Professional Documents
Culture Documents
Current Setup: Q) Sample Setup A) Per Zone Config: Citrix Interview Questions
Current Setup: Q) Sample Setup A) Per Zone Config: Citrix Interview Questions
Current Setup:
Q) Sample setup
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Options:
To change .INI file mapping: (administrator rights required)
CHANGE USER /INSTALL Enable install mode. This command has to be run before
installing any new software on a Terminal Server.
This will create a .ini file for the application
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Metaframe XP vs PS 4.0
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
• Full policy-based integration with the SmartAccess capabilities of the Citrix Access
Gateway 4.0.
• License sharing between UNIX and Windows editions of Presentation Server
(MetaFrame for UNIX has also been updated to PS4)
Pre-requisite for Citrix PS 4.5:
Citrix Presentation Server for Microsoft Windows Server 2003, 32-Bit Edition
• Operating systems:
Windows Server 2003 (Standard, Enterprise, or Datacenter Edition) with Service Pack 1 or 2 installed
Windows Server 2003 R2
• Disk space requirements:
400MB for Citrix Presentation Server, Enterprise Edition
50MB for the Presentation Server Console
25MB for the Access Management Console
35MB for the Document Center
• Terminal Services running in application mode
• Java Runtime Environment Version 1.5.0_09
• If you do not have this installed, Autorun.exe prompts to install it for you
• Alternatively, you can cancel the installation and install JRE manually from the
Support\JRE1.5 folder on the server installation CD for Citrix Presentation Server
• .NET Framework Version 2.0
• If you do not have this installed, Autorun.exe prompts to install it for you
• You can also install .NET Framework Version 2.0 manually from the Support\dotNet20 folder
of the Citrix Presentation Server CD or image
Note: If you use HP ProtectTools in your environment, install them before installing Citrix Presentation Server.
Q. INSTALLATION MANAGER :
Application Isolation
The isolation environment protects the operating system and applications from
conflicts and other complications that frequently occur between incompatible or
legacy applications. The isolation environment creates an environment or userspecific
copy of the system resources modified by the published application
during installation or runtime. This allows the application to function without
affecting the rest of the system.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
AIESETUP
Use aiesetup to install an application into an isolation environment. Run the command within
the application directory in cmd prompt.
Syntax
aiesetup [/d] [/n] [/q] [/64] [/w] AIE_Name Setup_application [application
parameters]
aiesetup [/e] AIE_Name
aiesetup [/?]
Parameters
AIE_Name
The name of an isolation environment.
Setup_application
The name of an application installer, such as an .msi, to run. You can also
append any parameters that the installer is required to process at runtime.
When using aiesetup with an .msi file, use msiexec.exe with the /i option.
Resource Manager
Resource Manager , configured in the Presentation Server Console, which tracks and stores
information about a wide variety of system and network processes and events. These are known as
metrics. If the value of a metric falls outside normal limits, Resource Manager can inform you. When
installed, it automatically creates a set of default metrics and assigns limits to define the normal
operation of each one.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
The Farm Metric Server interprets metrics that apply to the entire server farm (for example,
application counts) and sends alerts when required. By default, the first server on which you install
Resource Manager becomes the Farm Metric Server. If necessary, you can change the Farm Metric
Server to a different computer after installation.
Purpose of zones
Zone is subset of Farm and is designed so that we could use Farm as a unit. Zone
has server members and one of them is ZDC (Zone Data Collectors) in each zone.
These ZDCs communicate between zones. Zones are very help ful in controlling
traffic.
Preferences of zone DCs (most, preferred...)
This is done so that user accessing an application is directed to least busy server.
The PCL5c UPD driver, originated in MetaFrame XP, Feature Release 3, is based on the HP Color LaserJet
4500, is 600 dpi, and supports color.
The PCL4 universal driver, originated in MetaFrame XP, Feature Release 2, is the native Windows HP
LaserJet Series II driver, monochrome, and 300 dpi.
Naming
For example:
From “HP Color Laser Jet 4500 (MetaFrame PCL5c Universal Driver)” to just “MetaFrame PCL5c Universal
Driver” for demonstration purposes.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
A: The part in parentheses is strictly an annotation we add to help administrators to identify the UPDs from all
of the other Windows printer drivers. This is not actually part of the name.
So the actual name of the driver is “HP Color LaserJet 4500.” This driver is a stock Windows printer driver
that comes with Windows by default.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
The universal drivers are installed and treated like any other Windows print driver. MetaFrame XP Feature
Release 3 changes the driver list in the Management Console so the universal drivers have a special icon and
tag line.
The key
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\UniversalPrintDrivers\
Value:DriverList
Data of Type REG_SZ: EMF(Presentation Server 4.0 and 4.5) PCL4;PS;PCL5c.
Example: In MetaFrame XP Feature Release 3, if you remove PCL5c, the printer is mapped as PCL4. Certain
MetaFrame version can toggle this functionality by altering the Feature Release level.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Notes:
If EMF is removed, restart the Citrix Print Manager Service. A customer was publishing the RDP Client from
the Presentation Server 4.5 and then connecting to both Citrix and non-Citrix Terminal Servers. The printers in
the second hop were not creating.
The creation of the UPD requires that the appropriate feature release is set and the server is obtaining the
corresponding feature release license. If these conditions are not in place, an attempt to manually map the UPD
printer as outlined in CTX681954 - Troubleshooting Citrix ICA Printer Autocreation will not show the UPD
printer as an option.
If you leave only PS, no printer is mapped. The “PS” universal driver is intended for use with UNIX Clients,
where Postscript is the default printer control language.
You do not need a PCL-compatible printer/driver to take advantage of the PCL5c or PCL4 universal printing
feature. The PCL interpreter, Pcl4rast.dll, is built into the Win32 and Macintosh Clients (version 6.20 or later).
The PCL print streams generated by these server-side drivers are interpreted by our client software,
VDSPL30N.dll, and rendered locally on the client utilizing the printer drivers and operating system of the
client device. To summarize, all the PCL UPDs need a working printer/driver on the client device. Local
printers or clients that are unable to support the basic features of the UPD drivers functionality may not print
correctly.
Presentation Server 4.0 and 4.5 uses a client-side EMF metafile handler, EMFRENDR.dll, and a client-side
EMF interpreter, VDSPL30N.dll. These features are available in the ICA Client for Windows version 9.0 and
later. The EMF handler captures the data of the inbound spool file into the user’s temp directory and launches
CPVIEWER.exe (responsible to interpret the EMF spool files by playing back each record) to preview and
print this file.
Issues related to the native PCL5c Windows driver that MetaFrame XP uses, may cause minor corruptions in a
limited subset of documents when printed through UPD. However, the version that ships with Windows Server
2003 seems to have fewer problems. Therefore, it is advisable to have the customer upgrade their Windows
2000 server driver with the version that ships with Windows Server 2003.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
CTX114755 – CPVIEWER Consumes Memory and Freezes the Local Workstation When Using the Universal
Print Driver
CTX109149 – Error: The spool data received does no appear to be a Windows Server EMF spool file. ... No
Printouts Appear When Using EMF Printing
CTX118131 – Current Known Issues about Garbled Printing with EMF-based Citrix Universal Printer.
CTX118554 – XenApp 5.0 Univeral Print Driver Defaults to EMF Printing in Windows 2008
2. The spooler service is set other than “local system” or account that is installing MetaFrame XP.
3. Console Error, Digital Signature Not Found. This is unusual because the HP LaserJet Series II driver is
signed. A policy that disallows the addition of print drivers may be configured
Print Jobs Appear to have an Increased Size when using the UPD with MetaFrame XP and MetaFrame
Presentation Server 3.0
Autocreated/universal print driver (UPD) printers have a smaller print job size on a MetaFrame server, which
is in PCL4/5c format. The PCL4/5c format is suitable for network transmission because of its small payload.
However, when the print job reaches the client, the print job is rasterized, thus creating a larger print job. In the
case of Hewlett-Packard and other native printer drivers, the print job created on the MetaFrame server is
usually in EMF format but is converted to a native printer format on the client. Depending upon the efficiency
and architecture of the native printer driver, the size of the EMF print job may be larger than the native format
and vice versa.
1. The job is created in PCL format on the server by the universal print driver.
The result is that the bitmap image of PCL data in the client printer spooler is larger then the PCL data sent
across the network to the client. This permits optimizing the bandwidth that is available between the client and
server, but printing the job with the UPD could be slower when the print job reaches the client. The UPD is
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
best suited for print driver management, bandwidth utilization, and autocreating client printers but does not
support special printing features such as double-sided printing.
2. If a known server is “working” and one is “broken,” attempt to replicate/import the UPD from the working
server to the non-working server.
