640 likes | 791 Views
SUM303 Implementing and Troubleshooting the Citrix Receiver for Windows. Christian Suarez. Senior Escalation Engineer. May 8, 2012. Tweet about this session with hashtag #SUM303 and #CitrixSummit. Agenda. Overview of Citrix Receiver for Windows
E N D
SUM303 Implementing and Troubleshooting the Citrix Receiver for Windows Christian Suarez Senior Escalation Engineer May 8, 2012
Tweet about this session with hashtag #SUM303 and #CitrixSummit
Agenda • Overview of Citrix Receiver for Windows • Implementing the Citrix Receiver with Merchandising Server 1- Setup Merchandising Server 2- Prepare and Download Plug-ins 3- Deploy Citrix Receiver 4- Deliver and Maintain Plug-ins • Troubleshooting the Citrix Receiver • Citrix Receiver for Mac • Questions?
IT Citrix Receiver desktops apps data SaaS
Components Component Definition Citrix Receiver and Receiver Updater Software that manages and updates for Windows and Mac Citrix Plug -ins on user desktops Virtual appliance responsible for managing Citrix Merchandising Server software deliveries from IT Merchandising Server Web console used for configuring and Administrator Console managing software deliveries Service that uploads software plug-ins and Citrix Update Service MetaData on Merchandising Servers Individual Citrix clients or agents managed Plug-ins & MetaData Citrix Plug-ins by Citrix Receiver http://*.citrix.com
Architecture Active Directory Administrator Console Merchandising Server 1011011010 SSL 1011011010 Citrix Receiver LDAP 1011010 LDAP 10110101 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 101 HTTP 10110 HTTP 10110 HTTP 19 Data Center Update Service 1011011010 SSL 1011011010 SSL 101 Citrix Receiver External End User Internal End User
Merchandising Server Requirements Browser for Admin Directory Virtual Server Hardware Console Services Minimum: XenServer 5.x 8 GB disk space Active Directory Internet Explorer 7,8, or 9 1 GB RAM 2003 SP2 or VMWare Recommended : Firefox 4.x or 5 later vSphere 4.0, ESX 3.5, 2-8 GB RAM VMWare Server 2.x 2 CPUs
Step 1: Building Merchandising Server • Hostname, IP Address, Gateway and DNS • FQDN to match certificates • Use Static IP Active Directory Administrator Console Merchandising Server C1trix321 1011011010 SSL 1011011010 LDAP 1011010 LDAP 10110101 Data Center 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 10110 HTTP 10110 HTTP 10110 HT Update Service 101 HTTP 10110 HTTP 10110 HTTP 10110 Citrix.com
Merchandising Server Features • Anonymous Deliveries • Using System Token enables Receiver to configure plug-ins without users needing to authenticate • Enhanced Roaming • Beacon websites improves roaming and avoids interrupting users with unneccesary authentication messages • Improved reporting when syncing Active Directory
User Authentication with User Tokens • Users must authenticate with AD before downloading the Receiver • User Tokens are created and kept in the registry on the client • Subsequent authentication request will be suppressed • Token expiration is defined in the Administrator Console (6 months default)
Anonymous Deliveries with System Tokens • Allows Citrix Receiver install with a system token without users needing to authenticate • Kept in the registry on the client • System Tokens are manually created from Merchandising Server Admin Console • Reporting and delivers based on • Machine Name, IP Address, or Domain membership • System Tokens never expire
Enhanced Roaming with Beacons • Beacons allow the Receiver to determine whether the user is inside or outside the corporate firewall • When the user must go through the VPN, Receiver prompts with the Connect to Delivery Services logon dialog • As users move from place to place, Receiver and secure access plug-in will: • smoothly re-establish tunnels if outside the firewall • not establish tunnels while inside the firewall. • Avoids interrupting the user with unnecessary VPN authentication pop-ups
Step 2: Downloading Plugins to Merchandising Server /usr/local/apache-tomcat-6.0.16/webapps/appliance/WEB-INF/classes/appliance.properties Administrator Console Merchandising Server 1011011010 SSL 1011011010 Data Center 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 10110 HTTP 10110 HTTP 10110 HT Update Service 101 HTTP 10110 HTTP 10110 HTTP 10110 https://pluginupdate.citrix.com/updateservice/services/updateService Citrix.com
Citrix Plugins for Windows • Online • Self-service • Secure Access • Offline • Single Sign-on • Service Monitoring • Acceleration • EasyCall • Profile Management** • XenVault
NEW! Citrix ShareFile Plugins for Windows • ShareFile Desktop Widget • ShareFile Outlook Plug-in • Citrix ShareFile Plug-in for Receiver
Step 3: Delivering Citrix Receiver Updater • Updater for Mac • Mac OS 10.5, 10.6, 10.7 • Updated Java • Elevated Privileges Citrix Receiver for Mac Citrix Receiver 1011011010 SSL 1011011010 SSL 1011011 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 Data Center 1011011010 SSL 1011011010 SSL 1011011 • Updater for Windows • .NET 2.0 or later • Internet Explorer 7 or 8 • Firefox 2.x or 5.x • Administrator Privileges Citrix Receiver for Windows External End Users Internal End Users
