Philip Flint

www.philipflint.com

Archive for category IT

Optimise XenApp RAM and CPU

Dec 29

Posted by Philip Flint in XenApp | No Comments

I see a lot of deployments of XenApp and / or Terminal Services on 32 bit systems, typically Windows Server 2003 R2 and, while its old hat, I thought it’s still worth taking a few minutes to make a note of the correct settings for optimisation of RAM and CPU in a thin client environment. When you first install Windows Server 2003 R2 the default performance settings for RAM and CPU before the operating system has had a role assigned are as below:

 

Once the Terminal Services Role has been installed these are changed to:

 

At a very basic level, these are the correct settings to use. But why ? For CPU, this forces the CPU to allot less time to a task before switching between tasks. In a service based environment (for SQL or Exchange for example) the CPU should be optimised for services so that the CPU allots more time to a single task before switching to any different task requiring processor time. As servers hosting services tend to have multiple cores this reduces context switching and results in higher performance for long running tasks.

In a thin client environment where multiple users are competing for processor time perceived performance is enhanced if the processor provides some time to each user. That is, if it can switch between threads more quickly. To do this, we optimise for programs in the GUI.

Regarding memory, the limiting factor in a 32 bit thin client server based computing environment is not necessarily user RAM but, more often, paged pool RAM and non-paged pool RAM. These are limited to around 650MB and 256MB respectively (for Windows Server 2003 – these limits have been removed somewhat in Windows 2008). These limits also hold true for Windows Server 2003 r2 Enterprise Edition. The server may have 32GB of RAM, for example, but will still have these small amounts of RAM available for end user tasks. If we optimise the RAM for programs then this reduces the amount of RAM available for these system type processes … the above figures are reduced still further. As paged pool RAM is consumed the server may start to page, even though there is ample spare user RAM. Even more concerning, if non-paged pool RAM is depleted this cannot be paged and, in the worst case, the server may even blue screen.

I hope the above brings some understanding as to why the above are the default settings. Some items to bear in mind:

  1. Mark Russinovich has an excellent article on RAM which applies to thin client environments at http://blogs.technet.com/b/markrussinovich/archive/2009/03/26/3211216.aspx
  2. Jeremy Saunders has written an outstanding article on Processor Scheduling at http://www.jhouseconsulting.com/2008/05/13/processor-scheduling-20
  3. RAM can be set to use prefer System Cache by setting the key HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\LargeSystemCache to 1
  4. Processor Scheduling can be further optimised by setting the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\PriorityControl\Win32PrioritySeparation to 40

Why do people change these settings to the exact opposite of the defaults ? I have no idea but hope that someone can enlighten me.

Securing NetScaler / AGEE interface

Dec 19

Posted by Philip Flint in Access Gateway, Citrix, IT, NetScaler, Uncategorized | No Comments

By default when you install a NetScaler or AGEE the admin interface can only be connected to by HTTP. To configure the device to allow you to connect by HTTPS complete the following steps:

1) Connect to the devices configuration utility using a browser
2) Expand the Network node
3) Click on RPC
4) Select the NSIP (NetScaler admin IP Address)
5) Click Open
6) Tick the Secure check box
7) Click OK

Tags: , ,

Preventing access to specific applications in XenClient 2

Nov 12

Posted by Philip Flint in Citrix, Virtualisation | No Comments

XenClient is fabulous. You have a locked down work image and you have an “open” image where you can run whatever you like in it. You can then “share” applications betweioen running VM’s so you can have your “ticker” or “game” or whatever avaialble on your work machine or you can have your work application viewable from your personal machine. But what if you don’t want certain applications to be available ?

This is controlled from an XML file which instructions the agent where to collect icons from (essentially the all users atsrt menu and any logged on users menu) but exclude anything on the blacklist (Outlook Express, anything in c:\windows etc) unless its included on the list of whitelisted applications (internet explorer for example). So, very easy to configure IF you know where the configuration file is …. which isn’t at all obvious.

