Cxa 301 1i_i_ewb_spdf

Citrix XenApp 6.5 AdvancedAdministration

Citrix Course CXA-301-1I

2 © Copyright 2011 Citrix Systems, Inc.

Citrix XenApp 6.5 AdvancedAdministration

Citrix Course CXA-301-1IOctober 2011Version 1.0


Table of Contents

ModuleModule 1:1: TroubleshootingTroubleshooting thethe XenAppXenApp EnvironmentEnvironment ...................................................................... 1313About Coolidge Consolidated Holdings, Ltd. ........................................................................ 15Lab Scenario ........................................................................................................................ 16Lab Environment .................................................................................................................. 17User Credentials ................................................................................................................... 19Exercise 1-1: Troubleshooting an AppCenter Issue .............................................................. 20Replicating the Issue with Citrix AppCenter ....................................................................... 20Fixing an IMA Service Issue .............................................................................................. 22Fixing a Citrix AppCenter Permission Issue ....................................................................... 23

Exercise 1-2: Troubleshooting Web Interface and XML Issues .............................................. 25Troubleshooting Web Site Issues ...................................................................................... 25Troubleshooting XML Service Issues ................................................................................ 26Verifying the XML Service Fix ............................................................................................ 28

Exercise 1-3: Troubleshooting Launching a Hosted Application ............................................ 29Troubleshooting an Application Launch Failure ................................................................. 29Troubleshooting a Network Issue ...................................................................................... 31Verifying the Connection Changes .................................................................................... 32

Exercise 1-4: Troubleshooting Streaming Applications ......................................................... 34Investigating Absent Streaming Applications ..................................................................... 34Implementing and Verifying a Fix for Absent Streaming Applications ................................. 36Fixing a Published Streaming Profile Path Issue ................................................................ 36Fixing an AppHub Permissions Issue ................................................................................ 37

ModuleModule 2:2: ScalingScaling thethe XenAppXenApp EnvironmentEnvironment .................................................................................................. 3939Exercise 2-1: Preparing to Clone a XenApp Server ............................................................... 41Creating a Sysprep Answer File ........................................................................................ 41Preparing the XenApp Server for Imaging ......................................................................... 43

Exercise 2-2: Cloning a XenApp Server ................................................................................ 45Performing Sysprep on XenAppWorker ............................................................................ 45Viewing the Results .......................................................................................................... 46

Exercise 2-3: Preparing a XenApp Server for Scripted Configuration .................................... 47Creating the Powershell Configuration Script .................................................................... 47Creating the Kickoff Batch File .......................................................................................... 48Modifying a Sysprep Answer File for a Scripted Configuration .......................................... 49

Exercise 2-4: Performing a Scripted Configuration ................................................................ 51Performing Sysprep on XenAppController-2 ...................................................................... 51Viewing the Results of the Scripted Configuration ............................................................. 52

ModuleModule 3:3: CreatingCreating FarmFarm RedundancyRedundancy .................................................................................................................. 5353Exercise 3-1: Load Balancing Web Interface and XML Services Using Citrix NetScaler ........ 55

© Copyright 2011 Citrix Systems, Inc. 5

Setting Up Load Balancing ............................................................................................... 55Verifying the Load Balancing Configuration ...................................................................... 56Configuring DNS to the Virtual Servers ............................................................................. 57Updating the Web Interface Servers to Use the Load-Balanced XML Brokers .................. 58

Exercise 3-2: Testing Load Balancing through Citrix NetScaler ............................................. 59Testing the Current State .................................................................................................. 59Simulating Loss of Service to XenAppController-2 and WebInterfaceServer-2 .................. 59Simulating Complete Loss of the XML Broker and Web Interface Services ....................... 60Restoring the XML Services .............................................................................................. 61

Exercise 3-3: Installing and Configuring Web Interface on Citrix NetScaler ........................... 63Installing Web Interface ..................................................................................................... 63Configuring a XenApp Web Site ........................................................................................ 64Configuring a XenApp Services Site .................................................................................. 64Configuring an Auto-Redirect to the Web Interface Site .................................................... 65Reconfiguring DNS for Web Interface Citrix NetScaler ...................................................... 66Testing Web Interface on Citrix NetScaler ......................................................................... 67

ModuleModule 4:4: MaintainingMaintaining thethe XenAppXenApp EnvironmentEnvironment .................................................................................... 6969Exercise 4-1: Updating the Mozilla Firefox Streaming Profile ................................................. 71Viewing Mozilla Firefox ...................................................................................................... 71Preparing the Firebug Extension ....................................................................................... 72Modifying a Streaming Profile ........................................................................................... 72Verifying the Changes in Mozilla Firefox ............................................................................ 73

Exercise 4-2: Performing Data Store Maintenance Commands ............................................ 75Performing Data Store Maintenance with DSMaint ........................................................... 75Recreating the Local Host Cache ..................................................................................... 76

Exercise 4-3: Configuring Power and Capacity Management .............................................. 77Setting Configuration Details Through Group Policy .......................................................... 77Joining the Servers to the Farm ........................................................................................ 78Configuring Server Preference and Capacity Limits ........................................................... 78Creating a Workload Schedule ......................................................................................... 79

Exercise 4-4: Creating a Restart Schedule for the XenApp Servers ...................................... 80Implementing a Restart Schedule ..................................................................................... 80

ModuleModule 5:5: OptimizingOptimizing thethe XenAppXenApp EnvironmentEnvironment ........................................................................................ 8383Exercise 5-1: Enabling Multi-Stream ICA Policies for Specific ICA Traffic .............................. 85Enabling the Multi-Stream ICA Computer Policy ............................................................... 85Allowing Users Access to Multi-Stream ICA ...................................................................... 86Verifying Multi-Stream ICA ................................................................................................ 87

Exercise 5-2: Enabling CPU and Memory Optimization ......................................................... 88Enabling Memory and CPU Optimization Policies ............................................................. 88Applying Session Importance to Specific Users ................................................................ 89

ModuleModule 6:6: OptimizingOptimizing thethe UserUser EnvironmentEnvironment .................................................................................................. 9191


Exercise 6-1: Configuring Profile Management ..................................................................... 93Configuring a Profile Share ............................................................................................... 93Installing Profile Manager .................................................................................................. 94Configuring Profile Management ....................................................................................... 94Testing Profile Management ............................................................................................. 95

Exercise 6-2: Profiling an Application Requiring a Service ..................................................... 97Profiling an Application with a Service ............................................................................... 97Publishing Bonjour Print Services as a Streaming Application ........................................... 98Testing and Implementing Support for Windows Service .................................................. 99

ModuleModule 7:7: OptimizingOptimizing PrintingPrinting .......................................................................................................................................... 103103Exercise 7-1: Verifying Printer Driver Compatibility with XenApp ......................................... 105Installing Non-Native Printer Drivers ................................................................................ 105Testing Non-Native Printer Drivers Using StressPrinters .................................................. 106

Exercise 7-2: Replicating Printer Drivers Using PowerShell ................................................. 108Manually Replicating a Printer Driver Using PowerShell ................................................... 108Auto-Replicating a Printer Driver Using PowerShell ......................................................... 109

Exercise 7-3: Troubleshooting a Printer Issue with the Citrix Group Policy ModelingWizard ................................................................................................................................ 111Viewing the Existing Policies ........................................................................................... 111Viewing the Resultant Policy for a User in the Finance Group ......................................... 112Implementing a Test Fix ................................................................................................. 113Verifying the Test Fix ....................................................................................................... 113

ModuleModule 8:8: SecuringSecuring XenAppXenApp .............................................................................................................................................. 115115Exercise 8-1: Creating and Distributing Root CA Certificates .............................................. 117Installing Active Directory Certificate Services ................................................................. 117Creating a Root CA on NetScaler ................................................................................... 118Distributing the Root Certificate ...................................................................................... 119

Exercise 8-2: Encrypting External ICA Traffic Using ICA Proxy ............................................ 121Creating a Server Certificate ........................................................................................... 121Creating and Securing a New Web Interface Site ........................................................... 122Adding a DNS Entry for Access Gateway ....................................................................... 124Testing ICA Proxy ........................................................................................................... 124

Exercise 8-3: Restricting External Application Access ......................................................... 126Implementing a Pre-Authentication Policy ....................................................................... 126Testing the Pre-Authentication Policy .............................................................................. 127

Exercise 8-4: Encrypting XML Traffic With SSL Relay ......................................................... 128Creating an SSL Relay Certificate Template .................................................................... 128Creating and Exporting an SSL Relay Certificate From Template .................................... 129Configuring SSL Relay .................................................................................................... 130Updating Web Interface to Use SSL Relay ...................................................................... 131Verifying the SSL Relay Settings ..................................................................................... 131


ModuleModule 9:9: MonitoringMonitoring XenAppXenApp withwith StandardStandard UtilitiesUtilities .................................................................. 133133Exercise 9-1: Using Desktop Director to View Session Data ............................................... 135Installing Desktop Director .............................................................................................. 135Viewing Session Data ..................................................................................................... 136

Exercise 9-2: Monitoring XenApp using Performance Monitor ............................................ 138Restricting Sessions to Use XenAppController-1 ............................................................. 138Using Performance Monitor ............................................................................................ 139

Exercise 9-3: Monitoring XenApp Using Command-Line Utilities ....................................... 141Using the QFarm Command ........................................................................................... 141Restoring Logons to All XenApp Servers ........................................................................ 143

ModuleModule 10:10: MonitoringMonitoring XenAppXenApp withwith EdgeSightEdgeSight .................................................................................. 145145Exercise 10-1: Viewing EdgeSight Historical Data ............................................................... 147Viewing Overall and Specific Category Usage Data ......................................................... 147

Exercise 10-2: Viewing EdgeSight Real-Time Data ............................................................. 148Measuring Session Logon Times ................................................................................... 148Monitoring With a Real-Time Dashboard ....................................................................... 148Creating an EdgeSight E-mail Alert ................................................................................. 149


NoticesCitrix Systems, Inc. (Citrix) makes no representations or warranties with respect to the content oruse of this publication. Citrix specifically disclaims any expressed or implied warranties,merchantability, or fitness for any particular purpose. Citrix reserves the right to make any changesin specifications and other information contained in this publication without prior notice andwithout obligation to notify any person or entity of such revisions or changes.

© Copyright 2011 Citrix Systems, Inc. All Rights Reserved.

No part of this publication may be reproduced or transmitted in any form or by any means,electronic or mechanical, including photocopying, recording, or information storage and retrievalsystems, for any purpose other than the purchaser’s personal use, without express writtenpermission of:

Citrix Systems, Inc.

851 West Cypress Creek Road

Fort Lauderdale, FL 33309

http://www.citrix.com

The following marks are service marks, trademarks or registered trademarks of their respectiveowners in the United States and other countries.

Mark Owner

Adobe®, Flash®, Acrobat® Adobe Systems Incorporated

Apache® Apache Micro Peripherals, Inc.

AutoCAD® Autodesk, Inc.

Mac® Apple, Inc.

Brother™ Brother Industries, Ltd.

Branch Repeater™, Citrix®, Citrix Access Citrix Systems, Inc.Gateway™, Citrix Education™, Citrix Receiver™,EdgeSight®, HDX™, ICA®, NetScaler®, MyCitrix™,XenApp™, XenDesktop® , Provisioning Services™,XenCenter™, SecureICA™, SpeedScreen™, CitrixDeveloper Network™, AppCenter™, IMA®,XenVault™

Mark Owner

Active Directory®, Hyper-V™, Internet Explorer®, Microsoft CorporationMicrosoft®, SQL Server®, Windows®, WindowsServer®, Excel®, Outlook®, PowerPoint®, Office®,Windows 7™, Windows XP™, Windows Vista®,Remote Desktop Services®, PowerShell®

Firefox® Mozilla Corporation

UNIX® The Open Group

Java®, JavaScript®, Oracle® Oracle Corporation

Pearson VUE® Pearson Education, Inc.

RC5™, RSA™ RSA Data Security, Inc.

Secure Computing®, SafeWord® Secure Computing Corporation

SecurID® Security Dynamics Technologies, Inc.

Toolwire® Toolwire

VMWare®, vSphere™ VMware, Inc.

Wireshark™ Wireshark Foundation, Inc.

Other product and company names mentioned herein might be the service marks, trademarks orregistered trademarks of their respective owners in the United States and other countries.

Credits

Instructional Designers: Jeremy Boehl, Dustin Clark, Ben Colborn, LydiaKellman, Karla Stagray

Product Specialist: Andrew Garfield

Graphic Artist: Joshua Jack, Nathan Jackson

Manager: Mike Young

Editor: Kathryn Morris

Subject Matter Experts: Leo Asencio, Amit Baranwal, Fernando Barbitta,Gary Barton, Jenny Berger, Rob Blincoe,Marcelo Brosiq, Ronald Brown, Blaise Cacciola,Hugh Campbell, Mattie Casper, VictorCataluna, Ruben Centeno, Hari Chowlur, MikeConnell, Diane Downie, Allen Furmanski, BillHaberkam, Jo Harder, Ann Harmison, ArndKagelmacher, Eric Land, Cris Lau, Fred Liu,Juliano Maldaner, Brad Moczik, Robert Morris,Narender Muthyala, Joseph Nord, Nischay P,Glenn Porter, Elisabeth Reynolds, AndreaRutherford, William Ryan, Guna Sekhar, BrianSheppard, Leo Singleton, Mark Simmons, JayTomlin, Karthikeyan Vasudevan, Karen Weber,Chris Wright, Norman Wright, Willie Wright,Ning Ye, Andy Zhu

Connect with Citrix EducationBecome a part of the Citrix Education community today! Stay connected with us, get the latestupdates on our offerings, and let us know how we are doing.

• Facebook - Become a fan of Citrix Education

• Twitter - Follow @citrixeducation

• LinkedIn - Join the Citrix Education group

Visit www.citrixtraining.com to find more information on training, certifications, and exams.

Module 1

Troubleshooting theXenApp Environment


About Coolidge Consolidated Holdings, Ltd.Coolidge Consolidated Holdings, Ltd. (CCH) is a large, privately-held financial company that is theparent company to many smaller banking and investment companies that specialize in differentservices that make up the CCH service portfolio. CCH currently has 300 employees who workdirectly for the company but has thousands more that work in the child companies. As the parentcompany, CCH oversees the child companies to provide a broad range of financial and investmentservices to its clients. It also helps to support each child company with business services, includingIT services. The only CCH office is located in San Francisco, California.

CCH has been using Citrix XenApp 6 to host several tactically important applications for theiremployees. To address the increasing technical and business needs for the company, the CTOrecently secured funding to upgrade to XenApp 6.5 and expand the XenApp environment to meetstrategic needs within the organization. The CTO also purchased licenses for Citrix Netscaler andCitrix Access Gateway to augment the functionality and robustness of the environment.

In addition to using XenApp 6.5 for more strategic purposes, CCH management wants toconsolidate the IT infrastructure for all of the child companies by the end of next year. At present,each of the child companies host and maintain its own XenApp farm and other key pieces of the ITinfrastructure. To lay the foundation for this consolidation, management wants to begin building aXenApp infrastructure that is easily and quickly scalable.

© Copyright 2011 Citrix Systems, Inc. Module 1: Troubleshooting the XenApp Environment 15

Lab ScenarioCCH does not have the expertise to complete the transition from XenApp 6 to XenApp 6.5 withinthe company so they needed to reach out to you, a XenApp Advanced Administrator, to help bringtheir environment up to their needs. Due to business needs, CCH needs to get their environmentup-to-speed to fit their needs within the next 5 days. CCH has communicated that there may be afew pitfalls along the way, so hopefully you are up to the challenge.

CCH’s Citrix team used the Citrix Migration tools to create a copy of their current XenApp 6production environment into a staging environment running XenApp 6.5. During their migrationthey encountered a few hiccups that prevented the environment from immediately coming up.Unfortunately, an overzealous member of the team began attempting to troubleshoot the issues andended up further damaging the environment. They do not know how to recover and need you tohelp troubleshoot the environment and bring it back to health.

16 Module 1: Troubleshooting the XenApp Environment © Copyright 2011 Citrix Systems, Inc.

Lab EnvironmentThe following table provides descriptions and roles of each virtual machine in the lab environment:

The course is designed so that all virtual machines arepowered on and remain powered on for the duration of

Virtual Machine Role OS Hostnamethe class. Virtual machine should only be restarted wheninstructed and should never be shut down.

DomainController Windows Server 2008 DC


• Domain ControllerR2

• SQL Server

• EdgeSight Server

• License Server

• Filer

• Print Server

EndUserSimulator A simulated user Windows 7 EUSdesktop for performingXenApp anddeployment testing.

NetScaler A Netscaler virtual FreeBSD NSappliance.

This virtualmachine maynot bedirectlyvisible inyourenvironment.

Profiler-Win7 A virtual machine used Windows 7 P-W7to profile streamingWindows 7applications.

WebInterfaceServer-1 A Web Interface Windows Server 2008 WIS-1server. R2

WebInterfaceServer-2 A Web Interface Windows Server 2008 WIS-2server. R2

Virtual Machine Role OS Hostname

XenAppController-1 A full XenApp server, Windows Server 2008 XAC-1with IMA services. It R2also is the Power andCapacity ManagementConcentrator.

XenAppController-2 A full XenApp server, Windows Server 2008 XAC-2with IMA services. R2

XenAppWorker A XenApp server Windows Server 2008 XAW-1configured for Session- R2host only mode.


User CredentialsPlease use the following credentials as you complete these exercises:

CCH\CitrixAdmin

• Username: CCH\CitrixAdmin

• Password: Password1

• Member of: CCH\Domain Admins; CCH\TestAccounts

• Description: This account was created to facilitate the initial phase of deployment for all Citrixadministrators. When the environment is launched, it will be replaced by specific accounts foreach administrator. This is the account that will be used most often throughout the initialdeployment.

XAC-1\Administrator

• Username: XAC-1\Administrator


• Member of: Local Administrators

• Description: This account is a local administrator for the XenAppController-1 virtual machine.

CCH\Administrator

• Username: CCH\Administrator


• Member of: Administrators; CCH\Domain Admins

• Description: This account is the main administrator in the CCH domain.

CCH\TestAdmin

• Username: CCH\TestAdmin


• Member of: CCH\Domain Admins

• Description: This account simulates a another admin in the farm.

CCH\TestUser

• Username: CCH\CitrixUser


• Member of: CCH\TestAccounts

• Description: This account simulates an account of the average user of the XenApp farm.

[email protected]

• Username: [email protected]


• Description: This account is used exclusively to log on to and manage EdgeSight.


Exercise 1-1: Troubleshooting an AppCenterIssue

Scenario

Other administrators are complaining that they are unable to connect to the farm with CitrixAppCenter. You sense it may have something to do with user permissions. You need to verify and

Please remind students to read and familiarize themselvesresolve this issue.

with the "About Coolidge Consolidated Holdings, Ltd",Estimated time to complete this exercise: 35 minutes"Lab Scenario", and "Lab Environment" sections that

precede this page. These pages list important informationregarding environment setup, and provide the basis for allscenarios given throughout the book. Replicating the Issue with Citrix AppCenter


Use the XenAppController-1 virtual machine logged in as the CCH\CitrixAdmin user for this task.

1. Log on to the XenAppController-1 virtual machine as the CCH\CitrixAdmin user.

2. Open the Citrix AppCenter and allow for the console to connect to the farm. View any errorsPlease take this time to explain to the students how tothat occurred in the discovery process.access the lab environment, and how to perform common

tasks within the environment, including: a. Click Start > Administrative Tools > Citrix > Management Consoles > CitrixAppCenter.• How to log on and log off of virtual machines.

b. Double-click Errors occurred when using XAC-1 in the discovery process and view the• How to access course virtual machines once insideerror details.the environment.

c. Click Close and then click OK.• How to attach/detach ISOs to the virtual machines (ifrequired).

After several moments an error appears, specifying that an error occurred. It suggests• The password for all log ons throughout the course ischecking to make sure that XenApp is installed and that the MFCOM service is running."Password1". The page titled "User Credentials" that

lists all credentials and roles for each user, can beripped from the book for constant use. 3. Navigate to the Uninstall a program control panel and verify that Citrix XenApp 6.5 appears to

be installed correctly.

a. Click Start > Control Panel and click Uninstall a program.

b. Verify that Citrix XenApp 6.5 appears in the list of installed programs.

Citrix XenApp 6.5 is listed as installed along with all of the other XenApp components.

4. Navigate to the Services control panel and ensure that the MFCOM is started. Attempt torestart the service.

Issue: The Local Host Cache (imalhc.mdb) file is missinga. Click Start > Administrative Tools > Services. from the "C:\Program Files (x86)\Citrix\Independent

Management Architecture" folder.b. Verify that the Citrix MFCOM Service appears in the list with a Starting status.

c. Right-click the Citrix MFCOM Service and attempt to click the Restart option. Resolution: Student will have to recreate the imalhc.mdbfile.The option to restart the service is not present.


Because you are unable to start or control the service, check for error logs.

5. Navigate to the Error Viewer console and view the Administrative Events. View the displayederrors.

a. Click Start > Administrative Tools > Event Viewer.

b. Expand the Custom Views node and click Administrative Events.

c. View the General and Details tabs for the errors that appear.

With the large volume of errors in the log, you suspect that the issue is much more seriousthan anticipated. You spot an IMAService error which supports your theory.

6. View one of the IMAService errors from the last several days.

a. Find an Error level IMAService event.

b. Double-click the IMAService event.

c. Read the error listed and click Close.

d. Repeat substeps a-c on the nearby IMAService error events.

The errors indicate that it may that the IMA Service is not configured correctly or couldbe otherwise broken. The error events state that an ACCESS.mdb file is missing. Becausethe IMA Service is integral to the proper functioning of a XenApp farm this issue requiresfurther investigation.

7. Within the Services console, verify whether the Citrix Independent Management Architectureservice is started and running correctly.

a. Select the Citrix Independent Management Architecture service from the Servicesconsole.

b. Verify that the Status field is empty and Automatic appears in the Startup Type field.

There is an issue with the Citrix Independent Management Architecture. Though it is setto run automatically, the service is not running.

Fixing an IMA Service Issue


1. Attempt to start the Citrix Independent Management Architecture service in the Servicesconsole.

a. Right-click the Citrix Independent Management Architecture service and click Start.

b. Click OK after viewing the Services error message.

An error message appears specifying that the IMA service could not start.

2. View the log on credentials of the Citrix Independent Management Architecture service.

a. Right-click the Citrix Independent Management Architecture service and clickProperties.

b. Click the Log On tab.

It appears that all settings are set correctly.

c. Click OK to close the Citrix Independent Management Architecture Properties.