Receiver for Windows Installation Packages Citrix Receiver Standard - CitrixReceiver.exe User experience is consistent across all Receiver platforms Full set of features like Self-Service with one-click configuration Full Citrix CloudGateway interoperability Automatic install from Web Interface or Receiver for Web Can be installed with Electronic Software Distribution (ESD) tools Ensure free space in user’s Temp directory
Receiver for Windows Installation Packages Citrix Receiver Enterprise - CitrixReceiverEnterprise.exe Supports legacy XenApp Services, formerly PNA Services XenApp Services are limited to LAN connections Required for Smart Card Authentication Requires Administrator to install Can be installed with Electronic Software Distribution (ESD) tools
Ways To Deploy the Receiver for Windows Delivery Method User Action Required Where to apply User authentication required to Managed or Unmanaged Merchandising Server Download complete installation Computers dedicated to users User authentication required to Managed Computers Electronic Software Distribution (ESD) complete installation dedicated to users Anonymous Delivery with n o user Managed Computers with ESD with System Token authentication for install or updates sharing users User authentication required to External Download Page via Packager Remote Users complete installation Remote Users on computers External Download Page via Packager Anonymous Delivery with no user identifiable by IP, Machine and System Token authentication for install or updates Name or Domain Membership User authentication required after Unmanaged Computers with Manually by user Merchandising Server added tech savvy users
Installing the Receiver for Windows From Receiver for Web and Web Interface Receiver for Web • Automatically determines if Receiver in installed • Receiver installation files are stored on the server with the default installation • Option to offer an upgrade for users with older clients Web Interface • WI installation prompts for media to store Receiver installation files on \Clients folder • Options for Client Detection and Deployment in Web Interface Console • Rename the CitrixReceiver.exe to CitrixOnlinePluginWeb.exe and place in directory • Modify WebInterface.conf file for ClientIcaWin32
Receiver for Windows Installation Parameters CitrixReceiver.exe [Options] and CitrixReceiverEnterprise.exe [Options] /noreboot /silent /includeSSON PROPERTY=Value INSTALLDIR, CLIENT_NAME, ENABLE_DYNAMIC_CLIENT_NAME, ADDLOCAL, ALLOWADDSTORE, ALLOWSAVEPWD, ENABLE_SSON, ENABLE_KERBEROS, DEFAULT_NDSCONTEXT, LEGACYFTAICONS, SERVER_LOCATION, STARTMENUDIR, STOREx
Citrix Receiver Packager for Windows • Provides an installer with Receiver that optionally includes a Secure Access plug-in and a system token • Packager and instructions found on the Citrix KB at CTX121355 • Three main components of the Packager: • Secure Access Plug-in • Citrix Receiver Updater • Self Extracting Package • ReceiverInstaller.exe by default AGCRPackager.exe
Creating an External Receiver Download Page • Create sample page from support files from Citrix.com • • animation.swf • • ieTransparency.css • • index.html • • main.css • • resources.js • • img (images folder) • Edit resources.js to define Merchandising Server, Server URL and installer file • Web Page with ReceiverInstaller.exe download link • Send URL to clients for remote access
Deploying Access Gateway Connections • Secure Access Plug-in 9.x is for Access Gateway Enterprise (AGEE) • Secure Access Plug-in 4.6 for AG Standard and Advanced • Enhance Roaming Integration • The Access Gateway will continue to update the Secure Access plugins, NOT the Citrix Receiver • Users can select nearest location when traveling • Use Merchandising Server to choose fields to display to users
Upgrading the Citrix Receiver for Windows • Upgrades only supported from Citrix Online Plug-in 11.2 and later • Removed previous version of the Online Plug-in prior to upgrading • Uninstall Online Plug-in 11.0 • From Add/Remove Programs • Installer package with Remove option only if installed using a Windows Installer package • Uninstall Citrix Receiver 13.x • Use the Citrix Receiver Updater • Use the /uninstall option with the Citrix Receiver executables • From Add/Remove Programs (only if Receiver Updater was not used to install)
Upgrading the Citrix Receiver for Windows Citrix Receiver Standard – CitrixReceiver.exe Installed Result No previous Citrix Online Plug-in Citrix Receiver Standard With Web access only Citrix Online Web Plug-in Citrix Online Full Plug-in with PNA and SSO No upgrade path Citrix Receiver Enterprise
Upgrading the Citrix Receiver for Windows Citrix Receiver Enterprise – CitrixReceiverEnterprise.exe Installed Result No previous Citrix Online Plug-in Citrix Receiver Enterprise with web access Citrix Online Web Plug-in Citrix Online Full Plug-in with PNA and SSO Citrix Receiver Enterprise configured for PNA and SSO Citrix Receiver Enterprise
Step 4: Delivering and Maintaining Citrix Plugins Merchandising Server 1011011010 SSL 1011011010 SSL 1011011 Data Center 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 1011011010 SSL 101101110 SSL 1011 101101110 SSL 1011 SSL 1011 101101110 101 1011011010 SSL 1011011010 SSL 1011011
Modifying Plug-in Metadata • Metadata contains the properties and commands to ensure proper installation • It includes user connection information per Citrix Plug-in • Comes pre-configured but can be modified • Configure customize user connection information • Sample metadata files are provided on the Citrix Community Receiver Metadata Web page
Creating a Targeted Delivery • Must have Delivery Rules created • At least one plugin downloaded to Merchandising Server • Provide Delivery name, description, and polling frequency • Select from available plugin and metadata • Configuration of the Citrix Receiver • Apply Delivery Rule • Schedule Delivery 1011011010 SSL 1011011010 SSL 1011011 1011011010 SSL 1011011010 SSL 1011011
Troubleshooting the Citrix Receiver and Merchandising Server
System Log (appliance.log) • Server log captures Merchandising Server and user-specific events • Enable System Logging for more details • Enable User Logging to add user messages to the server log • Located at: /usr/local/apache-tomcat-6.0.16/logs/appliance.log
Detailed Active Directory Error Messages • From the Merchandising Server Administrators Console • Invalid AD credentials • Invalid value for Base DN • AD doesn't support simple authentication • Not permitted to logon at this time • Not permitted to logon from this workstation • User password expired • User account disabled • Enhanced Messaging in System log
Client Logs (Receiver_.log and ErrorLog.xml) • Detailed Client Log key for any client Receiver issue • To Enable Client Logging, add –verbose to the Target line, on the Receiver.exe “C:\Program Files (x86)\Citrix\Receiver\Receiver.exe” • Logs located in user profile at \Local Settings\Application Data\Citrix\Receiver\Receiver_.log • ErrorLog.xml can be gathered from MS Admin console and view within console
CDF Tracing still available for connection issues • For connections issues with Receiver, CDF Traces still works • CDF Control can be found at CTX111961 • Creates CDFLogFile.etl which requires Citrix symbols to be parsed into readable messages • Send to Citrix Technical Support for Detailed Analysis
Troubleshooting Citrix Receiver installation ISSUE: Receiver installation is not proceeding Verify .NET 2.0 Framework is installed Verify that the user has administrative permissions Ensure the user credentials are entered properly, i.e. DOMAIN\user Check the supported browsers for the download page • IE7, IE8, Firefox 3, Safari
Troubleshooting Citrix Receiver updates ISSUE: Receiver shows “Plug-in updates are disabled” Occurs if the client has the Terminal Services role or a Microsoft Server Edition installed Modify the Citrix Receiver shortcut or executable to run with: • -allowadminTSupdates Close and Reopen the Receiver More information at CTX129051
Troubleshooting Receiver Plug-in updates ISSUE: User does not receive any Plug-ins Check that the client is pointing to the correct Merchandising Server From user’s Control Panel > System and Security Verify that client OS is supported for the specific plug-in Verify that the rule defining the recipients matches the client's parameters Check the evaluation order of the deliveries
Troubleshooting Receiver Plug-in updates ISSUE: User does not receive any Plug-ins Delete the client's token in the local registry and restart the client • HKLM\Software\Citrix\Receiver\Delivery\Filter • Forces user to re-authenticate to the Merchandising Server Enable verbose logging from command line (CMD) • XP: “C:\Program Files\Citrix\Receiver\Receiver.exe” –verbose • Win7 64bit/Vista 64bit: “C:\Program Files(x86)\Citrix\Receiver\Receiver.exe” –verbose On the Receiver client, select “Check for Updates” • Makes an immediate connection to the Merchandising Server Collect Receiver_.log from client • %USERPROFILE%\Local Settings\Application Data\Citrix\Receiver\receiver_.log
Troubleshooting Merchandising Server installation ISSUE: Network Is Unreachable There is a Diagnostics menu on the Merchandising Server Console With duplicate IP addresses, a ping will show “Network is unreachable” XenServer will show unknown IP address
Troubleshooting Merchandising Server Web Server ISSUE: HTTPD Service Failure when using a Space in Hostname The httpd fails to start and admins cannot open the Console The Apache web service cannot handle server hostname with a space • i.e. – “Merch Server1” Edit the hostname Restart the httpd Service: sudo /etc/init.d/httpd restart
Troubleshooting Merchandising Server ISSUE: User account are not enumerating in the Administrator Console Merchandising Server downloads user/group list from Active Directory Server using LDAP port 389 • For indexed database, port 3268 significantly speeds up AD queries Stored in local PostgreSQL database • Select “Save and Sync” for immediate updates, i.e. when new AD users are created Base DN lists the OU where user accounts are located • Multiple OUs are not supported Merchandising Server can only point to one AD Server at a time More information at CTX131998 and CTX121957
Troubleshooting Merchandising Server ISSUE: "No results found“ when performing AD search Verify the Base DN and ensure it is correctly formatted:OU=NewYork,OU=Americas,DC=company,DC=net Ensure object can be enumerated from the Base DN • Note: Only the first/last name fields are searchable from within Merchandising Server (not username) Verify that the complete domain path is includedfor all regions