Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Terminal Server’ Category

RD Gateway connection fails on Windows 7

I needed to connect remotely via Remote Desktop to a Windows Server 2012 machine.

I received an rdp file that was configured to use an RD Gateway server:

Remtoe Desktop Connection | RD Gateway Server Settings

However when trying to connect from my Windows 7 laptop (x64) machine, I got the following error message:

The two computers couldn't connect in the amount of time allocated. Try connecting again. If the problem continues, contact your network administrator or technical support.

 

(more…)

File:VMware ThinApp v4.0 icon.pngOne of the lesser known features of VMware ThinApp is that you can supply a Virtual Computer name.

This is documented as follows in the package.ini reference guide:

VirtualComputerName Parameter
The VirtualComputerName parameter determines whether to rename the computer name, to avoid naming conflicts between the capture process and the deployment process.

(more…)

imageSome applications use the computer’s name as a unique identifier, rather than using the user name. In a single-user-per-computer environment, this strategy works well.

However, in a Multi User environment such as Citrix XenApp or Microsoft’s Remote Desktop Services (Terminal Server), all connected users report the same computername.

If the application relies on unique computernames to handle tasks such as file and record locking, then the application will fail.

imageWe can however set an Application Compatibility Flag in the registry to return the username instead of the computername.

To demonstrate this behaviour I wrote a small Test Application called TestAppCompatFlags.exe.

(more…)

Twain LogoScanners attached to client machines can be used from within a Citrix XenApp session via a mechanism called Twain Redirection.

For this mechanism to work correctly the file twain_32.dll must be present in the Windows directory.

On Windows 2008 this dll should be copied from winsxs (side by side) to the windows directory as described in CTX123981.

On Windows 2003 the dll is already in the correct directory, however applications that are not Terminal Server Aware cannot find this dll because the Windows directory is redirected to the user profile. Citrix recommends copying twain_32.dll to each user’s profile directory but this will take up unnecessary space.

So what alternatives do we have?

(more…)

NTVDM encountered a hard error

MS-Dos LogoToday I troubleshooted an old DOS application that needed to run on a 32 bit Citrix XenApp Server. The last time I saw an actual DOS application in a production environment must be years ago.

When starting the application, the WOW subsystem (NTVDM) crashed with the message: “NTVM encountered a hard error.”:

NTVDM encoutered a hard error

After spending some time troubleshooting I remembered a similar issue from a few years ago where a DOS application worked fine from the Console but refused to work from an RDP or ICA session.

(more…)

SSL Certificates in termsrv.dll

I was digging around in termsrv.dll yesterday when I noticed that there are some (well 372 to be exact) SSL certificates inside the Terminal Server binary (termsrv.dll):

image

Two of them seem to actually contain the private keys as well, but I am not 100% sure it may be just a certificate in another format.

 

(more…)

In the previous parts (part 1 part 2) i’ve described the theoretical part and implementation problems. So, now we can write the code:

1) In case we login the user, we just call LsaLogonUser to get the token:
(more…)

In part 1 I’ve described the theoretical parts needed for a custom autologon application implementation.

But there are some practical problems which I will describe here.

1) I use the LsaLogonUser function to log in the user. However, if I do not pass not null for the LocalGroups parameter, msgina.dll fails to process the logon.

Why? Because it looks for the SE_GROUP_LOGON_ID SID and treat it as logon SID. So we have to add the logon SID manually:
(more…)

Windows XP introduced the ability to use Fast User Switching (FUS from here on), which is implemented using Terminal Services.

But in some cases (i.e. when FUS is not enabled, or when you connect to the console in Windows 2003 server), the Winlogon process in an RDP session needs to transfer credentials to Session 0.

Although not documented in MSDN, the process of transferring credentials is described by Keith Brown in the June 2005 issue of MSDN magazine: Customizing GINA, Part 2.

WlxQueryConsoleSwitchCredentials and WlxGetConsoleSwitchCredentials are used in the transfer with the semi-documented WLX_SAS_TYPE_AUTHENTICATED SAS code constant.

Internally, winlogon.exe uses a Named Pipe, \\.\Pipe\TerminalServer\AutoReconnect, to implement both of these functions.

The pipe format is described in this structure:
(more…)

The Case of the Citrix Ready Printer Driver

I had a very interesting issue today on a new Citrix XenApp 5 farm. We went into production yesterday and we noticed a number of issues:

  • Printing in general was slow, especially when a user connects to a printer for the first time.
  • User Profiles were rapidly growing in size (from the expected 1-2 MB to over 40 MB).
  • Logons took much longer then in the testing period (and since we use a Full Screen Desktop the user doesn’t see any progress).
  • Performance monitoring showed CPU spikes in Word, Excel and IE processes.

I took a look at the profiles first and noticed that the size growth was due to a Xerox subfolder in %APPDATA%:
(more…)

Blogroll


Categories


Archives