Академический Документы
Профессиональный Документы
Культура Документы
Copyright and Trademark Notice Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. Other than printing one copy for personal use, no part of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Citrix Systems, Inc. Copyright 2001-2004 Citrix Systems, Inc. All rights reserved. Citrix, ICA (Independent Computing Architecture), MetaFrame, MetaFrame XP, NFuse, and Program Neighborhood are registered trademarks, and SpeedScreen is a trademark of Citrix Systems, Inc. in the United States and other countries. RSA Encryption 1996-1997 RSA Security Inc., All Rights Reserved. Trademark Acknowledgements Adobe, Acrobat, and PostScript are trademarks or registered trademarks of Adobe Systems Incorporated in the U.S. and/or other countries. Apple, LaserWriter, Mac, Macintosh, Mac OS, and Power Mac are registered trademarks or trademarks of Apple Computer Inc. DB2, Tivoli, and NetView are registered trademarks, and PowerPC is a trademark of International Business Machines Corp. in the U.S. and other countries. HP OpenView is a trademark of the Hewlett-Packard Company. Java, Sun, and SunOS are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. Solaris is a registered trademark of Sun Microsystems, Inc. Sun Microsystems, Inc has not tested or approved this product. Portions of this software are based in part on the work of the Independent JPEG Group. Portions of this software contain imaging code owned and copyrighted by Pegasus Imaging Corporation, Tampa, FL. All rights reserved. Macromedia and Flash are trademarks or registered trademarks of Macromedia, Inc. in the United States and/or other countries. Microsoft, MS-DOS, Windows, Windows Media, Windows Server, Windows NT, Win32, Outlook, ActiveX, Active Directory, and DirectShow are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corp. in the U.S. and other countries. Novell Directory Services, NDS, and NetWare are registered trademarks of Novell, Inc. in the United States and other countries. Novell Client is a trademark of Novell, Inc. RealOne is a trademark of RealNetworks, Inc. SpeechMike is a trademark of Koninklijke Philips Electronics N.V. Unicenter is a registered trademark of Computer Associates International, Inc. UNIX is a registered trademark of The Open Group. All other trademarks and registered trademarks are the property of their owners. Document Code: May 24, 2004 3:13 pm (GG)
Contents
Contents
Chapter 1 Introduction
Document Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Getting More Information and Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Contents
Chapter 9
Troubleshooting
Troubleshooting the IMA Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 Troubleshooting Novell Directory Services Integration . . . . . . . . . . . . . . . . . . . . 216 SQL Database Replication Troubleshooting Tips. . . . . . . . . . . . . . . . . . . . . . . . . 219 Resource Manager Troubleshooting Q&A . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Trusts and User Group Access Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Other Troubleshooting Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224 Collecting Information for Citrix Technical Support . . . . . . . . . . . . . . . . . . . . . . 227
Chapter 10
Chapter 11
Chapter 12
Appendix A
Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 DSVIEW. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 MSGHOOK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279 QPRINTER . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 QUERYDC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 QUERYDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 QUERYHR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 SCCONFIG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 LMNEWLOG. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 LMSWITCH. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Appendix B Appendix C
Tested Hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 IMA Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Event Log Warning and Error Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304 IMA Subsystem Tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Presentation Server Console Error Codes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 Resource Manager Billing Error Codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Appendix D
CHAPTER 1
Introduction
Advanced Concepts Guide for MetaFrame Presentation Server for Windows 3.0 this book is a collection of best practices, tips, and suggestions for effectively using MetaFrame Presentation Server. To get the most from this guide, you should be familiar with the concepts and configuration procedures in the MetaFrame Presentation Server Administrators Guide and the additional documentation for MetaFrame Presentation Server componentsall of which are available in the Document Center included on your MetaFrame Presentation Server CD (see below for details). Additional information is available from the MetaFrame Presentation Server readme file. See the MetaFrame Presentation Server Client readme files for known issues and work arounds. For further information or to get white papers about some of the topics discussed in this document, visit the Citrix Web site at http:// www.citrix.com. Note All terminology, product references, and recommendations are subject to change without notice.
Document Conventions
MetaFrame Presentation Server documentation uses the following typographic conventions for menus, commands, keyboard keys, and items in the program interface:
Convention Boldface Italics Meaning Commands, names of interface items such as text boxes, option buttons, and user input. Placeholders for information or parameters that you provide. For example, filename in a procedure means you type the actual name of a file. Italics also are used for new terms and the titles of books. The Windows system directory, which can be WTSRV, WINNT, WINDOWS, or other name you specify when you install Windows. Text displayed in a text file. A series of items, one of which is required in command statements. For example, { yes | no } means you must type yes or no. Do not type the braces themselves. Optional items in command statements. For example, [/ping] means that you can type /ping with the command. Do not type the brackets themselves. A separator between items in braces or brackets in command statements. For example, { /hold | /release | /delete } means you type /hold or /release or /delete. You can repeat the previous item or items in command statements. For example, /route:devicename[,] means you can type additional devicenames separated by commas.
%SystemRoot%
Monospace
{ braces }
[ brackets ]
| (vertical bar)
(ellipsis)
Chapter 1 Introduction
Important To view, search, and print the PDF documentation, you need to have the Adobe Reader 5.0.5 or later with Search. You can download Adobe Reader for free from Adobe Systems Web site at http://www.adobe.com/.
10
You can access the Document Center from your product CD or install it on your servers. To install the Document Center, select the option from the MetaFrame Presentation Server Autorun screen. To start the Document Center 1. From your product CD, navigate to the \Documentation folder. or On a server on which you installed the Document Center, select Documentation from the Citrix program group on the servers Start menu. 2. Open document_center.pdf. The Document Center appears. If you prefer to access the guides without using the Document Center, you can navigate to the component PDF files using Windows Explorer. If you prefer to use printed documentation, you can also print each guide using Adobe Reader. Note The Advanced Concepts Guide is not part of the Documentation Center at this time.
Chapter 1 Introduction
11
Another source of support, Citrix Preferred Support Services, provides a range of options that allows you to customize the level and type of support for your organizations Citrix products.
Subscription Advantage
Subscription Advantage gives you an easy way to stay current with the latest server-based software functionality and information. Not only do you get automatic delivery of feature releases, software upgrades, enhancements, and maintenance releases that become available during the term of your subscription, you also get priority access to important Citrix technology information. You can find more information on the Citrix Web site at http://www.citrix.com/services/ (select Subscription Advantage). You can also contact your Citrix sales representative or a member of the Citrix Solutions Network for more information.
12
CHAPTER 2
This chapter includes recommendations for server hardware and operating system configuration and for providing adequate server capacity for user sessions. Before installing and deploying MetaFrame Presentation Server, read and consider these sections.
Hardware Configuration
Citrix recommends the following hardware configuration options to improve the performance of MetaFrame Presentation Server.
General Recommendations
Employ RAID ArraysBecause hard drives are the most common point of hardware failure in multi-processor configurations, Citrix recommends a RAID (Redundant Array of Independent Disks) setup. See the MetaFrame Presentation Server Administrators Guide for more information regarding available RAID configurations. If RAID is not an option, a fast SCSI 2, 3, or Ultra 160 drive is recommended. Faster hard disks are inherently more responsive and may eliminate or curtail disk bottlenecks. Currently 15,000 RPM hard drives are the most commonly deployed Install Multiple Disk ControllersFor quad and eight-way servers, install at least two controllers, one for operating system disk usage and the other to store applications and temporary files. Isolate the operating system as much as possible; do not install applications on the controller where the operating system is installed. Distribute hard drive access load as evenly as possible across the controllers.
Provide Adequate Disk Space for User ProfilesPartition and hard drive size depends on both the number of users connecting to computers running MetaFrame Presentation Server and the applications running on the server. Running applications such as those in the Microsoft Office suite can result in user profile directory sizes of hundreds of megabytes. Large numbers of user profiles can use gigabytes of disk space on the server. You must have enough disk space for these profiles on the server. Note Roaming profiles and permanent user data should be stored on a centralized file server, Storage Area Network (SAN), or Network-Attached Storage (NAS) that can adequately support the environment. In addition, this storage medium should be logically located near the servers so that minimal router hops are required and logon times are not unnecessarily increased.
Enable Disk-Write CachingUsers may experience performance improvements if disk-write caching is enabled on a servers RAID controller. For example, enabling disk-write caching can help mitigate problems users experience when many users log on at the same time.
Server Redundancy
When planning the hardware configuration of your server farm, consider the following precautions: At least one backup server should be available in the event of a production server failure. It is typical for some organizations to plan for as much as 25% redundancy within the production environment. Servers that enable access to MetaFrame Presentation Server, such as Web Interface, Secure Gateway, secure ticket authority and MetaFrame Secure Access Manager servers, serve as single points of failure if only one server is deployed with a given functionality. Deploy two or more servers to service each function to ensure continued access to the server farm.
15
However, with serial events, such as installing or removing a farm server, the additional processors show lower performance gains. To improve the processing time for these types of events, increase the processor speed of the data store hardware platform. Note The response time of other farm events (such as recreating the local host cache or replicating printer drivers to all farm servers) is more closely related to the size of the farm rather than to the response time of the data store.
Some objects, such as applications and servers, create multiple entries in the data store. As the number of entries in the data store grows, the time required to search and retrieve the entries also grows. As servers are added to the farm, the data store must service more requests. Consequently, plan the data store hardware platform based on the total number of servers you plan to include in the farm. For more information about choosing a database for the data store, see the MetaFrame Presentation Server Administrators Guide.
16
Task Publish an application (for example, Wordpad) Create a blank policy Configure all rules and assign policy to domain users group Create a Resource Manager application configured for one server Import a network print server/printer driver Add printer driver Add Resource Manager metric for one server (Citrix MetaFrame Presentation Server/data store bytes written/sec) Add one domain administrator as a MetaFrame administrator Configure Installation Manager properties (account, path) Add an Installation Manager package Create an Installation Manager package group Add a server folder Add an application folder Create a Load Manager load evaluator with one evaluation rule (server user load) Create an Installation Manager server group containing one server Add a server to the farm
Size of Object Record Created in Data Store (Bytes) 11338 7122 986 7467 2183 2485 1808 3164 1635 24275 4225 1188 1191 1786 1113 81891
17
General Recommendations
All partitions must be in Windows NT File System (NTFS) format. NTFS allows security configuration, better performance, fault tolerance, and also saves disk space usage because NTFS partitions have small and constant cluster sizes (the minimum size is 4KB). File Allocation Table (FAT) partitions require much larger cluster sizes because the size of the partition increases (with the minimum being 32KB). More space is wasted on FAT partitions because the file system requires an amount of physical disk space equal to the cluster size of the partition used to store a file, even if the file is smaller than the cluster size. For more information about cluster sizes of FAT and NTFS partitions, see Microsoft Knowledge Base article Q140365. If possible, install only one network protocol on the server. This practice frees up system resources and reduces network traffic. If multiple protocols are needed, set the bind order so that the most commonly used protocol is first. When working with Windows Terminal Services, increase the registry size to accommodate the additional user profile and applications settings that are stored in the registry. On a single-processor server, you need to reserve at least 40MB for the registry. Reserve at least 100MB on quad and eight-way servers. You can also increase performance by properly tuning the page file. For more information about the page file, see Microsoft Knowledge Base article Q197379.
18
Servers in a server farm use Microsoft Jet drivers extensively. The Microsoft Jet Database Engine is used by the local host cache on every server in the farm. It is also used when Resource Manager is installed. Citrix recommends installing Microsoft service packs for the Microsoft Jet Database Engine. Older versions contain memory leaks that appear as IMA Service memory leaks. Apply these service packs and patches before installing MetaFrame Presentation Server on the servers. See Microsoft Knowledge Base article 273772 for more information. Important A memory leak in the Microsoft Jet Database Engine is fixed in Windows Server 2000 Service Pack 2. To use MetaFrame XP Feature Release 3 or earlier versions on a Windows Server 2000 system on which Windows Server 2000 Service Pack 2 is not installed, you must install the hotfix described in TechNet article 273772, FIX: Memory Leak in Jet ODBC Driver with SQL NUMERIC or SQL C BINARY Data. MetaFrame Presentation Server 3.0 requires Windows Server 2000 Service Pack 4.
Note Installing a new Microsoft Data Access Components (MDAC) or Microsoft Jet Database Engine service pack may reset MaxBufferSize to its default setting. Be sure to check this setting after applying any MDAC or Jet updates.
19
The following sections present benchmark results regarding user capacity, examine the potential benefits of Hyper-Threading, and discuss how to achieve realistic sizing for the server by using Resource Manager.
Test Configuration
The benchmarking test was conducted with the following iteration structure and hardware and software configurations:
User Iteration
Step Size: five users Iterations: 36 iterations Total simulated users in this test: 180
20
Server Configuration
Dell PowerEdge 2650 Dual Intel Pentium 4 Xeon Processor: 3.06GHz with 512KB L2 Cache and 1MB L3 Cache 533MHz front side bus speed Hyper-Threading enabled 36GB HDD with Dell PERC 3/Di Raid Controller 4GB RAM 4GB page file Windows Server 2003 MetaFrame Presentation Server 3.0 Enterprise Edition Microsoft Office XP Excel XP, PowerPoint XP, and Access XP
Client Configuration
CPQ ML350 600MHz Pentium III with 256KB Cache 256MB RAM Windows Server 2000 Service Pack 4 Citrix 32-bit Program Neighborhood
Test Results
A servers degradation point was considered to have been reached when its score fell below 80. The results showed a maximum of 177 simulated users concurrently running Microsoft Office applications before this threshold was reached. In this test environment, increasing the number of concurrent users beyond this would have resulted in decreased server and, therefore, user performance.
21
Test Configuration
The test was performed on Dell PowerEdge 2650 dual processor systems with Hyper-Threading-capable Pentium 4 Xeon processors. The benchmarking test was conducted with the following iteration structure and hardware and software configurations:
User Iteration
Step Size: five users Iterations: 36 iterations Total simulated users in this test: 180
Server Configuration
Dell PowerEdge 2650 Dual Intel Pentium 4 Xeon Processor: 3.06GHz with 512KB L2 Cache and 1MB L3 Cache 533MHz front side bus speed Hyper-Threading enabled and disabled 36GB HDD with Dell PERC 3/Di Raid Controller 4GB RAM 4GB page file Windows Server 2003 MetaFrame Presentation Server 3.0 Enterprise Edition Microsoft Office XP Excel XP, PowerPoint XP, and Access XP
22
Test Results
The result of this test was that the server with Hyper-Threading-enabled had a 30% performance increase over the same server with Hyper-Threading disabled. In other words, the Hyper-Threaded server was able to support 30% more concurrent user sessions before reaching its degradation point.
% Difference NA + 30%
This graph shows the performance benefits of Hyper-Threading. The HyperThreaded server supported more user sessions before reaching its degradation point.
23
The longer you can use these tests, the better the data averages you can collect from the summary database.
CHAPTER 3
This chapter examines the communication that occurs between servers in a MetaFrame Presentation Server farm. Among the topics discussed are the roles of zones and data collectors in a farm, the bandwidth requirements of various types of server communication, implementing a farms data store, and multihoming servers in the farm.
All member servers must belong to a zone. By default, the zone name is the subnet ID on which the member server resides. The zone data collector maintains all load and session information for every server in its zone. Each data collector has a connection open to all other data collectors in the farm. This connection is used to immediately relay any changes reported by servers that are members of the zone by that zones data collector to the data collectors of all other zones. Thus all data collectors are aware of the licensing, and session information for every server in the farm. The formula for interzone connections is N * (N-1)/2, where N is the number of zones in the farm.
If a zones data collector does not receive communication from a server in the zone within the configured time interval, the zone data collector pings the server to verify that it is online. The default interval is once a minute. A data collector will also ping any other data collectors if it does not receive any data from the target server within the configured time interval. This interval is configurable by adding the following value to the registry. The interval, in milliseconds, is expressed in hexadecimal notation. HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\Runtime\ KeepAliveInterval (DWORD) Value: 0xEA60 (60,000 milliseconds default) In normal operation, data collectors are synchronized through frequent updates. Occasionally, an update sent from one data collector to another data collector can fail. Instead of repeatedly trying to contact a zone that is down or unreachable, a data collector waits a specified interval before retrying communication. The default wait interval is five minutes. That value is configurable by adding the following value to the registry. The interval, in milliseconds, is expressed in hexadecimal notation. HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\Runtime \GatewayValidationInterval (DWORD) Value: 0x493E0 (300,000 milliseconds)
27
28
29
30
The bandwidth consumed when you publish an application varies depending on the number of servers in the server farm. In general, the amount of bandwidth consumed increases 390 bytes for every additional server in the server farm. Starting a new server generates the most amount of traffic to the other data collectors. Starting a new server generates about 8.9KB worth of traffic to the data collector in a default configuration.
31
32
When you start a server, it must initialize the IMA Service and also register with the data collector for the zone in which it resides. This communication occurs in the following sequence of events: 1. The IMA Service establishes a connection to the farms data store and then downloads the information it needs to initialize. It also ensures that the data contained in its local host cache is current. 2. After the IMA Service is initialized, the member server registers with the data collector for the zone. 3. Next, the data collector relays all of the updated information written by the member servers in the zone to all other data collectors in the farm to keep them synchronized with each other. The collector-to-collector updates are a function of the amount of information that is updated by the member server. The data collectors replicate only the items that changed; they do not replicate all their tables every time an update is sent. Note In the preceding diagram, there are only two zones. The data collector replicates only the updates it receives from the member servers once to the other data collector. If, for example, there are three zones, the data collector has to replicate the same information twice. This causes higher bandwidth consumption and places a higher load on the data collectors in the farm. The amount of data read from the data store can require higher bandwidth as the farm size increases and certain actions are executed, especially when several servers are started simultaneously. Most network traffic consists of reads from the database. Citrix recommends that the data store be replicated across all high latency or low bandwidth links. A replicated data store allows all reads to occur on the network local to the server, resulting in improved farm performance. If performance across the WAN is an issue, and having a replicated database at each site is cost prohibitive, analyze the WAN links for alternative solutions. The IMA Service start time ranges from a few seconds to several minutes. When the amount of data requested from the data store by the IMA Service is greater than the size of the pipe between WAN segments, IMA waits for all of the data, resulting in a longer startup time. Note When the IMA Service takes a long time to restart, an error message appears on the Presentation Server Console stating that the IMA Service could not be started. The event log can have a message that states that the IMA Service hung on starting. These errors are benign. The IMA Service does start properly after the requests to the data store are serviced.
33
Every 30 minutes a coherency check is performed between the member servers local host cache and the data store. If neither has changed, this operation consumes approximately only 200 bytes of bandwidth. If the check determines that something changed, the member server searches the data store to determine what changed and updates the information in the local host cache. To ensure that the servers in its zone are functional, the data collector sends an IMAPing to each of the member servers in its zone if it has not received an update from the member server within the last 60 seconds. The data collector also asks the member server for its server load if it has not received a load update within the past five minutes. Finally, the data collectors query the other data collectors in the farm to ensure they are still data collectors, and to ensure they are still operational if they have not received an update in the last 60 seconds.
34
Event-Based Communication
Most traffic is a result of the generation of events, such as when a client connects, disconnects, or logs off. The member server sends updates about its load, license count, and so on to the data collector in its zone. The data collector in turn must replicate this information to all the other data collectors in the farm. The following diagram shows what occurs when a user logs on:
1. The client device requests that the data collector determine the least loaded servers in the farm. 2. The client then connects to the least loaded server returned by the data collector. 3. The member server then updates its load, licensing, and connected session information to the data collector for its zone. 4. The data collector then forwards this information to all the other data collectors in the farm.
35
1. The existing data collector for Zone 1 has an unplanned failure, such as a RAID controller failing, and causes the server to present a fatal error. If the server is shut down appropriately, it triggers the election process before going down. 2. The servers in the zone recognize the data collector has gone down and start the election process. In this example, the backup data collector is elected as the new data collector for the zone. 3. The member servers in the zone send their information to the new data collector for the zone. 4. In turn, the new data collector replicates this information to all other data collectors in the farm. Note The data collector election process is not dependent on the data store. If the data collector goes down, sessions connected to other servers in the farm are unaffected.
36
1. The administrator makes a change in the Presentation Server Console affecting all the servers in the farm. 2. The server that the console is connected to updates its local host cache and writes the change to the data store. 3. The server forwards the change to the data collector for the zone in which it resides. The data collector updates its local host cache. 4. The data collector forwards the change to all the member servers in its zone and all other data collectors in the farm. All servers update their local host caches with the change. 5. The data collectors in the other zones forward the update to all the member servers in their zones, and they subsequently update their local host caches.
37
38
Action Add Resource Manager metric to application and configure Change farm metric server Any Resource Manager report on the local server
Tip When using the Presentation Server Console to monitor a farm at a remote site, you can conserve bandwidth across the WAN by publishing the console application on a remote server and connecting to it using a client locally.
39
If two NIC and switch ports are available, these can be teamed, configured for failover, or multihomed. Of these two options, Citrix recommends that you use NIC teaming when the switch ports are located on different blades within a large Layer 3 switch (for example, Cisco 6500 series) because NIC teaming enables both failover and redundancy in addition to higher throughput.
40
Although the Layer 3 switch does represent a single point of failure in this case, most large Layer 3 switches have an extremely low failure rate. More commonly, an individual blade may fail. If a large Layer 3 switch that supports teaming across blades is not available, a failover configuration is the best option. While multihoming is a supported practice, NIC teaming is considered to be the better option in nearly all situations. Multihoming is often configured incorrectly, and security holes could be opened because access control lists configured on the router are bypassed. If it is impossible to team the NICs and switch ports of all of the servers in the farm, Citrix recommends that you apply this recommendation to the following servers at a minimum: Data store server(s) Web Interface server(s) Secure Gateway server(s) Secure Ticket Authority server(s) Secure Access Manager server(s) Zone data collector(s)
Note Citrix recommends teaming NICs using the MAC address, not the IP address because the MAC address is not subject to modification unless the burnedin address (BIA) is modified, The MAC address is a more basic and stable configuration. Follow the switch vendor's recommended practice for manually configuring teaming or aggregating of the switch ports.
41
42
Communications up to 20km (approximately 12 miles) Fibre Channel implementations can use either of the following networking technologies: Fibre Channel Arbitrated Loop (FC-AL) FC-AL networks use shared media technology similar to Fibre Distributed Data Interface (FDDI) or Token Ring. Each network node has one or more ports that allow external communication; FC-AL creates logical point-to-point connections between ports. Fibre Channel Fabric (FC-SW) Fabric networks use switched network technology similar to switched Ethernet. A fabric switch divides messages into packets containing data and a destination address, and then transmits the packets individually to the receiving node, which reassembles the message. Fabric switches can cascade, allowing a SAN to support thousands of nodes.
43
Hardware Components
Storage Area Networks typically include the following hardware components: Host I/O Bus The current I/O bus standard is Peripheral Component Interface (PCI). Older standards include Industry Standard Architecture (ISA) and Extended Industry Standard Architecture (EISA). Host Bus Adapter The host bus adapter (HBA) is the interface from the server to the host I/O bus. The HBA is similar in function to a Network Interface Card (NIC), but is more complex. HBA functions include the following: Converting signals passed between the LAN and the SANs serial SCSI Initializing the server onto a FC-AL network or providing a Fabric network logon Scanning the FC-AL or Fabric network, then attempting to initialize all connected devices in the same way that parallel SCSI scans for logical devices at system startup
Cabling Fibre Channel cables include lines for transmitting and for receiving. Because of the shape, you cannot install them incorrectly. SAN networking equipment There are many similarities between a SAN and other networks such as a LAN. The basic network components are the same: hubs, switches, bridges, and routers. Storage devices and subsystems A storage subsystem is a collection of devices that share a power distribution, packaging, or management system such as tape libraries or RAID disk drives. Tape backup SANs provide easy, on-the-fly tape backup strategies. Tape backups are much quicker and consume fewer resources, because all of the disk access occurs on the SANs fiber network, not on the LAN. This allows the data store to be backed up easily even while it is in use.
44
The basic SAN configuration shown below illustrates each clustered server with dual HBAs cabled to separate FC-AL switches. A system with this redundancy can continue running when any component in this configuration fails.
45
Redundant SAN configuration SAN architecture is very reliable and it provides redundant systems in all aspects of the configuration with multiple paths to the network. Windows 2000 Advanced Server allows two nodes to be clustered. Windows 2000 Data Center allows four clustered nodes. If there is a software or hardware failure on the owner of the cluster node, the servers in the farm lose their connection to the database. When the servers sense that the connection was dropped, the farm goes into a two-minute wait period. The servers then attempt to reconnect to the database. If servers in the farm cannot immediately reconnect to the data store, they retry indefinitely, every two minutes. The servers automatically reconnect to the database, which has the same IP address, once it fails over to the other node of the cluster.
SQL
SQL clustering does not mean that both databases are active and load balanced. With SQL clustering, the only supported clustering method allows one server to handle all the requests while the other server simply stands by waiting for the other machine to fail. Note Citrix recommends that you use Windows NT authentication for connecting to the database when installing MetaFrame Presentation Server to a clustered SQL Server.
46
Oracle
Oracle Real Application Cluster (RAC) does allow true active-active clustering. As database requests are sent using ODBC, they are load balanced among the nodes of the cluster. This configuration provides both fault tolerance and increased performance.
SAN Tuning
In addition to increased reliability, you can tune the SAN to provide better database performance. When tested by Citrix, the data store was used mainly as a repository for reading configuration information. In this configuration, the number of reads far exceeds the number of writes. For optimal data access to the data store through the SAN, you can tune the array controller on the SAN for 100% reads and 0% writes. Note Tuning the SAN for 100% reads and 0% writes still allows servers to write to the data store.
47
Note Citrix recommends that you do not configure multihomed servers running MetaFrame Presentation Server to operate as routers (TCP/IP forwarding).
48
When a server receives an address resolution request from a client, the server compares the TCP/IP address of the client to its local routing table to determine which network interface to return to the client. If the routing table is not configured correctly, the clients request cannot be filled. The figure above illustrates two multihomed servers, each with a connection to the 10.8.1.0/24 and 172.16.1.0/24 subnets. Neither server is configured to route between the two network interfaces. The process described below occurs when a client requests a response from a computer running MetaFrame Presentation Server. 1. The client with TCP/IP address 10.8.2.20 (ICA01) sends an address resolution request to the server named MFSRV01. 2. MFSRV01 has the TCP/IP address 10.8.1.3. This server also has a second NIC with TCP/IP address 172.16.1.3. 3. ICA01 is configured with MFSRV01 for its server location. ICA01 contacts MFSRV01 and requests a load-balanced application. 4. The TCP/IP address of the least loaded server hosting the requested published application must be supplied to ICA01. MFSRV01 determines that MFSRV02 is the least loaded server. 5. MFSRV02 has two TCP/IP addresses, 10.8.1.4 and 172.16.1.4.
49
6. MFSRV02 determines the source address of ICA01. The server uses its local routing table to determine what network interface should be returned to the client. In this case, the NIC configured on the 10.8.2.0/24 network is returned to the client. If there is no explicit entry for the NIC in the local routing table, the default route, configured automatically by Windows, is used. 7. MFSRV01 uses the local routing table to correctly respond with the 10.8.1.4 address when directing the client to MFSRV02. To set up a routing table on a multihomed server running MetaFrame Presentation Server, first configure a single default gateway and then add static routes.
50
Running the command line utility IPCONFIG on MFSRV01 returns the following:
Windows IP Configuration Ethernet adapter Local Area Connection #1: Connection-specific IP Address. . . . . Subnet Mask . . . . Default Gateway . . DNS . . . . . . Suffix . . . . . . . . . . . . . . . . : : 10.8.1.3 : 255.255.255.0 : 10.8.1.1
Ethernet adapter Local Area Connection #2: Connection-specific IP Address. . . . . Subnet Mask . . . . Default Gateway . . DNS . . . . . . Suffix . . . . . . . . . . . . . . . . : : 172.16.1.3 : 255.255.255.0 :
Ethernet adapter Local Area Connection #2: Connection-specific IP Address. . . . . Subnet Mask . . . . Default Gateway . . DNS . . . . . . Suffix . . . . . . . . . . . . . . . . : : 172.16.1.4 : 255.255.255.0 :
51
MFSRV01 is currently configured with a default gateway using the router at 10.8.1.1. Note that the second client, ICA02, is located on the 192.168.1.0/24 network, which is accessed through the router at 172.16.1.1. For MFSRV01 to have network connectivity and to avoid using the default gateway when responding to requests from ICA02, define a static route for the 192.168.1.0/24 network:
ROUTE -p ADD 192.168.1.0 MASK 255.255.255.0 172.16.1.1
52
Configure MFSRV02 the same way. When the static routes are set up, both the clients can ping the TCP/IP addresses of both servers and the servers can ping the clients. Each server can now correctly resolve the network interface to which either client is connecting. The TCP/IP addresses that the ICA01 client can receive are 10.8.1.3 and 10.8.1.4. The TCP/IP addresses that the ICA02 client can receive are 172.16.1.3 and 172.16.1.4
53
54
The server location settings (Custom Connection Settings/ICA Settings) can hold up to 15 server addresses; five addresses in the Primary group, five addresses in Backup1 group, and five addresses in the Backup2 group. The client resolves all addresses in the groups, even if the first address responds to the request. This resolution is done automatically by the operating system rather than by the client. If DNS round robin is not being used, Citrix recommends that all of the servers FQDN addresses are entered in the server location settings. This ensures proper communication to the farm if one of the servers becomes unavailable. By default, the Web Interface and the Program Neighborhood Agent use TCP/IP as their default ICA connection protocol. To verify that you are using the FQDN of the servers, follow the steps below: 1. Connect to http://<WI_Server>/Citrix/MetaFrame/WIAdmin. 2. Click MetaFrame Servers from the Content area. 3. Verify that the FQDNs are set for all applicable servers. If not, remove the names and add the FQDNs. 4. Click Save. 5. Click Apply Changes for the settings to take effect. These steps ensure that when using the Web Interface and the Program Neighborhood Agent the ICA file generated has the FQDN address of the server instead of a localhost resolution (if the Web Interface is installed on one of the servers) or NetBIOS name resolution. To have the Web Interface generate an ICA file that will connect to the server using the FQDN, perform the following: 1. Open the Presentation Server Console. 2. Right-click the farm and go to Properties. 3. Go to MetaFrame Settings and select the option Enable XML Service DNS address resolution. 4. Click OK to save the settings. This enables the Web Interface and Program Neighborhood Agent to generate the FQDN in the address field of the ICA file. This ensures proper resolution of the server even in dynamic environments. If the servers IP address changes and the DNS support dynamic updates, there is no need to change ICA and Web Interface configurations to support the change.
