Application and Desktop Launch Process for internal network users

Steps happen when users access their desktops and apps:

1. Authentication

User-added image
(1)Citrix Receiver contact StoreFront using http (TCP port 80) or https (TCP port 443)

(2)StoreFront presents an authentication page

(3)User submit credentials

(4)StoreFront contacts AD using keberos (TCP port 88) to authenticate the user

(5)AD returns response to StoreFront

(6)User got logged in to the store.

2. Enumeration

The idea of enumeration is the retrieval of apps and desktops that are assigned to the user and presenting them to the user. So the user can choose resources they would like to launch.

Assuming that the user has already been authenticated to the store

User-added image
(1)After successful authentication, StoreFront passes user credentials to Delivery Controller using http (TCP port 80) or https (TCP port 443) for the list of resources available for specific user

(2)Delivery Controller contacts AD for LDAP request (TCP port 389) to identify user’s identity and group memberships

(3)Delivery Controller contacts Site Database (TCP port 1433) stored on the SQL Server to obtain apps and desktops metadata such as names and icons associated to the resource user group access to

(4)Deliver Controller sends the information back to StoreFront using http (TCP port 80) or https (TCP port 443)

(5)StoreFront presents all the resources directly to Citrix Receiver on user’s endpoint

3.Resource Launch

User-added image
(1)User clicks the icon shown in the store (TCP port 80 or 443)

(2)StoreFront contacts Delivery Controller using http (TCP port 80) or https (TCP port 443)

(3)Delivery Controller reaches out to SQL Server (TCP port 1433) to identify the most suitable VDA

(4)Delivery Controller contacts that VDA (TCP port 80)

For Server OS VDAs, they are always listening for incoming connections

For Desktop OS VDAs, they are now beginning to listen for incoming connections

(5)VDA returns a session key to Delivery Controller

(6)Delivery Controller sends the session key contains all of the connection information to StoreFront (TCP port 80 or 443)

(7)StoreFront put all the connection information into the default .ica file and sends to the endpoint (TCP port 80 or 443)

4.Session Initialization

User-added image
(1)Citrix Receiver on user endpoint directly contacts VDA (TCP port 1494/2598 based on session reliability) using connection information stored in .ica file

(2)VDA notifies Delivery Controller the connection setup (TCP port 80)

(3)Delivery Controller contacts the License Server (TCP port 7279) to check out the license on behalf of the device or user connected to the environment

(4)Delivery Controller commits session connection information to site database on SQL Server (TCP port 1433)

(5)User interact with app or desktop resources (TCP port 1494/2598 based on session reliability)

Related:

  • No Related Posts

Push Agent installation stuck at Starting “Symantec Management Agent install service”

I need a solution

Hi Guys,

As refer to the title, im facing an issue when pushing Symantec Management Agent from Notification Server to some Server.

The status stuck at starting “Symantec Management Agent install service”.

At first i was thought there is port not open well that cause Server unable to download agent package from Notification Server, but after i double check port 80/443 is open as well as TCP 135,139,445.

One of the error from logs as below :-

Client push task failed: machine=’FTP-SERVER’, resource=b1d5f17d-6382-4625-b939-a0d2d877e756, taskId=23a9fc31-7609-14ef-e47c-5b64fae1fe62.

Task stopped
   [Altiris.NS.TaskManagement.TaskStoppedException @ Altiris.NS]
   at Altiris.NS.AgentManagement.ClientPushInstall.ClientPushCoreTask.PushAgentToComputer(String taskId, String taskXml)

Exception logged from: 
   at Altiris.NS.AgentManagement.ClientPushInstall.ClientPushCoreTask.SetProgress(Exception, Byte, Int32)
   at Altiris.NS.AgentManagement.ClientPushInstall.ClientPushCoreTask.PushAgentToComputer(String, String)
   at RuntimeMethodHandle.InvokeMethod(Object, Object[], Signature, Boolean)
   at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object, Object[], Object[])
   at System.Reflection.RuntimeMethodInfo.Invoke(Object, System.Reflection.BindingFlags, System.Reflection.Binder, Object[], System.Globalization.CultureInfo)
   at Altiris.NS.TaskManagement.TaskThread.Execute(Altiris.NS.TaskManagement.TaskManagerServiceArgs, Altiris.NS.ContextManagement.ProgressContext)
   at Altiris.NS.TaskManagement.CoreTaskServiceThreadBase<T,TStartArgs>.ExecuteThreadProc(Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, Object)
   at System.Threading.ThreadHelper.ThreadStart(Object)
, machine=’FTP-SERVER’, resource=b1d5f17d-6382-4625-b939-a0d2d877e756, taskId=23a9fc31-7609-14ef-e47c-5b64fae1fe62

Appreciate help on this

0

Related:

  • No Related Posts

7023284: Installation fails on Linux server: “messgage: 40 Please check your configuration”

This document (7023284) is provided subject to the disclaimer at the end of this document.

