Redirect Logged off page on Web Interface

You have a situation where you would like not to see the message You have been logged off. Se you again soon. And instead of pressing the Return to Log On you would like the page to redirec to the logon page.

LoggedOfPage

Copy the existing file c:\inetpub\wwwroot\Citrix\XenApp\auth\loggedout.aspx in order to have a backup of the original file.

Open file loggedout.aspx in Notepad.

Find the entry // A new Session will have been created for this page request as it has already been and insert the text Response.Redirect(“login.aspx?CTX_FromLoggedoutPage=1”); just before the %> as shown here:

LoggedOutASPX

You might want to reset IIS to make sure the takes full effect.

Advertisements

Installing and Configuring Citrix XenApp 6.5 Step by Step

This is an installation guide for installing Citrix XenApp 6.5 application on Windows server.

Before installing XenApp we have the following requirements;

  • Win 2008R2 server with latest windows updates.
  • Citrix license server
  • Database – Database created and user account setup.
  • Review Citrix System Requirements. Click Here.

1. Insert Citrix CD or Mount ISO. Click install XenApp Server

XenAppMainMenu

2. If you did not install .Net 3.5 SP1 prerequisites you will be prompted to install, click OK.

Net35Install

3.  After .Net 3.5 installs. The Citrix XenApp Server Role Manager screen opens. Click “Add Server Roles.”

RoleManager

4. Based on you purchase/licensing select the XenApp Edition you want to install.

XenAppEdition

5. Accept License Agreement. Click Next

XenAppAgreement

6. Select “XenApp” role. Click Next

XenAppSelectRole

7. Select any additional sub-components if needed. Click Next

XenAppSelectSubComponents

8. Review prerequisites and Click Next.

XenAppReviewPreReq

9. Review the items that will be installed. Click Install

XenAppReviewToBeInstalled

10. Review installation messages and click Finish.

XenAppRestart

11. You will now return to the Role Manager Screen. Click the “Reboot” link to reboot the server.

XenAppReboot

12. When server reboots make sure to log back in to the server with the same user account the you used to install XenApp. A pop-up window will appear and prompt to resume install.  Click  “Resume Install” link.

XenAppResumeInstall

13. The application is now ready to be installed. Click “Install”

XenAppInstall2

14. XenApp installed successfully. Renew Notes and Click Finish.

XenAppSuccessfulInstall

15. Next we need to specify the license server. Click “Specify Licensing” link

XenAppSpecifyLicLink

16. Enter the Citrix License Server Information. Click Next

XenAppSpecifyLicServer

17. Select Licensing Model that you will use with this setup. Click Apply.

XenAppSpecifyLicType

18. You will get a confirmation page the Licenses are now configured.

XenAppLicenseConfigured

Creating a XenApp Citrix Farm

1. Now we are ready to create/configure our Citrix Farm. Click on the “Configure” link

XenAppConfigureLink

2. Click  on the “Create a new server farm” selection to start new farm configuration.

XenAppStartNewServerFarm

3. Enter New XenApp Server farm name and the First Citrix Admin Account. Make sure to use unique farm name for each farm. Click Next

XenAppFarmBasicInfo

4. Now it’s time to select database option. You have the ability to select new database. This will install SQL server Express locally and host the database. In our example we have a pre-configured database that we will use. Click Next

XenAppDatabaseOption

5. Specify the database server and database name. You will also need to select which authentication method you will be using (Integrated or SQL Server). Click Next after you’ve entered all the information. Click Next.

XenAppDatabaseInfo

6.  You will be prompted to enter Database credentials. Enter Username and Password and click OK.

XenAppDatabaseCredentials

7. Click Test Connection to test your database connection. Once you have successful connection, click Next.

8. Configure Shadowing options. By default shadowing i allows without restrictions. If your business needs require restrictions please select the desired options. Click Next

XenAppShadowConfig

9. The next window consists of four configuration options. The first tab called Data Collection is always grayed out for the first server.  XML Service tab you can change the XML port if you want to change the default port. On the third tab Receiver you can configure Receiver URL. Usually this is left empty  On the last tab you define which users will be added to Remote Desktop Users group and which are able to access the server later on. Click Next.

XenAppAdvanceSettings

10. Review you farm configuration to make sure it’s accurate. Click Apply to setup the Farm.

XenAppFarmReview

11. You can monitor the configuration process. Once complete click Finish.

XenAppFinishInstallation

12. You will be take back to Server Role Manager screen. Click the reboot link to reboot the server in order to complete farm configuration.

