So What's This All About

The purpose of this site

I started off my career in IT 25 years ago as a COBOL Programmer in South Africa and have progressed (or some may say regressed) to consulting on virtualization technologies. I created this site to share my experiences with virtualization and cloud computing, as well as the latest virtualization news, tips, tricks and tools from other experts in the field.

Online Training

Free XenApp 7.6 Training

This free, one-hour online course provides an introduction to Citrix XenApp 7.6. Students will explore key components required in a XenApp 7.6 implementation, the FMA-based architecture, as well as key use cases.

Click here for the course details

Keep Tabs on Me

Social media links

RSS Feed 2.0


Citrix Director 7.6 Deep-Dive Part 3: Determining installed hotfixes

An article by Guihua Yang from Citrix Blogs


XenApp 6.5 administrators used the Access Management Console to provide information about the patch level of the product on a per server basis. Customers need a way to understand how to maintain and troubleshoot their FMA environments. Because of the quantity, variety, and life cycle of VDAs in the FMA, XenDesktop needs a central and scalable patch inventory system for sites.

Existing enterprise customers address quality issues in their environments by installing hotfixes. They need the ability to inventory XenDesktop product versions and patches for support, troubleshooting, and compliance. This inventory needs to be available for any controllers and VDAs on the site and should not depend upon VDAs being online.

Details of hotfix installed on any user session

When a VDA user has an issue, and if the administrator wants to see if the issue might be because of a missing hotfix on the VDA, there is no easy way to find that out, prior to XD 7.6. But with XD 7.6, Director provides the administrator with a view of the current Citrix hotfixes that are installed on a specific machine (physical or VM) VDA, so that he/she can manually determine if this machine has the correct hotfixes installed.

In Director 7.6, the User Details view now has an extra hotfix section displaying all the hotfixes installed on the machine for that user on machine details panel.

Details of Hotfixes Installed on Any Machine

When a machine has an issue or fails, and if the administrator wants to see if the issue might be because of a missing hotfix on the machine, similarly, it was difficult to find that out prior to XenDesktop/XenApp 7.6. But with XD 7.6, the administrator can see what hotfixes are installed on a particular machine to ensure all the required hotfixes are installed on the machine. Also detailed information about the hotfix such as version, KB article is displayed.

In Director 7.6, when administrator searches for a particular machine and lands on Machine Details view, there is a hotfix panel which provides details about hotfixes installed. Details displayed include component, component version, hotfix name, hotfix file name, link to Knowledge Center article and effective date.

Machine details page:

Hotfixes panel:

Director 7.6 solves the simple question of “what hotfixes are installed on my machine”.

Sample Code

Read More


Citrix Director 7.6 Deep-Dive Part 2: Support for XenApp 6.5

An article by Kiran Kumar from Citrix Blogs

Citrix has brought back IMA Support  to allow users to troubleshoot XenApp 6.5 (IMA) sessions with enhanced features in Director 7.6. In addition to providing a short list of the available features of Director 7.6 with IMA architecture, I’ve created this post to detail and outline each feature.


  • Activity Manager for XenApp 6.5
  • Delegated Admin support
  • Shadow Session
  • Machine Details Panel
  • Session Details Panel
  • Personalization Panel
  • HDX panel

Global User Session Search across XenDesktop Sites and XenApp farms:

Director 7.6 now helps administrators search user sessions across XenDesktop sites and XenApp farms. This feature allows admins to get all the sessions for users in one search session.  We’ve also made it convenient to switch between the sessions quickly.

Note:  Director 7.6 supports three types of search: user, machine and endpoint search. XenApp sessions are supports only “user” search.


[Director Session Chooser showing sessions across XD/XA Sites and XA (IMA) Farms]


Activity Manager:

Director 7.6 will now display different applications and list the processes running on a XenApp server for a user session imitating the Windows task manager. As an administrator, you can close an application or kill the process remotely. One of the primary use cases to help diagnose slow applications is when a user calls the helpdesk complaining that session interactions are slow.  Now administrators can drill down to a process that is consuming high resource and kill it freeing up much needed resources.


[Director Activity Manager: Application and Process View]


Delegated Admin Support:

Director 7.6 supports XenApp delegated administrators in addition to the full administrator role. Full Admin, View Only Admin and Custom Admin are the types of administrators supported with the Delegated Admin Support feature. Permissions for each admin type can be configured (see the product documentation).

