Citrix Interview Questions

Published on May 2016 | Categories: Documents | Downloads: 50 | Comments: 0 | Views: 286
of 72
Download PDF   Embed   Report

Comments

Content


Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Citrix Interview Questions:

Current Setup:
Q) Sample setup
a) Per Zone Config




















Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Q) Communication diagram – to explain the citrix launch process

Firewall ports to open for Citrix Setup:
tcp/1494 - ICA Protocol
tcp/2598 - ICA Session Reliability/ XTE
tcp/2512 - IMA Communication
tcp/2513 - XenApp Advanced Console
tcp/27000- License port
tcp/8082 - License Management Console port
tcp/1433 – Port used for comm. Bw XenApp and Data store
tcp/80 - XML Service Port (shared with IIS)
udp/1604 - TCP Browsing
tcp/443 - SSL Communications
tcp/7279- Citrix vendor daemon (Responsible for the core operations of the license server
which includes license allocation)

Citrix Commands at a glance:
Command Function
Acrcfg Configure autoreconnect settings
altaddr Specify server alternate IP address
app Run application execution shell
apputil Add servers to Configured Servers list for published applications (FR3 Only)
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
auditlog Generate server logon/logoff reports
change client Change ICA Client device mapping
chfarm Change the server farm membership of the server
clicense Maintain MetaFrame XP licenses

cltprint Set the number of ICA Client printer pipes
ctxxmlss Change the XML Service port number
driveremap Remap the server’s drive letters
dscheck Validate the server farm’s data store’s integrity
dsmaint Configure the server farm’s data store
dsverify Clean errors in the farm’s data store
icaport Configure TCP/IP port number
imaport Change IMA ports
migratetomsde Migrate the server farm’s data store from a Microsoft Access database to an
MSDE database (FR3)
mlicense Add multiple MetaFrame licenses to the server farm’s data store
query View information about server farms, processes, servers, ICA sessions, and users
tskill Ends a process.
twconfig Configure ICA display settings
querydc Use this utility to determine the data collector for a given zone
queryds Command-line utility is provided to query the current information on the local zone
data collector.
queryhr Use this utility to display information about member servers in the farm.
qprinter
msghook Execute msghook only if information is requested by a Citrix Technical
Support
Aclcheck – Security Audit Utility
Aclset – Set Default Security ACLs
Altaddr – Specify Alternate Server IP Address
App – Application Execution Shell
Auditlog – Generate Logon/Logoff Reports
Change /? – displays all of the different uses for the change command Change Client –
changes client mapping settings Change Port -changes com port mappings Change User
/install /execute /query /? changes .ini file mappings for installing applications
Change Client – Change ICA Client Device Mapping Settings
Cltprint – Set the Number of Client Printer Pipes
Icaport – Configure TCP/IP Port Number
Ndspsvr – Enable or Disable a Preferred Server for NDS Logons
Kill PID – Terminates a process where PID is the process ID
Qprocess * – Shows all processes running on machine
Query acl – Security Audit Utility
Query license – View Citrix Licenses
Query server – View Citrix Servers
Quser – Queries connected users
Qwinsta /v – Shows connected winstations and Id’s can use |more to scroll
Reset winsta Winsta/ID – allows you to reset a winstation by ID or name
Shadow Winsta/ID – Where you can shadow a winstation by name or ID for example Shadow
Citrix1 or Shadow 1 use ctrl * to exit
altaddr specify server alternate ip address
app run application execution shell
auditlog generate server logon/logoff reports
change client change ICA client device mapping
chfarm change the server farm membership of the server
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
clicense maintain Citrix licenses
clrprint set the number of ICA client printer pipes
ctxxmlss change the XML service port number
dsmaint configure the IMA data store
dsmaint backup <destination path> creates a backup copy of the access
database that is the servers farm's data store.
Beware that the path is correct, else you get an error.
dsmaint recover <destination path> recovers the latest copy of the access database
icaport configure TCP/IP port number
query view information about server farms, processes, servers, ICA sessions and
users
query farm shows the servername, protocol and ip address
query farm /app show the published applications
query farm /disc shows the disconnected session data for the server farm
query farm /load displays server load information
query user displays the current connections
twconfig confgure ICA display settings


Command to put the server into install mode
To Switch Terminal Services to Install Mode
When you want to add or remove programs, put the Terminal Services server in Install mode.
To do this:
Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type change user /install, and then press ENTER. The following
message appears:
User session is ready to install applications.
Type exit, and then press ENTER.
Add or remove the programs that you want.
To Switch Terminal Services to Execute Mode
When you are finished adding or removing programs, return the Terminal Services server to
Execute mode. To do this:
Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type change user /execute, and then press ENTER. The following
message appears:
User session is ready to execute applications.
Type exit, and then press ENTER.
Change Terminal Server Session properties, use when installing software on a terminal server.
Syntax
CHANGE USER /options
CHANGE LOGON /options
CHANGE PORT /options

Options:
To change .INI file mapping: (administrator rights required)

CHANGE USER /INSTALL Enable install mode. This command has to be run before
installing any new software on a Terminal Server.
This will create a .ini file for the application
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
in the TS system directory.

CHANGE USER /EXECUTE Enable execute mode (default)
Run this when an installation is complete.
CHANGE USER /QUERY Display current settings.

To enable or disable terminal session logins:
CHANGE LOGON /QUERY Query current terminal session login mode.
CHANGE LOGON /ENABLE Enable user login from terminal sessions.
CHANGE LOGON /DISABLE Disable user login from terminal sessions.

To list or change COM port mappings for the current session.
This can allow DOS applications to access high numbered ports e.g. COM12

CHANGE PORT portx=porty Map port x to port y.
CHANGE PORT /D portx Delete mapping for port x.
CHANGE PORT /QUERY Display current mapping ports.

Main differences between ps 4.0 and xenapp
1. Application streaming: - Centralizes management of Desktop applications, and isolates and
streams them to users without worrying about application & system conflicts.
2. Application Hub: - Centrally stores isolated applications that you want to deliver to users
through streaming or virtualization.
3. Application Performance monitoring: - Using Edgesight software.
4. Health Assistant:-This performs continuous server health checks and automatically initiates
recovery procedures
5. Configuration Logging: - Tracks changes made to server farm when and who.
6. Speed screen progressive display:- Dramatically improves the performance of
graphics-intensive applications
7. Trusted server Configuration:-Prevent users from accessing unauthorized servers.
8. Load Throttling:-Prevent new servers from being overloaded when they first login to the
farm by automatically biasing server load.
9. ADFS support:
10. Multilingual user interface support for Virtualization & Streaming applications.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..


Metaframe XP vs PS 4.0
• A new EMF-based printing system.
• Virtual memory management technology from RTO Software and CPU management
technology licensed from Aurema.
• A brand-new Secure Gateway that will support Session Reliability and an XML
Service-based STA Service.
• A completely rewritten Web Interface that will be a "real" product, with GUI-based
management and simple customization and configuration.
• ICA Clients version 9
• Application Isolation Environments (AIE) which will allow redirection of file system
and registry areas on an application-by-application basis.
• All Conferencing Manager features.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
• Full policy-based integration with the SmartAccess capabilities of the Citrix Access
Gateway 4.0.
• License sharing between UNIX and Windows editions of Presentation Server
(MetaFrame for UNIX has also been updated to PS4)
Pre-requisite for Citrix PS 4.5:
Citrix Presentation Server for Microsoft Windows Server 2003, 32-Bit Edition
• Operating systems:
Windows Server 2003 (Standard, Enterprise, or Datacenter Edition) with Service Pack 1 or 2 installed
Windows Server 2003 R2
• Disk space requirements:
400MB for Citrix Presentation Server, Enterprise Edition
50MB for the Presentation Server Console
25MB for the Access Management Console
35MB for the Document Center
• Terminal Services running in application mode
• Java Runtime Environment Version 1.5.0_09
• If you do not have this installed, Autorun.exe prompts to install it for you
• Alternatively, you can cancel the installation and install JRE manually from the
Support\JRE1.5 folder on the server installation CD for Citrix Presentation Server
• .NET Framework Version 2.0
• If you do not have this installed, Autorun.exe prompts to install it for you
• You can also install .NET Framework Version 2.0 manually from the Support\dotNet20 folder
of the Citrix Presentation Server CD or image
Note: If you use HP ProtectTools in your environment, install them before installing Citrix Presentation Server.

Q. INSTALLATION MANAGER :
Installation Manager is a feature of Citrix Presentation Server, Enterprise Edition
that allows you to rapidly deploy applications and software components to your
servers from a central location.
a) From citrix website download the installation manager installation components and utilities
files.
b) Install the IM components and utilities on Citrix Server. Pre-requirement is Powershell to
be installed on Citrix servers.
c) Open MMC and import the Installation manager snap in.
d) Create a IM shared folder for IM.
e) Default actions that can be performed:

Application Isolation
The isolation environment protects the operating system and applications from
conflicts and other complications that frequently occur between incompatible or
legacy applications. The isolation environment creates an environment or userspecific
copy of the system resources modified by the published application
during installation or runtime. This allows the application to function without
affecting the rest of the system.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
The isolation environment also provides a virtual mapping from an application to
operating system resources. The mapping is accomplished through the use of
rules that specify how an application behaves within an isolation environment.
The basic steps for isolating an application are as follows:
• Through testing, identify applications that malfunction when run within
Citrix Presentation Server or Terminal Services.
• Ensure isolation environments are enabled for the farm. (By default
isolation environments are enabled at the farm level.)
• Create isolation environments.
• Configure the properties of the isolation environment.
• Isolate the published application.
To create isolation environments for the farm
1. In the left pane of the Presentation Server Console, select the Isolation
Environments node.
2. From the Actions menu, select New > Isolation environment.
3. Enter a name for the new isolation environment and click OK.
The new isolation environment appears in the Contents pane for the Isolation
Environments node.
After creating the isolation environment, you have the option of configuring each
isolation environment through its properties.
AIESETUP
Use aiesetup to install an application into an isolation environment. Run the command within
the application directory in cmd prompt.
Syntax
aiesetup [/d] [/n] [/q] [/64] [/w] AIE_Name Setup_application [application
parameters]
aiesetup [/e] AIE_Name
aiesetup [/?]
Parameters
AIE_Name
The name of an isolation environment.
Setup_application
The name of an application installer, such as an .msi, to run. You can also
append any parameters that the installer is required to process at runtime.
When using aiesetup with an .msi file, use msiexec.exe with the /i option.
Eg: >cd desktop\winzip
c:\Documents and Settings\Administrator\Desktop\Winzip>aiesetup "My Isolation
Environment" winrar10.exe
Resource Manager
Resource Manager , configured in the Presentation Server Console, which tracks and stores
information about a wide variety of system and network processes and events. These are known as
metrics. If the value of a metric falls outside normal limits, Resource Manager can inform you. When
installed, it automatically creates a set of default metrics and assigns limits to define the normal
operation of each one.

Selecting a Server to Use as the Farm Metric Server :
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
The Farm Metric Server interprets metrics that apply to the entire server farm (for example,
application counts) and sends alerts when required. By default, the first server on which you install
Resource Manager becomes the Farm Metric Server. If necessary, you can change the Farm Metric
Server to a different computer after installation.

Purpose of zones
Zone is subset of Farm and is designed so that we could use Farm as a unit. Zone
has server members and one of them is ZDC (Zone Data Collectors) in each zone.
These ZDCs communicate between zones. Zones are very help ful in controlling
traffic.
Preferences of zone DCs (most, preferred...)
This is done so that user accessing an application is directed to least busy server.
Q. Explain Citrix UPD :
Troubleshooting and Explaining the Citrix Universal Print Driver
The PCL5c UPD driver, originated in MetaFrame XP, Feature Release 3, is based on the HP Color LaserJet
4500, is 600 dpi, and supports color.
The PCL4 universal driver, originated in MetaFrame XP, Feature Release 2, is the native Windows HP
LaserJet Series II driver, monochrome, and 300 dpi.
Naming
Q: Is it possible to change the name of the Universal Print Driver (UPD)?
For example:
From “HP Color Laser Jet 4500 (MetaFrame PCL5c Universal Driver)” to just “MetaFrame PCL5c Universal
Driver” for demonstration purposes.
Changes to the Registry Value: DriverAlias under
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\UniversalPrintDrivers\”Type of Driver” have no effect.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

A: The part in parentheses is strictly an annotation we add to help administrators to identify the UPDs from all
of the other Windows printer drivers. This is not actually part of the name.
So the actual name of the driver is “HP Color LaserJet 4500.” This driver is a stock Windows printer driver
that comes with Windows by default.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