55
56
When the client attempts to connect, the DNS server returns all addresses of the farms servers. Each response from the DNS server will include the IP addresses of the farms servers. If Client1 connects to a load-balanced application, the DNS server will return the IP address for MetaFrame1 and MetaFrame2 in the first response for enum.corp.company.com. It will also return the IP address for MetaFrame3 and MetaFrame4 for the second response for enum.remote.company.com. When round robin is enabled on the DNS server, it restructures the list for each client resolution that it receives by moving the first host to the end of the list. This ensures that all the farms servers in the round robin loop alternate taking client enumeration requests. In some cases, clients will have a DNS cache enabled and they will not re-query the DNS server. By default, Windows 2000 Professional and Windows XP Professional have this feature enabled and round robin will appear to fail. To ensure that these clients always try to query the DNS server, see Microsoft Support Article Q245437 - How to Disable Client-Side DNS Caching in Windows. Important As of the 6.20.910 version of the client, if the protocol setting is TCP/ IP+HTTP and you are using DNS round robin, the connection may fail. The client will not issue a second request but it will try to connect to the published application name appending the local clients DNS suffix. The next time the user tries to launch the session; the connection will work as long as the response address is a different one. If the server farm is using Dynamic DNS (DDNS) and DHCP, the recommended best practice is to use FQDN locators in the clients. Using DNS is one of the fastest and easiest methods for ICA traffic addressing.
CHAPTER 4
Installation Checklist
Before you install MetaFrame Presentation Server, Citrix recommends that you read the Installation Checklist. The Installation Checklist can be viewed by selecting View installation checklist on the MetaFrame Presentation Server Setup window that appears after inserting your installation CD. It outlines, among other items: Downloading and installing critical updates before you install the product Meeting system requirements Installing and configuring the MetaFrame Access Suite licensing Remapping server drive letters Installing MetaFrame Presentation Server Downloading and installing critical updates after you install the product
59
Installation/Upgrade Considerations
The following points should be considered when installing or upgrading to MetaFrame Presentation Server 3.0: You can install or upgrade in silent mode using: msiexec /i MPS.msi /qn. If you are using unattended installation or command line parameters to install MetaFrame Presentation Server, a log file (Msi.log) is automatically created in the %systemroot% directory. MetaFrame Presentation Server 3.0 requires communication with a Citrix license server. The license server can be installed in the environment before or after MetaFrame Presentation Server is installed and the name of the Citrix license server can be provided either while you are installing or after installation in the Presentation Server Console. If you install MetaFrame Presentation Server 3.0 using silent or unattended install, you need to ensure that all the prerequisite components are installed. Run Autorun from the installation CD and select the option View installation checklist. Print a copy of the checklist for reference. Servers running MetaFrame Presentation Server should not provide any additional services, such as DHCP, DNS, and WINS. These services require additional server resources that reduce user performance. All available server resources must be dedicated to support MetaFrame Presentation Server and its associated applications. Secure Sockets Layer (SSL) settings are intentionally not migrated for security reasons. When upgrading to MetaFrame Presentation Server 3.0, reconfigure SSL manually. If you upgrade a server that does not have Installation Manager and Resource Manager installed, these components are not installed during the upgrade. To install these components, verify that an Enterprise edition license is available from the Citrix license server, and install these components using Add/Remove Programs in the Control Panel. When upgrading a farm that uses Microsoft Access as the data store, always upgrade the host server first or installation will fail.
Important MetaFrame Presentation Server 3.0 is a platform upgrade. After you install MetaFrame Presentation Server 3.0 you cannot downgrade to earlier versions of MetaFrame.
60
61
With this utility, you can script various different configurations of an installation depending on the application silo in which it resides. After the machine is imaged, the script executes and the Installation Manager package is deployed to the server. The MFCOM SDK also allows scripting of other configuration options through most kinds of scripting languages. Through the MFCOM SDK, new applications can be published, the data collector preference level can be set, load-evaluators applied, and so on. This allows the MetaFrame Presentation Server configuration changes to be applied rapidly as well. See the MFCOM SDK documentation for scripting usage.
Server Cloning
Server cloning can provide more rapid deployment than a scripted installation. A few steps are required for cloning servers. These steps vary depending on the type of data store used for the farm, and are described in the following sections. MetaFrame Presentation Server is compatible with server cloning, but cloning software can cause the operating system or its add-ons to function incorrectly after being cloned. When using server cloning, it is important to clone one server and test its operation before deploying the rest of the farm. Also, although Citrix supports server cloning if done by documented procedures, it is considered a best practice to use an automated installation process for building and rebuilding servers so that a clean server build is assured. Caution Do not attempt to image a server with an SSL certificate installed because SSL certificates are unique to the hardware.
62
Caution Do not attempt to use drive image software to restore an image of a server with remapped drives. Remapped drives will partially revert to the original configuration on the deployed server, rendering the server unusable. Servers with remapped drives can be duplicated using a hardware solution such as Compaq Smart Array controllers with RAID1 drive mirroring. You must complete the following tasks before re-imaging a server that is already a member of a server farm. To prepare a server in a server farm for re-imaging 1. From the Presentation Server Console, remove the list of servers configured to host any applications. 2. Remove the server from the server farm by uninstalling MetaFrame Presentation Server. 3. If the server entry still exists in the Presentation Server Console server list, right-click the server name and remove it from the server list. 4. Apply the system image and add the server to the server farm. Important If a server is not removed from a server farm before a new system image is applied to it, performance problems can result. The Presentation Server Console can display invalid data if the server is returned to the same server farm because the old servers host record in the data store is applied to the newly imaged server.
63
If cloning is not an option, you can create custom unattended installation scripts for both the operating system and applications, including MetaFrame Presentation Server. Note Removal of the WSID (workstation ID) line from the DSN file is no longer necessary when imaging and deploying MetaFrame Presentation Server.
64
To set up the server and verify that it is added 1. Set the SID of the server with your chosen SID generator. 2. Rename the new server with a unique name. 3. Start the Citrix IMA Service and set the service to start automatically. 4. Verify that the server is successfully added to the farm by executing qfarm at a command prompt. If the addition is successful, the newly imaged server will appear in the list of servers.
65
Simultaneous Installations
Citrix recommends that no more than 30 servers be simultaneously installed if you are using a high powered server for your data store, (that is, a current generation dual CPU database server or above.) For older database servers, no more than ten servers should be installed at the same time. During installation, servers must write configurations to the same indexes in the data store. The more servers installed at once, the greater the probability of creating deadlocks on the database server. Important Deadlocks occur when one server times out while waiting to write to a piece of data that is locked by another server. In this event, the IMA Service simply retries after a short interval. When you install servers to a new zone, it is best to first install a single server in the new zone. When installation of the first server in the zone is finished and the server restarts, launch the Presentation Server Console and set the server preference for the first server in the zone to Most Preferred. This avoids problems with new servers in the zone becoming the zone data collector during installation. Important When creating a new farm, the first server installed in the first zone is automatically configured with a server preference of Most Preferred. Therefore, the process of setting the server preference described above applies only when creating additional zones.
66
Note Citrix recommends that the Force reboot after install option is set in Installation Manager when scheduling the installation. Before you Begin Ensure there are no users logged on to the servers, because the upgrade installation requires a server restart. Ensure the network account being used for Installation Manager package deployment is a member of the Local Administrators group on each target server.
67
To create a transform file for upgrading to MetaFrame Presentation Server. 1. Use a transform editor to create a transform file using Mps.msi. Use the transform editor of your choice. If you use Microsoft Orca as your editor, use Version 2.0.26 or higher. 2. From within the editor, choose the Property table in Mps.msi. 3. Generate a transform file with all desired changes in property values and save it as Mpstransform.mst. Do not alter the original Mps.msi file. Note Transform templates are provided in the Support\install directory on the MetaFrame Presentation Server CD. The first server installed should use use the Point for LicenseServerChoice setting with a valid license server name provided in LicenseServerName. The other servers joining the same farm should use UseFarmSettings with no license server name required. Follow the directions above to create two transform files; one for the first server you upgrade and a second transform file for all remaining servers in the farm. To upgrade to MetaFrame Presentation Server Follow the directions below to add two Installation Manager packages to the Presentation Server Console; one for the first server you upgrade, using the transform that specifies the license server name and a second package using the second transform file created for the remaining servers in the farm. 1. Copy the contents of the MetaFrame Presentation Server CD to a file share on a network share point. 2. Copy the MST file to the folder that contains the Windows Installer package (Mps.msi). 3. Ensure there are no users logged on to the target servers. 4. Use the Presentation Server Console to connect to the server farm; in the left pane click Installation Manager. The Installation Managers network account must have administrators privileges on each target server and must have permission to access the files on the network file share. This cannot be a NetWare Account. 5. Add the Mps.msi package to the Installation Manager database. When prompted to add transforms, click OK. 6. Add the MST file to the Windows Installer package. This MST file must be located in the same directory as the MetaFrame Presentation Server Windows Installer package or the deployment will fail. 7. Deploy the Windows Installer package to the target servers.
68
8. When the deployment is complete and the servers restart, log on to the server farm from the Presentation Server Console. 9. If any server is not included in the package deployment (for example, if you are using the Management Console from a server in the server farm), upgrade that server to MetaFrame Presentation Server 3.0, either from the files on the network share or by logging on to a different server and deploying the package to the server.
To enable Windows Installer Logging 1. Run regedt32. 2. Locate the registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\ Installer 3. Right-click in any blank space on the right window and select String Value. 4. Name the string value Logging and then click OK. 5. Double-click the new Logging value and enter the string iwearucmopv as the Value Data. 6. Restart the system so the new registry value can take effect. Caution Ensure Windows Installer Logging is turned off at the end of the procedure or all Windows Installer deployments are logged. When you enable logging using this procedure, log files are stored in the directory %SystemRoot%\Temp. Open the log file and search for the line above Return Value 3 to determine why a deployment failed.
69
70
Note You can also create customized administrative share points using transform files. Refer to the MetaFrame Presentation Server Administrators Guide for further information.
71
In addition to the fault tolerance benefits, using a RAC cluster for the MetaFrame Presentation Server data store provides improved response time for the IMA Service on startup and during read-intensive operations such as updates.
Test Environment
Two Cluster Servers with the following configuration:
Compaq ProLiant 1850R Dual P3 600Mhz 1GB RAM 16GB SCSI local disk Emulex LightPulse 9000 Host Bus Adapter (HBA) connected by Fiber Optic cable directly to the EMC2 Celerra One 100Mbps Compaq NIC used for both normal and cluster communication
One EMC2 Celerra Enterprise Network Server with the following configuration:
51GB partition available to the cluster servers Arbitrated Loop SAN configuration Dedicated Fiber Adapter (FA) ports for access by the Emulex HBA cards
72
Process Overview
The following section lists the steps outlined in the ocfs_relnotes document. For a more complete explanation of the steps, refer to that document. 1. Configure a physical connection to the shared disk subsystem. 2. Configure the shared disks on Windows Server 2000. 3. Install Oracle Cluster File System (CFS). 4. Install Oracle 9iR2. 5. Patch the Oracle RAC files. 6. Reconfigure the Oracle listeners. 7. Create the database using the Database Configuration Assistant (DBCA). 8. Create a Tnsnames.ora file for the cluster configuration. 9. Install MetaFrame Presentation Server 3.0.
73
Requirements
MetaFrame Presentation Server Client Packager (Version 8.x) Microsoft Windows Installer (Version 2.0 or above)
To create a custom client package 1. Insert the MetaFrame Presentation Server Component CD in the CD-ROM drive, select MetaFrame Presentation Server Clients, and then select Create a custom Windows client installation package. -orLocate the Ica32pkg.msi file on the client CD in the ICAINST\en\ica32\ directory and from a command line, type msiexec /a <path to msi file>\ica32pkg.msi. 2. Select Next on the Welcome screen. 3. Select a Network installation point and what kind of Windows installer package you want to create and click Next. 4. Accept the Licensing Agreement and click Next. 5. Select which client or clients you want to include in the package, select the install location, and click Next.
74
6. If installing Program Neighborhood, select the Server URL for Web Interface and click Next. 7. Select the Program Folder name and click Next. 8. Select whether or not to use the machine name or let the user specify and click Next. 9. Select whether or not you want to use the local name and password and click Next. If you select Yes, a checkbox appears allowing you to use Kerberos only as the single sign-on method. 10. Select whether to upgrade or overwrite existing clients and click Next. 11. The Select User Dialog Boxes screen allows you to select the dialog boxes and options you want the user to see when installing the custom package. To make the installation silent, select Remove All and click Next. 12. Click Next for the Installation Summary screen. 13. The custom client package is created and saved in the directory specified in Step 3.
75
76
There are several benefits to the (Active-X) Web clients (Wficat.cab and Wficac.cab). For example: The user doesnt initiate the installation. The browser (Internet Explorer) initiates the installation on a need-to-download-and-install basis. The CAB file package installation is fast because it is limited in size. The CAB file is unpackaged in a temporary directory, leaving no or little footprint on the target desktop. Changes made to a desktop are none or minimal (registration of ActiveX ICA control).
77
Along with the benefits, trade-offs were made to keep the Web clients package small and efficient. Because a smaller footprint means a reduction in size of the client package, certain features from the full-fledged client represented by Program Neighborhood or Program Neighborhood Agent are not available for the two smaller sized CAB-based client packages (Wficat.cab and Wficac.cab).
Supported Features
The following features are supported by the Wficat.cab installation: Client engine Thinwire Client drive mapping Licensing Connection Center Runtime Manager Auto-client reconnection Zero Latency Font Manager Client Audio Mapping Client Printer Mapping Universal Printer Driver Client COM port mapping Netscape plug-in Protocol Driver (128-bit) Protocol driver (old compression) Smartcard support Active X control ICA Client Object SSL support Auto-client update Name Resolver (TCP/IP) Name Resolver (HTTP) INI files
78
In addition to the features above, the following new features for MetaFrame Presentation Server 3.0 are also supported: Bi-directional Audio Session Reliability Dynamic Session Resizing New logon look and feel Client engine Thinwire Client drive mapping Licensing Connection Center Runtime Manager Auto-client reconnection Client Printer Mapping Smartcard support Active X control ICA Client Object SSL support Name Resolver (TCP/IP) Name Resolver (HTTP) INI files Support DLLs TCP/IP protocol support.
In addition to the features above, the following new features for MetaFrame Presentation Server 3.0 are also supported: Session Reliability Dynamic Session Resizing New logon look and feel
79
Unsupported Features
Wficat.cab: The new MetaFrame Presentation Server 3.0 SpeedScreen Multimedia Acceleration feature is not supported. Wficac.cab: The following features are not supported: Zero Latency Font manager Client Audio Mapping Universal Printer Driver Client COM port mapping Netscape Plug-in, Protocol Driver (128-bit) Protocol Driver (old compression) Auto Client update
In addition to the features above, the following new MetaFrame Presentation Server 3.0 features are also not supported: SpeedScreen Multimedia Acceleration Bi-directional audio
Wficac.cab Considerations
Listed below are some of the known issues and considerations regarding the new Wficac.cab file, coupled with any known workarounds.
Upgrade Considerations
1. If one version of the client is already installed on the target machine, the same version CAB-based Web Client package is not downloaded and installed by the Internet Explorer browser. 2. For the same version of Web Client installed on a target machine installed by the thin CAB file, users cannot install the Web Client by the thick CAB file if there is a need to use more features. The version numbers on the CAB files remain the same and Internet Explorer will not download and install the thick CAB-based client. Workaround: Users must uninstall the thin CAB-based Web Client using Add/ Remove Programs in the Control Panel and then visit a Web page that points them to the location to download the full version of the Web Client.
80
3. If a lower version of the full Web Client is installed on the target machine and users visit a Web page that points to a higher version CAB-based Web Client, Internet Explorer always prompts users to download and install the latest Web Client, leading to multiple client installations on the target machine. Workaround: Uninstall the Web Client and then visit the Web page pointing to a higher version CAB-based Client. Note By installing a smaller CAB client, even if it is a higher version, some features are lost due to the streamlining of the client.
Limitations/Constraints of WficaC.cab
1. The CAB-based ActiveX Web Client requires permission to download an ActiveX control using Internet Explorer. The user needs the appropriate level of permissions to create subkeys under HKEY_CLASSES_ROOT registry to correctly register the ActiveX control and to register the .ica file type extension to support launching of ICA connections outside the browser. 2. Internet Explorer 5.0 or later is the only supported browser for these versions of the CAB-based client. 3. Only a limited number of client features are available in the minimal Web client.
81
Requirements
Program Neighborhood Agent (Version 7.00.13547 or later). Program Neighborhood (Version 7.00.13547 or later). Web Client (Version 8.x or later). Windows Installer Service. The Windows Installer service (Msiexec.exe) is present by default on computers running the Windows 2000 Server or Windows 2003 Server operating systems. If the client device is running Windows NT 4.0 or Windows 9x, you must install Windows Installer Version 2.0 or higher.
To deploy the Client Windows Installer package on a computer or set of computers 1. Verify that your client device does not have a client installed. 2. Join an Active Directory domain. This allows you to assign or publish a Windows Installer application for computers and users in that domain or in an organizational unit within the Active Directory domain. 3. On a machine that belongs to the Active Directory domain, launch the Microsoft Management Console (MMC) and load the Active Directory Users and Computers snap-in or go to Start > Programs > Administrative Tools > Active Directory Users and Computers. 4. For this example, create a new Organizational Unit (OU) called MSI test and a new user called MSIuser. Go to the Computers group and find the machine you added to the Active Directory domain. Right-click the machine and select Move. Select the MSI Test folder and click OK. Follow the same steps to add the new user from the Users group to the new OU folder. Note The above step is necessary to test a contained number of users and computers. In the next step we will edit the Group Policy of that container to ensure that any changes made to the Group Policy will not affect the rest of the Active Directory domain. 5. Right-click the MSI test OU and go to Properties. From the Group Policy tab, create a new Group Policy Objects Link called MetaFrame Presentation Server Client Install. 6. Select the MetaFrame Presentation Server Client Install policy and click Edit. Under Computer Configuration > Software Settings > Software Installation, right-click Software Installation, and select New > Package.
82
7. Browse to a network share containing the Ica32pkg.msi file, select the Windows Installer package, and set the deployment method to Assigned. This step ensures that all environment settings are present for the Automated Install for the client. Click OK. Software Installation displays a software package assignment for deployment. 8. Restart the client device. As the client restarts, Active Directory Group Policy automatically installs the client on the computer. In the Windows Startup dialog box, a message appears telling you that the client is being installed by Remote Managed Applications. This message appears before the logon dialog box appears. 9. Log on to the client device and verify that the client is installed. Important For Windows XP Professional operating systems, the machine has to be restarted twice before the Active Directory Group Policy automatically installs the client on the computer. However, if the Active Directory is a Windows Server 2003 Active Directory, you can avoid the second restart after creating the policy by going to a command line on the client device and typing gpupdate /force. This command prompts you to restart, but it is necessary to restart the Windows XP Professional operating system only once. To uninstall the Client Windows Installer package from a computer or set of computers using Active Directory 1. On a machine that belongs to the Active Directory domain, launch the MMC and load the Active Directory Users and Computers snap-in or go to Start > Programs > Administrative Tools > Active Directory Users and Computers. 2. Right-click the MSI Test OU folder and select Properties. From the Group Policy tab, Edit the MetaFrame Presentation Server Client Install policy. Under Computer Configuration > Software Settings > Software Installation, rightclick the MetaFrame Presentation Server Client Package and select All Tasks > Remove. Ensure that Immediately Uninstall is checked, then click OK. 3. Restart the client device. As the system restarts, the Active Directory Group Policy automatically uninstalls the client from the computer. On the Windows Startup dialog status box, a message appears telling you that the client is being removed by Remote Managed Applications. This message appears before the logon dialog box appears. 4. Log on to the client device and verify that the client is completely removed from the client device.
83
To publish the Client Windows Installer package to a user or group of users in an Active Directory domain 1. On a machine that belongs to the Active Directory domain, launch the MMC and load the Active Directory Users and Computers snap-in or go to Start > Programs > Administrative Tools > Active Directory Users and Computers. 2. If you did not create a new test OU for previous client installations, create a new OU called MSI test and a new user called MSIuser. 3. In the Users folder, right-click MSIuser and select Move. Select the MSI Test OU folder and click OK. 4. Right-click the MSI Test OU and select Properties. Go to the Group Policy tab, highlight the MetaFrame Presentation Server Client Install policy, and click Edit. If you do not already have a MetaFrame Presentation Server Client Install policy from a previous example, create a new Group Policy Objects Link named MetaFrame Presentation Server Client Install. 5. Under User Configuration > Software Settings, right-click Software Installation and select New > Package. Browse to a network share containing the Ica32pkg.msi file, select the Windows Installer package, and set the deployment method to Published. Click OK. Software Installation displays a software package assignment for deployment. 6. Close all management windows and restart the client. 7. Log on to the client device as MSIuser. 8. Go to Add/Remove Programs and click Add New Programs. Verify that the client is included in the list and is ready to be added. Click Add and verify that the client is successfully installed. Note When using the Published method to make the client Windows Installer package available to users for installation, you can also initiate installation of the client by opening a file with the .ica extension.
Additional Notes
The client Windows Installer package can also be made available to users using the Assigned deployment method. If you assign a package to users, only the class IDs, extensions, and shortcuts are installed. When the user double-clicks a file with an .ica extension or double-clicks the shortcut, the client is fully installed for that user. If you answer Yes to the option Would you like to enable and automatically use your local user name and password for MetaFrame sessions from this client?, at least one restart is required following the installation of the client.
84
Troubleshooting
Publishing the Program Neighborhood Agent, Program Neighborhood, and the Web Client Windows Installer Packages to users is not supported on Windows Server 2000 or on Windows Server 2003. The only available method of using Active Directory to deploy clients to Windows Server 2000 or to Windows Server 2003 is to assign the package to a computer or to a group of computers.
85
IPaq Configuration
Configure the following settings in the client for better performance with WAN connections: Disable sound Enable Enable Palette Device Limit session color depth to 256 colors Set the encryption level to Basic If possible, avoid accessing the client drives in the session
To run the Presentation Server Console in a client session, set the ICA settings as follows: Window Size: Absolute (in pixels). When you set the Allow Intermediate Zoom Factor, the client can dynamically zoom the session window. Window Color: 256. Data Compression: On.
The version of Internet Explorer that comes installed on the iPaq supports the Web Console if it is installed on the computer running MetaFrame Presentation Server. Some manual adjustment of the screen is necessary; however, the Web Console will be fully functional. To access the Citrix Web Console, enter the URL of the server where the Web Console is installed; for instance http://webserver/citrix/ webconsole/default.asp.
CHAPTER 5
This chapter includes recommendations and best practices for managing MetaFrame Presentation Server.
To skip installation of the Presentation Server Console Use the following command to skip the installation of the Presentation Server Console during the MetaFrame Presentation Server installation:
msiexec /i mps.msi CTX_ADDLOCAL=all REINSTALL=CTX_MF_CMC
Note CTX_MF_CMC must be in upper case. To install the MetaFrame Access Suite Console on standalone servers 1. Run Autorun from the MetaFrame Presentation Server CD. 2. Select Product Installations. 3. Select Install management consoles. 4. Accept the license agreement and follow the remaining dialog boxes to finish the installation of the Access Suite Console. To install the Web Console on standalone servers 1. The following software must be installed and requirements met prior to installing the Web Console as a standalone application on a server: Internet Information Services 5.0 The MetaFrame Presentation Server 3.0 MFCOM SDK
2. Download Mpssdk.exe from the Citrix Web site to install MFCOM SDK and follow the instructions distributed with the SDK. 3. When prompted, enter the name of the computer running MetaFrame Presentation Server on which you want to run MFCOM. 4. Download Cwc.msi from the Citrix Web site and run msiexec /i cwc.msi CWC_MFCHECK="N". 5. Follow the wizard and complete the installation. To change the computer running MetaFrame Presentation Server to which the Web Console is pointed, run the command MFREG <servername> from a command prompt or from the run command. Note On Windows Server 2003, the Active Server Page service extension is prohibited by default. After installing the Web Console, you must allow Active Server Pages to use the Web Console. Refer to the Windows Server 2003 documentation for information about Active Server Pages.
89
Performance Considerations
The console queries the data collector and the member servers for information such as running processes, connected users, and server loads. Depending on the size of the server farm, the console might affect performance in the server farm. Consider the following recommendations for managing performance issues with the console: In MetaFrame Presentation Server deployments with hundreds of servers and thousands of users, connect only one instance of the console to the farm for each zone. Connect the console to a data collector so that the console can query data directly, rather than through an intermediate server.
90
In large farms, the console can take a long time to refresh. The refresh time depends on the number of servers in the zone, the number of clients requesting connections, and the number of console instances that are requesting information. If the refresh query takes longer to complete than the specified automatic refresh interval, the data collector becomes overloaded. Make the automatic refresh interval for users and applications as long as is practical. Citrix recommends that you do not use the minimum refresh interval of 10 seconds. For best performance, disable automatic refresh and manually refresh the data as needed. When managing a farm across a congested WAN, run the console within a client session to a remote server rather than running it locally. Running the console from within a session reduces the amount of bandwidth consumed across the WAN and provides better performance from the console.
Load Management
When you are selecting servers to configure for load management or attaching load evaluators in large farms, the console can take several minutes to populate the lists of available servers and selected servers. During this delay, the console does not always indicate that it is still retrieving information.
91
Delegated Administration
To allow a MetaFrame administrator to shadow using the console, enable the following permissions at a minimum: MetaFrame Administrators. Log on to the console Servers. View Server Information Sessions. View Session Management
Recommendations
The following section provides some tips while using the Presentation Server Extension and MetaFrame Access Suite Console. The MetaFrame Access Suite Console uses pass-through authentication. Ensure that you are logged on to the client machine (where the console is installed) as a MetaFrame administrator for the farm. To avoid issues with credentials, it is advisable to ensure that the console machine belongs to the same domain as the farm member machines. While running discovery, only one server name is required for the farm. After the discovery is run for a certain farm, the discovered objects can be saved by saving the .msc (Microsoft Management Console) file. When the .Msc file is launched again, it will know about the discovered objects. When launching the MetaFrame Access Suite Console from the ICA tool bar or from the Start menu, the choice to save the msc file is not available because the console is saved automatically every time you close it.
92
Different Web-based tools, such as the Web Interface Console and Program Neighborhood Agent Console can be launched from the MetaFrame Access Suite Console. To launch each tool using a separate Internet Explorer window, change the following parameter in Internet Explorer. 1. Choose Tools > Internet Options > Advanced. 2. Under the Browsing section, clear Reuse windows for launching shortcuts.
Published applications are not automatically updated for the Applications node in the Presentation Server Extension. The discovery process needs to be run again for the update to take effect. If the MetaFrame Presentation Server Client is not installed on the machine, the option to shadow will not be available. Use My Views to save your preferences to save you time in the future. The MetaFrame Access Suite Console communicates with the server farm using the MetaFrame COM server service. When troubleshooting, ensure that this service is running on the server. When upgrading from MetaFrame XP Feature Release 1 to MetaFrame Presentation Server 3.0, the MetaFrame COM server service fails to start. To work around this issue, un-register and then re-register the MFCOM service. From the command line, execute the following: mfcom /unregserver mfcom /regserver
93
Each successful report and a copy of the specification used to generate it is stored locally on the machine running the Access Suite Console. For reports that you plan to run regularly, you can also generate named specifications recording report formats, farm information, data source details, required time period, and other report parameters. These can then be run manually or scheduled to run when required. If you want to generate reports from a MetaFrame Access Suite Console on a different machine, neither previous reports and their associated specifications, nor any named specification will be available from the new console. However, you can copy the necessary files to the machine running the new console and use them from there, as long as the second machine has access to the same farm and Resource Manager summary database as the first one.
Generated reports (and their associated unique specifications) are stored in:
%APPDATA%\Citrix\ReportCenter\DataSets
with each set of related files in a folder with a unique system-generated name (like 4C7F885E0EF72F30). Note Each report folder's set of files includes a Results.xml file containing the raw data used to generate the necessary HTML reports, graphs, and CSV files when the user requests them. Because the HTML and CSV folders and their contents are generated only when required, they may not be present when you examine the folders within DataSets. This is by design and both types of reports can always be generated when required. To move previously created specifications and reports to the new console, copy all the relevant folders to their corresponding position on the new machine. After discovery is run and the Specifications and Jobs displays refreshed, all the transferred items are listed as before.
Known Issue
In the Jobs display, the Elapsed Time values for the copied reports is incorrect. (This is due to the way Report Center calculates elapsed time. It uses the creation time of the files and this changed when they were copied to the new machine.)
94
2. Use chglogon /disable to prevent users from logging on to the server. 3. Remove the server to be renamed from any published applications assigned to that server. 4. Stop the Citrix IMA Service. 5. Change the name of the server. 6. Restart the server. 7. Log on to the console using the local administrator account. 8. Expand the Servers folder. 9. Remove the old server name from the consoles list of servers. 10. Add the new server name to the list of configured servers for published applications..
95
Executing chfarm does the following on the host server: Attempts to remove the server from the farm. Stops the Citrix IMA Service. Configures the data store. Restarts the IMA Service.
Note For more information about using chfarm with MSDE databases, see the MetaFrame Presentation Server Administrators Guide.
96
97
98
Installation Manager deploys applications to servers simultaneously, but does not use multicasting. Each target server reads the data from the location where the installation package is stored. Large installation packages (for example, Microsoft Office XP) copy more than 200 megabytes of data from the package server to the target server. The amount of data transferred across the network is:
D = I x N
Where: D = the amount of data I = the size of the installation N = the number of target servers Smaller group sizes are needed when installing applications that require a server to restart. Installations occur simultaneously and all of the servers will restart at nearly the same time. Because of this, a transient load is placed on the data store. The capacity of the data store server and the internetworking infrastructure greatly affect the performance of the network when you are deploying applications and restarting servers. The table above contains suggestions based on a 100Mbps switched Ethernet infrastructure. Cluster groups logically. Deployment is more efficient if several logical groups are created that match the schema of the overall enterprise. One group might contain servers that host standard business applications, another group can host engineering applications, and so on.