Because all the settings of the service appear okay, you need to confirm that the local hostcache is not corrupt.

3. Access the C:\Program Files (x86)\Citrix\Independent ManagementArchitecture directory and view the file metadata for the imalhc.mdb file.

a. Navigate to the C:\Program Files (x86)\Citrix\Independent ManagementArchitecture folder.

b. View the file information for the imalhc.mdb file.

The imalhc.mdb file does not exist! It appears that the other administrator was workingin this area and deleted the local host cache database file.

4. Use a command prompt to run the dsmaint command to recreate the Local Host Cachedatabase.

a. Click Start > Command Prompt.

b. Type dsmaint recreatelhc and press Enter.

c. Verify that the "Recreating LHC database finished successfully" message appears.

5. Use the Services console to start the Citrix Independent Management Architecture Service, andCitrix WMI Service services.

a. Right-click Citrix Independent Management Architecture Service in the Services consoleand select Start.

b. Right-click Citrix WMI Service and select Start.

6. Restart the XenAppController-1 virtual machine.



8. Open Citrix AppCenter and allow the console to discover the CCH farm. View any errors thatoccur.

a. Click Start > Administrative Tools > Citrix > Management Consoles > CitrixAppCenter.

b. Double-click Errors occurred when using XAC-1 in the discovery process to view theerror details.

An error occurs stating that this user account is not a member of the farm. Theadministrator who installed XenApp must have installed it as a local administrator.

Fixing a Citrix AppCenter Permission Issue

Use the XenAppController-1 virtual machine logged in as the XAC-1\Administrator user for thistask.

1. Log off from the XenAppController-1 virtual machine and log back on as the XAC-1\Administrator user.

2. Use Citrix AppCenter to proceed through the farm discovery process. Do not enable SingleSign-on. Add the local computer to the discovery.

Issue: No domain administrators are set to administer thea. Click Start > Administrative Tools > Citrix > Management Consoles > Citrix XenApp farm.

AppCenter.Resolution: Student will have to log on as an account that

b. Click Next, clear the Single Sign-On checkbox, and click Next. is a XenApp administrator and add the domainc. Click Add Local Computer and click Next. administrators group back in as XenApp administrators.


d. Click Next and then click Finish.

3. View the administrators configured for the farm and verify if the CCH\CitrixAdmin is listed.

a. Expand the Citrix Resources > XenApp > CCH nodes.

b. Click Administrators and view the current administrators of the farm.

The CCH\CitrixAdmin user is not an administrator of the farm. The only administrator is theXAC-1\Administrator user.

4. Adding the CCH\CitrixAdmin user as a new administrator to the farm.

a. Right-click Administrators and click Add Administrator.

b. Click Add and click Add List of Names.

c. Type CCH\CitrixAdmin and click Check Names.

d. Click OK when all account names have been validated successfully and click OK.

5. Configure the CCH\CitrixAdmin user as a full administrator of the farm.

a. Click OK and then click Next.

b. Select Full Administration, and click Finish.

6. Log out of the XenAppController-1 virtual machine and log back on as the CCH\CitrixAdminuser.

7. Use Citrix AppCenter to verify that the CCH\CitrixAdmin user is now able to view the farm.

a. Click Start > Administrative Tools > Citrix > Management Consoles > CitrixAppCenter.

b. Verify that the discovery process is completed successfully and that the CCH farm appearsin the Citrix AppCenter node list.

The CCH\CitrixAdmin user is able is now able to view the farm in Citrix AppCenter. Just toverify that the farm is working correctly you want to launch an application from WebInterface.

8. Use Internet Explorer to connect to the Web Interface at http://wis-1.cch.local.

The Web Interface does not come up. A standard IIS page is displayed indicating issueswith the configuration of the Web Interface server.


Exercise 1-2: Troubleshooting Web Interfaceand XML Issues

Scenario

You recently fixed issues with the IMA Service and Citrix AppCenter console. But when trying toaccess applications from Web Interface, you noticed that you could not. You need to troubleshootand fix the issues to access applications through Web Interface.

Estimated time to complete this exercise: 25 minutes

Troubleshooting Web Site Issues

Use the WebInterfaceServer-1 virtual machine logged in as the CCH\CitrixAdmin user for this task.

1. Log on to the WebInterfaceServer-1 virtual machine as the CCH\CitrixAdmin user.

2. Use the Citrix Web Interface Management console to verify that a XenApp Web site exists onthe server.

Issue: The XenApp Web site is not configured as thea. Click Start > All Programs > Citrix > Management Consoles > Citrix Web Interface default IIS site.

Management.Resolution: Students will have to configure the XenApp

b. Select the XenApp Web Sites node and verify that "XenApp" appears as a site name. Web site to be the default IIS site.


Though it was inaccessible, a XenApp web site does exist.

3. Switch to the EndUserSimulator virtual machine and log on as the CCH\CitrixAdmin user.

4. Use Internet Explorer to attempt to access the XenApp Web site directly at http://wis-1.cch.local/Citrix/XenApp. Verify that the site is available and then close Internet Explorer.

The site is accessible when connecting through its direct URL. The issue must be in theredirection page of this site.

5. Switch to the WebInterfaceServer-1 virtual machine.

6. Use the Citrix Web Interface Management console to view the settings summary of the"XenApp" XenApp Web site. Access the site's IIS hosting settings and set the site as the defaultpage for the IIS site.

a. Right-click the XenApp site and select Site Maintenance > Manage IIS Hosting.

b. Select Set as default page for the IIS site and click OK.

7. Switch to the EndUserSimulator virtual machine.

8. Use Internet Explorer to access the Web Interface server at http://wis-1.cch.local.

The web site displays as intended.

9. Log on to Web Interface using the CCH\CitrixAdmin user.If you are unable to log on, verify that the credentials are being typed correctly and try onlyonce more.

An error continues to appears asking you to verify your name and password.

10. Attempt a single time to log on to Web Interface as the CCH\TestAdmin.

An error still appears indicating an incorrect username or password.

11. Close Internet Explorer.

Troubleshooting XML Service Issues



2. View the Event Viewer console and review any errors displayed in Administrative Events.

a. Click Start > Administrative Tools > Event Viewer.Issue: The XML site supplied in the settings is incorrect.

b. Expand the Custom Views node and click Administrative Events.Resolution: Student will have to correctly change the sitec. View the General and Details tabs for the most recent Citrix Web Interface errors.name to xac-1.cch.local.


Web Interface displays several error messages indicating that the XML Services are failingto respond.

3. Use the Citrix Web Interface Management console to view the farm settings for the "XenApp"XenApp Web site. Verify that all XML settings are correct.

a. Right-click the XenApp Web site in the Citrix Web Interface Management console andselect Server Farms.

b. Verify whether all of the settings appear correct.

All of the XML and farm information appears to be correct, except for the server name.No server named "xml.cch.local" exists.

4. Edit the farm information to specify xac-1.cch.local as the server name.

a. Select the CCH farm and click Edit.

b. Select the xml.cch.local server and click Edit.

c. Type xac-1.cch.local in the Server name field and click OK.

d. Click OK in the Edit Farm dialog box and click OK to close the Manage Server Farmsdialog box.


6. Log on to Web Interface using the CCH\CitrixAdmin user.If you are unable to log on, verify that the credentials are being typed correctly and try onlyonce more.

An error continues to appears asking you to verify your name and password.

7. Switch to the XenAppController-1 virtual machine.

8. Use the Services console to ensure that the Citrix XML Service is started and appears to beconfigured correctly.

Issue: The XML Service is listening on port 8080 when ita. Click Start > Administrative Tools > Services. should be listening on port 80.

b. Double-click the Citrix XML Service. Resolution: Students will need to unregister the XMLc. Verify that Automatic is selected as the Startup type in the General tab. Service and reregister it to listen on port 80.


d. Select the Log On tab and verify that the Log On account is Network Service.

Everything appears to be working correctly. You think it may have to do with the XMLport in use.

9. Use the netstat utility from a command line to view the current XML Port.

a. Click Start > Commant Prompt.

b. Type netstat -nab and press Enter.

c. Scroll to the ctxxmlss.exe entry and verify if port 80 is being used.

The local address of the port is listed as 0.0.0.0:8080 indicating that 8080 is the port in use. Youneed to change the port to 80.

10. Stop the Citrix XML Service from the Services console and use the ctxxmlss command lineutility to unregister the XML Service.

a. Select the General tab in the Services console and click Stop.

b. Click OK.

c. Type ctxxmlss /u at the command prompt and press Enter.

11. Refresh the Services console to verify that the Citrix XML Service is no longer present. Re-register the Citrix XML Service to run on port 80 using the ctxxmlss command at thecommand prompt.

a. Click Actions > Refresh in the Services console.

The Citrix XML Service is no longer present.

b. Type ctxxmlss /r80 at the Command Prompt and press Enter.

The Citrix XML Service is now registered on port number 80.

12. Refresh the Services console to verify that the XML Service is present and then start the XMLService.

a. Click Actions > Refresh in the Services console.

b. Right-click Citrix XML Service and select Start.

13. Use the netstat utility to verify that the Citrix XML Service is now listening on the correct port(80).

a. Type netstat -nab in the command prompt and press Enter.

b. Scroll to the ctxxmlss.exe entry and verify if port 80 is being used.

The local address of the port is listed as 0.0.0.0:80 indicating that 80 is the port in use.

14. Close all open windows.

Verifying the XML Service Fix

Use the EndUserSimulator virtual machine logged in as the CCH\CitrixAdmin user for this task.


2. Use Internet Explorer to access the Web Interface server at http://wis-1.cch.local. Log on withthe CCH\CitrixAdmin credentials.You are able to log on to Web Interface without any problems. All published resources appear.

3. Attempt to launch Notepad to ensure that the farm is working properly.

An error message appears in Web Interface. The application failed to launch.


Exercise 1-3: Troubleshooting Launching aHosted Application

Scenario

You recently fixed issues with the IMA Service, Citrix AppCenter, Web Interface, and XML Service,but you are still unable to launch a hosted application from Web Interface. You need to continuetroubleshooting the problems as they happen until you can successfully launch an application.


Troubleshooting an Application Launch Failure



2. Use the Event Viewer console to view any MetaFrame or related error events.

a. Click Start > Administrative Tools > Event Viewer. Issue: There is very restrictive load evaluator attached toXAC-1 that is returning a high load level.b. Expand the Custom Views node and click Administrative Events.

c. Scan the Source error column for MetaFrameEvents. Resolution: Student will have to remove the loadevaluator.


You find several errors from a MetaFrameEvents source.

3. View the first MetaFrameEvents error.

a. Double-click the MetaFrameEvents error.

b. View the errors listed in the General and Details tabs.

The error message indicates that no servers can be found that can launch the application. As aguess, you want to check the server loads of both servers in the farm.

4. Use the qfarm command in a command prompt to view the load values for each server in thefarm.


b. Type qfarm /load and press Enter.

The load value of xac-1 is 10000, indicating a very high load.

5. Use Citrix AppCenter to check if any users who are connected to XAC-1 may be causing ahigh load on the server.

a. Click Start > All Programs > Administrative Tools > Citrix > Management Consoles >Citrix AppCenter.

b. Expand the Citrix Resources > XenApp > CCH > Servers node and click XAC-1.

c. Click the Users tab and view any connected users.

No ICA users are connected to the xac-1 server. There must be another reason why xac-1is showing a full load.

6. Use the Group Policy Management console to edit the "Old_XA_GPO" policy and view theUnfiltered Citrix Computer Policy.

a. Click Start > Administrative Tools > Group Policy Management.

b. Expand the Forest: cch.local > Domains > cch.local > Group Policy Objects node.

c. Right-click Old_XA_GPO and click Edit.

d. Expand the Computer Configuration > Policies nodes and click Citrix Policies.

e. View the Summary tab for the Unfiltered policy.

The summary suggests that a Load Evaluator is specified.

7. Remove the load evaluator and close all open windows.

a. Click Remove for the Load Evaluator Name setting.

b. Click Yes to confirm.

c. Close all open windows.

8. Use the GPUpdateALL script on the desktop to update the group policy on all XenApp servers.

9. Use the qfarm command line utility to view the load values for each server in the farm.


b. Type qfarm /load and press Enter.

Both servers show normal loads.


11. Use Internet Explorer to access and log on to the Web Interface at http://wis-1.cch.local usingthe CCH\CitrixAdmin credentials. Launch Notepad.No immediate errors appear, the ICA ticket is issued normally, and Citrix Receiver is launched.

The application will not launch and Receiver seems to halt. An error eventually appearsindicating that a XenApp server does not exist at the specified address.



Troubleshooting a Network Issue



2. Use the Event Viewer console to view any related error events.

a. Click Start > Administrative Tools > Event Viewer. Issue: The firewall on XAC-1 is blocking connections onport 1494 and 2598.b. Expand the Custom Views tab and click Administrative Events.

c. View the General and Details tabs for the recent errors. Resolution: Student will have to disable the offendingfirewall settings to allow traffic on these ports to passthrough.There are no new error events related that seem to relate to this issue.


3. Use the Services console to verify that the Citrix XTE Server service is started and appears tobe running normally.

a. Click Start > Administrative Tools > Services.

b. Double-click the Citrix XTE Server.

c. Verify that the Service status is Started.

The service seems to be running normally. It may be a networking issue.


5. Access the \\dc\filer\Software folder and copy the PortCheck folder to the desktop.

6. Use a Command Prompt and access theC:\Users\CitrixAdmin\Desktop\PortCheck folder. Use the CtxPrtChk commandin this folder to check ports 80, 1494, and 2598 on the XAC-1 server.


b. Type cd Desktop\PortCheck, and press Enter.

c. Type CtxPrtChk xac-1 80 and press Enter.

d. Type CtxPrtChk xac-1 1494 and press Enter.

e. Type CtxPrtChk xac-1 2598 and press Enter.

The test for port 80 is successful, but the utility is unable to connect to xac-1 on 1494 and2598. This indicates that networking is set up correctly, but the utility still cannot connecton either the ICA or Session Reliability ports. This needs further investigation.


8. Access the \\dc\filer\Software folder and copy the PortCheck folder to the desktop.

9. Use a Command Prompt and access theC:\Users\CitrixAdmin\Desktop\PortCheck folder. Use the CtxPrtChk commandin this folder to check ports 80,1494, 2598 on the XAC-1 server.

a. Type cd Desktop\PortCheck in the command prompt and press Enter.

b. Type CtxPrtChk xac-1 80 and press Enter.

c. Type CtxPrtChk xac-1 1494 and press Enter.

d. Type CtxPrtChk xac-1 2598 and press Enter.

The CtxPrtChk utility is able to make successful connections to all three ports. Becausethe ports are accessible locally but not from another machine on the network, the issuemight likely be a firewall blocking ports to other machines on the network.

10. Use the Windows Firewall with Advanced Security console and view the inbound rules. Verifythat the Citrix ICA and Citrix Session Reliability rules allow traffic.

a. Click Start > Administrative Tools > Windows Firewall with Advanced Security.

b. Click Inbound Rules.

c. View the Action column for the Citrix ICA and Citrix Session Reliability rules.

Rules for inbound traffic are configured to block both Citrix ICA and Citrix SessionReliability.

11. View the properties of both rules and allow all connections.

a. Right-click the Citrix ICA rule and click Properties.

b. Select Allow the connection, click Apply, and then click OK.

c. Repeat substeps a and b for the Citrix Session Reliability rule.


Verifying the Connection Changes



2. Use the command prompt to rerun the CtxPrtChk utility on ports 1494 and 2598.The utility is able to connect to both ports successfully.

3. Use Internet Explorer to access and log on to the XenApp Web site at http://wis-1.cch.localusing the CCH\CitrixAdmin credentials. Launch Notepad.Notepad launches successfully.

Another administrator who is also troubleshooting issues with the farm noticed that anincorrect Group Policy Object linked to the All XenApp Servers OU is responsible formany of the problems. You need to delete this GPO.




6. Access the Group Policy Management console and view the group policy objects attached tothe All XenApp Servers organizational unit. Delete the Old_XA_GPO group policy object.


b. Expand the Forest: cch.local > Domains > cch.local nodes and click the All XenAppServers node.

c. Right-click the Old_XA_GPO group policy and click Delete.

d. Click OK to delete the GPO link.




Exercise 1-4: Troubleshooting StreamingApplications

Scenario

You recently fixed all issues so that hosted applications can be launched through Web Interface.But you noticed another problem: published streamed applications are not being displayed in theWeb Interface. You need to troubleshoot this issue and ensure that streamed applications canlaunch successfully for both administrators and users.


Investigating Absent Streaming Applications



2. Use Internet Explorer to access and log on to Web Interface at http://wis-1.cch.local using theCCH\CitrixAdmin user. Verify whether Firefox is listed in the applications.

As expected, Firefox—which is a streamed application—is not listed. You need to verifywhether the application is published.


4. Use Citrix AppCenter console to verify that the Firefox application is published.

a. Click Start > All Programs > Administrative Tools > Citrix > Management Consoles >Issue: The Offline Plug-in is not installed.Citrix AppCenter.

Resolution: Student will have to install the Offline Plug-b. Click the Citrix Resources > XenApp > CCH > Applications node.in.


c. Click Mozilla Firefox.

d. Verify that the Mozilla Firefox application is enabled and streamed to client in theinformation tab.

The Firefox application is published as expected.


6. Access the Citrix Receiver preferences to change the server of the Online Plug-in to http://wis-1.cch.local.

a. Right-click the Citrix Receiver icon in the icon tray and click Preferences.

b. Right-click Online Plug-in and click Logon.

c. Click I will enter the URL now, type http://wis-1.cch.local, and click Update.

d. Click OK.

7. Log on to Citrix Receiver using the CCH\CitrixAdmin and verify if the Firefox applicationappears in the Start menu.

Firefox also does not appear in the Start menu.

8. Navigate to the Uninstall a Program section of the Control Panel and verify that the OfflinePlug-in is installed.

a. Navigate to Start > Control Panel and click Uninstall a program.

b. Scan the list of installed programs for the Offline Plug-in.

The Offline Plug-in is not currently installed. You need to install it now.

9. Launch the XenApp installer from the DVD media.

a. Click Start > Computer.

b. Double-click CD Drive (D:) XA6.5_2008R2_ML and double-click autorun.

10. Follow the prompts to launch the Citrix Offline Plug-in installer common component.

a. Click Manually install components and then click Common Components.

b. Click Plug-ins and Streaming Profiler and then click Citrix Offline Plug-in.

11. Install the Citrix Offline Plug-in using the default settings. When prompted, restart the virtualmachine.

a. Click OK and click Next.

b. Select I accept the license agreement and click Next.

c. Click Install and then click Finish once the wizard completes the installation.

Several additional software installation begins.

d. Click Yes to restart the virtual machine.

12. Log on to the EndUserSimulator virtual machine as the CCH\CitrixAdmin user.

13. Log on to Citrix Receiver using the CCH\CitrixAdmin credentials, when prompted. Verify thatFirefox is now listed in the Start menu.Firefox now appears in the Start > All Programs menu.

14. Use Internet Explorer to access and log on to Web Interface at http://wis-1.cch.local using theCCH\CitrixAdmin user. Verify whether Firefox is listed in the applications.

Firefox is still not listed on the XenApp Web site. A streaming application is available onthe XenApp Service site but not the XenApp Web site, indicating that something is wrongwith the XenApp Web site.



Implementing and Verifying a Fix for Absent StreamingApplications



2. Use the Citrix Web Interface Management console to view the "XenApp" XenApp Web site'ssummary information and see if anything looks incorrect in the configuration.

Issue: The XenApp Web site is only configured fora. Click Start > All Programs > Citrix > Management Consoles > Citrix Web InterfaceOnline content.

Management Console.Resolution: Student will have to change the resource type

b. Click XenApp Web Sites node and view the information from the Summary tab.to offer dual mode content.


The Resource types for the site specifies only Online content. This could be an issuepreventing streaming applications from appearing on the Web Interface site.

3. Change the resource type of the "XenApp" XenApp Web site to dual mode.

a. Right-click the XenApp Site Name and select Resource Types.

b. Select Dual Mode and click OK.

4. Close all open windows and switch to the EndUserSimulator virtual machine.

5. Use Internet Explorer to access and log on to Web Interface at http://wis-1.cch.local using theCCH\CitrixAdmin user. Verify whether Firefox is listed in the applications.The Firefox streaming application shows up as intended within Web Interface.

6. Attempt to launch Firefox and verify if it can be launched correctly.

An error occurs stating that the profile path may be incorrect.

7. Attempt to launch Firefox through the Start menu to see if the same error appears.The same error appears as before. There must be an issue with the profile path.


Fixing a Published Streaming Profile Path Issue



2. Use the Citrix AppCenter console to view the Firefox application location property. Verifywhether it looks correct.

Issue: The path to the profile was entered as a local path.a. Right-click Mozilla Firefox from the Applications node in Citrix AppCenter and select

Resolution: Student will have to modify the profile path Application properties.to be a UNC path.

b. Click Location and view the Citrix streaming application profile address.

The profile address is incorrect. The profile address must be a UNC path and not a localpath.

3. Change the Z:\ in the profile address to the share's UNC path \\dc\filer\ and selectMozilla Firefox as the application to launch.

a. Select Z:\ from the Citrix streaming application profile address field and type\\dc\filer.

The updated path is now \\dc\filer\AppHub\Firefox\Firefox.profile.

b. Select Mozilla Firefox from the Application to launch menu.

c. Click Apply and then click OK.



6. Launch the Firefox streaming application from the Start menu and verify whether it nowlaunches as expected. If it does, specify not to import any data.

a. Click Start > All Programs > Mozilla Firefox.

b. Select Don't import anything and click Next.

Firefox launches correctly for an administrator account. You now need to verify that a non-administrator can access streaming applications.

7. Log off of the EndUserSimulator virtual machine and log back on as the CCH\TestUseraccount.

8. When prompted enter the URL for the Web Interface (http://wis-1.cch.local) and log on toCitrix Receiver using the CCH\TestUser credentials.

a. Click I will enter the URL now.

b. Type http://wis-1.cch.local and click Update.

c. Log on to Citrix Receiver using the CCH\TestUser credentials.

9. Launch Firefox from the start menu and verify that you are able to launch the applicationsuccessfully. When prompted, enter the CCH\TestUser credentials.

Windows Security reports that access is denied. There must be a permissions issue on the\\dc\filer share.


Fixing an AppHub Permissions Issue

Use the DomainController virtual machine logged in as the CCH\Administrator user for this task.

