

From XenApp 7.8 – Session Launch Security/Warning Login Imprint at Citrix Discussions: If your logon disclaimer window has roll bars, prepare the following registry values:

• Key = HKEY_LOCAL_MACHINE\Software\Wow6432node\Citrix\CtxHook\AppInit_DLLS\Multiple Monitor Hook
  • Value (DWORD) = LogonUIWidth = 300
  • Value (DWORD) = LogonUIHeight = 200

Login Timeout

From Citrix CTX203760 VDI Session Launches Then Disappears: XenDesktop, by default, only allows 180 seconds to complete a logon operation. The timeout can be increased by setting the following:

• Key = HKLM\SOFTWARE\Citrix\PortICA
  • Value (DWORD) = AutoLogonTimeout = decimal 240 or higher (up to 3599).

Also come across Citrix Discussions Machines in "Registered" Country, but VM closes after "Welcome" screen.

From Citrix CTX138404 Application Connection Starts but Disappears after Timeout: after loading the application, the dialog box disappears and the awarding fails to appear.

•  Fundamental =HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Command\Citrix\wfshell\TWI
  • Value (DWORD) =ApplicationLaunchWaitTimeoutMS = decimal60000

HDX Wink

From Citrix Knowledgebase article CTX139939 – Microsoft Internet Explorer 11 – Citrix Known Issues: The registry key value IEBrowserMaximumMajorVersion is queried by the HDX Flash service to check for maximum Net Explorer version that HDX Flash supports. For Wink Redirection to piece of work with Internet Explorer 11 set the registry key value IEBrowserMaximumMajorVersion to 11 on the auto where HDX flash service is running. In case of XenDesktop it would be the machine where VDA is installed.

• Key = HKLM\SOFTWARE\Wow6432Node\Citrix\HdxMediaStreamForFlash\Server\PseudoServer
  • Value (DWORD) =IEBrowserMaximumMajorVersion = eleven (Decimal)

From Citrix Discussions: Add together the DWORD FlashPlayerVersionComparisonMask=0 on the VDA under HKLM\Software\Wow6432Node\Citrix\HdxMediaStreamForFlash\Server\PseudoServer.  This disables the Wink major version checking betwixt the VDA and Client Device.

Receiver for HTML5/Chrome Enhanced Clipboard

From Well-nigh Citrix Receiver for Chrome 1.9 at Citrix Docs: To enable enhanced clipboard support, create a REG_SZ registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\wfshell\Virtual Clipboard\Additional Formats\HTML Format\Name="HTML Format". Create whatever missing registry keys. This applies to both virtual desktops and Remote Desktop Session Hosts.

Receiver for HTML5/Chrome Upload Folder

The Receiver for HTML5 (or Chrome) lets upload files.

By default, the user is prompted to select a upload location. If you use the Upload feature multiple times, the final selected binder is not remembered.

Citrix CTX217351 How to Customize File Upload and Download Using Receiver for HTML5 and Receiver for Chrome. Yous can specify a default uploads location by editingHKLM\Software\Citrix\FileTransfer\UploadFolderLocation on the VDA. Environs variables are supported. When this value is configured, users are no longer prompted to select an upload location. The change takes consequence at next logon.

Notation: HTML5/Chrome Receiver besides adds aRelieve to My Device location to facilitate downloads.

4K Monitors

From Citrix Knowledgebase article CTX218217 Unable to span across multiple monitors after upgrade to 7.eleven VDA, Black/Bare screen appears on the monitors while connecting to ICA session: .

1. For VDA 7.11 and newer, calculate the video memory that is required for monitors using the following formula:

   SumOfAllMons (Width * Height) * 4 / 0.iii, where width and top are resolution of the monitor. Notation: There is no hard and fast rule that volition work for all cases.

   Example: Consider the resolution of monitor one is 1920*1200 and monitor 2 is 1366*768. Then SumOfAllMons will exist (1920*1200 + 1366*768)

2. CTX115637 Citrix Session Graphics Memory Reference describes how multi-monitor resolution is determined.
3. Open the registry (regedit) and navigate to: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\vbdenum
4. Increase the value of "MaxVideoMemoryBytes" REG_DWORD value to the to a higher place calculated memory.
5. Reboot the VDA.

Citrix Policies as well command graphics operation.

