Tuesday, April 22, 2014

Launching a Citrix XenDesktop 7.x application through a Netscaler VPX 1000 version 10 throws the error: “Cannot start app AppName”

Problem

You’ve completed configuring your NetScaler VPX appliance to publish a Citrix XenDesktop 7.x environment with StoreFront 2.x and successfully log into the portal:

image

However, you notice that you receive the following error as soon as you launch an application:

Cannot start app “App Name”

image image

Solution

One of the reasons why you would receive this error is if you have mismatching Secure Ticket Authority (STA) between the NetScaler and the StoreFront configuration.  The environment I was troubleshooting had the NetScaler configured with http:// while the StoreFront configured as https://:

image

image

The correct configuration is http:// so change the StoreFront to reflect the URLs corrected the issue.

Monday, April 21, 2014

Launching Citrix XenDesktop 7.x StoreFront Receiver Web website throws the error: “Cannot complete your request.”

Problem

You attempt to access the Citrix XenDesktop 7.x StoreFront Receiver Web website directly but receive the following error:

Cannot complete your request

Log On

image

Solution

One of the reasons why you would receive this error is if you have a mismatch between your Citrix StoreFront’s Base URL and the URL you are accessing the website with your browser:

image

Note that the Base URL configured in the StoreFront is http://zencont01srv/ while the browser URL used to access the website was http://zenstore01.srv.  To correct the problem, change the base URL to match the URL you are using to access the website in the browser.

Thursday, April 17, 2014

Unable to add mailbox database copy to Exchange 2010 mailbox server in another datacenter

Problem

You have an existing DAG cluster at a datacenter and have deployed another mailbox server at another DR datacenter to add to the DAG cluster. The configuration of the new mailbox database is in place and you are able to successfully add the node to the existing DAG. You proceed to create a test mailbox database at your production datacenter, successfully mount it but you receive the following error when you attempt to add a mailbox database copy to the DR mailbox server:

A source-side operation failed. Error An error occurred while performing the seed operation. Error: The NetworkManager has not yet been initialized. Check the event logs to determine the cause. [Database: <database name>, Server: yourServerName.com

image

You may also get the following error if you adding a mailbox database copy again:

A source-side operation failed. Error An error occurred while performing the seed operation. Error: Couldn’t seed the mailbox database copy because it is not suspended. Please suspend the mailbox database copy, and then retry the seed operation. [Database: <database name>, Server: yourServerName.com

image

Solution

While there are various reasons why this error would be thrown (i.e. misconfigured MAPI and replication networks), one of the common reasons I’ve come across is that Active Directory replication hasn’t happened yet between the 2 datacenters since they are in different sites. I’ve found that this issue is fixed when I ask the person calling me to force replication between the DCs in the 2 sites. The following is a screenshot of what the confirmation looks like when a mailbox database copy is successfully added:

image

Remotely reconfiguring WinRM (Windows Remote Management)

I received a call a few weeks ago from a client indicating that the Activity portion of a Citrix XenDesktop virtual desktop was not reporting back with any data from within Desktop Director as shown in the following screenshot:

Failed to retrieve data: Machine unresponsive or reported an error (error code 105). View server event logs for further information.

image

I’ve come across issues like these in the past which are usually related to an issue with WinRM. The first troubleshooting step I usually take is to recreate the WInRM listener but the challenge we have with this environment is that majority of the users use dedicated desktops and it’s quite cumbersome to manually log into all of them, open up the command prompt and execute the following 2 commands to delete and recreate the WinRM listener as described in the KB http://support.citrix.com/article/CTX131197:

winrm delete winrm/config/listener?Address=*+Transport=HTTP

winrm create winrm/config/listener?Address=*+Transport=HTTP

To make the process a less labour intensive, I went ahead and downloaded Windows Sysinternals PsExec v2.1 to remotely execute the commands above. The tool can be found here: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Once PsExec has been downloaded and extracted to a directory, open up a command prompt, navigate to the directory with PsExec.exe and execute the following:

PsExec.exe <\\virtualMachineName> -u <domain\username> -p <somePassword> -s c:\windows\system32\cmd.exe

The following will be displayed once you’ve successfully connected to the remote desktop:

image

Once connected, proceed with execute the following 2 commands to delete and recreate the WinRM listener:

winrm delete winrm/config/listener?Address=*+Transport=HTTP

winrm create winrm/config/listener?Address=*+Transport=HTTP

image

There have also been some cases where I’ve had to execute the following command to correct the issue so I’ll include it here as well:

winrm set winrm/config/Service @{EnableCompatibilityHttpListener="true"}

image

If the problem was related to the WinRM listener, you should now see statistics displayed in Desktop Director for the VDI:

image

Monday, April 14, 2014

Apple Mac Safari unable to open Exchange Server 2010 Outlook Web App with certificate error

Problem

You’ve received complaints from Mac users that they then attempt to launch Exchange Server 2010’s Outlook Web App, the following prompt is displayed:

The website “webmail.someDomain.bm” requires a client certificate.