Director 7.6 now enables admins to shadow user sessions. This feature helps administrators quickly diagnose issues and get a direct look into  user sessions.  Admins have also been provided with access to applicable controls. To activate this feature, Microsoft Remote Assistance should be enabled in XA Server. Here is the link that will help you install and enable Remote Assistance on Windows Server 2008 R2.


[Director Shadow Session: Picture illustrates the ease of having a peek to user session]


Director Pages that are shown for XenApp

Activity Manager View:

This view gives the basic insight into the applications and process running on the user session. It contains the “terminate” and “shadow” buttons, helping the admin perform basic control operations.


User Details View:

The User Details view gives a bird’s eye view of the user session. This view displays complete information about the user session such as session machine details, the farm name, and the machine OU. It also helps find the client machine name and IP from which the session was launched, the session state and the total time for the session on current state.



Read More


Citrix Director 7.6 Deep Dive Part 1: License Monitoring

With Director 7.6, we really wanted to make sure users know when they are about to be impacted by a license issue. To address this, license alerts from the license server are now made available in the Dashboard view in Director 7.6. This new capability provides greater visibility into the licensing state of XenApp/XenDesktop so administrators are aware of impending current licensing conditions, which may affect the functionality of the product. Licensing errors in an environment can cause major outages or degraded service for customers and in previous versions of XenApp/XenDesktop, it is difficult to identify when license problems affect your site or are about to impact user connections.

Supplemental Grace

In previous versions of XenApp and XenDesktop, if the right licenses are not installed users will get session rejections via the license policy engine. To address this limitation, we introduced a new concept called Supplemental Grace Period (SGP). During the Supplemental Grace Period, the license policy engine will grant unlimited connections, providing a window of time to address the issue. SGP will be granted for overconsumption of licenses, adding 15 days to allow for fixing the issue. After the expiration of SGP, regular license limits are enforced.

Director Dashboard view

This feature is made available with two panels on Dashboard view under a new tab called Licensing Status. The Licensing Status tab will indicate the conditions detected by the licensing system (license server and controller). The number shown in the Licensing tab indicates the total number of alerts/alarms detected by the licensing server and each controller.

License Server Alerts panel – This displays status updates that are generated directly from the licensing server. Alerts/alarms are activated when triggered by the server. Alert messages include: Incomplete configuration, compatibility with the Delivery Controller, and activation of SGP. In addition, administrators are provided with recommended actions to resolve License Server issues.

License Server Panel


2. Delivery Controller Status panel –Displays license server connection status for each controller Delivery Controllers that belong to the same site and their license server connection status are displayed. Delivery Controllers which cannot connect to the license server will trigger an alarm. The administrator can further view the licensing information for each delivery controller in overview and details tabs.

Delivery Controllers Panel


a) Overview field: Contains licensing server state details, the SGP state and the time remaining before grace period expiration. An alarm is activated when the grace period expires, as the Delivery Controller can no longer checkout licenses to launch sessions from license server.


b) Details field: Indicates the additional details of the licensing status with the Delivery Controller. It details the grace state for the licensing server and also the last licensing event time stamp is shown. The licensing server’s fully qualified domain name, port used, product edition of the license applied, product identification, and the licensing model used are captured under details panel.

Read More


XenApp 7.6 first look – part one: upgrading from 7.5

An article by The Architect from From the Architect

Citrix released the new version of XenApp and XenDesktop 7.6 on September 30th. It’s very much a point release, introducing some features that got removed from the architecture change from IMA in 6.5 to FMA in 7/7.5. The full list of what’s new can be found on eDocs. My top three feature picks Single internal […]

The post XenApp 7.6 first look – part one: upgrading from 7.5 appeared first on From the Architect.


Receiver for Web FAQ

An article by Feng Huang from Citrix Blogs

A number of questions have been asked frequently about Receiver for Web. This article attempts to provide answers to them. The order of the questions is arbitrary. The answers apply to StoreFront 2.5.

How can I show the Apps tab by default for all users?