99
Network Setup
The network setup recommendations for MetaFrame Presentation Server also apply to Installation Manager. The more efficient and capable the network, the quicker and easier applications are to install. The use of switches, high-speed backbones, and high-speed disk drives greatly enhance the ability of Installation Manager to install applications to large server farms efficiently.
Package Server
The following package server recommendations help ensure a clean package file: Keep the package server as similar in configuration (both hardware and software) as possible to the target server. Make the package server as clean as possible. Roll back previously installed applications before recording. For additional information, see the Installation Manager Administrators Guide. Do not run other applications while an image is recording. Stop any unnecessary background processes before recording an installation using Packager, including the IMA Service, especially if a manual install needs to be performed. Background processes and file changes may be recorded by Packager and could overwrite important files such as the local access database files used by the IMA Service. Do not package applications through an ICA session.
Deployment Server
The deployment server is the server where the package and installation files reside. All target servers communicate with this server to get the files and information required to install the application. The following recommendations offer helpful information about deploying packages: Put the deployment server on a server grade machine. Each target server requests the same file set from the deployment server. The load on the deployment server can be high. The deployment server must be capable of handling the combined load of the servers in a deployment group connecting and requesting information simultaneously.
100
Put the deployment server on a 100Mbps switched Ethernet port. Running the deployment server in a shared collision domain increases latency. Connections can be refused due to time-out or server overload. This problem increases on a busy network and when many servers are targeted for a single installation.
101
User-Specified Reboot
The behavior of the server when it is restarted when deploying packages is affected by three options: Do not reboot servers if any user sessions are open. If you set this option before deploying packages, the target server will not restart if a user connection to the target server is detected even though the package deployment requires a restart. To finish the deployment, the target server must be restarted manually after the user logs off. This can be overwritten if you set the Force reboot after job option (see below) during the scheduling of the installation of a package. Delay reboot until the end of job. If you deploy a package group and one or more of the applications requires a restart at the end of the deployment, you can set the Delay reboot until the end of Job option when you schedule the installation. This postpones the restart until the end of the entire package group deployment. Force reboot after job. If you set this option, the server restarts after the package is deployed. Any active user sessions receive a message from the server asking them to log off. The messages are sent at five minute intervals for 15 minutes, and then the server restarts. Any active sessions are terminated.
102
103
104
Alerts
Resource Manager can send alerts to users or groups of users. The following list offers tips for using alerts: If your email service does not send alerts, confirm that you can access the mail server using the configured account, and verify that the mail client being used (for example, Microsoft Outlook) is the default mail client for the server. To enable Resource Manager to send Simple Network Management Protocol (SNMP) traps for application alerts, SNMP must be set up on the primary and backup Farm Metric Servers.
Summary Database
The summary database is used for storing historical data from servers in the farm. You can produce reports, such as billing, based on the stored data. The reports can use several criteria, such as CPU usage or application usage. Consider the following when using the summary database: Each farm that requires the summary database must have a database connection server, that writes the metric information from other farm servers to the summary database. The connection between the database connection server and the database where the metric information is stored is defined by a system Data Source Name (DSN) called RMSummaryDatabase. Data is stored on each server in summary files. Summary files are updated whenever a session or process terminates, whenever an event occurs, and once an hour for metrics. Each Resource Manager server in the farm caches its own summary data locally for 24 hours and then transmits it to the database connection server at a configurable time of day, preferably at off-peak hours. Reports on data in the summary database can be generated by the Presentation Server Console in a manner similar to those available for the local database for each server.
Tip Report templates for use with Crystal Reports software are available from the Citrix Web site at http://www.citrix.com.
Tip By default, metrics are stored in the summary database. You can change this on the Threshold Configuration screen. You can also specify the time of day or week that metrics are recorded in the summary database on a per server basis.
105
Data Purging
You can control how long data is stored in the summary database by purging the database after a set period. You can also turn off purging, in which case all data is kept for an indefinite period. Note Active sessions and the processes associated with them are not purged from the database whether they are or are not billed.
Note Processes are purged only if their parent session record is purged (that is, to maintain data integrity, it is not desirable to purge only process records).
Summary Files
Summary files are written only when the summary database is enabled in the farm. Each file is given a random name when it is created. At creation time, a header is written to the file and this header contains the following fields: Schema Version, Servers Name, Servers Domain, and Farm Name. Additional records are written to the file based on these events: When a process terminates, a process record is written to the file Every 60 minutes a metric record is written for each metric configured to store summary data When a session is started, a session record is written When a session ends, a session record is written When an event is generated, an event record is written
Note Only Server Up and Server Down events are stored. The server down event is generated by the Farm Metric Server if a server cannot be contacted. The server up event is generated by the server when the IMA Service is restarted.
Note Summary files can be copied manually to the database connection server or other servers before the daily update starts. The header information in the summary file ensures the records are associated with the correct server.
106
107
Upload time is compared to the server time; the servers time zone is used to determine if uploads should begin. Example: A server farm has the majority of the machines in the East Coast of the USA and a smaller zone in the UK with the upload time set to 1 AM. The servers in the USA begin to upload files at 1 AM EST, while machines in the UK start their uploads at 1 AM UK time, which is 8 PM EST. A duplicate upload request message in the database connection server log is an indicator of problems in the system but is not an error. The duplicate request will not cause any invalid or duplicate data in the summary database and should be treated as an informational message. An example that could result in a duplicate upload request would be a manual upload requested when an upload is already under way, either a timed update or a previously requested manual request; uploads taking more than 24 hours to complete, resulting in the next daily upload beginning before the previous one has completed.
SDB_Heuristics Table
With large amounts of data in a summary database (for example, of the gigabyte order), the console may be unable to display very large reports. The sdb_heuristics table in the summary database is used by Resource Manager to ensure that any summary report to be generated can be displayed within the console. By default, the table contains the following entries and values:
PK_HEURISTIC BILL_HTML_MAX (characters) MAXIMUM_PRACTICAL_HTML_BYTES (bytes) PROCESSES_PER_SESSION SESSIONS_PER_USER_PER_DAY USERSUM_HTML_BYTES_PER_PROCESS HEURVALUE 72500 1048576 10 5 128
When the administrator specifies various report options in the summary report generation dialog boxes, Resource Manager performs calculations based upon these options, and the entries in the SDB_HEURISTICS table, to estimate the size of the report.
108
If the estimated value is greater than MAXIMUM_PRACTICAL_HTML_BYTES (in the case of Process, User, and Server Summary reports) and BILL_HTML_MAX (in the case of Billing reports), a warning message appears, stating that the report may be too large to be displayed within the console. You can cancel the report generation or continue. If you continue and the report cannot be displayed, an error message appears. You can save the report directly to disk and view the report using another application capable of viewing HTML files (for example, Internet Explorer). The values in the table can be modified to reflect the farm usage and control the size of the reports. Note The number of report windows open determines whether or not the console can display further reports. Each time a report is returned to the console, a calculation is performed that subtracts the size of the report (in bytes for Summary reports and characters for Billing reports) from the respective maximum values in the table producing an available size figure for subsequent reports. Accordingly, you are more likely to receive a warning that a report cannot be displayed if multiple reports are open. After a report is closed, its size is returned to the available size figure for future reports.
Note If the summary database is not available, all reports (Current Process, Current User, and Server Snapshot) will make use of a hard-coded default value of 1048576 bytes (= 524288 characters).
109
The following are known issues and recommendations for the SNMP Agent:
110
Microsoft has released security bulletins for SNMP security risks. Apply the following bulletins to all MetaFrame servers and instances of the Presentation Server Console: MS00-095: Windows NT 4.0 MS00-096: Windows Server 2000 MS02-006: Windows NT 4.0 Terminal Services Edition, Windows Server 2000, and Windows XP
Tip Enable or disable the SNMP Agent when farm activity is low. For Windows Server 2003, the SNMP service will by default accept only SNMP messages from local host. Windows Server 2000 and previous operating systems allowed any SNMP messages from any host from the start. Action: Add more servers to the list of allowed hosts (recommended) or allow messages from any host (not secure). Older versions of Network Manager had the ability to shut down or restart a MetaFrame server. To comply with Microsoft SNMP security, these options were removed in newer versions of the plug-ins. Any attempt to restart a MetaFrame server with an older version of a Network Manager plug-in will be denied.
111
SubclassesMany of the classes are linked to subclasses; for example, the Citrix_Server class has MetaFrame_Server as a subclass. EventsFourteen MetaFrame events relate to sessions, folders, applications, and servers. One Citrix event relates to zone elections. AssociatorsMany classes have associations between them. You might use these when looking for a particular piece of data that is associated with the current class instance you retrieved. For example, if you are viewing information for a MetaFrame server, you may want to know what licenses were explicitly assigned to that server. You can use the Citrix_LicensesAssignedToServer associator to find this information.
112
MethodsThe WMI Provider provides three methods to manage sessions, along with methods to clear the Zone Election and disconnected session happening data. Every time there is a zone election in the farm, WMI stores details about the zone election in a file. Every time a user disconnects from the server, WMI records when the disconnection took place. Over a period of time this file can become quite large or contain outdated information. The WMI provider can remove all the zone election/disconnection data, or just data recorded before a certain date.
Permissions
It is important to note that you generally need administrator privileges to access WMI information, both as a machine administrator and as a Citrix administrator. The WMI Provider does respect the restricted administrator privileges that can be set in the console. View-only administrators cannot log off or disconnect sessions using the WMI Provider even if they are local server administrators. Because scripts will generally be running with administrator privileges, it may not be possible to stop scripts from taking undesired actions, so scripts that disconnect, send messages, or log off sessions need to be well tested before running them in a production environment.
113
Script Methods
Manging SessionsLogoff, Disconnect, and SendMessage
The three methods available for session management are Disconnect, Logoff, and Sendmessage. These operate the same way that the Presentation Server Console manages ICA sessions. Note that Metaframe_Session returns all the current sessions, including the console and listener sessions, so even if there are no active sessions on a server, five sessions are listed. When using MetaFrame_Session, check that the correct number of sessions for real sessions exists by checking the SessionState and SessionName properties. The value returned by SessionState is numeric; this can be mapped using the MetaFrame.MOF file. Open the MetaFrame.MOF file and look for MetaFrame_Session to find an entry: [Values {.... This contains textual translations of the numeric data. In this case the list is zero-based, translating to:
0 1 2 3 4 5 6 7 8 9 User logged on Connected to client Connecting to client Shadowing other session Logged on but no client Waiting for connection Listening for connection Reset in progress Down due to error Initializing
Note that a Session State of 1 indicates that a client is waiting for a logon.
114
To keep data for a specific amount of time, for example analyzing disconnect data over the last seven days, use the PurgeHappeningsBefore method. In Visual Basic 6, use the format$ function to convert to UTC, but in VBS, chop up the string and provide it in the yyyymmddHHMMSS format with the .000000000 piece appended to the end.
115
Performing Tasks
Converting Numeric Data to MOF Strings
To display the MOF string equivalent of data from the Provider, use the Qualifiers_(Values) property to convert this data, where there is an appropriate string in the MOF file:
strState = MFSession.Properties_("SessionState").Qualifiers_ ("Values").Value(MFSession.SessionState)
To list all sessions on the server with the MOF string value rather than the numeric one:
option explicit Dim NameSpaceLocator Dim Service Dim strSession Dim objMFSessions Dim MFSessions Dim MFSession Dim serverName Dim strSessionID Dim strSessionList Dim strState Set NameSpaceLocator = CreateObject("WbemScripting. SWbemLocator") serverName=inputBox ("Please enter a server in the farm you want to list Sessions") if serverName ="" then wscript.quit end if Set service = NameSpaceLocator.ConnectServer("server01", "root\Citrix") service.Security_.ImpersonationLevel = 3 ' use the current Windows NT credentials Set objMFSessions=Service.get("MetaFrame_Session") set MFSessions=objMFSessions.instances_ For each MFSession in MFSessions
116
117
Set ClassKey = service.Get("Citrix_Server") AKey="Metaframe_ApplicationsRunningOnServer" Dim AppCount Set Citrix_Servers = ClassKey.Instances_ for each Server in Citrix_Servers strAssociator="MetaFrame_Server.ServerName=" & chr(34) & server.ServerName & chr(34) set AppAssociators=service.AssociatorsOf (strAssociator,Akey) strResult=Server.Properties_("ServerName") & vbCRLF on error resume next ' following line can fail if no associators appcount=AppAssociators.count if appcount>0 then for Each MetaFrameApp in AppAssociators strResult=strResult & MetaFrameApp. Properties_("BrowserName") & vbCRLF next wscript.echo strResult else Wscript.echo "No applications running on " & strResult end if next
To obtain a list of applications on a server, start with the MetaFrame_Server class, then use the MetaFrame_ApplicationsRunningOnServer associators, then the MetaFrame_Application class. Note The on error resume next following line can fail if no associators line is relevant if a server has no applications published (WMI will return an error message that you can ignore).
118
119
set PropertySet=objSvc.properties_ for each PropertyInstance in PropertySet strResult = strResult & PropertyInstance.Name & " = " & PropertyInstance.Value & vbCRLF Set QualifierSet = propertyInstance.Qualifiers_ EventType = EventType & QualifierSet.Item("values").Value(propertyInstance.Value) Next Wscript.echo "Event took place" & vbCRLF & strResult & vbCRLF & EventType End sub
120
Sample Scripts
List All Servers in a Farm
The following script lists all servers in a farm. The script prompts for a server name and then retrieves the details from the Citrix_Server class for that server and all the other servers in the same farm. It is not necessary for the specified server to be a data collector. If possible, run the script against a server that is the only server in the farm and then a server that is part of a group of servers in the farm. The script performs four tasks: Establishes a connection to the Citrix WMI Namespace on the server, using the current Windows NT credentials Obtains a list of all instances of data for the Citrix_Server class For each Citrix server, lists all the property names and the values for the Citrix_Server class Displays the result in a message box
The following line needs administrator permissions, so run the script as an administrator:
Set NameSpaceLocator = CreateObject("WbemScripting. SWbemLocator") serverName=inputBox ("Please enter a server in the farm you want to check") if serverName<>"" then ' Connect to the Citrix specific namespace in WMI Set service = NameSpaceLocator.ConnectServer(serverName, "root\Citrix") service.Security_.ImpersonationLevel = 3 ' use the current Windows NT credentials Dim Dim Dim Dim Citrix_Servers ' the list of Citrix servers in the farm server ' a single Citrix server ClassKey ' A pointer to the Citrix_Server class to use strResult ' a string for the message box
121
Set ClassKey = service.Get("Citrix_Server") ' now get a list of all the data (instances) in this class Set Citrix_Servers = ClassKey.Instances_ strResult="Farm has " & ClassKey.instances_.count & " servers in it." & vbCRLF ' Use enumeration to get a list of all the servers in this class ' and all the properties in the Citrix_Server class For Each server In Citrix_Servers set ClassPropertySet = server.Properties_ for each ClassProperty in ClassPropertySet strResult=strResult & ClassProperty.Name & " = " & classProperty.Value & chr(9) next strResult = strResult & vbCRLF Next wscript.echo strResult End if
Note There is no error handling in this script. It assumes that the right server name was provided and that WMI Provider is installed on the server. If there is more than one server in the farm, the server used to connect will have more properties than the other servers, such as NumberOfActiveSessions because the Citrix_Server Class has MetaFrame_Server as a subclass. Here is an example of explicitly specifying a particular property:
For Each server in Citrix_Servers StrResult =StrResult &server.Properties_ ("ServerName")& " " & server.Properties_("IPAddress") Next
122
Note To log off all sessions, you may need to run the script more than once, because a user may log on while the script is running. By combining this script with the server list script, you can log off all sessions on all servers in the farm.
123
124
in the General Declarations section of a form in the application, and put the code for the event subscription and sink as procedures on the form:
Public Function MFEvents() As ErrObject On Error GoTo ErrorHandler Dim Services As swbemservices Dim strComputerName as string StrComputerName =server01 Dim NameSpaceLocator As SWbemLocator Set NameSpaceLocator = CreateObject("WbemScripting.SWbemLocator") Set Services = NameSpaceLocator.ConnectServer(strComputerName, "root\Citrix") Dim strQuery As String Dim cntxt As SWbemNamedValueSet
125
strQuery = "SELECT * FROM MetaFrameEvent" Set cntxt = New SWbemNamedValueSet cntxt.Add "sinkname", "ExecNoteAsync" Services.Security_.Privileges.Add (wbemPrivilegeSecurity) Services.ExecNotificationQueryAsync sink, strQuery, , , , cntxt ErrorHandler: If Err <> 0 Then Set MFEvents = Err Err.Clear End If End Function Private Sub sink_OnObjectReady(ByVal objWbemObject as WbemScripting.ISWbemObject,ByVal objWbemAsyncContext as WbemScripting.ISWbemNamedValueSet) ' Process the events here Dim cntxt_item As WbemScripting.SWbemNamedValue Dim PropertySet As SWbemPropertySet Dim propertyInstance As SWbemProperty Dim QualifierSet As SWbemQualifierSet Dim EventType As String If objWbemObject.Properties_.Count <> 0 Then Set PropertySet = objWbemObject.Properties_ EventType = Time$ & Chr$(9) For Each propertyInstance In PropertySet If propertyInstance.Name = "EventType" Then Set QualifierSet = propertyInstance.Qualifiers_ EventType = EventType & "Type:" & Chr$(9) Select Case objWbemObject.Properties_ ("EventType").Origin Case "MetaFrameEvent" EventType = EventType & QualifierSet.Item("values").Value(propertyInstance.Value) End Select EventType = EventType & Chr$(9) Else eventType = eventType & propertyInstance.Name & " : " & propertyInstance.Value & Chr$(9) End If Next End If MsgBox EventType End sub
126
127
You can change the title and message of the dialog box using the following code:
StrOleBusyTitle=Waiting On Remote Server StrOleBusyText=No response from Remote server yet. App.OleServerBusyMsgTitle=strOleBusyTitle App.OlseRequestPendingMsgTitle= strOleBusyTitle App.OleServerBusyMsgText=strOleBusyText App.OleRequestPendingMsgText=strOleBusyText
In Visual Basic.NET there is an option to set a time-out for how long the application will wait for a response.
NULL Data
If you are coding in Visual Basic 6, extra steps must be taken to check that data returned from the Provider is not null (as opposed to being 0 or ) before attempting to perform operations on the data. The following is an example of bad code:
if licenseObject.Properties_("GraceDays").Value <5 then ' ... take some action to warn license is going to expire end if
This raises an error for activated licenses, which returns null for grace days. Either set an error handler before this, or perform the following:
If not ( IsNull ( licenseObject.Properties_("GraceDays") .Value)) then ' Now safe to test the value if licencseObject.Properties_("GraceDays").Value <5 then ' ... take some action to warn license is going to expire End if End if
128
Visual Basic.NET
Visual Basic.NET has the System.Management class for WMI. The objects are declared differently from Visual Basic 6. The following code segment lists all the servers in a farm:
Imports system.management Dim strServerName as string StrServerName="server01" Dim CitrixServerClass As New ManagementClass("Citrix_ Server") CitrixServerClass.Scope = New ManagementScope("\\" & strServerName & " Dim Citrix_Servers As ManagementObjectCollection = CitrixServerClass.GetInstances() Dim Citrix_Server As ManagementObject For Each Citrix_Server In Citrix_Servers Console.WriteLine("Server = " & Citrix_Server("ServerName").ToString()) Next
CHAPTER 6
This chapter includes information about deploying, publishing, and configuring the applications in your server farm. Important All new applications should be tested prior to deployment. Even commonly deployed applications can impact MetaFrame Presentation Server.
Use the Add List of Names button instead of scrolling to locate a user when the users container holds thousands of objects. In environments with hundreds or thousands of published applications, adding a new server to the farm can be difficult. To add multiple applications to a server, launch the Presentation Server Console and select the existing published applications you want to publish to the new server. Dragging the selected applications to the server in the left-hand side of the console adds all of the selected applications to the server. Ensure that the new server has access to the user accounts for which the applications are published. If the machine does not have permissions for the existing user accounts, the accounts are reset and replaced with the built-in user accounts.
Content Redirection
This section includes information about using the content redirection feature. With content redirection, you determine which applicationsremote or local users launch and in which situations. For information about how to configure and use content redirection, see the MetaFrame Presentation Server Administrators Guide. The following points are known issues for server to client content redirection. Content redirection from server to client is unidirectional. This means that if, for example, a user clicks a URL in a mail program running in a remote session, the link is launched in a browser installed on the MetaFrame Presentation Server Client device. However, if the user attempts to use the mail to function inside the locally running browser, that mail link is not redirected back to the remote mail application. The default mail program on the client device opens. For server to client content redirection to function, the server must access the SHELL/open/command values for application types. Microsoft Word for Windows (Winword.exe) does not redirect HTTP or HTTPS type hyperlinks to the Web browser on the client device. For example, if a user clicks a hyperlink encountered in a Word document running in the remote Word application, the Web browser on the MetaFrame Presentation Server opens, not the locally installed Web browser. The Microsoft Office suite does not directly access the Shell values and redirects these types of links directly to the application itself. MMS and PNM URL links do work from within Word. Neither the Notepad text editor (Notepad.exe) nor the Write text editor (Write.exe) support URL hyperlinks.
(on master page) Header Chapter 6 Deploying, Publishing, and Configuring Applications
131
The Textpad text editor (Version 4.5.0, 32-bit edition from Helios Software Solutions) redirects both the HTTP and HTTPS types of URL hyperlinks. This application does not redirect multimedia URL links, however.
Note Content redirection from client to server is available only with MetaFrame Presentation Server Advanced and Enterprise editions.
132
If a published application is available that supports the document content, a Web Interface App object is returned that describes the published application. The application can then be launched using the Web Interface, passing the address of the published content as a command-line parameter. Clients Version 6.30 or later (except the MetaFrame Presentation Server Client for Java) support the specification of command-line arguments through ICA files using the LongCommandLine setting. Sample scripts are shown below for both ASP (Active Server Pages for IIS Web servers) and JSP (JavaServer Pages for Java Web servers). These scripts assume that the address of the published content is supplied as a URL or UNC path. The main steps in the scripts are: 1. Obtain the list of published applications available to the user. 2. Locate the published application associated with the contents extension. 3. Launch the published application by generating an appropriate ICA file.
ASP Example
1. Obtain the list of applications.
Set credentials = Server.CreateObject ("com.citrix.nfuse.ClearTextCredentials") credentials.initialize "user", "domain", "password" Set gateway = Server.CreateObject ("com.citrix.nfuse.CitrixWireGateway") gateway.initialize credentials Set appList = gateway.getAppDataList()
133
' '
'
'
"&NFuse_AppFriendlyNameURLEncoded=" & contentApp.getFriendlyNameUrlEncoded Set these as URL session fields parser.setUrlSessionFields(UrlSessionFields) Set address of the content used as a command line argument parser.setSingleSessionField "NFuse_AppCommandLine", "http://mywebsite/spec.doc" Specify the template ICA file to use parser.setSingleSessionField "NFuse_Template", "template.ica" Generate content of ICA file and return MIME type "x-ica" This causes browser to launch the ICA file and hence the published application. If parser.Parse() Then Response.ContentType = "application/x-ica" Continue = True While (Continue) HtmlString = parser.getNextDataBlock() If Len(HtmlString) = 0 Then Continue = False Else Response.write(HtmlString) End If Wend Else Parser failed. Attempt to display the published content using local (client side) application. Response.Redirect(docURL) End If
134
JSP Example
1. Obtain the list of applications.
ClearTextCredentials credentials = new ClearTextCredentials(); credentials.initialize("user", "domain", "password"); CitrixWireGateway gateway = new CitrixWireGateway(); gateway.initialize(credentials); AppDataList appList = gateway.getAppDataList();
135
136
137
DisableAutoImageResize
If during logon, either of the registry settings is set to 1 or is not present, the corresponding feature is disabled and the registry settings are set to 0. If either registry setting is set to 0, the users settings for these two options are retained; they are not automatically modified. You may find this information useful when designing logoff scripts. For example, you can ensure both features are disabled when the user next logs on to MetaFrame by ensuring the logoff script sets these values to 1.
138
Description
Setting SpeedScreenBA=On enables SpeedScreen Browser Acceleration for a connection. Note that the server settings may override this setting. Disabling SpeedScreen Browser Acceleration on the server causes this setting to be ignored for a connection. Setting SpeedScreenBA=Off disables SpeedScreen Browser Acceleration for a connection. This is disabled even if the server setting specifies that SpeedScreen Browser Acceleration is to be enabled.
SpeedScreenBACompressionEnabled
Usage
SpeedScreenBACompressionEnabled=[ON | OFF]
Description
Setting SpeedScreenBACompressionEnabled=On enables SpeedScreen Browser Acceleration JPEG image compression for a connection. Note that the server settings may override this setting. If the server has disabled JPEG Image compression, the server setting overrides the client setting. Setting SpeedScreenBACompressionEnabled=Off disables SpeedScreen Browser Acceleration JPEG compression for a connection. This is disabled even if the server setting specifies that JPEG compression is to be enabled.
139
Description
SpeedScreen Browser Acceleration uses a compressed cache to store JPEG and GIF data sent from a computer running MetaFrame Presentation Server. By caching this data on the client, pages that are revisited display faster, because the server will not retransmit the cached images to the client. The size of the cache determines how long images are stored in the cache and the number of files that can be stored in the cache. When the cache is full, images previously added to the cache are deleted from the cache (the least recently accessed images are deleted first). Initially the cache is empty and does not consume memory. As images are added to the cache, the cache grows to accommodate the images. If an image exceeds the maximum compressed cache size, it is not displayed through SpeedScreen Browser Acceleration. The value parameter is the maximum memory consumption that SpeedScreen Browser Acceleration will use to store JPEG and GIF image data, measured in kilobytes. The default value for this parameter is 16384KB (16MB). Administrators can modify this setting to limit the maximum memory consumption of the client or, alternatively, to allow higher maximum memory consumption if required. Increasing the memory consumption may provide some benefit on very slow connections where the transmission time for images is very high.
SpeedScreenBADecompressedCacheSize
Usage
SpeedScreenBADecompressedCacheSize=value
Description
SpeedScreen Browser Acceleration stores the bitmap representations of JPEG and GIF images in a decompressed cache. Using a decompressed cache means that the JPEG and GIF images do not need to be decompressed each time they are drawn. Using a decompressed cache provides a significant performance boost when a page is scrolled because a scroll operation results in a number of drawing operations on the same image.
140
When an image needs to be drawn, it is decompressed and added to the decompressed cache. Images remain in the decompressed cache until more space is required in the cache. Images are deleted from the decompressed cache when adding a new image could exceed the maximum decompressed cache size. Images can be added and removed from the decompressed cache any number of times while the image is in the compressed cache. The maximum size of the decompressed cache size determines the maximum dimensions of an image that can be displayed through SpeedScreen Browser Acceleration. JPEG images require 24bpp (bits per pixel), while GIF images require 8bpp. A larger decompressed cache size allows images with a larger dimension to be displayed. Reducing the size of the decompressed cache reduces the maximum image dimensions that can be displayed. Images that will exceed the maximum decompressed cache size when decompressed are not downloaded to the client at all but are displayed in Legacy mode.
SpeedScreenBAMaximumCompressionLevel
Usage
SpeedScreenBAMaximumCompressionLevel=value
Description
The SpeedScreenBAMaximumCompressionLevel ICA file parameter defines the maximum SpeedScreen compression level for a connection. The default value for this parameter is 2 (high compression). The valid values for this parameter are:
0 1 2 Low Compression Medium Compression High Compression
SpeedScreen JPEG Image Recompression performs a lossy compression on the JPEG images transferred to the client. A higher compression level results in reduced bandwidth consumption, but has significant impact on image quality. The lower of the two compression levels specified on the client and the server is used as the maximum compression level for a connection. Thus if the client specifies medium compression and the server high, the maximum compression level used for the connection will be medium compression. This parameter is ignored if either the client or server indicates that compression is not enabled for a connection.
141
142
RealOne Player
QuickTime
DIVX Video XVID Video Microsoft Video 1 MPEG-1 Video MPEG-4 Video Indeo Interactive Video MPEG-1 Audio AC3 Audio Fraunhofer MPEG Layer-3 Codec MP3
Y Y Y Y Y Y Y Y Y
Y Y Y Y Y Y Y Y Y X
X X X X X X X X X X
Y Y Y Y Y Y Y Y Y X
MP3
Y*
143
RealOne Player
QuickTime
Y* X X X
X X X X
X X X X
X X X X
Y- Supported through SpeedScreen Multimedia Acceleration X Not supported through SpeedScreen Multimedia Acceleration * - Support through SpeedScreen Multimedia Acceleration only when playing through Windows Media Player 9.0. Data is transferred in uncompressed format. Note The table above describes only some of the more popular media types and file formats. As stated above, in general SpeedScreen Multimedia Acceleration supports all media types that can be decoded by a DirectShow based codec, regardless of file format. Citrix recommends that you always upgrade the client devices to use the latest version of Microsofts DirectX software and to keep the servers version of Microsoft Windows Media Player upgraded to the latest version/update. Note that playback can take advantage of the new SpeedScreen Multimedia Acceleration when playing MP3 or other such audio. In this case, the computer running MetaFrame Presentation Server doesnt actually play the data and send data to clients, but instead streams the compressed codec data to the client and allows the client to decompress and play the data.
144
145
SpeedScreenMMAMinBufferThreshHold Default Value: 10 Description: Percent value with a range of 5-15. When the data in the media queue reaches this value, the client requests a burst from the server to replenish its media queue.
SpeedScreenMMAMaxBufferThreshHold Default Value: 90 Description: Percent value with a range of 85-95. When the data in the media queue reaches this value, the client requests that the server stop sending data until the data in the queue levels off.
SpeedScreenMMAPlaybackPercent Default Value: 35 Description: Percent value with a range of 25-45. This is the percentage of the media queue that needs to be filled before playback on the client begins.