3. Is the server licensed and the appropriate feature release level set correctly?
4. Ensure the UPD is installed and no policies are preventing the installation of printer drivers.
5. Ensure the Version 7.0 client or latter is being used for the MetaFrame Feature Release 3 UPD and that the
Pcl4rast.dll is present on the client machine.
6. Ensure the Version 9.0 client or greater is being used for the MetaFrame Feature Release 3 UPD and that the
EMFRENDR.dll is present on the client machine.
7. CTX111308 – Session Printers Assigned Through a Policy Are Not Using the Citrix Universal Print Driver
Setting the UPD for All, Except a Few Printers (MetaFrame XP Feature Release 3)
This is addressed in CTX105385 - Error: Client autocreation printer failure - Print driver not allow based on
compatibility list and Event ID 1104
Alternate Method:
1. Select Use Universal Driver only if Native Driver is Unavailable in the Management Console.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
3. For printer drivers that are never to be used, add the names of any of these drivers to this list:
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Q262202
Q239536
Q180545
Q259574
Q234270
1. Connect a printer locally to the MetaFrame server and select the HP LaserJet Series II or current UPD alias
driver in the Add Printer wizard.
2. If you cannot connect this printer to the server, browse and connect to a shared network printer and modify
the driver on the Advanced tab of the Explorer’s printer properties dialog box.
3. Create an alias UPD printer and set the port as FILE, run the application, and print to the alias UPD printer.
4. Verify how the application behaves when executed on the console with the same driver that is used by the
UPD.
5. Do any other similar print outputs in other applications experience the same behavior as the UPD?
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
6. Do print jobs from the applications experience any issues when mapped to the same driver as the client
device?
7. When printing certain forms using the universal print driver, the page does not print as displayed?
8. When printing using Version 2.0 of the universal printer driver with custom in-house fonts, the print job
renders an incomplete print, especially when using large font sizes. This fix offers a workaround by allowing
you to disable print optimization in the printer settings. To do this, you must set the following registry key:
HKEY_LOCAL_MACHINE\Software\Citrix\UniversalPrintDrivers\PCL5c
Name: DisablePrintOptimizations
Type:REG_DWORD
Data=1
[From MPSE300R05W2K3006][#128201]
Cause
The application is directly inserting PCL of its own origin into the print stream using the form overlay
capability of the PCL language. The PCL form overlay feature can be accessed through an escape function
provided by most PCL5 printer drivers, the 4500 driver included. It basically allows an application to insert
arbitrary PCL directly into the print data stream.
Resolution
Configure the application to use strictly GDI rendering instead of PCL EscapePassThrough or the standard
device driver’s instead of the universal print driver.
The margins presented by the new universal driver, HP Color LaserJet 4500, are different. However, the
bitmap-to-page registration algorithm is unchanged. Because MetaFrame XP Feature Release 2 uses the HP
LaserJet Series II driver, the nonprintable region of a Series II printer is ¼-inch on each side of the page.
Citrix uses the UPD as a proxy driver on the server and the non-printable region of the client printer is most
likely going to be different. Therefore, the real nonprintable area of the printer may be larger than that of the
universal driver. A print job where the application places data on the page near the printable limit of the UPD
may drop out on the printed page because it falls outside the printable limit of the underlying client printer.
The Citrix Universal Printer is an auto-created printer object that uses the Citrix Universal Print Driver
and is not tied to any specific printer defined on the client. Once implemented, it is available in all sessions that
use the 32-bit Windows client. It is also independent of any printing policies defined in the management
console or elsewhere, and therefore, it is possible to implement the Citrix Universal Printer with other auto-
created printers, session printers, and/or non-Citrix defined printers (as well as by itself). It auto-creates in a
standard fashion with the name “Citrix UNIVERSAL Printer” as shown below:
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Note: The Citrix Universal Printer does not auto-create when using the policy to “Create old-style client
printers” as explained in the following document:
When users print to this printer within their sessions, the standard action is to automatically send the job to the
default printer specified on the Windows client machine. This behavior can be modified to allow printing to
any client-defined print device by going to the Preferences of the auto-created Citrix Universal Printer either
within the print dialog of the application or from within the Printers folder and choosing Preview on client as
seen in the following screen shot:
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
When this option is adjusted on the Preferences of the Citrix Universal Printer from within the Printers folder
on the server, the setting is retained in the user’s profile and set in future sessions as per the Printer Properties
Retention Policy.
Printing to the Citrix Universal Printer with this option selected brings up the Enhanced Metafile (EMF)
Viewer (CPViewer.exe) on the Windows client with a preview of the print job. The user can then select the
client printer they wish to use just as if they were printing from any other local application.
Note: It is possible to modify the default behavior and force the Preview on client option to be selected for
either all auto-created Citrix Universal Printers or all auto-created printers using the Universal Print Driver
(including the Citrix Universal Printer). For more information, refer to the following document:
CTX114287 – How to Enable Preview on a Client as the Default for Citrix Universal Autocreated Client
Printers
For environments that do not have additional printer requirements, creating only the Citrix Universal Printer
within each session instead of one printer for each underlying client printer can provide substantial
performance savings on the XenApp server. To realize these savings, the administrator should choose to
disable client printer auto-creation through a policy from within the management console.
Procedure
The steps described below explain how to auto-create the generic Citrix Universal Printer in user sessions. This
is separate from any other available printers that may or may not be defined by policies in the management
console.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Caution! This fix requires you to edit the registry. Using Registry Editor incorrectly can cause serious
problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems
resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure
to back up the registry before you edit it.
1. Add the following registry key to each server if not already present:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Print
2. Create a DWORD called DefaultPrnFlags with a hex value of 0x00000020. If the DWORD already exists
with a specified value, add this hex value to the current hex value.
The Citrix Universal Printer should now auto-create in all ICA sessions established to the XenApp server from
this point forward.
Note: An incorrectly set DefaultPrnFlags value can prevent printer auto-creation entirely.
Typically 'client lockdown' is the process of securing an endpoint so that the user can only
access authorised features. An example of this would be turning the device into a 'Thin Client'
by locking it down so that an end user can only connect to published apps or desktops and can
not use other features.
PN Client and go to Tools->ICA Settings->Hotkeys Tab. CTRL+ALT+DEL hotkey is
Ctrl+F1. So if you add that hotkey combo into the default.ica file in WebInt, it will give users
the ability to lock their Citrix sessions by hitting Ctrl+F1 and walk away from the thin client.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Hotkey6Shift=Alt
Hotkey7Char=plus
Hotkey7Shift=Alt
Hotkey8Char=minus
Hotkey8Shift=Alt
Hotkey9Char=F3
HotKey9Shift=Ctrl
Hotkey10Char=F5
HotKey10Shift=Ctrl
Hotkey11Char=plus
Hotkey11Shift=Ctrl
Hotkey12Char=plus
Hotkey12Shift=Ctrl
Hotkey13Char=plus
Hotkey13Shift=Ctrl
Note: Be sure to place all of the hotkey listings into the file.
Q. What is Printer terminology in Citrix
Client Printer: The printer connected to the Worksation & the drivers are installed on the citrix
server for printing.
Network Printer: The Printer connected to the print server & the drivers should be available on
the citrix server.
Local Printer: The prinetr connected to locally to the citrix server & the driers are installed for the
print operation.
1. Farm Level
2. Citrix Server Level
3. Policy.
11. What you will check when any user is not able to launch citrix application.
1) First try to launch same application from Citrix server(on which you installed and published)
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
5) Verify that user is having correct proxy settings to connect to your Citrix network (for remote
users)
The Main differences b/w Citrix Metaframe and Windows 2000 TS/RDP
Citrix Windows 2000
Terminal
Feature Metaframe Services
Available client
DOS X
Macintosh (Motorola, PowerPC) X
UNIX (Solaris, Sparc, X386, DEC) X
Set-top devices X
Mobile handheld devices X
Client features
Automatic drive redirection X
Seamless windows X
Bitmap caching X
Transport protocols
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
IPX X
SPX X
NetBeui X
Client multi-media
16-bit stereo (WAV, MIDI, AVI) X
Connections
Direct serial connection (asynch) X
Direct dial-up X
Local device support
COM port redirection X
Speed Screen Latency Reduction (referred to as SLR throughout the rest of this document) is
a collective term
used to describe two separate technologies, namely Local Text Echo and Mouse Click
Feedback, which help
enhance the user experience over a high latency connection.
_ Local text echo: On high latency connections, users often experience significant delays
between when they
enter text at the keyboard and when it is echoed or displayed on the screen.
Local text echo is the technology that accelerates the display of the input text on the client
device, effectively
shielding the user from experiencing latency on the network.
_ Mouse click feedback: On high latency connections, users often click the mouse multiple
times because there
is no visual feedback that a mouse-click resulted in an action.