1. Switch to the DomainController virtual machine and log on as the CCH\Administrator user.


2. Access the C:\Filer folder and view its file sharing permissions. Verify whether everythingseems to be correct.

Issue: The AppHub folder does not have the correcta. Click Start > Computer and navigate to C:\.permissions for regular users to access the profiles.

b. Right-click the Filer folder and select Properties.Resolution: Student will have to set the correctc. Select the Sharing tab and click Share.permissions of the AppHub folder for all users.


d. Verify the file sharing permission levels for each user.

e. Click Cancel and then Close to exit File Properties.

All permissions seem to be correct. The Domain Users group has permissions to read/write tothe share.

3. Access the C:\Filer\ folder and view the AppHub folder file sharing permissions. Verify ifeverything seems to be correct.

a. Double-click the Filer folder, right-click AppHub, and select Properties.

b. Select the Sharing tab and click Share.

c. Verify the file sharing permission levels for each user.

There appears to be an issue. This folder is only available to administrators when it mustbe available for all Domain users.

4. Add the CCH\Domain Users group and give it a read level permission.

a. Type CCH\Domain Users in the File Sharing and click Add.

b. Verify that the Permission level drop-down arrow for CCH\Domain Users is Read.

c. Click Share, click Done, and then click Close.



7. Launch Firefox from the Start menu and verify that it launches correctly.The application launches successfully.

8. Close all windows and log off of the EndUserSimulator virtual machine.

9. Switch to the DomainController virtual machine and restart it.

Module 2

Scaling the XenAppEnvironment


Exercise 2-1: Preparing to Clone a XenAppServer

Scenario

To ensure quick and easy expansion of the farm as the company grows, you decide to create aXenApp template that can be cloned, can be easily brought online into the farm, and can host

Remind students to read the scenarios before eachapplications.

exercise. The scenarios provide a lot of additionalIn order to create a cloned, yet completely unique server, you need to use the Sysprep tool to contextual information on the each exercise task.

© Copyright 2011 Citrix Systems, Inc. Module 2: Scaling the XenApp Environment 41

generalize the clone. You must also create a Sysprep answer file using Microsoft System PreparationTool to be used to automate the restoration process from the Sysprep state into an active memberof the Active Directory tree.

After you have completed the necessary answer file, a member of your team who is veryexperienced in scripting and creating answer files will verify your work and return to you a fullytested and fully functioning answer file.


Creating a Sysprep Answer File

Use the XenAppWorker virtual machine logged in as the CCH\CitrixAdmin user for this task.

1. Log on to the XenAppWorker virtual machine as the CCH\CitrixAdmin user.

2. Launch the Windows System Image Manager tool and create a new answer file.

a. Click Start > All Programs > Microsoft Windows AIK > Windows System ImageManager.

b. Click File > New Answer file and click Yes.

3. Select the "install_Windows Server 2008R2 SERVERENTERPRISE.clg" Windows image filelocated on the filer at \\dc\filer share and view all of the Windows Image Componentsnodes.

a. Type \\dc\filer in the File name text box and press Enter.

b. Double-click the install_Windows Server 2008R2 SERVERENTERPRISE.clg Windowsimage file.

c. Expand the Components node in the Windows Image pane to view the componentsettings.

4. Add the amd64_Microsoft-Windows-UnattendedJoin component to the specialize node and setthe JoinDomain setting in the Identification node to "cch.local".

a. Right-click the amd64_Microsoft-Windows-UnattendedJoin setting and select Addsetting to pass 4 specialize.

b. Expand the amd64_Microsoft-Windows-UnattendedJoin > Identification nodes in theAnswer File pane.

The Identification properties are displayed in the right pane.

c. Click JoinDomain field in the Settings node, type cch.local and press Enter.

5. Specify the Domain as "cch.local," password as "Password1", and username as"CCH\Administrator" within the credentials node.

a. Click the Credentials node in the Answer File pane.

The Credentials Properties are displayed in the right pane.

b. Click the Domain field in the Settings node and type cch.local.

c. Click the Password field in the Settings node and type Password1.

d. Click the Username field in the Settings node and type CCH\Administrator.

This component provides information to automatically join the Active Directory domainduring Sysprep.

6. Add the amd64_Microsoft-Windows-Shell-Setup and x86_Microsoft-Windows-Shell-Setupsettings to the specialize node.

a. Right-click the amd64_Microsoft-Windows-Shell-Setup setting and select Add setting topass 4 specialize.

b. Right-click the x86_Microsoft-Windows-Shell-Setup setting and select Add setting topass 4 specialize.

These settings are required to be added to perform an Unattended Join.

7. Add the amd64_Microsoft-Windows-IE-ESC setting to the specialize node. Specify "false" forboth the IEHardenAdmin and IEHardenUser.

a. Right-click the amd64_Microsoft-Windows-IE-ESC setting and select Add setting to pass4 specialize.

b. Click the amd64_Microsoft-Windows-IE-ESC node in the Answer File pane.

The Microsoft-Windows-IE-ESC properties are displayed in the right pane.

c. Click the IEHardenAdmin field in the Settings node and select false.

d. Click the IEHardenUser field in the Settings node and select false.

This component disables the Internet Explorer enhanced security control that is usuallyon by default.

8. Repeat the previous step for the x86_Microsoft-Windows-IE-ESC setting.

42 Module 2: Scaling the XenApp Environment © Copyright 2011 Citrix Systems, Inc.

9. Add the amd64_Microsoft-Windows-Shell-Setup setting to the oobeSystem node. Specify "true"on the HideEULAPage setting in the OOBE node.

Common Question: Why add the x86 components ina. Right-click the amd64_Microsoft-Windows-Shell-Setup setting and select Add setting to addition to amd64 when Windows Server 2008 R2 is 64-

pass 7 oobeSystem. bit only?

b. Expand the amd64_Microsoft-Windows-Shell-Setup node in the Answer File pane. Answer: Although Windows Server 2008 R2 is 64-bit,c. Select the OOBE node. many components are still x86. For example, Internet

Explorer can be run both in 32-bit and 64-bit modes.The OOBE properties are displayed in the right pane.


d. Click the HideEULAPage field in the Settings node and select true.

This component sets the "oobe" or Out of Box Experience for the system. It is being set tonot display the EULA on first startup.

10. Repeat the previous step for the x86_Microsoft-Windows-Shell-Setup setting.

11. Add the x86_Microsoft-Windows-International-Core setting to the oobeSystem node. Specify"en-US" for each of these settings.

a. Right-click the x86_Microsoft-Windows-International-Core setting and select Addsetting to pass 7 oobeSystem.

b. Click the x86_Microsoft-Windows-International-Core node in the Answer File pane.

The Microsoft-Windows-International-Core properties are displayed in the right pane.

c. Click the InputLocale field in the Settings node and type en-US .

d. Click the SystemLocale field in the Settings node and type en-US.

e. Click the UILanguage field in the Settings node and type en-US.

f. Click the UILanguageFallback field in the Settings node and type en-US.

g. Click the UserLocale field in the Settings node and type en-US.

This component sets the default language information for the system. By setting thisinformation during Sysprep, it will bypass a prompt for this information during firststartup.

12. Save the answer file as unattend_untested.xml on the\\dc\filer\Sysprep_files share and close the Windows System Image Manager.

a. Click File > Save Answer File As.

b. Type \\dc\filer\Sysprep_files and press Enter.

c. Type unattend_untested.xml and click Save.


Preparing the XenApp Server for Imaging



2. Launch Citrix AppCenter and identify the servers in the CCH farm.


b. Expand the CCH > Servers node, click the Servers node, and observe the servers listed.

3. Switch to the XenAppWorker virtual machine.

4. Use the Citrix XenApp Server Role Manager to edit the XenApp configuration.

a. Click Start > All Programs > Administrative Tools > Citrix > XenApp Server RoleManager > XenApp Server Role Manager.

b. Click Edit Configuration.

After a few moments, the Citrix XenApp Server Configuration tool opens.

5. Prepare the server for imaging using the default provisioning options. Do not restart the virtualmachine.

a. Click Prepare this server for imaging and provisioning.

b. Click Next to accept the default provisioning options and click Apply.

c. Click Finish to complete the configuration.

Do NOT restart the virtual machine.


7. Use the Citrix AppCenter console to view the current servers in the farm.

a. Right-click Servers and click Refresh.

b. Verify that the XAW-1 server is no longer present.

The XAW-1 virtual machine is no longer present, because it was removed from the farmfor provisioning.

8. Switch to the DomainController virtual machine and log on as the CCH\Administrator user.

9. Use the Active Directory Users and Computers console to delete the XAW-1 computer objectfrom the domain.

a. Click Start > Administrative Tools > Active Directory Users and Computers.

b. Expand the cch.local node and click the Computers node.

c. Right-click the XAW-1 server in the right pane.

d. Click Delete and click Yes to confirm.


Exercise 2-2: Cloning a XenApp Server

Scenario

A member of your team performed testing and troubleshooting on your Microsoft Sysprep answerfile and returned to you a verified version of the file.

Previously, you prepared the machine for imaging by creating the Sysprep answer file and runningthe XenApp imaging sequence. Now you must complete the process by performing a Sysprep onthe machine. Once completed, you will be able to provision a XenApp server from this templateand bring it online with no additional user intervention.


Performing Sysprep on XenAppWorker

Use the XenAppWorker virtual machine logged in as the CCH\CitrixAdmin user for this task.

1. Switch to the XenAppWorker virtual machine.

2. Copy the \\dc\filer\Sysprep_files\xaw1_tested.xml file to theC:\Windows\System32\sysprep\ folder.

Please note that any scripts or files created to perform thea. Click Start and type \\dc\filer\Sysprep_files\. sysprep are not the same files created by students. Because

so much can go wrong in the creation of these files, fullyb. Right-click the xaw1_tested.xml file and select Copy.tested pre-provided files are ultimately used in order toc. Browse to the C:\Windows\System32\sysprep\ folder.ensure consistant outcomes without any issues.

d. Click Organize and select Paste.It is optional whether to disclose this fact to our students.


3. Start a command prompt and change the current directory to theC:\Windows\System32\sysprep folder.


b. Type cd C:\Windows\System32\sysprep and press Enter to change your currentdirectory.

4. Run the sysprep utility specifying for the utility to generalize the system, set to an out of thebox experience, reboot, and to run through an unattended install using thexaw1_tested.xml answer file.

a. Type sysprep /generalize /oobe /reboot /unattend:xaw1_tested.xmland press Enter.

b. Allow the Sysprep process to complete and restart the system.

The restart will simulate bringing up a brand new clone of the system.

To create a template from this virtual machine, specify the /shutdown commandinstead of the /reboot command.

Viewing the Results


1. Switch to the DomainController virtual machine.

2. Periodically refresh the Computers list in the Active Directory Users and Computers consoleuntil the XAW-1 computer object is joined back into the domain. Once completed, move the

Talking Points:XAW-1 server to the "All XenApp Servers" organizational unit.

Explain what is happening during this process and why a. Right-click Computers and click Refresh.the it takes time to complete:

b. Drag XAW-1 to the All XenApp Servers node and click Yes.• The sysprep command is being run reverting the

virtual machine to the out of box experience.It may take as long as ten minutes for the XenAppWorker to recover from the sysprep

• The sysprep process is generalizing the system by and rejoin the domain.removing all guids and unique identifiers.

• The process is then restoring the specializations 3. Switch to the XenAppController-1 virtual machine.configuring in the sysprep answer file.

4. Periodically refresh the server list in Citrix AppCenter until the XAW-1 machine appears in the• It is running through scripts to emerge from the out server list.

of box experience as a personalized unique server.

Explain how this can be useful in conjunction with a It may take several more minutes for the XenAppWorker add itself back into the farm.hypervisors virtual machine template feature to allow forunlimited XenApp server clones to be added to the farmwithout any additional configuration.


This technique can be used to add new XenApp servers to the farm without any additional action.If the virtual machine was made into template while in its sysprepped state, a virtually unlimitednumber of these virtual machines could be provisioned from it and added to the farm quickly andwithout any OS or networking conflicts.

Exercise 2-3: Preparing a XenApp Server forScripted Configuration

Scenario

The Citrix Engineer also wants to create a sysprepped template that uses scripting to configureXenApp on the system so administrators can customize the configuration to perform additionalactions as need arises.

Another administrator has prepared a virtual machine for this purpose. He has installed CitrixXenApp 6.5 on a Windows Server 2008R2 SP1 virtual machine but has not started the XenAppconfiguration. You need to perform the steps to prepare an answer file and the PowerShell script toperform the configuration. Then you need to perform a Sysprep so that the virtual machine canbecome a unique template.


Creating the Powershell Configuration Script



2. Use Notepad to create a new document. Save the file as"scripted_configuration_untested.ps1" in the\\dc\filer\LoginScripts\Scripts_untested directory.

a. Click Start > All Programs > Accessories > Notepad to open Notepad.

b. Click File > Save As .

c. Type \\dc\filer and press Enter.

d. Navigate to the LoginScripts\Scripts_untested folder.

e. Name the file scripted_configuration_untested.psl and click Save.

3. Type the following command on the first line of the Notepad document to change the scriptsworking directory:

cd 'C:\Program Files (x86)\Citrix\XenApp\ServerConfig'

4. Specify the relative location of the XenAppConfigConsole tool on the next line and add theflags to specify the join execution mode, the farm name as CCH, and the IMA worker mode tofalse by typing:

.\XenAppConfigConsole.exe /ExecutionMode:Join /FarmName:CCH/IMAWorkerMode:false


5. Continue on the same line, adding flags to specify the database username asCCH\Administrator, password as Password1:

/OdbcUserName:CCH\Administrator /odbcPassword:Password1

6. Continue on the same line, adding flags to specify the license server name as dc and thelocation of the DSN file as C:\Scripts\database_info.dsn:

/LicenseServerName:dc /DsnFile:'C:\Scripts\database_info.dsn'

7. Continue on the same line, adding flags to add all authenticated users to the Remote DesktopUser Group but to not add the anonymous users or the users group. Type

/AddAuthenticatedUsersToRemoteDesktopUserGroup:true/AddAnonymousUsersToRemoteDesktopUserGroup:false/AddUsersGroupToRemoteDesktopUserGroup:false

8. Type the Restart-computer PowerShell command on the next line to restart the computerand then save the script.

a. Type Restart-computer on a new line.

b. Click File > Save.

The final code should look like the following:

cd 'C:\Program Files (x86)\Citrix\XenApp\ServerConfig'.\XenAppConfigConsole.exe /ExecutionMode:Join /FarmName:CCH/IMAWorkerMode:false /odbcUserName:CCH\Administrator/OdbcPassword:Password1 /LicenseServerName:dc/DsnFile:'C:\Scripts\database_info.dsn'/AddAuthenticatedusersToRemoteDesktopUserGroup:true/AddAnonymousUsersToRemoteDesktopUserGroup:false/AddUsersGroupToRemoteDesktopUserGroup:falserestart-computer


The script above is designed to initiate the XenAppConfigConsole tool and provide the parametersPlease advise students that many of the line breaks aboveto configure and join the virtual machine to the farm. Once this is completed, the computer musthave auto-wrapped during formatting. Please refer to thebe restarted to complete joining the farm.exercise steps to indicate where the appropriate line

breaks should be.


Creating the Kickoff Batch File


1. Use Notepad to create a new document. Save the file as "FirstLogonScript_untested.bat" in the//dc/filer/LoginScripts/Scripts_untested directory.

a. Click Start > All Programs > Accessories > Notepad to open Notepad.

b. Click File > Save As.

c. Type \\dc\filer and press Enter.

d. Navigate to the LoginScripts\Scripts_untested folder.

e. Name the file FirstLogonScript_untested.bat and click Save.

2. Type powershell.exe -command "& {Set-ExecutionPolicy unrestricted -Force}" to run a PowerShell command, forcing the initial execution policy to beunrestricted.

The PowerShell's default execution mode is set to "Restricted", which prevents all non-Microsoft scripts from running for security reasons. In order to run custom scripts, theexecution mode needs to be changed to unrestricted mode first.

3. Type powershell.exe -noexitC:\Scripts\scripted_configuration_untested.ps1 on the second line to runthe script that was previously created.

4. Save the file and close Notepad.The final code should look like the following:

powershell.exe -command "& {Set-ExecutionPolicy unrestricted -Force}"powershell.exe -noexit C:\Scripts\scripted_configuration_script_tested.ps1

The script above will be executed by the Sysprep process which will then run the configurationscript through PowerShell.

Modifying a Sysprep Answer File for a ScriptedConfiguration


1. Use the Windows System Image Manager tool to open the\\dc\filer\Sysprep_files\xaw-1_tested.xml answer file. Save the answer file asxac-2_untested.xml to the same location.

a. Click Start > All Programs > Microsoft Windows AIK > Windows System ImageManager.

Windows System Image Manager opens.

b. Click File > Open Answer File and navigate to the \\dc\filer\Sysprep_files folder to openthe xaw-1_tested.xml file.

The answer file opens.

c. Click File > Save Answer File As and save the answer file as xac-2_untested.xml inthe same location.


2. Add the AutoLogon and FirstLogonCommands nodes from the amd64_Microsoft-Windows-Shell-Setup component to the "7 oobeSystem" pass.

a. Expand the Components > amd64_Microsoft-Windows-Shell-Setup node in theWindows Image pane.

b. Right-click the AutoLogon and click Add Setting to Pass 7 oobeSystem.

c. Right-click FirstLogonCommands and click Add Setting to Pass 7 oobeSystem.

3. Repeat the previous step for the x86_Microsoft-Windows-Shell-Setup component.

4. Specify the domain settings within the AutoLogon node as "CCH.local," and set the usernameto "CitrixAdmin," and set Enabled to "true."

a. Click the AutoLogon node in the Answer file pane.

The AutoLogon properties pane appears.

b. Click the Domain field and type CCH.local.

c. Click the Enabled field and type true.

d. Click the Username field and type CitrixAdmin.

5. Specify "Password1" as the setting value for the Password node.

a. Expand the Autologon node and click Password.

b. Click the Value field in the Settings pane and type Password1.

6. Create a new SynchronousCommand in the FirstLogonCommand node. Specify the scriptlocation C:\Scripts\FirstLogonScripts.bat as the command line, the order settingas 1, and the RequiresUserInput setting to false.

a. Right-click FirstLogonCommands in the Answer File pane and click Insert NewSynchronous Command.

b. Click Synchronous Command.

The Synchronous Command Properties pane appears.

c. Click the CommandLine field and type C:\Scripts\FirstLogonScript.bat

d. Click in the Order field in the Synchronous Command Settings in the right pane and type1.

e. Click in the RequiresUserInput field and type false.

7. Repeat the previous three steps for the x86_Microsoft-Window-Shell-Setup component.

8. Save the file and close all open windows.


Exercise 2-4: Performing a ScriptedConfiguration

Scenario

A member of your team performed testing and troubleshooting on your batch, PowerShell scripts,and the Sysprep answer file and returned to you tested versions of the files to use.

Previously you prepared the machine for imaging by creating the Sysprep answer file, created aPowerShell script to perform the configuration, and created a batch script to initiate the process.Now you must complete the process by performing a Sysprep on the system.


Performing Sysprep on XenAppController-2



2. Use the Active Directory Users and Computers console to delete the XAC-2 computer objectfrom the domain.

a. Click Computers in the cch.local node of the Active Directory Users and Computersconsole.

b. Right-click XAC-2 and select Delete.

c. Click Yes to confirm.


4. Copy the \\dc\filer\Sysprep_files\xac2_tested.xml to theC:\Windows\System32\sysprep\ folder.

Please note that any scripts or files created to perform thea. Click Start and type \\dc\filer\Sysprep_files\. sysprep are not the same files created by students. Because

so much can go wrong in the creation of these files, fullyb. Right-click the xac2_tested.xml file and select Copy.tested pre-provided files are ultimately used in order toc. Browse to the C:\Windows\System32\sysprep\ folder.ensure consistant outcomes without any issues.

d. Click Organize and select Paste.It is optional whether to disclose this fact to our students.


5. Copy the \\dc\filer\LoginScripts\Scripts folder to C:\.

a. Navigate to the \\dc\filer\LoginScripts\ folder.

b. Right-click Scripts and click Copy.

c. Browse to C:\, click Organize, and select Paste.

6. Start a command prompt and change the current directory to theC:\Windows\System32\sysprep folder.


b. Type cd C:\Windows\System32\sysprep and press Enter to change your currentdirectory.

7. Run the sysprep utility specifying for the utility to generalize the system, set to an out of thebox experience, reboot, and to run through an unattended install using the xac2_tested.xmlanswer file.

a. Type sysprep /generalize /oobe /reboot /unattend:xac2_tested.xmland press Enter.

b. Allow the sysprep process to complete and restart the system.

The restart will simulate bringing up a brand new clone of the system. To create atemplate from this virtual machine, specify the /shutdown command instead of the/restart command.

Viewing the Results of the Scripted Configuration



2. Periodically refresh the Computers list in the Active Directory Users and Computers consoleuntil the XAC-2 computer object is joined back into the domain. Once completed, move the

Talking Points:XAC-2 server to the "All XenApp Servers" organizational unit.

Explain what is happening during this process and why a. Right-click Computers and click Refresh.the it takes time to complete:

b. Drag XAC-2 to the All XenApp Servers node and click Yes.• The sysprep command is being run reverting the

virtual machine to the out of box experience.It may take up to ten minutes for the XenAppController-2 to recover from the sysprep

• The sysprep process is generalizing the system by and rejoin the domain.removing all guids and unique identifiers.

• The process is then restoring the specializations 3. Switch to the XenAppController-1 virtual machine.configuring in the sysprep answer file.

4. Periodically refresh the server list in Citrix AppCenter until the XAC-2 machine appears in the• The computer boots and runs the kickoff script which server list.

runs the XenApp configuration script and thenrestarts.

It may take several more minutes for the XenAppController-2 virtual machine to addExplain how this can be useful in conjunction with a itself back into the farm.hypervisors virtual machine template feature to allow forunlimited XenApp server clones to be added to the farm

This technique can be used to add new XenApp servers to the farm without any additional action.without any additional configuration. Using a script canIf the virtual machine was made into a template while in its sysprepped state, a virtually unlimitedallow for more specialized behavior of the virtual machinenumber of these virtual machines could be provisioned from it and added to the farm quickly andin how it joins the farm and configures itself.


without any OS or networking conflicts.

Module 3

Creating FarmRedundancy


Exercise 3-1: Load Balancing Web Interfaceand XML Services Using Citrix NetScaler

Scenario

CCH has standard 09:00 to 17:00 working hours, which means that traffic dramatically increases at09:00 as employees come into the office, start up their computers, access the Web Interface, and

Remind students to read the scenarios before eachlaunch their applications. To ensure that the request load is spread evenly during this time, you

exercise. The scenarios provide a lot of additionaldecide to load balance the Web Interface servers as well as the XML service.

contextual information on the each exercise task.