COM Port Threads

CTX212090 COM Port Intermittently Inaccessible During ICA Sessions: increase the default value of "MaxThreads" nether the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\picaser\Parameters from twenty to a value greater than the number of COM port connections you want to back up. For example, if a XenApp server supports 100 sessions and each session opens two COM ports, the value of "MaxThreads" should be greater than 200.

NVIDIA GRID License

Allow NVIDIA GRID License to apply after the session is started. (Source = Jan Hendrik Meier NVIDIA GRID license not applied before the user connects – License Restriction will not be removed until the user reconnects)

• Key =HKLM\SOFTWARE\NVIDIA Corporation\Global\GridLicensing
  • Value (DWORD) =IgnoreSP = i

Legacy Client Bulldoze Mapping

Citrix CTX127968 How to Enable Legacy Client Drive Mapping Format on XenApp: Citrix Client Drive Mapping no longer uses bulldoze messages and instead they appear as local disks. This is similar to RDP bulldoze mapping.

The erstwhile drive letter method can be enabled by setting the registry value:

• Central = HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\UncLinks (create the key)
  • Value (DWORD) = UNCEnabled = 0
    

When yous reconnect, the client drives will be mapped as drive letters (starts with V: and goes backwards).

Print Driver for Not-Windows Clients

This section applies to Windows viii.1/2012 and newer VDAs.

From CTX140208 Client printing from Mac and Linux clients on Windows 10, Server 2012 R2, and Server 2016. By default, Non-Windows clients cannot map printers due to a missing print driver on the VDA machine.

1. Requirements:
   • Internet Access
   • Windows Update service enabled
2. In Windows ten 1803+, open Printers & scanners. On the right (or scroll down) is a link to Print Server Backdrop.
   
3. In older versions of Windows, you lot can become to Print server properties from Devices and Printers.
   1. In Windows prior to Windows x 1703, click Start, and run Devices and Printers.
      
   2. In Windows 10 1703, open upPrinters & scanners, then ringlet down, and clickDevices and printers.
      
      
   3. In the Printers section, highlight a local printer (e.g. Microsoft XPS Document Writer). And so in the toolbar, click Print server properties.
      
4. In the Print Server Properties window, switch to the Drivers tab. Click Change Driver Settings.
   
5. And so clickAdd together.
   
6. In the Welcome to the Add Printer Driver Sorcerer folio, click Next.
   
7. In the Processor Option folio, click Side by side.
   
8. In the Printer Driver Choice page, click Windows Update. The driver we need won't be in the list until you click this button. Internet access is required.
   
9. Once Windows Update is complete, highlight HP on the left, and so select HP Color LaserJet 2800 Series PS (Microsoft) on the right. Click Side by side.
   
10. In the Completing the Add together Printer Driver Wizard page, click Cease.
    

SSL for VDA

If y'all intend to utilize HTML5 Receiver internally, install certificates on the VDAs so the WebSockets (and ICA) connection volition be encrypted. Internal HTML5 Receivers will not accept clear text WebSockets. External users don't have this problem since they are SSL-proxied through NetScaler Gateway. Notes:

• Each Virtual Delivery Agent needs a machine certificate that matches the motorcar name. This is feasible for a small number of persistent VDAs. For non-persistent VDAs, you'll need some automatic means for creating car certificates every time they reboot.
• Equally detailed in the following procedure, use PowerShell on the Controller to enable SSL for the Delivery Group. This forces SSL for every VDA in the Delivery Group, which means every VDA in the Delivery Group must have SSL certificates installed.

The following instructions for manually enabling SSL on VDA can be institute at Configure TLS on a VDA using the PowerShell script at Citrix Docs.

1. On the VDA car, run mmc.exe.
2. Add the Certificates snap-in.
3. Bespeak it to Local Computer.
4. Request a certificate from your internal Certificate Authority. You can employ either the Figurer template or the Web Server template.
   
   1. You can also employ group policy to enable Certificate Auto-Enrollment for the VDA computers.
      
5. Browse to the XenApp/XenDesktop 7.xv.8000 LTSR ISO. In the Support\Tools\SslSupport folder, shift+correct-click the Enable-VdaSSL.ps1 script, and click Copy every bit path.
   
6. Run PowerShell equally ambassador (elevated).
   
7. Run the control Set-ExecutionPolicy unrestricted. Enter Y to approve.
   
8. In the PowerShell prompt, type in an ampersand (&), and a infinite.
9. Right-click the PowerShell prompt to paste in the path copied before.
10. At the end of the path, type in -Enable
11. If there'due south only i certificate on this car, press Enter.
    