This is configurable via web.config under the Receiver for Web site, normally C:\inetpub\wwwroot\Citrix\StoreWeb. Open this file in your favourite text editor and locate the following segment:

    <uiViews showDesktopsView="true" showAppsView="true"
             defaultView="desktops" />

Change the value of defaultView to be apps:

    <uiViews showDesktopsView="true" showAppsView="true"
             defaultView="apps" />

Is there a way to add a domain drop down list to the login page as per Web Interface?

First you configure Trusted Domains via the StoreFront Administration Console.

  1. Select the Authentication node in the left pane.
  2. Then select “Configure Trusted Domains” in the right pane.
  3. Click OK.
  4. Open web.config under the Authentication Service, normally C:\inetpub\wwwroot\Citrix\Authenticationusing your favourite text editor, locate the following element:
        <explicitBL ...      hideDomainField="true" ...>

    Change the value of hideDomainField to be false.

  5. Load the Receiver for Web in a browser. The domain drop down list appears in the Login page.

How can I subscribe all the applications for my users?

If you want to pre-subscribe applications for your users but allow them to selectively remove some applications, you can add the keyword “Auto” to your published applications.

If you don’t want your users to be able to remove the presubscribed applications, please see Provisioning All Applications to All Users in StoreFront for how to do it.

Is there a way to have a different background image for the Home screen than the one on the Logon screen?

Yes, please see Example 1 of Customizing Receiver for Web 2.5 for details.

How do I hide Activate menu under user name section?

This is configurable via web.config under the Receiver for Web site, normally C:\inetpub\wwwroot\Citrix\StoreWeb. Open this file in your favourite text editor and locate the following segment:

Read More


WMI Objects Used By Citrix Director for troubleshooting Sessions

An article by Vindhya Gajanan from Citrix Blogs


One of the important features of Citrix Director is Help Desk and User Details. These pages provide required Information pertaining to a particular user session and helps troubleshoot issues with the session.

Director employs Windows Management Instrumentation (WMI) on Desktop OS and Server OS VDI Machines to get some of the session and user specific details. Director fetches this information from preinstalled Windows WMI objects and Citrix specific WMI providers installed during VDA installation.

It is important to mention here that there is substantial difference between Director 7.x and earlier versions of Director.

  • Director 2.1 and earlier versions use WinRM Call to fetch data from WMI objects whereas Director 7 and later versions does not use WinRM
  • Director 7 has its own plugin deployed on Desktop OS and Server OS machines to get some of the performance metrics and session specific details thereby removing the need of configuring WinRM.


This blog is mainly to provide WMI Objects used by Director and give basic examples of how to get the same from PowerShell.

What This Blog Covers:

  1. List of all WMI Objects Used by Director 7 and later with examples of how to query WMI by PowerShell.
  2. List of all WMI Objects Used by Director 2.1 (and earlier) and through WinRM with Examples of how to query WMI by PowerShell.
  3. Configuring WINRM
  4. Issues that affect rendering WMI Data on Director.


WMI Objects Used In Citrix Director 7.0 And Later:

Here is the list of all WMI objects used by Director 7 and later versions.

Objects are categorized according to Panels it populates in Director User Details Page.

Here the Director Fields column is the field shown in Director User Detail Page in corresponding panels.

Example: RAM of the Desktop running the session is shown in Director User Details Page as Memory

How to get the same data in PowerShell:

To get WMI Data, run below command in PowerShell of the Desktop OS and Server OS Machines:

Get-wmiobject –Class “classname” –Namespace “namespace”


Machine Details Panel that provides machine specific details:

Director Fields









Hard Disk



Panel that provides user and computer specific policies applied:

Read More


Netscaler authentication vserv mod

An article by Morten Kallesoe from Citrix Blogs

I recently got a request from a partner that wanted to use the netscaler’s AAA functionality, with a little twist.

Overall objective: Modifying the access control cookies, to create a persistence session across browser close/open


Usecase description
User enters
The netscaler takes care of the authorization in a AAA server.
The user is now logged in.
The user should be able to close the browser, wait a few minutes, open the browser to and still be logged in.

This is not the default behavior with in the Netscaler

Default netscaler behavior.

When the user enters, the user is redirected to the authentication site, Here the user enters username and password, and the netscaler does authentication based on the configuration. When the user is authenticated, 2 cookies will be set. And the user will be redirected back to

The 2 cookies are important, since they verify that the user is authenticated.