XenAppFarmReboot

 

SCCM 2012 SP1 Error connecting console after upgrade to SP1

I decided to upgrade SCCM 2012 to SP1. The upgrade went thru with no issues.

However when i tried opening SCCM 2012 Management console Iwould get an error connecting to SCCM site.

I looked in the event viewer and saw the following error:

{
Description = “Please upgrade your Admin Console to newer version”;
Operation = “ExecMethod”;
ParameterInfo = “SMS_Identification”;
ProviderName = “WinMgmt”;
StatusCode = 2147749889;
};

Which led me to the conclusion that there must be a seperate intall for the management console. Opened the install splash screen and saw the option to “Install Configuration Manager Console”.

SCCM2012ConfigConsole

Click that option and install the new console.

All is good and working now.

Updating vDisk on Citrix Provisioning server.

Updating vDisk in Citrix Provisioning (PVS) server (Load Balanced PVS configuration)

Why

  • Microsoft Patches
  • AV DAT
  • Software Updates/Installations

Process

  • vDisk Modes
    • Private
    • Standard (Only copy if in Standard-if there are connections)
  • Copy vDisk (.pvp,.vhd)
  • Right Click vDisk – >Add or Import Existing Disks
    • Click Search
    • Click Add
  • Deselect “Enable Load Balancing”
  • Put disk in private
  • Set load balancing to one PVS server.

8.2a-LoadBalancing

  • Assign new vDisk to a VM that we will use to update disk with
  • Boot machine
  • Perform changes
  • Get the server ready for provisioning
    • Run XenApp Server Role Manager
    • Click Edit Configurations
  • 8.2a-EditConfig
  • 8.2a-PrepareServ
  • You can uncheck “remove server from farm”
  • 8.2a-UncheckFarm
  • Finish and SHUT DOWN ONLY.
  • Go back to PVS
  • Change disk to Standard and Cache on Device Hard Drive

 8.2a-VDiskProp

  • Enable Load Balancing on Vdisk
  • Drag the new vDisk to Device Collection
  • Click yes on replace screen
  • Reboot the XenApp Farm server to get the new image
  • Copy the update vDisk and .pvp file to the other PVS server.

Configuring Host Headers to use SSL in IIS 7 or 7.5

Ever try to apply a Wildcard certificate in IIS to multiple sites and use Host Headers?

IIS allow you to use one SSL certificate for multiple IIS websites on the same IP address via Host Header values. Through the IIS Manager interface, IIS only allows you to bind one site on each IP address to port 443 using an SSL certificate. If you try to bind a second site on the IP address to the same certificate, IIS 7 will give you an error when starting the site up stating that there is a port conflict. In order to assign a certificate to be used by multiple IIS sites on the same IP address, you will need to set up SSL Host Headers by following the instructions below.

Setting up SSL Host Headers on IIS 7

  1. Obtain an SSL certificate and install it into IIS 7
  2. Once you have the Certificate installed open a Command Prompt with elevated permissions
  3. Change directory to C:\Windows\System32\Inetsrv\ (“cd C:\Windows\System32\Inetsrv\” )
  4. Run the following command for each site that you need SSL host headers configured for.
    • appcmd set site /site.name:”<IISSiteName>” /+bindings.[protocol=’https’,bindingInformation=’*:443:<hostHeaderValue>‘]
    • Replace <IISSiteName> with the name of the IIS web site and <hostHeaderValue> with the host header name for that site
  5. Open IIS and validate that the IIS Site binding is configured with HTTPS and the Host Header Value
  6. Test your site(s).

Configuring Netscaler and Web Interface for application publishing

I needed to secure as Citix XenApp farm behind Netscaler VPX Access Gateway to publish secure applications.

