Why Session Disconnect Policy doesn’t work on server OS when applied from Studio

As we know the major difference between a Windows Server OS and Windows Desktop OS is that the server OS can take multiple sessions however Desktop OS can only take one session at a time because of the Listeners.

When we connect to a Desktop OS using Citrix, Port ICA is responsible for the connection and Session timeout policies from CItrix Studio will work as expected.

When we connect to a Server OS using Citrix, precedence is given to RDP as the server is acting as a session host and ICA protocol is running on top of RDP protocol and that is the reason we recommend to apply the Session Disconnect Timeout policy from MS GPO for Server OS. However, Session Idle timer policy will still apply from Citrix Studio for Server OS.

Why do we have this in Studio, if it doesn’t work for Server OS?

This policy is in added to Citrix from older Presentation server/XenDesktop versions to control the idle and disconnect time out on Desktop OS as this works for Desktop OS and we haven’t made any changes to the code for the policy.

Related:

  • No Related Posts

CSPs & Citrix Content Collaboration

Types of StorageZones

Currently, CSPs are not able to provide hybrid storage to their tenant accounts, i.e. cloud and on-premise StorageZones on the same account. Rather, the CSP can provide exclusively on-premise or cloud storage to each of their tenants.

Multi-Tenant StorageZone: This is a single storage repository, managed by the CSP, which can be shared by an unlimited amount of CSP Content Collaboration tenants. This type of StorageZone is classified as an on premise StorageZone it can be linked to the partner’s cloud blob.

User-added image

Normal or Standard StorageZone: This is a storage repository, managed by the CSP, which is dedicated to one Content Collaboration account. This type of StorageZone is classified as an on premise StorageZone it can be linked to the partner’s cloud blob.

Cloud StorageZone: This is a storage repository managed by Citrix, and not the CSP. This offering for CSPs provides an unlimited of storage to each Content Collaboration tenant.

Getting Started with Reselling Content Collaboration as a CSP

1. Log-in to citrix.cloud.com with partner MyCitrix credentials. Within the main dashboard, select the “Resell” button under the Content Collaboration badge. If the button appears as “Manage” the partner can skip to step #4.

2. Create or Link a Content Collaboration Partner Account: Fill out the necessary fields in order to create a new Content Collaboration partner account or link an existing Content Collaboration partner account. If the partner has an existing Content Collaboration partner account but it doesn’t appear for automatic linking, please contact Citrix Support.

3. Optional – Set up a Multi-Tenant StorageZone: If the CSP decides to provide a Multi-Tenant StorageZone then the CSP needs to ensure the following:

  1. The Multi-Tenant StorageZone needs to be registered and live on the partner’s Content Collaboration account before the CSP creates a Content Collaboration tenant account.

  2. To check that the partner has successfully installed and registered a Multi-Tenant StorageZone to their partner Content Collaboration account, they can check by logging into their partner account from the Content Collaboration web app and navigate to “Admin Settings” >> “StorageZones.” Here, the Multi-Tenant StorageZone should be located under “Partner-Managed” tab.

  3. If their StorageZone is under the “Customer-Managed” tab then they accidentally installed and registered a standard StorageZone (not Multi-Tenant enabled). In order to change their standard StorageZone to a Multi-Tenant StorageZone the partner will have to “Delete this Zone” within the Content Collaboration web app, remove the StorageZone from their designated server, and re-create the StorageZone and run the Multi-Tenant command prompt.

User-added image

4.Create a Content Collaboration Tenant Account: From the partner’s Citrix Cloud customer dashboard, select “Invite or Add.” If the partner would like to add a new Citrix customer they will be prompted to fill out information about their new tenant’s Citrix Cloud account. If the partner would like to invite an existing Citrix Cloud customer to their customer dashboard, they can send them a link. Once that customer receives that link and accepts the terms and conditions of becoming a tenant of the CSP. The partner can then add services to their tenants through the customer dashboard by selecting the three dots by the tenant’s company name, then selecting “Add Service” >> “Content Collaboration.”