146
Adding and Removing Users from Published Applications Using VBScript and MetaFrameCOM
MetaFrameCOM (MFCOM ) is a COM server that exposes some of the MetaFrame Presentation Server control and monitoring functions through the objects and interfaces it defines. MFCOM is also a programming interface to the functions provided by the Presentation Server Console. MFCOM is a COM object that meets the requirements defined in the Microsoft Component Object Model Specification. MFCOM is a COM server, not a COM client. MFCOM exposes objects that can be accessed from a COM client. It is a free threading COM server and supports automation. It is also a DCOM server; that is, a COM client can remotely connect to a server.
Using MFCOM
In most cases, MFCOM can be used on servers with no additional configuration. MFCOM is installed and registered by the installation of MetaFrame Presentation Server. The C:\program files\citrix\system32\mfreg.exe program can be used to register or un-register MFCOM manually on the server. To use MFCOM remotely, a utility program, c:\program files\citrix\mpssdk\utils\mfreg.exe, must be used to register MFCOM as a remote server. To obtain the Mfreg.exe program, download the MetaFrame Presentation Server SDK (MPSSDK ) from the downloads section on http:// www.citrix.com. Installing the MPSSDK package provides a prompt to register MetaFrame Presentation Server. To register or un-register the DCOM client manually, use the c:\Program files\citrix\mpssdk\utils\mfreg.exe program. Additionally, you may have to use the Microsoft tool DCOMCNFG.EXE to change the default impersonation to impersonate. You must restart your computer after you make this change. For additional information, visit the Citrix Developer Network at http://apps.citrix.com/cdn/.
MFCOM VBScripting
Although MFCOM can be used with any COM-compliant programming language such as Visual Basic 6.0, Visual C++, Perl, VB.Net, C#.Net, and C++.net it is very convenient to use VBScript. VBScript is included in most versions of Microsoft Windows. VBScript is a useful programming tool if you want to take advantage of scripting to overcome the difficult tasks of server maintenance. The following example can be used to add or remove an Active Directory domain user or group to or from a published application and demonstrates how a VBScript can be created. The script can be modified to perform other tasks applicable to your published applications.
147
If your farms have a large number of published applications, scripts can be used to batch the process of adding or removing accounts from published applications, which can save you a substantial amount of time. To run the following script, type the following at a command prompt: d:>cscript addacct.wsf where d is the drive where the script is located.
<package> <job id="AddAcct"> <comment> File: addacct.wsf Description: Example of how to add a ADS user or group to a published application. Requirements: WSH 5.5 or higher. Copyright (c) 2004 Citrix Systems, Inc. </comment> <runtime> <description> Add a user or group to an application. </description> <example> CScript //nologo USAGE: Addacct.wsf DOMAIN NAME, USER|GROUP NAME Example: Addacct.wsf MYADS Domain Users Use Double Quotes for names such as Domain Users Example: Addacct.wsf MYADS JONDOE </example> </runtime> <reference object="MetaFrameCOM.MetaFrameFarm"/> <script language="VBScript"> Option Explicit Dim AAName, AcctName, theFarm, anApp, MFUser, aWinApp if
WScript.Arguments.Count <> 2 Then WScript.Echo "USAGE: Addacct.wsf DOMAIN NAME, USER|GROUP NAME" WScript.Echo "" WScript.Echo "Example: Addacct.wsf MYADS Domain Users" WScript.Echo " Use Double Quotes for names such as Domain Users" WScript.Echo "Example: Addacct.wsf MYADS JONDOE" WScript.Quit 0
148
149
anApp.LoadData(TRUE) if anApp.AppType = MetaFrameWinAppObject Then ' MetaFrameWinApp object. Set aWinApp = anApp.WinAppObject anApp.Adduser MFAccountAuthorityADS, AAName, MFAccountDomainUser, AcctName anApp.SaveData end if Next </script> </job> </package>
Modifying the above script can produce an entirely different result. For example, replacing the line:
anApp.Adduser MFAccountAuthorityADS, AAName, MFAccountDomainUser, AcctName
with
anApp.removeuser MFAccountAuthorityADS, AAName, MFAccountDomainUser, AcctName
removes an Active Directory user or group from all the published applications. In this script the MFAccountAuthorityADS and MFAccountDomainUser enumerations are coded into the calls to add and remove Active Directory users and groups. If you are adding or removing users and groups from other account authorities such as NDS, Windows NT, or the local machine, you have to change these parameters (enumerations). For additional information, visit the Citrix Developer Network at http://apps.citrix.com/cdn/.
150
Important When multiple Windows Installer packages are installed, a memory leak can occur in Msiexec.exe. To avoid this, install the latest Windows service pack.
151
Uninstalling a Package
By default, a deployed package can be uninstalled using only the original package. For example, you cannot directly uninstall an ADF package that has a status of Already Installed. Instead, perform another full installation using the Force Reinstall option. This new package can be used to uninstall the same package. The application can also be uninstalled from target servers without Installation Manager by using Add/Remove Programs in Control Panel. Note If you uninstall from the Already Installed package, the target server will not detect the uninstallation and still reports that the package is installed.
CHAPTER 7
This chapter suggests optimizations that can increase the performance of MetaFrame Presentation Server running in a Windows environment. Many of the recommendations are based on Microsoft Knowledge Base articles accessible from the Microsoft Web site at http://support.microsoft.com.
Network Optimization
This section covers a few common network performance issues you can remedy by adjusting the default Windows network configuration.
Refused Connections
The server can refuse connections because of self-imposed limits specified by the MaxMpxCt and MaxWorkItem registry values. If this happens, users see the following errors: System could not log you on because domain <domainname> is not available. You do not have access to logon to this session. Before changing these values, read Microsoft Knowledge Base article Q232476. When modifying the following registry settings, ensure that the MaxWorkItems value is always four times the MaxMpxCt value. Suggested new values for MaxMpxCt and MaxWorkItems are 1024 and 4096 respectively. Caution A number of steps in this chapter require you to edit the registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\LanmanServer\Parameters Name: MaxMpxCt Type: REG_DWORD Data: 1024 Name: MaxWorkItems Type: REG_DWORD Data: 4096
Network Cards
Most 10/100-based network cards auto-sense the network speed by default. Manually setting these cards prevents the auto-sensing process from interfering with communication and enforces the desired network speed. If the server is connected to an auto-sensing device, apply these settings to this device as well. Verify that only necessary protocols are installed, and that the binding order of those protocols to the network interface card lists the most commonly used protocol first.
(on master page) Header Chapter 7 Optimizing MetaFrame Presentation Server Performance
155
156
In the left pane of the Presentation Server Console, select the server you want to configure, then: 1. Right-click and select Properties from the context menu that appears. 2. Select ICA Keep-Alive from the dialog box. 3. Click Enable ICA Keep-Alive and then enter a value (in seconds) in the Time Out Value box.
Important Enabling KeepAlives may keep demand-dial links up in a WAN environment. For more information about Configuring TCP and ICA KeepAlive values, see the Citrix Knowledge base article CTX708444 at http://www.citrix.com.
157
Retransmission Behavior
TCP starts a retransmission timer when each outbound segment is handed down to IP. If no acknowledgment is received for the data in a given segment before the timer expires, the segment is retransmitted up to the number of times specified in the TcpMaxDataRetransmissions registry key. The default value for this is five.
158
The retransmission timer is initialized to three seconds when a TCP connection is established; however, it is adjusted dynamically to match the characteristics of the connection using Smoothed Round Trip Time (SRTT) calculations.The timer for a given segment is doubled after each retransmission of that segment. Using this algorithm, TCP tunes itself to the normal delay of a connection. Because the default number of retries is five, the round-trip time can double four times (in other words, it can become 16 times slower than its initial value) before the session is dropped. By increasing this number to 10, you allow the round-trip time to double nine times instead of four, which allows the connection quality to erode up to 512 times its original value before being dropped. For example, a connection that begins with a round-trip time of 20 milliseconds has to erode to a round-trip time of 10,240 milliseconds before being dropped by the server. If possible, make this registry change on the client device as well. More information is available in Microsoft TechNet Articles Q120642 and Q17035.
159
Server Optimization
This section describes ways in which correctly configuring Windows services and applications for use in a multiuser environment improves performance and prevents system problems.
Auto-End Tasks
If an application does not properly exit, either when closed or upon server shutdown, the operating system can terminate the application using the Auto-End Tasks feature. Auto-End Tasks terminates any task that does not respond to a shutdown notice within the default time-out period. Enabling Auto-End Tasks affects all applications on the server and can cause issues with some applications that require a shutdown time period that is longer than the default time-out period. Therefore, the default time-out period must be greater than the time required for the longest successful shutdown for any server application. To enable Auto-End Tasks and set the default time-out period, modify the following registry settings: HKEY_USERS\.DEFAULT\Control Panel\Desktop Name: AutoEndTasks Type: REG_SZ Data: 1 Name: WaitToKillAppTimeout Type: REG_SZ Data: x where x is the interval in milliseconds (default is 20000) For more information, see Microsoft Knowledge Base articles Q123058 and Q191805.
160
Dr. Watson
If you are using Dr. Watson, run the Dr. Watson Application Compatibility script to prevent stability problems. Citrix recommends that you disable the Visual Notification option available on the main screen of Drwtsn32.exe. You can disable Dr. Watson completely by clearing the following registry key value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug Name: Debugger Type: REG_SZ Data: (blank) You can restore Dr. Watson as the default debugger by executing drwtsn32.exe i.
161
162
Server Service
Configure the Server service to represent the server role more appropriately. The performance boost realized from this server optimization setting depends on the function of the server. For example, if the server has available RAM, select the Maximize Throughput for Network Applications. Otherwise, select Minimize Memory Used. To configure the Server service on Windows NT, Terminal Server Edition servers 1. From Control Panel, double-click Network. 2. Click the Services tab. 3. Click the Server service. 4. Click Properties.
163
To configure the Server service on Windows Server 2000 and Windows Server 2003 1. From Control Panel, double-click Network and Dial-up Connections or Network Connections. 2. Right-click or select Local Area Connection and choose Properties from the Context menu. 3. Choose File and Printer Sharing for Microsoft Networks. 4. Click Properties. For more information, see Microsoft Knowledge Base article Q154075.
Level 2 Cache
For processors that use a direct-mapped L2 cache, configuring the value manually can yield a performance improvement. A direct-mapped L2 cache does not provide performance gains on Pentium II and later processors. For more information, see Microsoft Knowledge Base support articles Q228766 and Q183063. Use the following registry setting to modify a direct-mapped L2 cache: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control \Session Manager\Memory Management Name: SecondLevelDataCache Type: REG_DWORD Data: x where x is the L2 size in decimal (default: 0, which sets the cache to 256KB) Example: If the CPU has a 512KB cache, set the entry to 512 (in decimal).
164
Applications Optimization
This section describes some applications settings and optimizations that can improve performance.
Menu Refesh
You can change the menu refresh rate to expedite menu response time by modifying the following registry key: HKEY_USERS\.DEFAULT\Control Panel\Desktop Name: MenuShowDelay Type: REG_SZ Data: 10
Explorer Tips
You can disable the tips that are displayed at server startup by modifying the following registry settings: HKEY_CURRENT_USER\Software\Microsoft\Windows \CurrentVersion\Explorer\Tips Name: DisplayInitialTipWindow Type: REG_DWORD Data: 0x0 Name: Next Type: REG_DWORD Data: 0x100
165
Name: ShowIE4 Type: REG_DWORD Data: 0x0 Name: Show Type: REG_DWORD Data: 0x0
Smooth Scrolling
Many applications have smooth scrolling or other features that increase the frequency of updates sent to the client workstation. If applications exhibit poor performance, disable these features to improve performance. Two common settings are in Microsoft Excel and Microsoft Internet Explorer: Microsoft Excel 97/2000 1. Choose Tools > Options. 2. Click the Edit tab. 3. Clear the Provide feedback with Animation check box. Microsoft Internet Explorer 5 1. Choose Tools > Internet Options. 2. Click the Advanced tab. 3. Clear the Use Smooth Scrolling check box in the Browsing section. Tip While the server is in install mode (change user /install), changing application settings applies the changes to all future users. When finished, place the server back into execute mode (change user /execute).
166
Disk Optimization
Certain registry settings can be modified to increase disk performance and throughput. This section describes enhancements such as increasing I/O locks and disabling last file access updates.
I/O Locks
The registry setting IoPageLockLimit specifies the limit of the number of bytes that can be locked for I/O operations. Because RAM is being sacrificed for increased disk performance, determine the optimal setting for this value through pilot tests. Changing this setting from the default can speed up file system activity. Use the table below as a guide for changing the registry setting.
Server RAM (MB) 64128 256 512 1024+ IoPageLockLimit (decimal) 4096 8192 16384 65536 IoPageLockLimit (hex) 1000 2000 4000 10000
Modify the registry setting as follows: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control \Session Manager\Memory Management Name: IoPageLockLimit Type: REG_DWORD Data: 0 (512KB is used) For additional information about the IoPageLockLimit registry setting, see Microsoft Knowledge Base articles Q121965 and Q102985 at http:// support.microsoft.com.
167
Memory Optimization
This section describes optimal configuration of the system page file and system page table entries.
Page File
The page file is temporary storage used by the operating system to hold program data that does not fit into the physical RAM of the server. The ratio of physical memory to paged memory is the most important factor when determining the size of a page file. When configuring the page file, follow these guidelines: A proper balance between physical memory and paged memory prevents thrashing. Verify that more memory is in physical RAM than paged to disk. For optimal performance, this ratio should be approximately 3:1. Place the page file on its own disk controller or on a partition that is separate from the operating system, application, and user data files. If the page file must share a partition or disk, place it on the partition or disk with the least amount of activity. To prevent disk fragmentation of the page file, always set the page file initial size to be the maximum size. The optimal size of a page file is best determined by monitoring the server under a peak load. Stress the server while observing the size of the page file. To conserve resources, set the page file to a value slightly larger than the maximum utilized while under stress. If the server is short on physical RAM, use the page file to provide additional memory at the expense of performance.
Note For debugging purposes, create a page file on the root partition that is slightly larger than the amount of RAM installed.
168
Windows Policies
Use system and group policies where possible, especially in an Active Directory environment. For more information about configuring policies, see Microsoft Knowledge Base articles Q161334 and Q260370.
Profiles
Users require an initial setup when logging on for the first time. This setup time is minimized by the use of roaming profiles. For more information about configuring roaming profiles, see Microsoft Knowledge Base articles Q142682 and Q154120. When you set up roaming profiles: Configure a dedicated server to host the profiles. If it is not possible to place the profiles on a dedicated server, place them on an isolated disk or partition. When using a server or drive dedicated to profiles and temp files, change the users profile and temp directories to point to the dedicated location.
You can disable locally cached profiles by changing the access of the following registry key and all subkeys to Read access only for everyone except SYSTEM (which should have Full Control): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT \CurrentVersion\ProfileList
169
170
171
Optimizing Recording
If you are using MetaFrame Presentation Servers audio feature primarily for recording, several settings can be modified to improve performance. Note that making changes to these settings can cause playback quality to degrade, especially on low bandwidth, high latency connections. 1. On the client, open the Module.ini file located in %Program Files%\Citrix\ICA Client. Go to the ClientAudio section. 2. Change PlaybackDelayThresh to 1 or 2. This causes the data to be played almost immediately, rather than being queued up on the client. 3. Change NumDataBuffers to a small value such as 4 or 5. This causes fewer buffers to be allocated so less data can be queued up on the client. You can try a lower value, but network latency is usually too great to allocate enough data and you will get a lot of dropped packets on playback. These settings are intended for a standard LAN environment. The settings should work for a WAN as well, but there is a much greater likelihood that audio quality will decrease with settings this low. If this happens, the values can be increased, but this causes the buffering delay to be reintroduced.The values should be balanced based on the applications that are being run. If playback is of less importance, use the above recommendations. If playback is more important, increase the NumDataBuffers to around 10. Continue to increase this number for WAN connections until satisfied with the resulting playback quality. Citrix recommends that the NumDataBuffers value be manipulated before the PlaybackDelayThresh value when optimizing playback on high latency networks. The PlaybackDelayThresh value causes more discontinuity on the server side with respect to synchronization issues. The higher this value is set, the more likely playback will jump ahead inappropriately, causing the recording to start playing at a later spot than where it was stopped. For more information regarding the configurable settings for sound see Client Audio Mapping Virtual Driver .
172
NumCommandBuffers = 64
Descriptiondefines how many server-to-client commands can be buffered. Maximum Limit = 65000. Minimum Limit = 0. Setting this value to 0 causes the client to slow down or become unresponsive to the commands sent by the server. Buffers must be defined because after executing a command sent by the server, clients look in the buffer for the next command. Also, if there are no buffers, the commands sent to the client by the server might not be stored on the client and executed. Recommended Value = 64.
NumDataBuffers = 32
Descriptiondefines how many data buffers are available on the client to store the audio data sent by the server. Maximum Limit = 65000. Setting this value too high leads to memory hogging on the client, resulting in degraded performance. Minimum Limit = 0. If this value is set to 0, no data buffers are available on the client. The audio data being sent from the server to the client is not stored and eventually will not play. Recommended Value = 32. This value stores a maximum of 2048 bytes of sound data.
MaxDataBufferSize = 2048
Descriptiondefines the size of the data buffer and also how many bytes of sound data can be sent to the client from the server. Maximum Limit = 2048 bytes. Out of 2048 bytes, 10 bytes are reserved for the sound packet header while the remainder is the actual audio data that is played on the client. Minimum Limit: 1000 bytes. Recommended Value = 2048 bytes for the best sound performance on the client.
173
CommandAckThresh = 10
Descriptiondefines the number of commands that a client receives before sending an acknowledgement to the server. Maximum Limit: depends upon the NumCommandBuffers. If the NumCommandBuffers is set to 64, do not set the CommandAckThresh more than 64 because the client will not acknowledge more than 64 commands. Minimum Limit = 10. Recommended Value = 10.
DataAckThresh = 10
Descriptiondefines the number of sound packets the client receives before sending an acknowledgement to the server. Maximum Limit: depends upon the NumDataBuffers. If the NumDataBuffers is set to 32, do not set the DataAckThresh higher than 32 because the client will not acknowledge more than 32 sound data/packets. Minimum Limit: 10. Recommended Value = 10.
AckDelayThresh = 350
Descriptiondefines how many milliseconds the client waits before it sends an acknowledgement to the server for all the commands received from the server. Maximum Limit = 350. AckDelayThresh and CommandAckThresh are not interdependent. For example, if CommandAckThresh is set to 10 and AckDelayThresh is 350 but 350 milliseconds have not elapsed since the client last sent an acknowledgment but 10 commands were sent by the server to the client, the client still sends the acknowledgment. The same holds true if the 350 milliseconds passed but the server did not send 10 commands. The client sends the acknowledgement to the server without waiting for 10 commands. Minimum Limit: 350.
PlaybackDelayThresh = 250
Descriptiondefines how many milliseconds the client waits before it sends an acknowledgement to the server for all the sound data/packets received from the server. Maximum Limit = 250. PlaybackDelayThresh and DataAckThresh are not interdependent. Minimum Limit = 250.
174
Each virtual channel is assigned one of these priority values. The default virtual channel priorities are as follows:
Virtual Channel CTXTW CTXTWI CTXCLIP CTXCAM CTXLIC CTXVFM CTXPN CTXCCM CTXCDM CTXCM CTXLPT Default Priority 0 0 1 1 1 1 1 2 2 3 3 Description Remote windows screen update data (Thinwire) Seamless windows screen update data (Thinwire) Clipboard Client audio mapping License management Video server video (that is, not Thinwire video) Program Neighborhood Client COM port mapping Client drive mapping Client management (Auto Client Update) Printer mapping for non-spooling clients (that is, WinTerms)
175
Default Priority 3 3 3 3 3 3
Description Printer mapping for non-spooling clients (that is, WinTerms) Printer mapping for non-spooling clients (that is, WinTerms) Printer mapping for non-spooling clients (that is, WinTerms) Printer mapping for spooling clients Used by OEMs Used by OEMs
The priority settings for all virtual channels are stored in the following Registry key: [HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\icawd\Priority] (REG_MULTI_SZ) This key contains one line for each virtual channel in the format: VirtualChannelName,Priority VirtualChannelName is the standard virtual channel abbreviation as specified in the above table. VirtualChannelName must be seven characters, so trailing spaces must be added before the comma when necessary. Priority is one of the following numeric priority values: 0, 1, 2, 3. The Thinwire virtual channels (CTXTW and CTXTWI) are the only high priority virtual channels by default, thus ensuring that time-sensitive user interface data is sent ahead of all other data.
176
ICA data travels through the same protocol layers but in the reverse direction when received at the destination (client or server). All ICA protocol layers reside at the Presentation layer of the OSI networking model. The ICA protocol layers depicted in the above diagram are described further in the following sections.
177
WinStation Driver
The WinStation driver receives ICA virtual channel data from multiple virtual channel drivers and packages the data for receipt by lower network layers. The WinStation driver works at the Application, Presentation, and Session layers of the OSI networking model. The WinStation driver establishes the ICA session between the client and the server, and maintains session information such as whether or not compression and encryption are turned on, and whether or not ICA Priority Packet Tagging will be used. It also encodes ICA command information and transforms input virtual channel data into ICA packets, which are placed in the WinStation drivers input buffer.
The low order and high order bytes are reversed for network transmission, and the framing header is created as follows:
178
179
TCP requires an acknowledgement of receipt for each TCP segment in the TCP buffer before sending additional segments. This prevents QoS solutions from being able to implement functionality that holds back printing ICA data and forwards on Thinwire ICA data within a single ICA stream (which is also a single TCP stream). TCP reports a failure of receipt for the TCP segments being held because they were not received by the destination in a timely manner. QoS solutions must implement ICA Priority Packet Tagging in such a way that the transmission speed of each TCP stream is dynamically altered based on the priority bits of the ICA data being transmitted, instead of attempting to hold back individual pieces of data within the stream. Program Neighborhood clients and MetaFrame servers running a software version released prior to MetaFrame 1.8, Feature Release 1 will establish ICA sessions without ICA Priority Packet Tagging. Unless QoS solutions detect the Citrix software version in use by the ICA session, all ICA traffic in these sessions, is treated as high priority (priority 0) because the two bits that are now used for ICA Priority Packet Tagging were not used (and thus set to 0) in previous versions of MetaFrame.
Tip Packeteer, Inc., a provider of application performance infrastructure systems, has released a QoS solution that takes advantage of ICA Priority Packet Tagging. Packeteers PacketWise 5.1 release is incorporated in the PacketShaper and AppVantage product lines. For additional information about Packeteers QoS solutions, visit www.packeteer.com.
180
The DMZ is situated between two firewalls, with the first network interface card (NIC) of the load balancer connected directly into the DMZ. The servers running the Web Interface are connected to the load balancers second NIC. This configuration is illustrated in the figure below.
181
The machines in the DMZ all have static IP addresses in the network 192.168.1.0/ 255.255.255.0. The client-facing firewall presents an external IP for the load balancer (172.27.19.4 in this example), which is converted to the real load balancer IP address (192.168.1.4) after firewall traversal. Clients on the public network can resolve the external load balancer IP address from the name nFuse.inter.net. The machines on the internal network are in the range 192.168.2.0/ 255.255.255.0. On the internal network, there is a MetaFrame XP Feature Release 2 server, named mf1, with a static IP address of 192.168.2.10, running the Citrix XML Service (shared with IIS) on port 80. The servers running the Web Interface, Nfuse1 and Nfuse2, are configured with the static IP addresses 192.168.1.10 and 192.168.1.11, respectively. The Web Interface configuration on each server is identical.
182
183
With the preceding configuration and the client-facing firewall set to allow traffic to 192.168.1.4 on ports 80, 81, and 82, the load balancing solution worked when tested.
CHAPTER 8
This chapter includes information about securing your server farm. The information in this chapter is intended to supplement the information about securing MetaFrame Presentation Server environments found in the following documents: The Secure Gateway for MetaFrame Administrators Guide The MetaFrame Presentation Server Administrators Guide The Web Interface Administrators Guide The Administrators Guides for the MetaFrame Presentation Server Clients
5. When a new user account requires MetaFrame administrator privileges, add the account to the MPSAdmins global group. When MetaFrame administrators are members of an Active Directory domain, use a domain local group for farms within a single Active Directory domain or a universal group for farms that span a forest.
187
Microsoft Access
For an Access data store, the default user name is citrix and the password is citrix. If users have access to the data store server, change the password using dsmaint config and keep the information in a safe place. Important Be sure to create a backup of your data store before using dsmaint config to change the password on your data store.
188
Oracle
If the data store is hosted on Oracle, give the Oracle user account that is used for the MetaFrame Presentation Server farm connect and resource permissions only. System administrator (system or sys) account permissions are not needed for data store access.
189
IBM DB2
If the data store is hosted on IBM DB2, give the DB2 user account that is used for the MetaFrame Presentation Server farm the following permissions: Connect database Create tables Register functions to execute to database managers process Create schemas implicity
System administrator (DB2Admin) account permissions are not needed for data store access.
Microsoft SQL Server communication is secure when the multi-protocol encryption option is configured correctly on both the Microsoft SQL Server and the clients. For more information about enabling multi-protocol encryption, consult the Microsoft SQL Server documentation.
190
191
192
193
194
To disable pass-through authentication in Program Neighborhood Agent 1. Uninstall the client from Add/Remove programs. 2. Reinstall the Program Neighborhood Agent and ensure that you do not enable Pass-Through Authentication when prompted during the install. 3. Delete the following files from the client files folder to disable the feature and prevent a user from enabling it again in the client: Ssoncom.exe Ssonstub.dll Ssonsvr.exe
4. Use the Program Neighborhood Agent Console or edit the Config.xml file to disable Pass-Through Authentication under authentication options.
195
NTLM Support
Windows NT Lan Manager (NTLM) authentication support was added starting with client Version 7.00.14874. Prior to Version 7.00.14874, only SOCKSV5 and Secure Web Proxy authentication were supported, both of which use clear-text (basic authentication) to transmit the password information. NTLM authentication is a Microsoft proprietary method, that is more secure than basic authentication and does not use clear text to transmit password information. It is supported with Microsoft Proxy Server 2.0 and Microsoft ISA server. NTLM is a challenge/ response process where the server challenges the client to encrypt a random number with the client's password hash, while the server sends the same challenge to the domain controller along with the client's response. The domain controller decides the authenticity of the request.
196
197
ProxyHost. Includes the address of the proxy host and port number. To set the IP address of the proxy server or to use its fully qualified domain name (FQDN), enter the proxy/firewall port number at the end of the address using the following sample formats: 192.168.0.1:8080 or proxy.citrix.com:1080. ProxyBypassList. Allows you to specify domain names that should be ignored during a proxy connection. Use the ProxyBypassList setting to connect the client to servers in the same subnet or network without using proxy or firewall servers. For example, a client device may reside in the same domain (corp.company.com) as your farms servers. In this case, you can set the ProxyBypassList parameter to *.corp.company.com *.partner.company.com instead of configuring each connection for direct connections. Setting the parameter to this value configures the client to ignore any proxy servers when connecting to these domains. Use a semicolon or a comma to separate entries if adding multiple domains. ProxyAutoConfigURL. Allows you to include an HTTP URL to a JavaScript Proxy Auto-Configuration file (*.PAC) or the Microsoft Internet Explorer Internet Settings file (*.INS). This setting is used when an administrator wants to centralize proxy or firewall server-client configuration by using a script file. The script file can be either a JavaScript PAC file or Microsoft Internet Explorer INS file. For information about creating these files, follow the links below: MSDN Article on PAC Files: http://www.microsoft.com/mind/0599/faq/faq0599.asp Internet Explorer Administration Kit Article: http://www.microsoft.com/windows/ieak/techinfo/deploy/60/en/ default.asp?URL=/windows/ieak/techinfo/deploy/60/en/autodis.htm ProxyUsername/ProxyPassword. Location to configure the SOCKS 5 or Secure Proxy authentication credentials. If the ProxyUsername/ProxyPassword parameters are not set and the proxy or firewall connects to a server configured for SOCKS 5 or Secure Proxy with authentication, the user is prompted for credentials. The user credentials are for proxy authentication only and may not be the same as the users domain or network credentials. When the ProxyUsername/ProxyPassword parameters are set, the client passes the users credentials to the proxy server.
198
Important On any SOCKS 5 or Secure Proxy server configured to require authentication, the user name and password are passed in clear text. Citrix recommends that you do not set these parameters if credentials are going to be passed through a public network such as the Internet. Even if the ICA connection is set to use SSL/TLS+HTTP, the credential packets are sent before any secured tunnel is established. Note that this is not true for NTLM authentication, which is supported by clients starting with Version 7.00.14874 ProxyTimeout. The time in milliseconds after the client waits for initial response from the proxy server
SOCKS sets the ProxyType parameter to a value of SOCKS. To specify a version number for SOCKS, edit the users Appsrv.ini file and change the value for the ProxyType to the correct version parameter. You must add the proxy address and port fields to this setting. Secure sets the ProxyType parameter to a value of Secure. You must specify the proxy address and port fields. Doing so sets the ProxyHost parameter. Note For more information, see the Client for 32-bit Windows Administrators Guide.
199
200
See the documentation from your smart card vendor for details. For more information about using smart cards with Windows Server 2000, see Microsoft Knowledge Base support articles Q313557 and Q227873. For more information about configuring Active Directory domains and Certificate Authority for smart card support, see Microsoft Knowledge Base support articles Q313274, Q257480, and Q231881. Default readers and cards supported by Microsoft are listed in the registry under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Calais. The minimum configuration to use smart cards in a MetaFrame Presentation Server environment requires only that the Cryptographic Service Provider (CSP) is installed on the server and that the smart card reader driver is installed on the client. This allows Program Neighborhood to function using smart cards. Program Neighborhood Agent and Web Interface both require the CSP to be installed on the client as well. Important Some GemPlus and Schlumberger smart cards may work correctly with MetaFrame Presentation Server 3.0 installed on Windows Server 2003 without installing any vendor-specific CSP software. The same is true for Windows Server 2000 and Windows XP clients.
Note The built-in Schlumberger driver requires a registry modification to allow it to function on a Windows Server 2003. Add the text SLBCSP.DLL SLBIOP.DLL; to the end of the string in this value: HKEY_LOCAL_MACHINE\Software\Citrix\CtxHook\AppInit_DLLs\SmartCard Hook\SpecialDLLSearch
201
Important Windows XP, Windows Server 2000, and Windows Server 2003 include native support for some smart card readers. To determine if the reader is supported by default, attach the reader to the client and let the operating system detect and install the drivers. If there is not an option to log on using a smart card after you restart the system, you must install the vendors software drivers. Also Windows XP, Windows Server 2000, and Windows Server 2003 have default CSPs installed for many Schlumberger and GemPlus smart cards.
