Provisioning Server 6.1 Hotfix 18

Hotfix 18 was released yesterday.

Among other things, it addresses an issue with HA failover that can prevent devices from switching servers during an outage.


For a full list, read the article and download from here.



Removable Drive passthru with XD and XA

So Citrix allows you to passthru local devices into XD and XA sessions.  Floppy drives (really?!), optical drives, fixed disks, and removable storage, what fun!  With the Presentation Server 10.x client on the physical device, and Receiver 3.4 Enterprise in the Win7 XD VM, the removable devices passthru as floppy drives.  So, plug in your $300 Kingston HyperX USB-3 drive, and Citrix thinks it’s a floppy.  Brilliant!  But, it works.  Now, you upgrade the client on your physical Win7 machine to Receiver 3.4, and connect to your virtual Win7 desktop that has Receiver 3.4 Enterprise on it.  The USB passthru into XD works, and content redirection tries real hard, but you get an error after the app launches saying it can’t find the file.  You do file -> open, and sure enough, none of the drives from the physical machine have been passed into the XA session.  I previously blogged about this, but this issue is different.  In that scenario, the client devices were a major-name-brand thin client, and that registry key seemed to address the issues.  Apparently I spoke too soon, for that solution does not work in all scenarios.

The solution in this case?  Receiver 4.  Upgraded the Receiver on the physical Win7 client, and bam!  Everything passed through exactly as you would expect it should.

Maddening?  iMacs running v11.7 and v11.8 of the receiver client didn’t have this issue, they just worked.  Really, Citrix?  Your software runs on Windows.  The servers, the virtual desktops, all of it.  Yet the clients you publish only work flawlessly out of the box on Macs?  For shame.



Trend OfficeScan AV in Provisioned VMs?

So, some mandate from above has come down and you absolutely MUST have AV in your provisioned VMs (whether they be XenApp or XenDesktop).  Forget that Citrix does everything they can to steer you away from this, and the VMs are read only, and….  Well, you get the idea.  Either way, the powers that be said that there must be AV, and they are willing to pay for Atlantis or SSD storage or whatever it takes to make sure you’ve got enough IOPS to feed it.

So you say to yourself “Ok, it’s not my money anyway.  As long as the performance is there and the end users get a solution that is acceptable to them, it makes no difference to me.”  And then, the hard part:  How do you make it work??  Trend registers each client machine against the OSCE server using the GUID of the installed Trend OSCE client, NOT the machine’s SID.  But, since all the machines are basically carbon copies of that one base image, what’s a guy to do?  So, you went home, you pulled out your hair, you drank some beers to get over the headache this all caused you, and now, you’ve wound up here.  Fear not, brave Citrix admin:  I’ll show you the way.

Now, anyone with some decent Googlefoo can certainly run across another blog from some guy with a surname I can’t pronounce and with a TLD of .eu.  That’s where some of this came from.  However, I found the information there to be less than completely helpful, and, moreover, it didn’t solve the issue completely (not to mention the code needed help – option explicit, unused declared variables, scoping issues, etc).  What to do?  Improve, of course.

Step 1.  Copy this code into a vbs script of your choosing (this is for x64 VMs – if you want it for x86 VMs just edit the registry read/write lines to take out wow6432node)

On Error Resume Next
Set oShell = WScript.CreateObject("WScript.Shell")
Set oFS = CreateObject("Scripting.FileSystemObject")
sCacheDrive = "d:\"
sFolder = sCacheDrive & "\Trend"
sFile = "Trend.txt"
sLogPath = sFolder & "\Trend_log.txt"
If oFS.FileExists(sLogPath) Then oFS.DeleteFile(sLogPath)
If oFS.DriveExists(sCacheDrive) Then
If oFS.FolderExists(sFolder) Then
If oFS.FileExists(sFolder & "\" & sFile) Then
LogFile (sFile & " file found. Exiting script.")
Set oFile = oFS.CreateTextFile(sFolder & "\" & sFile)
LogFile (sFile & " file not found. Running Check_Trend procedure.")
LogFile ("Check_Trend procedure complete - exiting script.")
End if
LogFile (sFolder & " not found. Creating folder and file.")
oFS.CreateTextFile(sFolder & "\" & sFile)
LogFile ("Running Check_Trend Procedure after creating folder and file.")
End If
LogFile(sCacheDrive &" drive could not be found. Quitting the script.")
End if

Sub Check_trend
sFile2 = "ImgSetup.exe"
sSource = "C:\Trend\Trend\"
sDestination = "C:\Trend\"
LogFile ("Adding Run command for imgsetup.exe.")
oShell.RegWrite "HKLM\SOFTWARE\Wow6432node\Microsoft\Windows\CurrentVersion\Run\Trend OfficeScan ImageSetup", chr(34) & sDestination & sFile2 & chr(34) & " -HideWindow", "REG_SZ"
If Not oFS.FileExists(sDestination & sFile2) Then
LogFile (sDestination & sFile2 & " not found.")
LogFile ("Copying " & sFile2 & " from " & sSource)
oFS.CopyFile sSource & sFile2, sDestination
End If
LogFile ("Running Trend Sysprep.")
oShell.Run chr(34) & sDestination & sFile2 & chr(34), 0 , True
sRegGUID = oShell.RegRead ("HKLM\SOFTWARE\Wow6432node\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID")
LogFile ("GUID =" & sRegGUID)
LogFile("Writing " & sRegGUID & " to the " & sFolder & "\Trend.txt file.")
Set oFile = oFS.OpenTextFile(sFolder & "\" & sFile, 2)
oFile.WriteLine sRegGUID
LogFile ("Starting the Trend Realtime scan service.")
oShell.Run "net start ntrtscan", 0, TRUE
LogFile ("Script Finished.")
End Sub