  1. The partner will select the primary StorageZone that the Content Collaboration tenant will consume. If they select a Multi-Tenant StorageZone, they are required to specify the existing StorageZone (live, and registered on their Content Collaboration partner account).

  2. Master Admin user information must be specified, and will be added to the tenant’s account, along with a partner admin user.

  3. All tenant accounts receive 1,000 available licenses. The CSP payment model is based on the total number of used licenses, and not on total number of all licenses.

Managing CSP Content Collaboration Tenants

How to Update Tenant Accounts:

A partner admin user is always provisioned on the CSP’s Content Collaboration tenant account. This allows the partner to manage the customer’s account, such as configure account settings, manage employee users, run reports, etc. This partner admin is added to the Super User group within their tenant’s account, giving this user complete access to all files and folders. If the partner does not want access to the customer’s Content Collaboration data, they will need to remove the partner admin user from the Super User group. Once the partner admin is removed from the Super User group then that user will only receive access to files that are specifically shared by other employee users.

  • Change their Content Collaboration subdomain: Any admin user on the Content Collaboration account is able to change the subdomain under “Admin Settings” >> “Company Account Info”
  • Add more licenses: Prior to creating tenant accounts within the partner’s Citrix Cloud account, CSPs had to request an account through an online form. This form allowed partners to specify the amount of licenses on the account. If this is how the CSP created the tenant account and the partner is looking to add licenses to that account, they can submit that type request here. This request will automatically increase the total license count to 1,000 for that tenant account.
  • Change Master Admin user: Find directions here.
  • Cancel an account: Request here.
  • Convert a trial or POC account to an in-production account: Request here.

Tenant Management:

If the CSP has managed Content Collaboration tenants prior to establishing their Citrix Cloud partner account, then their existing tenants will not appear on their Citrix Cloud customer dashboard. Instead, these tenants will only appear on the partner’s Content Collaboration account under “Admin Settings” >> “Advanced Preferences” >> “Tenant Management.” If “Tenant Management” is not an option, then this particular partner user will need to enable the “Manage Tenants” user permission. There is currently not a way to import or show these existing tenants in the CSP’s Citrix Cloud customer dashboard.If the CSP creates a tenant from within Citrix Cloud, then that tenant will appear in their Citrix Cloud tenant dashboard.

If the CSP has created some tenants via the online form and some via Citrix Cloud, then the partner can easily see all tenants from within the partner’s Content Collaboration account (first bullet).

For Multi-Tenant StorageZones:

Each tenant onboarded to a partner’s Multi-Tenant StorageZone receives their own root-level folder within the StorageZone. The name of the root-level folder is the tenant’s unique Content Collaboration account ID (starts with an “a”).

  • This folder structure, with each tenant having their own root-level folder, ensures that tenant data within their Content Collaboration account is separated from other tenants sharing the Multi-Tenant StorageZone. Tenant end-users will only have access files and folders created and uploaded within their own Content Collaboration account.

For CSP reporting (i.e. payment model):

CSPs are required to report on the amount of used licenses by their Content Collaboration tenants to their preferred Citrix distributor. For directions on capturing the accurate number of licenses for monthly reporting:

  • If the partner created a Content Collaboration tenant within Citrix Cloud: Log-in to the CSP Citrix Cloud account and navigate to the customer dashboard.
  • If the CSP has Content Collaboration created tenants from a third-party online form, rather than Citrix Cloud: Log-in to the CSP Content Collaboration partner account and navigate to “Admin Settings” >> “Advanced Preferences” >> “Tenant Management”
  • Within either of these dashboards, sort the Content Collaboration tenant accounts by “Paid” status.
  • From list of “paid” Content Collaboration tenants, further separate them by storage type and see if they are defaulted to a Citrix-managed cloud StorageZone or a partner-managed on-premise StorageZone.
  • Then, the partner must total up the amount of used licenses from all the “paid” cloud tenants and the “paid” on-premise tenants. The reason for separating the used license count by storage type is because they have different reporting SKUs (and subsequent partner price).
  • Please consult with your preferred Citrix Distributor for reporting SKUs and their pricing, which will be based on the Content Collaboration tenant’s storage type.