Set-Cookie: NSC_TMAA=02a65617419c18edd4b6dbb6c58aeb3e;HttpOnly;Path=/;
Set-Cookie: NSC_TMAS=f7fa0d2e10e3a9c4aeb5950f4837a823;Secure;HttpOnly;Path=/;

The webdeveloper within us(don’t be shy!), will see that there is no “expires=” in the set-cookie string, (or MAX-AGE=) That means the cookie will be a session cookie. And session cookies will be deleted when the browser closes, which is what we don’t want.

So the task is: Make the NSC_TMAA and NSC_TMAS persistent.


Intercept the first redirect from to and re-set the cookie, and then redirect the user back to This is possible because the client is requesting with the NSC_TMAA and NSC_TMAS cookies.

Sounds pretty simple! And it was, since I had my lovely netscaler to help me out.

Read More


Excluding virtual disks in Hyper-V Replica

An article by Aashish Ramdas [MSFT] from Windows Virtualization Team Blog

Since its introduction in Windows Server 2012, Hyper-V Replica has provided a way for users to exclude specific virtual disks from being replicated. This option is rarely exercised but can have a significant benefits when used correctly. This blog post covers the disk exclusion scenarios and the impact this has on the various operations done during the lifecycle of VM replication. This blog post has been co-authored by Priyank Gaharwar of the Hyper-V Replica test team.

Why exclude disks?

Excluding disks from replication is done because:

  1. The data churned on the excluded disk is not important or doesn’t need to be replicated    (and)
  2. Storage and network resources can be saved by not replicating this churn

Point #1 is worth elaborating on a little. What data isn't “important”? The lens used to judge the importance of replicated data is its usefulness at the time of Failover. Data that is not replicated should also not be needed at the time of failover. Lack of this data would then also not impact the Recovery Point Objective (RPO) in any material way.

There are some specific examples of data churn that can be easily identified and are great candidates for exclusion – for example, page file writes. Depending on the workload and the storage subsystem, the page file can register a significant amount churn. However, replicating this data from the primary site to the replica site would be resource intensive and yet completely worthless. Thus the replication of a VM with a single virtual disk having both the OS and the page file can be optimized by:

  1. Splitting the single virtual disk into two virtual disks – one with the OS, and one with the page file
  2. Excluding the page file disk from replication

How to exclude disks

Application impact - isolating the churn to a separate disk

The first step in using this feature is to first isolate the superfluous churn on to a separate virtual disk, similar to what is described above for page files. This is a change to the virtual machine and to the guest. Depending on how your VM is configured and what kind of disk you are adding (IDE, SCSI) you may have to power off your VM before any changes can be made.

At the end, an additional disk should surface up in the guest. Appropriate configuration changes should be done in the application to change the location of the temporary files to point to the newly added disk.

Figure 1:  Changing the location of the System Page File to another disk/volumeimage

Excluding disks in the Hyper-V Replica UI

Right-click on a VM and select “Enable Replication…”. This will bring up the wizard that walks you through the various inputs required to enable replication on the VM. The screen titled “Choose Replication VHDs” is where you deselect the virtual disks that you do not want to replicate. By default, all virtual disks will be selected for replication.

Figure 2:  Excluding the page file virtual disk from a virtual machineimage

Excluding disks using PowerShell

The Enable-VMReplication commandlet provides two optional parameters: –ExcludedVhd and –ExcludedVhdPath. These parameters should be used to exclude the virtual disks at the time of enabling replication.

PS C:\Windows\system32> Enable-VMReplication -VMName SQLSERVER -ReplicaServerName -AuthenticationType Kerberos -ReplicaServerPort 80 -ExcludedVhdPath 'D:\Primary-Site\Hyper-V\Virtual Hard Disks\SQL-PageFile.vhdx'

After running this command, you will be able to see the excluded disks under VM Settings > Replication > Replication VHDs.

Figure 3:  List of disks included for and excluded from replication image

Impact of disk exclusion

Enable replication A placeholder disk (for use during initial replication) is not created on the Replica VM. The excluded disk doesn’t exist on the replica in any form.
Initial replication The data from the excluded disks are not transferred to the replica site.
Delta replication The churn on any of the excluded disks is not transferred to the replica site.
Failover The failover is initiated without the disk that has been excluded. Applications that refer to the disk/volume in the guest will have their configurations incorrect.