12. If there are multiple certificates, you'll need to specify the thumbprint of the certificate you desire to use. Open up the Certificates snap-in, open the properties of the machine certificate y'all want to use, and re-create the Thumbprint from the Detailstab.
    

    In the PowerShell prompt, at the end of the command, enter ‑CertificateThumbPrint, add a space, and type quotes (").

    Right-click the PowerShell prompt to paste the thumbprint.

    Blazon quotes (") at the end of the thumbprint. And then remove all spaces from the thumbprint. The thumbprint needs to be wrapped in quotes.
    

13. If this VDA motorcar has a different service already listening on 443 (e.g. IIS), and then the VDA needs to utilise a different port for SSL connections. At the end of the command in the PowerShell prompt, enter -SSLPort 444 or whatsoever other unused port.
    
14. There are additional switches to specify minimum SSL Version and Cipher Suites. Likewise run across Citrix CTX226049 Disabling Triple DES on the VDA breaks the VDA SSL connection.
    
15. Press <Enter> to run the Enable-VdaSSL.ps1 script.
16. Press <Y> twice to configure the ACLs and Firewall.
17. You might have to reboot before the settings accept event.
    
18. Login to a Controller, and run PowerShell equally Ambassador (elevated).
19. Run the control asnp Citrix.*
    
20. Enter the command:

    Get-BrokerAccessPolicyRule -DesktopGroupName '<commitment-group-name>' | Ready-BrokerAccessPolicyRule ‑HdxSslEnabled $true

    where <delivery-group-name> is the name of the Commitment Grouping containing the VDAs.
    

21. You lot tin can run Get-BrokerAccessPolicyRule -DesktopGroupName '<delivery-group-name>' to verify that HDX SSL is enabled.
    
22. Also run the post-obit command:

    Set-BrokerSite –DnsResolutionEnabled $truthful

    

You should now be able to connect to the VDA using the HTML5 Receiver from internal machines.

The Citrix blog post How To Secure ICA Connections in XenApp and XenDesktop vii.vi using SSL has a method for automatically provisioning certificates for pooled virtual desktops by enabling certificate automobile-enrollment and setting upwards a task that runs afterwards the certificate has been enrolled.

• From Russ Hargrove at A note on VDA certificates in seven.xiv at Citrix Discussions: Citrix installs a new "Citrix XenApp/XenDesktop HDX Service" certificate in the Personal store which breaks the automation of the Enable-VdaSSL.ps1 script. To fix the problem, modify the task scheduler powershell script to:

  Enable-VdaSSL.ps1 -Enable -CertificateThumbPrint (Get-ChildItem -path cert:\LocalMachine\My | Where-Object -FilterScript {$_.Bailiwick -eq ""} | Select-Object -ExpandProperty Thumbprint) -Ostend:$False

• For certificate auto-enrollment on not-persistent Remote Desktop Session Hosts (aka Server OS VDAs), run into Non-Persistent Server SSL to VDA by Alfredo Magallon Arbizu at CUGC.

Anonymous Accounts

If you intend to publish apps anonymously so follow this section.

1. Anonymous accounts are created locally on the VDAs. When XenDesktop creates Anon accounts it gives them an idle time equally specified at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Citrix\AnonymousUserIdleTime. The default is 10 minutes. Accommodate every bit desired.
   
2. Pre-create the Anon accounts on the VDA by running "C:\Program Files\Citrix\ICAConfigTool\CreateAnonymousUsersApp.exe" . If you don't run this tool, then anonymous users can't login.
   
3. You lot can see the local Betimes accounts by opening Computer Direction, expanding Organisation Tools, expandingLocal Users and Groups and clicking Users.
   
4. If you want profiles for anonymous users to delete at logoff, then you lot'll demand to add the local Betimes users to the local Guests group.
   
5. If you open up ane of the accounts, on the Sessions tab, detect that idle timeout defaults to 10 minutes. Feel costless to change information technology.
   

Group Policy for Anonymous Users

Since Anonymous users are local accounts on each Virtual Delivery Agent, domain-based GPOs will non apply. To work around this limitation, you'll need to edit the local group policy on each Virtual Delivery Agent.