Prerequisites:

  • Install 2 Netscaler 10.0 virtual appliances in VmWare
  • Configure IP Address for the Netscalers
  • Install Platform and VPX Licenses

Step1: Installing Certificate

  • After you have exported your SSL certificate from the certificates.mmc on Windows Server to a *.pfx (make sure you exported the private key), you can import this certificate to the NetScaler.
  • Logon to the Netscaler and click SSL Certificates > Import PKCS#12
  • 8.1a-MainSSL
  • The output file name can be anything you like, however be sure to take note of it.  wildcard.odh.key is used in the example.  The .KEY file will contain both a Private Key as well as the Certificate combined into one file.
  • 8.1a-ImportSSL
  • A file has now been created on the NetScaler called “wildcard.remotemobileaccess.key”
  • 8.1a-ListWildcardSSL
  • Install WinSCP, connect to the IP address of the NetScaler.  Click the double dot to get to the previous directory.  Browse to /nsconfig/ssl.  We are now going to create a new .cer file and modify the wildcard.odh.key file.
    • Edit the .key file with WinSCP
    • Select everything starting from —–BEGIN CERTIFICATE—– to the end of the file.  Click Cut. Leave the file open.
    • Open a new file on your desktop, name it whatever you like, except make sure the extension is .CER and not .TXT.  Paste the information you cut out of the .key file in step 2.  Save and close the .CER file you created and drag and drop it into WinSCP so that its uploaded into the nsconfig/ssl folder on the NetScaler
    • Save the modified Key file from step 2 using the save button in the WinSCP file editor.
    • You now have both a .key file and .cer file on the Netscaler and can continue with the certificate installation process.  Click SSL > Certificates > Install
    • 8.1a-InstallWildCard
  • If you have not previously installed the intermediate certificate chain from your Certificate Authority (like DigiCert), then you will need to do that (SSL > Certificates > Install).
  • 8.1a-InstallIntermediate
  • We now need link the new SSL Cert that you installed to the Certificate Chain from your CA:
  • Right Click on your WildCard Cert and select “Link”. Choose the DigiCert/Other Intermediate Certificate.
  • 8.1a-LinkSSL

Step2: Configuring Access Gateway

  • Add DNS Entry for your Access Gateway URL.
  • Create a basic Access Gateway Virtual Server
    • Go to Access Gateway -> Virtual Servers – > Add
    • Enter Name, IP Address, and Select the previously created WildCard Cert(Click Add)
    • 8.1a-CreateVirtualServer
    • Click Create. You will see a new Virtual Server Created.
    • LDAP Policies
      • Go to Access Gateway -> Policies -> Authentication -> LDAP.
      • Click Servers Tab
        • Click Add.
        • Fill out the Name, IP, Base DB, Admin Bind DN, Admin PW. See image below.8.1a-LDAPServer
  • Click Create.
  • Do the same for any more Domain Controllers.
  • Click Policies Tab
    • Click Add
    • Fill out the Name, Select DC server, Add Expression to look at header for the domain name. (We are tracking cookies because of multiple domain dropdown option)
    • 8.1a-LDAPPolicy
    • Click Create.
    • Repeat the steps for all Domain Controller Policies
    • Session Policies
      • Go to Access Gateway -> Policies -> Session
        • Click Profiles Tab
          • Click Add
          • Click Published Applications Tab
          • Enter Policy Name
          • Set ICA Proxy to “ON”
          • Enter Web Interface Address
          • Enter Single Sign-on Domain
          • 8.1a-SessionPolicy
          • Click Create
          • Click Policies Tab
            • Click Add
            • Enter Policy Name
            • Select the Profile you just created
            • Enter Cookie Expression.
            • 8.1a-SessionPolicy2
  • Click Create
  • Apply Policies/STA to Access Gateway
    • Open up the Virtual Server create earlier
    • Click Authentication Tab
      • Add the LDAP Policies
      • 8.1a-VirtualServer_LDAP
    • Click Policies Tab
      • Add Session Policies
      • 8.1a-VirtualServer_Session
    • Click on Published Application tab
    • Click OK to save the settings.

Step2: Configuring Web Interface

  • Open Citrix Web Interface Console
    • Right click on XenApp Web Site – > Create Site
    • Give it a name “ICA Proxy”
    • Specify Point of Authentication “At Access Gateway”. Click Next
    • 8.1a-WI-PointOfAuth
    • Enter the “Access Gateway Authentication URL”
    • 8.1a-WI-GatewayURL
    • Click Next to finish the site.
  • Add XenApp Servers
    • Right click on newly created site. Select Server Farms
    • Add XenApp Servers
    • Click OK.
  • Edit Secure Access Settings:
    • Right click on newly created site. Select Secure Access
      • Click Add and select Gateway Direct
    • Click Next
    • Enter the FQDN Address for the Virtual Server address
    • Click Next
    • Specify the STA server(s). Must match the same server as configured in Access Gateway.
    • 8.1a-WI-STA
    • Click Finish

Publish some application in your farm and test your Access Gateway to make sure you can access the Web Interface site thru Access Gateway.