The universal drivers are installed and treated like any other Windows print driver. MetaFrame XP Feature
Release 3 changes the driver list in the Management Console so the universal drivers have a special icon and
tag line.
Altering the Default Driver for the UPD
The key
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\UniversalPrintDrivers\
Value:DriverList
Data of Type REG_SZ: EMF(Presentation Server 4.0 and 4.5) PCL4;PS;PCL5c.
Example: In MetaFrame XP Feature Release 3, if you remove PCL5c, the printer is mapped as PCL4. Certain
MetaFrame version can toggle this functionality by altering the Feature Release level.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Notes:
If EMF is removed, restart the Citrix Print Manager Service. A customer was publishing the RDP Client from
the Presentation Server 4.5 and then connecting to both Citrix and non-Citrix Terminal Servers. The printers in
the second hop were not creating.
The creation of the UPD requires that the appropriate feature release is set and the server is obtaining the
corresponding feature release license. If these conditions are not in place, an attempt to manually map the UPD
printer as outlined in CTX681954 - Troubleshooting Citrix ICA Printer Autocreation will not show the UPD
printer as an option.
Note: Native printers will map.
If you leave only PS, no printer is mapped. The “PS” universal driver is intended for use with UNIX Clients,
where Postscript is the default printer control language.
You do not need a PCL-compatible printer/driver to take advantage of the PCL5c or PCL4 universal printing
feature. The PCL interpreter, Pcl4rast.dll, is built into the Win32 and Macintosh Clients (version 6.20 or later).
The PCL print streams generated by these server-side drivers are interpreted by our client software,
VDSPL30N.dll, and rendered locally on the client utilizing the printer drivers and operating system of the
client device. To summarize, all the PCL UPDs need a working printer/driver on the client device. Local
printers or clients that are unable to support the basic features of the UPD drivers functionality may not print
correctly.
Presentation Server 4.0 and 4.5 uses a client-side EMF metafile handler, EMFRENDR.dll, and a client-side
EMF interpreter, VDSPL30N.dll. These features are available in the ICA Client for Windows version 9.0 and
later. The EMF handler captures the data of the inbound spool file into the user’s temp directory and launches
CPVIEWER.exe (responsible to interpret the EMF spool files by playing back each record) to preview and
print this file.
Known Issues / Limitations
Issues related to the native PCL5c Windows driver that MetaFrame XP uses, may cause minor corruptions in a
limited subset of documents when printed through UPD. However, the version that ships with Windows Server
2003 seems to have fewer problems. Therefore, it is advisable to have the customer upgrade their Windows
2000 server driver with the version that ships with Windows Server 2003.
CTX105353 - Universal Print Driver Output Is Faded and Illegible
CTX102574 - UPD, Universal Print Driver Client, Fixes in the 8.0 Win32 ICA Client
CTX107069 - SAP Frontend Printing Fails When Running SAPGUI for Windows on Presentation Server 4.0
CTX102919 - Wfica32.exe Program Error may Occur when Printing from the ICA Version 7.100 Client
using Universal Print Driver PCL:4
CTX488760 - Event ID 1106, Client Printer Autocreation Failed
CTX113551 - Color PDF Files Print in Black and White When Using the Universal Print Driver
CTX115464 - Print Field Commands Not Printed with Universal Printer Driver
CTX115553 – Presentation Server Client 10.x Introduces a New Method for Printing Documents From the
Advanced Universal Print Driver
CTX115762 – Controlling Which Universal Printer Driver Gets Loaded on a Citrix Presentation Server 4.5 64-
bit Server
CTX109196 – Mirrored/Inverted Print Jobs Appear when Printing from Presentation Server 4.0
CTX114287 – How to Enable Preview on a Client as the Default for Citrix Universal Autocreated Client
Printers
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
CTX114755 – CPVIEWER Consumes Memory and Freezes the Local Workstation When Using the Universal
Print Driver
CTX109149 – Error: The spool data received does no appear to be a Windows Server EMF spool file. ... No
Printouts Appear When Using EMF Printing
CTX118131 – Current Known Issues about Garbled Printing with EMF-based Citrix Universal Printer.
CTX118554 – XenApp 5.0 Univeral Print Driver Defaults to EMF Printing in Windows 2008
The UPD Fails to Install
A few possible reasons are as follows:
1. The spooler was stopped/hung during the install.
2. The spooler service is set other than “local system” or account that is installing MetaFrame XP.
3. Console Error, Digital Signature Not Found. This is unusual because the HP LaserJet Series II driver is
signed. A policy that disallows the addition of print drivers may be configured
4. There is a possible sequence in the upgrade path in MetaFrame XP.
CTX105821 - Error: Printer rundll command failed.
CTX105860 - How to Re-install the MetaFrame PCL5c Universal Driver
Print Jobs Appear to have an Increased Size when using the UPD with MetaFrame XP and MetaFrame
Presentation Server 3.0
Autocreated/universal print driver (UPD) printers have a smaller print job size on a MetaFrame server, which
is in PCL4/5c format. The PCL4/5c format is suitable for network transmission because of its small payload.
However, when the print job reaches the client, the print job is rasterized, thus creating a larger print job. In the
case of Hewlett-Packard and other native printer drivers, the print job created on the MetaFrame server is
usually in EMF format but is converted to a native printer format on the client. Depending upon the efficiency
and architecture of the native printer driver, the size of the EMF print job may be larger than the native format
and vice versa.
When using UPD, the following steps occur:
1. The job is created in PCL format on the server by the universal print driver.
2. Data is sent to the client within an ICA virtual channel.
3. PCL data is converted into a bitmap on the client.
4. The bitmap is spooled on the local printer.
The result is that the bitmap image of PCL data in the client printer spooler is larger then the PCL data sent
across the network to the client. This permits optimizing the bandwidth that is available between the client and
server, but printing the job with the UPD could be slower when the print job reaches the client. The UPD is
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
best suited for print driver management, bandwidth utilization, and autocreating client printers but does not
support special printing features such as double-sided printing.
Printer Will not Autocreate Using the Universal Print Driver
1. Does removing any third-party printer drivers resolve the issue?
2. If a known server is “working” and one is “broken,” attempt to replicate/import the UPD from the working
server to the non-working server.
3. Is the server licensed and the appropriate feature release level set correctly?
4. Ensure the UPD is installed and no policies are preventing the installation of printer drivers.
5. Ensure the Version 7.0 client or latter is being used for the MetaFrame Feature Release 3 UPD and that the
Pcl4rast.dll is present on the client machine.
6. Ensure the Version 9.0 client or greater is being used for the MetaFrame Feature Release 3 UPD and that the
EMFRENDR.dll is present on the client machine.
7. CTX111308 – Session Printers Assigned Through a Policy Are Not Using the Citrix Universal Print Driver
Setting the UPD for All, Except a Few Printers (MetaFrame XP Feature Release 3)
This is addressed in CTX105385 - Error: Client autocreation printer failure - Print driver not allow based on
compatibility list and Event ID 1104
Alternate Method:
1. Select Use Universal Driver only if Native Driver is Unavailable in the Management Console.
2. Clear the following box:
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

3. For printer drivers that are never to be used, add the names of any of these drivers to this list:
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

4. Restrict users from adding drivers:
Q262202
Q239536
Q180545
Q259574
Q234270
Troubleshooting UPD Printing Within Applications
1. Connect a printer locally to the MetaFrame server and select the HP LaserJet Series II or current UPD alias
driver in the Add Printer wizard.
2. If you cannot connect this printer to the server, browse and connect to a shared network printer and modify
the driver on the Advanced tab of the Explorer’s printer properties dialog box.
3. Create an alias UPD printer and set the port as FILE, run the application, and print to the alias UPD printer.
4. Verify how the application behaves when executed on the console with the same driver that is used by the
UPD.
5. Do any other similar print outputs in other applications experience the same behavior as the UPD?
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
6. Do print jobs from the applications experience any issues when mapped to the same driver as the client
device?
7. When printing certain forms using the universal print driver, the page does not print as displayed?
8. When printing using Version 2.0 of the universal printer driver with custom in-house fonts, the print job
renders an incomplete print, especially when using large font sizes. This fix offers a workaround by allowing
you to disable print optimization in the printer settings. To do this, you must set the following registry key:
HKEY_LOCAL_MACHINE\Software\Citrix\UniversalPrintDrivers\PCL5c
Name: DisablePrintOptimizations
Type:REG_DWORD
Data=1
[From MPSE300R05W2K3006][#128201]
Cause
The application is directly inserting PCL of its own origin into the print stream using the form overlay
capability of the PCL language. The PCL form overlay feature can be accessed through an escape function
provided by most PCL5 printer drivers, the 4500 driver included. It basically allows an application to insert
arbitrary PCL directly into the print data stream.
Resolution
Configure the application to use strictly GDI rendering instead of PCL EscapePassThrough or the standard
device driver’s instead of the universal print driver.
Can the UPD Margin Settings Be Changed?
The margins presented by the new universal driver, HP Color LaserJet 4500, are different. However, the
bitmap-to-page registration algorithm is unchanged. Because MetaFrame XP Feature Release 2 uses the HP
LaserJet Series II driver, the nonprintable region of a Series II printer is ¼-inch on each side of the page.
Citrix uses the UPD as a proxy driver on the server and the non-printable region of the client printer is most
likely going to be different. Therefore, the real nonprintable area of the printer may be larger than that of the
universal driver. A print job where the application places data on the page near the printable limit of the UPD
may drop out on the printed page because it falls outside the printable limit of the underlying client printer.
Q. Explain Citrix Universal Printer
The Citrix Universal Printer is an auto-created printer object that uses the Citrix Universal Print Driver
and is not tied to any specific printer defined on the client. Once implemented, it is available in all sessions that
use the 32-bit Windows client. It is also independent of any printing policies defined in the management
console or elsewhere, and therefore, it is possible to implement the Citrix Universal Printer with other auto-
created printers, session printers, and/or non-Citrix defined printers (as well as by itself). It auto-creates in a
standard fashion with the name “Citrix UNIVERSAL Printer” as shown below:
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

Note: The Citrix Universal Printer does not auto-create when using the policy to “Create old-style client
printers” as explained in the following document:
CTX108334 – Citrix Universal Printer Does Not Appear in Session
When users print to this printer within their sessions, the standard action is to automatically send the job to the
default printer specified on the Windows client machine. This behavior can be modified to allow printing to
any client-defined print device by going to the Preferences of the auto-created Citrix Universal Printer either
within the print dialog of the application or from within the Printers folder and choosing Preview on client as
seen in the following screen shot:
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

When this option is adjusted on the Preferences of the Citrix Universal Printer from within the Printers folder
on the server, the setting is retained in the user’s profile and set in future sessions as per the Printer Properties
Retention Policy.
Printing to the Citrix Universal Printer with this option selected brings up the Enhanced Metafile (EMF)
Viewer (CPViewer.exe) on the Windows client with a preview of the print job. The user can then select the
client printer they wish to use just as if they were printing from any other local application.
Note: It is possible to modify the default behavior and force the Preview on client option to be selected for
either all auto-created Citrix Universal Printers or all auto-created printers using the Universal Print Driver
(including the Citrix Universal Printer). For more information, refer to the following document:
CTX114287 – How to Enable Preview on a Client as the Default for Citrix Universal Autocreated Client
Printers
For environments that do not have additional printer requirements, creating only the Citrix Universal Printer
within each session instead of one printer for each underlying client printer can provide substantial
performance savings on the XenApp server. To realize these savings, the administrator should choose to
disable client printer auto-creation through a policy from within the management console.
Procedure
The steps described below explain how to auto-create the generic Citrix Universal Printer in user sessions. This
is separate from any other available printers that may or may not be defined by policies in the management
console.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Caution! This fix requires you to edit the registry. Using Registry Editor incorrectly can cause serious
problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems
resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure
to back up the registry before you edit it.
1. Add the following registry key to each server if not already present:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Print
2. Create a DWORD called DefaultPrnFlags with a hex value of 0x00000020. If the DWORD already exists
with a specified value, add this hex value to the current hex value.
The Citrix Universal Printer should now auto-create in all ICA sessions established to the XenApp server from
this point forward.
Note: An incorrectly set DefaultPrnFlags value can prevent printer auto-creation entirely.
Q. What is Client Lock Down
Typically 'client lockdown' is the process of securing an endpoint so that the user can only
access authorised features. An example of this would be turning the device into a 'Thin Client'
by locking it down so that an end user can only connect to published apps or desktops and can
not use other features.
PN Client and go to Tools->ICA Settings-&gt;Hotkeys Tab. CTRL+ALT+DEL hotkey is
Ctrl+F1. So if you add that hotkey combo into the default.ica file in WebInt, it will give users
the ability to lock their Citrix sessions by hitting Ctrl+F1 and walk away from the thin client.

How to Enable or Disable Hotkeys within an ICA file (including Template.ica)
Summary
This article describes how to enable and disable Web Interface hotkeys.
Procedure
How to Enable Web Interface Hotkeys
The procedure below allows for the default ICA Client hotkeys to be mapped within Web
Interface. If any keys affect your application, alter them to reflect a key that does not conflict
with your application. This process alleviates the need to alter each appsrv.ini file on the
individual client workstation.
The Citrix Web Client, 6.x versions (985, 986, and 1050), do not have the code to read from
the client installed Appsrv.ini or an .ICA file.
1. Using a text editor such as Notepad, locate the Template.ica file, or if using Web Interface
4.x or later, the default.ica file being used for the Web Interface site.
2. Copy the ICA parameters below into the Template.ica or default.ica file. Place this code
after the [WFCLIENT] tag:
Hotkey1Char=F1
Hotkey1Shift=Shift
Hotkey2Char=F3
Hotkey2Shift=Shift
Hotkey3Char=F2
Hotkey3Shift=Shift
Hotkey4Char=F1
Hotkey4Shift=Ctrl
Hotkey5Char=F2
Hotkey5Shift=Ctrl
Hotkey6Char=F2
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Hotkey6Shift=Alt
Hotkey7Char=plus
Hotkey7Shift=Alt
Hotkey8Char=minus
Hotkey8Shift=Alt
Hotkey9Char=F3
HotKey9Shift=Ctrl
Hotkey10Char=F5
HotKey10Shift=Ctrl
Hotkey11Char=plus
Hotkey11Shift=Ctrl
Hotkey12Char=plus
Hotkey12Shift=Ctrl
Hotkey13Char=plus
Hotkey13Shift=Ctrl
Note: Be sure to place all of the hotkey listings into the file.
Q. What is Printer terminology in Citrix
Citrix Printing can be configured 3 ways (types)
1.Local Printing.
2.Network Printing
3.Client Printing

Client Printer: The printer connected to the Worksation & the drivers are installed on the citrix
server for printing.
Network Printer: The Printer connected to the print server & the drivers should be available on
the citrix server.
Local Printer: The prinetr connected to locally to the citrix server & the driers are installed for the
print operation.