Related:

  • No Related Posts

SEP 14.x does not allow users’ registry to dismount after logoff

I need a solution

I’ve had this issue for quite some time and surprised no one else has noticed this bug.

After about a day of running SEP, when I look in Regedit under HKEY_USERS I’ll see everyone’s hive who has previously logged into the Windows Server 2016/XenApp 1808 VM’s.  If these users attempted to return to the affected VM, they would be denied logging in until their hive was dismounted.  The bug is able to suvive a reboot.

This issue seems to manifest when the Symantec registry key LaunchSMCGui is set to zero.

I used to temporarily mitigate the problem by running SMC -Stop and SMC -Start but this no longer works in 14.2 MP1.  SEP 14.2 would cause my XenApp VM’s to BSOD a lot.

0

Related:

XenApp/XenDesktop 7.X : Basic Powershell Cmdlets for Delivery Controller’s Health Check

Please run the following command to do a Delivery Controller’s health check from an elevated powershell window:

To load the Citrix modules run asnp citrix*

1. Run Get-BrokerController to list the information about all the Delivery Controllers in the site.

Note down the SID of the controller and match it with the SID value in the chb_configcontrollers XenApp/XenDesktop Site database table (Browse to the database for your XenDesktop environment, expand tables and then check for the table by the chb.config controller)

Also ensure that the status of all the Delivery Controllers is “Active”

2. To check the service status of all the Citrix Services , run the following command:

Get-command get-*servicestatus

Copy all the values in ‘Name’ and paste it in the next command line

OUTPUT: Service status should come up as ‘OK


3. To measure the number of instances getting registered from the controller with the database:

Get-ConfigRegisteredServiceInstance | measure

OUTPUT: Will give the consolidated number. (With every version we have few new services and instances which get added, i.e, with 7.6 we have 49 instances. If you have 2 controllers in the environment then the value will come up to be 49*2=98)


4. For environment where we have separate databases for Logging and Monitor service, the following command can be run to check the status:

(In case you have a single database for Ste, Monitoring and Logging the String value will be same. For environment with different databases, the string value will be different for Logging and Monitor datastore)

Get-LogDatastore

Get-MonitorDatastore


5. To check the connection string which connects the Delivery Controller uses to communicate to the site database, run the following command:

Get-BrokerDbconnection

OUTPUT: Server= SQL Server name;Initial Catalog=Name of the XenApp/XenDesktop database


6. Run the following command to verify the installed db version for all the services. Example for Broker Service run:

Get-BrokerInstalledDbVersion

Similarly, you can check for the other services as well:

Get-AdminInstalledDbVersion

Get-AnalyticsInstalledDbVersion and so on.

You will get the list of Citrix services from Get-command get-*servicestatus as stated earlier.

7. To check the Connection strings in the registry, browse to the following location and check the value of the connection string:

HKLMComputerHKEY_LOCAL_MACHINESOFTWARECitrixDesktopServerConnectionsController

This can as well be checked for all the services installed:

Browse to the following location and verify the value for the Connection String:

HKLMComputerHKEY_LOCAL_MACHINESOFTWARECitrixXDServices”Service name”DatastoreConnections

8. Run the below cmdlet to test Database connectivity of individual Citrix Services.

Example:

Test-BrokerDBconnection “<connection strings>”

Test-ConfigDBConnection “<connection strings>”

Related:

How to troubleshoot Virtual Delivery Agent (VDA) Registration issues

Citrix Virtual Apps and Desktops, formerly XenDesktop, fits the enterprise need to bring both VDI and apps into a user-centric experience.

Citrix Virtual Apps, formerly XenApp, fits the enterprise need to bring legacy apps into a cloud management environment.

This article contains information about troubleshooting Virtual Desktop Agent Registration with Controllers in Citrix Virtual Apps and Desktops.