202
Using Smart Cards with the Web Interface and the Program Neighborhood Agent
Using smart cards with MetaFrame Presentation Server 3.0, the clients, or the Web Interface simplifies the authentication process while enhancing logon security. This section assumes that the server running the Web Interface is running Windows Server 2000 with Microsoft Internet Information Services (IIS). To use smart cards with the Web Interface, configure the IIS Web server and enable smart card authentication using the Web Interface Console. To use smart cards with the Program Neighborhood Agent, you must configure IIS to support smart card authentication. Configure IIS to have a Certificate Authority that can be set up in an Active Directory domain. For more information, see Microsofts documentation about IIS and Certificate Authorities. Note Citrix recommends that you use Active Directory if you want to use smart cards with MetaFrame Presentation Server.
203
To enable the Windows Directory Mapper ServiceWindows Server 2003 1. Open the Computer Management utility by right-clicking My Computer and choosing Manage. 2. Navigate to and expand Services and Applications. 3. Navigate to and expand Internet Information Services; right-click the Web Sites node and choose Properties. 4. From the Directory Security tab, select Enable the Windows Directory Service Mapper. 5. Click OK until you return to the Computer Management dialog box. To install a server certificate 1. In the Computer Management utility under Internet Information Services, expand the tree until Default Web Site is displayed. 2. Right-click Default Web Site and choose Properties. 3. Click Server Certificate on the Directory Security tab to begin the Web Server Certificate wizard. Click Next. 4. Choose Create New Certificate and click Next. 5. Choose Send the request immediately to the certification authority and click Next. 6. Enter a friendly name for the certificate and click Next. Tip Use the servers FQDN for the friendly name. 7. Enter the corresponding organization and organizational unit and click Next. 8. For the Common Name, enter the FQDN of the server running the Web Interface and click Next. 9. Enter State/Province and City/Locality and click Next. 10. If the Certificate Authority is not automatically filled in, select it from the list. 11. Click Next twice and then click Finish.
204
To ensure that SSL is enabled on the server running the Web Interface 1. In the Computer Management utility under Internet Information Services, expand the tree until Default Web Site appears. 2. Right-click Default Web Site and select Properties. 3. Choose the Web Site tab and ensure that SSL Port 443 is available for SSL connections. 4. Close the Computer Management utility.
Enabling Smart Card Authentication using the Web Interface Administration Console
Complete the following tasks to configure the Web Interface to accept credentials using smart cards. 1. Display the Authentication page. 2. Select the Smart card option to allow users to authenticate to the Web Interface using a smart card. 3. In the Authentication for launching applications section, set Use smart card to log on to MetaFrame to enable smart card authentication to your servers. Choose from one of the following options: Auto. This is the default. If the user authenticated to the Web Interface using a smart card, the Web Interface attempts to authenticate using this method. Yes. The Web Interface always attempts to authenticate using smart card credentials. No. The Web Interface never attempts to authenticate using smart card credentials.
Note If Use smart card to log on to MetaFrame is set to Yes but a smart card is not available, a dialog box requesting the users to press CTRL+ALT+DEL appears. If this occurs, users must press CTRL+F1 to bypass this dialog box and then enter their user name and password to log on to a server. To test the configuration, log on to the Web Interface server (http//:<your Web Interface Server>) from a client with a smart card and launch a published application.
205
5. At a command prompt, type regsvr32 accsp.dll to register the accsp (Activecard Card Service Provider) library. 6. Restart the computer. ActivCard Gold 2.2 and later should be fully multiuser compatible. Contact your smart card vendor for more information and to obtain the latest compatible CSP.
206
207
There is a split-second of vulnerability at the gateway when the data is decrypted and then re-encrypted to switch protocols. Organizations cannot rely on the use of encryption keys and SSIDs to provide adequate security in a wLAN environment. However, using MetaFrame Presentation Server with the ICA protocol offers a number of features that protect against security vulnerabilities.
208
209
CHAPTER 9
Troubleshooting
This chapter includes information that can help you troubleshoot issues you may encounter with MetaFrame Presentation Server and its components.
If you are connecting directly to the data store, verify that ODBC connectivity exists. For more information, see ODBC Connection Fails on page 213. If you are connecting to the data store through an intermediary server, verify that the IMA Service is running on the server that is connecting directly to the data store. Review the entries in the event log for the IMA Service error code that is returned. Verify that the Spooler service is started in the System context rather than for a user. If you see an IMA Service Failed message (with error code 2147483649) when restarting a server, the local system account may be missing a \temp directory. Change the IMA Service startup account to the local administrator. If the IMA Service starts under the local administrators account, check for a missing temp directory. Switch the service back to the local system account and try manually creating the temp directory %systemroot%\temp. Verify that both the TMP and TEMP environment variables point to this directory. For more information, see Microsoft article Q251254 at http://support.microsoft.com/ support/.
213
2. The HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\Tracer registry key contains a subkey for each subsystem about which information can be traced. Tracing for all subsystems is on by default, but the specific types of messages for the subsystems are off. To enable tracing for a subsystem, both the default value (specified as the first value in the key) and the message values must have a value of 1. The default value must be 1 and should never be changed. Other values within each key correspond to types of messages to log and are set to 0 by default. To enable tracing for those items, set their value to 1.
214
4. Verify that the correct user name and password are being used for database connectivity. You can change the user name and password using the dsmaint config command. For more information, see the MetaFrame Presentation Server Administrators Guide. 5. Reinstall MDAC 2.6 Service Pack 1 or later to verify that the correct ODBC files are installed. 6. Enable ODBC Tracing for further troubleshooting. For more information, see ODBC Tracing on page 228.
Chapter 9 Troubleshooting
215
216
1. Right-click the My Network Places icon on the servers desktop and choose Properties. 2. In the Network and Dial-up Connections window, right-click Local Area Connection and choose Properties. 3. Choose Novell Workstation Manager from the components list and click Properties. 4. Verify the following settings: Workstation Manager is enabled The tree name is set to the tree that has the DLU policies applied All other options have the default settings applied
5. If you set the DLU policy in NDS to delete users after they log off (Volatile User option) and the volatile user accounts are not being deleted, ensure that the Enable Volatile User Caching option is disabled. If you are experiencing autologon problems with the ZENworks DLU feature as the Windows authentication method, try the following: 1. Make a desktop connection using an ICA Custom Connection with the Autologon feature enabled. 2. Specify User Credentials: Username a valid Distinguished Name such as .SampleUser.company Password a valid password Domain a domain that contains the NDS tree name
Chapter 9 Troubleshooting
217
Known Issue: ZENworks for Desktops version 3 does not distinguish between users with the same user name, even if they are in different contexts. If the first user is still logged on when the second user logs on, the profile of the first user is utilized by the second user. Workaround: Be sure to use unique names in the tree. If your tree already includes users with the same user name, you can work around this by creating aliases.
218
If the Username field in the NT/2000 field contains a Distinguished Name (.username.context.), upgrade to Novell Client 4.81 or later. (Older Novell Clients do not parse the user name from the Distinguished Name.) If the Domain name field is blank or set to the local machine name and ZENworks DLU feature is being used, troubleshoot the Dynamic Local User policies (DLU is not functioning properly). If the Domain name field is blank or is set to the local machine name and ZENworks DLU feature is not being used, locate or create the following registry key: SyncedDomainName in HKEY_LOCAL_MACHINE\Software\Citrix\ NDS. Set the registry key value to the name of the Windows NT domain that is synchronized with the NDS tree. If the Domain name field contains the name of the NDS tree, enable NDS integration. If the Domain name field contains the name of a Windows NT domain and you are not using ZENworks DLU functionality for Windows authentication, verify that the server has a valid trust relationship between the servers domain and the users domain.
Known Issue: If you designate an NDS preferred tree but none of the servers are set to MetaFrame XP Feature Release 1 or later, MetaFrame Presentation Server prompts your users for NDS credentials but does not accept them. Workaround: Set the feature release level to Feature Release 1 or later on at least one server in the farm, remove the NDS tree name in the NDS Preferred Tree field Farm Properties > MetaFrame Settings, and then reset the Feature Release level to None. Known Issue: The session sharing feature is not supported for MetaFrame Presentation Server Client connections that are configured for NDS user credentials. Workaround: To use session sharing for custom ICA connections in Program Neighborhood, do not specify user credentials on the Login Information tab in the Properties dialog box. Known Issue: If you are connecting by dial-up ICA to a server that has the Novell Client installed, the server returns the Microsoft logon dialog box instead of the Novell logon dialog box. This occurs because the Use Default NT Authentication check box is selected by default on computers running Windows Server 2000.
Chapter 9 Troubleshooting
219
Workaround: If you want to use Novell authentication on a server under these circumstances, clear the Use Default NT Authentication check box. To do this, from the Start menu choose Programs > Citrix > MetaFrame Presentation Server > Citrix Connection Configuration > Advanced Connection Settings. If a computer running Windows Server 2000 without Service Pack 2 is set up to use the default Windows NT authentication and a third-party authentication software such as the Novell Client is installed, the third-party logon dialog box appears instead of the default Windows logon dialog box. To resolve this problem, install Service Pack 2 for Windows Server 2000.
220
Chapter 9 Troubleshooting
221
Zone Elections Counter Q: What does the Zone Elections counter monitor in Resource Manager? A: The Citrix MetaFrame Zone Elections counter monitors the number of data collector elections that occurred in the servers zone since the IMA Service started. Monitoring this metric can be useful to determine whether or not excessive data collector elections are taking place. Proactive monitoring can help prevent excessive amounts of data from transmitting between zones as elections are won. This can also be tracked with the Citrix MetaFrame Zone Elections Won metric.
Error Message: [Oracle][ODBC][Ora]ORA-02074: cannot ROLLBACK in a distributed transaction Q: I am using Oracle and continually get messages about ROLLBACK of distributed transactions. What does this mean? A: Ensure that Disable MTS (Microsoft Transaction Server) support in the Oracle ODBC driver workarounds configuration is set. If the workaround is not enabled (by default on most Oracle ODBC configurations) this leads to a unique key violation that terminates the SQL transaction and the following Resource Manager server log entry: [Oracle][ODBC][Ora]ORA-02074: cannot ROLLBACK in a distributed transaction.
Error Message: Must Reparse Cursor to Change Bind Variable Datatype Q: After restarting the Resource Manager database connection server, I received an Oracle ODBC error in the Resource Manager server log stating 14 June 2003 11:32:26 - System - [Oracle][ODBC][Ora]ORA-01475: must reparse cursor to change bind variable datatype. What does this mean? A: If the above message appears in the Resource Manager server log, setting the Oracle ODBC workaround for Enable Closing Cursors can help resolve this issue.
222
Error Message: Failed to create summary database Q: What needs to be done when I attempt to create the summary database and the procedure fails with this message appearing in the Resource Manager server log? A: This summary database message informs the user that there was an error deploying the schema for the summary databasefor example, server log entry: 11 July 2002 12:26:02 - System - Failed to create summary database. The most common causes of this error are: There was a database problem while initially creating the SDB schema. For example, an Oracle database configuration such as the rollback segment is too small and non-autoextending; this can prevent successful deployment of the Resource Manager schema. Solution: Check the Oracle or SQL Server configuration settings to ensure there is enough space in the database to create the schema. Several megabytes should be enough space to create the schema. Also, check that all rollback segments are autoextending; these can be tuned after the database is created. The database user has insufficient privileges to create the schema. For example, Resource Manager may not be able to insert data into tables or create packages. Solution: Ensure that the user has rights to the database and can successfully communicate with the database server.
Multiple Duplicate Import Request Messages Q: The Resource Manager server log is showing multiple duplicate import request messages. Is the data importing correctly? A: This message appears in the Resource Manager server log when there are multiple duplicate import requests. The following message is usually observed multiple times in the server log file: 22 November 1978 00:02:10 - System - Ignoring duplicate import request for file "C:\Program Files\Citrix Resource Manager\SummaryFiles\1C2865FABC926CA" from host "XXXXXXX". This is usually because the Update Now button was activated multiple successive times or there are spurious network conditions that cause the server to request an import more than once. In these conditions, this message is normal and summary file imports will complete unaffected.
Chapter 9 Troubleshooting
223
Forest Trusts
With Windows Active Directory forests, you can create a two-way forest trust that allows a transitive trust among all child domains in the trusted forests. However, MetaFrame Presentation Server does not support the use of this type of trust among child domains. If you require a trust between two child domains in separate forests, you must create an explicit trust between the domains. Alternatively, you can place all servers in the same domain as follows: 1. Create a Local Group in the domain. 2. Populate this Domain Local Group with Global Groups from other domains.
224
Chapter 9 Troubleshooting
225
To enable the printer to be imported 1. Do one of the following: Add the network print server to the same domain as the computers running MetaFrame Presentation Server Add one of the servers to the same domain as the network print server
2. Assign the printers to the Everyone group instead of to groups or users. Authenticate without credentials to receive the list of printers assigned to everyone. 3. To allow Novell users to access Microsoft print servers, you must enable the Guest account and assign Everyone or Guest access.
Other USB devices, including scanners and cameras, are not currently supported by MetaFrame Presentation Server.
226
Disconnected Sessions
MetaFrame Presentation Server allows you to log Transport Driver Errors to a log file. This allows you to track any kind of Winsock errors the client receives. This is useful in troubleshooting why sessions are disconnected. To enable the logging, the following parameters must be added when launching the ICA connection with wfcrun32. The command is:
Wfcrun32 /c:0x00000040 /e:0x00100000 /logfile:<log file path> <connection name>
where 0x00000040 tells to log in Transport Driver. The 0x00100000 tells to log any Auto Client Reconnect related information. If an error is encountered, it is included in the logfile together with an error code. The error code may be a Winsock error code. Check the Microsoft Developers Network (MSDN) site for information about these codes.
Chapter 9 Troubleshooting
227
228
ODBC Tracing
ODBC tracing information might be requested by Citrix Technical Support or the database vendor support team. The procedure to enable ODBC tracing depends on the database server software you are using. The following procedures detail how to activate ODBC tracing for Microsoft SQL Server, Oracle, and IBM DB2. Microsoft SQL Server 1. Launch the ODBC Data Source Administrator. 2. Click the Tracing tab. 3. Type a path for the log file in the Log File Path box. 4. Click Start Tracing Now to begin tracing. Click Stop Tracing Now to end tracing.
Chapter 9 Troubleshooting
229
Oracle 1. Launch the Net8 Assistant. 2. Click Configuration > Local > Profile. 3. Choose General from the drop-down box on the right-pane. 4. Use the Tracing and Logging tabs to configure ODBC tracing as needed. IBM DB2 1. Launch the DB2 Client Configuration Assistant. 2. Click Client Settings > Diagnostics. 3. Set the Diagnostic error capture level to 4 (all errors, warnings, and information messages).
CHAPTER 10
MetaFrame Presentation Server supports Novell Directory Services (NDS) authentication to servers, published applications, and published content. This chapter explains how to use MetaFrame Presentation Server, the Web Interface, and the MetaFrame Presentation Server Clients (Version 6.20 and later) in an NDS environment. This chapter assumes that you are familiar with NDS and related Novell products. See the Novell Web site at http://www.novell.com for more information about the Novell products referred to in this document. CAUTION A number of steps in this chapter require you to edit the registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.
The following software must be installed for MetaFrame Presentation Server to successfully access NDS: On the Novell server (a server supporting NDS authentication and responding to NDS queries from clients): NDS eDirectory 8.5 for Windows or for Novell NetWare 5 with Support Pack 6 or later, or for Novell NetWare 5.1 with Support Pack 2 or later, or NetWare 6 and later. On MetaFrame Presentation Server for Windows Servers: Novell Client for Windows NT/Windows Server 2000, Version 4.81 or later Computers running MetaFrame Presentation Server 3.0 -orComputers running MetaFrame XP Feature Release 2 or 3
(on master page) Header Chapter 10 Using MetaFrame Presentation Server with Novell Directory Services
233
Important If using ZENworks Dynamic Local User function to gain access to Windows, you must install Novell ZENworks for Desktops 3 or later. If you are not using ZENworks to gain access to Windows, you must have accounts with the same user name and password in both NDS and Windows NT or Active Directory domains. To synchronize domains, perform either of the following: Manually synchronize accounts. Use third-party software such as Novells Account Management 2.1 or DirXML that can automatically synchronize accounts between NDS and Windows NT domains.
Important IP (Internet Protocol) is the only supported protocol for interaction between MetaFrame Presentation Server, NDS, and ZENworks for Desktops.
234
Set the value to the NetBIOS name of the domain with which you want to synchronize the user names. There is no need to restart the server or IMA Service. Users will synchronize the NetWare users with those of the Active Directory domain. Both users will still need to exist on the NetWare tree and the Active Directory domain. Assign MetaFrame Presentation Server administrator privileges to NDS objects. Log on to the Presentation Server Console with NDS credentials. Publish applications, desktops, or content for NDS users on computers running MetaFrame Presentation Server to which only NDS users will connect.
7. If you are using the Web Interface, enable NDS usage in the Web Interface. 8. Instruct users how to connect to published applications and content using their NDS credentials. If you are deploying the Program Neighborhood Agent, enable NDS usage in the Program Neighborhood Agent.
235
If you cannot log on to NDS, you may need to add a Directory Agent (DA) location to the Novell Client. A DA is needed when the Novell server is located on a different subnet. If a DA does not exist, ensure that the Novell server and the MetaFrame server are part of the same subnet. 4. To optimize logon and browsing response times, change the order of the network providers using the following steps: a. Right-click the My Network Places icon on the servers desktop. b. Choose Properties from the short-cut menu. The Network and Dial-up Connections dialog box appears. c. Choose Advanced Settings on the Advanced menu. The Advanced Settings dialog box appears. d. On the Provider Order tab, adjust the order of the network providers so that Microsoft Windows Network is above NetWare Services. e. Click OK to close the Advanced Settings dialog box. 5. To optimize logon time, add the Windows fonts directory located in %systemroot% to the system path environment variable. 6. To suppress a MetaFrame Presentation Server setup program error message informing you that the FileSysChange parameter is invalid, complete the following steps: a. Open the System.ini file located in %systemroot%. b. In the [386Enh] section of System.ini, set the following value: FileSysChange=off c. Save and close the System.ini. The appearance of this error message causes unattended setup of MetaFrame Presentation Server to fail. Ensure that the FileSysChange parameter is set to off before running an unattended installation. 7. Install MetaFrame Presentation Server. If MetaFrame Presentation Server fails to install, complete the following steps: 1. Uninstall the Novell Client from the server. 2. Install MetaFrame Presentation Server and then install the Novell Client by following the instructions in Installation on a Server with MetaFrame Presentation Server below. If the system is working properly, you can skip to Using ZENworks to Simplify User Credentials on page 239.
236
237
9. Enter Nwgina.dll in the String Editor dialog box to assign this value to the new CTXGINADLL entry. On MetaFrame Presentation Server, Ctxgina.dll is loaded by Winlogon.exe to process the auto-logon information transmitted by clients. Ctxgina.dll can process auto-logon credentials in excess of 20 characters. For example, if Ctxgina.dll is not loaded, auto-logon user names greater than 20 characters are truncated to 20 characters by Termsrv.exe. When Ctxgina.dll acquires users auto-logon credentials, they are passed in their entirety to the installed Gina.dll file to complete the authentication process. In most cases, the installed GINA is Msgina.dll. When the Novell Client is installed, the GINA is Nwgina.dll. Note Steps 1 through 9 above are required to ensure that CTXGINA is installed on the server. CTXGINA is required for logging on automatically with user names that exceed 20 characters. 10. To optimize logon and browsing response times, change the order of the network providers using the following steps: a. Right-click My Network Places on the servers desktop. b. Choose Properties from the shortcut menu that appears. The Network and Dial-up Connections dialog box appears. c. Choose Advanced Settings on the Advanced menu. The Advanced Settings dialog box appears. d. On the Provider Order tab, adjust the order of the network providers so that Microsoft Windows Network is above NetWare Services. e. Click OK to close the Advanced Settings dialog box. 11. To optimize logon time, add the Windows fonts directory located in %systemroot% to the system path environment variable. The system is now ready for you to set up the Windows account authentication to be used to access Windows 2000 servers.
238
If you want to use MetaFrame in an NDS environment using ZENworks, see Using ZENworks to Simplify User Credentials below. If you want to use MetaFrame in an NDS environment without using ZENworks, see Configuration without ZENworks on page 241.
239
240
6. Leave the search level at the default setting of 0. 7. Click Apply, then Close. 8. On the Associations tab, choose Add and browse to the container that holds the container package you just created. 9. Click OK and then Close.
241
9. On the Not Member of tab, choose User > Add. Select the users or groups to whom you want to apply the policy. Applying the policy to users gives them rights to log on and run applications. 10. Click Apply and then OK two times to finish creating the policy. 11. If the computer running MetaFrame Presentation Server is also running Windows Server 2003, ensure that you add a Custom Group to the Policy. The Custom Group name should be Remote Desktop Users. This is the group that is granted Log On Locally to log on remotely through Windows Terminal Services.
242
243
244
5. Because the Application Publishing wizard cannot access the applications icon, default icons appear in the Program Neighborhood Settings dialog box. To use the applications icon, you can copy the icon file (ending with an .ico extension) or the entire executable to a computer running MetaFrame Presentation Server that is not running the Novell Client. Click the Change Icon button to browse for the icon or executable on this other server. 6. In the Specify Servers dialog box, be sure to select only those servers running the Novell Client Version 4.81 or later. 7. In the Specify Users dialog box, select the NDS tree from the list. This enumerates the objects in the tree. Double-click container objects to open them. Choose the Show Users option to view users and alias objects in the current container. Select the desired object and click Add. You can also manually enter NDS user names. Choose Add List of Names and enter one or more NDS account names separated by a semicolon (;). Each account name must be entered in the fully distinguished name format prefixed by an NDS tree name and a slash (\). For example, enter CitrixNDSTree\.joeX.admin.pnq;CitrixNDSTree\.mary.test.pnq. Click Check Names to validate the account names or click OK if you are done adding accounts. Double-click to open container or leaf objects until the object to be granted access appears. Select the object and click Add.
245
246
3. TreeName: Shows the name of the NDS tree supported by the farm. MetaFrame Presentation Server supports only one NDS tree per farm. This field cannot be edited. 4. Context: You can select from this list by either: A context used in a previous Web Interface/NFuse logon -orFind Context tab Selecting this and clicking the Log In button causes Web Interface/NFuse to search the NDS tree for all contexts that contain the partial user/alias name. This search feature requires the Novell client to be installed on the Web Interface/ NFuse Web server, and be able to access the NDS tree. Because, searching the entire NDS tree may be slow, you can specify the NDS contexts that Web Interface/NFuse should search, by specifying them in the SearchContextList setting in the nfuse.conf file. For example: SearchContextList=subdepartment.department.company Do not prefix context names with a dot (.). Separate multiple contexts by a comma (,). Note Web Interface does not support pass-through authentication for NDS users.
247
248
Single Sign-On When the Novell Client is installed on the client device and Single Sign-On is enabled, Single Sign-On sends users NDS credentials to the server. If you want users to use Windows credentials, add the following to the Appsrv.ini or .ica file. Appsrv.ini file - Under the [WFCLIENT] section, add or modify the SSOnCredentialType entry to SSOnCredentialType=NT ICA file - Under the application name section, add or modify the SSOnCredentialType entry to SSOnCredentialType=NT
249
Add a default context to the self-extracting executable for Program Neighborhood. Extract the client files from Ica32a.exe by typing at a command line: ica32a.exe -a -unpack:<Directory Location> where <Directory Location> is the directory to which you want to extract the client files. 1. Open the Appsrv.src file in a text editor. 2. Locate the section named [WFClient]. 3. Add the following line to the list of parameters and values in the [WFClient] section: DEFAULT_NDSCONTEXT=<Context1 [,]>. Include this parameter if you want to set a default context for NDS. If you are including more than one context, place the entire value in quotation marks and separate the contexts by a comma. Examples of correct parameters: DEFAULT_NDSCONTEXT=Context1 DEFAULT_NDSCONTEXT=Context1,Context2
Note The self-extracting executable setup program for the Program Neighborhood Agent does not support adding a default context.
250
Note You can use third-party tools, such as the Lyncx tool from Centralis, to automate the process of creating aliases for large trees. See the Centralis Web site at http:// www.centralis.co.uk for more information. When users log on, they are given the rights of the object to which the alias object points.
CHAPTER 11
MetaFrame Presentation Server provides centralized printer management with the Presentation Server Console.This chapter discusses the creating, mapping, and replicating of printers in your server farm.
253
254
Where: Drivers = Number of printer drivers Servers = Number of servers to which the printer drivers are being replicated
255
Using this formula, the queue can include 30 drivers for replication to 50 servers (30*50=1,500) or three drivers for replication to 500 servers (3*500=1,500) without exceeding the queue size recommendation. You can monitor the replication queue items with the qprinter /replica command. Tip You can determine whether or not printer drivers are successfully replicated by checking the Application Log in Event Viewer on the target servers.
256
Using Auto-Replication
When an auto-replication job is scheduled, the Citrix IMA Service attempts to download the job when the IMA Service starts up. If several printer replication jobs are destined for a server, the IMA Service may take an extended amount of time to start. The Overwrite existing drivers option is not recommended because this downloads the printer drivers each time the IMA Service starts. Citrix recommends using scheduled replication instead of auto-replications to reduce network traffic. If auto-replication must be used, do not use the Overwrite existing drivers option and keep the number of printer drivers to be replicated to a minimum.
CHAPTER 12
This chapter describes how to replicate the SQL Server database that hosts your server farms data store.
2. Use the sp_helpsubscriberinfo stored procedure at the distributor to view the subscription information. Ensure that: One entry for each subscriber exists The publisher is identified correctly The login and password fields are blank if the Impersonate the SQL Server Agent (trusted connection) option is set
3. Display any existing subscription entries using the sp_helpsubscription_properties stored procedure on the subscriber in the database. Ensure that: The publisher is the name of the server that holds the source database for publication. The publisher_db is the name of the database on the publisher. The publication displays the name of the publication to which the database is subscribing. The publisher_login is SA and the next field has an encrypted password (these are set with the sp_link_publication stored procedure). Verify the SA user name in sp_link_publication is capitalized. Lowercase sa fails to create the RPC connection. These entries exist only in the subscribers database.
If the distributor is not displayed in the sp_helpserver stored procedure output, add it manually using the sp_adddistributor stored procedure. For example:
exec sp_adddistributor '<servername>' go select @@servername
259
Linking a Publication
If all subscribers are set to Impersonate the SQL Server Agent (trusted connection) at the distributor, the publication link may still fail. If you see the Login Failed for User sa error message, it may be because the dynamic RPC calls are being attempted with an incorrect password. To reset the publication link, use the sp_link_publication stored procedure from the database on the subscriber. For example:
sp_link_publication '<Distributor>, '<Database>', '<Publication>', 0, 'SA', '<Pwd>'
Where: Distributor = The name of the distributor server Database = The name of the published database on the distributor Publication = The name of the publication that is to be linked Pwd = The password for the SA account on the distributor Execute the sp_link_publication stored procedure. Verify that conflicting information from sp_helpsubscription_properties is not present between the master and subscriber databases. If the databases contain different information, use sp_link_publication to set the same information in both databases or use sp_droppublication to remove the publication from the master database. Verify the SA user name in sp_link_publication is capitalized. Lowercase sa fails to create the RPC connection.
260
Note If you are configuring SQL replication on Windows Server 2003, verify that the MSDTC service is using the Network Services security account (this account uses a blank password).
261
262
263
6. On the Specify Subscriber Types page, select the Servers running SQL Server 2000 option. Click Next.
264
7. On the left side of the Specify Articles page, select both Show and Publish All for the tables object type. Do not publish stored procedures to the replicated databases.
8. Click Next on the Article Issues page. 9. Name the publication. 10. On the Customize the Properties of the Publication page, choose No, create the publication as specified.
265
11. Click Finish to complete the wizard. The publication appears in the Publications folder, as shown below.
266
267
9. On the Start Required Services page, displayed below, the services that must be running are listed. Verify that the applicable required services are running on the distributor server.
268
If not all tables are present, delete the replication setup and begin again. The dtproperties table also appears if you used the Database Diagram wizard in Enterprise Manager. If an error starting the IMA Service occurs after successfully configuring replication, you can run the following command from the Query Analyzer tool on the SQL2000 server:
sp_link_publication '<Distributor>', '<Database>', '<Publication>', 0, 'SA', '<Pwd>'
Where: Distributor = The name of the distributor server Database = The name of the published database on the distributor Publication = The name of the publication that is to be linked Pwd = The password For further information, refer to Citrix Knowledge Base article CTX101739.
269
270
Multi-Subscriber Replication
Multi-subscriber replication, defined as comprising one publisher and two or more subscribers, requires additional considerations. By default, Microsoft SQL Server leaves foreign key referential integrity constraints intact in the subscriber databases. Because MetaFrame Presentation Server uses a two-phase commit between the subscriber and the publisher (distributor), these constraints are not necessary because integrity is maintained at the distributor. After a subscriber commits a transaction at the distributor, the distributor pushes the changes out to all remaining subscribers. However, the referential integrity constraints on the remaining subscribers prevent the transactions from completing correctly. When this occurs, you will see error messages similar to the following: DELETE statement conflicted with COLUMN REFERENCE constraint 'FK__DATATABLE__nodei__35BCFE0A'. The conflict occurred in database 'CTXIMA', table 'DATATABLE', column 'nodeid'. The row was not found at the Subscriber when applying the replicated command. To prevent the foreign key relationships from blocking the replicated transaction, perform the following steps on the subscribers only. 1. In Enterprise Manager, select the data store database. 2. Click Tables, right click DATATABLE in the right pane, and select Design Table from the context menu. 3. Click the Manage Relationships button.