For page files specifically, if the page file disk is not attached to the VM before VM boot up then the page file location is automatically shifted to the OS disk.
Resynchronization The excluded disk is not part of the resynchronization process.

Ensuring a successful failover

Most applications have configurable settings that make use of file system paths. In order to run correctly, the application expects these paths to be present. The key to a successful failover and an error-free application startup is to ensure that the configured paths are present where they should be. In the case of file system paths associated with the excluded disk, this means updating the Replica VM by adding a disk - along with any subfolders that need to be present for the application to work correctly.

The prerequisites for doing this correctly are:

  • The disk should be added to the Replica VM before the VM is started. This can be done at any time after initial replication completes, but is preferably done immediately after the VM has failed over.
  • The disk should be added to the Replica VM with the exact controller type, controller number, and controller location as the disk has on the primary.

There are two ways of making a virtual disk available for use at the time of failover:

  1. Copy the excluded disk manually (once) from the primary site to the replica site
  2. Create a new disk, and format it appropriately (with any folders if required)

When possible, option #2 is preferred over option #1 because of the resources saved from not having to copy the disk. The following PowerShell script can be used to green-light option #2, focusing on meeting the prerequisites to ensure that the Replica VM is exactly the same as the primary VM from a virtual disk perspective:

param (
## Get VHD details from primary, replica
$excludedDisks = Get-VMReplication -VMName $VMNAME -ComputerName $PRIMARYSERVER | select ExcludedDisks
$includedDisks = Get-VMReplication -VMName $VMNAME | select ReplicatedDisks
if( $excludedDisks -eq $null ) {
#Get location of first replica VM disk
$replicaPath = $includedDisks.ReplicatedDisks[0].Path | Split-Path -Parent
## Create and attach each excluded disk
foreach( $exDisk in $excludedDisks.ExcludedDisks )
    #Get the actual disk object
    $pDisk = Get-VHD -Path $exDisk.Path -ComputerName $PRIMARYSERVER
    #Create a new VHD on the Replica
    $diskpath = $replicaPath + "\" + ($pDisk.Path | Split-Path -Leaf)
    $newvhd = New-VHD -Path $diskpath `
                      -SizeBytes $pDisk.Size `
                      -Dynamic `
                      -LogicalSectorSizeBytes $pDisk.LogicalSectorSize `
                      -PhysicalSectorSizeBytes $pDisk.PhysicalSectorSize `
                      -BlockSizeBytes $pDisk.BlockSize `
    if($newvhd -eq $null) 
        Write-Host "It is assumed that the VHD [" ($pDisk.Path | Split-Path -Leaf) "] already exists and has been added to the Replica VM [" $VMNAME "]"
    #Mount and format the new new VHD
    $newvhd | Mount-VHD -PassThru -verbose `
            | Initialize-Disk -Passthru -verbose `
            | New-Partition -AssignDriveLetter -UseMaximumSize -Verbose `
            | Format-Volume -FileSystem NTFS -Confirm:$false -Force -verbose `
    #Unmount the disk 
    $newvhd | Dismount-VHD -Passthru -Verbose
    #Attach disk to Replica VM
    Add-VMHardDiskDrive -VMName $VMNAME `
                        -ControllerType $exDisk.ControllerType `
                        -ControllerNumber $exDisk.ControllerNumber `
                        -ControllerLocation $exDisk.ControllerLocation `
                        -Path $newvhd.Path `

The script can also be customized for use with Azure Hyper-V Recovery Manager, but we’ll save that for another post!

Capacity Planner and disk exclusion

The Capacity Planner for Hyper-V Replica allows you to forecast your resource needs. It allows you to be more precise about the replication inputs that impact the resource consumption – such as the disks that will be replicated and the disks that will not be replicated.

Figure 4:  Disks excluded for capacity planningimage

Key Takeaways

  1. Excluding virtual disks from replication can save on storage, IOPS, and network resources used during replication
  2. At the time of failover, ensure that the excluded virtual disk is attached to the Replica VM
  3. In most cases, the excluded virtual disk can be recreated on the Replica side using the PowerShell script provided

Optimizing HDX 3D Pro

An article by Adarsh Kesari from Citrix Blogs

Since the announcement of HDX 3D Pro and NVIDIA GRID vGPU at Synergy 2013, I have done many presentations, demonstrations and builds of this technology for customers and partners. The interest is massive, as it clearly addresses a use case that desktop virtualisation couldn’t efficiently manage previously. In this blog, I want to share five of my learnings from deploying HDX 3D Pro setups in customer environments, for both XenApp Hosted Shared Desktops and XenDesktop VDI.


Configure XenDesktop policies – minor changes can be the difference between perfect and pathetic

When you configure a machine with HDX 3D Pro and look through the policies available in Citrix Studio, you’ll find that there isn’t a huge number of specific HDX 3D Pro policies. The most useful policies are more generic, and can be applied to any workload in Studio. The five most important XenDesktop policies that I tweak for 3D applications are:

  • Moving Image Compression
  • Visual Quality
  • Lossy Compression Level
  • Enable Lossless
  • Progressive Compression Level

I typically use these five policies to tweak the performance of an application over any network access scenario (LAN, WAN, remote access). Policies such as lossless compression and moving image compression will assist in maximising the performance of 3D applications over the WAN. Each application and workload behave differently, so it is important to test the user experience each time you change one of these settings.


To set the most appropriate policy level, it is important to understand the requirements of the users. If they are WAN users, what is the available bandwidth? How many users in a site? What is the latency between site and virtual desktop? Is there any optimisation of the user experience done by a CloudBridge? Use this criteria to validate your policy settings. In my setups, I reduce image quality and increase compression on moving images when deploying apps out for remote access. In this scenario, I have no control over the client connection bandwidth, so I provide the minimal acceptable performance. Tailor how your LAN and WAN policies look, and filter them by site and user for maximum effect.

Read More


Demystifying KMS and Provisioning Services

An article by Mitra Ahi from Citrix Blogs

Beginning in Provisioning Services 5.6 SP1, Citrix introduced a new feature designed to facilitate Key Management Services (KMS) license activation of the Operating System and of Microsoft Office installations for images streamed in Standard (Read-only) mode. In this blog post, we’ll attempt to remove some of the mystery surrounding the implementation of the KMS license activation feature in Provisioning Services.

The following points will be discussed in more detail:

A. Why is the PVS KMS feature needed?

B. Prerequisites and Planning

C. Important tips regarding KMS and PVS images

D. Why would I run the /Ato or the /Act command?


A. Why is the PVS KMS feature needed?

The Microsoft KMS host machine identifies KMS clients with a unique Client Machine ID (CMID). When we deploy a single image to be used by multiple machines, the image has to be prepared so that each machine presents itself to the KMS host Server as a separate entity, otherwise, they won’t be validated and activated by the KMS host.

The image preparation is the main and the only responsibility of the Citrix PVS KMS feature, the license activation process remains a function of Microsoft. This preparation is done by going through a very specific set of steps done on both the PVS Targets and the Server which must be done in the proper order for the activation to succeed.

Note: In some cases, administrators report duplicate CMID entries for streamed Targets but the OS appears to be activated. This is a misleading situation. The fact is that successful KMS activation is always accompanied by unique CMIDs. Any machines with a duplicate CMID will eventually lose their activation.

B. Prerequisites and Planning

  • The Stream/SOAP service account is used in the image preparation process to activate KMS so it’s important to make sure that proper permissions are configured prior to beginning the process:
    • The Stream/SOAP service account has to be a domain user which is a member of the local administrator’s group on the PVS Servers in that farm.
    • For KMS based images, Network Service cannot be used for Stream/SOAP Service account
  • Before running the Rearm command, either for the first time or as a troubleshooting step, verify the Rearm count on the OS by running slmgr /dlv from a command prompt. It’s highly recommended to have more than (not equal) 1 rearm left on HDD in case further Rearms are required after the image is built. If there is only a single Rearm count left on the image, as a precaution, make a backup copy of the image (pvp, vhd and avhds) to avoid running out of rearms if KMS activation fails for any reason. Zipping the image file will reduce the size of the image significantly so take advantage of that when space is a concern.

C. Important tips regarding KMS and PVS images

As I mentioned earlier, following the specific order of steps is crucial for successful KMS activation. The Knowledge Base article: provides guidance and the specific steps, including their order of operation, necessary to successfully activate provisioned KMS images and to maintain the activation status of the images during updates.

Read More