Q. What are different load evaluators are available in Citrix
1. Default Load Evaluators
2. Advance Load evaluators
3. Custom load evaluators
Q. How to implement Policies in Citrix
The Citrix policy can be applied through Console Managment in 3 levels

1. Farm Level
2. Citrix Server Level
3. Policy.

11. What you will check when any user is not able to launch citrix application.
1) First try to launch same application from Citrix server(on which you installed and published)

Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
2) Try to add same application to your ID and try to launch

3) Check user permissions for that Applications

4) Verify that latest Citrix client software installed at desktop

5) Verify that user is having correct proxy settings to connect to your Citrix network (for remote
users)

Q. What is ICA and what are the advantage of ICA

ICA - Independent Computing Architechture. It provides better compression. Transmits High-
level windows display information. ICA also has several features that RDP just doesn't
support yet. ICA enables application publishing -- where the application is on one server but
is available across the cluster -- session shadowing anonymous users audio support and
drive printer and port mapping ICA is also built into Internet Explorer and is available as a
free plug-in for Netscape. RDP doesn't permit applications to run in a browser

The Main differences b/w Citrix Metaframe and Windows 2000 TS/RDP
Feature
Citrix
Windows 2000
Terminal
Services Metaframe
Available client
DOS X
Macintosh (Motorola, PowerPC) X
UNIX (Solaris, Sparc, X386, DEC) X
UNIX (SunOS, SCO, DEC, HP) X
UNIX (SGI, SCO, Linux) X
RISC OS X
Client devices
PCs (DOS, UNIX, Linux) X
Macintosh (Motorola, PowerPC) X
Handheld PCs X
Network terminals (Winterm, etc.) X
Set-top devices X
Mobile handheld devices X
Client features
Automatic drive redirection X
Seamless windows X
Bitmap caching X
Transport protocols
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
IPX X
SPX X
NetBeui X
Client multi-media
16-bit stereo (WAV, MIDI, AVI) X
Connections
Direct serial connection (asynch) X
Direct dial-up X
Local device support
COM port redirection X

Differences between ICA and Wndows 2003 TS/RDP.
Client Support ICA RDP
Windows 95/98/NT/2000/XP X X
Windows for Workgroups 3.11 X X
Windows CE X X
Web browser X X
DOS X
Windows 3.1 X
Macintosh X
UNIX X
Linux X
Java X

Q. What is Speed Screen
Speed Screen Latency Reduction (referred to as SLR throughout the rest of this document) is
a collective term
used to describe two separate technologies, namely Local Text Echo and Mouse Click
Feedback, which help
enhance the user experience over a high latency connection.
_ Local text echo: On high latency connections, users often experience significant delays
between when they
enter text at the keyboard and when it is echoed or displayed on the screen.
Local text echo is the technology that accelerates the display of the input text on the client
device, effectively
shielding the user from experiencing latency on the network.
_ Mouse click feedback: On high latency connections, users often click the mouse multiple
times because there
is no visual feedback that a mouse-click resulted in an action.
Mouse click feedback provides visual feedback for mouse-clicks. When the user clicks the
mouse, the ICA
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Client immediately changes the mouse pointer to which indicates that the user’s input is being
processed
in the background. When the mouse click has been processed at the server, the client reverts
the cursor to its
previous form, indicating to the user that the mouse click has been processed.

Q. What are the query command in citrix
1)qfarm
2)querydc
3)queryds
4)queryhr

Q. How to recover when Datastore failing
data store can be recreated by the *.mdb file which is located at program
files/Citrix/Indipendent Architectute Management

this file can be moved to another server and a data base connectivity and be created using
ODBC and creating a *.dsn file.

Q. How to determine what datastore is used ?
Look for Datasourcename reg key via Hkey-localMachine--software--Citirx--IMA...this
should tell you where/what DSN file you're using, navigate to the file and edit it with a
notepad to see the servername and datastore description your farm is using...

Q. How to recover when IMA failing
There can be a number of reasons why the IMA Service appears not to have started including the
following:
IMA Service load time
IMA Service subsystem
Missing Temp directory
Print spooler service
ODBC configuration
Roaming Profile
Examine the following Windows Registry setting:
HKEY_LOCAL_MACHINESOFTWARECitrixIMARuntimeCurrentlyLoadingPlugin
If there is no value specified in the CurrentlyLoadingPlugin portion of the above Windows Registry
entry then either the IMA Service could not connect to the data store or the local host cache is missing
or corrupt.
If a CurrentlyLoadingPlugin value is specified the IMA Service made a connection to the data store
and the value displayed is the name of the IMA Service subsystem that failed to load.
Missing Temp Directory
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
If administrators see an “IMA Service Failed†error message with an error code of 2147483649
when starting the MetaFrame XP Presentation Server the local system account might be missing a
Temp directory which is required for the IMA Service to run.
To gain further insight into the situation change the IMA Service startup account to the local
administrator and restart the server. If the IMA Service is successful in starting under the local
administrator’s account then it is likely that a missing Temp directory for the local system account
is causing the situation.
If the Temp directory is not present then manually create one as >Temp. For example:
C:WinntTemp
Also verify that the TMP and TEMP system environment variables point to the temporary directory.
Restart the server to restart the IMA Service
Q. What is the requirement of Installation Manager and wht kind of extension its support ?
Installation Manager is a powerfull feature in Metaframe XPe that facilitates the rapid installation
of applications and other software components.

Installation manager let you install applications other software components to any or all available
servers in your farm-attended or unattended-using any metaframe XP server on the network
regardless of physical location network connection type or hardware set up.

It supports extensions like ADF MSI and MSP.
Windows 2000 Terminal Services Session Management Tools
Tscon.exe
Tscon.exe attaches a user session to a previously connected Terminal Server session.

Syntax for Tscon.exe:
TSCON [sessionid | sessionname] [/SERVER:servername] [/DEST:sessionname]
[/PASSWORD:pw] [/V]

sessionid The ID of the session.
sessionname The name of the session.
/SERVER:servername The name of the Terminal Server to connect to (default is current).
/DEST:sessionname Connect the session to destination sessionname.
/PASSWORD:pw Password of user owning identified session.
/v Displays information about the actions performed.

Example: tscon 3 /server:cprsrv02 /dest:rdp-tcp#3 /password:* /v

Tsdiscon.exe
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Tsdiscon.exe disconnects an active Terminal Server session.

Syntax for Tsdiscon.exe:
TSDISCON [sessionid | sessionname] [/SERVER:servername] [/V]

sessionid The ID of the session.
sessionname The name of the session.
/SERVER:servername Specifies the Terminal Server (default is current).
/v Displays information about the actions performed.

Example: tsdiscon 3 /server:cprsrv02 /v

Tsshutdn.exe
Tsshutdn.exe shuts down a Terminal Server in a controlled manner.

Syntax for Tsshutdn.exe:
TSSHUTDN [wait_time] [/SERVER:servername] [/REBOOT] [/POWERDOWN]
[/DELAY:logoffdelay] [/V]

wait_time Seconds to wait after user notification before
terminating all user sessions (default is 60).
/SERVER:servername The server to shut down (default is current).
/REBOOT Reboot the server after user sessions are terminated.
/POWERDOWN The server prepares for powering off.
/DELAY:logoffdelay Seconds to wait after logging off all connected
sessions (default is 30).
/v Display information about actions being performed.

Example: tsshutdn 60 /server:cprsrv02 /reboot /delay:30 /v

Tskill.exe
Tskill.exe ends an active process and/or processes on a selected server.

Syntax for Tskill.exe:
TSKILL processid | processname [/SERVER:servername] [/ID:sessionid | /A] [/V]

processid Process ID for the process to be terminated.
processname Process name to be terminated.
/SERVER:servername Server containing processID (default is current).
/ID or /A must be specified when using processname
and /SERVER
/ID:sessionid End process running under the specified session.
/a End process running under all sessions.
/v Display information about actions being performed.

Example: tskill 172 /server:cprsrv02 /id:3 /v

Rwinsta.exe
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Rwinsta.exe resets the session subsystem hardware and software to known initial values.

Syntax for Rwinsta.exe:
RESET SESSION {sessionname | sessionid} [/SERVER:servername] [/V]

sessionname Identifies the session with name sessionname.
sessionid Identifies the session with ID sessionid.
/SERVER:servername The server containing the session (default is current).
/v Display additional information.

Example: rwinsta 3 /server:cprsrv02 /v

Q. What is the requirement for Citrix server installation ?
a) XenApp 5.0 for Windows Server 2003, 32-bit Edition
XenApp 5.0 for Windows Server 2003 is supported on the following operating systems:
• Windows Server 2003 (Standard, Enterprise, and Datacenter editions) with Service Pack
1 or 2
• Windows Server 2003 R2
Requirements:
• Disk space:
o 400MB for XenApp 5.0 for Windows Server 2003, Enterprise Edition
o 50MB for the Presentation Server Console
o 25MB for the Access Management Console
• Terminal Services, running in application mode
Autorun installs the following software, if it is not already installed (you can also install it
manually from the Support folder on the installation media):
• Java Runtime Environment, Version 1.5.0_09
• .NET Framework Version 2.0
Citrix does not recommend installing XenApp on a domain controller.
b) XenApp 5.0 for Microsoft Windows Server 2008 (32-bit)
XenApp 5.0 for Microsoft Windows Server 2008 is supported on all Windows Server 2008
editions that support Terminal Services, except the Web Server Edition and the Server Core
Edition.
Requirements:
• Add the following roles, using the Server Manager:
o Terminal Services
o Application Server
o If sharing a port between the Citrix XML service and IIS, add the Web Server
(IIS) role and these role services: Security, Windows Authentication, IIS 6
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Management Compatibility and all its subcomponents, ISAPI Extensions, and
ISAPI Filters
• Disk space: 400MB
During XenApp installation, an error message may appear, indicating mstlsapi.dll is missing.
Citrix recommends using the XenApp Plugin for Hosted Apps included with this release
(Version 11.x). If you want to use older plugins (clients) with XenApp 5.0 for Microsoft
Windows Server 2008, install a Microsoft hotfix on the server before installing XenApp. For
information, go to http://support.microsoft.com/kb/949914.
Q. What is Datastore
An Open Database Connectivity (ODBC)-compliant database that stores persistent data
for a farm. Examples of persistent data include configuration information about Server Farm
Name, List of published application, policies, servers in the farm, administrators of the farm and
their rights, installable packages, load balancing rules.. Each server farm has a single data store.
3. What is Data collector
A computer that stores dynamic data for one zone in a farm. Examples of dynamic data
include current server load, the number of current user sessions, and the applications currently
running in user sessions on a specified server. Most Preferred, Preferred, Default Preference, Not
Preferred.
Q. What is LHC
A local subset of the server farm data store information. This file is present on all
XenApp servers.
All about Local Host Cache:
What is the refresh time for Local host cache. And what is the reset time for LHC?

LHC is refreshed every 30 minutes
you can refresh/recreate manually when IMA is stopped:
"dsmaint recreatelhc" or "dsmaint refreshlhc" -> restart IMA

When the citrix license server is down, how long will the existing citrix session work, with
the information from the LHC ?

Licensing information is not in LHC - Grace Period fpr License Server is 30 days
It is stores in c:\program files\citrix\MPS-WSXICA_MPS-WSXICA.ini

Is it possible to view the LHC information. Where do i find it?

File is located in c:\program files\citrix\independent management architecture\imalhc.mdb

Every citrix server has a copy of the LHC, and works as a backup, if the datastore goes down.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

LHC is a subset of the IMA Datastore?
yes

If the datastore goes down. Is it possible to launch the CMC, from the information in the
LHC ?

You can launch PSC und AMC but changes are not possible
Issues pertaining to LHC:
1) Refreshing the Local Host Cache
If the IMA service is currently running, but published applications do not appear correctly in
ICA Client application browsing, force a manual refresh of the local host cache by
executing dsmaint refreshlhc from a command prompt on the affected server. This action forces
the local host cache to read all changes immediately from the data store.
A discrepancy in the local host cache occurs only if the IMA service on a server misses a change
event and is not synchronized correctly with the data store.

2) Recreating the Local Host Cache
If the IMA service does not start, the cause may be a corrupt LHC.
If you have made extensive changes to the farm data store, such as publishing various
applications, adding or removing servers from the farm, or creating new policies.
If you must clean the farm data store, using the DSCHECK utility, you should then rebuild the
LHC on each of the servers in your farm, once the data store has been cleaned.

Steps to recreate the Local Host Cache
IMPORTANT: The data store server must be available for dsmaint recreatelhc to work. If the
data store is not available, the IMA service cannot start.
1. Stop the IMA service on the XenApp server, if it is started. This can be done using the
command: net stop imaservice, or from services.
2. Run dsmaint recreatelhc, which renames the existing LHC database, creates a new database,
and modifies the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\Runtime\PSRequired key to 1. Setting
the value PSRequired to 1 forces the server to establish communication with the data store in
order to populate the Local Host Cache database. When the IMA service is restarted, the LHC is
recreated with the current data from the data store.
3. Restart the IMA service. This can be done via the command line, net start imaservice, or from
services.




Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Q. What are different load evaluators are available in Citrix
These load evaluators are included in XenApp:
• Default. XenApp attaches the Default load evaluator to each server after you add your
license to the server farm. It contains two rules: Server User, which reports a full load
when 100 users log on to the attached server; and Load Throttling, which specifies the
impact that logging on has on load and limits the number of concurrent connection
attempts the server is expected to handle.
• Advanced. This load evaluator contains the CPU Utilization Load, Memory Usage, Page
Swaps, and Load Throttling rules.
Important: You cannot delete the Citrix-provided Advanced or Default load evaluators.
You can create new load evaluators based on the rules available.
Important: Each server or published application can have only one load evaluator attached to it.
You can attach one load evaluator to a server and one load evaluator to each published
application on the same server. For example, you can keep the Default load evaluator attached to
your server and attach another load evaluator to each of your published applications on that
server.
Q. How to implement Policies in Citrix
Using Citrix policies with Active Directory
Active Directory and Windows policies do not take precedence over XenApp policies. In a
XenApp environment and with XenApp features, Citrix policies always take precedence over
Windows policies and settings. Citrix designed XenApp policies so that they do not conflict with
Active Directory policies.
In a Citrix environment, XenApp policy rules override the same settings configured in an Active
Directory policy or using the Terminal Services Configuration tool. They also override Microsoft
policies, including those that are related to typical Remote Desktop Protocol (RDP) client
connection settings such as the policies for Desktop wallpaper, Menu animations, and Windows
contents while dragging.
However, XenApp policy rules do not always override policies for encryption and shadowing.
These policies behave according to the most restrictive settings configured by the Terminal
Services Configuration tool, Active Directory group policies, application configuration, and
Citrix policies.
Prioritizing Policies and Creating Exceptions
Prioritizing policies allows you to define the precedence of policies when they contain
conflicting rules. The process XenApp uses to evaluate policies is as follows:
1. When a user logs on, all policies that match the filters for the connection are identified.
2. XenApp sorts the identified policies into priority order and compares multiple instances
of any rule, applying the rule according to the priority ranking of the policy.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
You prioritize policies by giving them different priority numbers. By default, new policies are
given the lowest priority. If policy settings conflict, a policy with a higher priority (a priority
number of 1 is the highest) overrides a policy with a lower priority. Rules are merged according
to priority and the rule’s condition; for example, whether the rule is disabled, enabled, or not
configured. Any disabled rule overrides a lower-ranked rule that is enabled. Policy rules that are
not configured are ignored and do not override the settings of lower-ranked rules.
When you create policies for groups of users, client devices, or servers, you may find that some
members of the group require exceptions to some policy rules. To more effectively manage
exceptions, you can create new policies for only those group members needing the exceptions,
and then rank that policy higher than the policy for the entire group.
To display the priorities of all policies
1. Depending on the version of XenApp you have installed:
o From the Start menu, open All Programs > Citrix > Administration Tools and
choose XenApp Advanced Configuration.
o From the ICA toolbar, open the Presentation Server Console.
2. In the left pane, select Policies.
3. From the View menu, select Details.
To give a policy a higher priority
1. Depending on the version of XenApp you have installed:
o From the Start menu, open All Programs > Citrix > Administration Tools and
choose XenApp Advanced Configuration.
o From the ICA toolbar, open the Presentation Server Console.
2. Select the policy.
3. From the Actions menu, select Policy > Priority.
4. Select Increase Priority until the policy has the preferred rank.
Q. What you will check when any user is not able to launch citrix application ?
a) First try to launch same application from Citrix server(on which you installed and
published)

b) Try to add same application to your ID and try to launch

c) Check user permissions for that Applications

4) Verify that latest Citrix client software installed at desktop

5) Verify that user is having correct proxy settings to connect to your Citrix network (for remote
users)

Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Q. What is IMA ?
IMA – Independent Management Architecture – it runs as a service. It is a collection of
subsystems (*.dll) that communicate with each other to provide the services/ functions of the
Presentation Server. It uses two ports – 2512 and 2513. 2512 is used as a port for communication
between servers and 2513 is used as a port to communicate with the CMC.
IMA Service issue.
Error message: The requested resource is not available,
After finding what App the user is accessing.
Found the server, on which the application is Published Greece.
Logged into the server, performed
C:\pskill imasrv.exe
Restarted service.
C:\netstart imaservice
If the citrix DB (LHC) size is large - perform compact and repair database.
In our case the LHC size was 46mb, performed compact and repair in MS Access, and reduced
size to 15 MB.
Try to kill and restart the IMA service.
Still if there are issues, in restarting the IMA service.
Recreate the LHC. First stop the IMA service and then recreate the LHC.
C:\dsmaint recreate lhc
This will recreate the LHC, then start the IMA service.
Q. Resource Manager Metric:
Metric Status
When viewing metrics, each specific metric has an icon whose color corresponds to the state of
the metric. Each metric type, both for published applications and servers, has six possible states,
as outlined below:
Green. The metric is operating within its acceptable limits as configured in its properties.
Yellow. The metric has exceeded the limits of the green state and switched to yellow, having
exceeded the time and value limit threshold you configured.
Red. The metric has exceeded the time and limit thresholds of the yellow state and switched to
red. Any configured SNMP, SMS or email alerts have been sent.
Blue. The metric has been added, but it has not yet been configured, so it can't change color. This
blue status will not change until you edit the properties of the metric and configure it for use.
Gray (Paused). The metric has entered a "snooze" state, manually invoked by an administrator.
During this snooze period the metric will not activate any red alarms, and yellow and red
conditions will not cause the metric to appear in the watcher window. However, during this
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
snooze state, the metric is still active and it is still collecting data. The metric will exit the snooze
state and become green, yellow, or red, after a preconfigured amount of snooze time has passed,
as configured in the metric's properties.
Black (Stopped). The metric has entered a "sleep" state, manually invoked by an administrator.
During this sleep period, the metric will not activate any red alarms. Also, yellow or red
conditions will not cause the metric to appear in the watcher window. However, during this sleep
state, the metric is still active, and it is still collecting data. The metric will not exit the sleep state
until it is manually "woken up" by an administrator.
Metric Options
In addition to the colored status indicators of a metric, you can configure the metric options by
right-clicking on the metric's name. These options include:
• Snooze. This is where you set the metric to the "snooze" state, silencing any red or yellow
conditions. The snooze state is temporary, and the snooze time is configurable in the metric
properties. This is thought of as "pausing" a metric.
• Sleep. This is where you set the metric to the "sleep" state. Like the snooze state, the sleep state
will silence red or yellow conditions. However, unlike the snooze metric which is temporary, the
metric will remain in the sleep state indefinitely until you manually wake it up. This is thought of
as "stopping" a metric.
• Real time graph. This option displays a real time graph of the metric's values, updated every 15
seconds. This graph is similar to the graphs available in Performance Monitor. You can also view
this graph by double-clicking on a metric in the CMC.
• Properties. This is where you configure the specific behavior of a metric (such as the parameters
for going red, yellow, or green). See the "Metric Properties" section of this chapter for more
information.
• Add/Remove Metric. This option allows you to add additional metrics to the server to be
monitored. There is no limit to the total number of metrics that can be added.
Q. Resource Manager:
Introduction to Resource Manager (RM)
What is Resource Manager, actually?
Resource Manager collects, displays and stores data about system performance, applications or
process use.
Citrix RM definitely has some overlap with Performance Monitor, but adds some extra
functionality to it.
These additional functionalities are the benefits of Resource Manager.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
• Real Time Watcher, on the monitored counters (called Metrics within Resource Manager) you
can assign two thresholds (warning and error). If these thresholds are exceeded Resource
Manager can warn you via several methods like SMS, E-mail or SNMP.
• Resource Manager can store the collected data for a longer time. This makes it possible to
generate reports based on current and past activity.
• Resource Manager has an option to create billing reports based on self defined costs.
• Resource Manager collects, besides the system counters, also Citrix specific data like Application
usage, User activity and Farm information.
If your infrastructure already contains an advanced monitoring system like Tivoli NetView, HP
OpenView, or CA Unicentre, these solutions provide the Network Manage component. This
component ports the data from Resource Manager to the monitoring system, so the data is also
available in those systems. Citrix also support this functionality for Microsoft Operations
Manager (MOM).
Resource Manager Setup
Resource Manager configuration is done via the Citrix Management Console via the Resource
Manager menu option in the left pane.

Figure 1: Rescource Manager overview
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
The first step should be configuring the Summary Database. This database can be hosted on a
MS SQL or Oracle server. After defining the database you should pick one of your Citrix servers
to host the role Database Connection Server. On this server you should define a Data Source
Name (System DSN) to set up a connection with the database server. If the DSN configuration is
completed the last step is to configure the chosen server as the Database Connection Server. This
is done via the configure button on the Summary Database tab within the Resource Manager
component.
Choose the server you created the system DSN on and specify the database user with this
password. Also choose an update time. At the selected time the database connection server
will store all collected data in the database. This data is stored in a local access database on all
Citrix servers during the day. You can specify the retention period of the data in the database
and, if needed, alert settings for summary database alerts.

Figure 2: Setting up a Summary Database
As mentioned before, Citrix also collects specific data about the Citrix Farm. This specific data
is collected by one server which has the so called Farm Metric role. The assigning of this role is
done on the Farm Metric Server tab. Within this tab you can configure the primary server and
backup server. If this server is unavailable the role will be assigned to the backup Farm Metric
server automatically.
If you would like to be alerted via SMS, SNMP or e-mail these settings are configured in the tabs
SMS, SNMP and/or Email.
If your company is charging departments, branch office or customers for the usage of the IT
infrastructure, they could use the billing option available in the Resource Manager.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
First you need to define a fee for the environment based on one or more sources, like session
time, CPU, memory and process active time. Secondly you need to define so called Cost Centers.
In these Cost Centers you can add users and or groups which represent an entity which your
company would like to invoice. Via the same Billing TAB the invoices can also be generated.
Configure Metrics
Probably the real time monitoring option is one of the most used options within Resource
Manager. The watcher shows the configured metrics with their current state. These metrics are
configured at the server level in the tab Resource Manager. Right Click on a metric and choose
properties to set the desired values for the metric.
Of course it is very important that the metrics’ thresholds are configured with truthful values and
it is here where a lot of problems usually occur. Lots of companies do not change the thresholds
and get warnings and errors all the time, while the environment looks fine.
So definitely change the threshold values with values that correspond to your environment. To
do this use Resource Manager or Microsoft Performance Monitor to make at least two baselines.
One baseline is an overview of the system usages when no users are connected. The second
baseline is a server with connected users with normal usage as expected/calculated. Use the
second baseline to define your thresholds. Configure the thresholds somewhat higher than the
maximum values which were shown in the baseline.

Figure 3: Configuring the thresholds for the metrics
Also additional metrics can be added for your needs, but do not add too many metrics. Citrix
recommends limiting the amount of metrics to fifty.
I advise monitoring the following counters, because they give a good overview of the total
system performance or important Citrix data:
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
• Citrix Metaframe Presentation Server – Data Store Connection Failure
• LogicalDisk - % Disk Time
• LogicalDisk - % Free Space
• Physical disk: % disk time
• Physical disk: Average current disk queue length
• Memory: Pages/sec
• Memory: Available Bytes
• Memory: % Committed bytes in use
• Paging file: % Usage
• Processor: % Interrupt Time
• Processor: Processor Time %
• System: Processor queue length
• Network interface: bytes total/sec
• System – Context Switches/sec
• Terminal Services – Active Sessions
• Terminal Services – Inactive Sessions
Because these settings are on the server level, you can configure different metrics and thresholds
on every server. But in most situations you probably would like to have the same metrics and
thresholds through your whole farm. This can be done in the server metric properties of the
server where you configured all the metrics. Choose Apply to other servers and select the servers
you want to assign the metrics to.
If you would like to monitor the usage of applications you should define this during
the publishing of the application via the Citrix Management Console. This is the only metric
available, so you can just count how many instances of the application are running.
Monitor the farm using Resource Manager
Now the configuration is finished we are ready to really use the Resource Manager. You have
two options that you can really make good use of with the Management Console as a starting
point.
• The Resource Manager tab on the Servers component (in the left pane)
This gives an overall overview of the status of your servers with easy icons (green for below
thresholds, yellow for warning level and red for the error level). If one or more metrics are above
their threshold then the overall server status will also change.
• The Watcher tab within the Resource Manager component
If one or more metrics are above threshold, they will be displayed within the watcher.
When double clicking on the server or metric you will be forwarded to the Resource Manager tab
of that particular server where the metric exceeded the threshold.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Double click the metric to show the real time graph on the specified metric. The specified
threshold is displayed using a yellow (warning) and red (error) line.
Reports using Resource Manager
Besides the real time monitoring you can also create reports on current activity and historical
usage. Within the Resource Manager just a few simple reports are available. These can be useful
for troubleshooting, but are not reports you can use for analysis or management overviews.
Fortunately Citrix added lots of useful reports in their new Access Suite Console.

Figure 4: Selecting report out of the Citrix Access Suite console
If the report within the Access Suite does not fit your needs you can use specified products to
create your own reports. Because the summary database is an SQL or Oracle database you can
directly query the database. One of the most used software products for this kind of task is
Crystal Reports. Citrix has delivered several Crystal Reports templates to get started with this
product. The templates can be downloaded at the Citrix Download Site.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Q. Installing EdgeSight For Load Testing for XenApp 6
The version of most software appears to have been incremented with the release of XenApp 6,
and this includes EdgeSight For Load Testing (ESLT) which is now Build 3.6.1.24.
Oddly previous versions of ESLT appear to be a higher build number – the version I was testing
XenApp 5 with was build 5.2 and it shipped with build 5.0. I assume they have reordered their
build numbers! Please note that ESLT is a different program from EdgeSight – they can be
installed on the same machine, but there is no reason as such to do so, and neither application
requires the other to work.
• Get a Windows Server 2008 or 2008 R2 server (I’ve tested XenApp 6 with an R1 server
just fine). You will need a XenApp License server set up too before you can use ESLT
properly. Make sure its got a lot of memory if its going to run a lot of sessions – I have
found to launch more than 100 sessions meant more than 4gb of RAM and of course 64-
bit OS if using Windows 2008.
• Be aware that ESLT actually consists of 2 parts – the Launcher and the Controller. You
would only have one Controller usually to kick off the tests but you could have the
Launcher software installed on several machines to actually launch sessions from lots of
places. This might be better for you if you don’t have a powerful server to run everything
– personally I’ve always used one server for everything which is fine – if its up to it.
• Uninstall any previous version of ESLT.
• Get the folder “Load Testing Services” off the XenApp 6 DVD and copy it to your new
Load Testing server. Or download it from My Citrix.
• Run EdgeSight for Load Testing.msi
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

• Click next, agree to the EULA and click next again.
• Click Custom (always click custom!)

Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
• Set all three components to install. The “Web Interface XML Service” allows you to
connect to applications more easily without messing about creating ICA files so is good
to have. It doesn’t actually use the Web Interface.
• Enter a really good password

• ESLT WI Support.msi is only needed if you are installing ESLT on a Web Interface
server
• After installation, you can make sure the essential service is started – its the Citrix
EdgeSight Launcher Service and replaces the Launcher application from previous
versions of ESLT

• You can now run the LT Controller from the Start Menu
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

• You will get a handy message about the changes you should make to your Citrix servers
in order to be able to do Load Testing. These are important so don’t ignore them. You
might well not want these settings on your live production servers!

• To implement these settings, log on to your XenApp 6 servers and click Start, All
Programs, Administrative Tools > Remote Desktop Services and click “Remote Desktop
Session Host Configuration”
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
• Right click ICA-TCP in the middle of the screen and click Properties. You should be able
to follow the instructions above on the Sessions and Log on Settings tabs. So this on any
server you will use for hosting Load Tested applications.
• After the handy message about server settings, enter your password to get to the main
interface.
• The last step is to license it, or you will only have a 30 day 15 user license (which is not
of much use). Click the Licenses menu and select License Server Configuration.
You are now ready to do load testing! The next high level next steps are
• Create usernames to perform the load testing – I would create as many users as you will
want to create sessions rather than reuse the same username lots of times. This also gives
you the option to give them mailboxes etc later. Make your life easy though and make
their usernames the same except for an incrementing number on the end and keep the
passwords the same too.
• Create a new EdgeSight test and connect it to an application on your farm (using an ICA
file is one easy way to do this)
• Enter your usernames and passwords
• Record a script for load testing an application. Best practice is to have folders for the
steps – a load section and a log off section with a folder in between set to “Iterate”. This
section can then repeat infinitely until ESLT starts logging users off. If you don’t do this
a long test will see constant logon/logoff activity which can cripple the test.
• Enter figures for how to load the test. Usually, this will consist of a “log on” period
where all your users log in at a realistic rate, a middle period where load is at maximum
(this is a good time to test logon times and application performance of an extra session by
logging on manually) and a short log off period where the tests complete and log off
again.
• If you’re testing Office 2007, you can download very good sample scripts from here:
http://support.citrix.com/article/CTX122568. They’re worth looking at even if you don’t
use them as they’re well done scripts. They can be adapted to work in Office 2003 and
Office 2010 as well.
• Under Display > Counters set up connections to useful perfmon counters on the servers
being monitored – such as
\\servername\Processor(_Total)\% Processor Time
• Run tests – this will spawn many windows on your desktop (only have one user logged
on to the launcher server or they can appear on the wrong session). Usually its best to
right click the stack of windows and click “Show Windows Stacked” to display them
nicely.
• Record the results – screenshots of the “Monitor” section of Display are best though you
can save reports.



Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
AD concepts:
Q. Active Directory Groups
Groups are Active Directory (or local computer) objects that can contain users, contacts,
computers, and other groups. In Windows 2000, groups are created in domains, using the Active
Directory Users and Computers tool. You can create groups in the root domain, in any other
domain in the forest, in any organizational unit, or in any Container class object (such as the
default Users container). Like user and computer accounts, groups are Windows 2000 security
principals; they are directory objects to which SIDs are assigned at creation.
You can nest groups; that is, you can add a group as a member of another group (according to
specified rules—see the section "Mode Governs Nesting Options"). Nesting groups makes it
easier to manage users and can reduce network traffic caused by replication of group
membership changes.
Planning group strategies is an essential part of deploying Active Directory. Before you create
groups, determine the number of domains you will have on your network and which of those
domains (if any) are mixed-mode and which are native-mode:
• Mixed-mode domain. The Windows 2000 operating system installs, by default, in a
mixed-mode network configuration. A mixed-mode domain is a networked set of
computers running both Windows NT 4.0 and Windows 2000 domain controllers. (You
can also have a mixed-mode domain running only Windows 2000 domain controllers.)
• Native-mode domain. You can convert a domain to native mode when it contains only
Windows 2000 Server domain controllers.
Important: Do not change from mixed to native mode if you have, or will have, any Windows
NT 4.0 backup domain controllers (BDCs) in the domain. Changing a domain from mixed mode
to native mode is an irreversible operation.
Both mixed-mode and native-mode domains can contain Windows NT 4.0 member servers and
Windows NT and Windows 9.x clients.
The following sections discuss the structure of groups and how you can use the various groups to
help organize your network:
• Group Type: Security or Distribution
• Group Scope: Local, Domain Local, Global, or Universal
• How Domain Mode Affects Groups
• Windows 2000 Built-in, Predefined, and Special Groups
• Groups on Standalone Servers and Windows 2000 Professional
Group Type: Security or Distribution
Windows 2000 Server has two kinds of groups:
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
• Distribution groups
• Security groups
Although this section is primarily about the role groups play in security, distribution groups are
also briefly described to clarify the difference between the two group types. The next two
subsections describe the characteristics of security and distribution groups.
Distribution Groups
Distribution groups have only one function—to create e-mail distribution lists. You use
distribution groups with e-mail applications (such as Microsoft Exchange) to send e-mail to the
members of the group. As with a security group, you can add a contact to a distribution group so
that the contact receives e-mail sent to the group.
Distribution groups play no role in security (you do not assign permissions to distribution
groups), and you cannot use them to filter Group Policy settings.
Security Groups
In the Windows 2000 operating system, security groups are an essential component of the
relationship between users and security. Security groups have two functions:
• To manage user and computer access to shared resources
• To filter Group Policy settings
You collect users, computers, and other groups into a security group and then assign appropriate
permissions to specific resources (such as file shares and printers) to the security group. This
simplifies administration by letting you assign permissions once to the group instead of multiple
times to each individual user. When you add a user to an existing group, the user automatically
gains the rights and permissions already assigned to that group.
Integral to understanding security groups is the concept of an access token. As explained in the
Introduction, an access token is an object containing the security information for a logon session.
Windows 2000 creates an access token when a user logs on, and every process executed on
behalf of the user has a copy of the token. (A process is software that is currently running.) The
token identifies the user, the security groups to which the user belongs, and the privileges
granted to the user and to the user's security groups. The system uses the token to control access
to securable objects and to control the ability of the user to perform various system-related
operations on the local computer.
If you use an e-mail client that can use Active Directory for address book lookup, or an e-mail
system that uses Active Directory as its directory (such as Exchange 2000), you can also use
security groups to send e-mail to all members of the group. You can add a contact to a security
group, and that contact is sent e-mail along with the other members of the group. However, you
cannot assign rights and permissions to a contact.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
When implementing an administration strategy for security groups, keep the following general
guidelines in mind:
• Small organizations. Some small organizations with a Windows 2000 native-mode
forest will choose to use security groups with Universal scope to manage all their group
needs. For organizations that expect to grow, two alternative strategies are available:
o Use Universal groups initially and then convert to the Global/Local pattern
(described next) recommended for medium to large organizations.
o Some growing small organizations will choose to implement the Global/Local
pattern used by larger organizations from the start. Because groups with universal
scope (and their members) are listed in the global catalog database4, a large
number of universal groups—especially where membership changes frequently—
can cause a lot of replication traffic. If this is the situation, use the guidelines for
medium to large organizations.
• Medium to large organizations. Experience shows that using the approach described
below will help you achieve maximum flexibility, scalability, and ease of administration
when managing security groups. Using Account (global) groups and Resource (local)
groups in the way described here lets you use groups to mirror your organization's
functional structure.
o Put users into security groups with global scope. A global group can usually be
thought of as an Accounts group, that is, a group that contains user accounts.
o Put resources into security groups with domain local (or machine local) scope. A
local group can usually be thought of as a Resource group, that is, a group to
which you assign permissions to access a resource.
o Put a global group into any domain local (or machine local) group in the forest
(this is especially efficient when more than one domain is involved).
o Assign permissions for accessing resources to the domain local (or machine local)
groups that contain them.
o Delegate administration of groups to the appropriate manager or group leader.
Understanding what these guidelines mean requires understanding the different kinds of group
scope, explained in the next section.
Group Scope: Local, Domain Local, Global, or Universal
Both types of group—security and distribution—can have one of three scopes (four when you
include local groups, which exist in Windows 2000 to provide backward compatibility with
Windows NT groups). A group's scope determines the extent to which the group can be nested in
other groups or referenced in DACLs on resources in the Active Directory domain or forest.
Important: In the following discussion of group scope, remember that you assign permissions
only to security groups (not to distribution groups).
By default, when you create a new group, it is configured as a security group with global scope
(in both mixed-mode and native-mode domains).
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
If you have multiple forests, you can place groups (or users—but, typically, you should put users
only into global groups) from any trusted domain into a local or domain local group. You can
establish trust between any two domains in any two forests.
The four possible Windows 2000 group scopes are:
• Groups with local scope (also called local groups)
• Groups with domain local scope (also called domain local groups)
• Groups with global scope (also called global groups)
• Groups with universal scope (also called universal groups)
With some minor differences, domain local and global groups exist in the Windows NT
operating system (where they are called local groups and global groups). Universal groups are
new in Windows 2000. The following subsections describe each type of group scope.
Groups with Local Scope
The local groups used in both Windows NT and Windows 2000 are precursors of and are in
some ways similar to the domain local groups (described next) introduced in Windows 2000.
Local groups are sometimes referred to as machine local groups to contrast them with domain
local groups. Local groups have the following features:
• Mode. Local groups are the only type of local group available in a Windows 2000 mixed-
mode domain. In the case of Windows 2000 native-mode domains, only Built-in groups
have local scope.
• Membership. Local groups can have members from anywhere in the forest, from trusted
domains in other forests, and from trusted down-level domains.
• Permissions. A local group has only machine-wide scope; that is, it can be used to grant
resource permissions only on the machine on which it exists. (Note, however, that local
groups created on a domain controller are available on every domain controller in that
domain and can be used to grant resource permissions on any domain controller in that
domain.)
Groups with Domain Local Scope
Domain local groups, a new feature of the Windows 2000 operating system, have the following
features:
• Mode. Domain local groups are available only in native-mode (but not mixed-mode)
domains.
• Membership. Like local groups, domain local groups can have members from anywhere
in the forest, from trusted domains in other forests, and from trusted down-level domains.
• Permissions. A domain local group has domain-wide scope; that is, it can be used to
grant resource permissions on any Windows 2000 machine within the domain in which it
exists (but not beyond its domain).
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Using Domain Local Groups
Groups with domain local scope are designed to be used in DACLs on a domain's resources.
That is, domain local groups help you define and manage access to resources within a single
domain.
For example, to give five users access to a particular printer, you could add all five user
accounts, one at a time, to the printer permissions list. Later, if you wanted to give the same five
users access to a new printer, you would again have to specify all five accounts in the
permissions list for the new printer. Or, you could take advantage of groups with domain local
scope. To do so, perform the following steps:
1. Create a group with domain local scope, and assign it permission to access the printer
(this is the Resource group).
2. Put the five user accounts into a group with global scope (this is the Accounts group), and
add this global group to the group having domain local scope. (Global groups are
described in the next subsection.)
Now, when you want to give another five users access to this printer, you can simply add them to
the global group that is a member of the domain local group which has permission to access the
printer, and you are done. Doing so gives all five new members of the group access to the printer
in one step. Using domain local groups in this way provides the following benefits:
• Membership of the domain local group is controlled by the administrator(s) where the
resource (the printer) is located, not where the users are—which makes it in line with
how administration is typically done.
• Because a domain local group is associated with an access token built when a member of
that group authenticates to a resource in that domain, unnecessary network traffic
(carrying of membership information) is avoided. (If, instead, you assigned a global
group permission to access the printer, the global group can end up in a user's token
anywhere in the forest, causing unnecessary network traffic.)
Groups with Global Scope
Global groups, effectively the same as Windows NT global groups, have the following features:
• Mode. Global groups exist in both mixed-mode and native-mode domains.
• Membership. Global groups can have members from within their own domain (only).
• Permissions. Although a global group is limited to domain-wide scope as far as
membership goes, it can be made a member of machine or domain local groups or
granted permissions in any domain (including trusting domains in other forests and
down-level domains with which a trust relationship exists). That is, groups with global
scope can be put into other groups in any trusting domain.
Using Global Groups
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Groups with global scope help you manage directory objects that require daily maintenance, such
as user and computer accounts.
Use global groups to collect users or computers that are in the same domain and share the same
job, organizational role, or function. For example, "Full-time employees," "Managers," "RAS
Servers" are all possible global groups. Because group members typically need to access the
same resources, make these global groups members of domain local or machine local groups,
which, in turn, are listed on the DACL of needed resources. Membership of these groups can be
efficiently managed by administrators of user domains, because these administrators are familiar
with the functions and roles played by users and computers in their domain.
Groups with Universal Scope
Universal groups, a new feature of the Windows 2000 operating system, have the following
features:
• Mode. Universal groups are available only in native-mode domains.
• Membership. Universal groups can have members from any Windows 2000 domain in
the forest. (Universal groups can contain members from mixed-mode domains in the
same forest, but this is not recommended. Members from such domains cannot have the
universal group's SID added to their access token because universal groups are not
available in mixed-mode domains. Therefore, troubleshooting access problems would be
difficult.)
• Permissions. Universal groups can be granted permissions in any domain, including in
domains in other forests with which a trust relationship exists.
Using Universal Groups
A small organization can use universal groups to implement a relatively simple group structure.
If you choose to use groups with universal scope in a multi-domain environment, these groups
can help you represent and consolidate groups that span domains. For example, you might use
universal groups to build groups that perform a common function across an enterprise.
Although few organizations will choose to implement this level of complexity, you can add user
accounts to groups with global scope, nest these groups within groups having universal scope,
and then make the universal group a member of a domain local (or machine local) group that has
access permissions to resources. Using this strategy, any membership changes in the groups
having global scope do not affect the groups with universal scope.
A useful guideline is to designate widely used groups that seldom change as universal groups.
The reasons for this approach are explained next.
Group Scope and Replication Traffic
Groups having universal scope—and all of their members—are listed in the global catalog.
Whenever one member of a group with universal scope changes, the entire group membership
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
must be replicated to all global catalogs in the domain tree or forest. Therefore, if you use groups
with universal scope, use them in situations where the membership of the group does not change
frequently.
Groups having global or domain local scope are also listed in the global catalog, but their
individual members are not listed. Using these groups thus reduces the size of the global catalog
and reduces the replication traffic needed to keep the global catalog up-to-date. Therefore, use
groups with global or domain local scope if the group membership changes frequently.
How Domain Mode Affects Groups
As explained above, a mixed-mode domain typically has one or more Windows NT Server 4.0
domain controllers in addition to Windows 2000 domain controllers, although it can have only
Windows 2000 domain controllers. A native-mode domain can have only Windows 2000 Server
domain controllers. Both mixed-mode and native-mode domains can include Windows NT 4.0
member servers and Windows NT and Windows 9.x clients.
Important: Do not change from mixed to native mode if you have, or will have, any Windows
NT 4.0 backup domain controllers (BDCs) in the domain. Changing a domain from mixed mode
to native mode is an irreversible operation.
Mode Determines Whether You Can Convert Group Types
In a native-mode domain, you can convert a security group to a distribution group and vice versa.
You cannot convert either group to the other in a mixed-mode domain. A Windows NT domain
controller cannot handle group type conversion because it sees only security-enabled groups.
Mode Affects Security and Distribution Groups Differently
Distribution groups are not affected by mode because distribution group membership is not
enumerated at logon. If a process needs to know the composition of the group, it has to ask an
Active Directory server, which, by definition, is a Windows 2000 domain controller.
Whether a domain is native or mixed mode does affect the behavior of security groups. When a
user logs on to a domain account, the user's security group membership is resolved on the
domain controller that handles the logon. In mixed mode, if a Windows NT 4.0 domain
controller handles the logon, then it must be able to enumerate the members of the security
groups to which the user belongs. Thus, the behavior of security groups in a Windows 2000
domain running in mixed mode must match the behavior of security groups in Windows NT 4.0.
Mode Governs Nesting Options
Updates to the Active Directory store must be made in a single transaction. One consequence of
this is that you should not create groups with more than 5,000 members. Because group
memberships are stored in a single multi-valued attribute, a change to the membership requires
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
that the whole attribute—that is, the whole membership list—be updated in a single transaction.
Microsoft has tested and supports group memberships of up to 5,000 members.
Windows 2000 lets you get around this limitation by nesting groups to increase the effective
number of members. Nesting also lessens the amount of network traffic caused by replication of
group membership changes.
Available nesting options depend on whether the domain is in native mode or mixed mode. The
following list describes what can be contained in a group that exists in a native mode domain:
• Groups with universal scope can contain user accounts, computer accounts, other
universal groups, and global groups from any trusted domain.
• Groups with global scope can contain user accounts from the same domain and other
global groups from the same domain.
• Groups with domain local scope can contain user accounts, universal groups, and global
groups from any trusted domain. They can also contain other domain local groups from
within the same domain. (Typically, put user accounts into global groups, not into
domain local groups, then put the global groups into domain local groups, and then assign
access permissions to resources to the local groups.)
Security groups in a mixed-mode domain can contain only the following:
• Local groups can contain global groups and user accounts from trusted domains. (It is not
recommended to put users directly into local groups; instead, put users into global
groups, put global groups into local groups, and then assign permissions to the
localgroups).
• Global groups can contain only user accounts.
Changing to Native Mode Impacts Groups
When a Windows NT primary domain controller (PDC) is upgraded to Windows 2000 Active
Directory, Windows NT local groups become Windows 2000 local groups and Windows NT
global groups become Windows 2000 global groups. When a domain is converted to native
mode, local groups become domain local groups.
When a user is authenticated, an access token is created for the user containing his or her primary
SID, together with the SIDs of any groups he or she belongs to. At the time the domain is
switched to native mode, because domain local groups have domain-wide scope, the SIDs of any
domain local groups of which the user is a member are now added to the user's access token.
Q. FSMO Roles
In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The
five FSMO roles are:
Schema Master:
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
The schema master domain controller controls all updates and modifications to the schema. Once
the Schema update is complete, it is replicated from the schema master to all other DCs in the
directory. To update the schema of a forest, you must have access to the schema master. There
can be only one schema master in the whole forest.
Domain naming master:
The domain naming master domain controller controls the addition or removal of domains in the
forest. This DC is the only one that can add or remove a domain from the directory. It can also
add or remove cross references to domains in external directories. There can be only one domain
naming master in the whole forest.
Infrastructure Master:
When an object in one domain is referenced by another object in another domain, it represents
the reference by the GUID, the SID (for references to security principals), and the DN of the
object being referenced. The infrastructure FSMO role holder is the DC responsible for updating
an object's SID and distinguished name in a cross-domain object reference. At any one time,
there can be only one domain controller acting as the infrastructure master in each domain.
Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a
Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will
stop updating object information because it does not contain any references to objects that it does
not hold. This is because a Global Catalog server holds a partial replica of every object in the
forest. As a result, cross-domain object references in that domain will not be updated and a
warning to that effect will be logged on that DC's event log. If all the domain controllers in a
domain also host the global catalog, all the domain controllers have the current data, and it is not
important which domain controller holds the infrastructure master role.
Relative ID (RID) Master:
The RID master is responsible for processing RID pool requests from all domain controllers in a
particular domain. When a DC creates a security principal object such as a user or group, it
attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same
for all SIDs created in a domain), and a relative ID (RID) that is unique for each security
principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is
allowed to assign to the security principals it creates. When a DC's allocated RID pool falls
below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The
domain RID master responds to the request by retrieving RIDs from the domain's unallocated
RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only
one domain controller acting as the RID master in the domain.
PDC Emulator:
The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003
includes the W32Time (Windows Time) time service that is required by the Kerberos
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
authentication protocol. All Windows 2000/2003-based computers within an enterprise use a
common time. The purpose of the time service is to ensure that the Windows Time service uses a
hierarchical relationship that controls authority and does not permit loops to ensure appropriate
common time usage.
The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of
the forest becomes authoritative for the enterprise, and should be configured to gather the time
from an external source. All PDC FSMO role holders follow the hierarchy of domains in the
selection of their in-bound time partner.
In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions:
• Password changes performed by other DCs in the domain are replicated preferentially to
the PDC emulator.
• Authentication failures that occur at a given DC in a domain because of an incorrect
password are forwarded to the PDC emulator before a bad password failure message is
reported to the user.
• Account lockout is processed on the PDC emulator.
• Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy
found in the PDC Emulator's SYSVOL share, unless configured not to do so by the
administrator.
• The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0
Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.