Mouse click feedback provides visual feedback for mouse-clicks. When the user clicks the
mouse, the ICA
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Client immediately changes the mouse pointer to which indicates that the user’s input is being
processed
in the background. When the mouse click has been processed at the server, the client reverts
the cursor to its
previous form, indicating to the user that the mouse click has been processed.
data store can be recreated by the *.mdb file which is located at program
files/Citrix/Indipendent Architectute Management
this file can be moved to another server and a data base connectivity and be created using
ODBC and creating a *.dsn file.
There can be a number of reasons why the IMA Service appears not to have started including the
following:
If there is no value specified in the CurrentlyLoadingPlugin portion of the above Windows Registry
entry then either the IMA Service could not connect to the data store or the local host cache is missing
or corrupt.
If a CurrentlyLoadingPlugin value is specified the IMA Service made a connection to the data store
and the value displayed is the name of the IMA Service subsystem that failed to load.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
If administrators see an “IMA Service Failed†error message with an error code of 2147483649
when starting the MetaFrame XP Presentation Server the local system account might be missing a
Temp directory which is required for the IMA Service to run.
To gain further insight into the situation change the IMA Service startup account to the local
administrator and restart the server. If the IMA Service is successful in starting under the local
administrator’s account then it is likely that a missing Temp directory for the local system account
is causing the situation.
If the Temp directory is not present then manually create one as >Temp. For example:
C:WinntTemp
Also verify that the TMP and TEMP system environment variables point to the temporary directory.
Restart the server to restart the IMA Service
Q. What is the requirement of Installation Manager and wht kind of extension its support ?
Installation Manager is a powerfull feature in Metaframe XPe that facilitates the rapid installation
of applications and other software components.
Installation manager let you install applications other software components to any or all available
servers in your farm-attended or unattended-using any metaframe XP server on the network
regardless of physical location network connection type or hardware set up.
Tsdiscon.exe
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Tsshutdn.exe
Tskill.exe
Rwinsta.exe
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Rwinsta.exe resets the session subsystem hardware and software to known initial values.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Q. What is Datastore
A computer that stores dynamic data for one zone in a farm. Examples of dynamic data
include current server load, the number of current user sessions, and the applications currently
running in user sessions on a specified server. Most Preferred, Preferred, Default Preference, Not
Preferred.
Q. What is LHC
A local subset of the server farm data store information. This file is present on all
XenApp servers.
When the citrix license server is down, how long will the existing citrix session work, with
the information from the LHC ?
Licensing information is not in LHC - Grace Period fpr License Server is 30 days
It is stores in c:\program files\citrix\MPS-WSXICA_MPS-WSXICA.ini
Every citrix server has a copy of the LHC, and works as a backup, if the datastore goes down.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
If the datastore goes down. Is it possible to launch the CMC, from the information in the
LHC ?
You can launch PSC und AMC but changes are not possible
Issues pertaining to LHC:
1) Refreshing the Local Host Cache
If the IMA service is currently running, but published applications do not appear correctly in
ICA Client application browsing, force a manual refresh of the local host cache by
executing dsmaint refreshlhc from a command prompt on the affected server. This action forces
the local host cache to read all changes immediately from the data store.
A discrepancy in the local host cache occurs only if the IMA service on a server misses a change
event and is not synchronized correctly with the data store.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
You prioritize policies by giving them different priority numbers. By default, new policies are
given the lowest priority. If policy settings conflict, a policy with a higher priority (a priority
number of 1 is the highest) overrides a policy with a lower priority. Rules are merged according
to priority and the rule’s condition; for example, whether the rule is disabled, enabled, or not
configured. Any disabled rule overrides a lower-ranked rule that is enabled. Policy rules that are
not configured are ignored and do not override the settings of lower-ranked rules.
When you create policies for groups of users, client devices, or servers, you may find that some
members of the group require exceptions to some policy rules. To more effectively manage
exceptions, you can create new policies for only those group members needing the exceptions,
and then rank that policy higher than the policy for the entire group.
Q. What you will check when any user is not able to launch citrix application ?
a) First try to launch same application from Citrix server(on which you installed and
published)
5) Verify that user is having correct proxy settings to connect to your Citrix network (for remote
users)
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Q. What is IMA ?
Metric Status
When viewing metrics, each specific metric has an icon whose color corresponds to the state of
the metric. Each metric type, both for published applications and servers, has six possible states,
as outlined below:
Green. The metric is operating within its acceptable limits as configured in its properties.
Yellow. The metric has exceeded the limits of the green state and switched to yellow, having
exceeded the time and value limit threshold you configured.
Red. The metric has exceeded the time and limit thresholds of the yellow state and switched to
red. Any configured SNMP, SMS or email alerts have been sent.
Blue. The metric has been added, but it has not yet been configured, so it can't change color. This
blue status will not change until you edit the properties of the metric and configure it for use.
Gray (Paused). The metric has entered a "snooze" state, manually invoked by an administrator.
During this snooze period the metric will not activate any red alarms, and yellow and red
conditions will not cause the metric to appear in the watcher window. However, during this
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
snooze state, the metric is still active and it is still collecting data. The metric will exit the snooze
state and become green, yellow, or red, after a preconfigured amount of snooze time has passed,
as configured in the metric's properties.
Black (Stopped). The metric has entered a "sleep" state, manually invoked by an administrator.
During this sleep period, the metric will not activate any red alarms. Also, yellow or red
conditions will not cause the metric to appear in the watcher window. However, during this sleep
state, the metric is still active, and it is still collecting data. The metric will not exit the sleep state
until it is manually "woken up" by an administrator.
Metric Options
In addition to the colored status indicators of a metric, you can configure the metric options by
right-clicking on the metric's name. These options include:
• Snooze. This is where you set the metric to the "snooze" state, silencing any red or yellow
conditions. The snooze state is temporary, and the snooze time is configurable in the metric
properties. This is thought of as "pausing" a metric.
• Sleep. This is where you set the metric to the "sleep" state. Like the snooze state, the sleep state
will silence red or yellow conditions. However, unlike the snooze metric which is temporary, the
metric will remain in the sleep state indefinitely until you manually wake it up. This is thought of
as "stopping" a metric.
• Real time graph. This option displays a real time graph of the metric's values, updated every 15
seconds. This graph is similar to the graphs available in Performance Monitor. You can also view
this graph by double-clicking on a metric in the CMC.
• Properties. This is where you configure the specific behavior of a metric (such as the parameters
for going red, yellow, or green). See the "Metric Properties" section of this chapter for more
information.
• Add/Remove Metric. This option allows you to add additional metrics to the server to be
monitored. There is no limit to the total number of metrics that can be added.
Q. Resource Manager:
Resource Manager collects, displays and stores data about system performance, applications or
process use.
Citrix RM definitely has some overlap with Performance Monitor, but adds some extra
functionality to it.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
• Real Time Watcher, on the monitored counters (called Metrics within Resource Manager) you
can assign two thresholds (warning and error). If these thresholds are exceeded Resource
Manager can warn you via several methods like SMS, E-mail or SNMP.
• Resource Manager can store the collected data for a longer time. This makes it possible to
generate reports based on current and past activity.
• Resource Manager has an option to create billing reports based on self defined costs.
• Resource Manager collects, besides the system counters, also Citrix specific data like Application
usage, User activity and Farm information.
If your infrastructure already contains an advanced monitoring system like Tivoli NetView, HP
OpenView, or CA Unicentre, these solutions provide the Network Manage component. This
component ports the data from Resource Manager to the monitoring system, so the data is also
available in those systems. Citrix also support this functionality for Microsoft Operations
Manager (MOM).
Resource Manager configuration is done via the Citrix Management Console via the Resource
Manager menu option in the left pane.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
The first step should be configuring the Summary Database. This database can be hosted on a
MS SQL or Oracle server. After defining the database you should pick one of your Citrix servers
to host the role Database Connection Server. On this server you should define a Data Source
Name (System DSN) to set up a connection with the database server. If the DSN configuration is
completed the last step is to configure the chosen server as the Database Connection Server. This
is done via the configure button on the Summary Database tab within the Resource Manager
component.
Choose the server you created the system DSN on and specify the database user with this
password. Also choose an update time. At the selected time the database connection server
will store all collected data in the database. This data is stored in a local access database on all
Citrix servers during the day. You can specify the retention period of the data in the database
and, if needed, alert settings for summary database alerts.
As mentioned before, Citrix also collects specific data about the Citrix Farm. This specific data
is collected by one server which has the so called Farm Metric role. The assigning of this role is
done on the Farm Metric Server tab. Within this tab you can configure the primary server and
backup server. If this server is unavailable the role will be assigned to the backup Farm Metric
server automatically.
If you would like to be alerted via SMS, SNMP or e-mail these settings are configured in the tabs
SMS, SNMP and/or Email.
If your company is charging departments, branch office or customers for the usage of the IT
infrastructure, they could use the billing option available in the Resource Manager.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
First you need to define a fee for the environment based on one or more sources, like session
time, CPU, memory and process active time. Secondly you need to define so called Cost Centers.