The XML file can be found in the following locations:

Windows 7
C:\ProgramData\Citrix\Xci\Applications\XciDiscoveryConfig.xml

Vista
C:\ProgramData\Citrix\Xci\Applications\XciDiscoveryConfig.xml

XP
C:\Documents and Settings\All Users\Application Data\Citrix\Xci\Applications\XciDiscoveryConfig.xml

Tags: , ,

List Users who have logged on to XenApp

Oct 7

Posted by Philip Flint in Citrix, Tips | No Comments

Want to know who has logged on to your Citrix server ?

You can just look in the security log in event viewer and filter down but it’s so much easier using the command line. Just open up a cmd prompt and enter

audit log

This will let you list all the sessions from the event log and even pipe them out to a text file for later analysis or reporting.

Tags: , ,

Changing the icon used for folders

Sep 23

Posted by Philip Flint in Tips | No Comments

When building a desktop image you may want to have some corporate folders which you want to “stand out” from the others and also let users know what the folder should be used for. For example, you may place folders in the “All Users” menu folder or within the users “My Documents” folder.

This can be accomplished by changing the folders icon and adding a tool tip so that a hint appears if a user hovers their mouse over the folder. This is relatively simple to achieve.

  1. Create the folder. I have create done called “RegistryTemplates”

     

  2. Mark the folder as a system folder. Open a command prompt and mark the folder as a system folder using attrib +s Path\FolderName

     

 

  1. Create a text file and name it Desktop.ini. Use Notepad to create this file and ensure it is saved in Unicode format. Also, enclose the file name in quotation marks to ensure that the.txt extension isn’t applied.

  1. Edit the Desktop.ini file created (by double clicking on it). Add a section header

     

    [.ShellClassInfo]

     

  2. Then enter values to inform the file system how to display the folder.

Entry

Value

ConfirmFileOp

Set this entry to 0 to avoid a “You Are Deleting a System Folder” warning when deleting or moving the folder.

NoSharing

Not supported under Windows Vista or later. Set this entry to 1 to prevent the folder from being shared.

IconFile

If you want to specify a custom icon for the folder, set this entry to the icon’s file name. The .ico file name extension is preferred, but it is also possible to specify .bmp files, or .exe and .dll files that contain icons. If you use a relative path, the icon is available to people who view the folder over the network. You must also set the IconIndex entry.

IconIndex

Set this entry to specify the index for a custom icon. If the file assigned to IconFile only contains a single icon, set IconIndex to 0.

InfoTip

Set this entry to an informational text string. It is displayed as an infotip when the cursor hovers over the folder. If the user clicks the folder, the information text is displayed in the folder’s information block, below the standard information.

 

  1. A typical set of entries would look like the below.

     

    [.ShellClassInfo]

    IconFile=C:\Windows\Regedit.exe

    IconIndex=0

    InfoTip=”Registry templates for updating standard settings within the operating system”

     

     

  2. The above will set the icon to be that used by Regedit. The icon index is the index number of the icon within the icon file. If a bespoke icon is to be used, this can be placed within a hidden folder underneath the folder being displayed (use attrib +h FolderName to hide the folder).

     

  3. Save the file.

     

  4. Now open a command prompt and set the desktop.ini file to be a hidden system file using the command attrib +s +h Path\FileName.

     

     

  5. The folder will now display with the regedit icon to provide a visual queue that the folder contains items relating to the registry.

     

     

  6. Hovering the mouse over the folder displays the tooltip.

     

Installing Windows 8 on XenServer

Sep 23

Posted by Philip Flint in Uncategorized, Virtualisation, Windows 8 | No Comments

Having trouble installing the recently released developer preview on XenServer ?

Thomas Koetzing has the fix on his blog

Create a VM with a Windows 7 template and copy the virtual machine UUID from the general tab in XenCenter or use xe vm-list in the CLI. Next you need to run the command xe vm-param-set uuid=<VMUUID> platform:viridian=false

The installation can the proceed as normal.

Tags: ,

Connect to SysInternals files over the Internet but from within explorer

Sep 17

Posted by Philip Flint in Tips, Windows 2008 R2, Windows 7 | No Comments

Want to connect to and run the SysInternals tools locally but don’t want to install them on your server or workstation ? Just use explorer to connect to \\live.sysinternals.com\tools and there they are.

Enjoy

Tags: ,

Deploying the Configuration Logging Database in XenApp 6

Aug 23

Posted by Philip Flint in Citrix, IT, XenApp | No Comments

This blog post will walk you through deploying the configuration logging database in XenApp 6. I’ll be deploying the database on SQL 2008 SP1 running on Windows 2008 SP2 32 bit.

The first thing to do is create a standard domain account to own and connect to the SQL server database. I’ll call my account svcConfigLogging. The account should be set so that its password never expires.

 

Next, we create a blank database in SQL. I have called mine XAConfigLogging. You should follow best practice by pre-setting the database and log file sizes, holding them on separate disks, setting up backup plans etc.

 

We now add the service account created above (svcConfigLogging) to SQL as a logon. The default database for the logon is set to the database created above (XAConfigLogging).

 

Grant the user “db_owner” role access privileges.

 

As the database and security are created we can now use the Delivery Services Console to create the tables and objects in the database and the connection. To do this, right click the farm name and choose “Farm Properties”.

 

 

Select Configuration Logging and then click on the “Configure Database” button.

 

Enter the fully qualified domain name (FQDN) or IP address of the SQL server hosting the database created above (XAConfigLogging) and the credentials of the account created earlier which has db_owner rights to that database (svcConfigLogging).

 

Select the database created above (XAConfigLogging)

Change use Encryption to “No” (use of encryption requires the use of SSL certificates. As these are not in place a connection error will be generated).

 

Click on the “Test Database Connection” button

The connection should be successful (if it isn’t you will need to go back and check the settings entered).

Clicking on “Finish” will return you to the configuration screen.

The balance of the settings can now be configured. If you do not tick the “Log administrative tasks to Configuration Logging Database” then configuration logging does not take place.

Click on OK to complete configuration.

You can now make changes to the configuration of XenApp and they will be recorded to the database.

To view changes made to the configuration select the “History” node in the Delivery Services Console.

 

 

Clicking on the “Set Filter” link allows the SELECT statement to retrieve from the database to be constructed using the GUI.

Clicking on the “Get Log” link will retrieve the changes made within the constraints of the filter applied.

 

“Standard” administrators will have their changes logged to the database but will not be able to read from the database by default (i.e. will not be able to retrieve the log in history). To do this they need to be granted EXECUTE permissions against the stored procedures for the XAConfigLogging database.

 

The permissions required for administrators to the database are detailed at http://support.citrix.com/proddocs/topic/xenapp6-w2k8-admin/ps-maintain-define-db-perms.html. If security is not a concern then administrators can be granted db_owner rights to the database. Granting of rights is most easily achieved using domain groups.

Tags: ,

Installing applications to XenApp that require a reboot

Aug 14

Posted by Philip Flint in Citrix | No Comments

When you install applications to XenApp you place the server into “install” mode (using change user /install) to start recording per user registry key changes to the shadow key (HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software).

Occasionally the software installation requires a reboot part way through before continuing the installation. However, when you reboot the server is placed back into execute mode and changes are no longer recorded. But, you can’t place the server back into install mode before the installation continues.

What to do ?

One way the server knows how to continue the software installation after a reboot is to write the string to the RunOnce key at HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce. So, you can simply delete the appropriate part of this key, reboot the server, place it back into install mode and then manually run the command that was originally written to this key.

In this way you can still capture the changes made.

Other keys to check (just in case the installer utilises these keys) are:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run(Once)

HKCU\Software\Microsoft\Windows\CurrentVersion\Run(Once)

Tags:

Citrix Web Interface Fails to Respond and Generates an Internal Error

Feb 8

Posted by Philip Flint in Citrix, IT | No Comments

When installing XenApp 5.0 Web Interface on Windows Server 2003 the following error can be observed when users visit the XenApp Websites.

“Internal Error. The Web site is experiencing technical difficulties. We apologize for any inconvenience. The internal error may only be temporary. Try reconnecting and, if the problem persists, contact your system administrator.”

Easy one to solve, its just that the NT Authority\Network Service account does not have the correct permissions to the “C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files” location.

Just give it the following NTFS permissions:

Read & Execute
List Folder Contents
Read
Write

and away the problem goes – see full article at http://support.citrix.com/article/CTX126933

  

Tags: