Simon's Citricks

Here are the commands you need if you want to demote and re-promote a Domain Controller with PowerShell Move FSMO Roles: Move-ADDirectoryServerOperationMasterRole -Identity nameofthedcwhereyouwanttomovetheroles -OperationMasterRole pdcemulator, ridmaster, infrastructuremaster, schemamaster, domainnamingmaster (the roles you want to move) Check if everything worked: Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator Demote Demote Test Test-ADDSDomainControllerUninstallation -DemoteOperationMasterRole - LastDomainControllerInDomain -RemoveApplicationpartitions (Only needed when it is the last Domain Controller in your Environment) Start Demote Uninstall-ADDSDomainController -DemoteOperationMasterRole -RemoveApplicationPartition Promote Promote: Windows features Install-WindowsFeature -name AD-Domain-Services -IncludeManagementTools Test-Promote: Test-ADDSForestInstallation -DomainName your.dom

Today I will introduce you my new article on how to create a client certificate with OpenSSL so that you can use it for LDAPS You need to create two files in your new folder which we will need later on (I prefer notepad++ for the creation of my files): 1             1.  Your request.inf file 2             2.  Your v3ext.txt file 1.     Request.inf (save as .inf with notepad++) [Version]  Signature="$Windows NT$"  [NewRequest]  Subject = "CN= your-active-diretory.fqdn” f.ex : “simonAD.testinfo.com” (enter the FQDN of your AD Server)  KeySpec = 1  KeyLength = 2048 (enter the key length with fits your need. Some say you need to take at leas 2048 to make LDAPS work)  Exportable = TRUE  MachineKeySet = TRUE  SMIME = FALSE  PrivateKeyArchive = FALSE  UserProtected = FALSE  UseExistingKeySet = FALSE  ProviderName = "Microsoft RSA SChannel Cryptographic Provider"  ProviderType = 12  RequestType = PKCS10  KeyUsage = 0

If the uploaded files weren't scanned from the anti virus software you should check the ShareFile Logs. You will find an error saying: The remote server returned an error: (407) Proxy Authentication Required As solution you'll need to restart the ShareFile Server or the ShafreFile Service. The error is caused by changes on your proxy because ShareFile won't re-authenticate after the first authentication.

If your Data Collector is facing a problem with slow login times after a shutdown you'll find a solution for this problem in a blog post from my Co-worker and CTA Matthias Schlimm: Click here for the solution

Like most of you may heard, Citrix has changed again their product names. Nothing the world really needs but we have to deal with it. So here we go: Citrix Receiver      = Workspace App XenApp                 = Virtual Apps XenDesktop          = Virtual Desktops XenServer             = Citrix Hypervisor NetScaler ADC     = Citrix ADC A full list you'll find here: citrix-product-guide/

Before you install the version 7.15 CU2 for VDA you need to get a private fix (LC9648) from Citrix. Otherwise it can happen that your black screen error when booting your provisioned machines still exists. continued-problems-with-black-screen-at-session-start-with-windows-10

Like you may also experienced the last versions of NetScaler 12.x were so buggy that it is almost impossible to work correctly with them. After a short talk with colleagues I would recommend the version 12.0.56.20 as latest stable running version.

Mouse cursor disappearing in Citrix sessions. Mostley on 2K Monitors with a scale of 150%. When changing the scale to 125% or 175% it works. Due to the fact that we need to stay with 4.9 LTSR we couldn't use version 4.11 were this problem is fixed. You can solve this problem with a private fix you can request from Citrix for version 4.9 LTSR

One of our Customer had a problem with his mouse cursor in a Citrix Session. The mouse cursor of the employees were distorted or disappearing when they used a 2K Monitor. The error is known like you can see under point 4 and 5: CTX229052 Windows 10 Fall Creators Update (v1709) – Citrix Known Issues The error is solved in Citrix Receiver version 4.11 like you can read here: Citrix Receiver for Windows 4.11 solved Problems Unfortunately the customer uses LTSR and we are not able to update from 4.9 LTSR to 4.11. We hoped that the fix will be in CU2 which will be released soon.  The Cursor problems won't be fixed in CU2. The Fix will be included in CU3.  But it's possible to get a private Fix for this error when contacting Citrix Support . That's how we solved the problem.

The Customer had problems with Windows 10 and also with Server 2016 where the TileBar or the Startmenue were not displayed right and didn't work like expected. Therefore he used Sysprep for Derfaul UserProfile to solve the problem. Now Microsoft announced that this is not an supported solution. https://blogs.technet.microsoft.com/yongrhee/2018/03/12/windows-10-using-copyprofile-for-the-start-menu-has-been-deprecated/

A customer Win2016 target devices weren't booting or sporadically booting anymore after updating PVS from 7.13 to 7.15 LTSR. They stuck at the Windows Logo. When we hard rebooted a few times somehow they came up after a while. Citrix now presented a private fix for this issue. See: PVS 7.15 | Win2016 target devices not booting after upgrade to PVS 7.15 LTSR

At a Customer environment (Server 2016) we had the problem that users who tried to change their personal settings for their start screen to “Use Start full screen” couldn’t open their Start menu after signing in again after logout. Bu it works as long as they are logged in after the settings were changed. The default view of the menu which the user wants to change Under Settings - > Personalization -> Start ->Use Start full screen, you need to set the settings to on Afterwards it will look like this as long as you're signed in But as soon as you log out and sign in again you can't open your Start Menu again. Nothing happens when you click the Windows symbol. You need to change the settings back and it will work. As far as I know there is no fix at the moment for this one.

What happened? In a customer environment they had the problem that the processes from logged out users are still active and couldn't been closed from the Service Desk. It's a 7.13 XenApp provisioned environment on Server 2016 with Sharefile. And that was the problem. After a bit of investigating we found out that every time a user has Citrix SharFile Drive Mapper open (exact doing see in "When does the error occur") the Log-out process will be blocked and t he explorer from the connected users isn't working anymore. As soon as we closed the Drive Mapper process the running processes from the logged out user closed immediately. We could reproduce the error with ShareFile Version 3.6 on Server 2016 and Windows 10. We couldn't reproduce the error with ShareFile 3.6 on Windows 7 and Server 2008 R2 it woked correctly here. When does the error occur? Every time we moved a file in our Drive Mapper and tried to open it directly from Drive Mapper When w

Download the MicrosoftSysinternalsSuite and move it to your Server. https://docs.microsoft.com/en-us/sysinternals/downloads/procdump Unzip it anywhere you want it to place In our example I used procdump because I needed a dump from a user to send it to the vendor. Go in sysinternals and search for your needed program: Afterwards copy it via unc path to the user’s computer. In case of Procdumb you need to copy both executable. I created the folder temp there. Afterwards you need the PID of the Programm you want to check. I needed wfica32. If the user doesn’t have the right to execute taskmanager or extend the view for the PID, you can find out the PID with a Powershellcommand: Get-Process - ComputerName NameOfUserComputer -Name ProcessName Afterwards open a CMD and move to your sysinternalsuite folder on your server Then execute following: PSEXEC \\< computername > c:\temp\procdump.exe -e -ma -h < PID >

If you want to present your users the desktops and the published apps in one pane you need to treat your dekstop as apps. You can do this with a small POSH command. This allows you to have your published applications and your desktops in one screen and you don’t need to switch. Run POSH as administrator CD to …\Program Files\Citrix\Receiver StoreFront\Scripts Run: Import-Module .\ImportModules.ps1 Afterwards run: Set-EnhancedEnumerationOptions -siteId 1 -storeVirtualPath /Citrix/Internal -treatDesktopsAsApps $true Set-EnhancedEnumerationOptions -siteId 1 -storeVirtualPath /Citrix/External -treatDesktopsAsApps $true When you go back to your Storefront, it should look like this:

After importing a PKCS#12 certificate on a customer NetScaler the error: "Issuer Certificate mismatch, or PEM pass phrase required for this private key". To solve this issue you need to re-export the certificate and uncheck the "Include all certificates in the certification path if possible" checkbox. It's a known bug at Citrix like you can read here: https://support.citrix.com/article/CTX226986

I wrote a manual how you can realize a Single Sign on Solution with Kerberos KCD and NetScaler. It's possible to restrict the user delegation to certain services/protocols on a server. You'll need this if NetScaler is not knowing the user password. If it knows the user password you can realize the SSO with Kerberos Impersonation. This will be an extra post. Let's start with creating a KCD account. 1. Create KCD Accounts Create KCD Account in AD Password never expires should be chosen 1.1    Enable the delegation tab for this user You can activate it with setspn ( It is available if you have the Active Directory Domain Services (AD DS) server role installed) Needs to be run from an elevated command prompt setspn -A host/KCDTest@simon.ns simon\KCDTest 1.2 Choose the delegation option Here you need to chose "Trust this user for delegation to specified services only" and also "use any authentication protocol".