In these Cost Centers you can add users and or groups which represent an entity which your
company would like to invoice. Via the same Billing TAB the invoices can also be generated.
Configure Metrics
Probably the real time monitoring option is one of the most used options within Resource
Manager. The watcher shows the configured metrics with their current state. These metrics are
configured at the server level in the tab Resource Manager. Right Click on a metric and choose
properties to set the desired values for the metric.
Of course it is very important that the metrics’ thresholds are configured with truthful values and
it is here where a lot of problems usually occur. Lots of companies do not change the thresholds
and get warnings and errors all the time, while the environment looks fine.
So definitely change the threshold values with values that correspond to your environment. To
do this use Resource Manager or Microsoft Performance Monitor to make at least two baselines.
One baseline is an overview of the system usages when no users are connected. The second
baseline is a server with connected users with normal usage as expected/calculated. Use the
second baseline to define your thresholds. Configure the thresholds somewhat higher than the
maximum values which were shown in the baseline.
Also additional metrics can be added for your needs, but do not add too many metrics. Citrix
recommends limiting the amount of metrics to fifty.
I advise monitoring the following counters, because they give a good overview of the total
system performance or important Citrix data:
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Because these settings are on the server level, you can configure different metrics and thresholds
on every server. But in most situations you probably would like to have the same metrics and
thresholds through your whole farm. This can be done in the server metric properties of the
server where you configured all the metrics. Choose Apply to other servers and select the servers
you want to assign the metrics to.
If you would like to monitor the usage of applications you should define this during
the publishing of the application via the Citrix Management Console. This is the only metric
available, so you can just count how many instances of the application are running.
Now the configuration is finished we are ready to really use the Resource Manager. You have
two options that you can really make good use of with the Management Console as a starting
point.
• The Resource Manager tab on the Servers component (in the left pane)
This gives an overall overview of the status of your servers with easy icons (green for below
thresholds, yellow for warning level and red for the error level). If one or more metrics are above
their threshold then the overall server status will also change.
If one or more metrics are above threshold, they will be displayed within the watcher.
When double clicking on the server or metric you will be forwarded to the Resource Manager tab
of that particular server where the metric exceeded the threshold.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Double click the metric to show the real time graph on the specified metric. The specified
threshold is displayed using a yellow (warning) and red (error) line.
Besides the real time monitoring you can also create reports on current activity and historical
usage. Within the Resource Manager just a few simple reports are available. These can be useful
for troubleshooting, but are not reports you can use for analysis or management overviews.
Fortunately Citrix added lots of useful reports in their new Access Suite Console.
If the report within the Access Suite does not fit your needs you can use specified products to
create your own reports. Because the summary database is an SQL or Oracle database you can
directly query the database. One of the most used software products for this kind of task is
Crystal Reports. Citrix has delivered several Crystal Reports templates to get started with this
product. The templates can be downloaded at the Citrix Download Site.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
The version of most software appears to have been incremented with the release of XenApp 6,
and this includes EdgeSight For Load Testing (ESLT) which is now Build 3.6.1.24.
Oddly previous versions of ESLT appear to be a higher build number – the version I was testing
XenApp 5 with was build 5.2 and it shipped with build 5.0. I assume they have reordered their
build numbers! Please note that ESLT is a different program from EdgeSight – they can be
installed on the same machine, but there is no reason as such to do so, and neither application
requires the other to work.
• Get a Windows Server 2008 or 2008 R2 server (I’ve tested XenApp 6 with an R1 server
just fine). You will need a XenApp License server set up too before you can use ESLT
properly. Make sure its got a lot of memory if its going to run a lot of sessions – I have
found to launch more than 100 sessions meant more than 4gb of RAM and of course 64-
bit OS if using Windows 2008.
• Be aware that ESLT actually consists of 2 parts – the Launcher and the Controller. You
would only have one Controller usually to kick off the tests but you could have the
Launcher software installed on several machines to actually launch sessions from lots of
places. This might be better for you if you don’t have a powerful server to run everything
– personally I’ve always used one server for everything which is fine – if its up to it.
• Uninstall any previous version of ESLT.
• Get the folder “Load Testing Services” off the XenApp 6 DVD and copy it to your new
Load Testing server. Or download it from My Citrix.
• Run EdgeSight for Load Testing.msi
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
• Set all three components to install. The “Web Interface XML Service” allows you to
connect to applications more easily without messing about creating ICA files so is good
to have. It doesn’t actually use the Web Interface.
• Enter a really good password
• ESLT WI Support.msi is only needed if you are installing ESLT on a Web Interface
server
• After installation, you can make sure the essential service is started – its the Citrix
EdgeSight Launcher Service and replaces the Launcher application from previous
versions of ESLT
• You can now run the LT Controller from the Start Menu
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
• You will get a handy message about the changes you should make to your Citrix servers
in order to be able to do Load Testing. These are important so don’t ignore them. You
might well not want these settings on your live production servers!
• To implement these settings, log on to your XenApp 6 servers and click Start, All
Programs, Administrative Tools > Remote Desktop Services and click “Remote Desktop
Session Host Configuration”
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
• Right click ICA-TCP in the middle of the screen and click Properties. You should be able
to follow the instructions above on the Sessions and Log on Settings tabs. So this on any
server you will use for hosting Load Tested applications.
• After the handy message about server settings, enter your password to get to the main
interface.
• The last step is to license it, or you will only have a 30 day 15 user license (which is not
of much use). Click the Licenses menu and select License Server Configuration.
You are now ready to do load testing! The next high level next steps are
• Create usernames to perform the load testing – I would create as many users as you will
want to create sessions rather than reuse the same username lots of times. This also gives
you the option to give them mailboxes etc later. Make your life easy though and make
their usernames the same except for an incrementing number on the end and keep the
passwords the same too.
• Create a new EdgeSight test and connect it to an application on your farm (using an ICA
file is one easy way to do this)
• Enter your usernames and passwords
• Record a script for load testing an application. Best practice is to have folders for the
steps – a load section and a log off section with a folder in between set to “Iterate”. This
section can then repeat infinitely until ESLT starts logging users off. If you don’t do this
a long test will see constant logon/logoff activity which can cripple the test.
• Enter figures for how to load the test. Usually, this will consist of a “log on” period
where all your users log in at a realistic rate, a middle period where load is at maximum
(this is a good time to test logon times and application performance of an extra session by
logging on manually) and a short log off period where the tests complete and log off
again.
• If you’re testing Office 2007, you can download very good sample scripts from here:
http://support.citrix.com/article/CTX122568. They’re worth looking at even if you don’t
use them as they’re well done scripts. They can be adapted to work in Office 2003 and
Office 2010 as well.
• Under Display > Counters set up connections to useful perfmon counters on the servers
being monitored – such as
\\servername\Processor(_Total)\% Processor Time
• Run tests – this will spawn many windows on your desktop (only have one user logged
on to the launcher server or they can appear on the wrong session). Usually its best to
right click the stack of windows and click “Show Windows Stacked” to display them
nicely.
• Record the results – screenshots of the “Monitor” section of Display are best though you
can save reports.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
AD concepts:
Groups are Active Directory (or local computer) objects that can contain users, contacts,
computers, and other groups. In Windows 2000, groups are created in domains, using the Active
Directory Users and Computers tool. You can create groups in the root domain, in any other
domain in the forest, in any organizational unit, or in any Container class object (such as the
default Users container). Like user and computer accounts, groups are Windows 2000 security
principals; they are directory objects to which SIDs are assigned at creation.
You can nest groups; that is, you can add a group as a member of another group (according to
specified rules—see the section "Mode Governs Nesting Options"). Nesting groups makes it
easier to manage users and can reduce network traffic caused by replication of group
membership changes.
Planning group strategies is an essential part of deploying Active Directory. Before you create
groups, determine the number of domains you will have on your network and which of those
domains (if any) are mixed-mode and which are native-mode:
Important: Do not change from mixed to native mode if you have, or will have, any Windows
NT 4.0 backup domain controllers (BDCs) in the domain. Changing a domain from mixed mode
to native mode is an irreversible operation.
Both mixed-mode and native-mode domains can contain Windows NT 4.0 member servers and
Windows NT and Windows 9.x clients.
The following sections discuss the structure of groups and how you can use the various groups to
help organize your network:
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
• Distribution groups
• Security groups
Although this section is primarily about the role groups play in security, distribution groups are
also briefly described to clarify the difference between the two group types. The next two
subsections describe the characteristics of security and distribution groups.
Distribution Groups
Distribution groups have only one function—to create e-mail distribution lists. You use
distribution groups with e-mail applications (such as Microsoft Exchange) to send e-mail to the
members of the group. As with a security group, you can add a contact to a distribution group so
that the contact receives e-mail sent to the group.