© Copyright 2011 Citrix Systems, Inc. Module 3: Creating Farm Redundancy 55

Another administrator created a domain user account called "HealthMonitor" for you to use inconfiguring the Health Monitoring feature.


Setting Up Load Balancing



2. Use Internet Explorer to navigate to http://ns.cch.local and log on with the credentialsnsroot/nsroot.

a. Click Start > Internet Explorer and navigate to http://ns.cch.local/.

b. Log on to the Netscaler VPX Web Interface using the nsroot/nsroot credentials.

3. Use the Load Balancing node to launch the Load Balancing wizard for Citrix XenApp.

a. Click the Load Balancing node in the left pane.

b. Click the Load Balancing wizard for Citrix XenApp link under Getting Started in theLoad Balancing pane.

4. Begin configuring load balancing for the Web Interface servers by adding a new virtual serverwith the address 192.168.1.180. Specify that the virtual server use port 80 and the HTTPprotocol.

a. Click Next to proceed to the Load Balance Web Interface servers page.

b. Type 192.168.1.180 in the Virtual Server IP Address field, and type 80 in theVirtual Server Port field.

c. Select HTTP from the Protocol menu.

5. Add IP addresses for both WebInterfaceServer-1 (192.168.1.130) and WebInterfaceServer-2(192.168.1.135) virtual machines on port 80.

a. Type in 192.168.1.130 in theWeb Interface Servers IP Address field, type 80 in thePort field, and click Add.

b. Type in 192.168.1.135 in theWeb Interface Servers IP Address field and click Add.

6. Configure Health Monitoring by adding the CCH\HealthMonitor/Password1 credentials. Makethe site path "/Citrix/XenApp".

a. Select Validate Credentials.

b. Type HealthMonitor in the User Name field and Password1 in the Password field.

c. Type CCH in the Domain Name field.

d. Type /Citrix/XenApp/ in the Site Path field.

e. Click Next to proceed to the Load Balance XML Broker servers screen.

7. Configure load balancing for the XML Broker servers by creating a new virtual server with theaddress 192.168.1.185. Specify for the virtual server to use port 80 and the HTTP protocol.

a. Type 192.168.1.185 in the Virtual Server IP Address field and type 80 in theVirtual Server Port field.

b. Select HTTP from the Protocol menu.

8. Add IP addresses for both XenAppController-1 (192.168.1.110) and XenAppController-2(192.168.1.115) virtual machines on port 80.

a. Type 192.168.1.110 in the XML Broker Servers IP Address field, type 80 in the Portfield, and click Add.

b. Type 192.168.1.115 in the XML Broker Servers IP Address field and click Add.

9. Ensure that Notepad is listed as the Health Monitoring Application Name and then completethe Load Balancing Wizard for Citrix XenApp.

a. Verify that Notepad is present in the Health Monitoring Application Name field.

The Health Monitoring feature will verify the existence of this application within the feedfrom the XML service to determine the health of the XML Broker.

b. Click Next to proceed to the Summary page.

c. Click Finish and Exit to close the Load Balancing Wizard for Citrix XenApp.

Verifying the Load Balancing Configuration

Use the XenAppController-1 virtual machine logged on as the CCH\CitrixAdmin user for this task.

1. View the Load Balancing virtual servers and verify that the Web Interface and XML entriesshow green and "up" as their State and Effective State, respectively.

a. Expand the Load Balancing node and click on Virtual Servers.

b. Verify that the load balancing virtual servers titled XA_WI_EXT_192.168.1.180_80_lbvipand XA_XML_192.168.1.185_80_lbvip appear and show green and "up" as their State andEffective State, respectively.

56 Module 3: Creating Farm Redundancy © Copyright 2011 Citrix Systems, Inc.

These virtual servers will take incoming Web Interface and XML connections and forwardthe traffic to their respective servers based on state.

It may take a few moments for the virtual servers to register as "up." Refresh the LoadBalancing Virtual Servers pane after a minute, if they appear to be "down."

2. View the Load Balancing Service Groups and verify that the Web Interface and XML entriesshow green and "up" as their State and Effective State, respectively.

If a student is having trouble with a NetScalera. Click the Service Groups sub-node in the left-hand pane. configuration at any time try the following:

b. Verify that the service groups titled XA_WI_EXT_192.168.1.180_80_svcg and • Close and reopen Internet Explorer and try again toXA_XML_192.168.1.185_80_svcg appear and show "enabled" and "up" as their State and verify the work.Effective State, respectively.

• Restart the EndUserSimulator virtual machine and tryagain to verify the work.

These service groups indicate the state of the servers that the NetScalers will forward• Restart the NetScaler virtual machine without savingconnections to for each service.

the configuration and ask the student to retry theexercise.This exercise was written so that students test

3. View the network IP addresses of the NetScaler and verify that there are new virtual IP their work to ensure it works before saving theaddresses 192.168.1.180 and 192.168.1.185 and that they are listed as "Active" and "Enabled." NetScaler's configuration.

a. Expand the Network > IPs node in the left-hand pane. • Replace the ns.conf file located in the /nsconfigdirectory on the NetScaler with the ns.conf.bak fileb. Verify that virtual IP addresses 192.168.1.180 and 192.168.1.185 appear and that they arewithin the same directory to reset the NetScaler to thelisted as "Active" and "Enabled."start of class configuration.


Configuring DNS to the Virtual Servers



2. Use the DNS Manager console to add a new host to the cch.local forward lookup zone.

a. Click Start > Administrative Tools > DNS.

b. Expand the DC > Forward Lookup Zones nodes and click the cch.local node.

c. Right-click cch.local and select New Host (A or AAAA).

The New Host dialog box appears.

3. Specify xmlbrokers as the name, 192.168.1.185 as the IP address, and add the host.

a. Type xmlbrokers in the Name field.

b. Type 192.168.1.185 in the IP Address field.

c. Click Add Host and click OK to create the new host entry.

4. Add another new host to the cch.local forward lookup zone. Specify "webinterface" as the nameand 192.168.1.180 as the IP address.

a. Type webinterface in the Name field.

b. Type 192.168.1.180 in the IP Address field and click Add Host.

c. Click OK and click Done to close the New Host dialog box.


Updating the Web Interface Servers to Use the Load-Balanced XML Brokers



2. Use the Citrix Web Interface Management console to view the farm settings of the existing"XenApp" XenApp Web site.

a. Click Start > All Programs > Citrix > Management Consoles > Citrix Web InterfaceManagement.

b. Click the XenApp Web Sites node.

c. Right-click XenApp and click Server Farms.

d. Double-click the CCH farm.

3. Update the Server Farms settings to list a single XML server named xmlbrokers.cch.local.

a. If present, select the xac-2.cch.local server and click Remove.

b. Double-click the xac-1.cch.local server, change the name to xmlbrokers.cch.local,and click OK.

c. Click OK and click OK to close the Manage Server Farms dialog box.

4. View the farm settings of the existing PNAgent XenApp Services site.

a. Click the XenApp Services Sites node.

b. Right-click PNAgent and select Server Farms.

c. Double-click the CCH farm.

5. Update the Server Farms settings to list a single XML server named xmlbrokers.cch.local.

a. Select the xac-2.cch.local server and click Remove.

b. Double-click xac-1.cch.local, change the name to xmlbrokers.cch.local, and clickOK.

c. Click OK twice to close the Manage Server Farms dialog box.


7. Repeat steps 2-6 on the WebInterfaceServer-2 virtual machine as the CCH\CitrixAdmin user.


Exercise 3-2: Testing Load Balancingthrough Citrix NetScaler

Scenario

You have just implemented load balancing of the Web Interface servers and the XML brokerservices through the NetScaler. Now you need to test and verify that the load balancing is workingas intended.


Testing the Current State


1. Log on to the EndUserSimulator virtual machine as the CCH\CitrixAdmin user.

2. Use Internet Explorer to access the Web Interface at http://webinterface.cch.local, and log on asthe CCH\CitrixAdmin user.

If a student is having trouble with a NetScalera. Click Start > All Programs > Internet Explorer. configuration at any time try the following:

b. Navigate to http://webinterface.cch.local/. • Close and reopen Internet Explorer and try again toverify the work.c. Log on to the Web Interface as CCH\CitrixAdmin user.

• Restart the EndUserSimulator virtual machine and try3. Verify that the Notepad application is present. Log off of the Web Interface site and closeagain to verify the work.Internet Explorer.

• Restart the NetScaler virtual machine without savingAccessing the http://webinterface.cch.local site successfully confirms that the NetScaler is correctlythe configuration and ask the student to retry theconfigured as a virtual server and providing load balancing for Web Interface. Logging onexercise.This exercise was written so that students testsuccessfully and verifying that the Notepad application is present confirms that the same is true fortheir work to ensure it works before saving thethe XML broker services.NetScaler's configuration.

• Replace the ns.conf file located in the /nsconfigdirectory on the NetScaler with the ns.conf.bak fileSimulating Loss of Service to XenAppController-2 andwithin the same directory to reset the NetScaler to theWebInterfaceServer-2 start of class configuration.

Use the XenAppController-2 virtual machine logged in as the CCH\CitrixAdmin user for this task. If this virtual machine is having trouble connecting to theentry just created or changed in DNS, perform a DNS

1. Switch to the XenAppController-2 virtual machine and log on as the CCH\CitrixAdmin user.cache flush on the system by running the ipconfig

2. Use the Services console to stop the Citrix XML Service. Leave the Services console open. /flushdns command in a command prompt window.



b. Right-click the Citrix XML Service and click Stop.


4. Use the Services console to stop the World Wide Web Publishing Service.


b. Right-click theWorld Wide Web Publishing Service and click Stop.


6. Switch to the XenAppController-1 and use Internet Explorer to view the NetScaler console.

7. Save and refresh the current NetScaler configuration.

a. Click Save and click Yes to save the current configuration.

b. Click Refresh All and click Yes to refresh the configuration.

8. View and refresh the load balancing service groups and notice that the effective states of bothservices still are listed as "up" but display a yellow icon.

a. Expand the Load Balancing node and click the Service Groups node.

b. Verify the state of the service groups.

Both service groups should appear as a yellow "up," signifying that part of the servicegroup is "down."

9. View the XA_XML_192.168.1.185_80_svcg service group and notice that it shows the192.168.1.115 server as "down."

a. Double-click the XA_XML_192.168.1.185_80_svcg service group and notice that the192.168.1.115 service is "down."

b. Click Close to close the Configure Service Group dialog box.

10. View the XA_WI_EXT_192.168.1.180_80_svcg service group and notice that it shows the192.168.1.135 server as "down."

a. Double-click the XA_WI_EXT_192.168.1.180_80_svcg service group and notice that the192.168.1.135 service is "down."

b. Click Close to close the Configure Service Group dialog box.



a. Click Start > All Programs > Internet Explorer.

b. Navigate to http://webinterface.cch.local/.

c. Log on to the Web Interface as CCH\CitrixAdmin user.

13. Verify that the Notepad application is present. Log off of the Web Interface site and closeInternet Explorer.

Even though one XML service and one Web Interface service are down, the NetScaler automaticallyreroutes all incoming connections to the working server.

Simulating Complete Loss of the XML Broker and WebInterface Services




2. Use the Services console to stop the World Wide Web Publishing Service.


b. Right-click theWorld Wide Web Publishing Service and click Stop.



5. Use the Services console to stop the Citrix XML Service. Leave the Services console open.


b. Right-click the Citrix XML Service and click Stop.

6. Use Internet Explorer to refresh and view the load balancing service groups. View the effectivestate of the XML and Web Interface Service Groups.

a. Click the Load Balancing > Service Groups node in the NetScaler VPX ConfigurationUtility.

b. Click Refresh and verify the state of the service groups.

The Effective state of the Service Group XA_XML_192.168.1.180_80_svcg andXA_WI_EXT_192.168.1.180_80_svcg is "down."

7. View the XA_XML_192.168.1.185_svcg service group and notice that now both servers arelisted as "down." Close the window.

a. Double-click the XA_XML_192.168.1.185_80_svcg service group.

b. Verify that both services are "down."

c. Click Close to close the Configure Service Group dialog box.


9. Use Internet Explorer to navigate to http://webinterface.cch.local.

a. Click Start > All Programs > Internet Explorer and browse tohttp://webinterface.cch.local/.

Now that both Web Interface servers are completely offline, the NetScaler is unable toload balance, which causes a complete loss of connectivity.


Restoring the XML Services



2. Use the Services console to start the Citrix XML Service.


a. Right-click Citrix XML Service in the Services console and select Start.

b. Click File > Exit to close the Services console.

3. Repeat steps 1-2 with the XenAppController-2 virtual machine.

4. Switch to the XenAppController-1 virtual machine and use Internet Explorer to view theNetScaler console.

5. View and refresh the load balancing service groups. Verify that the effectiveXA_XML_192.168.1.185_80_svcg service state is listed as "up" and has a green icon.

a. Select the Load Balancing > Service Groups node in the NetScaler VPX ConfigurationUtility and verify the state of the service groups.

b. Click Refresh.

It may take a few moments before the XML service group registers as "up." TheXA_WI_EXT_192.168.1.180_80_svcg service group is still listed as "down."

6. Perform a cold restart of the NetScaler. Close Internet Explorer and allow several minutes forthe NetScaler to restart before continuing.

a. Click the System node and click Reboot.

b. Click Yes to confirm and click No to perform a cold restart.

c. Close Internet Explorer and allow several minutes for the NetScaler to restart.


Exercise 3-3: Installing and Configuring WebInterface on Citrix NetScaler

Scenario

After careful consideration of recommendations from you and your team, management hasreconsidered its risk analysis on redundancy. Instead of using load-balanced Web Interface servers,management now thinks that a single NetScaler could easily handle the 09:00 logon request spike.Now you must install and configure the NetScaler itself to host the Web Interface and use thissetup to effectively replace the use of the load-balanced Web Interface servers.

After the new Web Interface sites are configured, you need to change the webinterface DNS recordto point to the new site and create an auto redirect on the NetScaler to point to the/Citrix/XenApp site.


Installing Web Interface

Use the XenAppController-1 virtual machine logged in as the CCH\Admin user for this task.

1. Use Internet Explorer to navigate to http://ns.cch.local and log on with the credentialsnsroot/nsroot.

a. Click Start > Internet Explorer and navigate to http://ns.cch.local/.

b. Log on to the Netscaler VPX Web Interface using the nsroot/nsroot credentials.

2. Start the wizard to install Web Interface from within the Web Interface node of the NetScaler.

a. Click theWeb Interface node and click Install Web Interface in the Getting Startedmenu.

b. View the Install Web Interface screen.

3. Use the browse local function to specify the Web Interface Tar File Path as\\dc\filer\WebInterface\nswi-1.3.tgz.

a. Click the down arrow to the right of the Web Interface Tar File Path and click Local.

b. Navigate to \\dc\filer\WebInterface\, select nswi-1.3.tgz, and click Open.

4. Use the browse local function to specify the JRE Tar File Path as\\dc\filer\WebInterface\diablo-latte-freebsd6-amd64-1.6.0_07-b02.tar.bz2.

a. Click the down arrow to the right of the JRE Tar File Path and click Local.

b. Navigate to \\dc\filer\WebInterface\, select diablo-latte-freebsd6-amd64-1.6.0_07-b02.tar.bz2, and click Open.

5. Change the maximum number of sites to 3 and install Web Interface.


a. Select 3 from the Maximum number of sites drop down menu and click Install.

The Web Interface Wizard begins to go through the installation process.

b. Click OK after the installation completes.

Configuring a XenApp Web Site


1. Start the Web Interface Wizard and continue to the Configure Web Interface Site screen.

a. Click Web Interface Wizard to start configuring Web Interface.

b. Click Next to proceed to the Configure Web Interface Site page.

2. Verify that XenApp Web Site is selected as the site type with /Citrix/XenApp as the SitePath and DualMode as the published Resource Type.

a. Verify that XenApp Web Site is selected in the Site Type menu.

b. Verify that /Citrix/XenApp/ appears in the Site Path field.

c. Select DualMode from the Published Resource Type menu.

3. Verify that Direct Mode is selected and that the wizard will create a new LB Virtual Server.Specify IP address 192.168.1.190 as the IP address using port 80.

a. Verify that Direct Mode and Create new LB Virtual Server are selected.


c. Click Next to proceed to the Configure XenApp Farm page.

4. Configure the XenApp farm using CCH as the farm name and xmlbrokers.cch.local as theXML Service address.

a. Click Add and type CCH in the Name field.

b. Type xmlbrokers.cch.local in the XML Service Addresses field and click Create.

5. Finish the wizard and allow it to configure the XenApp Web site.

a. Click Next to proceed to the Summary page.

b. Click Finish and click Exit to complete the configuration.

Configuring a XenApp Services Site


1. Start the Web Interface Wizard and continue to the Configure Web Interface Site screen.

a. Click Web Interface Wizard to start configuring Web Interface.

b. Click Next to proceed to the Configure Web Interface Site page.

2. Specify the Site Type as a XenApp Services site. Verify that the Site Path changed to/Citrix/PNAgent and that DualMode is the published Resource Type.


a. Select XenApp Service Site from the Site Type menu and verify that/Citrix/PNAgent/ is now listed as the Site Path.

b. Select DualMode from the Published Resource Type menu.

3. Verify that Direct Mode is selected and that the wizard will create a new LB Virtual Server.Specify IP address 192.168.1.190 as the IP address using port 80.

a. Verify that Direct Mode and Create new LB Virtual Server are selected.


c. Click Next to proceed to the Configure XenApp Farm page.

4. Configure the XenApp farm using CCH as the farm name and xmlbrokers.cch.local as theXML Service address.

a. Click Add and type CCH in the Name field.

b. Type xmlbrokers.cch.local in the XML Service Addresses field and click Create.

5. Finish the wizard and allow it to configure the XenApp Web site.

a. Click Next to proceed to the Summary page.

b. Click Finish and click OK to ignore the error message.

c. Click Exit to complete the configuration.




Configuring an Auto-Redirect to the Web Interface Site


1. Access and enable the Responder feature using the Citrix NetScaler VPX Configuration Utility.

a. Right-click the Responder node and click Enable Responder Feature.

b. Expand the Responder node and click Actions.

2. Add a new redirect Responder action with the name "Redirect_to_WebInterface_Path".

a. Click Add to open the Create Responder Action dialog box.

b. Type Redirect_to_WebInterface_Path in the Name field.

c. Select Redirect in the Type field.

3. Specify the Web Interface site URL in quotation marks"http://webinterface.cch.local/Citrix/XenApp", bypass the safety check, andthen create the action. Close the Create Responder Action screen.

a. Type "http://webinterface.cch.local/Citrix/XenApp" in the Target fieldand select the Bypass Safety Check checkbox.

b. Click Create and Close to close the Create Responder Action dialog box.


4. Add a new Responder policy called "Web_root_path" with the actionRedirect_to_WebInterface_Path.

a. Click Policies in the Responder node and click Add.

b. Type Web_root_path in the Name field.

c. Select Redirect_to_WebInterface_Path from the Action menu.

5. Create a Responder policy using the Add wizard to construct an expression that returns a"true" value if the HTTP request URL path is "/".

a. Click Add to open the Add Expression dialog box.

b. In Construct Expression, select HTTP, REQ, URL, Path, EQ(string) from each successivemenu.

c. Type / in the String field.

d. Click OK.

e. Click Create and click Close to close the Create Responder Policy dialog box.

The expression should end up looking like HTTP.REQ.URL.PATH.EQ("/").

6. Use the Policy Manager to view the 192.168.1.190_80 LB virtual server.

a. Click Policy Manager to open the Responder Policy Manager dialog box.

b. Click LB Virtual Server and double-click 192.168.1.190_80.

7. Insert the "Web_root_path" policy for the 192.168.1.190_80 virtual server.

a. Click Insert Policy and select Web_root_path.

b. Click Apply Changes and click Close to close the Responder Policy Manager.

Reconfiguring DNS for Web Interface Citrix NetScaler



2. Use the DNS Manager console to edit the webinterface entry in the Forward Lookup Zones ofcch.local.

a. Click Start > All Programs > Administrative Tools > DNS to launch the DNS Managerconsole.

b. Expand the DC > Forward Lookup Zones node and click the cch.local node.

c. Double-click webinterface.

3. Update the webinterface entry to use IP address 192.168.1.190 and apply the changes.

a. Type 192.168.1.190 in the IP Address field.

b. Click Apply and click OK.



Testing Web Interface on Citrix NetScaler




If a student is having trouble with a NetScalera. Click Start > All Programs > Internet Explorer. configuration at any time try the following:

b. Navigate to http://webinterface.cch.local/. • Close and reopen Internet Explorer and try again toverify the work.c. Log on to the Web Interface as CCH\CitrixAdmin user.

• Restart the EndUserSimulator virtual machine and try3. Close all open windows.again to verify the work.4. Switch to the XenAppController-1 virtual machine and use Internet Explorer to view the

• Restart the NetScaler virtual machine without savingNetScaler configuration screen.the configuration and ask the student to retry the5. Save and refresh the current NetScaler configuration.exercise.This exercise was written so that students test

a. Click Save and click Yes to save the current configuration. their work to ensure it works before saving theNetScaler's configuration.b. Click Refresh All and click Yes to refresh the configuration.

• Replace the ns.conf file located in the /nsconfig6. Close all open windows.directory on the NetScaler with the ns.conf.bak fileThe NetScaler is now acting as the primary Web Interface for the farm. The redirect responderwithin the same directory to reset the NetScaler to thepolicy setup is working as intended because the web browser was automatically redirected to thestart of class configuration./Citrix/XenApp Web Interface site.

If this virtual machine is having trouble connecting to theentry just created or changed in DNS, perform a DNScache flush on the system by running the ipconfig/flushdns command in a command prompt window.



Module 4

Maintaining the XenAppEnvironment


Exercise 4-1: Updating the Mozilla FirefoxStreaming Profile

Scenario

The web development team that maintains the CCH web site has identified a specific need for theirteam. The team requires a Mozilla Firefox browser extension called "Firebug" to aid in their web

Remind students to read the scenarios before eachdevelopment. Mozilla Firefox is an application that is streamed to a client device through the CCH

exercise. The scenarios provide a lot of additionalXenApp farm. To accommodate this request and ensure the extension is in place when the farm

contextual information on the each exercise task.goes into production, you need to update the Mozilla Firefox streaming profile to include the new

© Copyright 2011 Citrix Systems, Inc. Module 4: Maintaining the XenApp Environment 71

browser extension.