1. On the Virtual Delivery Agent, run mmc.exe.
2. Open up the File menu, and click Add/Remove Snap-in.
   
3. Highlight Group Policy Object Editor, and click Add to move it to the right.
   
4. In the Welcome to the Group Policy Wizard page, click Browse.
   
5. On the Users tab, select Non-Administrators.
   
6. Click Finish.
   
7. Now you can configure group policy to lockdown sessions for anonymous users. Since this is a local group policy, you'll need to repeat the group policy configuration on every Virtual Delivery Agent image. Also, Group Policy Preferences is not bachelor in local group policy.

Antivirus

Install antivirus using your normal procedure. Instructions vary for each Antivirus product.

Microsoft's virus scanning recommendations (e.g. exclude group policy files) – http://support.microsoft.com/kb/822158.

Citrix'due south Recommended Antivirus Exclusions

Citrix Tech Zone Endpoint Security and Antivirus Best Practices: provides guidelines for configuring antivirus software in Citrix Virtual Apps and Desktops environments

Citrix Blog Post Citrix Recommended Antivirus Exclusions: the goal here is to provide you with a consolidated list of recommended antivirus exclusions for your Citrix virtualization environment focused on the cardinal processes, folders, and files that we have seen cause issues in the field:

• Set real-time scanning to browse local drives only and not network drives
• Disable scan on kick
• Remove whatsoever unnecessary antivirus related entries from the Run key
• Exclude the pagefile(due south) from being scanned
• Exclude Windows event logs from being scanned
• Exclude IIS log files from beingness scanned

Come across the Web log Mail for exclusions for each Citrix component/product including: StoreFront, VDA, Controller, and Provisioning Services. The Blog Post too has links to boosted KB articles on antivirus.

Symantec

Symantec links:

• Symantec TECH91070 Citrix and terminal server all-time practices for Endpoint Protection.
• Symantec TECH197344 Best practices for virtualization with Symantec Endpoint Protection 12.1.2 and afterwards
• Symantec TECH180229 Symantec Endpoint Protection 12.1 – Non-persistent Virtualization Best Practices
• Symantec TECH123419 How to set Symantec Endpoint Protection clients on virtual disks for employ with Citrix Provisioning Server has a script that automates changing the MAC address registered with Symantec.
• Citrix Web log Post How to prepare a Citrix Provisioning Services Target Device for Symantec Endpoint Protection
• If profiles are deleted on logoff, prepare Symantec registry valueCloseUserLogFile to 1. Symantec TECH210170 Citrix user sessions are held open by ccSvcHst.exe during log off

Tendency Micro

Trend Micro Slow login on Citrix environment subsequently installing OfficeScan (OSCE): The following registries tin can be used to troubleshoot the issue. These registries will allow a delay on the startup procedure of OSCE until the system has launched successfully. This avoids deadlock situations during login.

Citrix CTX136680 – Slow Server Functioning After Tendency Micro Installation. Citrix session hosts experience slow response and performance more noticeable while users endeavor to log in to the servers. At some bespeak the operation of the servers is affected, resulting in issues with users logging on and requiring the server to be restarted. This consequence is more noticeable on mid to big session host infrastructures.

Tendency Micro has provided a registry ready for this blazon of issue. Create the following registry on all the affected servers. Add new DWORD Value equally:

[HKEY_LOCAL_MACHINE\Organisation\CurrentControlSet\Services\TmFilterParameters] "DisableCtProcCheck"=dword:00000001

Tendency Micro Links:

• Tendency Micro Docs – Trend Micro Virtual Desktop Support
• Trend Micro Docs – VDI Pre-Browse Template Generation Tool
• Trend Micro 1055260 – All-time practice for setting upward Virtual Desktop Infrastructure (VDI) in OfficeScan
• Trend Micro 1056376 – Oftentimes Asked Questions (FAQs) about Virtual Desktop Infrastructure/Support In OfficeScan

Sophos

Best Do for running Sophos on virtual systems: we've clustered the following practical information nearly how you can optimize our software to work with this technology.

Sophos Anti-Virus for Windows XP+: Installation and configuration considerations for Sophos Anti-Virus on a Remote Desktop Services server: Information technology maybe desirable to disable the Sophos AutoUpdate shield icon

Sophos Anti-Virus for Windows 2000+: incorporating current versions in a deejay image, including for apply with cloned virtual machines: This process will make sure that the produced target/cloned computers:

• Get their singled-out identity with Enterprise Console, under which they tin be later managed.
• Have the desired version of Sophos Anti-Virus already installed and configured on the created epitome.