Distribution groups play no role in security (you do not assign permissions to distribution
groups), and you cannot use them to filter Group Policy settings.
Security Groups
In the Windows 2000 operating system, security groups are an essential component of the
relationship between users and security. Security groups have two functions:
You collect users, computers, and other groups into a security group and then assign appropriate
permissions to specific resources (such as file shares and printers) to the security group. This
simplifies administration by letting you assign permissions once to the group instead of multiple
times to each individual user. When you add a user to an existing group, the user automatically
gains the rights and permissions already assigned to that group.
Integral to understanding security groups is the concept of an access token. As explained in the
Introduction, an access token is an object containing the security information for a logon session.
Windows 2000 creates an access token when a user logs on, and every process executed on
behalf of the user has a copy of the token. (A process is software that is currently running.) The
token identifies the user, the security groups to which the user belongs, and the privileges
granted to the user and to the user's security groups. The system uses the token to control access
to securable objects and to control the ability of the user to perform various system-related
operations on the local computer.
If you use an e-mail client that can use Active Directory for address book lookup, or an e-mail
system that uses Active Directory as its directory (such as Exchange 2000), you can also use
security groups to send e-mail to all members of the group. You can add a contact to a security
group, and that contact is sent e-mail along with the other members of the group. However, you
cannot assign rights and permissions to a contact.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
When implementing an administration strategy for security groups, keep the following general
guidelines in mind:
Understanding what these guidelines mean requires understanding the different kinds of group
scope, explained in the next section.
Both types of group—security and distribution—can have one of three scopes (four when you
include local groups, which exist in Windows 2000 to provide backward compatibility with
Windows NT groups). A group's scope determines the extent to which the group can be nested in
other groups or referenced in DACLs on resources in the Active Directory domain or forest.
Important: In the following discussion of group scope, remember that you assign permissions
only to security groups (not to distribution groups).
By default, when you create a new group, it is configured as a security group with global scope
(in both mixed-mode and native-mode domains).
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
If you have multiple forests, you can place groups (or users—but, typically, you should put users
only into global groups) from any trusted domain into a local or domain local group. You can
establish trust between any two domains in any two forests.
With some minor differences, domain local and global groups exist in the Windows NT
operating system (where they are called local groups and global groups). Universal groups are
new in Windows 2000. The following subsections describe each type of group scope.
The local groups used in both Windows NT and Windows 2000 are precursors of and are in
some ways similar to the domain local groups (described next) introduced in Windows 2000.
Local groups are sometimes referred to as machine local groups to contrast them with domain
local groups. Local groups have the following features:
• Mode. Local groups are the only type of local group available in a Windows 2000 mixed-
mode domain. In the case of Windows 2000 native-mode domains, only Built-in groups
have local scope.
• Membership. Local groups can have members from anywhere in the forest, from trusted
domains in other forests, and from trusted down-level domains.
• Permissions. A local group has only machine-wide scope; that is, it can be used to grant
resource permissions only on the machine on which it exists. (Note, however, that local
groups created on a domain controller are available on every domain controller in that
domain and can be used to grant resource permissions on any domain controller in that
domain.)
Domain local groups, a new feature of the Windows 2000 operating system, have the following
features:
• Mode. Domain local groups are available only in native-mode (but not mixed-mode)
domains.
• Membership. Like local groups, domain local groups can have members from anywhere
in the forest, from trusted domains in other forests, and from trusted down-level domains.
• Permissions. A domain local group has domain-wide scope; that is, it can be used to
grant resource permissions on any Windows 2000 machine within the domain in which it
exists (but not beyond its domain).
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Groups with domain local scope are designed to be used in DACLs on a domain's resources.
That is, domain local groups help you define and manage access to resources within a single
domain.
For example, to give five users access to a particular printer, you could add all five user
accounts, one at a time, to the printer permissions list. Later, if you wanted to give the same five
users access to a new printer, you would again have to specify all five accounts in the
permissions list for the new printer. Or, you could take advantage of groups with domain local
scope. To do so, perform the following steps:
1. Create a group with domain local scope, and assign it permission to access the printer
(this is the Resource group).
2. Put the five user accounts into a group with global scope (this is the Accounts group), and
add this global group to the group having domain local scope. (Global groups are
described in the next subsection.)
Now, when you want to give another five users access to this printer, you can simply add them to
the global group that is a member of the domain local group which has permission to access the
printer, and you are done. Doing so gives all five new members of the group access to the printer
in one step. Using domain local groups in this way provides the following benefits:
• Membership of the domain local group is controlled by the administrator(s) where the
resource (the printer) is located, not where the users are—which makes it in line with
how administration is typically done.
• Because a domain local group is associated with an access token built when a member of
that group authenticates to a resource in that domain, unnecessary network traffic
(carrying of membership information) is avoided. (If, instead, you assigned a global
group permission to access the printer, the global group can end up in a user's token
anywhere in the forest, causing unnecessary network traffic.)
Global groups, effectively the same as Windows NT global groups, have the following features:
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Groups with global scope help you manage directory objects that require daily maintenance, such
as user and computer accounts.
Use global groups to collect users or computers that are in the same domain and share the same
job, organizational role, or function. For example, "Full-time employees," "Managers," "RAS
Servers" are all possible global groups. Because group members typically need to access the
same resources, make these global groups members of domain local or machine local groups,
which, in turn, are listed on the DACL of needed resources. Membership of these groups can be
efficiently managed by administrators of user domains, because these administrators are familiar
with the functions and roles played by users and computers in their domain.
Universal groups, a new feature of the Windows 2000 operating system, have the following
features:
A small organization can use universal groups to implement a relatively simple group structure.
If you choose to use groups with universal scope in a multi-domain environment, these groups
can help you represent and consolidate groups that span domains. For example, you might use
universal groups to build groups that perform a common function across an enterprise.
Although few organizations will choose to implement this level of complexity, you can add user
accounts to groups with global scope, nest these groups within groups having universal scope,
and then make the universal group a member of a domain local (or machine local) group that has
access permissions to resources. Using this strategy, any membership changes in the groups
having global scope do not affect the groups with universal scope.
A useful guideline is to designate widely used groups that seldom change as universal groups.
The reasons for this approach are explained next.
Groups having universal scope—and all of their members—are listed in the global catalog.
Whenever one member of a group with universal scope changes, the entire group membership
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
must be replicated to all global catalogs in the domain tree or forest. Therefore, if you use groups
with universal scope, use them in situations where the membership of the group does not change
frequently.
Groups having global or domain local scope are also listed in the global catalog, but their
individual members are not listed. Using these groups thus reduces the size of the global catalog
and reduces the replication traffic needed to keep the global catalog up-to-date. Therefore, use
groups with global or domain local scope if the group membership changes frequently.
As explained above, a mixed-mode domain typically has one or more Windows NT Server 4.0
domain controllers in addition to Windows 2000 domain controllers, although it can have only
Windows 2000 domain controllers. A native-mode domain can have only Windows 2000 Server
domain controllers. Both mixed-mode and native-mode domains can include Windows NT 4.0
member servers and Windows NT and Windows 9.x clients.
Important: Do not change from mixed to native mode if you have, or will have, any Windows
NT 4.0 backup domain controllers (BDCs) in the domain. Changing a domain from mixed mode
to native mode is an irreversible operation.
In a native-mode domain, you can convert a security group to a distribution group and vice versa.
You cannot convert either group to the other in a mixed-mode domain. A Windows NT domain
controller cannot handle group type conversion because it sees only security-enabled groups.
Distribution groups are not affected by mode because distribution group membership is not
enumerated at logon. If a process needs to know the composition of the group, it has to ask an
Active Directory server, which, by definition, is a Windows 2000 domain controller.
Whether a domain is native or mixed mode does affect the behavior of security groups. When a
user logs on to a domain account, the user's security group membership is resolved on the
domain controller that handles the logon. In mixed mode, if a Windows NT 4.0 domain
controller handles the logon, then it must be able to enumerate the members of the security
groups to which the user belongs. Thus, the behavior of security groups in a Windows 2000
domain running in mixed mode must match the behavior of security groups in Windows NT 4.0.
Updates to the Active Directory store must be made in a single transaction. One consequence of
this is that you should not create groups with more than 5,000 members. Because group
memberships are stored in a single multi-valued attribute, a change to the membership requires
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
that the whole attribute—that is, the whole membership list—be updated in a single transaction.
Microsoft has tested and supports group memberships of up to 5,000 members.
Windows 2000 lets you get around this limitation by nesting groups to increase the effective
number of members. Nesting also lessens the amount of network traffic caused by replication of
group membership changes.
Available nesting options depend on whether the domain is in native mode or mixed mode. The
following list describes what can be contained in a group that exists in a native mode domain:
• Groups with universal scope can contain user accounts, computer accounts, other
universal groups, and global groups from any trusted domain.
• Groups with global scope can contain user accounts from the same domain and other
global groups from the same domain.
• Groups with domain local scope can contain user accounts, universal groups, and global
groups from any trusted domain. They can also contain other domain local groups from
within the same domain. (Typically, put user accounts into global groups, not into
domain local groups, then put the global groups into domain local groups, and then assign
access permissions to resources to the local groups.)
• Local groups can contain global groups and user accounts from trusted domains. (It is not
recommended to put users directly into local groups; instead, put users into global
groups, put global groups into local groups, and then assign permissions to the
localgroups).
• Global groups can contain only user accounts.
When a Windows NT primary domain controller (PDC) is upgraded to Windows 2000 Active
Directory, Windows NT local groups become Windows 2000 local groups and Windows NT
global groups become Windows 2000 global groups. When a domain is converted to native
mode, local groups become domain local groups.
When a user is authenticated, an access token is created for the user containing his or her primary
SID, together with the SIDs of any groups he or she belongs to. At the time the domain is
switched to native mode, because domain local groups have domain-wide scope, the SIDs of any
domain local groups of which the user is a member are now added to the user's access token.
Q. FSMO Roles
In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The
five FSMO roles are:
Schema Master:
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
The schema master domain controller controls all updates and modifications to the schema. Once
the Schema update is complete, it is replicated from the schema master to all other DCs in the
directory. To update the schema of a forest, you must have access to the schema master. There
can be only one schema master in the whole forest.
The domain naming master domain controller controls the addition or removal of domains in the
forest. This DC is the only one that can add or remove a domain from the directory. It can also
add or remove cross references to domains in external directories. There can be only one domain
naming master in the whole forest.
Infrastructure Master:
When an object in one domain is referenced by another object in another domain, it represents
the reference by the GUID, the SID (for references to security principals), and the DN of the
object being referenced. The infrastructure FSMO role holder is the DC responsible for updating
an object's SID and distinguished name in a cross-domain object reference. At any one time,
there can be only one domain controller acting as the infrastructure master in each domain.
Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a
Global Catalog server (GC). If the Infrastructure Master runs on a Global Catalog server it will
stop updating object information because it does not contain any references to objects that it does
not hold. This is because a Global Catalog server holds a partial replica of every object in the
forest. As a result, cross-domain object references in that domain will not be updated and a
warning to that effect will be logged on that DC's event log. If all the domain controllers in a
domain also host the global catalog, all the domain controllers have the current data, and it is not
important which domain controller holds the infrastructure master role.
The RID master is responsible for processing RID pool requests from all domain controllers in a
particular domain. When a DC creates a security principal object such as a user or group, it
attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same
for all SIDs created in a domain), and a relative ID (RID) that is unique for each security
principal SID created in a domain. Each DC in a domain is allocated a pool of RIDs that it is
allowed to assign to the security principals it creates. When a DC's allocated RID pool falls
below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The
domain RID master responds to the request by retrieving RIDs from the domain's unallocated
RID pool and assigns them to the pool of the requesting DC. At any one time, there can be only
one domain controller acting as the RID master in the domain.
PDC Emulator:
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of
the forest becomes authoritative for the enterprise, and should be configured to gather the time
from an external source. All PDC FSMO role holders follow the hierarchy of domains in the
selection of their in-bound time partner.
In a Windows 2000/2003 domain, the PDC emulator role holder retains the following functions:
• Password changes performed by other DCs in the domain are replicated preferentially to
the PDC emulator.
• Authentication failures that occur at a given DC in a domain because of an incorrect
password are forwarded to the PDC emulator before a bad password failure message is
reported to the user.
• Account lockout is processed on the PDC emulator.
• Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy
found in the PDC Emulator's SYSVOL share, unless configured not to do so by the
administrator.
• The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0
Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.
Depending on the FSMO role that you want to transfer, you can use one of the following three
MMC snap-in tools:
Active Directory Schema snap-in
Active Directory Domains and Trusts snap-in
Active Directory Users and Computers snap-in
If a computer no longer exists, the role must be seized. To seize a role, use the Ntdsutil.exe
utility.
Use the Active Directory Schema Master snap-in to transfer the schema master role. Before you can use
this snap-in, you must register the Schmmgmt.dll file.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Register Schmmgmt.dll
1. Click Start, click Run, type mmc in the Open box, and then click OK.
2. On the File, menu click Add/Remove Snap-in.
3. Click Add.
4. Click Active Directory Schema, click Add, click Close, and then click OK.
5. In the console tree, right-click Active Directory Schema, and then click Change Domain
Controller.
6. Click Specify Name, type the name of the domain controller that will be the new role holder,
and then click OK.
7. In the console tree, right-click Active Directory Schema, and then click Operations Master.
8. Click Change.
9. Click OK to confirm that you want to transfer the role, and then click Close.
1. Click Start, point to Administrative Tools, and then click Active Directory Domains
and Trusts.
2. Right-click Active Directory Domains and Trusts, and then click Connect to Domain
Controller.
NOTE: You must perform this step if you are not on the domain controller to which you
want to transfer the role. You do not have to perform this step if you are already
connected to the domain controller whose role you want to transfer.
3. Do one of the following:
o In the Enter the name of another domain controller box, type the name of the
domain controller that will be the new role holder, and then click OK.
-or-
o In the Or, select an available domain controller list, click the domain controller
that will be the new role holder, and then click OK.
4. In the console tree, right-click Active Directory Domains and Trusts, and then click
Operations Master.
5. Click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.
Transfer the RID Master, PDC Emulator, and Infrastructure Master Roles
1. Click Start, point to Administrative Tools, and then click Active Directory Users and
Computers.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
2. Right-click Active Directory Users and Computers, and then click Connect to Domain
Controller.
NOTE: You must perform this step if you are not on the domain controller to which you
want to transfer the role. You do not have to perform this step if you are already
connected to the domain controller whose role you want to transfer.
3. Do one of the following:
o In the Enter the name of another domain controller box, type the name of the
domain controller that will be the new role holder, and then click OK.
-or-
o In the Or, select an available domain controller list, click the domain controller
that will be the new role holder, and then click OK.
4. In the console tree, right-click Active Directory Users and Computers, point to All
Tasks, and then click Operations Master.
5. Click the appropriate tab for the role that you want to transfer (RID, PDC, or
Infrastructure), and then click Change.
6. Click OK to confirm that you want to transfer the role, and then click Close.
To transfer the FSMO roles by using the Ntdsutil utility, follow these steps:
Note To see a list of available commands at any one of the prompts in the Ntdsutil utility,
type ?, and then press ENTER.
4. Type connections, and then press ENTER.
5. Type connect to server servername, and then press ENTER, where servername is the
name of the domain controller you want to assign the FSMO role to.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
To seize the FSMO roles by using the Ntdsutil utility, follow these steps:
Notes
o Under typical conditions, all five roles must be assigned to “live” domain
controllers in the forest. If a domain controller that owns a FSMO role is taken out
of service before its roles are transferred, you must seize all roles to an
appropriate and healthy domain controller. We recommend that you only seize all
roles when the other domain controller is not returning to the domain. If it is
possible, fix the broken domain controller that is assigned the FSMO roles. You
should determine which roles are to be on which remaining domain controllers so
that all five roles are assigned to a single domain controller. For more information
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
about FSMO role placement, click the following article number to view the article
in the Microsoft Knowledge Base:
o If the domain controller that formerly held any FSMO role is not present in the
domain and if it has had its roles seized by using the steps in this article, remove it
from the Active Directory by following the procedure that is outlined in the
following Microsoft Knowledge Base article:
o Removing domain controller metadata with the Windows 2000 version or the
Windows Server 2003 build 3790 version of the ntdsutil /metadata cleanup
command does not relocate FSMO roles that are assigned to live domain
controllers. The Windows Server 2003 Service Pack 1 (SP1) version of the
Ntdsutil utility automates this task and removes additional elements of domain
controller metadata.
o Some customers prefer not to restore system state backups of FSMO role-holders
in case the role has been reassigned since the backup was made.
o Do not put the Infrastructure master role on the same domain controller as the
global catalog server. If the Infrastructure master runs on a global catalog server it
stops updating object information because it does not contain any references to
objects that it does not hold. This is because a global catalog server holds a partial
replica of every object in the forest.
1. Click Start, point to Programs, point to Administrative Tools, and then click Active
Directory Sites and Services.
2. Double-click Sites in the left pane, and then locate the appropriate site or click Default-
first-site-name if no other sites are available.
3. Open the Servers folder, and then click the domain controller.
4. In the domain controller's folder, double-click NTDS Settings.
5. On the Action menu, click Properties.
6. On the General tab, view the Global Catalog check box to see if it is selected.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
More Questions:
1. Installation Manager: Services dependent
2. Load Manager: Farm metric
3. Isolation : installation command
4. Resource Manager
what are the services running for installation manager
ADF Installer and IMA
dscheck
During migraton which component will you install first
Resource manager
Senario ;
There are 5 sevrers out of which two are in production and the server is in full usage as the
number of users have been increased,and there are 3 more servers added in the farm but no
application is there.
What will you do
The users are not able to view their local printer in the citrix how will you trouble shoot
There are 10 servers,in which client needs 25 application to be installed out of which 15 should
be published and 5 as stream to server and stream to client
Function of a datastore
13. What is ICA and what are the advantage of ICA
17. How the licensing works in Citrix and difference in Citrix Licensing version wise
20. What is citrix secure / access gateway and how its work
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
21. What are the difference between Win2K and 2K3 Terminal server.
22. What is the difference between 2k & 2k3 terminal server licensing
27. What is the requirement of Installation Manager and wht kind of extension its support.
20. What is citrix secure / access gateway and how its work
21. What are the difference between Win2K and 2K3 Terminal server.
22. What is the difference between 2k & 2k3 terminal server licensing
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Normal:
• Why does a new desktop get a "dial-up or network problems.." when the OS is win2k
pro, or XP pro.
• why does the spooler service sometimes crash, after staring a printjob?
• How much ssl certificates, do i need to setup a CSG configuration?
• Why does single signon not work, when using NFuse or WI?
• Can you describe your best hardware configuration for a 35 to 40 user server?
Hardcore:
The following document is to shed some light on the mystery of Microsoft Terminal Server
Licensing. Hopefully this explanation will answer any questions that may arise when the thought
of a Citrix Server Farm is brought up and the Licenses needed to implement a Farm in keeping
with the Microsoft Licensing Agreement Terms and EULA (End User License Agreement).
Also included in this document will be an explanation of terms in regards to what each license is
and its purpose in the scheme of each implementation.
Windows2000 Server License: This is the license that is purchased for the server to run the
Server Network Operating System . This needs to be purchased for EACH Terminal Server that
is being purchased for the Farm.
Windows2000 CAL (Client Access License): This is the license needed to access a
Windows2000 Server from any Workstation. These need to be purchased for each workstation
that will be accessing the Citrix servers no matter what OS the clients PC is running.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Windows2000 Terminal Services CAL (Client Access License): This license is required when
attaching to a Terminal Server form ANY OTHER Workstation OS excluding Windows 2000
or Windows XP Professional. Licenses for Windows2000 and Windows XP Professional are
already licensed for access to terminal Services. Licenses for these Workstations will be given
out from a Pool of Built-In licenses on the License Server.
Citrix Metaframe Xpe Server Software with Subscription Advantage: This license is for the
Citrix Metaframe software which increases the functionality and management of the Microsoft
Terminal Server. The starter pack includes all needed software for Load Balancing and
Management as well as 20 End User Licenses. Citrix licenses are concurrent connections to the
Citrix Server rather than Per Server/Seat as Microsoft is. Subscription Advantage is a
maintenance fee that includes Licenses for all current and future Feature Releases which are
functionality add-on’s to the Citrix product.
1. The Terminal Server License Service is started on a DC. The install can be found under
Add/Remove programs of any Windows 2000 server.
2. All Terminal Server CAL’s that are purchased need to be added to this server and NOT
directly installed on the Terminal Server running Citrix Metaframe.
3. Upon install, the licenses need to be activated through Microsoft’s Clearing House. This can
be achieved through the Internet or by physically calling them on the phone.
4. There is a HotFix that needs to be installed on the server running the License Service, which
eliminates some of the issues with this process (these will be discussed later in this document).
5. The first time a client attempts to connect to the Citrix Server from a non-Windows2000 or
Windows XP Pro PC, they are assigned a temporary license ‘token’ from the License Service.
This ‘token’ is stored on the Client’s PC in the registry located in
HKLM\software\microsoft\mslicensing.).
6. The second time a client attempts to attach to the server, an attempt is made to upgrade the
validated temporary license token to a full Terminal Server CAL. If no full CAL’s are available,
the temporary CAL will continue to function for 90 days.
7. When the 90 days have elapsed, the client will again attempt to upgrade to a full TS CAL. If
none are available, the connection will be rejected.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
8. If a full license can be located, the license token takes the place of the temporary token in the
client’s registry. An expiration has been added to each token that is issued. This expiration is set
to a random number of days between 52-89 days of issuance. When a client connects to a
terminal server, the date is checked. If the expiration is within 7 days, the terminal server
connects to the License Server and renews the TS CAL token, giving it another expiration of 52-
89 days. If the License Server is not available, the TS CAL token functions as normal, with the
Terminal Server attempting to replace it at each login.
9. Any TS CAL token that has not been renewed is returned to the group of available license
tokens upon expiration.
10. Any client that is connecting to a Citrix Farm from a PC running Windows 2000 Pro or
Windows XP Pro do not need separately purchased TS CAL’s. When these clients connect, they
are issued a token from License Server from a separate pool of ‘built in’ licenses that are
reserved for clients connecting from an OS that is equal or higher than the OS running on the
Terminal Server. This pool is inexhaustible.
Redundancy:
According to Microsoft, it is best to install and activate Terminal Server License service on
two Domain Controllers in a environment that needs high availability. It is suggested that all
License Tokens be installed on only 1 of the license servers. In the event that the Primary
License Server were to be unavailable, unlicensed clients will still be able to connect with
temporary license tokens from the other License Server.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Citrix and Microsoft have always been in a quasi-competition in this space ever since Microsoft
announced the first version of Terminal Server in 1997. Since then each release of Terminal
Server has created a new round of fears. And each time Citrix has been able to address those
fears and MetaFrame / Presentation Server / XenApp has gotten stronger and stronger.
So when the rumors of RDP 6 started five years ago, Citrix's response was "What's the big deal?
This is the same battle that we've been fighting since the beginning of Terminal Server."
But I wasn't so sure about that. Sure, I agreed with Citrix in the past. But if you look at the
features that were rumored to be in the Terminal Server plans, they looked scary to Citrix. They
certainly looked like they could take away a significant portion of Citrix's low-end market.
There are charts floating around on the Internet that show a very detailed list of every feature that
Terminal Server 2008 (and Citrix, for that matter) have. But if you boil away the marketing fat,
Terminal Server on Windows Server 2008 has six primary features that could be scary to Citrix:
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
This is certainly an impressive list--if you don't take the time to learn about how each of these
features actually works. (In other words, according to this list, Citrix is screwed! But according
to anyone who's actually used the product, Citrix has nothing to worry about!)
Let's look at each of these six major new features and compare them to what you get with Citrix
Presentation Server.
TS RemoteApp
On the surface, TS RemoteApp sounds like Citrix's application publishing. True, they both let
you connect to a single application window instead of a full remote desktop. But that's pretty
much where the similarities end. With Citrix, you "publish" applications by configuring groups
of users who are allowed to access individual apps on the server (or a group of servers), and then
the Citrix infrastructure makes sure that the users get access to the shortcuts to start their
applications (either via a desktop-integrated solution or a Web Interface).
In pure Terminal Server, you don't "publish" a RemoteApp per se. Instead, you use the
RemoteApp wizard to create a custom RDP file for a specific application on a specific Terminal
Server. Users can then double-click this RDP file to launch the RemoteApp.
You also have the option to "wrap" that RDP file into an MSI installer package. This installer
package doesn't contain the actual app--it just contains the RDP file, the icon, and any file type
associations. Users can then "install" the MSI (which is small, typically under 100k) to their
Windows desktops. The RemoteApp version of the app shows up in their Add / Remove
Programs and on the start menu. Clicking the icon launches the remote seamless instance of the
app.
So while the RemoteApp "installation" is cool, it's philosophically different than what Citrix is
doing. TS RemoteApp is a method for installing applications locally to workstations, but there's
absolutely no management built in. There's no capability in the TS product to deploy these MSI
files to users or to decide which users get access to which apps. That's something you'll have to
handle externally, like with System Center Configuration Manager (the new name for SMS) or
AD Intellimirror or something.
TS Web Access
In saying that TS RemoteApp has no management or deployment built-in, some people suggest,
"Sure it does. Just use TS Web Access!" But that's not quite it either. TS Web Access (TWSA) is
a very, very basic IIS web site that can provide links to the TS RemoteApp packages on a single
server via a web page.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
So yes, TSWA is easier than figuring out how to install RemoteApp MSIs on your users
workstations. And TSWA is nice because if you add a new RemoteApp to a Terminal Server, it
will automatically be available via the web page.
But there are some big drawbacks. The first is that TSWA does not have any kind of user
authentication or differentiation. The single TSWA site shows all RemoteApps on a server--you
can't show different apps to different users or groups. (Although TSFactory does provide a free
tool called TS RemoteApp Filter that lets you specify which users and groups can see which
RemoteApps via a TSWA site.)
The other main drawback of TSWA is that Terminal Server on Windows 2008 doesn't have a
"farm" concept. When you configure a TSWA site (whether running on IIS on a Terminal Server
or on a standalone web server), your RemoteApps all connect back to a single IP address. So if
you want to have multiple Terminal Servers supporting connections, you need to configure them
in a load balancing group so that they're all available via the same virtual shared IP address. This
might not be that big of a deal, but it also means that all your Terminal Servers need to have the
same RemoteApps installed and should 100% identical.
TS Session Broker
TS Session Broker is the "load balancer" capability of Windows Server 2008 Terminal Services.
It's basically the Session Directory feature of Windows Server 2003 Terminal Services that's
been extended to also work when users connect to new sessions. To use the session broker, you
install the service and configure all of your servers to be part of the same "farm." (Although
Microsoft uses the term "farm" liberally in this case.) Then when an incoming RDP connection is
made, the user authenticates to one of the Terminal Servers, and that server then contacts the
server running the session broker service to see if that user should be redirected to a different
Terminal Server (either because another server has lower load or because the user has an existing
session on another server).
Of course this can be a single-point of failure in your environment, so again, you need to build
two session brokers and then use Windows Network Load Balancing to create a shared virtual IP
address.
The TS Session Broker works well enough, although configuring it is pretty complex. It also has
a drawback in that it only balances new connections based on session count, rather than being
able to use any other perfmon counters.
TS Gateway
One of the challenges of Terminal Server environments has been ensuring that remote RDP
connections are made securely. Windows 2003 Service Pack 1 introduced the capability for RDP
sessions to be encrypted with SSL, but unfortunately that was done on a server-by-server basis.
This meant that each Terminal Server still needed to be directly accessible from outside the
firewall via an FQDN, and each server needed it's own SSL certificate. Citrix solved this
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
problem years ago with their Citrix Secure Gateway (CSG) software-based ICA-over-SSL VPN
product. In Windows Server 2008, Microsoft introduced a similar product called TS Gateway.
TS Gateway works well. It's similar to the IIS-based RPC-over-HTTPS technology from
Windows 2003 for external Exchange users, except of course TS Gateway is "RDP-over-
HTTPS." One of the really cool things about TS Gateway is that it can use Network Access
Protection (NAP), a technology from Microsoft that can allow or deny network access based on
the health of the client device. (This is similar to Citrix's Smart Access.)
TS Easy Print
As anyone who's been in this business more than a week knows, printing in server-based
computing environments is a major pain. Microsoft added "fallback" driver support in Windows
2003, allowing users to print to their own local printers without having the model-specific
drivers installed on the Terminal Servers. TS Easy Print takes that to the next level,
leveraging Microsoft's new XPS printing format. While Easy Print is still based on the single-
threaded print spooler and rendering engine on the server (so it more compares with UPD I and
II from the older versions of Citrix), it does work well (as long as your client device is running
Vista or the soon-to-be-released Windows XP SP3). But this is also a nice feature!
Rounding out the list of "big six" new features in Terminal Server on Windows 2008 is
the Windows System Resource Manager (WSRM), which is technically not new for Windows
Server 2008 (although there are new resource-allocation policies in 2008 for TS sessions).
WSRM lets you configure policies that define how many system resources specific processes
(and now user sessions) are able to consume. WSRM is not a Terminal Server-specific feature,
although if you know what you're doing you can get a lot out of it. (That's an article for another
day though.)
Conclusion
Six big new features. TS Gateway and TS Easy Print are pretty cool. Web Access, the Session
Broker, and RemoteApp are pretty limited and/or require some serious smarts to make work.
And WSRM can be cool but is certainly not for part-time admins. And all of this is for single-
server environments only, so as soon as you add a second server to your environment, you need
to manually configure everything separately on each server.
This leads to the ultimate question of "When can I use pure Terminal Server, and when do I need
a third-party add-on like Citrix?"
Microsoft has specified that pure Terminal Services can be used for "low complexity"
environments, and that third-party add-on tools should be used for higher-complexity
environments. In some ways this makes sense, and in other ways it's crazy. The low complexity
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
thing makes sense because native Terminal Server 2008 is designed for environments where all
your servers are the same, all users have access to all applications, and you load balance based
purely on user session counts. And in reality, that probably defines 20 or 30% of all existing
Citrix Presentation Server deployments.
But that doesn't mean that Citrix's Presentation Server business is going to instantly drop by 20
or 30%, because in a lot of ways, Terminal Server 2008 is so simple that deploying it in the real
world is more complex than deploying Citrix! You want load balancing? Fine, but you have to
configure a Session Broker then add Terminal Servers to the group then install NLB then
configure a virtual IP address then configure your RemoteApps to point to it then.... Compare
that to Citrix where you just install a second server, point it to your existing data store, and your
done! (And the same example could be used for RemoteApps or Web Access or Gateway.)
I typically think of "low complexity" scenarios as environments that only have part-time TS
admins. (Not that the IT admin is part-time, but that he or she has other IT admin duties and is
not dedicated to TS.) And so in this case, I would think these admins need a server-based
computing product that is as easy as possible to use, and pure Terminal Server on Windows 2008
sure isn't that! (This is what Citrix Access Essentials, or "Presentation Server Lite" is for.)
I recognize that Citrix Presentation Server is so much more than these six features. Management.
ICA performance. Non-Windows clients. Load balancing. Application Publishing. Web
Interface. Smart Access. WAN acceleration. I could go on. But in the context of Terminal Server
on Windows Server 2008, these are the main things that people will be up against.
Finally, I'd be remiss if I didn't mention Ericom. Ericom has a product called PowerTerm
WebConnect that competes against Citrix Presentation Server. Ericom has made the Windows
Server 2008 version of their product available completely for free. It's too early to tell whether
this will have an impact on the market(since no one is really using Windows Server 2008
Terminal Server yet.
Will Windows 2008 Terminal Server plus the free Ericom give Citrix a run for their money?
Probably not in the enterprise space, but this could make things dicey for Citrix Access
Essentials in the "low complexity" market.
Terminal Services in Windows Server 2008 were enhanced by many new features. In this post, I
summarized some of the more general improvements. In the next post in this series, I will write
about the TS enhancements related to multi-user mode.These posts are partly a summary of
Mitch Tulloch’s Terminal Services chapter in his Windows Server 2008 book.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Notice that the distinctions between TS feature types regarding multi-user mode and remote
administration mode are not strict. Also note that some of the new features of the new Remote
Desktop Connection (RDC) 6.0 TS client work with Windows Server 2003, too. For the sake of
completeness I also included them in this post.
Server Authentication
You can configure the RDC 6 client to warn you to stop the connection process if Server
Authentication fails.
Display Improvements
The maximum display resolution is 4096×2048 now. Furthermore, 16:9 and 16:10 displays are
now supported. You can’t use full screen mode with previous RDC versions. It possible to work
with 32 bit color mode and ClearType font smoothing.
Desktop Experience
Users can work with a desktop similar to the one they know from Windows XP or Vista. The
latter only works together with Windows Server 2008. Desktop Experience is a feature you can
add with Server Manager in Windows Server 2008.
AdminStudio
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
Advertisement
Desktop Composition
If the client is a Vista machine you can even use Aero as long as the client’s hardware supports it
and Desktop Experience is installed on the server. However, this only works if the Terminal
Services are running in administration mode or the host is a Vista machine. You can enable
Desktop Composition thru the RDC client’s Experience tab.
TS Easy Print
This new feature allows you to use your local printer in a TS session even if the printer driver is
not available on the server. It is interesting to note that TS Easy Print makes use of XPS (XML
Paper Specification), Microsoft’s alternative to PDF.
Single-Sign-On (SSO)
If client and server belong to a Windows domain, you can configure the client to authenticate
against Terminal Services with the same credentials used to logon on the client machine. This
only works if the client runs Windows Vista and the server Windows Server 2008. I have been
waiting for this feature for a long time, already. Unfortunately, the configuration is a bit
complicated. You have to specify all servers for SSO in advance using Group Policy. I rather
preferred a setting in the RDC client configuration for this feature.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
In my first article about the new features of Terminal Services in Windows Server 2008, I
discussed some general enhancements. Today, I will examine the improvements regarding its
multi-user mode.
You probably know that in multi-user mode, users connect via RDP to a Windows server to
work remotely with desktop applications. To configure multi-user mode in Windows Server
2008, you have to add the Terminal Server role with Server Manager. Note: You can try some of
the features discussed here also in single-user mode.
Let GFI EventsManager do the dirty work. Have event logs monitored automatically and get
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..
Sunil Swain – Citrix preparation materials
still allowed to logon using mstsc /admin. You can also set TS in to drain mode with the TS
Configuration UI.
There is nothing like Luck or Fate in an Interview.. It’s all in your Hard work, Knowledge and Confidence..