271
4. Verify Enforce Relationship for Replication is checked for the relationship that starts with FK__DATATABLE__nodei.
5. Save the changes to the DATATABLE 6. Repeat Steps 3 6 for INDEXTABLE and the foreign key relationship that starts with FK__INDEXTABL__nodei. 7. In the foreign key relationships under KEYTABLE, verify that the checkbox for Enforce relationship for replication is clear. 8. Repeat Steps 1 8 for each subscriber database. Note Completing these steps on the distributor database may corrupt the data store. In addition, if you re-initialize the subscription, the schema is reread from the distributor and Steps 19 must be completed on the subscribers again.
272
To set up the database distributor 1. Select one of the SQL Server databases you created as the source database to be replicated or published. 2. Install MetaFrame Presentation Server and point it to the database selected in Step 1. The database on this server is now the server farms data store and the server is the distributor server.
273
274
275
9. On this dialog box, verify that all necessary services are running on both the distributor and the subscriber. The state for the MSDTC service on the subscriber always displays as Unknown even though it is running. To verify that MSDTC is running, check Services in Administrative Tools in the Control Panel on the subscriber. Click Next. The Completing the Push Subscription wizard appears. When the Push Subscription wizard is done running, replication begins. You can monitor the progress of the replication in Replication Monitor in Enterprise Manager. 10. When replication is complete, ensure that there are no replication alert errors in Replication Monitor.
APPENDIX A
Utilities
This chapter describes some of the Citrix utilities included with MetaFrame Presentation Server that you can use for configuration, management, and troubleshooting. Use command-line utilities at the command prompt, in a batch file on the computers running MetaFrame Presentation Server, or in an ICA session. For more information about Citrix utilities, see the MetaFrame Presentation Server Administrators Guide. This chapter explains how to use the following utilities: DSVIEW MSGHOOK QPRINTER QUERYDC QUERYDS QUERYHR SCCONFIG LMNEWLOG LMSWITCH
278
DSVIEW
Use this utility to view the contents of the data store, or the local host cache, and to look up ContextIds and UIDs. This utility includes a user interface, shown below.
Remarks
Dsview replaces IMATester, a utility documented in earlier editions of MetaFrame XP Advanced Concepts. It is located in the \support\debug\OS folder on the MetaFrame Presentation Server 3.0 CD; where OS is either w2k for Windows Server 2000 or W2K3 for Windows Server 2003.
Security Restrictions
Only local administrators can use dsview to view data.
Appendix A Utilities
279
MSGHOOK
Use this utility to display all IMA traffic on a member server.
Syntax
msghook
Remarks
Execute msghook only if information is requested by a Citrix Technical Support representative or a Citrix engineer. When invoked, this command significantly reduces MetaFrame Presentation Server performance. Msghook is not installed by default. It is located in the \support\debug\OS folder on the MetaFrame Presentation Server 3.0 CD; where OS is either w2k for Windows Server 2000 or W2K3 for Windows Server 2003.
Security Restrictions
Only MetaFrame Presentation Server administrators can execute this command.
280
QPRINTER
Use this utility to monitor the progress of the printer driver replication queue and to import printer name mapping parameters into the data store.
Syntax
qprinter [/replica] qprinter [/imprmapping mappingfilename]
Parameters
mappingfilename Specifies the full path to the text file containing the printer mapping parameters to import. The filename cannot have more than 256 characters and cannot contain quotation marks.
Options
/replica Displays all the replication entries queued for distribution but not yet completed. /imprmapping mappingfilename Imports printer mappings from the file specified by mappingfilename into the data store. The file format can be in either the Wtsprnt.inf format or the Wtsuprn.txt format.
Appendix A Utilities
281
Remarks
The /replica switch displays all events in the queue, including broken or failed events. The /imprmapping switch allows central administration of all printer name mappings. The file can be imported once from any server in the farm and is available for all servers in the farm. The /imprmapping switch does not process an improperly formatted file and does not return an error message when provided with an invalid file format. To verify the information is correctly imported into the data store, use the console. The MetaFrame Presentation Server installation first attempts to import the Wtsuprn.txt file, followed by the Wtsprnt.inf file. If the two files fail to import, no error message is returned. Use the /imprmapping switch to manually import either file. Qprinter is not installed by default. It is located in the \support\debug\OS folder on the MetaFrame Presentation Server 3.0 CD; where OS is either w2k for Windows Server 2000 or W2K3 for Windows Server 2003.
Security Restrictions
Only MetaFrame Presentation Server administrators can execute this command.
282
QUERYDC
Use this utility to determine the data collector for a given zone. Without any parameters, querydc defaults to the host servers zone and returns the zone name and name of the current zone data collector.
Syntax
querydc [-a] querydc [-e] querydc [-z zonename] querydc [-?]
Parameters
zonename The name of the zone to be queried. Enclose multi-word zone names within quotation marks.
Options
-a Displays all zones in the farm with the current zone data collector for each. -e Forces a new zone data collector election in the current zone. -z zonename Displays the current zone data collector for the zone specified by zonename. -? Displays the syntax for the utility and information about the utilitys options.
Appendix A Utilities
283
Remarks
Querydc uses the IMA Service to contact the local zone data collector for the requested information. Therefore, the IMA Service must be running for querydc to be successful. Querydc is not installed by default. It is located in the \support\debug\OS folder on the MetaFrame Presentation Server 3.0 CD; where OS is either w2k for Windows Server 2000 or W2K3 for Windows Server 2003.
Security Restrictions
Only MetaFrame Presentation Server administrators can execute this command.
284
QUERYDS
Because all dynamic information is stored in tables in the data collectors physical RAM, this command-line utility is provided to query the current information on the local zone data collector.
Syntax
queryds tables queryds /table:tablename queryds /query:querystring (Query String is optional, but you must specify a tablename.)
Parameters
tablename The name of the data collector table to query. Table names are case-sensitive.
Options
tables Returns a complete list of all tables available to query. /table:tablename Outputs to the screen the entire contents of the table specified by tablename.
Appendix A Utilities
285
Remarks
You can use queryds to determine which servers are currently available in a farm. It retrieves all information from the tables stored on the local zone data collector. For example, the PN_Table contains information about all available servers that are accepting Program Neighborhood connections. To view the entire contents of the PN_Table, execute the following command: queryds /table:PN_Table The output when executed on a single-server farm looks similar to the following: [PN_Table]: 1 records. name:588f host:XPSERVER1 zone:Zone1 Version:1 Tcp:enabled Ipx:enabled Netbios:disabled In a farm with 100 servers, this command outputs 702 lines of data. Use the findstr and sort command-line utilities to filter and sort the output for easier reading. Tip The findstr and sort commands are installed by default on both the Terminal Server Edition and Windows Server 2000 families. For more information about using the findstr command to filter output, type findstr /? at a command prompt. For more information about the sort command, type sort /? at a command prompt. The first entry shows the number of records in the PN_Table. This number also corresponds directly to the number of server records in the PN_Table. A server record does not exist in the PN_Table unless the servers IMA Service is started and the server is accepting Program Neighborhood connections. Thus, you can use the following command to determine how many servers in the farm are online: queryds /table:PN_Table | findstr /r PN_Table
286
The command shown below filters output using the word host (which prefaces each host name in the table) and displays an alphabetized list of all the servers currently online: queryds /table:PN_Table | findstr /r host | sort Using queryds in this manner provides a fast, customizable method to query any data collector table.
Queryds is not installed by default. It is located in the \support\debug\OS folder on the MetaFrame Presentation Server 3.0 CD; where OS is either w2k for Windows Server 2000 or W2K3 for Windows Server 2003.
Security Restrictions
You must be a MetaFrame Presentation Server administrator to execute this command.
Appendix A Utilities
287
QUERYHR
Use this utility to display information about member servers in the farm. Executing queryhr with no parameters lists all servers in the farm.
Syntax
queryhr [-z] queryhr [-h zonename] queryhr [-l] queryhr [-n hostname] queryhr [-i hostid] queryhr [-N] queryhr [-d hostid] queryhr [-?]
Parameters
zonename The name of the zone to be queried. Enclose multi-word zone names within quotation marks. hostname The name of the member server. hostid The host ID of the member server.
Options
-z Displays all available zones in the farm. -h zonename Displays all member servers in the zone specified by zonename. -l Displays the host record of the local host server. -n hostname Displays the host record for the member server specified by hostname, which is not case-sensitive.
288
-i hostid Displays the record for the member server specified by hostid. -N Displays the farm name. -d hostid Deletes the IMA Host Entry identified by hostid from the data collector, data store, and local host cache. For further information, see the Remarks section below. -? Displays the syntax for the utility and information about the utilitys options.
Remarks
Queryhr obtains information from the local host cache. Queryhr is best used to display information about servers in the farm, such as data collector ranking, host ID, zone names, and host names. CAUTION Do not use the d switch on farm servers that are working properly. After this switch is executed on a server, the server is no longer a member of the farm and the IMA Service will no longer start. The server must be reinstalled into the farm to restore functionality. Queryhr is not installed by default. It is located in the \support\debug\OS folder on the MetaFrame Presentation Server 3.0 CD; where OS is either w2k for Windows Server 2000 or W2K3 for Windows Server 2003.
Security Restrictions
You must be a MetaFrame Presentation Server administrator to execute this command.
Appendix A Utilities
289
SCCONFIG
By default, only processes required for smart card logon functionality (that is, Winlogon.exe and Lsass.exe) are turned on in MetaFrame Presentation Server. The smart card utility (Scconfig.exe) can be used to enable or disable smart card functionality for specific processes.
Syntax
scconfig [/?] scconfig [/server:sss] [/q] scconfig [/farm] [/q] scconfig [/server:sss] [/query] scconfig [/farm] [/query] scconfig [/server:sss] [/logon:on|off] scconfig [/farm] [/logon:on|off] scconfig [/server:sss] [/enable_process:ppp] scconfig [/farm] [/enable_process:ppp] scconfig [/server:sss] [/disable_process:ppp] scconfig [/farm] [/disable_process:ppp] scconfig [/server:sss] [/inherit:on|off]
Parameters
sss Name of server. ppp Name of process (for example, Outlook.exe).
290
Options
/farm View or modify farm-wide settings. /q, query Query current settings. /logon:on|off Enable/disable smart card logon on the server or farm. /enable_process:ppp Enable smart card support for the process specified. /disable_process:ppp Disable smart card support for the process specified. /inherit:on|off Inherit server settings from the farm. /server:sss Server to view or modify. This defaults to the local server. Example: To use Microsoft Outlook digital signatures and encryption with a smart card, you must enable the process Outlook.exe. On the remote server, the server subsystem handles the data store change event and makes the registry changes to enable or disable the feature. Use the /farm option to query or set a farm-wide default. Use the /inherit option to determine whether or not a server inherits a farmwide default. This functionality mimics that of twconfig and acrcfg.
Appendix A Utilities
291
LMNEWLOG
The lmnewlog utility switches the report log file by moving the existing report log information to a new file, then starting a new report log with the original report log file name. If you rotate report logs with lmnewlog instead of lmswitchr, you do not have to change the file name in the REPORTLOG line of the options file.
Syntax
lmnewlog [-c license_file_list] feature renamed_report_log -orlmnewlog [-c license_file_list] CITRIX renamed_report_log
Parameters
-c license_file_list Use the specified license files. feature Specifies any feature in the specified license files. CITRIX Specifies all features listed in the specified license files. renamed_report_log New file path where existing report log information is to be moved.
292
LMSWITCH
The lmswitch utility switches the debug log file written by the Citrix vendor daemon by closing the existing debug log for that vendor daemon and starting a new debug log for that vendor daemon with a new file name. It also starts a new debug log file written by that vendor daemon if one does not already exist.
Syntax
lmswitch [-c license_file_list] vendor new_debug_log
Parameters
-c license_file_list Use the specified license files. vendor Vendor daemon in this license file.. new_debug_log Path to new debug log file.
Remarks
By default, debug log output from lmgrd and all vendor daemons started by that lmgrd get written into the same debug file. lmswitch allows companies to keep separate log files for different vendors and control the size of their debug log file. If debug log output is not already directed to a separate file for this vendor daemon, lmswitch tells the vendor daemon to start writing its debug log output to a file, new_debug_log. If this vendor daemon is already writing to its own debug log, lmswitch tells the vendor daemon to close its current debug log file and start writing its debug log output to new_debug_log. Note The effect of lmswitch continues only until the vendor daemon is shut down or its options file is reread through lmreread. When the vendor daemon is restarted or its options file is reread, it looks for a DEBUGLOG line in the options file to determine whether or not to write its debug log output into its own file and, if so, what file to write.
APPENDIX B
Tested Hardware
The following hardware was used in the Citrix eLabs for testing MetaFrame Presentation Server 3.0: Acer Power Sd PIV as Client System Acer TravelMate C100 Acer TravelMate C110 Apple iMac Apple Power MAC G4 ( Non Windows PF Testing) Apple PowerBook G4 Alteon 24/24 Load Balancer Cisco Wireless WAP Cisco Aircards (802.11b) Cisco LocalDirector 416 Cisco PIXX 515 Firewall Appliance Compaq Aero Compaq Deskpro DPENM Compaq Deskpro DPEND Compaq DeskPro EN SFF Compaq DL 320 Compaq DL 350 Compaq DL 360 Compaq DL 380 Compaq DL 580 Compaq EVO T20 Compaq iPaq Compaq ML 330 Compaq Proliant BL20p Compaq Proliant 1850R Compaq Proliant 800 Compaq Proliant 8500R Compaq StorageWorks FC-AL Switch Compaq StorageWorks RA4100 Compaq StorageWorks MSA1000
294
Compaq TabletPC Compaq TaskSmart N2400 DLink DWL-650+ Wireles Card (22 MBs) Dell 1600SC Dell 1750 Dell OptiPlex GX1 Dell OptiPlex Gxa Dell PowerEdge 1400 Dell PowerEdge 1600SC Dell PowerEdge 1655MC Dell PowerEdge 1650 Dell PowerEdge 2650 Dell PowerEdge 6650 Dell Precision 220 machines Dell Precision 340 Dell Precision 360 EMC Celerra SE F5 BigIP 540 Load Balancer Fujitsu LifeBook P Series Fujitsu Stylistic 4100 Gateway ALR 7200 Hewlett Packard Jornada Hewlett Packard LaserJet Printers Hewlett Packard Netserver E60 Hewlett Packard NetServer LXe Pro Hewlett Packard ProCurve Switches Hewlett Packard TC4100 HHP USB Barcode Scanner IBM 4600 IBM IntelliStation M-Series IBM IntelliStation E-Series IBM NetFinity 3000 IBM NetFinity 3500 M10 IBM NetFinity 3500 M20 IBM NetFinity 5500 IBM ThinkPad R32 IBM xSeries 335 Identix Biometric Login USB devices (fingerprint) Intel 640T Lexmark T630 Lucent Pipeline ISDN Router Packeteer AppVantage ASM-70 Packeteer PacketShaper 2500 Packeteer Packetshaper 4500 Rainbow CryptoSwift 200 SSL Accelerator Cards
295
Rainbow CryptoSwift 600 SSL Accelerator Cards Shunra Storm Seirra Wireless PCMCIA cards Sun Blade 150 - ( Non Windows PF Testing) Sun Ultra 5 Toshiba Portege 3500 ViewSonic Airpanel 100 Wyse Winterms WT9450, WT1200LE
APPENDIX C
Error Codes
Signed value
0 1 2 3 4 5 9 1245185 1245186 2949121 -2147483647 -2147483646 -2147483645 -2147483644 -2147483643 -2147483642 -2147483641
Unsigned value
0 1 2 3 4 5 9 1245185 1245186 2949121 2147483649 2147483650 2147483651 2147483652 2147483653 2147483654 2147483655
Mnemonic
IMA_RESULT_SUCCESS IMA_RESULT_OPERATION_INCOMPLETE IMA_RESULT_CALL_NEXT_HOOK IMA_RESULT_DISCARD_MESSAGE IMA_RESULT_CREATED_NEW IMA_RESULT_FOUND_EXISTING IMA_RESULT_CONNECTION_IDLE IMA_RESULT_DS_NOT_INSTALLED IMA_RESULT_SECURITY_INFO_INCOMPLETE IMA_RESULT_ALREADY_MASTER IMA_RESULT_FAILURE IMA_RESULT_NO_MEMORY IMA_RESULT_INVALID_ARG IMA_RESULT_UNKNOWN_MESSAGE IMA_RESULT_DESTINATION_UNREACHABLE IMA_RESULT_REFERENCE_COUNT_NOT_ZERO IMA_RESULT_ENTRY_NOT_FOUND
298
Hex value
80000008h 80000009h 8000000Ah 8000000Bh 8000000Ch 8000000Dh 8000000Eh 8000000Fh 80000010h 80000013h 80000014h 80000015h 80000016h 80000017h 80000018h 80000019h 8000001Ah 8000001Ch 8000001Dh 8000001Eh 8000001Fh 80000020h 80000021h 80000022h 80000023h 80000024h 80000025h 80000026h
Signed value
-2147483640 -2147483639 -2147483638 -2147483637 -2147483636 -2147483635 -2147483634 -2147483633 -2147483632 -2147483629 -2147483628 -2147483627 -2147483626 -2147483625 -2147483624 -2147483623 -2147483622 -2147483620 -2147483619 -2147483618 -2147483617 -2147483616 -2147483615 -2147483614 -2147483613 -2147483612 -2147483611 -2147483610
Unsigned value
2147483656 2147483657 2147483658 2147483659 2147483660 2147483661 2147483662 2147483663 2147483664 2147483667 2147483668 2147483669 2147483670 2147483671 2147483672 2147483673 2147483674 2147483676 2147483677 2147483678 2147483679 2147483680 2147483681 2147483682 2147483683 2147483684 2147483685 2147483686
Mnemonic
IMA_RESULT_NETWORK_FAILURE IMA_RESULT_NOT_IMPLEMENTED IMA_RESULT_INVALID_MESSAGE IMA_RESULT_TIMEOUT IMA_RESULT_POINTER_IS_NULL IMA_RESULT_UNINITIALIZED IMA_RESULT_FINDITEM_FAILURE IMA_RESULT_CREATEPOOL_FAILURE IMA_RESULT_SUBSYS_NOT_FOUND IMA_RESULT_PS_UNINITIALIZED IMA_RESULT_REGMAPFAIL IMA_RESULT_DEST_TOO_SMALL IMA_RESULT_ACCESS_DENIED IMA_RESULT_NOT_SHUTTING_DOWN IMA_RESULT_MUSTLOAD_FAILURE IMA_RESULT_CREATELOCK_FAILURE IMA_RESULT_SHUTDOWN_FAILURE IMA_RESULT_SENDWAIT_FAILURE IMA_RESULT_NO_COLLECTORS IMA_RESULT_UPDATED IMA_RESULT_NO_CHANGE IMA_RESULT_LEGACY_NOT_ENABLED IMA_RESULT_VALUE_ALREADY_CREATED IMA_RESULT_UID_EXCEEDED_BOUNDS IMA_RESULT_NO_EVENTS IMA_RESULT_NOT_FOUND IMA_RESULT_ALREADY_EXISTS IMA_RESULT_GROUP_ALREADY_EXISTS
299
Hex value
80000027h 80000028h 80000029h 8000002Ah 8000002Bh 8000002Ch 8000002Dh 8000002Eh 8000002Fh 80000030h 80000031h 80000032h 80000033h 80000034h 80000035h 80000036h 80000037h 80000038h 80000039h 8000003Ah 80040001h 80040002h 80040003h 80040004h 80040005h 80040006h 80040007h 80040008h
Signed value
-2147483609 -2147483608 -2147483607 -2147483606 -2147483605 -2147483604 -2147483603 -2147483602 -2147483601 -2147483600 -2147483599 -2147483598 -2147483597 -2147483596 -2147483595 -2147483594 -2147483593 -2147483592 -2147483591 -2147483590 -2147221503 -2147221502 -2147221501 -2147221500 -2147221499 -2147221498 -2147221497 -2147221496
Unsigned value
2147483687 2147483688 2147483689 2147483690 2147483691 2147483692 2147483693 2147483694 2147483695 2147483696 2147483697 2147483698 2147483699 2147483700 2147483701 2147483702 2147483703 2147483704 2147483705 2147483706 2147745793 2147745794 2147745795 2147745796 2147745797 2147745798 2147745799 2147745800
Mnemonic
IMA_RESULT_NOT_A_GROUP IMA_RESULT_GROUP_DIR_ACCESS_FAILURE IMA_RESULT_EOF IMA_RESULT_REGISTRY_ERROR IMA_RESULT_DSN_OPEN_FAILURE IMA_RESULT_REMOVING_PSSERVER IMA_RESULT_NO_REPLY_SENT IMA_RESULT_PLUGIN_FAILED_VERIFY IMA_RESULT_FILE_NOT_FOUND IMA_RESULT_PLUGIN_ENTRY_NOT_FOUND IMA_RESULT_CLOSED IMA_RESULT_PATH_NAME_TOO_LONG IMA_RESULT_CREATEMESSAGEPORT_FAILED IMA_RESULT_ALTADDRESS_NOT_DEFINED IMA_RESULT_WOULD_BLOCK IMA_RESULT_ALREADY_CLOSED IMA_RESULT_TOO_BUSY IMA_RESULT_HOST_SHUTTING_DOWN IMA_RESULT_PORT_IN_USE IMA_RESULT_NOT_SUPPORTED IMA_RESULT_FILE_OPEN_FAILURE IMA_RESULT_SESSION_REQUEST_DENIED IMA_RESULT_JOB_NOT_FOUND IMA_RESULT_SESSION_NOT_FOUND IMA_RESULT_FILE_SEEK_FAILURE IMA_RESULT_FILE_READ_FAILURE IMA_RESULT_FILE_WRITE_FAILURE IMA_RESULT_JOB_CANNOT_BE_UPDATED
300
Hex value
80040009h 8004000Ah 80060001h 80060002h 80060003h 80060004h 80060005h 80060006h 80060007h 80060008h 80060009h 8006000Ah 8006000Bh 8006000Ch 8006000Dh 8006000Eh 8006000Fh 80060010h 80060011h 80060012h 80060013h 80060014h 80060015h 80060016h 80060017h 80060018h 80060019h 8006001Ah
Signed value
-2147221495 -2147221494 -2147090431 -2147090430 -2147090429 -2147090428 -2147090427 -2147090426 -2147090425 -2147090424 -2147090423 -2147090422 -2147090421 -2147090420 -2147090419 -2147090418 -2147090417 -2147090416 -2147090415 -2147090414 -2147090413 -2147090412 -2147090411 -2147090410 -2147090409 -2147090408 -2147090407 -2147090406
Unsigned value
2147745801 2147745802 2147876865 2147876866 2147876867 2147876868 2147876869 2147876870 2147876871 2147876872 2147876873 2147876874 2147876875 2147876876 2147876877 2147876878 2147876879 2147876880 2147876881 2147876882 2147876883 2147876884 2147876885 2147876886 2147876887 2147876888 2147876889 2147876890
Mnemonic
IMA_RESULT_NO_TARGET_HOSTS IMA_RESULT_NO_SOURCE_FILES IMA_RESULT_ATTR_NOT_FOUND IMA_RESULT_CONTEXT_NOT_FOUND IMA_RESULT_VALUE_NOT_FOUND IMA_RESULT_DATA_NOT_FOUND IMA_RESULT_ENTRY_LOCKED IMA_RESULT_SEARCH_HASMORE IMA_RESULT_INCOMPLETE IMA_RESULT_READEXCEPTION IMA_RESULT_WRITEEXCEPTION IMA_RESULT_LDAP_PARTIALINSTALL IMA_RESULT_LDAP_NOTREADY IMA_RESULT_BUFFER_TOO_SMALL IMA_RESULT_CONTAINER_NOT_EMPTY IMA_RESULT_CONFIGURATION_ERROR IMA_RESULT_GET_BASEOBJECT IMA_RESULT_GET_DERIVEDOBJECT IMA_RESULT_OBJECTCLASS_NOTMATCH IMA_RESULT_ATTRIBUTE_NOTINDEXED IMA_RESULT_OBJECTCLASS_VIOLATION IMA_RESULT_ENUMFAIL IMA_RESULT_ENUMNODATA IMA_RESULT_DBCONNECT_FAILURE IMA_RESULT_TRUNCATE IMA_RESULT_DUPLICATE IMA_RESULT_PS_NOTINITIALIZED IMA_RESULT_USING_ORACLE_7
301
Hex value
8006001Bh 8006001Ch 8006001Dh 8006001Eh 80060033h 80060034h 80060035h 80060036h 80060037h 80060038h 80060039h 8006003Ah 8006003Bh 8006003Ch 8006003Dh 8006003Eh 8006003Fh 80060040h 80110104h 80110105h 80130001h 80130002h 80130003h 80130004h 80130005h 80130006h
Signed value
-2147090405 -2147090404 -2147090403 -2147090402 -2147090381 -2147090380 -2147090379 -2147090378 -2147090377 -2147090376 -2147090375 -2147090374 -2147090373 -2147090372 -2147090371 -2147090370 -2147090369 -2147090368 -2146369276 -2146369024 -2146238463 -2146238462 -2146238461 -2146238460 -2146238459 -2146238458
Unsigned value
2147876891 2147876892 2147876893 2147876894 2147876915 2147876916 2147876917 2147876918 2147876919 2147876920 2147876921 2147876922 2147876923 2147876924 2147876925 2147876926 2147876927 214787928 2148598020 2148598272 2148728833 2148728834 2148728835 2148728836 2148728837 2148728838
Mnemonic
IMA_RESULT_USING_ORACLE_8 IMA_RESULT_USING_ORACLE_UNKNOWN IMA_RESULT_LOAD_DAO_ENGINE_FAILED IMA_RESULT_COMPACT_DB_FAILED IMA_RESULT_ODBC_NO_CONNECTIONS_AVAIL ABLE IMA_RESULT_CREATE_SQL_ENVIRONMENT_FAI LED IMA_RESULT_SQL_EXECUTE_FAILED IMA_RESULT_SQL_FETCH_FAILED IMA_RESULT_SQL_BIND_PARAM_FAILED IMA_RESULT_SQL_GET_COLUMN_DATA_FAILED IMA_RESULT_REPLICATED_DATA_CONTENTION IMA_RESULT_DB_TABLE_NOT_FOUND IMA_RESULT_CONNECTION_EXIST IMA_RESULT_QUERY_MAX_NODEID_FAILED IMA_RESULT_SQL_FUNCTION_SEQUENCE_ERR OR IMA_RESULT_DB_CONNECTION_TIMEOUT IMA_RESULT_SQL_INVALID_TRANSACTION_STA TE IMA_RESULT_DB_NO_DISK_SPACE LMS_RESULT_NO_SERVER_AVAILABLE IMA_RESULT_FULL_SERVER_OR_APP_LOAD_R EACHED IMA_RESULT_MORE_ITEMS IMA_RESULT_INVALID_ACCOUNT IMA_RESULT_INVALID_PASSWORD IMA_RESULT_EXPIRED_PASSWORD IMA_RESULT_GROUP_IGNORED IMA_RESULT_BUILTIN_GROUP
302
Hex value
80130007h 80130008h 80130009h 8013000Ah 8013000Bh 8013000Ch 80160001h 80160002h 80160003h 80160004h 80160005h 80160006h 80160007h 80160008h 80160009h 8016000Ch 8016000Fh 80160010h 80160011h 80160012h 80160013h 80160014h 80160015h 80260001h 80260002h 802D0001h 802D0002h
Signed value
-2146238457 -2146238456 -2146238455 -2146238454 -2146238453 -2146238452 -2146041855 -2146041854 -2146041853 -2146041852 -2146041851 -2146041850 -2146041849 -2146041848 -2146041847 -2146041844 -2146041841 -2146041840 -2146041839 -2146041838 -2146041837 -2146041836 -2146041835 -2144993279 -2144993278 -2144534527 -2144534526
Unsigned value
2148728839 2148728840 2148728841 2148728842 2148728843 2148728844 2148925441 2148925442 2148925443 2148925444 2148925445 2148925446 2148925447 2148925448 2148925449 2148925452 2148925455 2148925456 2148925457 2148925458 2148925459 2148925460 2148925461 2149974017 2149974018 2150432769 2150432770
Mnemonic
IMA_RESULT_DC_NOT_AVAILABLE IMA_RESULT_NW_CLIENT_NOT_INSTALLED IMA_RESULT_ACCOUNT_LOCKED_OUT IMA_RESULT_INVALID_LOGON_HOURS IMA_RESULT_ACCOUNT_DISABLED IMA_RESULT_PREFERRED_TREE_NOT_SET IMA_RESULT_NODE_NOT_FOUND IMA_RESULT_NODE_NAME_INVALID IMA_RESULT_NODE_NOT_EMPTY IMA_RESULT_NODE_MOVE_DENIED IMA_RESULT_NODE_NAME_NOT_UNIQUE IMA_RESULT_NODE_RENAME_DENIED IMA_RESULT_CONSTRAINT_VIOLATION IMA_RESULT_LDAP_PROTOCOL_ERROR IMA_RESULT_LDAP_SERVER_DOWN IMA_RESULT_NODE_DELETE_DENIED IMA_RESULT_CANNOTCHANGE_PASSWORD IMA_RESULT_CANNOTCHANGE_LAST_RW IMA_RESULT_LOGON_USER_DISABLED IMA_RESULT_CMC_CONNECTION_DISABLED IMA_RESULT_INSUFFICIENT_SERVER_SEC_FO R_USER IMA_RESULT_FEATURE_LICENSE_NOT_FOUND IMA_RESULT_DISALLOW_CMC_LOGON IMA_RESULT_NW_PRINT_SERVER_ALREADY_P RESENT IMA_RESULT_SERVER_ALREADY_PRESENT IMA_RESULT_TABLE_NOT_FOUND IMA_RESULT_NOT_TABLE_OWNER
303
Hex value
802D0003h 802D0004h 802D0005h 802D0006h 802D0007h 802D0008h 802D0009h 802D000Ah 802D000Bh 802D000Ch 80300001h 80300002h 80300003h 80300004h 80300005h 80300006h 80300007h 80300008h 80300009h 8030000Ah
Signed value
-2144534525 -2144534524 -2144534523 -2144534522 -2144534521 -2144534520 -2144534519 -2144534518 -2144534517 -2144534516 -2144337919 -2144337920 -2144337921 -2144337922 -2144337923 -2144337924 -2144337925 -2144337926 -2144337927 -2144337928
Unsigned value
2150432771 2150432772 2150432773 2150432774 2150432775 2150432776 2150432777 2150432778 2150432779 2150432780 2150629377 2150629378 2150629379 2150629380 2150629381 2150629382 2150629383 2150629384 2150629385 2150629386
Mnemonic
IMA_RESULT_INVALID_QUERY IMA_RESULT_TABLE_OWNER_HAS_CHANGED IMA_RESULT_SERVICE_NOT_AVAILABLE IMA_RESULT_ZONE_MASTER_UNKNOWN IMA_RESULT_NON_UNIQUE_HOSTID IMA_RESULT_REG_VALUE_NOT_FOUND IMA_RESULT_PARTIAL_LOAD IMA_RESULT_GATEWAY_NOT_ESTABLISHED IMA_RESULT_INVALID_GATEWAY IMA_RESULT_SERVER_NOT_AVAILABLE IMA_RESULT_SERVICE_NOT_SUPPORTED IMA_RESULT_BUILD_SD_FAILED IMA_RESULT_RPC_USE_ENDPOINT_FAILED IMA_RESULT_RPC_REG_INTERFACE_FAILED IMA_RESULT_RPC_LISTEN_FAILED IMA_RESULT_BUILD_FILTER_FAILED IMA_RESULT_RPC_BUFFER_TOO_SMALL IMA_RESULT_REQUEST_TICKET_FAILED IMA_RESULT_INVALID_TICKET IMA_RESULT_LOAD_TICKETDLL_FAILED
304
305
Message ID 3606
Severity Error
Message Text The Citrix MetaFrame Presentation Server failed to connect to the Data Store. Error - %1\r\nInvalid database user name or password. Ensure they are correct. If not, use DSMAINT CONFIG to change them. \r\n. Failed to connect to the database with error. Error - %1\r\nThe ACCESS .mdb file is missing.\r\n. The MetaFrame Presentation Server failed to connect to the Data Store. Error - %1\r\nThe database is down or there is a network failure.\r\n The MetaFrame Presentation Server failed to connect to the Data Store. Error - %1\r\nAn unknown failure occurred while connecting to the database.\r\n Configuration error: Failed to read the farm name out of the registry on a server configured \r\nto access the Data Store directly.\r\n Configuration error: Failed to get the farm name from the Data Store proxy server with error %1. This server is configured to access the Data Store indirectly. The server specified as the Data Store proxy is not available. Verify that the Data Store proxy server is accessible and that the IMA Service is started on it. Configuration error: Failed to open IMA registry key.\r\n 96 hours have passed since last successful connection to the Data Store. This server will no longer accept connections until successful connection to the Data Store is established.. The MetaFrame Presentation Server failed to connect to the Data Store. Error - %1 Invalid database user name or password. Ensure they are correct. If not, use DSMAINT CONFIG to change them. The MetaFrame Presentation Server failed to connect to the Data Store. Error - %1 The database is down or there is a network failure. The MetaFrame Presentation Server failed to connect to the Data Store. Error - %1 An unknown failure occurred while connecting to the database. Unable to bind to group context in data store. Group consistency check\r\nwill not run. (Result: %1)\r\n Unable to locate groups in data store at DN %1. Group consistency check will\r\nnot run. (Result: %2)\r\n Group Consistency Check: Group at DN %1 is missing the GroupMember Attribute.\r\n Group Consistency Check: Group at DN %1 contained reference to an unknown\r\nobject with type %3 and UID %2.\r\n
3607 3608
Error Error
3609
Error
3610 3611
Error Error
3612 3613
Error Error
3614
Warning
3615 3616
Warning Warning
306
Message Text Group Consistency Check: Group at DN %3 contains an object with UID %1\r\nand type %2. This object is missing the %4 attribute.\r\n Group Consistency Check: Group at DN %3 is contains an object with UID %1\r\nand type %2. This object is missing the value for the %4 attribute.\r\n Unable to bind to server contexts in data store. Server consistency\r\ncheck will not run. (Result: %1)\r\n Server Consistency Check: Unable to locate host records in data store. The\r\nserver host record consistency check will not run. (Result: %1)\r\n Server Consistency Check: Unable to locate common server records in data\r\nstore. The common server consistency check will not run. (Result: %1)\r\n Server Consistency Check: Unable to locate MetaFrame Presentation Server records in data\r\nstore. The MetaFrame server consistency check will not run. (Result: %1)\r\n Server Consistency Check: Host record for HostName %2 at DN %1 references a\r\nCommon Server record that cannot be found in the data store.\r\n Server Consistency Check: Host record for HostName %2 at DN %1 references a\r\nCommon Server record that has a HostName of %3. This mismatch is an error.\r\n Server Consistency Check: Host record for HostName %2 at DN %1 references a\r\nCommon Server record that cannot be found in the data store. (Result: %3)\r\n Server Consistency Check: Common Server record for HostName %2 at DN %1\r\nreferences a Host record that cannot be found in the data store.\r\n Server Consistency Check: Common Server record for HostName %2 at DN %1 has\r\na HostID of %3. The corresponding Host record has a HostID of %4. This\r\nmismatch is an error.\r\n Server Consistency Check: Common Server record for HostName %2 at DN %1\r\nreferences a Host record that cannot be found in the data store. (Result: %3)\r\n Server Consistency Check: The Common Server record with HostName %1 at DN %2\r\nis invalid. There is no registered server product for this record.\r\n. Server Consistency Check: The Common Server record with HostName %1 at DN %2\r\nis invalid. The corresponding MetaFrame Presentation Server record cannot be accessed.\r\n.