Q. Transfer Flexible Single Master Operations (FSMO) roles (also known as
operations master roles) by using the Active Directory snap-in tools in Microsoft
Management Console (MMC) in Windows Server 2003
Depending on the FSMO role that you want to transfer, you can use one of the following three
MMC snap-in tools:
Active Directory Schema snap-in
Active Directory Domains and Trusts snap-in
Active Directory Users and Computers snap-in
If a computer no longer exists, the role must be seized. To seize a role, use the Ntdsutil.exe
utility.
Transfer the Schema Master Role
Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use
this snap-in, you must register the Schmmgmt.dll file.


Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Register Schmmgmt.dll
1. Click Start, and then click Run.
2. Type regsvr32 schmmgmt.dll in the Open box, and then click OK.
3. Click OK when you receive the message that the operation succeeded.
Transfer the Schema Master Role
1. Click Start, click Run, type mmc in the Open box, and then click OK.
2. On the File, menu click Add/Remove Snap-in.
3. Click Add.
4. Click Active Directory Schema, click Add, click Close, and then click OK.
5. In the console tree, right-click Active Directory Schema, and then click Change Domain
Controller.
6. Click Specify Name, type the name of the domain controller that will be the new role holder,
and then click OK.
7. In the console tree, right-click Active Directory Schema, and then click Operations Master.
8. Click Change.
9. Click OK to confirm that you want to transfer the role, and then click Close.
Transfer the Domain Naming Master Role
1. Click Start, point to Administrative Tools, and then click Active Directory Domains
and Trusts.
2. Right-click Active Directory Domains and Trusts, and then click Connect to Domain
Controller.

NOTE: You must perform this step if you are not on the domain controller to which you
want to transfer the role. You do not have to perform this step if you are already
connected to the domain controller whose role you want to transfer.
3. Do one of the following:
o In the Enter the name of another domain controller box, type the name of the
domain controller that will be the new role holder, and then click OK.

-or-
o In the Or, select an available domain controller list, click the domain controller
that will be the new role holder, and then click OK.
4. In the console tree, right-click Active Directory Domains and Trusts, and then click
Operations Master.
5. Click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.
Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
1. Click Start, point to Administrative Tools, and then click Active Directory Users and
Computers.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
2. Right-click Active Directory Users and Computers, and then click Connect to Domain
Controller.

NOTE: You must perform this step if you are not on the domain controller to which you
want to transfer the role. You do not have to perform this step if you are already
connected to the domain controller whose role you want to transfer.
3. Do one of the following:
o In the Enter the name of another domain controller box, type the name of the
domain controller that will be the new role holder, and then click OK.

-or-
o In the Or, select an available domain controller list, click the domain controller
that will be the new role holder, and then click OK.
4. In the console tree, right-click Active Directory Users and Computers, point to All
Tasks, and then click Operations Master.
5. Click the appropriate tab for the role that you want to transfer (RID, PDC, or
Infrastructure), and then click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.



Q. Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
Transfer FSMO roles
To transfer the FSMO roles by using the Ntdsutil utility, follow these steps:
1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member
computer or domain controller that is located in the forest where FSMO roles are being
transferred. We recommend that you log on to the domain controller that you are
assigning FSMO roles to. The logged-on user should be a member of the Enterprise
Administrators group to transfer Schema master or Domain naming master roles, or a
member of the Domain Administrators group of the domain where the PDC emulator,
RID master and the Infrastructure master roles are being transferred.
2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
3. Type roles, and then press ENTER.

Note To see a list of available commands at any one of the prompts in the Ntdsutil utility,
type ?, and then press ENTER.
4. Type connections, and then press ENTER.
5. Type connect to server servername, and then press ENTER, where servername is the
name of the domain controller you want to assign the FSMO role to.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
6. At the server connections prompt, type q, and then press ENTER.
7. Type transfer role, where role is the role that you want to transfer. For a list of roles that
you can transfer, type ? at the fsmo maintenance prompt, and then press ENTER, or see
the list of roles at the start of this article. For example, to transfer the RID master role,
type transfer rid master. The one exception is for the PDC emulator role, whose syntax is
transfer pdc, not transfer pdc emulator.
8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.
Back to the top
Seize FSMO roles
To seize the FSMO roles by using the Ntdsutil utility, follow these steps:
1. Log on to a Windows 2000 Server-based or Windows Server 2003-based member
computer or domain controller that is located in the forest where FSMO roles are being
seized. We recommend that you log on to the domain controller that you are assigning
FSMO roles to. The logged-on user should be a member of the Enterprise Administrators
group to transfer schema or domain naming master roles, or a member of the Domain
Administrators group of the domain where the PDC emulator, RID master and the
Infrastructure master roles are being transferred.
2. Click Start, click Run, type ntdsutil in the Open box, and then click OK.
3. Type roles, and then press ENTER.
4. Type connections, and then press ENTER.
5. Type connect to server servername, and then press ENTER, where servername is the
name of the domain controller that you want to assign the FSMO role to.
6. At the server connections prompt, type q, and then press ENTER.
7. Type seize role, where role is the role that you want to seize. For a list of roles that you
can seize, type ? at the fsmo maintenance prompt, and then press ENTER, or see the list
of roles at the start of this article. For example, to seize the RID master role, type seize
rid master. The one exception is for the PDC emulator role, whose syntax is seize pdc,
not seize pdc emulator.
8. At the fsmo maintenance prompt, type q, and then press ENTER to gain access to the
ntdsutil prompt. Type q, and then press ENTER to quit the Ntdsutil utility.

Notes
o Under typical conditions, all five roles must be assigned to “live” domain
controllers in the forest. If a domain controller that owns a FSMO role is taken out
of service before its roles are transferred, you must seize all roles to an
appropriate and healthy domain controller. We recommend that you only seize all
roles when the other domain controller is not returning to the domain. If it is
possible, fix the broken domain controller that is assigned the FSMO roles. You
should determine which roles are to be on which remaining domain controllers so
that all five roles are assigned to a single domain controller. For more information
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
about FSMO role placement, click the following article number to view the article
in the Microsoft Knowledge Base:
223346 (http://support.microsoft.com/kb/223346/ ) FSMO placement and
optimization on Windows 2000 domain controllers
o If the domain controller that formerly held any FSMO role is not present in the
domain and if it has had its roles seized by using the steps in this article, remove it
from the Active Directory by following the procedure that is outlined in the
following Microsoft Knowledge Base article:
216498 (http://support.microsoft.com/kb/216498/ ) How to remove data in active
directory after an unsuccessful domain controller demotion
o Removing domain controller metadata with the Windows 2000 version or the
Windows Server 2003 build 3790 version of the ntdsutil /metadata cleanup
command does not relocate FSMO roles that are assigned to live domain
controllers. The Windows Server 2003 Service Pack 1 (SP1) version of the
Ntdsutil utility automates this task and removes additional elements of domain
controller metadata.
o Some customers prefer not to restore system state backups of FSMO role-holders
in case the role has been reassigned since the backup was made.
o Do not put the Infrastructure master role on the same domain controller as the
global catalog server. If the Infrastructure master runs on a global catalog server it
stops updating object information because it does not contain any references to
objects that it does not hold. This is because a global catalog server holds a partial
replica of every object in the forest.
To test whether a domain controller is also a global catalog server:
1. Click Start, point to Programs, point to Administrative Tools, and then click Active
Directory Sites and Services.
2. Double-click Sites in the left pane, and then locate the appropriate site or click Default-
first-site-name if no other sites are available.
3. Open the Servers folder, and then click the domain controller.
4. In the domain controller's folder, double-click NTDS Settings.
5. On the Action menu, click Properties.
6. On the General tab, view the Global Catalog check box to see if it is selected.




Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
More Questions:
1. Installation Manager: Services dependent
2. Load Manager: Farm metric
3. Isolation : installation command
4. Resource Manager
what are the services running for installation manager
ADF Installer and IMA
dscheck
During migraton which component will you install first
Resource manager



Senario ;

There are 5 sevrers out of which two are in production and the server is in full usage as the
number of users have been increased,and there are 3 more servers added in the farm but no
application is there.
What will you do

The users are not able to view their local printer in the citrix how will you trouble shoot

There are 10 servers,in which client needs 25 application to be installed out of which 15 should
be published and 5 as stream to server and stream to client

Function of a datastore
13. What is ICA and what are the advantage of ICA
14. What is Speed Screen
15. What are the query command in citrix
16. What are the different ports use in Citrix
17. How the licensing works in Citrix and difference in Citrix Licensing version wise
18. What are the console available to manage citrix server
19. What is WebInterface or Nfuse
20. What is citrix secure / access gateway and how its work
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
21. What are the difference between Win2K and 2K3 Terminal server.
22. What is the difference between 2k & 2k3 terminal server licensing
23. What is SBC
24. What is Printer driver replicationa and mapping
25. How to recover when Datastore failing
26. How to recover when IMA failing
27. What is the requirement of Installation Manager and wht kind of extension its support.
28. What are the parameter of Resource Manager
How to change the ica port.
How to change the xml service port.
Moving servers to other zone
Components needed for web connectivity (IIS, Nfuse, SG/MSAM)
Troubleshooting using eventlog
Why is ICA that much faster than RDP ? technological differences
17. How the licensing works in Citrix and difference in Citrix Licensing version wise

18. What are the console available to manage citrix server

19. What is WebInterface or Nfuse

20. What is citrix secure / access gateway and how its work

21. What are the difference between Win2K and 2K3 Terminal server.

22. What is the difference between 2k & 2k3 terminal server licensing

23. What is SBC

24. What is Printer driver replicationa and mapping
6. What is Printer terminology in Citrix
7. How to use datastore for database
8. What is the difference between all citrix versions
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Normal:
• Why does a new desktop get a "dial-up or network problems.." when the OS is win2k
pro, or XP pro.
• why does the spooler service sometimes crash, after staring a printjob?
• How much ssl certificates, do i need to setup a CSG configuration?
• Why does single signon not work, when using NFuse or WI?
• Can you describe your best hardware configuration for a 35 to 40 user server?

Hardcore:
• How do you fight latency, and when is it needed? (pingtimes)
• How does the raid controller need to be set on a terminal server?
• Why does my CSG connection not work, while using a 56 bits versign cert?
• How do you configure a cisco router tcp/ip stack for optimal citrix traffic?




How does Win2K TS Licensing work?
faq48-1925
Posted: 14 May 02 (Edited 5 Jun 02)

Terminal Server and Citrix Metaframe Licensing Document

The following document is to shed some light on the mystery of Microsoft Terminal Server
Licensing. Hopefully this explanation will answer any questions that may arise when the thought
of a Citrix Server Farm is brought up and the Licenses needed to implement a Farm in keeping
with the Microsoft Licensing Agreement Terms and EULA (End User License Agreement).

Also included in this document will be an explanation of terms in regards to what each license is
and its purpose in the scheme of each implementation.

Windows2000 Server License: This is the license that is purchased for the server to run the
Server Network Operating System . This needs to be purchased for EACH Terminal Server that
is being purchased for the Farm.

Windows2000 CAL (Client Access License): This is the license needed to access a
Windows2000 Server from any Workstation. These need to be purchased for each workstation
that will be accessing the Citrix servers no matter what OS the clients PC is running.

Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Windows2000 Terminal Services CAL (Client Access License): This license is required when
attaching to a Terminal Server form ANY OTHER Workstation OS excluding Windows 2000
or Windows XP Professional. Licenses for Windows2000 and Windows XP Professional are
already licensed for access to terminal Services. Licenses for these Workstations will be given
out from a Pool of Built-In licenses on the License Server.

Citrix Metaframe Xpe Server Software with Subscription Advantage: This license is for the
Citrix Metaframe software which increases the functionality and management of the Microsoft
Terminal Server. The starter pack includes all needed software for Load Balancing and
Management as well as 20 End User Licenses. Citrix licenses are concurrent connections to the
Citrix Server rather than Per Server/Seat as Microsoft is. Subscription Advantage is a
maintenance fee that includes Licenses for all current and future Feature Releases which are
functionality add-on’s to the Citrix product.

Logon and Licensing Process:
Windows 2000 Terminal Services requires a Domain Controller or member server to run a
Service called Terminal Server License Service. The purpose of this Service is to issue Terminal
Server CAL’s to all devices connecting to a Windows 2000 server running the Terminal Server
Service. This license is assigned to a client device and stored in the registry on the client device.
There is a HotFix that needs to be installed on the server running the License Service, which
eliminates some of the issues with this. The following is a break down of the process of this
service and it’s functionality with the HotFix installed:

1. The Terminal Server License Service is started on a DC. The install can be found under
Add/Remove programs of any Windows 2000 server.

2. All Terminal Server CAL’s that are purchased need to be added to this server and NOT
directly installed on the Terminal Server running Citrix Metaframe.

3. Upon install, the licenses need to be activated through Microsoft’s Clearing House. This can
be achieved through the Internet or by physically calling them on the phone.

4. There is a HotFix that needs to be installed on the server running the License Service, which
eliminates some of the issues with this process (these will be discussed later in this document).

5. The first time a client attempts to connect to the Citrix Server from a non-Windows2000 or
Windows XP Pro PC, they are assigned a temporary license ‘token’ from the License Service.
This ‘token’ is stored on the Client’s PC in the registry located in
HKLM\software\microsoft\mslicensing.).

6. The second time a client attempts to attach to the server, an attempt is made to upgrade the
validated temporary license token to a full Terminal Server CAL. If no full CAL’s are available,
the temporary CAL will continue to function for 90 days.

7. When the 90 days have elapsed, the client will again attempt to upgrade to a full TS CAL. If
none are available, the connection will be rejected.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..

8. If a full license can be located, the license token takes the place of the temporary token in the
client’s registry. An expiration has been added to each token that is issued. This expiration is set
to a random number of days between 52-89 days of issuance. When a client connects to a
terminal server, the date is checked. If the expiration is within 7 days, the terminal server
connects to the License Server and renews the TS CAL token, giving it another expiration of 52-
89 days. If the License Server is not available, the TS CAL token functions as normal, with the
Terminal Server attempting to replace it at each login.

9. Any TS CAL token that has not been renewed is returned to the group of available license
tokens upon expiration.

10. Any client that is connecting to a Citrix Farm from a PC running Windows 2000 Pro or
Windows XP Pro do not need separately purchased TS CAL’s. When these clients connect, they
are issued a token from License Server from a separate pool of ‘built in’ licenses that are
reserved for clients connecting from an OS that is equal or higher than the OS running on the
Terminal Server. This pool is inexhaustible.



Redundancy:
According to Microsoft, it is best to install and activate Terminal Server License service on
two Domain Controllers in a environment that needs high availability. It is suggested that all
License Tokens be installed on only 1 of the license servers. In the event that the Primary
License Server were to be unavailable, unlicensed clients will still be able to connect with
temporary license tokens from the other License Server.

How it Works for Non-Windows Clients:
Because non-Windows clients do not contain a registry, an alternative solution was developed:
When a non-Windows client connects to a MetaFrame session for the first time, the target
MetaFrame server to which they connect requests a TS CAL from the license server. Then,
instead of passing the TS CAL to the non-Windows client, the CAL is stored in that MetaFrame
server's registry, beneath
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\MSLicensing\. Whenever the non-Windows
client returns to that MetaFrame server, no license request is necessary because the license
already exists in that MetaFrame server's registry.
If the same non-Windows client then connects to a second MetaFrame server in the same
domain, the second MetaFrame server requests a CAL from the license server as before.
However, because the license server has already issued a CAL for that client, the same CAL is
re-issued to the second MetaFrame server. This scenario assumes that all MetaFrame servers
share a single common Terminal Services Licensing server.
In both cases, the non-Windows ICA Client is not reached by the Terminal Services License
server directly. The target MetaFrame server requests a TS CAL from the license server on the
client's behalf and then retains a copy of the TS CAL for future use. Over time, all MetaFrame
servers in a load-balanced farm will contain copies of the TS CALs for all non-Windows clients.

Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Components of Terminal Server Licensing:
1. TS CAL Token: the Terminal Services Client Access License token is issued to the physical
device that is running the Terminal Services client software (in our case…Citrix Metaframe
Client).
2. Terminal Server: the Terminal Server is a Windows 2000 Server machine that has Terminal
Services enabled in application server mode. The Terminal Server provides multiple clients with
access to Windows based applications running on the server. The Terminal Server validates a
client machine’s license token. If the client does not have a license token, the terminal server
requests one for the client from the license server.
3. License Server: the Terminal Services license server is a windows 2000 server machine that
has the TSL components installed. This machine tracks and deploys client license tokens. One
license server can serve multiple terminal servers concurrently.
4. Microsoft Clearinghouse: the Microsoft Clearinghouse is a database that Microsoft maintains
to issue digital certificates for securely installing license tokens. It also issues license key packs
to Terminal Services license server that requests them.

Q. Windows 2008 Features:

Terminal Server 2008's interesting features
Citrix and Microsoft have always been in a quasi-competition in this space ever since Microsoft
announced the first version of Terminal Server in 1997. Since then each release of Terminal
Server has created a new round of fears. And each time Citrix has been able to address those
fears and MetaFrame / Presentation Server / XenApp has gotten stronger and stronger.
So when the rumors of RDP 6 started five years ago, Citrix's response was "What's the big deal?
This is the same battle that we've been fighting since the beginning of Terminal Server."
But I wasn't so sure about that. Sure, I agreed with Citrix in the past. But if you look at the
features that were rumored to be in the Terminal Server plans, they looked scary to Citrix. They
certainly looked like they could take away a significant portion of Citrix's low-end market.
There are charts floating around on the Internet that show a very detailed list of every feature that
Terminal Server 2008 (and Citrix, for that matter) have. But if you boil away the marketing fat,
Terminal Server on Windows Server 2008 has six primary features that could be scary to Citrix:
• TS RemoteApp (a kind of seamless windows / application publishing)
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
• TS Web Access (a web front end for TS RemoteApps)
• TS Session Broker (a load balancer for incoming RDP sessions)
• TS Gateway (an SSL gateway for RDP)
• TS Easy Print (An XPS-based printing solution)
• Windows System Resource Manager (Performance Management)
This is certainly an impressive list--if you don't take the time to learn about how each of these
features actually works. (In other words, according to this list, Citrix is screwed! But according
to anyone who's actually used the product, Citrix has nothing to worry about!)
Let's look at each of these six major new features and compare them to what you get with Citrix
Presentation Server.
TS RemoteApp
On the surface, TS RemoteApp sounds like Citrix's application publishing. True, they both let
you connect to a single application window instead of a full remote desktop. But that's pretty
much where the similarities end. With Citrix, you "publish" applications by configuring groups
of users who are allowed to access individual apps on the server (or a group of servers), and then
the Citrix infrastructure makes sure that the users get access to the shortcuts to start their
applications (either via a desktop-integrated solution or a Web Interface).
In pure Terminal Server, you don't "publish" a RemoteApp per se. Instead, you use the
RemoteApp wizard to create a custom RDP file for a specific application on a specific Terminal
Server. Users can then double-click this RDP file to launch the RemoteApp.
You also have the option to "wrap" that RDP file into an MSI installer package. This installer
package doesn't contain the actual app--it just contains the RDP file, the icon, and any file type
associations. Users can then "install" the MSI (which is small, typically under 100k) to their
Windows desktops. The RemoteApp version of the app shows up in their Add / Remove
Programs and on the start menu. Clicking the icon launches the remote seamless instance of the
app.
So while the RemoteApp "installation" is cool, it's philosophically different than what Citrix is
doing. TS RemoteApp is a method for installing applications locally to workstations, but there's
absolutely no management built in. There's no capability in the TS product to deploy these MSI
files to users or to decide which users get access to which apps. That's something you'll have to
handle externally, like with System Center Configuration Manager (the new name for SMS) or
AD Intellimirror or something.
TS Web Access
In saying that TS RemoteApp has no management or deployment built-in, some people suggest,
"Sure it does. Just use TS Web Access!" But that's not quite it either. TS Web Access (TWSA) is
a very, very basic IIS web site that can provide links to the TS RemoteApp packages on a single
server via a web page.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
So yes, TSWA is easier than figuring out how to install RemoteApp MSIs on your users
workstations. And TSWA is nice because if you add a new RemoteApp to a Terminal Server, it
will automatically be available via the web page.
But there are some big drawbacks. The first is that TSWA does not have any kind of user
authentication or differentiation. The single TSWA site shows all RemoteApps on a server--you
can't show different apps to different users or groups. (Although TSFactory does provide a free
tool called TS RemoteApp Filter that lets you specify which users and groups can see which
RemoteApps via a TSWA site.)
The other main drawback of TSWA is that Terminal Server on Windows 2008 doesn't have a
"farm" concept. When you configure a TSWA site (whether running on IIS on a Terminal Server
or on a standalone web server), your RemoteApps all connect back to a single IP address. So if
you want to have multiple Terminal Servers supporting connections, you need to configure them
in a load balancing group so that they're all available via the same virtual shared IP address. This
might not be that big of a deal, but it also means that all your Terminal Servers need to have the
same RemoteApps installed and should 100% identical.
TS Session Broker
TS Session Broker is the "load balancer" capability of Windows Server 2008 Terminal Services.
It's basically the Session Directory feature of Windows Server 2003 Terminal Services that's
been extended to also work when users connect to new sessions. To use the session broker, you
install the service and configure all of your servers to be part of the same "farm." (Although
Microsoft uses the term "farm" liberally in this case.) Then when an incoming RDP connection is
made, the user authenticates to one of the Terminal Servers, and that server then contacts the
server running the session broker service to see if that user should be redirected to a different
Terminal Server (either because another server has lower load or because the user has an existing
session on another server).
Of course this can be a single-point of failure in your environment, so again, you need to build
two session brokers and then use Windows Network Load Balancing to create a shared virtual IP
address.
The TS Session Broker works well enough, although configuring it is pretty complex. It also has
a drawback in that it only balances new connections based on session count, rather than being
able to use any other perfmon counters.
TS Gateway
One of the challenges of Terminal Server environments has been ensuring that remote RDP
connections are made securely. Windows 2003 Service Pack 1 introduced the capability for RDP
sessions to be encrypted with SSL, but unfortunately that was done on a server-by-server basis.
This meant that each Terminal Server still needed to be directly accessible from outside the
firewall via an FQDN, and each server needed it's own SSL certificate. Citrix solved this
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
problem years ago with their Citrix Secure Gateway (CSG) software-based ICA-over-SSL VPN
product. In Windows Server 2008, Microsoft introduced a similar product called TS Gateway.
TS Gateway works well. It's similar to the IIS-based RPC-over-HTTPS technology from
Windows 2003 for external Exchange users, except of course TS Gateway is "RDP-over-
HTTPS." One of the really cool things about TS Gateway is that it can use Network Access
Protection (NAP), a technology from Microsoft that can allow or deny network access based on
the health of the client device. (This is similar to Citrix's Smart Access.)
TS Gateway is a nice feature!
TS Easy Print
As anyone who's been in this business more than a week knows, printing in server-based
computing environments is a major pain. Microsoft added "fallback" driver support in Windows
2003, allowing users to print to their own local printers without having the model-specific
drivers installed on the Terminal Servers. TS Easy Print takes that to the next level,
leveraging Microsoft's new XPS printing format. While Easy Print is still based on the single-
threaded print spooler and rendering engine on the server (so it more compares with UPD I and
II from the older versions of Citrix), it does work well (as long as your client device is running
Vista or the soon-to-be-released Windows XP SP3). But this is also a nice feature!
Windows System Resource Manager
Rounding out the list of "big six" new features in Terminal Server on Windows 2008 is
the Windows System Resource Manager (WSRM), which is technically not new for Windows
Server 2008 (although there are new resource-allocation policies in 2008 for TS sessions).
WSRM lets you configure policies that define how many system resources specific processes
(and now user sessions) are able to consume. WSRM is not a Terminal Server-specific feature,
although if you know what you're doing you can get a lot out of it. (That's an article for another
day though.)
Conclusion
Six big new features. TS Gateway and TS Easy Print are pretty cool. Web Access, the Session
Broker, and RemoteApp are pretty limited and/or require some serious smarts to make work.
And WSRM can be cool but is certainly not for part-time admins. And all of this is for single-
server environments only, so as soon as you add a second server to your environment, you need
to manually configure everything separately on each server.
This leads to the ultimate question of "When can I use pure Terminal Server, and when do I need
a third-party add-on like Citrix?"
Microsoft has specified that pure Terminal Services can be used for "low complexity"
environments, and that third-party add-on tools should be used for higher-complexity
environments. In some ways this makes sense, and in other ways it's crazy. The low complexity
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
thing makes sense because native Terminal Server 2008 is designed for environments where all
your servers are the same, all users have access to all applications, and you load balance based
purely on user session counts. And in reality, that probably defines 20 or 30% of all existing
Citrix Presentation Server deployments.
But that doesn't mean that Citrix's Presentation Server business is going to instantly drop by 20
or 30%, because in a lot of ways, Terminal Server 2008 is so simple that deploying it in the real
world is more complex than deploying Citrix! You want load balancing? Fine, but you have to
configure a Session Broker then add Terminal Servers to the group then install NLB then
configure a virtual IP address then configure your RemoteApps to point to it then.... Compare
that to Citrix where you just install a second server, point it to your existing data store, and your
done! (And the same example could be used for RemoteApps or Web Access or Gateway.)
I typically think of "low complexity" scenarios as environments that only have part-time TS
admins. (Not that the IT admin is part-time, but that he or she has other IT admin duties and is
not dedicated to TS.) And so in this case, I would think these admins need a server-based
computing product that is as easy as possible to use, and pure Terminal Server on Windows 2008
sure isn't that! (This is what Citrix Access Essentials, or "Presentation Server Lite" is for.)
I recognize that Citrix Presentation Server is so much more than these six features. Management.
ICA performance. Non-Windows clients. Load balancing. Application Publishing. Web
Interface. Smart Access. WAN acceleration. I could go on. But in the context of Terminal Server
on Windows Server 2008, these are the main things that people will be up against.
Finally, I'd be remiss if I didn't mention Ericom. Ericom has a product called PowerTerm
WebConnect that competes against Citrix Presentation Server. Ericom has made the Windows
Server 2008 version of their product available completely for free. It's too early to tell whether
this will have an impact on the market(since no one is really using Windows Server 2008
Terminal Server yet.
Will Windows 2008 Terminal Server plus the free Ericom give Citrix a run for their money?
Probably not in the enterprise space, but this could make things dicey for Citrix Access
Essentials in the "low complexity" market.

Windows Server 2008: Terminal Services new features – Part 1

Terminal Services in Windows Server 2008 were enhanced by many new features. In this post, I
summarized some of the more general improvements. In the next post in this series, I will write
about the TS enhancements related to multi-user mode.These posts are partly a summary of
Mitch Tulloch’s Terminal Services chapter in his Windows Server 2008 book.
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Notice that the distinctions between TS feature types regarding multi-user mode and remote
administration mode are not strict. Also note that some of the new features of the new Remote
Desktop Connection (RDC) 6.0 TS client work with Windows Server 2003, too. For the sake of
completeness I also included them in this post.
Network Level Authentication
The new RDC client authenticates against the server before a Terminal Services session is
established. This reduces the risk of man-in-the-middle attacks. In Windows Server 2008, it is
possible to allow connections only if Network Level Authentication is enabled.
Server Authentication
You can configure the RDC 6 client to warn you to stop the connection process if Server
Authentication fails.
Display Improvements
The maximum display resolution is 4096×2048 now. Furthermore, 16:9 and 16:10 displays are
now supported. You can’t use full screen mode with previous RDC versions. It possible to work
with 32 bit color mode and ClearType font smoothing.
Display Data Prioritization
Keyboard, mouse and display data has a higher priority now than other RDP data. So if you are
transferring a huge file or print a large document using RDP, your desktop won’t freeze,
anymore.
Desktop Experience
Users can work with a desktop similar to the one they know from Windows XP or Vista. The
latter only works together with Windows Server 2008. Desktop Experience is a feature you can
add with Server Manager in Windows Server 2008.
Reliable MSI Packaging
AdminStudio
• Create Reliable MSI Packages
• Cut MSI Packaging Time by up to 70%
• Migrate Applications to Windows 7
• Automated AOK Compatibility Testing
• Convert to App-V 9x Faster
• Centrally Manage Application Porfolio
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Download FREE Trial Now!
Advertisement
Desktop Composition
If the client is a Vista machine you can even use Aero as long as the client’s hardware supports it
and Desktop Experience is installed on the server. However, this only works if the Terminal
Services are running in administration mode or the host is a Vista machine. You can enable
Desktop Composition thru the RDC client’s Experience tab.
Plug and Play Device Redirection Framework
Plug and play devices supporting device redirection can be accessed from a TS session. It would
be nice if this works like USB devices under VMware Workstation. Unfortunately this is not the
case. I just tried it with a relatively new USB stick and it didn’t work, probably because the
driver of the memory stick doesn’t support device redirection.
TS Easy Print
This new feature allows you to use your local printer in a TS session even if the printer driver is
not available on the server. It is interesting to note that TS Easy Print makes use of XPS (XML
Paper Specification), Microsoft’s alternative to PDF.
Single-Sign-On (SSO)
If client and server belong to a Windows domain, you can configure the client to authenticate
against Terminal Services with the same credentials used to logon on the client machine. This
only works if the client runs Windows Vista and the server Windows Server 2008. I have been
waiting for this feature for a long time, already. Unfortunately, the configuration is a bit
complicated. You have to specify all servers for SSO in advance using Group Policy. I rather
preferred a setting in the RDC client configuration for this feature.
Changes in Remote Administration
There are several noteworthy changes with respect to Remote Administration. I will post an
article about this topic soon, since this is the most interesting part for systems administrators.
Most notable is that the distinction between console and terminal sessions has been abolished
more or less and that admins now get a disconnect dialog informing them that someone else is
trying to connect to the server if the two available licenses are already occupied.
Windows Server 2008: Terminal Services new features – Part 2
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
In my first article about the new features of Terminal Services in Windows Server 2008, I
discussed some general enhancements. Today, I will examine the improvements regarding its
multi-user mode.
You probably know that in multi-user mode, users connect via RDP to a Windows server to
work remotely with desktop applications. To configure multi-user mode in Windows Server
2008, you have to add the Terminal Server role with Server Manager. Note: You can try some of
the features discussed here also in single-user mode.
Terminal Services RemoteApp
This feature allows users to launch a single application on a Terminal Server.
That means they don’t get a full blown remote desktop with Start Menu,
Explorer and so on. The application runs on the server, but is more or less
indistinguishable from a desktop application. With the RemoteApp manager, you can configure
which applications you want to deploy this way. You also use the RemoteApp manager to create
a MSI or RDP file which has to be launched on the user desktop. If you worked with Citrix
Metaframe, you know this feature under the term “seamless desktop integration”.
Terminal Services Web Access
In Windows Server 2003, this feature was called Remote Desktop Web Connection. We never
used it because we are working with Citrix Metaframe which has more sophisticated capabilities
in this field. With TS Web Access however, Microsoft is catching up. As far I can see now, its
major enhancement is that TS Web Access can be combined with TS RemoteApp. This way, you
can launch single apps running on a Windows Server 2008 host from a web page. Just click on a
web link and have your Excel 2007 started as if it were running locally. On Vista machines, it is
not necessary anymore to download the RDP ActiveX control, because the RDC 6 client already
supports TS Web Access. On XP machines, you have to install the RDC 6 client first.
Automatic analysis of event logs
Let GFI EventsManager do the dirty work. Have event logs monitored automatically and get
warned about critical events!
Download free trial!
Advertisement
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Terminal Services Gateway
This new feature of Windows Server 2008 enables you to connect to TS by tunneling RDP over
HTTPS (HTTP with SSL encryption). In some cases, this might make VPN superfluous. A nice
feature of TS Gateway is that it works together with NAP (Network Access Protection), another
new feature of Windows Server 2008. So you can restrict TS access to certain constraints such as
the availability of updated antivirus software on the client. This is an interesting feature,
considering that users can access local drives in a TS session.
Terminal Services Licensing
TS Licensing offers two new interesting features. For one, you can now also issue Per-User TS
CALs. Windows Server 2003 only supports Per-Device licenses. Second, it is possible now to
revoke CALs. However, this only works for Per-Device licenses. Another restriction is that the
number of devices in revoked state cannot exceed 20 percent. A device is in revoked state, if its
TS CAL was reclaimed by an admin. It stays in this state until the original expiration period is
expired. This restriction shall prevent misuse of the revocation feature.
Terminal Services WMI Provider
Like many other components in Windows Server 2008, TS WMI (Windows Management
Instrumentation) offers many enhancements. Most interesting is that you can now write a script
that monitors the usage of TS licenses and informs you if certain thresholds are met.
Terminal Services Session Broker
The TS Session Broker (formerly called TS Session Directory) allows users to reconnect to a
certain server in a load-balanced Windows Server terminal server farm. New in Windows Server
2008 is that TS Session Broker already includes load balancing. So you don’t need Microsoft
Network Load Balancing (NLB) or a third-party load balancer. Another change is that the TS
Session Broker is now available in the Standard Edition of Windows Server 2008. TS Session
Directory required at least Windows Server Enterprise Edition.
Terminal Services Draining
Did it ever happen to you that you sent messages to TS users because you had to reboot the
server, but they just ignored your request to log off? And even if they gave in, usually new users
tend to logon just at that very moment where you were about to push the reset button. You could
prevent new logons with the chglogon.exe /disable command. However, this also prevents users
from accessing a disconnected TS session to save their work. The so-called drain mode in
Windows Server 2008 solves this problem. Chglogon.exe /drain only prevents users from
logging on if they have no disconnected session on the Terminal Server and administrators are
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
still allowed to logon using mstsc /admin. You can also set TS in to drain mode with the TS
Configuration UI.

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close