Background

In order to broker connections to Virtual Machines, the Delivery Controller (on-prem)/ Connector (Cloud) relies upon an installed software component on each virtual machine – the Virtual Desktop Agent (VDA) – being in communication with one of the controllers/connectors in your site. This state is referred to as the VDA being registered.

Note: This article applies only to 7.X versions.

Related:

XenApp/XenDesktop: Application Launch Gets Stuck At “Connection Established. Negotiating Capabilities” For A Few Minutes Minute And Then Closes Out.

  • XenApp/XenDesktop: Application launch gets stuck at “Connection Established. Negotiating Capabilities” for a few minute and then closes out.
  • In Citrix Studio the session is found in Prelogon State.
  • Csrss.exe and winlogon.exe get created for that session till the time it is stuck at “Connection Established. Negotiating Capabilities” and then once the windows disappears, winlogon.exe and csrss.exe for that session also close out.
  • In CDF Trace collected from VDA side ConnectionFailure’s are seen.

52719,1,2018/07/05 11:26:07:36798,2860,1740,1,BrokerAgent,,0,,5,EntryExit,”=========>>>>> StackManager.NotifySessionEvent(09b84615-b5bc-4235-b19e-9a18192ea3ad): Enter(SessionEvent:SESSION_EVENT_TERMINATE, SessionReasonCode:SESSION_EVENT_REASON_CONNECTION_FAILURE, rdsCalId:0)”,””

52745,1,2018/07/05 11:26:07:39686,3880,1740,1,DirectorVdaPlugin,,0,,5,EntryExit,”OnPrepareSession: [SessionKey=09b84615-b5bc-4235-b19e-9a18192ea3ad, TerminateReasonCode=ConnectionFailure]”,””

  • In the Application Event logs Error 4005: The Windows logon process has unexpectedly terminated is logged.

Related:

Single Sign on Support for Linux Receiver

Question

The client wants to achieve authenticated access to XenApp/XenDesktop infrastructure via Linux Citrix Receiver using Pass-through authentication (SSO) and AD-based account credentials.

The process at the moment is as follows: an end-user has already entered his/her PIN code while receiving Kerberos ticket from AD, yet PIN is asked again for each repeated authentication against AD. It seems that there should be a way to configure SSO on Receiver for Linux simiraly as it works on Windows clients.

Can Linux receiver provide the ability to read these Kerberos tickets from a local Linux Kerberos credential cache, providing logon to XD/XA and re-using them for AD-related authentication (SSO)?

Answer

As of now as per the Citrix Receiver Feature matrix, Pass through Authentication is not enabled for Receiver for Linux.

https://www.citrix.com/content/dam/citrix/en_us/documents/products-solutions/citrix-receiver-feature-matrix.pdf

Related:

XenApp/XenDesktop 7.15.2000 : Citrix Studio Times Out While Enumerating Application Groups In Large Environments With Lot Of Application Groups for Tag Restrictions

  • XenApp/XenDesktop 7.15.2000: Citrix Studio Times Out While Enumerating Application Groups in Large Environments where lot of Application Groups are Published and Tagging is also enabled.

  • When you click on “Applications” tab in Citrix Studio it gets hung with a spinning circle for a few minutes and then throws the error “Database Could Not be Contacted”. When you click on Error details you see “Get-BrokerApplicationGroup” gives the error “Problem Occurred contacting the database”

  • The issue does not occur with any other tab in Citrix Studio except while clicking on “Applications Tab”.

Appgroup4
CDF TRACE

In CDF Traces collected from Delivery Controllers we see ‘Execution Timeout Expired.