3872 3873
Error Error
3874
Error
3875
Error
3876
Error
3877
Error
3878
Error
3879
Error
3880
Error
3881
Error
3882
Error
3883
Error
307
Message ID 3884
Severity Error
Message Text Server Consistency Check: The MetaFrame Presentation Server record with HostName %1 at\r\nDN %2 is invalid. The associated Common Server UID is not set.\r\n. Server Consistency Check: The MetaFrame Presentation Server record with HostName %1 at DN %2\r\nis invalid. The associated Common Server record cannot be accessed.\r\n Server Consistency Check: The MetaFrame Presentation Server record with HostName %1 at\r\nDN %2 may be invalid. The MetaFrame Presentation Server record HostID of %3 does not match\r\nthe Common Server record HostID of %4.\r\n Server Consistency Check: The MetaFrame Presentation Server record with HostName %1 at\r\nDN %2 is invalid. The associated Common Server record has a different\r\nHostName (%3).\r\n Server Consistency Check: Unable to locate Load Manager for MetaFrame XP(TM) Server entry for HostName %1. \r\n(Result: %2)\r\n Server Consistency Check: The MetaFrame Presentation Server record with HostName %1 at\r\nDN %2 may be invalid. The Load Manager for MetaFrame XP(TM) Server entry was not found.\r\n Server Consistency Check: The MetaFrame Presentation Server record with HostName %1 at\r\nDN %2 is invalid. The associated Account Authority Server record was not found.\r\n Unable to bind to application contexts in data store. Application consistency\r\ncheck will not run. (Result: %1)\r\n Application Consistency Check: Unable to locate Common Application records\r\nin the data store. Common application consistency check will not run. \r\n(Result: %1)\r\n Application Consistency Check: Unable to locate MetaFrame Application records\r\nin the data store. MetaFrame application consistency check will not run. \r\n(Result: %1)\r\n Application Consistency Check: The Common Application record at DN %1 does not\r\nhave a Friendly Name. (Result: %2)\r\n Application Consistency Check: The Common Application record at DN %1 does not\r\nhave a Browser Name. (Result: %2)\r\n Application Consistency Check: The Common Application record with Friendly\r\nName %1 at DN %2 does not have a specialized application UID. (Result: %3)\r\n Application Consistency Check: The Common Application record with Friendly\r\nName %1 at DN %2 references a MetaFrame Application record that cannot be\r\naccessed. (Result: %3)\r\n
3885
Error
3886
Error
3887
Error
3888
Error
3889
Error
3890
Error
3904 3905
Error Error
3906
Error
3910
Error
308
Message ID 3911
Severity Error
Message Text Application Consistency Check: The Common Application record with Friendly\r\nName %1 at DN %2 references a MetaFrame Application record. This record does\r\nnot have a Friendly Name. (Result: %3)\r\n Application Consistency Check: The Common Application record with Friendly\r\nName %1 at DN %2 references a MetaFrame Application record. This record does\r\nnot have a Browser Name. (Result: %3)\r\n Application Consistency Check: The Common Application record at DN %2 has a\r\nFriendly Name of %1. The corresponding MetaFrame Application record has a\r\nFriendly Name of %3. This mismatch is an error.\r\n Application Consistency Check: The Common Application record at DN %2 has a\r\nBrowser Name of %1. The corresponding MetaFrame Application record has a\r\nBrowser Name of %3. This mismatch is an error.\r\n Application Consistency Check: The MetaFrame Application record at DN %1 does\r\nnot have a Friendly Name. (Result: %2)\r\n Application Consistency Check: The MetaFrame Application record at DN %1 does\r\nnot have a Browser Name. (Result: %2)\r\n Application Consistency Check: The MetaFrame Application record with Friendly\r\nName %1 at DN %2 does not have a common application UID. (Result: %3)\r\n Application Consistency Check: The MetaFrame Application record with Friendly\r\nName %1 at DN %2 references a Common Application record (UID %3) that cannot be\r\naccessed. (Result: %4)\r\n Application Consistency Check: The MetaFrame Application record with Friendly\r\nName %1 at DN %2 references a Common Application record. This record does\r\nnot have a Friendly Name. (Result: %3)\r\n Application Consistency Check: The MetaFrame Application record with Friendly\r\nName %1 at DN %2 references a Common Application record. This record does\r\nnot have a Browser Name. (Result: %3)\r\n Application Consistency Check: The MetaFrame Application record at DN %2 has a\r\nFriendly Name of %1. The corresponding Common Application record has a\r\nFriendly Name of %3. This mismatch is an error.\r\n
3912
Error
3913
Error
3914
Error
3918
Error
3919
Error
3920
Error
3921
Error
309
Message ID 3922
Severity Error
Message Text Application Consistency Check: The MetaFrame Application record at DN %2 has a\r\nBrowser Name of %1. The corresponding Common Application record has a\r\nBrowser Name of %3. This mismatch is an error.\r\n Common Application cleanup, deleting record at DN <%1> MetaFrame Application cleanup, deleting record at DN <%1> MetaFrame Presentation Server cleanup, deleting record at DN <%1> Common Server cleanup, deleting record at DN <%1> Server Host Record cleanup, deleting record at DN <%1> Unable to open Citrix Runtime registry key. Application terminated. \r\n(Status: %1)\r\n Unable to read Neighborhood name from registry. Application terminated. \r\n(Status: %1)\r\n Unable to initialize Data Store connection. This server must have a direct\r\nconnection to the data store. Application terminated. (Result: %1)\r\n Data Store Validation Utility. Version: %1 Unable to initialize event log. Messages will be displayed on console only.\r\n Some consistency checks were unsuccessful. Results below indicate the number\r\nof errors or -1 for test not run: Server Errors = %1,\r\nApplication Errors = %2, Group Errors = %3.\r\n All consistency checks were successful. Some consistency checks were unsuccessful. Results below indicate the number of errors or -1 for test not run: Server Errors = %1, Application Errors = %2, Group Errors = %3. The Data Collector is out of memory, and the Dynamic Store data might be out of sync.\r\n Elect a new Data Collector and ensure that you have enough memory on the new Data Collector.\r\n.
3959 3960
Error Error
3961
Error
310
Directory Subsystem, System\DataStoreDriver, Profiling\DataStore, Profiling\, Runtime\PersistentStore Runtime\DynamicStore, Profiling\DynamicStore IMA_FileSS ImaGrpSal, IMAGroup Runtime\HostResolver IMA_Browser ImaRpc, ImaLicRpc, ImaMfRpc ImsSal LmsSal, LMS_Subsystem MfAppSal, MFApp MfSrvSal, MFSrvSs Policy MfPrintSal, IMA_Printer, ImaRelSal, IMARelationship ImaDistSal, IMADistribution
Dynamic Store File Browsing Folder Enumeration Host Resolver IMA Browser IMA Program Interface (Windows Terminal Services, other software) IMS Load Management MetaFrame Applications (enumeration and properties) MetaFrame Server Properties (ICA Display, MetaFrame Settings) Policy Printer Management and Printer Drivers Printer Replication
311
MetaFrame Presentation Server System Program Neighborhood Remote Access Runtime Service Locator Subscription Manager User Management (User Lists, Viewing and Launching Applications. Network Printer Autocreation) Zone Manager
Subsystems to Trace MfPNSal RemoteAccess, Remote Access Runtime\Runtime Runtime\ServiceLocator Runtime\SubscriptionManager ImaUserSal, IMA_AAMS, WinDrvSS, NDSDrvSS Runtime\ZoneManager
312
-1072297321
C0160A97
RESOURCEMGR
-1072297320
C0160A98
RESOURCEMGR
-1072297281
C0160ABF
RESOURCEMGR
313
ERROR CODE (HEX) ERROR MESSAGE C0160AC0 AN ERROR OCCURRED WHEN ATTEMPTING TO CREATE THE APPLICATION. THE ERROR RETURNED WAS: ~0~. YOU MUST SPECIFY AN APPLICATION NAME. YOU MUST SPECIFY THE FULL PATH AND FILENAME OF THE APPLICATION. YOU MUST SELECT AT LEAST ONE SERVER. YOU HAVE NOT PROVIDED A NEW APPLICATION NAME. THIS APPLICATION NAME ALREADY EXISTS. ENTER A DIFFERENT APPLICATION NAME. AN ERROR OCCURRED WHEN ATTEMPTING TO UPDATE THE APPLICATION PROPERTIES. THE ERROR RETURNED WAS: ~0~. ERROR SENDING REQUEST FOR COUNTER LIST FROM FARM METRIC SERVER. ERROR TALKING TO THE MONITOR SUBSYSTEM. ERROR UPDATING APPLICATION PROPERTIES. CONFIRM THAT THE DATA STORE CAN BE ACCESSED. AN OBJECT WITH THE SAME NAME ALREADY EXISTS IN THE TARGET FOLDER! AN UNEXPECTED ERROR OCCURRED WHEN TRYING TO MOVE THE APPLICATION. THE ERROR RETURNED WAS: ~0~. THE APPLICATION NAME CAN BE NO LONGER THAN ~0~ CHARACTERS.
-1072297277 -1072297276
C0160AC3 C0160AC4
RESOURCEMGR RESOURCEMGR
-1072297272
C0160AC8
RESOURCEMGR
-1072297271
C0160AC9
RESOURCEMGR
-1072297270 -1072297268
C0160ACA C0160ACC
RESOURCEMGR RESOURCEMGR
-1072297267
C0160ACD
RESOURCEMGR
-1072297266
C0160ACE
RESOURCEMGR
-1072297265
C0160ACF
RESOURCEMGR
314
ERROR CODE (HEX) ERROR MESSAGE C0160AD2 C0160AD3 C0160AD4 C0160AD5 C0160AD6 ERROR READING APPLICATION METRIC PROPERTIES INFORMATION. ERROR RETRIEVING METRIC PROPERTIES. ERROR WRITING APPLICATION METRIC PROPERTIES INFORMATION. ERROR WRITING SERVER METRIC PROPERTIES INFORMATION. AN ERROR OCCURRED WHILE UPDATING THE APPLICATION METRICS. AN ERROR OCCURRED WHILE UPDATING THE APPLICATION METRIC PROPERTIES. SERVER_ADD_REMOVE_METRICS_ WRITE_ERROR SERVER_RESTORE_METRICS_WRIT E_ERROR AN UNKNOWN ERROR OCCURRED WHILE TRYING TO GET THE LOG FOR ~0~. AN UNEXPECTED ERROR OCCURRED RETRIEVING THE REBOOT MESSAGE DETAILS. THE ERROR RETURNED WAS: ~0~. AN UNEXPECTED ERROR OCCURRED SETTING THE REBOOT MESSAGE DETAILS. THE ERROR RETURNED WAS: ~0~. ERROR SENDING REQUEST FOR COUNTER LIST FROM FARM METRIC SERVER.
-1072297257
C0160AD7
RESOURCEMGR
-1072297251
C0160ADD
RESOURCEMGR
-1072297250
C0160ADE
RESOURCEMGR
-1072297231
C0160AF1
RESOURCEMGR
315
ERROR CODE (HEX) ERROR MESSAGE C0160AF2 THE FARM METRIC SERVER(S) CANNOT BE CONTACTED. THIS WILL CAUSE RESOURCE MANAGER TO FUNCTION INCORRECTLY. CHECK THAT THE FARM METRIC SERVER(S) ARE RUNNING AND CAN BE CONTACTED. FAILED TO SET ALERTS CONFIGURATION FAILED TO SET SNMP ALERTS CONFIGURATION: ~0~. MUST SUPPLY A GATEWAY NAME. MUST SUPPLY A USER NAME. MUST SUPPLY A GROUP NAME. GATEWAY "~0~" ALREADY EXISTS. USER OR GROUP NAME "~0~" ALREADY EXISTS. ILLEGAL CHARACTER(S) IN PHONE NUMBER. CANNOT ADD A USER - CONFIGURE A GATEWAY FIRST. CANNOT ADD A GROUP CONFIGURE A USER FIRST CANNOT DELETE GATEWAY WHILE A USER ITEM STILL REFERS TO IT. ILLEGAL CHARACTER(S) IN PREFIX. FAILED TO RETRIEVE REPORT: ~0~. THIS REPORT COULD NOT BE SAVED. CHECK THAT THE SERVER IS ONLINE AND THE LOCATION THAT THE FILE IS TO BE SAVED EXISTS AND THAT YOU HAVE THE NECESSARY PERMISSIONS TO SAVE FILES IN THAT LOCATION.
-1072297221 -1072297216 -1072297200 -1072297199 -1072297198 -1072297197 -1072297196 -1072297195 -1072297194 -1072297193 -1072297192 -1072297191 -1072297182 -1072297180
C0160AFB C0160B00 C0160B10 C0160B11 C0160B12 C0160B13 C0160B14 C0160B15 C0160B16 C0160B17 C0160B18 C0160B19 C0160B22 C0160B24
RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR RESOURCEMGR
316
ERROR CODE (HEX) ERROR MESSAGE C0160B25 C0160B4A C0160B4B C0160B4C C0160B4D FAILED TO CONVERT REPORT: ~0~. CITRIX RESOURCE MANAGER IS NOT LICENSED. UNABLE TO CONTACT IMA SERVICE RUNNING ON UNABLE TO CONTACT IMA SERVICE RUNNING ON RECEIVED AN INVALID PACKET FROM THE IMA SERVICE RUNNING ON FAILED TO GENERATE SERVER SUMMARY REPORT. CHECK THAT THE DBMS AND DATABASE CONNECTION SERVERS, AND THE IMA CONNECTION TO THE DATABASE CONNECTION SERVER ARE WORKING PROPERLY. FAILED TO GENERATE USER SUMMARY REPORT. CHECK THAT THE DBMS AND DATABASE CONNECTION SERVERS, AND THE IMA CONNECTION TO THE DATABASE CONNECTION SERVER ARE WORKING PROPERLY. FAILED TO GENERATE PROCESS SUMMARY REPORT. CHECK THAT THE DBMS AND DATABASE CONNECTION SERVERS, AND THE IMA CONNECTION TO THE DATABASE CONNECTION SERVER ARE WORKING PROPERLY. FAILED TO CREATE SERVER SNAPSHOT REPORT FAILED TO CREATE CURRENT USER REPORT FAILED TO CREATE CURRENT PROCESS REPORT
-1072297132
C0160B54
RESOURCEMGR
-1072297131
C0160B55
RESOURCEMGR
-1072297130
C0160B56
RESOURCEMGR
317
ERROR CODE (HEX) ERROR MESSAGE C0160B5A UNABLE TO COMMUNICATE WITH THE RESOURCE MANAGER DATABASE CONNECTION SERVER. SUMMARY REPORTS WILL NOT BE AVAILABLE. UNABLE TO COMMUNICATE WITH THE RESOURCE MANAGER DATABASE CONNECTION SERVER. SUMMARY REPORTS WILL NOT BE AVAILABLE. UNABLE TO COMMUNICATE WITH THE RESOURCE MANAGER DATABASE CONNECTION SERVER. SUMMARY REPORTS WILL NOT BE AVAILABLE. UNABLE TO COMMUNICATE WITH THE RESOURCE MANAGER LOCAL DATABASE. CURRENT REPORTS WILL NOT BE AVAILABLE UNABLE TO COMMUNICATE WITH THE RESOURCE MANAGER LOCAL DATABASE. CURRENT REPORTS WILL NOT BE AVAILABLE UNABLE TO COMMUNICATE WITH THE RESOURCE MANAGER LOCAL DATABASE. CURRENT REPORTS WILL NOT BE AVAILABLE THE SUMMARY DATABASE DOES NOT CONTAIN ENOUGH INFORMATION TO GENERATE A PROCESS SUMMARY REPORT. THE SUMMARY DATABASE CONTAINS NO SERVER INFORMATION. THE SUMMARY DATABASE DOES NOT CONTAIN ENOUGH INFORMATION TO GENERATE A USER SUMMARY REPORT. FAILED TO SAVE REPORTS
-1072297125
C0160B5B
RESOURCEMGR
-1072297124
C0160B5C
RESOURCEMGR
-1072297123
C0160B5D
RESOURCEMGR
-1072297122
C0160B5E
RESOURCEMGR
-1072297121
C0160B5F
RESOURCEMGR
-1072297120
C0160B60
RESOURCEMGR
-1072297119
C0160B61
RESOURCEMGR
-1072297118
C0160B62
RESOURCEMGR
-1072297117
C0160B63
RESOURCEMGR
318
ERROR CODE (HEX) ERROR MESSAGE C0160B64 UNABLE TO IDENTIFY THE SUMMARY DATABASE SOFTWARE VERSIONS. SUMMARY DATABASE FUNCTIONALITY MAY NOT OPERATE CORRECTLY IN THE PRESENTATION SERVER CONSOLE. UNABLE TO IDENTIFY ANY RESOURCE MANAGER SUMMARY DATABASE SERVERS IN THE FARM. ALL START TIMES SHOULD BE LESS THAN THE STOP TIMES SUMMARY DATABASE FUNCTIONALITY CANNOT BE ENABLED WITHOUT A DATABASE CONNECTION SERVER BEING SET. UNABLE TO IDENTIFY DATABASE CONNECTION SERVER ERROR SAVING FILE ~0~. CHECK ACCESS PERMISSIONS. ERROR SETTING THE METHOD OF SENDING E-MAIL ALERTS. FAILED TO READ SMTP SERVER CONFIGURATION. FAILED TO SET SMTP SERVER CONFIGURATION. FAILED TO SET SMTP RECIPIENT ADDRESSES. FAILED TO READ SMTP RECIPIENT ADDRESSES. A TIMEOUT HAS OCCURED! PLEASE TRY AGAIN! A FOLDER NAME CANNOT CONTAIN ANY OF THE FOLLOWING CHARACTERS: \ / : * ? " < > | PLEASE ENTER A FOLDER NAME!
-1072297115
C0160B65
RESOURCEMGR
-1072297114 -1072297252
C0160B66 C0160ADC
RESOURCEMGR RESOURCEMGR
-1072297113
500 510
1F4 1FE
511
1FF
ADMINMGR
319
ERROR CODE (HEX) ERROR MESSAGE 200 201 202 ACTION FAILED! CAN'T RENAME FOLDER! THE SELECTED FOLDER IS NOT EMPTY. A FOLDER CANNOT BE DELETED UNTIL IT IS EMPTY. CAN'T DELETE FOLDER! THE SELECTED FOLDER IS NOT EMPTY. A FOLDER CANNOT BE MOVED UNTIL IT IS EMPTY. CAN'T MOVE FOLDER! A FOLDER NAME CANNOT CONTAIN MORE THAN 256 CHARACTERS! THE LICENSE LIST IS INCOMPLETE. THE REQUEST FOR INFORMATION COULD HAVE TIMED OUT. FAILED TO INITIALIZE LIST CONTROL. THERE WAS AN UNEXPECTED INTERNAL ERROR IN PROCESSING THIS ACTION. THE VIEW COULD NOT BE REFRESHED. THE VIEW COULD NOT BE FOUND. THE VIEW COULD NOT BE REFRESHED. THE SELECTION IN THE TREE CHANGED UNEXPECTEDLY. THE LICENSE LIST IS INCOMPLETE. AN ERROR OCCURRED WHILE GETTING THE INFORMATION. YOU MUST HAVE ADMINISTRATOR RIGHTS TO RUN THIS APPLICATION. THE LICENSE COULD NOT BE ADDED.
515 516
203 204
ADMINMGR ADMINMGR
701 702
2BD 2BE
LICENSEMGR LICENSEMGR
703
2BF
LICENSEMGR
704
2C0
LICENSEMGR
705
2C1
LICENSEMGR
710 800
2C6 320
LICENSEMGR LICENSEMGR
320
ERROR CODE (HEX) ERROR MESSAGE 321 322 THE LICENSE COULD NOT BE ADDED. IT IS ALREADY INSTALLED. THE LICENSE COULD NOT BE ADDED. IT IS NOT A VALID SERIAL NUMBER. THE LICENSE COULD NOT BE ADDED. THE LICENSING SUBSYSTEM DID NOT RESPOND. THE LICENSE COULD NOT BE ADDED. THE PRODUCT ASSOCIATED WITH THIS LICENSE WAS NOT FOUND IN THIS FARM. THE SERIAL NUMBER MUST BE ENTERED IN THE FOLLOWING FORMAT: XXXXX-XXXXX-XXXXXXXXXX-XXXXX. YOU HAVE REACHED THE MAXIMUM NUMBER OF LICENSE PACKS ALLOWED PER SERVER. YOU CANNOT INSTALL ADDITIONAL LICENSE PACKS. PLEASE CONTACT CITRIX TECHNICAL SUPPORT. PLEASE ENTER A SERIAL NUMBER. THE LICENSE COULD NOT BE REMOVED. NONE OF THE SELECTED LICENSES COULD BE REMOVED. NOT ALL OF THE LICENSES WERE SUCCESSFULLY REMOVED. THERE MIGHT BE A DELAY BEFORE THE LICENSE INFORMATION IS UPDATED. THIS PRODUCT LICENSE CANNOT BE REMOVED. THERE WAS AN UNEXPECTED INTERNAL ERROR IN REMOVING THESE LICENSES.
803
323
LICENSEMGR
804
324
LICENSEMGR
805
325
LICENSEMGR
806
326
LICENSEMGR
823 824
337 338
LICENSEMGR LICENSEMGR
321
ERROR CODE (HEX) ERROR MESSAGE 339 THE LICENSE MAY OR MAY NOT HAVE BEEN REMOVED BECAUSE THE REQUEST TIMED OUT. THERE MIGHT BE A DELAY BEFORE THE LICENSE INFORMATION IS UPDATED. THE LICENSES MAY OR MAY NOT HAVE BEEN REMOVED BECAUSE THE REQUEST TIMED OUT. THERE MIGHT BE A DELAY BEFORE THE LICENSE INFORMATION IS UPDATED. THE ACTIVATION CODE MUST BE ENTERED IN THE FOLLOWING FORMAT: XXXXX-XXXXX. THE LICENSE COULD NOT BE ACTIVATED. IT MAY ALREADY BE ACTIVATED. THE LICENSE COULD NOT BE ACTIVATED. THE ACTIVATION CODE IS INCORRECT. CHECK THAT YOU ENTERED THE CODE CORRECTLY. THE LICENSE COULD NOT BE ACTIVATED. THE LICENSING SUBSYSTEM DID NOT RESPOND. PLEASE ENTER AN ACTIVATION CODE. COULD NOT FIND ASSIGNMENT DATA. THERE ARE NO LICENSES IN THIS LICENSE SET. ALL OF THE LICENSES IN THIS LICENSE SET ARE ALREADY ASSIGNED TO SERVERS. THE LICENSE COULD NOT BE ASSIGNED.
826
33A
LICENSEMGR
830
33E
LICENSEMGR
831
33F
LICENSEMGR
832
340
LICENSEMGR
833
341
LICENSEMGR
853
355
LICENSEMGR
322
ERROR CODE (HEX) ERROR MESSAGE 356 THE FULL <LICENSE NUMBER> COULD NOT BE ASSIGNED. ONLY <NUMBER> WAS ASSIGNED. IT MAY TAKE A MOMENT FOR THIS CHANGE TO APPEAR FULLY IN THE VIEWS. PLEASE SELECT A SERVER IN THE TREE. THE LICENSE COULD NOT BE ASSIGNED. YOU CANNOT ASSIGN MORE THAN ONE OF EACH PRODUCT LICENSE TO A SERVER. PLEASE ENTER A VALUE BETWEEN 1 AND <NUMBER>. THIS ASSIGNMENT ALREADY EXISTS. THIS PRODUCT LICENSE HAS ALREADY BEEN ASSIGNED TO THE SELECTED SERVER. THERE ARE NO LICENSES INSTALLED ON THIS FARM. YOU MUST ADD (AND ACTIVATE) ONE OR MORE LICENSES TO MAKE THEM AVAILABLE FOR ASSIGNMENT. NONE OF THE LICENSES INSTALLED ON THIS FARM ARE AVAILABLE FOR ASSIGNMENT. YOU CANNOT ASSIGN INACTIVATED, EVALUATION, OR EXPIRED LICENSES TO A CITRIX SERVER. FOR EXISTING LICENSE ASSIGNMENTS, YOU MUST DROP OR REDUCE THE ASSIGNMENT BEFORE YOU CAN ASSIGN THE LICENSE TO A NEW CITRIX SERVER. THE SELECTED ASSIGNMENT COULD NOT BE DROPPED. SOME OF THE SELECTED ASSIGNMENTS COULD NOT BE DROPPED. THERE MIGHT BE A DELAY BEFORE THE LICENSE INFORMATION IS UPDATED.