You were notified by management that they want you to restrict the default search engines installedwith Mozilla Firefox to Google and Bing.

A member of your team has already downloaded the Firebug extension and placed it on a share foryou. You need to extract and install it into the profile.


Viewing Mozilla Firefox







3. Launch Mozilla Firefox from the Web Interface and view the default search engines that areinstalled with the browser.

a. Click Firefox.

b. Select Don't import anything and click Next, if prompted.

c. Click the down arrow on the left of the Firefox search toolbar to view the default searchengines.

4. View the Mozilla extensions and confirm that Firebug is not installed.

a. Click Firefox > Add-ons to open the Add-ons Manager.

b. Click the Extensions tab.

c. Verify that the Firebug extension is not installed.

5. Close Mozilla Firefox, log off the Web Interface, and close all open windows.

Preparing the Firebug Extension

Use the Profiler-Win7 virtual machine logged in as the local CitrixAdmin user for this task.

1. Log on to the Profiler-Win7 virtual machine as the local CitrixAdmin user.

2. Launch 7-Zip and open the Firebug extension file located at\\dc\filer\Software\firebug.xpi.

a. Click Start > All Programs > 7-Zip > 7-Zip File Manager.

The 7-Zip File Manager opens.

b. Type \\dc\filer\Software\ in the 7-Zip File Manager navigation bar and pressEnter.

3. Extract the firebug.xpi file into a folder called "firebug" within the\\dc\filer\Software folder.

a. Select firebug.xpi and click Extract on the 7-Zip File Manager toolbar.

b. Verify that the default extract location \\dc\filer\Software\firebug and clickOK to accept all other defaults.

The firebug.xpi file is extracted to a newly created firebug folder.

4. Copy the firebug folder to the desktop and rename it to "[email protected]".

a. Drag the firebug folder to the Desktop and close all open windows.

b. Right-click firebug and click Rename.

c. Type [email protected] and press Enter.

Modifying a Streaming Profile

Use the Profiler-Win7 virtual machine logged in as the local CCH\CitrixAdmin user for this task.

1. Launch Streaming Profiler and open the Firefox profile located at \\dc\filer\AppHub.

a. Click Start > All Programs > Citrix > Streaming Profiler > Streaming Profiler to openthe Streaming Profiler.

b. Click Open Profile.

c. Navigate to \\dc\filer\AppHub\firefox.

d. Select Firefox.profile and click Open.

2. Start the Update Application wizard on the Windows Vista/7/2008 profile. Perform anAdvanced Installation to select files and folders to add to the profile.

a. Expand the Firefox node in the left pane.

b. Right-click theWindows Vista [All service packs] node and click Update/InstallApplication.

c. Click Next, select Advanced Install, and click Next.

d. Select Select files and folders and click Next.

3. Navigate the Select files pane to C:\Users\CitrixAdmin\Desktop.

72 Module 4: Maintaining the XenApp Environment © Copyright 2011 Citrix Systems, Inc.

4. Navigate the Current files pane to C:\Program Files\Mozilla Firefox\extension.

5. Copy the [email protected] folder to the extensions folder.

a. Select the [email protected] folder in the Select files pane.

b. Click the green Arrow button.

After a few moments, the [email protected] folder appears inthe Current files pane.

6. Navigate to C:\Program Files\Mozilla Firefox\searchplugins in the currentfiles pane. Permanently delete all of the files except google.xml and bing.xml.

a. Navigate to C:\Program Files\Mozilla Firefox\searchplugins in theCurrent Files pane.

b. Control-click amazondotcom.xml, ebay.xml, wikipedia.xml, and yahoo.xml.

c. Click the red X button to delete the files and click Yes to confirm the deletion.

7. Finish the Update Profile wizard using the default settings and save the profile.

a. Click Next, select Finish installations, and click Next.

b. Click Next in the Run Application, Select Applications, and Add Virtual Hard Diskscreens.

c. Click Next in the Sign Profile screen and click Finish.

The Firefox profile is updated.

d. Click File > Save.

The profile is saved to the AppHub on the filer.


Verifying the Changes in Mozilla Firefox







3. Launch Mozilla Firefox from the Web Interface and view the default search engines that areinstalled with the browser.

a. Click Firefox to launch the application.

b. Click the drop-down arrow on the left of the Firefox search toolbar to view the defaultsearch engines.

The installed default search engines list only Bing and Google.


4. View the Mozilla extensions and confirm that Firebug is now installed.

a. Click Firefox > Add-ons to open the Add-ons Manager.

b. Click the Extensions tab.

c. Verify Firebug is listed as an enabled extension.

5. Close Mozilla Firefox, log off the Web Interface, and close all open windows.


Exercise 4-2: Performing Data StoreMaintenance Commands

Scenario

The new XenApp 6.5 farm has been up for quite some time at this point, and there have beenmany configuration changes. In order to verify that things are running smoothly, you want to run afew maintenance commands to check and optimize the data store and Local Host Cache on theXenApp servers.

A member of your team is working on a script to perform most of these commands automaticallyat regular intervals, but until this script is complete, you must run them yourself.

In addition, another member of your team noticed a strange issue on the XenAppController-2virtual machine. You have investigated it without finding anything, but you want to delete andrecreate the Local Host Cache on this machine just to be sure.


Performing Data Store Maintenance with DSMaint



2. Use a command prompt to run the dsmaint command to view the tools options and syntax.

a. Click Start > All Programs > Accessories > Command Prompt.

b. Type dsmaint at the command line and press Enter.

The tool options and syntax are listed.

3. Run the dsmaint command to verify the Local Host Cache and auto repair it if needed.

a. Type dsmaint verifylhc /autorepair and press Enter.

b. Ensure that the "LHC integrity has been verified successfully" message appears.

4. Run the dsmaint command to compact the Local Host Cache file and run dsmaintcommand to compact the RADE offline data store.

a. Type dsmaint compactdb /lhc and press Enter.

b. Verify that the "Compact DB operation succeeded" message appears.

c. Type dsmaint compactdb /rade and press Enter.

5. Run the dscheck command to perform validation on the data store and clean anyinconsistent records.

a. Type dscheck /clean and press Enter.

b. Verify that the "Finished data store validation" message appears.


Typically, the data store should be backed up before performing this command.


Recreating the Local Host Cache



2. Use the Services console to stop the Citrix Independent Management Architecture service.Keep the Services console open.

a. Select Start > Administrative Tools > Services.

b. Right-click Citrix Independent Management Architecture and click Stop.

c. Click Yes in the Stop Other Services dialog box.

After a few moments, the Citrix Independent Management Architecture service stopsrunning.

3. Use a command prompt to run the dsmaint command to recreate the Local Host Cachedatabase.


b. Type dsmaint recreatelhc and press Enter.

c. Verify that the "Recreating LHC database finished successfully" message appears.

4. Use the Services console to start the Citrix Independent Management Architecture Service, andCitrix WMI Service services.

a. Right-click Citrix Independent Management Architecture Service in the Services consoleand select Start.

b. Right-click Citrix WMI Service and select Start.



Exercise 4-3: Configuring Power andCapacity Management

Scenario

Due to the variation in demand for XenApp resources throughout any given day or week, you wantto set up Power and Capacity Management for all XenApp servers to enable the PowerManagement and Load Consolidation features. Using these features will also allow you to free upserver resources when they are not required so they can be used for other work.

The Power and Capacity Management Concentrator has already been set up on theXenAppController-1 virtual machine and the Agents have been installed on each of the XenAppserver virtual machines by another member of your team. You just need to add each server to thePower and Capacity Management farm and then configure Power Management and LoadConsolidation. Testing done by your consultant indicates that you should have at minimum threeservers running during the hours of 08:00 and 18:00 on weekdays and one server running on theweekends.


Setting Configuration Details Through Group Policy



2. Use the Group Policy Management Console to edit the XenApp Domain Policy group policyobject.


b. Expand the Forest: cch.local > Domains > cch.local nodes.

c. Right-click XenApp Domain Policies and click Edit.

3. Access the Computer Configuration Citrix Policies and edit the Unfiltered policy.

a. Expand the Computer Configuration > Policies node and click the Citrix Policies folder.

After a few moments, the Citrix policies load in the right pane.

b. Click the Unfiltered policy and click the Edit button

4. Access the Power and Capacity Management settings and add a policy to make the farm name"CCH-PCM".

a. Click the Settings tab and click the Power and Capacity Management category.

b. Click Farm name in the right pane and click Add.

c. Type CCH-PCM in the Value field and click OK.

5. Add a policy to set the workload name to "Regular" and then finish editing the policy.


a. Click Workload name in the right pane and click Add.

b. Type Regular in the Value field and click OK.

c. Click OK to close the Edit Policy dialog box.

The Summary tab displays the changes to the active settings.


Joining the Servers to the Farm


1. Launch the Power and Capacity Management console and wait a moment until the XAC-1.cch.local machine appears in the XenApp Servers workload.

a. Click Start > All Programs > Citrix > Management Consoles > XenApp Power andCapacity Management.

b. Click the Servers tab in the All Workloads pane.

c. Verify XAC-1.cch.local appears in the Server list.


3. View the Power and Capacity Management console and verify that all three XenApp serversare registered in the console.

If all servers are not in the farm, restart any servers that are not present and wait for themto join. The Power and Capacity Management console will auto-refresh when new serversjoin the farm.

Configuring Server Preference and Capacity Limits


1. Enable power management and load consolidation on the regular workload.

a. Right-click the Regular workload and click Enable Power Management.

b. Right-click the Regular workload again and click Enable Load Consolidation.

2. Change the XAC-2.cch.local machine controller preference to 2nd choice.

a. Right-click XAC-2.cch.local and click Server Properties.

b. Select 2nd choice in the Power controller preference menu and click OK.

3. Change the XAW-1.cch.local machine controller preference to 3rd choice.

a. Right-click XAW-1.cch.local and click Server Properties.

b. Select 3rd choice in the Power controller preference menu and click OK.

4. Use the Server Profile Properties to change the typical session capacity to 10.

a. Click the Capacities tab.


b. Right-click the VM: IntelXeon L5420 server profile and click Server Profile Properties.

c. Type 10 in the Typical Session Capacity field.

d. Click OK.

Creating a Workload Schedule


1. Create a new Power Management entry for Monday for 08:30 specifying three minimumavailable servers.

a. Click the Regular workload and click the Schedule tab.

b. Select Allow edit.

A new editable field appears for each week day.

c. Beneath Monday, click the Time column editable field and type 08:30.

d. Click the Minimum Available Servers column and type 3.

2. Create another entry for Monday at 18:30 specifying two Minimum Available Servers.

a. Click the Time column editable field beneath the 08:30 entry for Monday.

b. Type 18:30, click the Minimum Available Servers column, and type 2.

3. Copy the Monday schedule for Tuesday, Wednesday, Thursday, and Friday.

a. Click Copy Monday's schedule to copy the workload schedule to Tuesday.

b. Repeat substep a for the Wednesday, Thursday, and Friday schedules.

4. Create an entry for Saturday at 06:00 specifying one minimum available server and copy theSaturday schedule to Sunday.

a. Click the Time column editable field for Saturday.

b. Type 06:00, click the Minimum Available Servers column, and type 1.

c. Click Copy Saturday's schedule to copy the new workload schedule to Sunday.

5. Disable Power Management and Load Consolidation and close all open windows.

a. Click Disable Power Management in the right pane and click Disable LoadConsolidation.

b. Close all open windows.


Exercise 4-4: Creating a Restart Schedulefor the XenApp Servers

Scenario

As part of the default maintenance of the XenApp farm, you want to implement a regular restartschedule to ensure that the servers are running free of memory leaks, print spooler problems, andother issues that commonly arise with a computer that stays running for long periods of time.

Upon analysis of the work habits of CCH employees, your team finds that the most opportune timeto perform the restarts is weekly on Sunday mornings around 03:00. You need to implement thisrestart schedule on all XenApp servers.


Implementing a Restart Schedule







3. Create a new Citrix Computer Policy called "Weekly Restart Schedule for All Servers."

a. Expand the Computer Configuration > Policies node and click the Citrix Policies folder.

b. Click New in the right pane to create a new Citrix computer policy.

c. Type Weekly Restart Schedule for All Servers in the Name field and clickNext.

4. Add a new setting to enable scheduled reboots.

a. Click the Server Settings > Reboot Behavior category.

b. Click the Schedule reboots setting and click Add.

c. Select Enabled in the Add Setting dialog box and click OK.

5. Add a new setting to set the reboot schedule frequency to every seven days.

a. Click the Reboot Schedule Frequency and click Add.

b. Type 7 in the Days field and click OK.

6. Add a new setting to set the reboot schedule start date to this Sunday.

a. Click the Reboot schedule start date setting and click Add.


b. Enter the date for the upcoming Sunday in the MM/DD/YYYY format and click OK.

7. Add a new setting to set the reboot schedule time to 03:00.

a. Click the Reboot schedule time setting and click Add.

b. Type 3:00 AM in the Time field and click OK.

8. Add a new setting to set a Reboot schedule randomization interval to 30 minutes.

a. Click the Reboot schedule randomization interval setting and click Add.

b. Type 30 in the Minutes field and click OK.

9. Add a new setting to disable logons to a server to 15 minutes before a restart.

a. Click the Reboot logon disable time setting and click Add.

b. Select Disable 15 minutes before reboot from the Value menu and click OK.

10. Add a new setting to start warning the users 30 minutes before a reboot.

a. Click the Reboot warning start time setting and click Add.

b. Select Start 30 Minutes Before Reboot in the Value menu and click OK.

11. Add a new setting to enable reboot warnings to users.

a. Click the Reboot warning to users setting and click Add.

b. Select Enabled in the Add Setting menu and click OK.

12. Add a new setting to warn users of the reboot every 10 minutes.

a. Click the Reboot warning interval setting and click Add.

b. Select Every 10 Minutes from the Value menu and click OK.

13. Add a new filter to apply the policy to the All Servers worker group.

a. Click Next to access the filters screen.

b. Click theWorker Group filter in the Filters pane and click Add.

The New Worker Group Filter dialog box opens.

c. Click Add, ensure that Allow is selected in the Mode menu, and then click Browse.

After a few moments, the Select a worker group dialog box opens.

d. Double-click All Servers from the Worker groups pane and click OK.

14. Finish the New Policy Wizard and enable the policy.

a. Click OK in the New Filter dialog box.

b. Click Next in the New Policy Wizard.

c. Ensure that Enable this policy is selected and click Create.




Module 5

Optimizing the XenAppEnvironment


Exercise 5-1: Enabling Multi-Stream ICAPolicies for Specific ICA Traffic

Scenario

CCH employees often host their meetings in a hosted GoToMeeting application. However, in theprevious XenApp 6 environment, employees had trouble using the GoToMeeting VoIP audio

Remind students to read the scenarios before eachbridge during meetings held at peak network times. Observation of network traffic indicated that

exercise. The scenarios provide a lot of additionalmaking some QoS improvements to the ICA stream could correct this problem.


© Copyright 2011 Citrix Systems, Inc. Module 5: Optimizing the XenApp Environment 85


Enabling the Multi-Stream ICA Computer Policy







3. Create a new Citrix computer policy called "Enabling Multi-Stream ICA for VoIP Traffic onAll Servers."

a. Expand the Computer Configuration > Policies node and click Citrix Policies.

b. Click New in the right pane to create a new Citrix Computer Policy.

c. Type Enabling Multi-Stream ICA for VoIP Traffic on All Servers in theName field.

d. Click Next.

4. Add a new setting to enable multi-stream.

a. Click Multi-Stream Connections in the Categories pane.

b. Click the Multi-Stream setting and click Add.


5. Add the Multi-Port Policy setting to assign CGP port 1282 as port1 with a very high priority.

a. Click the Multi-Port Policy setting and click Add.

b. Type 1282 in the CGP port1 field.

c. Select Very High in the CGP port1 priority menu and click OK.

6. Add the Audio UDP Port Range setting to assign audio to use the UDP ports 16500 and 16509.

a. Click the Audio UDP Port Range setting and click Add.

b. Ensure that the ports 16500,16509 are in the Value field.

c. Click OK.


a. Click Next, click theWorker Group filter, and click Add.

b. Click Add, ensure that Allow is selected in the Mode menu, and then click Browse.


c. Select All Servers from the Worker groups pane and click OK.


d. Click OK to close the New Filter Element screen.





Allowing Users Access to Multi-Stream ICA


1. Create a new Citrix user policy called "Granting Domain Users Multi-Stream ICA Abilities".

a. Expand the User Configuration > Policies node and select Citrix Policies.

b. Click New in the right pane to create a new Citrix user policy.

c. Type Granting Domain Users Multi-Stream ICA Abilities in the Name fieldand click Next.

2. Add a new setting to enable Multi-Stream.

a. Click Multi-Stream Connections in the Categories pane.

b. Click the Multi-Stream setting and click Add.


3. Add a new filter to apply the policy to all domain users.

a. Click Next, click the User or Group filter, and click Add.

The New User or Group Filter dialog box opens.

b. Click Add.

c. Ensure that Allow is selected in the Mode menu and Enable this filter element is selected.

d. Type CCH\Domain Users in the User or group name field and select OK.




86 Module 5: Optimizing the XenApp Environment © Copyright 2011 Citrix Systems, Inc.


5. Restart the XenAppController-1 , XenAppController-2 , and XenAppWorker virtual machines.

Verifying Multi-Stream ICA



2. Use the netstat command within a command prompt to view all of the ports the server islistening on and verify the XTE process is using port 1282.

a. Click Start > All Programs > Accessories > Command Prompt.

b. Type netstat -nab to view all ports the server is listening on.

c. Verify 0.0.0.0:1282 appears as using XTE.exe and its state is Listening.


4. Repeat steps 1-3 on the XenAppController-2 and XenAppWorker virtual machines.

All of the XenApp servers are now using XTE to listen on ports 2598 and 1282 for ICAconnections.


Exercise 5-2: Enabling CPU and MemoryOptimization

Scenario

In the short term, memory is going to be limited within the environment. To make more efficientuse of each XenApp server memory allocation, you decide to implement memory optimization.

In addition, two different groups of users have been identified as requiring special CPU resourcerequirements. The CCH web team's graphic designers need more CPU resources to run their CPU-intensive graphics suites, while the Customer Support Representative team require lower CPUresources.

You need to enable the CPU and Memory Optimization features in order to better make use ofXenApp server resources.


Enabling Memory and CPU Optimization Policies







3. Create a new Citrix Computer policy called "Enabling Memory and CPU Optimization on AllServers."

a. Expand the Computer Configuration > Policies node and click Citrix Policies.

b. Click New in the right pane to create a new Citrix Computer policy.

c. Type Enabling Memory and CPU Optimization on All Servers in the Namefield and click Next.

4. Add a setting that enables memory optimization.

a. Click Memory/CPU in the Categories pane, click the Memory Optimization setting, andclick Add.

b. Select Enabled in the Add Setting dialog box and click OK.

5. Add a setting that sets the memory optimization interval to occur daily.

a. Click the Memory optimization interval setting and click Add.

b. Verify that Daily is selected from the Value menu and click OK.


6. Add a setting that schedules the memory optimization to occur at 03:00.

a. Click the Memory optimization schedule: time setting and click Add.

b. Verify that 3:00 AM is in the Time field and click OK.

7. Add a setting to specify the preferential load balancing CPU management server level.

a. Click the CPU management server level setting and click Add.

b. Select Preferential Load Balancing from the Value menu and click OK.


a. Click Next, click theWorker Group filter, and click Add.

b. Click Add, ensure that Allow is selected in the Mode menu, and then click Browse.


c. Select All Servers from the Worker groups pane and click OK.


d. Click OK to close the New Filter Element screen.





Applying Session Importance to Specific Users


1. Create a new Citrix User policy called "High Session Importance to Graphic Design Group."

a. Expand the User Configuration > Policies node and click Citrix Policies.

b. Click New in the right pane to create a new Citrix User policy.

c. Type High Session Importance to Graphic Design Group in the Name fieldand click Next.

2. Add a setting to set session importance to high.

a. Click Server Session Settings in the Categories pane, click the Session importance setting,and click Add.

b. Select High from the Value menu and click OK.

3. Add a new filter to apply the policy to the CCH\Graphic Design and CCH\Domain Adminsgroups.



b. Click Add. Ensure that Allow and Enable this filter element are selected.

c. Type CCH\Graphic Design in the User or group name field and select OK.


d. Click Add, type CCH\Domain Admins in the User or group name field, and click OK.





5. Create a new Citrix User policy called "Low Session Importance to Customer Support Group".

a. Click New in the right pane to create a new Citrix User policy.

b. Type Low Session Importance to Customer Support Group in the Name fieldand click Next.

6. Add a setting to set Session importance to Low.

a. Click Server Session Settings in the Categories pane, click the Session importance setting,and click Add.

b. Select Low from the Value menu and click OK.

7. Add a new filter to apply the policy to the CCH\Customer Support group.



b. Click Add. Ensure that Allow and Enable this filter element are selected.

c. Type CCH\Customer Support in the User or group name field and click OK.








Module 6

Optimizing the UserEnvironment


Exercise 6-1: Configuring ProfileManagement

Scenario

CCH employees often work at many different company-provided computers in a single work day.The employees need to have their application customization and preferences available regardless of

Remind students to read the scenarios before eachthe computer they use to access them.

exercise. The scenarios provide a lot of additionalTo meet this need, you must install and configure Citrix Profile Management within the XenApp contextual information on the each exercise task.

© Copyright 2011 Citrix Systems, Inc. Module 6: Optimizing the User Environment 93

farm.


Configuring a Profile Share


1. Switch to the DomainController machine.

2. Create a folder called Profiles on the C: drive.

a. Click Start > Computer.

b. Double-click Local Disk (C:) and click New folder.

c. Type Profiles and press Enter.

3. Share the C:\Profiles folder and specify the share name as "Profiles$".

a. Right-click the Profiles folder and click Properties.

b. Click the Sharing tab and click Advanced Sharing.

c. Select Share this folder.

d. Type Profiles$ in the Share name field.

4. Use the advanced sharing permissions to give everyone full control.

a. Click Permissions.

b. Select Full Control under Allow and click OK to exit the Permissions screen.

c. Click OK to close the Advanced Sharing screen.

5. Access the Advanced Security Settings for the C:\Profiles folder to change thepermissions.

a. Click the Security tab.

b. Click Advanced.

c. Click Change Permissions.

6. Verify that the CCH\Administrators has full control of this folder, subfolders, and files.

a. Click Administrators (CCH\Administrators) and click Edit.

b. Verify that Full control is allowed and applied to this folder, subfolders, and files, and clickOK.