368781,1,2018/07/02 13:10:07:11527,2436,1624,3,Xendesktop Management Console,_#dotNet#_,0,,1,CDF_NET_INFO,”Xendesktop Management Console:2:1:CmdletExecutionLog(1114): Script GetApplicationGroupsScript(1111): Failed to execute command: Get-BrokerApplicationGroup -AdminAddress “DDCNAME:80″ -MaxRecordCount 2147483647“,””

368782,1,2018/07/02 13:10:07:11545,2436,1624,3,Xendesktop Management Console,_#dotNet#_,0,,1,CDF_NET_ERROR,”Xendesktop Management Console:1:1:CmdletExecutionLog(1114): Script GetApplicationGroupsScript(1111): Error received from command: Get-BrokerApplicationGroup -AdminAddress “DDCNAME:80” -MaxRecordCount 2147483647, Error:

Name : Get-BrokerApplicationGroup

+ CategoryInfo : InvalidOperation: (:) [Get-BrokerApplicationGroup], SdkOperationException

+ FullyQualifiedErrorId : Citrix.XDPowerShell.Broker.DataStoreException,Citrix.Broker.Admin.SDK.GetBrokerApplicationGroupCommand

368783,1,2018/07/02 13:10:07:11553,2436,1624,3,Xendesktop Management Console,_#dotNet#_,0,,1,CDF_NET_INFO,”Xendesktop Management Console:2:1:CmdletExecutionLog(1114): Script GetApplicationGroupsScript(1111): The command; Get-BrokerApplicationGroup -AdminAddress “DDCNAME:80″ -MaxRecordCount 2147483647, Took 380.21 seconds to execute”,””

368784,1,2018/07/02 13:10:07:11561,2436,1624,3,Xendesktop Management Console,_#dotNet#_,0,,1,CDF_NET_INFO,”Xendesktop Management Console:2:1:::-fd2ef0c2-3c79-45ce-8275-cef217891283:Executing Cmdlet: Get-BrokerApplicationGroup”,”

368785,1,2018/07/02 13:10:07:11574,2436,1624,3,Xendesktop Management Console,_#dotNet#_,0,,1,CDF_NET_INFO,”Xendesktop Management Console:2:1:Attempting to resolve the error DataStoreException to a resource string.”,””

368786,1,2018/07/02 13:10:07:11579,2436,1624,3,Xendesktop Management Console,_#dotNet#_,0,,1,CDF_NET_INFO,”Xendesktop Management Console:2:1:Looking for String[Citrix_XDPowerShell_SdkSdkErrorId_DataStoreException]“,””


368787,1,2018/07/02 13:10:07:11758,2436,1624,3,Xendesktop Management Console,_#dotNet#_,0,,1,CDF_NET_INFO,”Xendesktop Management Console:2:1:OperationTimer(GetApplicationGroupsScript: GetBrokerApplicationGroupCmd) : 380212.0ms”,””

Get-BrokerApplicationGroup -AdminAddress “DDCNAME:80” -MaxRecordCount 2147483647

Get-BrokerApplicationGroup : Problem occurred contacting the database

+ CategoryInfo : InvalidOperation: (:) [Get-BrokerApplicationGroup], SdkOperationException

+ FullyQualifiedErrorId : Citrix.XDPowerShell.Broker.DataStoreException,Citrix.Broker.Admin.SDK.GetBrokerApplicationGroupCommand

44614,1,2018/07/02 13:10:07:60659,3124,5752,0,BrokerController,_#dotNet#_,0,,1,CDF_NET_INFO,”BrokerController:2:1:EventLogManager decided to log event CdsEventDatabaseConnectivityLost of type Warning with arguments: ‘Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.’ ‘System.Data.SqlClient.SqlException’.This is based on event log groups BrokerStartup.DatabaseConnectivity”,””

44627,1,2018/07/02 13:10:07:64208,3124,5752,0,BrokerFiltering,_#dotNet#_,0,,1,CDF_NET_ERROR,”BrokerFiltering:1:1:BrokerSDKLogic.GetChbCommon: Unexpected exception Citrix.Fma.Sdk.Dal.DALConnectionFailedException: Cannot connect to database server —> System.Data.SqlClient.SqlException: Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding. —> System.ComponentModel.Win32Exception: The wait operation timed out

Line 2191: 2099,1,2018/07/02 13:02:35:04848,2536,5752,0,BrokerFiltering,_#dotNet#_,0,,8,CDF_NET_INFO,”BrokerFiltering:2:8:Adding operation name GetApplicationGroup”,””