Sub Read_GUID
Set oFile = oFS.OpenTextFile(sFolder & "\" & sFile, 1)
LogFile ("Running Read_GUID procedure.")
Do While oFile.AtEndOfStream = False
sLine = oFile.Readline
LogFile ("Writing GUID " & sLine & " to the registry.")
oShell.RegWrite "HKLM\SOFTWARE\Wow6432node\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID", sLine, "REG_SZ"
LogFile ("Starting tmlisten.")
LogFile ("Starting ntrtscan.")
oShell.Run "net start tmlisten", 0, TRUE
oShell.Run "net start ntrtscan", 0, TRUE
LogFile ("Script Finished.")
End Sub

Sub LogFile(Message)
Set lFile = oFS.OpenTextFile(sLogPath, 8, True)
lFile.WriteLine Now & " - " & Message
End Sub

Modify line 4 in the VBS above to reflect your cache drive letter.  Sorry the formatting got wrecked, blame it on the WP editor.  PLEASE TEST this before just stuffing it into production!  I am not responsible for your copy/paste/fail maneuvers if you don’t at least have a basic handle on VBS and can’t identify a code fragment that belongs on the previous line (nor am I responsible for any other reason, use at your own peril, etc etc — but I digress)…

Step 2.  Copy this code into a cmd file and name it whatever you choose.

REG Delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Trend OfficeScan ImageSetup" /f
REG Delete "HKLM\SOFTWARE\Wow6432Node\TrendMicro\PC-cillinNTCorp\CurrentVersion\GUID" /f
del c:\Trend\imgsetup.exe
del c:\Trend\TmEngDrv.dll
del c:\Trend\TmPfwApi.dll
del c:\Trend\TmProxy.dll

Step 3.  Go into your VM in private mode.  Create the folder C:\Trend, and then create the folder C:\Trend\Trend.  Then, from your OCSE server, copy the file imgsetup.exe into the C:\Trend\Trend folder.

Step 4.  Install the Trend OfficeScan client (This solution tested with 10.5, BTW).  After it’s installed, unload it.  Then set all three of the OSCE services to MANUAL startup.

The VBS script above?  Add it to either the local policy of the image or to a GPO as a startup script.  The CMD above?  Yup, you guessed it, shutdown script.

Then, seal up your VM and shut it down.  Viola!  No more phantom registrations and offline VMs and all sorts of other weirdness in your OCSE reporting console.  Also, I would highly recommend that you create an auto-add domain (by IP, because your provisioned VMs are in a dedicated network, RIGHT?), and apply the correct AV exceptions to that domain.  Don’t know how to do that?  Google got you here, it’ll get you there.  😉


Configuring the Citrix Universal Printer

I might be a bit late to the party on this, but I just haven’t had a chance to play with this until just recently so here is a quick walk through on setting up the Citrix Universal Print Server.  It is not difficult but there are a few things you might find here to save you some time.  You can read about the details of the UPS all over the place but the short story is, the UPS will allow you to have session printers without the need to install drivers directly on the XA servers.  And we all know what a potential pain that can be.

If you haven’t done so already, I’d suggest installing HotFix Rollup Pack 2.  This rollup fixes many general printing issue.

Download the Universal Print Server from your MyCitrix account in the XenApp 6.5 Feature Pack 1 Components section.

NOTE: If anything is listening on port 8080 of your print server, this installation will fail and give you very little information as to why it failed, other than “Citrix Universal Print Server Installation failed.”  

Installing the software:

a.       Install UPClient on the XenApp server(s) following the on-screen instructions.

The spooler restarts automatically at the end of the UPClient installation, and the new Universal printer driver is installed.

b.       On the computer where you use the Citrix Group Policy Management Console, install the Group Policy Management software by double-clicking the CitrixGroupPolicyManagement MSI and following the on-screen instructions.

c.      On the Print Server, install UPServer by double-clicking CitrixUPServer_SelfExtractor.exe and following the on-screen instructions.

The UPServer component installs the following services:

  • XTE Service – Installed under the Network Service account and configured for automatic start (dependent on the Citrix Print Service).
  • Citrix Print Service – Installed under the Local Service account and configured for automatic start. After starting, the Citrix Print Service configures the XTE Service, which then starts.

d.      Enable the Citrix Universal Print Server through Citrix Policies.  This can be done in the Citrix App Center or via Group Policy.

  • Drill down on the Policies node under the XenApp65 farm
  • Citrix Computer Policies > Unfiltered (or create a new policy if you so choose)> Edit
  • Edit Policy > Settings
  • Select Printing > Universal Print ServerUniversal Print Server enable > Add > Enabled with fallback to Windows’ native remote printing (This will fall back the client printing and allow for them to print outside the virtual print channel direct to the print server.)

e.      You can confirm if the print server client loaded correctly by checking for the UpProv.dll file.

  • On the XA server, pull up the command prompt.
  • Type:  tasklist /m /fi “imagename eq spoolsv.exe” > c:\CitrixUPS.txt.  (This will pipe the contents of the command to a text file in the root of the C: drive.)
  • Open this file with your favorite text editor and search for UpProv.dll.
  • Locating this file confirms the UPS has loaded.


To test if the Universal Print Server is working, create a session printer as normal using a Citrix policy.  Point the policy to the UNC path of the printer on the print server.   Do not load any drivers on the XA server.  Launch a Citrix published app like Notepad.  You should see your session printer.

In Notepad, select File | Print, right click on the session printer, Properties, Advanced and check the driver.  It should show the driver as the Citrix Universal Printer.