7. Add the Domain Users group to the permission entries.

a. Click Add.

b. Type CCH\Domain Users in the Enter object name to select field and click CheckNames.

c. Click OK.

8. Grant the Domain Users group the rights to list folder / read data, create folders / append data,and create files /write data for this folder only.

a. Select This folder only is selected from the Apply to menu.

b. Select Allow for the List folder / read data permission.

c. Select Allow for the Create folders / append data permission and click OK.

d. Click OK to exit the Permissions Entry screen.

e. Click OK to close the Advanced Security Settings and click Close.

Installing Profile Manager



2. Access \\dc\filer\Software\ProfileManagement and start theprofilemgt4.0.0_x64 installer.

a. Click Start > Network and navigate to DC > Filer > Software > ProfileManagement.

b. Double-click the profilemgt4.0.0_x64 installer file.

3. Accept the license agreement and install the software using the default values. Close theinstaller when completed and restart the virtual machine.

a. Click Next, select I accept the terms in the License Agreement, and click Next.

b. Click Next to accept the default installation location.

c. Click Install and click Finish when the installation is completed.

d. Click Yes to restart the virtual machine.

Configuring Profile Management

Use the DomainController virtual machine logged on as the CCH\Administrator user for this task.


2. Use the Group Policy Management console to create and edit a group policy object named"ProfileManagement" that is linked to the All XenApp Servers organizational unit.


94 Module 6: Optimizing the User Environment © Copyright 2011 Citrix Systems, Inc.

b. Expand the Domains > cch.local > All XenApp Servers.

c. Right-click the All XenApp Servers organization unit and click Create a GPO in thisdomain, and Link it here.

d. Type ProfileManagement in the Name field and click OK.

e. Right-click the ProfileManagement group policy object in the right pane and click Edit.

3. Add the ctxprofile4.0.adm administrative template located in theC:\Filer\Software\ProfileManagement\ADM_Templates\en folder to theAdministrative Templates for the Computer configuration.

a. Expand the Computer Configuration > Policies node.

b. Right-click Administrative Templates and click Add/Remove Templates.

c. Click Add and browse toC:\Filer\Software\ProfileManagement\ADM_Templates\en.

d. Select ctxprofile4.0.0.adm and click Open.

e. Click Close.

4. Access the Citrix Profile Management policy settings and enable profile management.

a. Expand the Computer Configuration > Policies > Administrative Templates > ClassicAdministration (ADM) > Citrix nodes and click Profile Management.

b. Double-click Enable Profile management.

c. Click Enabled and click OK.

5. Add the CCH\Domain Users group to the processed groups for profile management andenable the processed groups.

a. Double-click Processed groups.

b. Click Enabled and click Show.

c. Type CCH\Domain Users in the Value field and click OK.

d. Click OK to close the Processed groups dialog box.

6. Specify \\DC\Profiles$\%username%\ as the path to the user store.

a. Double-click Path to user store.

b. Click Enabled.

c. Type \\DC\Profiles$\%username%\ in the Absolute path or path relative to thehome directory field and click OK.


8. Switch to the XenAppController-1 virtual machine and log on as the CCH\CitrixAdmin user.


Testing Profile Management

Use the EndUserSimulator virtual machine logged on as the CCH\TestUser user for this task.


1. Switch to the EndUserSimulator virtual machine. Log off from the current user and log on asthe CCH\TestUser user.

2. Use Internet Explorer to navigate to http://webinterface.cch.local and log on using theCCH\TestUser credentials.

a. Click Start > Internet Explorer.

b. Navigate to http://webinterface.cch.local.

c. Log on using the CCH\TestUser credentials.

3. Use Notepad to save a blank text file called Test.txt to the Desktop. Close Notepad and logoff from Web Interface.

a. Click Notepad to open the published Notepad application.

b. Click File > Save and click Desktop.

c. Type Test.txt and click Save.

d. Click File > Exit to close Notepad.

e. Click Log Out on the Web Interface.



6. Verify that a new folder called testuser was created. View theTestUser\UPM_Profile\Desktop folder for the Test file.

a. Click Start > Computer and navigate to C:\Profiles.

b. Verify that a folder called testuser exists.

c. Navigate to TestUser\UPM_Profile\Desktop and verify that the Test file ispresent.


8. Use Internet Explorer to navigate to http://webinterface.cch.local and log on using theCCH\TestUser credentials.


b. Navigate to http://webinterface.cch.local.

c. Log on using the CCH\TestUser credentials.

9. Launch the XenApp Server Desktop and verify that the Test.txt file is present on theDesktop.

a. Click the Desktops tab in Internet Explorer.

b. Click XenApp Server Desktop to launch the server desktop.

c. Verify that the Test.txt file is located on the desktop.

10. Log off from the server desktop and Web Interface and close all open windows.

11. Log off from the EndUserSimulator virtual machine.


Exercise 6-2: Profiling an ApplicationRequiring a Service

Scenario

The CCH Graphic Design department occasionally has to print from streamed applications tospecial high-quality printers using Bonjour Print Services. The Bonjour print services make use of aWindows service in order to work correctly. The Citrix Engineer wants you to profile Bonjour sothat the service can be linked into other profiles. You need to then test it to ensure that theWindows service works correctly when streamed through XenApp.


Profiling an Application with a Service

Use the Profiler-Win7 virtual machine logged in as the local CitrixAdmin user for this task.

1. Switch to the Profiler-Win7 virtual machine.

2. Use the Streaming Profiler to begin profiling a new application called "Bonjour."

a. Click Start > All Programs > Citrix > Streaming Profiler > Streaming Profiler.

b. Click New Profile in the Welcome dialog box and click Next.

c. Type Bonjour in the Profile name field and click Next.

3. Use the default Enable User Updates, Support Legacy Offline Plug-ins, and Set up Inter-Isolation Communication options and verify that Windows 7 is selected as the target operatingsystem. Specify the setting to profile for all languages.

a. Click Next to accept the Enable User Updates defaults.

b. Click Next to accept the Support Legacy Offline Plug-ins defaults.

c. Click Next to accept the Set up Inter-Isolation Communication defaults.

d. Verify that Windows 7 is selected as a target operating system.

The Windows Vista and Windows Server 2008 are also selected by default.

e. Select All languages for the Target language and click Next.

4. Use the Quick Install option to specify the\\dc\filer\Software\BonjourPSSetup.exe installer.

a. Select Quick Install is selected as the installation option and click Next.

b. Click Browse and navigate to \\dc\filer\Software\.

c. Double-click BonjourPSSetup.exe and click Next.


5. Launch the Installer, agree to the license agreement, and install Bonjour Printing Services usingthe default options.

a. Click Launch Installer.

Please wait for the Bonjour Print Services installer to open before continuing. This maytake a few moments.

b. Click Next, accept the terms in the license agreement, and click Next.

c. Click Next and click Install to begin the installation process.

6. Finish the installer and complete the New Profile wizard using the default options. You mayneed to terminate processes that are still running.

a. Click Finish and then click Next.

b. Click Next and click OK in the Invalid Shortcuts screen.

c. Click Next again to accept the defaults in the Add Virtual Hard Disk screen and click Nextin the Sign Profile screen.

d. Click Terminate All to terminate any running processes and then click Next.

e. Click Finish.

7. Access the Windows Vista target properties in the Bonjour profile and view the Windowsservices installed in the profile. Verify that the Bonjour Service is listed and it will be run usingthe local system. Close the Target Properties.

a. Expand the Bonjour node, right-click Windows Vista [All service packs], and clickProperties.

b. Click Services and verify that Bonjour Service appears in the List of Services and it isdesignated as LocalSystem.

c. Click OK to exit the Target Properties dialog box.

8. Save the profile to the \\dc\filer\AppHub folder and close the Streaming Profiler.

a. Click File > Save.

b. Type \\dc\filer\AppHub in the Profile directory field and click Save.


Publishing Bonjour Print Services as a StreamingApplication



2. Use Citrix AppCenter to start publishing a stream to client application called "Bonjour PrintServices."



b. Expand the XenApp > CCH > Applications nodes.

c. Right-click Applications and click Publish application.

d. Click Next to begin the Publish Application wizard.

e. Type Bonjour Print Services in the Display Name field and click Next.

3. Specify the application to be streamed to client by using the \\dc\filer\AppHub\Bonjour\Bonjour.profile profile. Specify Bonjour Printer wizard as theapplication to launch from the profile.

a. Select Streamed to Client and click Next.

b. Click Browse, navigate to the \\dc\filer\AppHub\Bonjour folder and double-clickthe Bonjour.profile file.

c. Select Bonjour Printer wizard from the Application to launch from the Citrix streamingapplication profile menu and click Next.

d. Click Next to use the default settings for offline access.

4. Publish Bonjour Printing Services to all Domain Admins and the Graphic Design group.

a. Click Add to open the Select Users or Groups screen.

b. Click Add List of Names and type CCH\Domain Admins;CCH\Graphic Design.

c. Click Check Names and click OK if the name validates successfully.

d. Click OK to close the Add List of Names window and then click OK.

5. Complete the Publish Application wizard using the default settings.

a. Click Next to proceed to the Shortcut presentation screen.

b. Click Next and click Finish to complete the Publish Application wizard.

Testing and Implementing Support for Windows Service







3. Open Bonjour Printing Services and note the error indicating that the Bonjour Service is notrunning. Log off from Web Interface and close Internet Explorer.

a. Click Bonjour Print Services to launch the application.

b. Read and verify the error message and click OK.


The error indicates that the Bonjour Service is not available and therefore the applicationcannot start.

c. Click Log off and close Internet Explorer.

4. Open the Registry Editor and navigate to HKEY_LOCAL_MACHINE > Software > Citrix >Rade.

a. Click Start, type regedit in the Search field, and press Enter.

b. Expand the HKEY_LOCAL_MACHINE > Software > Citrix node.

c. Click Rade.

5. Within the Rade key, create a new String Value called "AppHubWhiteList." Specify"dc;dc.cch.local" as the value.

a. Right-click the Rade folder and click New > String Value.

b. Type AppHubWhiteList in the Name field.

c. Double-click the AppHubWhiteList string value.

d. Type dc;dc.cch.local in the Value data field and click OK.

6. Create a new DWord value called "AppHubWhiteListRequired." Specify 1 as its value. Close theRegistry Editor.

a. Right-click the Rade folder and click New > DWORD (32-bit) Value.

b. Type AppHubWhiteListRequired in the Name field.

c. Double-click the AppHubWhiteListRequired Dword value and type 1 in the Value datafield to mark the value as true.

d. Click OK and close the Registry Editor.

7. Use the Services console to restart the Citrix Streaming Helper Service. Allow it to restart theCitrix Streaming service. Keep the Services console open.

a. Click Start and type services in the Search field. Click Services from the results.

b. Right-click the Citrix Streaming Helper Service and click Restart.

c. Click Yes to restart any dependent services.





9. Open Bonjour Printing Services and allow it to start. Scan the Services console for the newBonjour service and notice that it is now running.

a. Click the Bonjour Printing Services icon in the Web Interface.

b. Switch to the Services console, right-click Services (Local) in the left pane and clickRefresh.


The names of streamed Windows services begin with an 8-digit portion of the app'sisolation environment unique id. This key is unique for each student. For example, arunning Bonjour Service may appear as "fd5e45b9-Bonjour Service" within the Servicesconsole.

10. Log out of the EndUserSimulator virtual machine.



Module 7

Optimizing Printing


Exercise 7-1: Verifying Printer DriverCompatibility with XenApp

Scenario

CCH recently established a new support contract with Brother Industries Ltd. to provide printersand support for the CCH offices. Brother representatives and the CCH IT department deployed

Remind students to read the scenarios before eachseveral new printers of varying models around the office. However, some of the models included in

exercise. The scenarios provide a lot of additionalthe deployment were printers with non-native printer drivers. In addition to the new Brother

contextual information on the each exercise task.printers, one HP printer model is still in limited use within the organization due to a specific

© Copyright 2011 Citrix Systems, Inc. Module 7: Optimizing Printing 105

required feature.

Though the Citrix Universal Printer driver will be used predominately throughout the company, ITwants to use the vendor-supplied drivers for these three specific printers because of a few featuresspecifically offered through these drivers.

Your job is to verify whether these printer drivers are compatible for production use withinXenApp or whether the Citrix Universal Printer Driver must be used.


Installing Non-Native Printer Drivers



2. Open the BrotherPrinters.exe installer within the \\dc\filer\Software folderand decompress the files into the same folder.

a. Navigate to \\dc\filer\Software and double-click BrothersPrinters.exe.

b. Click Decompress(X) to decompress the installer files to the default directory and clickOK.

3. Create a new folder called "HPPrinters". Launch the HPPrinters.exe installer withinthe \\dc\filer\Software folder and decompress the files into the same folder.

a. Click New folder in the \\dc\filer\Software\ directory and type HPPrinters.

b. Double-click HPPrinters.exe.

c. Click Browse, navigate to \\dc\filer\Software, click HPPrinters, and click OK.

d. Click Unzip and then click OK.

e. Click Close.

4. Use the Devices and Printers console to add a new local printer using the existing LPT1 printerport.

a. Click Start > Devices and Printers and click Add a Printer.

b. Select Add a local printer, select Use an existing port, and select LPT1: (Printer Port)from the menu.

c. Click Next.

5. Browse to \\dc\filer\software\64 within the Have Disk screen, use the brimc10afile and continue with the installation process.

a. Click Have Disk.

b. Click Browse and navigate to \\dc\filer\software\64 and click brimc10a.inf.

c. Click Open and click OK.

6. Install the Brother MFC-9970CDW Printer driver using the default printer name. Do not sharethe printer and then finish the Add Printer wizard.

a. Click Brother MFC-9970CDW from the Printers pane and click Next.

b. Click Next to accept the default printer name.

c. Select Do not share this printer and click Next.

d. Click Finish.

7. Repeat steps 4-6 to add the Brother DCP-9055CDN Printer.

8. Add another new local printer using the existing LPT1 printer port.

a. Select Add a local printer, select Use an existing port, and select LPT1: (Printer Port)from the menu.

b. Click Next.

9. Browse to \\dc\filer\software\HPPrinters\ within the Have Disk screen, use thehpc4x50t file, and continue with the installation process.

a. Click Have Disk.

b. Click Browse, navigate to the \\dc\filer\software\HPPrinters\ folder, andclick HPPrinters.

c. Click Open and then click OK.

10. Install the HP LaserJet 4350 PCL 5e driver using the default printer name. Do not share theprinter and then finish the Add Printer wizard. Close the Devices and Printers window.

a. Click HP LaserJet 4350 PCL 5e from the Printers pane and click Next.

b. Click Next to accept the default printer name.

c. Select Do not share this printer and click Next.

d. Click Finish.

e. Close the Devices and Printers window.

Testing Non-Native Printer Drivers Using StressPrinters


1. Navigate to the \\dc\filer\Software folder, copy the Stress Printers folder to thedesktop, and launch the StressPrinters64 application located in this folder.

106 Module 7: Optimizing Printing © Copyright 2011 Citrix Systems, Inc.

a. Copy the Stress Printers folder from the \\dc\filer\Software folder to thedesktop.

b. Open the Stress Printers folder from the virtual machine desktop and double-click theStressPrinters64 application.

2. Change the number of concurrent add events to 5 and enable verbose mode. Specify the optionto apply these settings to all printers.

a. Type 5 in The number of concurrent add events field and select Verbose mode.

b. Select Apply these settings to all printers.

3. Run the test on both of the Brothers printers. Allow the test to run and display the results.View the log to see if there are any errors reported.

a. Select the Brother DCP-9055CDN and Brother MFC-9970CDW printers.

b. Click Run.

c. Click OK after the test completed.

d. View the log and click Close when finished.

The test returns 0 errors, which indicates that it is safe for use with XenApp.

4. Run the test on the HP LaserJet 4350 PCL 5e printer. Allow the test to run and display theresults. View the log to see if there are any errors reported.

a. Clear the Brother DCP-9055CDN and Brother MFC-9970CDW printers.

b. Select the HP LaserJet 4350 PCL 5e printer and click Run.

c. Click OK after the test completes.

d. View the log and click Close when finished.

The HP LaserJet 4350 PCL 5e printer test returns several errors in the results.


The results reveal that both of the Brother printers are compatible with XenApp but the HP printeris not. Therefore it is safe to use the non-native driver for the Brother printers, but the CitrixUniversal Printer Driver will need to be used for the HP printer instead of its non-native driver.


Exercise 7-2: Replicating Printer DriversUsing PowerShell

Scenario

Both of the Brother printers have been installed and tested and confirmed to be compatible withXenApp. Now you must replicate these printer drivers to all XenApp servers to make themavailable.


Manually Replicating a Printer Driver Using PowerShell


1. Open Windows PowerShell and type the command to load all of the Citrix PowerShell snap-ins.

a. Click Start > All Programs > Accessories > Windows PowerShell > WindowsPowerShell.

b. Type Add-PSSnapIn Citrix.* and press Enter.

2. Use the PowerShell command to view all of the XenApp printer drivers on the XAC-1machine. Verify that MFC-9970CDW and DCP-9055CDN Brother Printer drivers are listed.

a. Type Get-XAPrinterDriver -Servername XAC-1 and press Enter.

b. Verify Brother MFC-9970CDW Printer and Brother DCP-9055CDN Printer appear in theDriverName list.

3. Use the PowerShell command to perform a test printer replication of the Brother MFC-9970CDW Printer to XAC-2.

a. Type Start-XAPrinterDriverReplication and press Enter.

b. Type Brother MFC-9970CDW Printer at the DriverName[0] prompt and pressEnter.

You can copy the name of the printer by highlighting the name from the printer list andthen paste it by right-clicking where it needs to be pasted.

c. Press Enter at the DriverName[1] prompt to submit a blank entry.

d. Type XAC-2 at the TargetServerName[0] prompt and press Enter.

e. Press Enter at the TargetServerName[1] to submit a blank entry.

4. After a few moments view the printer drivers available on the XAC-2 machine. Verify that theBrother MFC-9970CDW Printer is now available in the list.



b. Verify Brother MFC-9970CDW Printer appears in the DriverName list.

It may take several minutes for the replication to complete and display in the list.

5. Perform the printer replication of the Brother MFC-9970CDW Printer to the XAW-1 machineusing the following compound PowerShell command:

Start-XAPrinterDriverReplication -DriverName "Brother MFC-9970CDWPrinter" -TargetServerName XAW-1

6. After a few moments, view the printer drivers available on the XAC-1, XAC-2, and XAW-1machines. Verify that the Brother MFC-9970CDW Printer is now available in the list.

a. Type Get-XAPrinterDriver -Servername XAC-1, XAC-2, XAW-1 and pressEnter.

b. Verify that the Brother MFC-9970CDW Printer appears three times in the DriverNamelist: once each for the XAC-1, XAC-2, and XAW-1 machines.

It may take several minutes for the replication to complete and display in the list.

Auto-Replicating a Printer Driver Using PowerShell


1. Use the PowerShell command to view all of the XenApp printer drivers on the xac-1 server.Verify that MFC-9970CDW and DCP-9055CDN Brother Printer drivers are listed.


b. Verify that Brother MFC-9970CDW Printer and Brother DCP-9055CDN Printer appear inthe DriverName list.

2. Add a new auto replication of the Brother DCP-9055CDN printer by typing the followingcommand:

Add-XAAutoReplicatedPrinterDriver –DriverName “Brother DCP-9055CDN Printer”

You can copy the name of the printer by highlighting the name from the printer list andthen paste it by right-clicking where it needs to be pasted.

3. Use the command to verify that auto replication was set up correctly. Verify that the BrotherDCP-9055CDN printer is now available in the list.


a. Type Get-XAAutoReplicatedPrinterDriver and press Enter.

b. Verify that Brother DCP-9055CDN Printer appears in the DriverName field.

4. Use the PowerShell command to view the printer drivers available on the xac-2 and xaw-1machines after several minutes. Verify that the Brother DCP-9055CDN Printer is now availablein the list.

a. Type Get-XAPrinterDriver -Servername XAC-2,XAW-1 and press Enter.

b. Verify that Brother DCP-9055CDN Printer appears two times in the DriverName list: oncefor each of the different servers listed in ServerName.

It may take several minutes for the replication to finish and display the printer driver inthe list.

5. Close the Windows PowerShell window.


Exercise 7-3: Troubleshooting a Printer Issuewith the Citrix Group Policy Modeling Wizard

Scenario

While testing some of the implementation requirements, another administrator noticed thatsomething was not quite right. According to the company's plan, users in the Finance department,which is part of the Accounting department, should have the same policy setting: auto-create clientdefault printer. The Accounting department should be restricting the auto-creation of clientprinters in accordance with company policy.

However, during testing it was found that no client printers were auto-created for those users inFinance, while auto creation was working as expected for those in Accounting.

Your job is to troubleshoot this problem, determine the cause, and then identify a solution toensure that the implementation is completed according to plan.


Viewing the Existing Policies






2. View the policy summary of the Citrix user policy "Do Not Auto Create Client Printers forAccounting Department" and ensure that they are set correctly to not auto-create clientprinters. Also verify that the policy is correctly filtered to the CCH\Accounting group.

a. Expand the User Configuration > Policies node and click Citrix Policies.

b. Click the Do Not Auto Create Client Printers for Accounting Department user policyand click the Summary tab.

c. Verify that the active setting for Auto-create client printer is set to Do not auto-createclient printers.

d. Verify that the User or Group filter is set to "Allow - CCH\Accounting".

3. View the "Allow Default Client Printer Auto Creation for Finance Department" policysummary and ensure that it is set correctly to auto-create the default client printer. Also verifythat the policy is correctly filtered to the CCH\Finance group.

a. Click the Allow Default Client Printer Auto Creation for Finance Department userpolicy and click the Summary tab.


b. Verify that the active setting for Auto-create client printers is set to Auto-create the client'sdefault printer only.

c. Verify that the User or Group filter is set to "Allow - CCH\Finance".

You have now verified that the implementation seems correct and that the existing policies containno errors.

Viewing the Resultant Policy for a User in the FinanceGroup


1. Close the Group Policy Management Editor.

2. Use the Group Policy Management window to begin the Citrix Group Policy Modeling Wizard.Run the wizard on any available domain controller within the cch.local domain.

a. Right-click the Citrix Group Policy Modeling node in the Group Policy Managementwindow and click Citrix Group Policy Modeling Wizard.

b. Click Next.

c. Select cch.local from the Show domain controller in this domain menu.

d. Verify that Any available domain controller running Windows Server 2003 or later isselected and click Next.

3. Specify the CCH\TestFinanceUser user within the User Information field.

a. Select User within the User Information field.

b. Click Browse, type CCH\TestFinanceUser in the Enter the object name to selectfield, and click Check Names.

c. Click OK.

4. Specify CCH\All XenApp Servers organization unit as the container within the ComputerInformation field and then proceed to the final page of the wizard without collecting additionaldata.

a. Select Container within the Computer Information field.

b. Click Browse, click the CCH > All XenApp Servers organization unit, and click OK.

c. Select Skip to the final page of this wizard without collecting additional data and clickNext.

5. Verify the summary of selections and run the modeling wizard. When it is completed, close thewizard and view the results.

a. Verify the summary of selections.

b. Click Run to run the modeling wizard and click Close.

6. View the Citrix Group Policy User Configuration and verify the Auto-create client printersetting.

a. Click the TestFinanceUser node.


b. Navigate to User Configuration > Citrix Group Policy in the summary.

c. Verify that the Auto-create client printers setting and that the Do Not Auto Create ClientPrinters for Accounting Department policy is the winning group policy object.

The setting being applied to this user appears to be incorrect. The winning GPO says it isbeing applied by the "Do Not Auto Create Client Printers for Accounting Department"policy.

Upon further reflection, you have determined that this issue exists because the Finance group ispart of the Accounting department. Perhaps the policy applied to the Accounting department isoverriding the one assigned to the Finance group. A test fix is required.

Implementing a Test Fix


1. Use the Group Policy Management console to edit and view the XenApp Domain PoliciesCitrix user policies.

a. Right-click XenApp Domain Policies and click Edit.

b. Navigate to User Configuration > Policies > Citrix Policies.

2. Edit the User or Group filter of the "Do Not Auto Create Client Printers for AccountingDepartment" and add a new filter element.

a. Click the Do Not Auto Create Client Printers for Accounting Department user policy.

b. Click the User or Group filter for Active Filters and click Edit.

3. Specify to Deny the filter to the CCH\Finance group and complete editing the filter.

a. Click Add and select Deny from the Mode menu.

b. Type CCH\Finance and click OK.

c. Click OK in the Edit Filter dialog box.

Adding a filter to deny the policy to the Finance group should allow for the resultant policy tobypass the policy for this group and apply later policies.

Verifying the Test Fix


1. Close the Group Policy Management Editor.

2. Delete the existing TestFinanceUser group policy wizard result.

a. Right-click TestFinanceUser and click Delete.

b. Click Yes.

3. Use the Group Policy Management window to begin the Citrix Group Policy Modeling Wizard.Run the wizard on any available domain controller within the cch.local domain.


a. Right-click the Citrix Group Policy Modeling node in the Group Policy Managementwindow and click Citrix Group Policy Modeling Wizard.

b. Click Next.

c. Select cch.local from the Show domain controller in this domain menu.

d. Verify that Any available domain controller running Windows Server 2003 or later isselected and click Next.

4. Specify the CCH\TestFinanceUser user within the User Information field.

a. Select User within the User Information field.

b. Click Browse, type CCH\TestFinanceUser in the Enter the object name to selectfield, and click Check Names.

c. Click OK.

5. Specify CCH\All XenApp Servers organization unit as the container within the ComputerInformation field and then proceed to the final page of the wizard without collecting additionaldata.

a. Select Container within the Computer Information field.

b. Click Browse, click the CCH > All XenApp Servers organization unit, and click OK.

c. Select Skip to the final page of this wizard without collecting additional data and clickNext.

6. Verify the summary of selections and run the modeling wizard. When it is completed, close thewizard and view the results.

a. Verify the summary of selections.

b. Click Run to run the modeling wizard and click Close.

7. View the Citrix Group Policy User Configuration settings and verify that the Auto-create clientprinters setting is now showing the desired result "Auto-create the client's default printer only."Verify that the desired group policy object is listed as the winning group policy object.

a. Click the TestFinanceUser node.

b. Navigate to User Configuration > Citrix Group Policy in the summary list.

c. Verify that the Auto-create client printers setting value is "Auto-create the client's defaultprinter only" and the winning group policy object is from "Allow Default Client PrinterAuto Creation for Finance Department."


The fix worked as expected. The users from the finance group are now displaying the correctsettings.


Module 8

Securing XenApp


Exercise 8-1: Creating and Distributing RootCA Certificates

Scenario

The staging of the new XenApp 6.5 farm is going very well and is on schedule. The last step is toenable the security layers to ensure that the farm is taking advantage of the state-of-the-art security

Remind students to read the scenarios before eachtechnology. Before you can start securing XenApp, you must create the security certificates.

exercise. The scenarios provide a lot of additionalThe Citrix Engineer wants to create an in-house Certificate Authority instead of purchasing contextual information on the each exercise task.

© Copyright 2011 Citrix Systems, Inc. Module 8: Securing XenApp 117

certificates from an outside source. To satisfy this request you need to install the Active DirectoryCertificate Services, create the root CA, and then distribute it to all servers through Group Policy.


Installing Active Directory Certificate Services



2. Use Server Manager to add the Active Directory Certificate Services Role to the system.

a. Click Start > Administrative Tools > Server Manager.

b. Click the Server Manager (DC) > Roles node and click Add Roles in the Roles Summarypane.

c. Click Next, select Active Directory Certificate Services, and click Next.

d. Click Next.

3. Add the Certification Authority Web Enrollment Service, and any required services. Specifythat you are creating an Enterprise Root CA.

a. Select Certification Authority Web Enrollment, click Add Required Role Services, andclick Next.

b. Verify that Enterprise is selected and click Next.

c. Verify that Root CA is selected and click Next.

4. Create a new private key using the default cryptography for the CA. Use the default CA nameand specify a validity period of 10 years.

a. Verify that Create a new private key is selected and click Next.

b. Click Next to accept the default CA cryptography.

c. Click Next to accept the default CA name.

d. Type 10 for the validity period and select years. Click Next.

5. Use the default certificate database and then install the role using the default settings.

a. Click Next to accept the default certificate database location.

b. Click Next to accept the defaults for Web Server (IIS).

c. Click Next to accept the defaults for Role Services.

d. Click Install and wait until the installer is completed.


Creating a Root CA on NetScaler



2. Access the NetScaler web interface at http://ns.cch.local and log on using the nsroot/nsrootcredentials.

3. Access the SSL Settings and start the Root-CA Certificate Wizard.

a. Click the NetScaler VPX ns.cch.local > SSL node in the left pane.

b. Click Root-CA Certificate Wizard from the SSL pane.

4. Create an RSA Key with the filename "cch-ca.key" and a key size of 2048 bits.

a. Click Next.

b. Type cch-ca.key in the Key Filename field and 2048 in the Key Size field.

c. Click Next.

5. Create a CSR with the file name "cch-ca.req" and the password "Password1". Use the followinginformation for the Distinguished Name fields:

• Common Name: cch.local

• City: San Francisco

• Organization Name: Coolidge Consolidated Holdings, Ltd

• State/Province Name: CA

• Email Address: [email protected]

• Organization Unit: IT

a. Type cch-ca.req in the Request File Name field.

b. Type Password1 in the PEM Passphrase field.

c. Use the provided information to complete the Distinguished Name Fields and click Next.

6. Create a Certificate called "cch-ca.cer" with the password "Password1".

a. Type cch-ca.cer in the Certificate File Name field.


c. Click Next.

7. Install the Certificate with a Certificate-key pair name of "cch-ca.keypair" with the password"Password1" and then finish and exit the wizard.

118 Module 8: Securing XenApp © Copyright 2011 Citrix Systems, Inc.

a. Type cch-ca.keypair in the Certificate-Key Pair Name field.

b. Type Password1 in the Password field.

c. Click Next and then click Finish.

d. Click Exit.

8. Start the Manage Certificates tool, create a new folder location for \\dc\filer\certsfolder, and download the cch-ca.cer certificate to the newly created folder location.

a. Click Manage Certificates/Keys/CSRs in the SSL pane.

b. Click cch-ca.cer and click Download.

c. Click Browse, navigate to the \\dc > filer folder, and click the Create New Folder icon.

d. Type Certs for the new folder name.

e. Select the Certs folder and click Select.

f. Click Download.

9. Close the Manage Certificates tool.





Distributing the Root Certificate



2. Use Internet Explorer to access the Certificate Services site at http://dc/certsrv and downloadthe root CA Certificate in the base 64 encoding method.

a. Start Internet Explorer and navigate to http://dc/certsrv.

b. Click Download a CA certificate, certificate chain, or CRL and click Yes.

c. Click Current [cch-DC-CA] in the CA certificate field and select Base 64 as the encodingmethod.

d. Click Download CA certificate and click Save.

3. Use the Group Policy Management console to edit the CCH Domain Policy.


b. Expand the Forest: cch.local > Domains > cch.local node.

c. Right-click CCH Domain Policies and select Edit.

4. Access the Public Key Settings Security Settings in the Computer Configuration and beginimporting the certificate into the Trusted Root Certification Authorities.

a. Expand the Computer Configuration > Policies > Windows Settings > Security Settings> Public Key Policies nodes.


b. Right-click the Trusted Root Certification Authorities node and click Import.

5. Import the certnew.cer from the Downloads folder using the default values.

a. Click Next, click Browse, and click Downloads.

b. Double-click certnew.cer and click Next to specify the file to import.

c. Click Next to accept the default certificate location and click Finish.

d. Click OK when the wizard completes the import process.

6. Import the cch-ca.cer certificate from the \\dc\filer\Certs folder into the Trusted RootCertificate Authorities using the default values.

a. Right-click the Trusted Root Certification Authorities node and click Import.

b. Click Next and click Browse.

c. Navigate to the \\dc\filer\Certs folder and double-click cch-ca.cer.

d. Click Next to specify the file to import.

e. Click Next to accept the default certificate location and click Finish.

f. Click OK when the wizard completes the import process.




10. Check the security settings in Internet Explorer to verify that the new root certificateauthorities are present in the Trusted Root Certificate Authorities.

a. Start Internet Explorer and click Tools > Internet Options.

b. Select the Content tab and click Certificates.

c. Click the Trusted Root Certification Authorities tab and verify that the new cch.local andcch-DC-CA root certificate authorities appear in the list.



Exercise 8-2: Encrypting External ICA TrafficUsing ICA Proxy

Scenario

The Citrix Engineer also wants to try testing out encrypting external ICA traffic. To do this, youdecide to set up the Access Gateway Enterprise Edition functionality of the NetScaler system to actas an ICA proxy.

To configure it correctly, you need to create a public server certificate, configure the AccessGateway, and then create a new Web Interface site to handle the new traffic.


Creating a Server Certificate



2. Access the NetScaler web interface at http://ns.cch.local and log on using the nsroot/nsrootcredentials.

3. Access the SSL settings and begin the Server Certificate Wizard.

a. Click the NetScaler VPX ns.cch.local > SSL node in the left pane.

b. Click Server Certificate Wizard in the SSL pane.

4. Create a new key with the file name "cch-server.key" with a key size of 2048.

a. Click Next.

b. Type cch-server.key in the Key Filename field and 2048 in the Key Size field.

c. Click Next.

5. Create a CSR with the file name "cch-server.csr" and the password "Password1". Use thefollowing information for the Distinguished Name fields:

• Common Name: ag.cch.local


• Organization Name: Coolidge Consolidated Holdings, Ltd

• State/Province Name: CA

• E-mail Address: [email protected]

• Organization Unit: IT

a. Type cch-server.csr in the Request File Name field.


c. Use the provided information to complete the Distinguished Name Fields and click Next.


6. Create a certificate called "cca-server.cer". Use the "cch-ca.cer" CA certificate file name, "cch-ca.key" CA file name, "ns-root.srl" CA serial number file that are on the NetScaler with thepassword "Password1".

a. Type cch-server.cer in the Certificate File Name field.

b. Click Browse for the CA Certificate File Name field, select cch-ca.cer, and click Select.

c. Click Browse for the CA Key File Name field, click cch-ca.key, and click Select.

d. Click Browse for the CA Serial Number File field, click ns-root.srl, and click Select.

e. Type Password1 in the PEM Passphrase field and click Next.

7. Install the certificate using the key pair name "cch-server.keypair" and the password"Password1". Finish and exit from the certificate wizard.

a. Type cch-server.keypair in the Certificate-Key Pair Name field.

b. Type Password1 in the Password field and click Next.

c. Click Finish to complete the wizard and click Exit.

8. Access the certificates node and link the "cch-server.keypair" to the "cch-ca.keypair."

a. Expand the SSL node and click Certificates.

b. Click the cch-server.keypair from the SSL Certificates pane and click Link.

c. Select cch-ca.keypair from the CA Certificate Name menu and click OK.

Creating and Securing a New Web Interface Site


1. Access the Web Interface site on the NetScaler and begin adding a new site. Set the site path to/Citrix/Secure/ with a "DualMode" published resource type.

a. Expand the Web Interface node, click the Sites nodes, and click Add.

b. Click Next and type /Citrix/Secure in the Site Path field.

c. Select DualMode from the Published Resource Type menu.

2. Use Gateway Direct Mode and create a new LB virtual server. Create a new virtual server withthe IP address 192.168.1.195 and the name "ica_proxy_server".

a. Select Gateway Direct Mode, click New Virtual Server, and select New Virtual Server.

A new window opens.

b. Click Next, type 192.168.1.195 in the IP Address field, and typeica_proxy_server in the Virtual Server Name field.

c. Click Next.

3. Use the cca-server.keypair installed certificate and private keypair. Set the DNS server to192.168.1.100.

a. Select Use an installed certificate and private key pair from the Certificate Optionsmenu.

b. Select the cca-server.keypair from the Server Certificate menu and click Next.


c. Confirm that 192.168.1.100 in the Configured DNS Server field and click Next.

4. Use LDAP as the authentication type and specify IP address 192.168.1.100. Configure theconnection settings with the following information:

• Base DN: dc=cch,dc=local

• Administrator Bind DN: cn=Administrator,cn=users,dc=cch,dc=local

• Administrator Password: Password1

• Confirm Administrator: Password1

a. Select LDAP from the Select an authentication type menu and type 192.168.1.100 inthe IP Address field.

b. Complete the Connection Settings fields using the provided information.

5. Retrieve the attributes from the LDAP server. Specify the following other settings:

• Server Logon Name Attribute: sAMAccountName

• Group Attribute: memberOf

• Sub Attribute Name: cn

• SSO Name Attribute: sAMAccountName

• Security type: SSL

a. Click Retrieve Attributes and click OK.

b. Complete the Other Settings fields using the provided information and click Next.

6. Allow configure authorization and redirect non-secure requests to "https://ag.cch.local".Configure the clientless access to allow using the plugin and to allow access scenario fallbackand then finish and exit the wizard.

a. Select Allow for Configure Authorization, select Redirect to Secure Web address, andtype http://ag.cch.local.

b. Click Next, select Use the Access Gateway Plugin and allow access scenario fallback, andclick Next.

c. Click Finish and click Exit.

7. Access the Access Gateway VServer settings to name the settings "ICA Proxy Settings".Override the global Single Sign-on Domain and configure it as "cch".

a. Click Settings for the ica_proxy_server Access Gateway VServer.

b. Type ICA Proxy Settings in the Name field, select Override Global for the SingleSign-on Domain, and type cch in the Single Sign-on Domain field.

c. Click OK.

8. Do not add a DNS entry for the server. Specify http://xac-1.cch.local/scripts/ctxsta.dll as theSTA server URL and enable session reliability.

a. Deselect Add DNS Entry.

b. Type http://xac-1.cch.local/scripts/ctxsta.dll in the STA Server URLfield and select Session Reliability.

c. Click Next.


9. Add "xmlbrokers.cch.local" as the XML Service address with the farm name CCH. Finish andexit the wizard.

a. Click Add.

b. Type CCH in the Name field and type xmlbrokers.cch.local in the XML ServiceAddresses field.

c. Click Create and click Next.

d. Click Finish and click Exit to close the wizard.

Adding a DNS Entry for Access Gateway



2. Use the DNS console to add a new DNS entry for the hostname "ag" and IP address192.168.1.195.

a. Click Start > Administrative Tools > DNS.

b. Expand the DNS > Forward Lookup Zones > cch.local nodes, right-click cch.local, andclick New Host (A or AAAA).

c. Type ag in the Name field, type 192.168.1.195 in the IP address field, and click AddHost.

d. Click OK to confirm the new host and click Done.


Testing ICA Proxy




2. Access the https://ag.cch.local site. Log on using the CCH\CitrixAdmin user's credentials.

3. Launch Notepad and verify that it is secured using SSL/TLS 128-bit encryption. If a student is having trouble with a NetScalerconfiguration at any time try the following:a. Click Notepad to launch the hosted Notepad application.

• Close and reopen Internet Explorer and try again toIn a few moments, the Notepad application launches.verify the work.b. Right-click the Citrix Receiver icon in the Notification tray and click Online Sessions >

• Restart the EndUserSimulator virtual machine and tryConnection Center.again to verify the work.c. Click Properties.

• Restart the NetScaler virtual machine without savingd. View the encryption level and ensure that 128-bit SSL/TLS is listed.the configuration and ask the student to retry the

4. Close Connection Center and Notepad, log off of Web Interface, and close all open windows. exercise.This exercise was written so that students testtheir work to ensure it works before saving the5. Switch to the XenAppController-1 virtual machine.NetScaler's configuration.6. Save and refresh the current NetScaler configuration.

• Replace the ns.conf file located in the /nsconfiga. Click Save and click Yes to save the current configuration.directory on the NetScaler with the ns.conf.bak file

b. Click Refresh All and click Yes to refresh the configuration. within the same directory to reset the NetScaler to thestart of class configuration.

If this virtual machine is having trouble connecting to theentry just created or changed in DNS, perform a DNScache flush on the system by running the ipconfig/flushdns command in a command prompt window.


Exercise 8-3: Restricting External ApplicationAccess

Scenario

CCH has several employees that work remotely in their daily company roles. In the near future,management will be mandating that all remote employees must run McAfee Antivirus on theircomputers in order to work remotely. Knowing that this mandate will be implemented soon, yourmanager wants you to implement a policy on the Access Gateway that will do this. He then wantsyou to ensure that the policy will prevent all employees who are not running the antivirus softwarefrom gaining access. Since the corporate antivirus mandate is not yet in effect, he wants you todisable the policy, once tested.


Implementing a Pre-Authentication Policy



2. Use the NetScaler interface to access the ica_proxy_server Access Gateway virtual server andthe pre-authentication policies.

a. Expand the Access Gateway node and click the Virtual Servers node.

b. Double-click ica_proxy_server.

c. Click Policies and click Pre-authentication.

3. Insert a new policy called "McAfee Anti-Virus Check". Create a new request profile called"Deny Access" and specify the deny action.

a. Click Insert Policy and click New Policy.

b. Type McAfee Anti-Virus Check in the Name field and click New in the RequestProfile menu.

c. Type Deny Access, verify that Allow is selected, and click Create.

4. Specify the anti-virus pre-defined named expressions and add the McAfee Anti-Virusexpression to the policy and then create the policy. Complete the virtual server configuration.

a. Select Anti-Virus from the Named Expressions menu, click Mcafee Antivirus, and clickAdd Expression.

b. Click Create and click OK to exit the Access Gateway virtual server configuration window.


Testing the Pre-Authentication Policy



2. Access the Access Gateway site at https://ag.cch.local. Allow the endpoint analysis software toscan the system.

If a student is having trouble with a NetScalera. Start Internet Explorer, navigate to https://ag.cch.local, and click OK. configuration at any time try the following:

The Access Gateway Endpoint Analysis tool automatically launches. • Close and reopen Internet Explorer and try again toverify the work.b. Click Yes to run the scan.

• Restart the EndUserSimulator virtual machine and try3. Verify that access is denied to log on to the Access Gateway.again to verify the work.4. Switch to the XenAppController-1 virtual machine.

• Restart the NetScaler virtual machine without saving5. Use the NetScaler interface to access the ica_proxy_server Access Gateway virtual server andthe configuration and ask the student to retry thethe pre-authentication policies.exercise.This exercise was written so that students test

a. Expand the Access Gateway node and click the Virtual Servers node. their work to ensure it works before saving theNetScaler's configuration.b. Double-click ica_proxy_server.

• Replace the ns.conf file located in the /nsconfigc. Click Policies and click Pre-authentication.directory on the NetScaler with the ns.conf.bak file6. Unbind the policy and close the virtual server configuration window.within the same directory to reset the NetScaler to the

a. Click the Mcafee Anti-Virus Check policy and click Unbind Policy. start of class configuration.


b. Click OK to close the window.

7. Close all open windows, saving the NetScaler settings.

Exercise 8-4: Encrypting XML Traffic WithSSL Relay

Scenario

The Citrix Engineer is looking into several ways of encrypting XenApp-related traffic. Even thoughcommunications are internal, the XML traffic contains the logon information of employees. TheEngineer wants to look into the feasibility of implementing SSL Relay to encrypt this importantdata.

Because the XenApp farm is starting to get more use, he wants you to test the setup of SSL Relayusing one of the Web Interface servers so that regular farm use is not interrupted.


Creating an SSL Relay Certificate Template



2. Access the Certificate Authority console and manage the certificate templates.

a. Click Start > Administrative Tools > Certification Authority and expand the cch-DC-CA node.

b. Right-click Certificate Templates and click Manage.

3. Duplicate the Web Server template as a Windows Server 2003 Enterprise template. Rename thedisplay name and template name as "SSL Relay". Allow the private key to be exported.

a. Right-click theWeb Server template and click Duplicate Template.

b. Verify that Windows Server 2003 Enterprise is selected and click OK.

c. Type SSL Relay in the Template display name field.

d. Click the Request Handling tab and select Allow private key to be exported.

e. Click Apply and click OK.

f. Close the Certificate Templates console.

4. Issue the SSL Relay certificate template.

a. Right-click the Certificate Templates node and click New > Certificate Template toIssue.

b. Click SSL Relay and click OK.

5. Close the Certification Authority console.


Creating and Exporting an SSL Relay Certificate FromTemplate



2. Access the certificate server at http://dc.cch.local/certsrv and submit a new advanced certificaterequest.

a. Start Internet Explorer and navigate to http://dc.cch.local/certsrv.

b. Click Request a certificate and click Advanced Certificate Request.

c. Click Create and submit a request to this CA and click Yes at the Web AccessConfirmation warning screen.

3. Use the SSL Relay certificate template and enter the following identifying information:

• Name: xac-1.cch.local

• E-Mail: [email protected]

• Company: Coolidge Consolidated Holdings, Ltd.

• Department: IT


• State: California

• Country: US

a. Select SSL Relay from the Certificate Template menu.

b. Complete the Identifying Information fields using the information provided.

4. Add the friendly name "xac-1" and submit the request. Install the certificate and close all openwindows.

a. Type xac-1 in the Friendly Name field.

b. Click Submit and then click Yes.

After a few moments, the certificate is issued.

c. Click Install this certificate.

d. Close all open windows.

5. Use an MMC console and add the certificate snap-in for my user account.

a. Click Start, type mmc.exe in the search bar, and press Enter.

b. Click File > Add/Remove Snap-in.

c. Click Certificates and click Add.

d. Select My user account and click Finish.

e. Click OK.

6. Access the personal certificates and begin exporting the xac-1.cch.local certificate.

a. Expand the Certificates - Current User > Personal nodes and click Certificates.

b. Right-click xac-1.cch-local and click All Tasks > Export.


c. Click Next.

7. Specify to export the private key, use the default export file format, and use the password"Password1".

a. Select Yes, export the private key and click Next.

b. Click Next to accept the default Export File Format.

c. Type Password1 in the Password and Confirm Password fields and click Next.

8. Specify to export a file called "xac-1" and save it in the \\dc\filer\certs folder. Finishthe wizard using the default values.

a. Click Browse and navigate to \\dc\filer\certs.

b. Type xac-1 in the File name field and click Save

c. Click Next, click Finish, and click OK.

Configuring SSL Relay


1. Within the MMC console, add the Certificates snap-in for the computer account on the localcomputer.

a. Click File > Add/Remove Snap-in, click Certificates, and click Add.

b. Select Computer account and click Next.

c. Click Finish and click OK.

2. Begin importing a certificate in the local computer personal certificate store.

a. Expand the Certificates (Local Computer) node.

b. Right-click Personal and click All Tasks > Import.

c. Click Next.

3. Import the xac-1 certificate from \\dc\filer\Certs folder. Use "Password1" for thepassword and ensure that the key is marked as exportable. Finish the import wizard using thedefault settings.

a. Click Browse and navigate to \\dc\filer\Certs.

b. Select All Files (*.*), double-click the XAC-1 certificate file, and click Next.

c. Type Password1 in the Password field, select Mark this key as exportable, and clickNext.

d. Click Next and click Finish.

e. Click OK to confirm the import.

4. Close all open windows; do not save the MMC snap-in.

5. Use the Citrix SSL Relay Configuration Tool to enable SSL relay using the xac-1.cch.localcertificate.

a. Click Start > Administration Tools > Citrix > Administration Tools > Citrix SSL RelayConfiguration Tool.


b. Click OK and select Enable SSL relay.

c. Click xac-1.cch.local in the Server Certificate menu.

6. View the connection settings and delete the IP address server name. Ensure that only a singleserver name, xac-1.cch.local, is listed to use ports 1494 and 80.

a. Click the Connection tab.

b. Click the IP address from the Server Name column and click Delete.

c. Click OK and then click OK to verify the changes.

7. Close the Citrix SSL Relay Configuration Tool and restart the XenAppController-1 virtualmachine.

Updating Web Interface to Use SSL Relay



2. Use the Services console to start the World Wide Web Publishing Service.


b. Right-click World Wide Web Publishing Service and click Start.

3. Use the Citrix Web Interface Management console to edit the farm settings of the "XenApp"XenApp Web site.

a. Click Start > All Programs > Citrix > Management Consoles > Citrix Web InterfaceManagement.

b. Click the XenApp Web Sites node, click XenApp, and click Server Farms.

4. Replace the xmlbrokers.cch.local server with the server xac-1.cch.local.

a. Click the CCH server and click Edit.

b. Click xmlbrokers.cch.local and click Remove.

c. Click Add, type xac-1.cch.local in the Server name field, and click OK.

5. Set the transport type for SSL Relay and complete the configuration.

a. Select SSL Relay from the Transport type menu.

b. Click OK to close the Add Farm screen and click OK to close the Manage Server Farmsdialog box.


Verifying the SSL Relay Settings


1. Switch to the XenAppController-1 virtual machine and log on as the CCH\CitrixAdmin user.


2. Use the netstat utility at a command prompt to verify that the XTE.exe process is listening on0.0.0.0:443.

a. Start the command prompt, type netstat -nab, and press Enter.

b. Verify that local address 0.0.0.0:443 has a LISTENING state and is in use by the XTE.exeprocess.


4. Access and log on to the http://wis-1.cch.local using the CCH\CitrixAdmin credentials.

Because you were able to log on successfully and view the user's Application list, then SSLRelay has been configured correctly.



Module 9

Monitoring XenApp withStandard Utilities


Exercise 9-1: Using Desktop Director to ViewSession Data

Scenario

Eventually the Help Desk team will be taking over day-to-day tier-1 support for the XenApp farm.They will be using the Desktop Director tool in order to monitor session and farm data and

Remind students to read the scenarios before eachperform basic troubleshooting. In advance of this hand off to Help Desk, you want to familiarize

exercise. The scenarios provide a lot of additionalyourself with the Desktop Director tool.


© Copyright 2011 Citrix Systems, Inc. Module 9: Monitoring XenApp with Standard Utilities 135


Installing Desktop Director

Use the WebInterfaceServer-1 virtual machines logged in as the CCH\CitrixAdmin user for thistask.


2. Access the XenApp 6.5 additional components disk and launch the DesktopDirector installer.

a. Navigate to D:\Desktop Director.

b. Double-click InstallDesktopDirector.

3. Accept the license agreement, install the software, and install the application using the defaultvalues.

a. Click I accept the terms and conditions and click Next.

b. Ensure that Desktop Director is selected and that the address of the XenDesktopController field is blank.

c. Click Next and click Yes.

d. Click Install.

e. Click Close when the installation is completed.

4. Use the Internet Information Services (IIS) Manager to access the Desktop Director site.

a. Click Start > Administrative Tools > Internet Information Services (IIS) Manager.

b. Expand the WIS-1 (CCH\citrixadmin) > Sites > Default Web Site nodes.

c. Click Desktop Director.

5. Add a new settings to the Applications settings called Service.AutoDiscoveryAddressesXA withthe value xac-1.cch.local. Close the Internet Information Services (IIS) Manager.

a. Double-click Application Settings.

b. Click Add.

c. Type Service.AutoDiscoveryAddressesXA in the Name field.

d. Type xac-1.cch.local in the Value field and click OK.

e. Close the Internet Information Services (IIS) Manager


7. Use the winrm command to enable it using a quick configuration of Windows RemoteManagement service.


b. Type winrm quickconfig and press Enter.

c. Type y to perform the action when prompted and press Enter.

d. Close Command Prompt.

8. Repeat the previous step using the XenAppController-2 and XenAppWorker virtual machines.


10. Use Internet Explorer to navigate to http://wis-1.cch.local/DesktopDirector and log on as theCCH\CitrixAdmin user.


b. Navigate to http://wis-1.cch.local/DesktopDirector.

It will take a few moments for the Desktop Director log on page to appear.

c. Log on using the CCH\CitrixAdmin credentials.

Viewing Session Data

Use the EndUserSimulator virtual machine logged in as the CCH\TestUser user for this task.

1. Switch to the EndUserSimulator virtual machine, log off of the current user and log on as theCCH\TestUser user.

2. Log on to Citrix Receiver as the CCH\TestUser and launch Notepad.

a. Log on using the CCH\TestUser credentials.

b. Click Start > All Programs > Notepad to launch the Notepad application.


4. Use Desktop Director to view the sessions for the TestUser user. View all of the differentsession details available.

a. Type TestUser in the Search for users field in Desktop Director and press Enter.

b. View the different session details available including latency, profile path, Receiver typeand version, profile load time, and group policies applied.

5. View the server details and the CPU/Memory/Network activity.

6. Rearrange the page layout to minimize the HDX information and put the Activity field intoHDX Session information may not be visible due tothe right column.limitations of the environment.

136 Module 9: Monitoring XenApp with Standard Utilities © Copyright 2011 Citrix Systems, Inc.

a. Click on the header of the HDX section to minimize that field.

b. Drag the Activity section to the right column.

7. Send a message to the TestUser's session indicating that the user will be logged off soon.

a. Click Send Message.

b. Type You will be disconnected soon! and click Send.

8. Switch to the EndUserSimulator virtual machine, acknowledge the message, and switch back tothe XenAppController-1 virtual machine.

9. Disconnect the TestUser session and verify that the session now indicates disconnected.

a. Click Session Control and click Disconnect.

b. Verify that the CCH\TestUser session now indicates that it is disconnected.

10. Log off of Desktop Director and close all open windows.


Exercise 9-2: Monitoring XenApp usingPerformance Monitor

Scenario

The Citrix Engineer wants you to start performing some basic monitoring of the XenApp farm tocollect some preliminary data on memory and bandwidth on the performance hit of a single userperforming an average workload on a server.

To obtain this preliminary data, you decide to use Microsoft Performance Monitor to estimate thesingle-user impact numbers.


Restricting Sessions to Use XenAppController-1


1. Use the Citrix AppCenter console to access the list of XenApp servers within the farm.


b. Expand the Citrix Resources > XenApp > CCH > Servers node.

2. Access the Login Controls for the XAC-2 server and set it so that all logons and reconnectionsare prohibited.

a. Right-click the XAC-2 server from the Servers node and click Other Tasks > Logoncontrol > Prohibit logons and reconnections.


3. Repeat the previous step for XAW-1.

4. Switch to the EndUserSimulator virtual machine, log off of the current user and log back on asthe CCH\CitrixAdmin user. Close the logon prompt without logging on, if prompted.

5. Use Citrix Receiver to change the Online plug-in server to http://webinterface.cch.local.

a. Right-click the Citrix Receiver icon in the notification area and click Preferences.

b. Click Plug-in status, right-click Online Plug-in, and click Change Server.

c. Type http://webinterface.cch.local and click Update.

6. Log on to Citrix Receiver using the CCH\CitrixAdmin credentials, and launch Notepad fromthe Start menu. Type "Hello World!" in the Notepad document.

a. Log on to Citrix Receiver using the CCH\CitrixAdmin credentials.

b. Click Start > All Programs > Notepad.

c. Type Hello World! in the new notepad document.



8. Use the Citrix AppCenter console to view the connected users and verify that the CitrixAdminuser is using Notepad on the XAC-1 server.

a. Click the Servers node in the Citrix AppCenter console.

b. Click the Users tab in the XAC-1 pane.

c. Verify that the Notepad application is running for the CitrixAdmin user.

Using Performance Monitor


1. Open the Performance Monitor console. Navigate to the Performance Monitor monitoringtool.

a. Click Start > Administrative Tools > Performance Monitor.

b. Navigate to the Monitoring Tools > Performance Monitor node in the left pane.

2. Delete the default % Processor Time counter and navigate to the Add counter screen.

a. Click the Properties icon from the toolbar in the right pane.

b. Click \Processor Information(_Total)\%Processor Time from the Data tab and clickRemove.

c. Click Add.

3. Navigate to the ICA Session counters and add the "Input Session Bandwidth," "Latency -Session Average," and "Output Session Bandwidth" counters.

a. Expand the ICA Session node.

b. Click Input Session Bandwidth and click Add.

c. Click Latency - Session Average and click Add.

d. Click Output Session Bandwidth and click Add.

4. Navigate to the Memory counters and add the "Available MBytes" and "Page Faults/sec"counters. Close the Add Counter screen.

a. Expand the Memory node.

b. Click Available MBytes and click Add.

c. Click Page Faults/sec and click Add.

d. Click OK to close the Add Counters dialog box.

e. Click Apply and then click OK to close the Performance Monitors Properties dialog box.

5. View the real-time graph of the performance. Navigate to the Page faults/sec counter and viewthe real-time updated numbers. Change the graph to Report view.

a. Click the Page faults/sec counter. View the real-time data specific to the selected counter.

b. Click the Change graph type icon arrow and click Report.


Many counters will not appear on the graph because their values are too high or too lowto be visible.





7. Open Notepad to transfer and view the Performance Monitor as the session is transferred fromthe EndUserSimulator virtual machine. Adjust the windows so that Notepad is on top butPerformance Monitor can been seen in the background. Then manipulate Notepad and viewhow the values change.

a. Click Notepad to open the application.

b. Bring Performance Monitor into focus and view how the numbers change as the session istransferred.

Notice that the Notepad window says "Hello World!", which indicates that this is the samesession as previously used.

c. Adjust the windows so that Notepad is in the foreground and Performance Monitor in thebackground.

d. Manipulate Notepad and watch how the numbers change on the Performance Monitorscreen.

8. Switch back to the Graph view and verify that there is activity in the ICA Session counters.

a. Click the Change graph type menu and click Line.

b. Verify that the ICA Session values reflect the recent activity.

9. Close Internet Explorer and Performance Monitor.

After viewing the bandwidth, latency, and memory counters on the server, you report to the CitrixEngineer that ICA bandwidth does not seem to be a problem. However, due to the large amountsof page faults and the low memory available on the servers you recommend that each XenAppserver be given additional memory before putting the farm into production.


Exercise 9-3: Monitoring XenApp UsingCommand-Line Utilities

Scenario

The Citrix Engineer is very pleased with the recommendations you have given him. He wants somemore information about what kind of a load a single standard user would generate on the servers intheir current configuration.

To get this recommendation, you decide to use command utilities such as qfarm.


Using the QFarm Command


1. Use the command line to view the qfarm program's help information.


b. Type qfarm /help and press Enter. View the qfarm help options.

2. Use the qfarm command that ouputs all of the servers in the farm. Verify that all three of theXenApp servers are visible and present.

a. Type qfarm /servers and press Enter.

b. Verify that XAC-1, XAC-2, and XAW-1 appear below Server Name.

3. Use the qfarm command that outputs all of the application server loads for each server.

a. Type qfarm /app and press Enter.

b. View the server load for each application and identify the corresponding host. Anapplication may appear more than once if it corresponds to a different server.

4. Use the qfarm command to view the load off each server in the farm. Notice that the serverload is only on the XAC-1 server and that XAC-2 and XAW-1 have prohibited logons.

a. Type qfarm /load and press Enter.

b. Verify that ProhibitLogons appears as the Logon Mode for the XAC-2 and XAW-1 servers.

5. Use Citrix AppCenter to disconnect the CitrixAdmin user's Notepad connection and view ifthere are any results in the load of XAC-1 by using the qfarm command.

a. Click the Servers > XAC-1 node in the Citrix AppCenter console.

b. Click the Users tab, right-click the CitrixAdmin user running the Notepad application,and click Disconnect.

c. Click Yes to confirm.

d. Type qfarm /load in the command line and press Enter.


e. Verify that the server load for XAC-1 did not change.

6. Use the Citrix AppCenter to completely reset the CitrixAdmin Notepad connection and view ifthere are any results in the load of XAC-1 by using the qfarm command.

a. Right-click the CitrixAdmin user running the Notepad application in Citrix AppCenterand click Reset.


c. Type qfarm /load in the command line and press Enter.

d. Verify that the server load for XAC-1 has been lowered significantly.

It may take a few moments for any results to register.

7. Switch to the EndUserSimulator virtual machine. Log out of the CitrixAdmin user and log backon as the CCH\TestUser user.

8. Log on to Citrix Receiver using the CCH\TestUser credentials and open the XenApp ServerDesktop.

a. Log on using the CCH\TestUser credentials when the Citrix Receiver logon promptappears.

b. Click Start > All Programs > XenApp Server Desktop.

9. Within the XenApp Server Desktop open Paint, Wordpad, and Calculator.

a. Click Start > All Programs > Accessories > Paint within the XenApp Server Desktop.

b. Click Start > All Programs > Accessories > Wordpad within the XenApp Server Desktop.

c. Click Start > All Programs > Accessories > Calculator within the XenApp ServerDesktop.


11. Use the qfarm command to view changes to the XAC-1 server load.

a. Type qfarm /load in the command line for the XenAppController-1 virtual machineand press Enter.

b. Verify that the server load for XAC-1 has increased.

12. Switch to the EndUserSimulator virtual machine and open the hosted Notepad applicationfrom the Start menu.

13. Switch to the XenAppController-1 virtual machine and use the qfarm command to viewchanges to the XAC-1 server load.


b. Verify that the server load for XAC-1 has increased.


15. Close all applications in the XenApp Server Desktop and then log off of the Desktop. Close allopen windows and log off the virtual machine.


16. Switch to the XenAppController-1 virtual machine and use the qfarm command to viewchanges to the XAC-1 server load.


b. Verify that the server load for XAC-1 has decreased.

Restoring Logons to All XenApp Servers


1. Use Citrix AppCenter and set XAC-2 to allow logons and connections.

a. Right-click XAC-2 from the left pane of Citrix AppCenter and click Other Tasks > Logoncontrol > Allow logons and reconnections.


2. Repeat the previous step for XAW-1.

3. Use the qfarm command to verify that all servers now allow logons and then close thecommand prompt.

a. Type qfarm /load at the command prompt and press Enter.

b. Verify that AllowLogons appears as the Logon Mode for all servers.

4. Close all open windows except Citrix AppCenter.



Module 10

Monitoring XenApp withEdgeSight


Exercise 10-1: Viewing EdgeSight HistoricalData

Scenario

The new XenApp 6.5 environment has yet to go into production, but your team has allowed a fewselect teams all over the company to begin testing the server with non-critical workloads. As such,

Remind students to read the scenarios before eachyou now have some historical usage data from this time period that the Citrix Engineer wants to

exercise. The scenarios provide a lot of additionaluse to help predict how users will be using XenApp resources.


© Copyright 2011 Citrix Systems, Inc. Module 10: Monitoring XenApp with EdgeSight 147

The EdgeSight monitoring tool was installed earlier this week by another member of your team.The Citrix Engineer wants you to view the historical data of the farm for the last seven days andreport back with an analysis of overall usage and also with specific usage for all XenApp programs.


Viewing Overall and Specific Category Usage Data


1. Use Internet Explorer on the XenAppController-1 virtual machine to navigate tohttp://dc/edgesight. Log on to the site using the [email protected]/Password1 credentials.

2. Create and run a new process summary for dates spanning the last 7 days for all processes.

a. Click the Plan and Manage tab and click Process Summary.

b. Set the date to seven days prior to the current date for the Start field.

c. Set the date to the current date for the End field.

d. Verify that [All Processes] is selected in the Category menu.

e. Click Go.

3. View the displayed graph data and identify key data points.

4. Create and run a new process summary for dates spanning the last seven days on only XenAppPrograms.

a. Select XenApp Programs from the Category menu.

b. Click Go.

5. View the displayed graph data and identify key data points.

Exercise 10-2: Viewing EdgeSight Real-TimeData

Scenario

Since the farm has been opened for testing, you want to check how well it is doing with theincrease in traffic. You need to check the real-time data pertaining to logon times and see if thereare any farm alerts.

In addition, you want to set an EdgeSight alert and subscribe to some EdgeSight reports.


Measuring Session Logon Times


1. Use the User Troubleshooter to find the sessions for the CCH\TestUser user.

a. Click the Troubleshoot tab and click User Troubleshooter.

b. Type CCH\TestUser in the Enter a User field.

c. Click Find Sessions.

2. Set the credentials for the farm to use the CCH\CitrixAdmin user name and password.

a. Click the ... icon located in the Credentials column for the CCH farm.

b. Enter the credentials for the CCH\CitrixAdmin account.

c. Click OK and click Next.

3. Use the top result to view the session start details. Verify that the session startup duration isonly a few thousand milliseconds in duration.

a. Click the top result and click the Session Start Detail tab.

b. Verify that the session startup duration is only a few thousand milliseconds in duration.

4. Repeat the previous step using the next session results, if listed.

5. View some of the other information offered in other tabs throughout the User Troubleshooterinterface.

Monitoring With a Real-Time Dashboard


1. Access the Real-Time Dashboards and create a new Real-Time Configuration. Specify the name"XenApp Basics" and create the configuration.

148 Module 10: Monitoring XenApp with EdgeSight © Copyright 2011 Citrix Systems, Inc.

a. Click the Configure tab and click Real-Time Dashboard from the CompanyConfiguration menu.

b. Click New Real Time Configuration.

c. Type XenApp Basics in the Configuration name field, accept all other default values,and click Create the Configuration.

2. Access the existing devices from all departments and add XAC-1 and XAC-2 to theconfiguration.

a. Click Go to search for all existing devices.

b. Double-click each of the devices listed in the Existing Devices list.

c. Click Next.

3. Add the following counters with their default thresholds and then finalize the configuration:

• % Total Processor Time

• % Committed Bytes in Use

• Page Faults per Second

• Average ICA Round Trip Time

• Peak ICA Round Trip Time

a. Select the % Total Processor Time, % Committed Bytes in Use, Page Faults per Second,Average ICA Round Trip Time, and Peak ICA Round Trip Time counters.

b. Click Next and view the final configuration.

c. Click Finish.

4. View the Dashboard. Start the dashboard update and view the results.

a. Click the Monitor tab and click Dashboard from the Monitor menu.

b. Click Start Updating in the Dashboard pane.

It appears as though the "% Committed Bytes" counter is red, indicating that thecommitted memory is over the set threshold of 40%.

Creating an EdgeSight E-mail Alert


1. Navigate to the alert action screen and create a new alert action that sends an e-mailnotification.

a. Click the Configure tab and click Alerts > Actions in the Company Configuration menu.

b. Click New Alert Action.

c. Select Send an email notification and click Next.

2. Specify "Email CitrixAdmin" as the action name. Specify to send the e-mail [email protected] with the subject "Major XenApp Issue."

© Copyright 2011 Citrix Systems, Inc. Module 10: Monitoring XenApp with EdgeSight 149

a. Type Email CitrixAdmin in the Name field.

b. Select [email protected] from the Existing Addresses menu.

c. Type Major XenApp Issue in the Subject field.

d. Click Next.

3. Verify the current settings and add the action to the CCH department. Assign the action to thealert that indicates that the IMA service is unresponsive.

a. Verify the Alert Action Settings and click Next.

b. Click CCH and click Next.

c. Select Assign Actions to Alerts and click Next.

d. Select IMA Service is Unresponsive and click Next.

4. Use the Email CitrixAdmin alert action for this rule and finish the wizard.

a. Select Email CitrixAdmin and click Next.

b. Click Finish.

5. View the alert actions to verify that the action was created successfully.

a. Click Alerts > Actions in the Company Configuration menu.

b. Verify Email CitrixAdmin appears in the Alert Action list.


150 Module 10: Monitoring XenApp with EdgeSight © Copyright 2011 Citrix Systems, Inc.


851 West Cypress Creek Road Fort Lauderdale, FL 33309 USA (954) 267 3000 www.citrix.com

Rheinweg 9 8200 Schaffhausen Switzerland +41 (0) 52 63577 00 www.citrix.com

© Copyright 2011 Citrix Systems, Inc. All rights reserved.