Line 19302: 17372,1,2018/07/02 13:03:47:46942,3124,5752,0,BrokerController,_#dotNet#_,0,,5,CDF_NET_ENTRY,”BrokerController:8:5:SDK >>> GetApplicationGroup”,””

Line 19316: 17386,0,2018/07/02 13:03:47:47221,4444,3576,0,DelegatedAdminLog,_#dotNet#_,0,,1,CDF_NET_INFO,”DelegatedAdminLog:2:1:CheckScopeAccessMultiple serviceType=Broker operations=GetApplicationGroup”,””

Line 19319: 17389,0,2018/07/02 13:03:47:48516,4444,3576,0,DelegatedAdminLog,_#dotNet#_,0,,1,CDF_NET_INFO,”DelegatedAdminLog:2:1:Unrestricted access granted for Broker:GetApplicationGroup”,””

Line 19324: 17394,1,2018/07/02 13:03:47:48692,3124,5752,0,BrokerController,_#dotNet#_,0,,1,CDF_NET_INFO,”BrokerController:2:1:CheckScopePermissions(‘GetApplicationGroup’) returning null (unrestricted)”,””

Line 19325: 17395,1,2018/07/02 13:03:47:48692,3124,5752,0,BrokerController,_#dotNet#_,0,,5,CDF_NET_ENTRY,”BrokerController:8:5:CheckPermission(GetApplicationGroup) returns null”,””

Line 19328: 17398,1,2018/07/02 13:03:47:48753,3124,5752,0,BrokerFiltering,_#dotNet#_,0,,5,CDF_NET_ENTRY,”BrokerFiltering:8:5:FilteringLogic.GetCommon op=GetApplicationGroup”,””

