How to: Apply Active Directory Group Policy to Citrix XenApp servers

This may seem straight forward but it's taken some time to get this to work like a charm.

Scenario:

XenApp (XA) 6.x farm with multiple servers. You have settings that need to be applied to the servers as well as settings for Users.

This is how I configured it.  I came to this conclusion because Group Policy wasn't applying the correct Intranet Zone sites in Internet Explorer (although the same settings worked flawlessly on their desktop)

1.  Create and move all servers to an OU containing XA Servers only.

XenApp Computer object location

my.company.com
       |
       __ Computer Accounts
                                |
                                _ XenApp
                                        |
                                        |- XENAPP01
                                        |- XENAPP02
                                        |- XENAPP03

Therefore: OU=XenApp,OU=Computer Accounts,dc=my,dc=company,dc=com

User Accounts object location

Create or use an existing group containing your users.


my.company.com
       |
       __ User Accounts
                                |
                                _ Location
                                        |
                                        |- USER1
                                        |- USER2
                                        |- USER3


2.  Create and AD group eg. 'All XenApp Servers' containing all your XA servers .  This is important to allow the computer configuration settings to apply to the servers.

3. Three group policies required.
           A.  Name: Policy XenApp Loopback
                 Purpose: This invokes Loopback processing
                 Settings: Computer Configuration > Policies > Administrative Templates > System /
                 Group Policy
                     Policy:  User Group Policy loopback processing mode
                     Mode: Replace
                 GPO Status: User Configuration settings disabled
                 Link Order: 3 (Apply this first)
       
           B.  Name: Policy XenApp Server Configuration
                 Purpose: Contains computer configuration settings which will apply to all your XA servers
                 Settings:  Computer configuration > As required.
                 GPO Status: User Configuration settings disabled
                 Links:  OU=XenApp,OU=Computer Accounts,dc=my,dc=company,dc=com
                 Security Filtering: All XenApp Servers
                 Link Order: 2 (Apply second)

           C.  Name: Policy XenApp User Configuration
                 Purpose: Contains users configuration settings which will apply to all your XA users
                 Settings:  User Configuration > As required.
                 GPO Status:  Computer Configuration settings disabled

                 Links:  OU=XenApp,OU=Computer Accounts,dc=my,dc=company,dc=com
                 Security Filtering: 'All XenApp Users' or Authenticated Users
                 Link Order: 1 (Apply last)


That's it.

:)

JJ
             

Automate the assignment of load evaluators

This useful VBScript can be scheduled to run at particular time to automatically assign a load evaluator to a Citrix XenApp Server.

Errors occurred when using "Servername" in the discovery process

I recently installed the Access Management Consoles onto an XP desktop pc for our IT Service Desk, but the discovery process was producing an error.

I needed to enable Network COM+ access on the Citrix server specified during the discovery process in order to get this to work.

See here for detailed instructions.

Mitch

Rebuild the WMI Repository on Windows Server 2003

Use the following command to detect and repair a corrupted WMI Repository:

rundll32 wbemupgd, RepairWMISetup

Re-registering the WMI components

The .DLL and .EXE files used by WMI are located in %windir%\system32\wbem. You will need to re-register all the .DLL and .EXE files in this directory.

To re-register the WMI components, run the following commands at the command prompt:

cd /d %windir%\system32\wbem
for %i in (*.dll) do RegSvr32 -s %i
for %i in (*.exe) do %i /RegServer

Following these steps, it is then neccessary to re-register the Citrix namespace:

From the command line:

cd /d %ProgramFiles%\citrix\system32\citrix\wmi
for /f %s in ('dir /b *.mof *.mfl') do mofcomp %s

Credit goes to the people who wrote these helpful webpages:

http://windowsxp.mvps.org/repairwmi.htm
http://forums.citrix.com/thread.jspa?threadID=69014&tstart=0

Mitch

Check for logon sessions before restarting

This script will return the number of Citrix sessions for a given server (total, not active or disconnected) using WMI and determine whether it is ok to restart the server:

On Error Resume Next

Dim strComputer, UserName, Password, SWBemlocator, objWMIService, objItem, colItems, sSessions

Dim oWSH : Set oWSH = CreateObject("WScript.Shell")

strComputer = "servername"
UserName = ""
Password = ""
Set SWBemlocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = SWBemlocator.ConnectServer(strComputer,"root\citrix",UserName,Password)
Set colItems = objWMIService.ExecQuery("Select * from MetaFrame_Server",,48)
For Each objItem in colItems
If objItem.NumberOfSessions <>
oWSH.LogEvent 0, "Number Of Sessions: " & objItem.NumberOfSessions & ".This is the default number, restarting now..."
ShutDown
Else
sSessions = objItem.NumberOfSessions - 3
oWSH.LogEvent 4, "Number Of users still logged on: " & sSessions & ". Cancelling the restart."
End If
Next

Wscript.Quit

Sub ShutDown
Dim nLogOff, nReboot, nForceLogOff, nForceReboot, nPowerDown, nForcePowerDown, colOS, oOperatingSystem

nLogOff=0
nReboot=2
nForceLogOff=4
nForceReboot=6
nPowerDown=8
nForcePowerDown=12

Set colOS = GetObject("winmgmts:{(Shutdown)}").ExecQuery("Select * from Win32_OperatingSystem")

For Each oOperatingSystem in colOS
oOperatingSystem.Win32Shutdown(nForceReboot)
Next

End Sub

Note that username and password can be left blank when the script is run locally. I schedule the script to run once per week using the AT command.

Mitch

Aderant: Stop the *LogConduit* window from appearing

Problem: A large empty window will appear in the background when launching Aderant Expert/CMS on Citrix with *LogConduit* in the title bar.

Solution: Aderant intend to fix this in a later release but the workaround is to add the following section to the CMS.INI file for each user.

[Logging]
Disable=1

The CMS.ini should be located in the Terminal Services profile for each user.

Mitch