I am doing a project involving a Citrix Xenapp environment running on VMWare vSphere.

The physical machines are powered by two Eaton Uninterruptable Power Supplies that both a network card.

I received some documentation that describes how to implement automatic shutdown in a VMWare vSphere environment.

This documentation describes that a vSphere Management Assistant (vMA) must be deployed in which we need to install some software from Eaton.

I followed the documentation that even described the needed iptables rules needed for their software.

In the last step a discovery is done and the UPS is supposed to be found. And you have probably guessed by now: it didn’t!

At first I figured that maybe the iptables configuration was still too tight so I stopped the iptables service but that didn’t help.

(more…)

I just recorded a SasLibEx Screencast, it shows some of the very powerfull features of SasLibEx.

The following features are shown:

• Simulate Ctrl Alt Del (Secure Attention Sequence)
• Cancel Ctrl Alt Del
• Lock Workstation
• Unlock Workstation (without credentials)
• Disable Ctrl Alt Del
• Enable Ctrl Alt Del again
• Cancel pending UAC request
• Is Desktop Locked

Today I noticed that a recently added Application to the Citrix Test environment added a Macro to the Office Startup directory.

When a user launches Word he will get a popup because the Template (.dot file) was not signed:

It would have been a lot easier if Application Vendors sign their stuff because in that case I could have just added the certificate using Group Policy (yesterday’s post describes how to do this).

Application Vendors usually tell you that you should lower the Macro security in Office (or Word in this case) to Low to get rid of this message. But I think there’s a better solution: we will sign the .dot file ourselves!

(more…)

Yesterday I created an Unattended Installation of a webapplication. Of course it was “just a web link” and the application vendor usually says: you don’t need to install it just go the URL and that’s it.

The reality is usually that you go to the URL and need to install several (ActiveX) components and maybe other dependencies such as Java.

While a user may have the permissions for this on his own pc, on a Citrix or Terminal Server environment this is highly unlikely.

So we need to package and pre-install this for the users.

Nothing special so far but this particular application had some special things that were interesting enough to blog about.

So let’s start with what happened, I visited the URL of an application called Centric Key 2 Financien.

First I got a few popups with Certificates that needed to be accepted:

The application’s instructions say that the user must accept this and set the “Always trust content from this publisher” checkbox.

(more…)

I often hear that people configure the Paging File (on Citrix or Terminal Servers) on a seperate volume but, the reasons is either performance or the chance that the Paging File might corrupt the volume.

However if at some point you would like to create a Memory Dump you must have a paging file on the boot volume.

For a Small memory dump you need at least 2MB Paging File on the Boot Volume but for a Full Memory Dump you need a Paging File that is sufficient to hold all the physical RAM plus 1 megabyte (MB).

Side Note: with the increasing ram of today’s servers, how long does it take for a full memory dump to be saved when you have lots of gigabytes?

See also: Overview of memory dump file options for Windows Vista, Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows XP, and Windows 2000.

If you are implementing a Citrix, Terminal Server or even just a plain Client-Server environment you will need to create a Default User Profile at some point.

The Default User Profile can be thought of as the initial registry settings that are used when a new profile is created.

Many people think that the Default User Profile is available in regedit via HKEY_USERS\.Default but this is NOT the Default User Profile.

(more…)

After doing an unattended installation of the Citrix Online Plugin it was not possible to launch a Published Application.

It would just give the error mesage: “citrix online plugin could not launch the requested published application”.

Even though the installation finished without errors and the logfiles indicated no failure at all I was able to fix it by using 2 steps described in CTX123761.

First install the Microsoft Visual C++ 2005 Redistributable Package SP1 and the (re)deploy the Online Plugin adding a Transform called transform_notstrict.mst which can be found in the aforementioned KB Article.

As you probably know there are several different Folder Views in Windows Explorer:

The Explorer keeps tracks of the last used View per Folder in the registry in the key HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Bags. This KB article sort of desribes this functionality.

(more…)

I usually change the text below the “This Computer” icon to reflect the current username and servername:

This is an ancient trick, just set the the LocalizedString Value of the following key:

to “%USERNAME% on %COMPUTERNAME%”.

It get’s a little more complicated if you want to set this from a script, because the environment variables are replaced with the actual value BEFORE they are entered in the Registry.

(more…)

from CTX127541:

A cross-site scripting vulnerability has been identified in specific versions of Citrix Web Interface.

This vulnerability could potentially be used to execute malicious client-side script in the same context as legitimate content from the web server; if this vulnerability is used to execute script in the browser of an authenticated user then the script may be able to gain access to the authenticated user’s session or other potentially sensitive information.

This vulnerability affects all version 5.x Citrix Web Interface installations up to and including version 5.3.

So you should consider upgrading to version 5.4 which has a new look (again):