Line 19329: 17399,1,2018/07/02 13:03:47:48764,3124,5752,0,BrokerFiltering,_#dotNet#_,0,,1,CDF_NET_INFO,”BrokerFiltering:2:1:GetSqlStatement: select AG.Uid, AG.Name, (select AGDGA.Priority as I from chb_Config.DesktopGroups DG inner join chb_Config.ApplicationGroupDesktopGroupAssignments AGDGA on AGDGA.DesktopGroupUid = DG.Uid where AGDGA.ApplicationGroupUid = AG.Uid order by AGDGA.Priority, AGDGA.LastModifiedTime desc for xml path(”),root(‘Root’),elements xsinil) as _AssociatedDesktopGroupPriorities, (select DG.Uid as I from chb_Config.DesktopGroups DG inner join chb_Config.ApplicationGroupDesktopGroupAssignments AGDGA on AGDGA.DesktopGroupUid = DG.Uid where AGDGA.ApplicationGroupUid = AG.Uid order by AGDGA.Priority, AGDGA.LastModifiedTime desc for xml path(”),root(‘Root’),elements xsinil) as _AssociatedDesktopGroupUids, (select DG.UUID as I from chb_Config.DesktopGroups DG inner join chb_Config.ApplicationGroupDesktopGroupAssignments AGDGA on AGDGA.DesktopGroupUid = DG.Uid where AGDGA.ApplicationGroupUid = AG.Uid order by AGDGA.Priority, AGDGA.LastModifiedTime desc for xml path(”),root(‘Root’),elements xsinil) as _AssociatedDesktopGroupUUIDs, (select AN.CN as I from chb_Config.ApplicationGroupAccountFilter AGAF inner join chb_State.AccountNames AN on AGAF.AccountUid = AN.Uid where AGAF.ApplicationGroupUid = AG.Uid order by AN.Uid for xml path(”),root(‘Root’),elements xsinil) as _AssociatedUserFullNames, (select AN.SAMName as I from chb_Config.ApplicationGroupAccountFilter AGAF inner join chb_State.AccountNames AN on AGAF.AccountUid = AN.Uid where AGAF.ApplicationGroupUid = AG.Uid order by AN.Uid for xml path(”),root(‘Root’),elements xsinil) as _AssociatedUserNames, (select AN.UPN as I from chb_Config.ApplicationGroupAccountFilter AGAF inner join chb_State.AccountNames AN on AGAF.AccountUid = AN.Uid where AGAF.ApplicationGroupUid = AG.Uid order by AN.Uid for xml path(”),root(‘Root’),elements xsinil) as _AssociatedUserUPNs, AG.Description, AG.Enabled, (select AGMD.Name as [I/@Key], AGMD.Value as [I/text()] from chb_Config.ApplicationGroupsMetadata AGMD where AGMD.ApplicationGroupUid = AG.Uid for xml path(”),root(‘Root’),elements xsinil) as _MetadataMap, TR.Tag, AG.ScopeList, AG.SessionSharingEnabled, AG.SingleAppPerSession, (select T.Tag as I from chb_Config.ApplicationGroupTags AGT inner join chb_Config.Tags T on AGT.TagUid = T.Uid where AGT.ApplicationGroupUid = AG.Uid order by I for xml path(”),root(‘Root’),elements xsinil) as _Tags, AG.TenantId, (select count(*) from chb_Config.ApplicationApplicationGroupAssignments AAGA inner join chb_Config.Applications A on A.Uid = AAGA.ApplicationUid where AAGA.ApplicationGroupUid = AG.Uid and A.ApplicationType <> 2) as _TotalApplications, (select count(*) from chb_Config.Desktops D inner join chb_Config.DesktopGroups DG on DG.Uid = D.DesktopGroupUid inner join chb_Config.ApplicationGroupDesktopGroupAssignments AGDGA on AGDGA.DesktopGroupUid = DG.Uid where AGDGA.ApplicationGroupUid = AG.Uid) as _TotalMachines, (select count(*) from chb_Config.Desktops D inner join chb_Config.DesktopGroups DG on DG.Uid = D.DesktopGroupUid inner join chb_Config.ApplicationGroupDesktopGroupAssignments AGDGA on AGDGA.DesktopGroupUid = DG.Uid where AGDGA.ApplicationGroupUid = AG.Uid and (chb_State.WorkerSatisfiesTagRestriction(D.WorkerUid, AG.RestrictToTagUid) = 1)) as _TotalMachinesWithTagRestriction, AG.UserFilterEnabled, AG.UUID

from chb_Config.ApplicationGroups AG left outer join chb_Config.Tags TR on TR.Uid = AG.RestrictToTagUid

where (AG.IsDesktopGroup = 0)

order by AG.Name asc”,”” Line 47769: 44629,1,2018/07/02 13:10:07:65135,3124,5752,0,BrokerController,_#dotNet#_,0,,5,CDF_NET_ENTRY,”BrokerController:8:5:SDK <<< GetApplicationGroup (DataStoreException)”,””

After Creating the below Registry key Citrix Studio does give results after 6-7 minutes but for those 6-7 minutes it becomes unusable. It means waiting over 6 minutes for the Citrix Studio GUI to display information of each page like just moving between different Application Group folders.

HKEY_LOCAL_MACHINESoftwareCitrixDesktopServerDataStoreConnectionsController

Name:SdkSqlQueryTimeoutSecs

Type:REG_DWORD

Data: 600 (Decimal)

Related:

Citrix ShareFile StorageZones Controller Multiple Security Updates

Two security issues have been identified within Citrix ShareFile StorageZones Controller that, if exploited, could allow a compromised or malicious ShareFile user to write arbitrary files as that Active Directory user to the local file system, and also to discover the full local file system paths of shared files to which the ShareFile user has access.

These issues affect all currently supported versions of Citrix ShareFile StorageZones Controller before version 5.4.2.

The following issues have been addressed:

• CVE-2018-16968 (Medium): Citrix ShareFile StorageZones Controller before 5.4.2 allows Directory Traversal

• CVE-2018-16969 (Low): Citrix ShareFile StorageZones Controller before 5.4.2 has Information Exposure Through an Error Message

Related: