Change Farm Utility ( CHFARM) Has Stopped Working

Well, this issue was occurred to me last weekend, when I was busying myself changing my Citrix XenApp servers from farm A to farm B, using GUI. Why? because I have nothing to do (on weekend? seriously??). Please put my forever alone life aside, shall we? Well, this issue occurred to my XenApp 5 for Server 2008 farm. Hmm, Server 2008 is the keyword there... :)

Issues :

• Citrix Admins received below screen after putting the credential for ODBC Driver Access.
  
• Citrix Admins can't move forward, as the GIU will froze just after putting the credential.
  

Troubleshooting 

1. Go to Start > Run, and type SecPol.msc
   
   
    
2. You will be prompted with all UAC permission, so just proceed accordingly

   

   Click at I want to complete this task

   
   

   

   Press Ctrl + Alt + End

   

   Press Continue

   
   
   
3. After that, you will see this console. Our focus is on Security Settings > Local Policies > Security Options
   
   
   
4. On the right column, find this configuration, and check the setting configured
   

Resolution :

• Right click at the configuration item, and choose Properties
  
  
• From this box, change the option from Enabled to Disabled
  
  

Read More

What Happen If My XenApp Farm Cant Connect to the Citrix License Server?

Okay this is interesting. In my previous post, I said some candidates did not manage to get the answer correct. But for this question, they got all correct! they even mentioned how many hours rather than how many days. ( how they maange to calculate that fast? Did they have calculator in hand? ahh! smartphones!)

Again, back to the real business. if it happens that the Citrix farm lost connectivity with Citrix license, users still be able to launch the Citrix published application. However, there is 30 days / 720 hours grace period. After this grace period, users won't be able to launch any Citrix published applications.

Question... If my Citrix XenApp servers lost connections to DataStore, I can't reboot my Citrix XenApp servers. But what if the servers lost connections to Citrix License server? The answer is, no problem! it will not give any impact on the grace period or Citrix functionality within grace period. The information stored  in mps-wsxica_mps-wsxica.ini, thus rebooting Citrix servers won't delete the file.



Reference : 

• http://www.brianmadden.com/forums/t/12780.aspx
• http://www.brianmadden.com/blogs/brianmadden/archive/2007/06/04/how-does-a-citrix-presentation-server-know-what-licenses-you-have-when-it-loses-connectivity-to-the-license-server.aspx

Read More

What Happen If My XenApp Farm Cant Connect to the Data Store?

This is one of my favorite interview question, I just don't know why. it seems simple, but some candidates failed to give a proper answer (poor them). I wish all of them better luck next time.

Okay, now back to the real business. From Citrix Administrators Point-of-View, losing a DB may cost chaos, depending on how severe the issue is. However, from user perspective, nothing is different. Users wont really impacted of this. They still be able to launch Citrix published applications and works as normal. Thanks to Local Host Cache (LHC), it eases the burden of Citrix Admins (oh really?)

However, although all Citrix XenApp servers have LHC, there are some conditions that Citrix Admins need to remember :

• There is no grace period for this (MPS 3.0 and above). Users still be able to connect to the Citrix farm (lucky!)
• Only static information  available to users. No new info can be added and current info cannot be changed (not really...)

In any circumstances, DO NOT :

• Restart / reboot the Citrix XenApp servers. it will cause the server to contact DB server. This will result IMA service won't started.
• Restart IMA service (same reason as above).
• Re-create LHC (in order to re-create LHC, we need to stop IMA service).

Reference :

• http://citware.blogspot.com/2012/05/if-you-loose-connectivity-to-data-store.html
• http://citrixsolutions.blogspot.com/2009/04/all-about-local-host-cache.html
• http://support.citrix.com/article/CTX105763

Read More

Error on Citrix Web Interface - Credential Error

This time, I want to discuss on an error occurred when users want to access Citrix Web Interface. This may happen for new farms or when new XML servers added to the farm. 



Issues :

• Users received below error when accessing Citrix Web Interface :
  

Troubleshooting 

1. From Citrix Web Interface server, go to application log, and search for Event ID 31003 and Event ID 30110.
2. Those Event IDs indicates that XML service transition failed.

   
   

   Event ID 31003 in Application Log

   
   

   

   Event ID 30110 in Application Log

   
   
3. Check which server(s) is/are configured as XML Service servers for the farm, and RDP to the server(s). 

Resolution :

1. go to Start > run, type regedit and press Enter.
   