Palo Alto Traps

• Install Traps Agent for Windows:
  • Virtual desktop infrastructure (VDI) installation—Intended for non-persistent endpoints that replicate (also referred to as spawn) from a golden paradigm which has Traps installed.
  • Temporary session—Intended for either physical or virtual endpoints (such as a Remote Desktop Server) that repeatedly revert to a snapshot (or image) on which Traps is not installed.

Windows Defender Antivirus

Deployment guide for Windows Defender Antivirus in a virtual desktop infrastructure (VDI) environment

Cylance

CTX232722 Unable to launch application with Cylance Retentivity Protection Enabled. Cylance must be run in compatibility mode in gild to the VDA and Cylance to run on the same automobile. See the article for detailed instructions.

Optimize Functioning

VDA Optimizer

Installation of the VDA might have already done this but there's no harm in doing information technology again. This tool is merely available if you lot installed VDA in Master Image mode.

1. On the main VDA, go to C:\Program Files\Citrix\PvsVm\TargetOSOptimizer, and runTargetOSOptimizer.exe.
   
2. Then click OK. Notice that it disables Windows Update.
   
3. Meet CTX125874 How to Optimize XenDesktop Machines for the list of registry values changed past the TargetOSOptimizer tool. You can use Group Policy Preferences to set these values.

Windows ten / Windows 2012 R2 / Windows 2016 and newer

Optimization Notes:

• If this automobile is provisioned using Provisioning Services, do not disable the Shadow Copy services.
• Windows 8 detects VDI and automatically disables SuperFetch. No need to disable it yourself.
• Windows viii automatically disables RSS and TaskOffload if not supported by the NIC.
• Citrix CTX213540 Unable To View Printers In Devices And Printers Win 2012 R2 – don't disable the Device Setup Managing director Service
• Citrix CTX131995 User Cannot Launch Application in Seamless Mode in a Provisioning Services Server when XenApp Optimization Best Practices are Applied. Practice not enable NtfsDisable8dot3NameCreation.

RDSH 2008 R2

Citrix CTX131577 XenApp 6.x (Windows 2008 R2) – Optimization Guide is a document with several registry modifications that are supposed to improve server operation. Ignore the XenApp 6 content and instead focus on the Windows content.

Norskale has Windows 2008 R2 Remote Desktop and XenApp half-dozen Tuning Tips Update.

Windows 7

Microsoft has compiled a listing of links to various optimization guides. Information technology's a common practice to optimize a Windows seven virtual machine (VM) template (or image) specifically for VDI employ. Commonly such customizations include the following.

• Minimize the footprint, e.g. disable some features and services that are not required when the Os is used in "stateless" or "non-persistent" way. This is particularly truthful for deejay-intensive workloads since disk I/O is a common bottleneck for VDI deployment. (Especially if there are multiple VMs with the same I/O patterns that are timely aligned).
• Lock down user interface (due east.m. optimize for specific task workers).

With that said the certain practices are quite debatable and vary between actual real-globe deployments. Exact choices whether to disable this or that particular component depend on client requirements and VDI usage patterns. E.1000. in personalized virtual desktop scenario there's much less things to disable since the machine is not completely "stateless". Some customers rely heavily on particular UI functions and other can relatively easily trade them off for the sake of functioning or standardization (thus heighten supportability and potentially security). This is one of the principal reasons why Microsoft doesn't publish whatever "VDI Tuning" guide officially.

Though in that location are a number of such papers and even tools published either by the community or third parties. This Wiki page is aimed to serve as a consolidated and comprehensive list of such resources.

Daniel Ruiz XenDesktop Windows 7 Optimization and GPO'south Settings

Microsoft Whitepaper Performance Optimization Guidelines for Windows 7 Desktop Virtualization

Seal and Shut Downwardly

If this VDA will be a master image in a Machine Creation Services or Provisioning Services catalog, after the master is fully prepared (including applications), do the post-obit:

1. Go to the properties of the C: drive, and run Disk Cleanup.
   
2. If Deejay Cleanup is missing, yous can runcleanmgr.exe instead.
   
3. Windows 10 1703 and newer has a new method for cleaning upwardly temporary files.
   1. Right-click the Showtime button, and clickArrangement.
   2. ClickStorage on the left, and clickThis PC (C:) on the right.
      
   3. ClickTemporary Files.
      
   4. Cheque boxes, and clickRemove files.
      
4. On the Tools tab, click Optimize to defrag the drive.
   `
5. Run slmgr. vbs /dlv and make sure information technology is licensed with KMS and has at to the lowest degree 1 rearm remaining. It is not necessary to manually rearm licensing. XenDesktop will do information technology automatically.
   
6. Run Delprof2 to clean upwardly local profiles. Go it from http://helgeklein.com/download/.
   
7. Machine Creation Services and Provisioning Services require DHCP.
   
8. Session hosts (RDSH) usually have DHCP reservations.
   
9. Base Image Script Framework (BIS-F) automates many sealing tasks. The script is configurable using Group Policy.
   
10. Close downwards the chief image. Y'all can now employ Studio (Machine Creation Services) or Provisioning Services to create a catalog of linked clones.
    

Troubleshooting – Graphics

If Windows seven on vSphere, don't install the VMware SVGA driver. For more than details, meet CTX201804 Intermittent Connection Failures/Black Screen Issues When Connecting from Multi-Monitor Client Machines to Windows 7 VDA with VDA seven.x on vSphere/ESXi.

For Citrix Policies that control graphics codecs, run across https://world wide web.carlstalhood.com/citrix-policy-settings/#graphics

Citrix Web log post – Optimising the performance of HDX 3D Pro – Lessons from the field

From Citrix Knowledgebase article CTX218217 Unable to span across multiple monitors afterward upgrade to 7.xi VDA, Black/Blank screen appears on the monitors while connecting to ICA session:

1. For VDA 7.11 and newer, calculate the video memory that is required for monitors using the following formula :

   SumOfAllMons (Width * Tiptop) * 4 / 0.3, where width and pinnacle are resolution of the monitor. Note: At that place is no difficult and fast rule that will work for all cases.

   Example: Consider the resolution of monitor ane is 1920*1200 and monitor ii is 1366*768. So SumOfAllMons will be (1920*1200 + 1366*768)

2. CTX115637 Citrix Session Graphics Memory Reference describes how multi-monitor resolution is determined.
3. Open up the registry (regedit) and navigate to:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\vbdenum
4. Increase the value of "MaxVideoMemoryBytes" REG_DWORD value to the above calculated memory.
5. Reboot the VDA

From Citrix Discussions: To exclude applications from Citrix 3D rendering, create a REG_DWORD registry value "app.exe" with value 0 or a registry value "*" with value 0.

• XD seven.i and XD vii.v:
  • x86: reg add hklm\software\citrix\vd3d\compatibility /5 * /t REG_DWORD /f /d 0
  • x64: reg add hklm\software\Wow6432Node\citrix\vd3d\compatibility /v * /t REG_DWORD /f /d 0
• XD 7.6/7.7/7.8/vii.9/7.11 both x86 and x64:
  • reg add hklm\software\citrix\vd3d\compatibility /v * /t REG_DWORD /f /d 0

Wildcards are not supported. The asterisk * here has a special meaning "all apps" but is not a traditional wildcard. To blacklist multiple apps e.grand. both appa.exe and appb.exe must be done by creating a registry value for each app individually.

This is virtually problematic in Remote PC since most physical PCs take GPUs. I recently had to blacklist Internet Explorer to prevent lockup issues when switching back to physical.

Uninstall VDA

Uninstall the VDA from Programs and Features.

Then see CTX209255 VDA Cleanup Utility.

To run the VDA Cleanup Tool silently:

1. Execute VDACleanupUtility.exe /silent /noreboot to suppress reboot.
2. In one case the VDACleanupUtility has finished executing, setup Auto logon for the current user.
3. Reboot.
4. Later on reboot, tool will launch automatically to continue Cleanup.

Another option is to delete CitrixVdaCleanup value nether HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce. And so after reboot, runVDACleanupUtility.exe /silent /reboot to betoken that information technology's running after the reboot.

Related Pages

• Provisioning Services Master Device Preparation
• Catalogs / Delivery Groups
• Citrix Policy Settings

pagebasure.blogspot.com

Source: https://www.carlstalhood.com/virtual-delivery-agent-vda-7-15-ltsr/

Share this post