This website requires a certificate to validate your identity. Select the certificate to use when you connect to this website, and then click Continue.

com.apple.idms.appid.prd.4e37636a…

image

Solution

While I can’t definitively claim whether the following is the right solution but what solved this issue for my client’s MAC users was to change the EWS to allow Basic Authentication:

image

You will still need to manually delete the certificate on the Mac’s keychain but unlike leaving Basic Authentication off, the certificate will not come back in a few days.

Note that this contradicts the default settings as shown in the following TechNet article:

Default Settings for Exchange Virtual Directories
http://technet.microsoft.com/en-us/library/gg247612.aspx

Tuesday, April 8, 2014

Configuring OpenGL Software Accelerator for Citrix XenApp 6.5

I’ve noticed that a few of my colleagues and clients have asked me about how to improve the performance of applications such as Google Earth on Citrix XenApp 6.5 servers last year which lead me to realize that I never wrote a blog post about it.  Some administrators probably already know that Citrix XenDesktop 5.6 has the Google Optimization pack that allows a user to run Google Earth in DirectX mode with a much faster rendering experience but with Citrix XenApp.  From what I’ve read, the recommended method is to use the OpenGL Software Accelerator because it allows more than 1 user accessing the XenApp server to use the acceleration as compared to DirectX.

I’m not sure what other people’s experience is but I find that without the OpenGL Software Accelerator installed, Google Earth launched in OpenGL mode never worked properly for me.  The globe would also be rendered black on the screen for me:

image

The rendering of the frames would be so slow that it would not be usable for someone with normal patience.

To speed up the rendering performance to a level that is more tolerable, the OpenGL Software Accelerator can be installed and the documentation can be found here:

http://support.citrix.com/proddocs/topic/xendesktop-7/hd-opengl-accelerator.html

image image

You’ll need a valid Citrix login to download the XenApp 6.5 Feature Pack 2 that bundles the OpenGL Software Accelerator:

image image

One you’ve downloaded the XA5_6FP2.zip file, unpack it and you will see the following folders:

image

I’ve been asked several times what’s the difference between the 32bit and 64bit bundled DLL file and I can honestly say I’m not sure as I haven’t come across documentation that clearly outlines the difference.  What I believe is that this if for the version of the software that will be using OpenGL and not the operating system.  The reason why I think this is the case is because the acceleration works if I use the 32bit opengl32.dll but when I try to use the 64bit, Google Earth (a 32bit program) doesn’t even launch (you double click on the icon and nothing happens).

With that out of the way, the following are the differences between the 32bit and 64bit opengl32.dll files:

32-Bit opengl32.dll

image

image image

64-Bit opengl32.dll

image

image image

The installation of the opengl32.dll file is quite simple and there is a bundled install.pdf file located in the OpenGLAccelerator folder:

image

image image

As the document states, you essentially have to replace the opengl32.dll file in the C:\Windows\SysWow64 folder on the XenApp server and because it is a protected file, you will need to take over the ownership of the file in order to either rename, delete or overwrite it.  I personally prefer to rename it by putting a ~ in front of the file in case I ever needed to revert back to the old file.

image

With the file replaced, you should now notice an improvement in the Google Earth rendering speeds.  My personal experience is that the DirectX driver for XenDesktop feels like it performs a tad better than the OpenGL accelerator.

From a bandwidth consumption perspective, the test I’ve done with the network engineer still shows that navigating around Google Earth can get up to around 5Mbps and sometimes while panning around maps such as Paris, I could get it to spike up to 10Mbps.

Monday, April 7, 2014

Unable to modify Owners of a Security Group in Exchange Server 2013’s Exchange admin center

Problem

You’re logged into the Exchange Server 2013 ECP and noticed that a newly created distribution group created with an existing Security group does not have any Owners assigned to it as displayed in Exchange Server 2013’s Exchange admin center:

image

You proceed to open the properties of the group, navigate to the ownership settings:

image

You proceed to add the Administrator account as an owner under the Owners configuration:

image

Proceeding to click the save button throws the following error:

error

You don’t have sufficient permissions. This operation can only be performed by a manager of the group.

image

Solution

To grant an account such as the administrator to edit the ownership of the group, open up Active Directory Users and Computers, navigate to the OU containing the Security Group and open the properties:

image

Navigate to the Managed By tab:

image

Add the account you would like to have permissions to managed this group into the Name field:

image

Going back to the Exchange admin center and hitting the refresh button should now show that the account you just configured is now an owner of the group with editing permissions:

image