   
   
   
   
2.  browse to HKLM\Software\Citrix\IMA
   
   
3. Add a new registry value (ensure it is DWORDS (32-bit) Value)
   
   
4. Set the name as UseNetworkLogon
   
   
   
   
   
   
   
5. Right-click at the newly created key, and click Modify...
   
   
   
6. Change the value data to 1. Ensure the base is Hexadecimal.
   
   
   
7. This is the final outcomes :
   
   
   
8. Go to Services, and restart Citrix Independent Management Architecture service.
   

Read More

AD Group Scope

Some people are having difficulties to differentiate between Universal, Global and Domain Local groups (including me, sometimes).  The table below illustrates the differences between those group scopes.

Some lesson learnt :-

• Global groups can be added to Domain Local groups (from the same domain or crossed-domain), but not vice versa
• For Global groups, you only can add accounts from its domain and its parent Global groups
• In order to add accounts from any domain, you need to have Local Domain groups, Global groups won’t allow you to do so.
• Converting a group to Domain Local, add those crossed-domain users, and convert it back to Global group won’t do the trick.
• Domain Local groups cannot be added to Domain Local groups from any domain except for its domain and the parent.

Group scope	Group can include as members…	Group can be assigned permissions in…	Group scope can be converted to…
Universal	·      Accounts from any domain within the forest in which this Universal Group resides ·      Global groups from any domain within the forest in which this Universal Group resides ·      Universal groups from any domain within the forest in which this Universal Group resides	Any domain or forest	·      Domain local ·      Global (as long as no other universal groups exist as members)
Global	·      Accounts from the same domain as the parent global group ·      Global groups from the same domain as the parent global group	Member permissions can be assigned in any domain	Universal (as long as it is not a member of any other global groups)
Domain local	·      Accounts from any domain ·      Global groups from any domain ·      Universal groups from any domain ·      Domain local groups but only from the same domain as the parent domain local group	Member permissions can be assigned only within the same domain as the parent domain local group	Universal (as long as no other domain local groups exist as members)

Note

The information in this table implies that the domain functional level is set to either Windows 2000 native or Windows Server 2003. When the domain functional level is set to Windows 2000 mixed or Windows Server 2003 interim, security groups with universal scope cannot be created, although distribution groups with universal scope are still permitted.

source : http://technet.microsoft.com/en-us/library/cc755692(v=ws.10).aspx

Read More

XTE Service Cannot be Started

Citrix XTE Server service is one of the essential service in Citrix XenApp. it is directly relates to Session Reliability. What is Session Reliability? Please read from here and here. Is Session Reliability Goood? Hmm, read this article and go figure it out. (such a lazy bum of me, huh?)

It might occurred in your environment that XTE Server service can't be started at one server, while the rest are fine. Session Reliability option is enabled from Citrix Console.  So, what's next?  

Issues :

You may received below error when you want to start XTE Server service.

 

Troubleshooting 

browse to %programfiles%\Citrix\XTE\Conf, check whether file httpd.conf is existed / is there any content inside the file.

Resolution :

1. Copy the file from server that is working fine. 
   
   

Read More

No Printers Listed in Citrix XenApp Session - ICA-tcp Listener Configuration Error

Users reports that they are not able to perform printing. Services are up and running, but issue still persist, although after you restarted those Printer Spooler and Citrix Print Management services. 

In addition, required Service IDs are properly configured. Users reboot their workstations, but to no avail. So, what is next?


Issues :

• Users may received one or more errors regards to printing. Below are some of the error examples :
  
  

 - or - 

• Meanwhile from server perspective, no printers listed in Printer and Faxes

• Upon checking the services, both Printer Spooler and Citrix Print Management services are started. Issue remains although those services restarted. Required Service ID (ctx_cpsvcuser) is in place.

Troubleshooting 

1. Press Start, hover to Administrative Tools, click at Terminal Service Configuration. Or, press Start, choose run type tscc.msc, and press enter.
   
2. Right click at ICA-tcp listener, and choose Properties
   
3. Inside ICA-tcp Properties, focus on Permission tab. Ensure Service ID ctx_cpsvcuser is listed, with proper permission. If it is not, follow below steps.
   

Resolution :

1. Click at the Advanced button.
   
   
   
2. Click Add... to add new user
   

   
3. Add this user (ctx_cpsvcuser), press Check Names and OK
   \
4. For the Permission Entry, Clear the Logon permission and Add Query Information and Virtual Channels with Allow permission.
5. Ensure you will see the user (ctx_cpsvcuser) added, press Apply and OK.
   
   
6. You will see the ID added to ICA-tcp properties, as below.
   

   

Read More