855 856
357 358
LICENSEMGR LICENSEMGR
857 858
359 35A
LICENSEMGR LICENSEMGR
859
35B
LICENSEMGR
860
35C
LICENSEMGR
870 871
366 367
LICENSEMGR LICENSEMGR
323
ERROR CODE (HEX) ERROR MESSAGE 368 NONE OF THE SELECTED ASSIGNMENTS COULD BE DROPPED. LICENSE ASSIGNMENT COULD NOT BE CHANGED. THE FULL <LICENSE NUMBER> COULD NOT BE ASSIGNED. ONLY <NUMBER> WAS ASSIGNED. IT MAY TAKE A MOMENT FOR THIS CHANGE TO APPEAR FULLY IN THE VIEWS. THIS LICENSE CANNOT BE POOLED. AN UNKNOWN ERROR OCCURRED WHILE LOADING <PLUGIN NAME> ITS FEATURES WILL NOT BE AVAILABLE DURING THIS SESSION. FARM LOGON ERROR PASS-THROUGH AUTHENTICATION FAILED, FAILED TO CONNECT TO SERVER <SERVER> 514 515 THE ICA DISPLAY SETTINGS COULD NOT BE CHANGED. THE PRODUCT CODE YOU ENTERED WAS INVALID. THE SERVER'S PRODUCT CODE HAS NOT BEEN CHANGED. THE PRODUCT CODE YOU ENTERED WAS INVALID. NONE OF THE SERVERS' PRODUCT CODES HAVE BEEN CHANGED. THE PRODUCT CODE COULD NOT BE CHANGED. THE VALUE ENTERED FOR "MAXIMUM MEMORY TO USE FOR EACH SESSION'S GRAPHICS" IS INVALID. PLEASE ENTER A VALUE BETWEEN 150 KILOBYTES AND 8192 KILOBYTES.
880 881
370 371
LICENSEMGR LICENSEMGR
882 1100
372
LICENSEMGR PLUGINMGR
1110 1111
PLUGINMGR PLUGINMGR
1300 1301
SERVERMGRNE W SERVERMGRNE W
1302
516
SERVERMGRNE W
1305 1306
519 51A
SERVERMGRNE W SERVERMGRNE W
324
ERROR CODE (HEX) ERROR MESSAGE 51B FAILED TO CHANGE THE LISTENING TCP PORT FOR THE CITRIX XML SERVICE! SOME SERVERS' PRODUCT CODES WERE CHANGED, BUT SOME COULD NOT BE. NONE OF THE SERVERS' PRODUCT CODES COULD BE CHANGED. PLEASE ENSURE THAT THE RESET VALUE IS GREATER OR EQUAL THAN THE SET VALUE. SESSION INFORMATION IS NOT AVAILABLE FOR THIS SESSION. USER INFORMATION WILL BE REFRESHED. FAILED TO DISCONNECT SESSION. USER INFORMATION WILL BE REFRESHED. FAILED TO CONNECT SESSION. USER INFORMATION WILL BE REFRESHED. WRONG PASSWORD. LETTERS IN PASSWORDS MUST BE TYPED USING THE CORRECT CASE. ENSURE THAT CAPS LOCK IS NOT ACCIDENTALLY ON. FAILED TO RESET SESSION. USER INFORMATION WILL BE REFRESHED. UNABLE TO SEND MESSAGE TO THE SELECTED SESSION. USER INFORMATION WILL BE REFRESHED. STATUS INFORMATION IS NOT AVAILABLE FOR THIS SESSION. USER INFORMATION WILL BE REFRESHED. UNABLE TO COLLECT PROCESS DATA FOR THIS SERVER. THE REQUEST TIMED OUT.
1308
51C
1309 1311
51D 51F
1312
520
1313
521
1314
522
1314
522
1315 1316
523 524
1317
525
1318
526
SERVERMGRNE W
325
ERROR CODE (HEX) ERROR MESSAGE 527 UNABLE TO COLLECT SESSION DATA FOR THIS SERVER. THE REQUEST TIMED OUT. THE AUTO CLIENT RECONNECT SETTINGS COULD NOT BE CHANGED. PLEASE CHOOSE A FEATURE RELEASE LEVEL. THE FEATURE RELEASE LEVEL COULD NOT BE CHANGED. THE FILE TYPE ASSOCIATION SETTINGS COULD NOT BE CHANGED. 53D 546 547 THE ENABLE LOGON SETTINGS COULD NOT BE CHANGED. THE ICA KEEP-ALIVE SETTINGS COULD NOT BE CHANGED THE ENTERED ICA KEEP-ALIVE TIME-OUT VALUE IS INVALID. PLEASE ENTER A VALUE BETWEEN 1 AND 3600 SECONDS. THE SPEEDSCREEN SETTINGS COULD NOT BE CHANGED. COULD NOT ENUMERATE PUBLISHED APPLICATIONS FOR THIS SERVER. ERROR CHANGING THE CONNECT TO CONSOLE SETTING. A ZONE WITH THE SAME NAME ALREADY EXISTS! A ZONE CANNOT BE DELETED UNTIL ALL SERVERS HAVE BEEN REMOVED FROM IT! A ZONE MUST CONTAIN AT LEAST ONE SERVER!
ERROR COMES FROM SERVERMGRNE W SERVERMGRNE W SERVERMGRNE W SERVERMGRNE W SERVERMGRNE W SERVERMGRNE W SERVERMGRNE W SERVERMGRNE W
1320
528
532 533
1360 1370
550 55A
1602
642
326
ERROR CODE (HEX) ERROR MESSAGE 8FD AN ERROR OCCURRED WHILE RETRIEVING INFORMATION FROM INSTALLATION MANAGER. THE INFORMATION DISPLAYED MAY BE INCOMPLETE. IF THE PROBLEM PERSISTS, CONTACT CITRIX TECHNICAL SUPPORT. AN INTERNAL ERROR OCCURED WHILE LOADING DEFAULT ICONS. THE DATA STORE IS NOT AVAILABLE. SOME FEATURES MAY NOT BE AVAILABLE. THE OPERATION TO REMOVE THE SERVER FROM FARM HAS TIMED OUT, BUT IT MAY HAVE SUCCEEDED. THE PERSISTENT STORE SERVER CANNOT BE REMOVED. THE LOAD EVALUATOR NAME IS ALREADY BEING USED. PLEASE USE A DIFFERENT NAME. CANNOT DELETE THE DEFAULT EVALUATOR. THE LOAD EVALUATOR IS STILL IN USE. PLEASE DETACH THE LOAD EVALUATOR FROM ANY SERVERS OR APPLICATIONS BEFORE DELETING. CANNOT DELETE THE DEFAULT EVALUATOR OR LOAD EVALUATORS THAT ARE STILL IN USE. PLEASE DETACH THE LOAD EVALUATORS FROM ANY SERVERS OR APPLICATIONS BEFORE DELETING. AT LEAST ONE LOAD EVALUATOR COULD NOT BE DELETED BECAUSE IT IS STILL IN USE. PLEASE DETACH THE LOAD EVALUATORS FROM ANY SERVERS OR APPLICATIONS BEFORE DELETING.
5556 5650
15B4 1612
2147483659
8000000B
2147483692 2148598021
8000002C 80110105
2148598022 2148598023
80110106 80110107
LMSADMIN LMSADMIN
2148598022
80110106
LMSADMIN
2148598023
80110107
LMSADMIN
327
ERROR CODE (HEX) ERROR MESSAGE VARIOUS 801C000E AT LEAST ONE LOAD EVALUATOR COULD NOT BE DELETED. THE SERVER IS STILL REACHABLE, AND CANNOT BE REMOVED. IT SHOULD BE REMOVED BY UNINSTALL PROGRAM. COULD NOT READ APPLICATION DATA FROM THE CITRIX SERVER FARM. COULD NOT WRITE APPLICATION DATA TO THE CITRIX SERVER FARM. COULD NOT DELETE APPLICATION DATA FROM THE CITRIX SERVER FARM. DISPLAY NAME NOT SPECIFIED.
3221553157
C0050005
METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR
3221553158
C0050006
3221553159
C0050007
3221553162
C005000A
3221553163
C005000B
THE DISPLAY NAME ALREADY EXISTS IN THIS APPLICATION FOLDER. THE APPLICATION NAME CANNOT CONTAIN ANY OF THE FOLLOWING CHARACTERS: \/;:.*?=<>|[]()'" THE COMMAND LINE IS REQUIRED TO PUBLISH AN APPLICATION. ENTER THE PATH AND FILENAME OF THE APPLICATION'S EXECUTABLE FILE IN THE COMMAND LINE BOX. THE CONTENT ADDRESS IS REQUIRED TO PUBLISH A CONTENT. ENTER THE UNC OR THE URL ADDRESS FOR THE CONTENT. THE WINDOW SIZE SPECIFIED IS TOO SMALL.
3221553166
C005000E
3221553167
C005000F
3221553167
C005000F
3221553170
C0050012
328
ERROR CODE (HEX) ERROR MESSAGE C0050013 THE WINDOW SIZE SPECIFIED IS TOO LARGE. FILE PATHS CANNOT CONTAIN ANY OF THE FOLLOWING CHARACTERS: / *?"<>| THE ICA FILE NAME YOU ENTERED CANNOT BE FOUND. USE THE BROWSE BUTTON TO LOCATE AND SELECT THE ICA FILE. UNABLE TO WRITE THE FILE TO DISK. THE DISPLAY NAME CANNOT CONTAIN ANY OF THE FOLLOWING CHARACTERS: \/;:.*?=<>|[]()'" THE APPLICATION HAS A MINIMUM REQUIRED ENCRYPTION LEVEL OF: <LEVEL>. YOU CANNOT CREATE AN ICA FILE WITH AN ENCRYPTION LEVEL LESS THAN THIS. THE APPLICATION HAS A MINIMUM AUDIO REQUIREMENT. YOU MUST SPECIFY AN AUDIO SETTING. YOU MUST ENTER A TCP/IP PORT BETWEEN 1 AND 65536. YOU MUST SPECIFY A SERVER TO GET BROWSING INFORMATION FROM. THE APPLICATION NAME MAY ONLY HAVE A MAXIMUM OF 38 ANSI CHARACTERS, OR 19 UNICODE CHARACTERS.
ERROR COMES FROM METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR METAFRAMEPU B APPMGR
3221553173
C0050015
3221553174
C0050016
3221553175
C0050017
3221553178
C005001A
3221553180
C005001C
3221553181
C005001D
3221553182
C005001E
3221553182
C005001E
3221553186
C0050022
329
ERROR CODE (HEX) ERROR MESSAGE C0050023 THE SELECTED APPLICATION MAY NOT HAVE BEEN PUBLISHED BECAUSE THE REQUEST HAS TIMED OUT. IF THE PUBLISHED APPLICATION DOES NOT APPEAR IN THE PRESENTATION SERVER CONSOLE, PLEASE TRY AGAIN. THE SELECTED PUBLISHED APPLICATION COULD NOT BE COPIED BECAUSE THE DATA CANNOT BE ACCESSED FROM THE DATA STORE. YOU CANNOT CHANGE THE PROPERTIES OF AN APPLICATION PUBLISHED WITH AN UPDATED VERSION OF METAFRAME PRESENTATION SERVER. TO EDIT THE PROPERTIES, YOU MUST CONNECT TO A METAFRAME PRESENTATION SERVER WITH THE LATEST SERVICE PACK INSTALLED OR INSTALL THE LATEST SERVICE PACK ON ALL METAFRAME PRESENTATION SERVERS IN YOUR FARM. THE ICA FILE WAS NOT CREATED BECAUSE A SERVER HOSTING THE APPLICATION DID NOT RESPOND. PLEASE TRY AGAIN. THE APPLICATION NAME ALREADY EXISTS IN THE SERVER FARM. FAILED TO ADD NETWORK PRINT SERVER <SERVERNAME>. THE SPECIFIED NETWORK PRINT SERVER HAS ALREADY BEEN ADDED. THE SPECIFIED NETWORK PRINT SERVER COULD NOT BE CONTACTED OR HAS NO PRINTERS.
3221553188
C0050024
METAFRAMEPU B APPMGR
3221553189
C0050025
METAFRAMEPU B APPMGR
3221553190
C0050026
3221553191
C0050027
3222470657 3222470658
C0130001 C0130002
3222470659
C0130003
PRINTERMGR
330
ERROR CODE (HEX) ERROR MESSAGE C0130004 C0130005 C0130006 YOU MUST ENTER A USER NAME. FAILED TO DELETE NETWORK PRINT SERVER <SERVERNAME>. FAILED TO REFRESH NETWORK PRINT SERVER DATA FOR SERVER <SERVERNAME>. COULD NOT ENUMERATE ALL PRINTERS. COULD NOT ENUMERATE PRINTERS FOR SERVER <SERVERNAME>. COULD NOT ENUMERATE ALL DRIVERS. COULD NOT ENUMERATE DRIVERS FOR SERVER <SERVERNAME>. COULD NOT ENUMERATE METAFRAME SERVERS FOR THIS FARM. COULD NOT ENUMERATE SERVERS THAT HAVE PRINT DRIVER <DRIVERNAME>. REPLICATION FAILED. REPLICATION FROM SERVER <SERVERNAME> FAILED. THE DRIVERS YOU SELECTED ARE FOR DIFFERENT PLATFORMS. WHEN SELECTING MULTIPLE DRIVERS, ALL DRIVERS MUST BE FOR THE SAME PLATFORM. COULD NOT ENUMERATE OPERATING SYSTEM PLATFORMS. THE SPECIFIED DRIVER ALREADY EXISTS IN THE COMPATIBILITY LIST. FAILED TO SET COMPATIBILITY LIST.
3222470668
C013000C
PRINTERMGR
331
ERROR CODE (HEX) ERROR MESSAGE C0130013 C0130014 C0130015 C0130016 C0130018 COULD NOT ENUMERATE DRIVER MAPPING LIST. FAILED TO SET DRIVER MAPPING LIST. COULD NOT ENUMERATE BANDWIDTH LIMITS. FAILED TO SET BANDWIDTH LIMITS. COULD NOT ENUMERATE USERS AND GROUPS CONFIGURED FOR PRINTER <PRINTERNAME>. COULD NOT ENUMERATE ALL USERS AND GROUPS FOR SPECIFIED DOMAIN. FAILED TO SET AUTO-CREATION SETTINGS FOR PRINTER <PRINTERNAME>. FAILED TO COPY AUTO-CREATION SETTINGS FROM PRINTER <PRINTERNAME>. COULD NOT ENUMERATE CLIENT PRINTER LIST. THE SPECIFIED CLIENT PRINTER ALREADY EXISTS IN THE LIST. THE SPECIFIED PORT HAS ALREADY BEEN ASSIGNED FOR THIS CLIENT. COULD NOT ENUMERATE AUTOREPLICATION LIST. FAILED TO SET AUTO-REPLICATION LIST. COULD NOT ENUMERATE COMPATIBILITY LIST. THE SPECIFIED CLIENT DRIVER ALREADY EXISTS IN THE MAPPING LIST.
3222470681
C0130019
PRINTERMGR
3222470682
C013001A
PRINTERMGR
3222470684
C013001C
PRINTERMGR
332
ERROR CODE (HEX) ERROR MESSAGE C0130024 C0130025 C0130026 COULD NOT ENUMERATE DOMAINS. FAILED TO SET CLIENT PRINTER LIST. FAILED TO DETERMINE OPERATING SYSTEM PLATFORM FOR ONE OR MORE SERVERS IN THE FARM. THESE SERVERS CANNOT BE USED AS DESTINATIONS FOR PRINTER DRIVER REPLICATION ACTIONS. THE PRINTER MANAGEMENT SYSTEM ON THE PREFERRED SERVER COULD NOT BE CONTACTED. YOU WILL NOT BE ABLE TO MAKE CHANGES TO PRINTER-RELATED DATA. COULD NOT ENUMERATE SERVERS WITH THE PRINT DRIVER <DRIVERNAME>. THE NAMES OF SOME USERS COULD NOT BE OBTAINED. COULD NOT GET THE PLATFORM FOR SERVER <SERVERNAME>. COULD NOT ENUMERATE NETWORK PRINT SERVERS. FAILED TO GET DRIVER FOR PRINTER <PRINTERNAME> THE SPECIFIED DOMAIN DOES NOT EXIST OR DOES NOT TRUST THE FARM. THE SPECIFIED DRIVER HAS BEEN MARKED INCOMPATIBLE WITH ALL SERVER PLATFORMS IN THE FARM. SEARCH FAILED. AN UNKNOWN ERROR OCCURRED. GENERAL FAILURE.
3222470695
C0130027
PRINTERMGR
3222470696
C0130028
PRINTERMGR
3222470704
C0130030
PRINTERMGR
333
ERROR CODE (HEX) ERROR MESSAGE C0138002 C0138004 THERE IS NOT ENOUGH MEMORY TO COMPLETE THE OPERATION. THERE ARE NOT ENOUGH RESOURCES TO COMPLETE THE OPERATION. THE ITEM WAS NOT FOUND. THE OPERATION TIMED OUT. ENUMERATION FAILED. ACCESS IS DENIED. NETWORK FAILURE. THE DESTINATION COULD NOT BE FOUND. THE SERVER COULD NOT BE CONTACTED. AUTHENTICATION FAILED. THE DOMAIN CONTROLLER COULD NOT BE CONTACTED. THE ITEM ALREADY EXISTS. THE SERVER IS PART OF THE FARM. THE NETWORK SERVER HAS ALREADY BEEN ADDED. COULD NOT ENUMERATE THE USER ACCOUNTS IN THIS DOMAIN. THERE MIGHT BE COMMUNICATION PROBLEMS ON THE NETWORK. COULD NOT COLLECT REQUIRED USER ACCOUNT INFORMATION FOR SOME OR ALL OF THE ACCOUNTS FROM THIS DOMAIN. THESE USERS WILL NOT BE ADDED TO CONFIGURED ACCOUNTS LIST. THE DOMAIN CONTROLLER FOR THIS DOMAIN IS NOT AVAILABLE.
3222503429 3222503430 3222503431 3222503432 3222503433 3222503434 3222503440 3222503442 3222503443 3222503444 3222503445 3222503446 3222798336/ VARIOUS
C0138005 C0138006 C0138007 C0138008 C0138009 C013800A C0138010 C0138012 C0138013 C0138014 C0138015 C0138016 C0180000/ VARIOUS
PRINTERMGR PRINTERMGR PRINTERMGR PRINTERMGR PRINTERMGR PRINTERMGR PRINTERMGR PRINTERMGR PRINTERMGR PRINTERMGR PRINTERMGR PRINTERMGR USERENUMERA TION
3222798337
C0180001
USERENUMERA TION
3222798338
C0180002
USERENUMERA TION
334
ERROR CODE (HEX) ERROR MESSAGE C0180003 ONE OR MORE SERVERS SELECTED TO HOST THIS APPLICATION HAVE FAILED TO COMPLETE THE INITIAL STARTUP SEQUENCE. THE SERVER(S) WILL NOT BE AVAILABLE FOR PUBLISHING APPLICATIONS UNTIL THE IMA SERVICE IS RESTARTED. THE ACCOUNTS TRUSTED BY THE SELECTED SERVERS COULD NOT BE DETERMINED. COULD NOT ENUMERATE DOMAINS. COULD NOT ATTACH LOAD EVALUATOR TO THIS SERVER. COULD NOT CREATE A NEW LOAD EVALUATOR. COULD NOT DELETE THE LOAD EVALUATOR. COULD NOT GET THE LIST OF SERVERS ATTACHED TO THE APPLICATION. COULD NOT MODIFY THE LOAD EVALUATOR. THE PRESENTATION SERVER CONSOLE FAILED TO REMOVE THE SERVER. INSTALLATION MANAGER NETWORK BROWSER FAILED. INSTALLER FAILED (USUALLY ADF INSTALLER SINCE MSI HAS ITS OWN ERROR CODES). LOGON TO THE NETWORK SHARE ACCOUNT FAILED. NO NETWORK SHARE POINT ACCOUNT IS SPECIFIED.
3222798340
C0180004
VARIOUS VARIOUS
VARIOUS VARIOUS
80240008 80240002
80240003 80240001
IMSMGR IMSMGR
335
ERROR CODE (HEX) ERROR MESSAGE 80240005 80240004 80240006 PACKAGE IS IN USE AND CANNOT BE MODIFIED. PACKAGE WITH THE SAME NAME ALREADY EXISTS. THE OPERATION IS NOT ALLOWED, FOR EXAMPLE, A JOB CANNOT BE MODIFIED AFTER IT IS STARTED. THE PACKAGE FILE PROVIDED (WHEN ADDING A PACKAGE TO THE DATA STORE) IS NOT A VALID (MSI OR ADF) PACKAGE.
80240007
IMSMGR
336
803a002
An error occurred while trying to enumerate user accounts in domain group, contained within a cost center. The billing report cannot be generated.
803a004
803a005
803a0013
337
Cause/Solution Returned if any of the Billing stored procedures fail. More detailed information is returned to the database connection server log file. A possible cause could be a corrupt summary database schema. Returned if the database connection server cannot close the connection to the summary database after generating a billing report. More detailed information is written to the database connection server log file. Returned if the schema is correct but the version in the summary database does not match that held in the subsystem. When upgrading a farm, the schema version is updated. However, users might see this problem if they are connecting an old farm (that is, Feature Release 1) to a new summary database (that is, Feature Release 3). Returned if the user is attempting to use a database that is not supported for the summary database (that is DB2). Not an error message, more just a warning telling users that they are attempting to generate a billing report without selecting any of the configured fee profiles. Cause is as stated in message.
803a0015
803a0017
The version of the summary database is not compatible with this version of Resource Manager. Billing reports will not be available.
803a0018
The summary database DBMS type is not supported by Resource Manager. Billing reports will not be available. The fees that are used to calculate the costs in this billing report have not been configured. Do you want to continue with the generation of the report? The fees that will be used to calculate the costs in this Billing report were entered from a Presentation Server Console running in a different country. No currency conversion is performed. This may result in incorrect costs being calculated. Do you want to continue with the generation of the report? An error occurred while generating the report.
803a0019
803a0020
803a0021
Returned if the reports subsystem returned corrupted data to the billing subsystem to be displayed.
338
Error Message An error occurred retrieving the DBMS user credentials from the database connection server. Billing reports will not be available. The Billing HTML template file could not be found.
Cause/Solution Returned if the database connection server cannot provide the DSN connection details to the billing subsystem through the summary database subsystem. Returned if there is no template with which to create the billing report.
803f0001
APPENDIX D
Index
341
Index
A
Active Directory and Windows policies 168 deploying clients with 80 deploying Program Nieghborhood Agent with 80 deploying Program Nieghborhood with 80 deploying with 68 forest trusts 223 administrative share point deploying from 70 administrator accounts configuring 185 aliases creating, in Novell Directory Services 250 application folders 90 apputil command 60, 151 Audio Recording feature 169 used with Program Neighborhood 170 used with Program Neighborhood Agent 170 Auto-End Tasks feature 159 auto-replication of printer drivers 256 configuring administrator accounts 185 client and server proxy settings 199 data collectors 26 data refresh 89 default gateway 49 IIS server 191 operating system 17 routing table 48 SNMP service 186 ZENworks container packages 239 content publishing with the Web Interface 131 content redirection 130 from client to server 131 with the Web Interface 131 cycle booting servers 96
D
data collectors configuring 26 election of 35 estimating traffic to 27 formula for interzone connections 25 data store cluster failover support 44 communication with ODBC 189 dsmaint command 187, 214, 273, 305 hardware components 43 implementing in a SAN 4246 object sizes in 16 objects 37 optimizing network connections to 3941 replicating 257 replication, troubleshooting 268 securing 187 troubleshooting connections 214 using IBM DB2 189 using Microsoft Access 187 using Microsoft SQL Server 188 using MSDE 188 using Oracle 188 delegated administration 91
B
blades servers 60
C
CAB client packages 76 changing farm membership of servers 94 chfarm command 94, 215 Citrix IMA Service 32, 62, 96 error codes 297 logging 213 memory consumption by 18 troubleshooting 211 Citrix XML Service 181, 324 cluster failover support 44 Computer Associates Unicenter deploying with 69
342
denial of service attacks securing against 190 deploying MetaFrame Presentation Server blades servers 60 from an administrative share point 70 rapidly, with Oracle 64 with Active Directory 68 with Computer Associates Unicenter 69 with Installation Manager 66 with Microsoft Access 63 with Oracle Real Application Clusters 71 deployment server 99 DNS round robin and load balancing 55 servers and client connections 53 document center 10 driveremap command 58 dsmaint command 187, 214, 273, 305 dynamic client name 76
E
error codes Citrix IMA Service 297
J
job scheduling in server farms 101
F
failed installations troubleshooting 214 Fibre Channel 42 file type association 226 force reinstall 150 forest trusts 223
L
load balancing 41, 55, 180 tuning load bias 162 load management 90 Load Manager 16, 307, 310 local host cache change events 36 logging Citrix IMA Service 213
H
hardware components of data store 43 hardware configuration recommendations 13 Hyper-Threading 19, 21
M
management consoles installing 87 MetaFrame Access Suite Console 87 Presentation Server Console 87 MetaFrame Access Suite Console 87 and pass-through authentication 91 installing 88 Report Center 92 using 9193 MetaFrame administrators configuring user accounts for 185 privileges, assigning to NDS objects 242
I
IBM DB2 and ODBC tracing 228 as data store host 189 security considerations 189
Index
MetaFrameCOM (MFCOM) 146 Microsoft Access and rapid deployment 63 as data store host 187 security considerations 187 Microsoft SQL Server and ODBC tracing 228 cluster failover support with 44 replication troubleshooting 219 security considerations 188 MSDE as data store host 188 security considerations 188 multihoming servers 47 with 44 Real Application Clusters, deploying with 71 security considerations 188
343
P
package server 99 pass-through authentication and Novell Directory Services 243, 247 and Program Neighborhood 75 and Program Neighborhood Agent 75 and the MetaFrame Access Suite Console 91 disabling 193 disabling in Program Neighborhood 193 disabling in Program Neighborhood Agent 194 Pre-installation update bulletin 57 Presentation Server Client and DNS servers 53 CAB packages 76 deploying, with Active Directory 80 dynamic name feature 76 installation, silent 73 NDS usage 247 Novell Directory Services usage with 247 proxy configuration 199 securing communication 192 Presentation Server Console 87, 190 and data store objects 37 Application Publishing Wizard 151 error codes 312 installing 87 logging on with NDS credentials 243 securing 190 security 190 using 8991 printer drivers 254256 auto replication 256 automatic installation 251 driver replication and server performance 255 managing the replication queue 254 replication 254 replication and performance issues 255
N
network interface cards multihoming 47 teaming 39 Network Manager 109110 Novell Directory Services accessing 232 client, installing 234 configuring ZENworks container packages 239 creating aliases 250 enabling usage in the Web Interface 245 farm layout 232 organizing published applications 250 system requirements 232 troubleshooting 216 usage with Presentation Server Client 247 NTFS partitions 17, 186
O
ODBC and data store communication 189 connection failure, troubleshooting 213 tracing, with IBM DB2 228 tracing, with Microsoft SQL Server 228 tracing, with Oracle 228 operating system configuration recommendations 17 service packs and updates 17 Oracle and ODBC tracing 228 and rapid deployment 64 as data store host 188 Real Application Clusters, cluster failover support
344
Program Neighborhood Agent deploying, with Active Directory 80 and client enumeration 53 and pass-through authentication 75 and the Audio Recording feature 170 and Windows Installer packages 73 deploying, with Active Directory 80 disabling pass-through authentication 193 proxy connections 198 using with a proxy server 198 virtual channel 174 Program Neighborhood Agent and pass-through authentication 75 and smart cards 202 and the Audio Recording feature 170 and Windows Installer packages 73 Config.xml file 55 disabling pass-through authentication 194 proxy settings of client and server 199 published applications for NDS users 243 organizing for Novell Directory Services users 250 troubleshooting 226
S
secure client communication 192 security client and server proxy settings 199 denial of service attacks 190 enabling smart card authentication 204 enabling SSL 204 encryption 192 Internet Explorer settings 224 Presentation Server Console 190 proxy connections 198 secure client communication 192 secure proxy/SOCKS connections 194 Web Console 191 Web Interface 192 server cloning 61, 65 server farms changing farm membership of servers 94 cycle booting servers 96 farm layout 232 group size considerations 98 job scheduling 101 system requirements 232 uninstalling servers in indirect mode 96 updating file type associations 226 server folders 90 server redundancy 14 simultaneous installations 65 smart cards 200206 enabling authentication 204 user certificates 201 using with the Web Interface 202 SNMP service configuring 186 SpeedScreen Browser Acceleration feature 136141 SpeedScreen Multimedia Acceleration feature 142145 SQL Server as data store host 188 storage area network implementing data store in 4246 stored procedures 258 summary database 104 system information obtaining 227
Q
quality of service solutions 178
R
RAID arrays employing 13 re-imaging a server 62 remapping server drives 58 renaming servers 94 Report Center 92 Resource Manager 103 billing error codes 336 database connection server 106 Farm Metric server 103 summary database 104 troubleshooting 220 using to determine user capacity of a server 23 zone elections counter 221
Index
345
T
troubleshooting Citrix IMA Service 211 data store replication 268 Microsoft SQL Server replication 219 Novell Directory Services 216 ODBC connection failure 213 Resource Manager 220 ZENworks 216
U
uninstalling servers in indirect mode 96 USB redirection 225 user accounts for MetaFrame administrators 185 user profiles 168 user-to-user shadowing 97 utilities DSVIEW 278 LMNEWLOG 291 LMSWITCH 292 MSGHOOK 279 QPRINTER 280 QUERYDC 282 QUERYDS 284 QUERYHR 287 SCCONFIG 289
V
virtual channels 174 drivers used 177
Web Interface and content publishing 131 and content redirection 131 and load balancing 180 and smart cards 202 deploying the Java client with 209 enabling Novell Directory Services usage in 245 enabling smart card authentication 204 enabling SSL 204 generating ICA files 54 NDS usage 245 securing 192 securing communication 192 Windows Directory Mapper Service enabling 202 Windows Event Log 161 Windows Installer and client deployment 80 and configuring default contexts for NDS users 248 and deployment from an administrative share point 70 and deployment with Computer Associates Unicenter 69 and deployment with Installation Manager 66 and Program Neighborhood 73 and Program Neighborhood Agent 73 and uninstalling servers 96 logging 68 packages, deploying with Installation Manager 150 Windows policies and Active Directory 168 wireless LANs using Citrix products in 207 WMI Provider 111
W
Web Console installing 88 security 191
Z
ZENworks configuring container packages 239 configuring container packages in 239 configuring user packages in 240 troubleshooting 216 zones configuring data collectors in 26 elections counter in Resource Manager 221 function of 25