Environment

Verastream Host Integrator

Situation

Installation fails to complete successfully on a Linux server. The following is recorded at the end of the installation log (in /opt/attachmate/verastream):
Starting registration.

Setting password for Management Server linux_server:33000

. bin/chg-mgmt-password.sh linux_server:33000 admin fixed_config_vms_password config_new_vms_password

Could not set password for linux_server:33000 (admin/vms_password)

message: 40

Registering Session Server linux_server with Management Server linux_server:33000

. bin/add-session-server.sh linux_server:33000 admin config_vms_password linux_server

Could not add Session Server linux_server (admin/vms_password) to linux_server:33000

message: 40

Please check your configuration

Resolution

Make sure there is adequate disk storage available on the Linux server. When this problem was observed, it was discovered that not enough disk space was available on the server to allow the product to run.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

Vproxy “vproxy-name” is unavailable

Article Number: 521751 Article Version: 3 Article Type: Break Fix



NetWorker

Alert on NMC: vproxy <vproxy_name> is unavailable.

Errors from daemon.log:

NSR info libCURL: function “curl_easy_perform” returned error 28: “Connection timed out after 90531 milliseconds”

NSR info VM proxy event cleared: vProxy ‘itbonn01b212.main01.intern.adns’ is unavailable.

ERRORS from vmware.log:

2018-05-11T19:09:28.807Z| vmx| I120: GuestRpcSendTimedOut: message to toolbox-dnd timed out.

2018-05-11T19:09:57.121Z| vmx| I120: GuestRpcSendTimedOut: message to toolbox-dnd timed out.

2018-05-11T19:10:10.837Z| vmx| I120: GuestRpcSendTimedOut: message to toolbox-dnd timed out.

2018-05-11T19:10:28.808Z| vmx| I120: GuestRpcSendTimedOut: message to toolbox-dnd timed out.

Errors from vrapid.log :

2018/04/17 11:53:38 http: TLS handshake error from 172.xx.xx.xxx:52042: read tcp 172.xx.xx.xxx:9090->172.xx.xx.xxx:52042: read: connection reset by peer

2018/04/17 11:58:40 http: TLS handshake error from 172.xx.xx.xxx:53314: read tcp 172.xx.xx.xxx:9090->172.xx.xx.xxx:53314: read: connection reset by peer

In one instance it was seen that the customer’s Network-Switches had a special feature: After 5 Minutes they clear their ARP-Table from Devices which doesn’t show activities for the last 5 Minutes. So the vProxy-Devices left the ARP-Table after 5 Minutes and weren’t pingable/accessible anymore.

Create a Cron-Task on the vProxies which starts every 5 Minutes and does a Ping to the Networker server. In this way there will be no entires deleted from the ARP table.

Related:

  • No Related Posts

ProxySG- TCP_NC_MISS- cannot access the application

I need a solution

Hi Team,

When we are accessing the lsapl application (https://egs-lsapl-02.singaporeair.com.sg) we are getting error.

While we are checking those error we found below logs:

PROXIED “none” – 200  TCP_NC_MISS POST  https://egs-lsapl-02.singaporeair.com.sg 8443/ SMTSERVERweb/post services …….

Please find the attached error screenshot for reference.

We have checke below KB articles but we are not sure that the issue related to this(in KB the error for 404 code but in our case its 200)

https://support.symantec.com/en_US/article.TECH242…

Below defined the code:

TCP-NC_miss: The object returned from the origin server was noncacheable

Proxy version: 6.2.15.6

Please advice to proceed further.

Thanks,

Ram.

0

Related:

  • No Related Posts

Citrix Provisioning Services Boot Process

Understanding the Boot process in PVS:

==========================================

When a target device starts it needs to somehow be able to find and contact a provisioning server to eventually stream down the appropriate vDisk.This information is stored in a so-called Bootstrap file named ARDBP32.BIN. It contains everything that the target devcie needs to contact a pVS server so that streaming process can be initialized.

The boot strap file be delivered through a TFTP server, this also partly applies to the alternative BDM(Boot Device Manager)approach. There are some distinct differences between TFTP and BDM

TFTP

When using TFTP , target device needs to know how and where it can find the TFTP server to download the bootstrap file before connecting PVS server. TFTP can be configure in HA through Netscaler to avoid single point of failure. Provisoning services has its own built-in TFTP server. However, we are free to use whatever you prefer.

One of the most popular approach in delivering TFTP server address to your target devices is through DHCP, but there are other option as well..

BDM(Boot Device Manager)

There are actually two different methods to make use of the Boot Device Manager.

Let start with PVS, PVS offers a quick wizard which will generate a relatively small .ISO(around 300KB). Next , you configure your Target devices to boot from this .ISO file, using their CDROM/DVD players. This method uses a two-stage process where the PVS server location will be hardcoded into the bootstrap generated by BDM. The rest of the information like the (PVS device drivers) is downloaded from the PVS server using a TFTP protocol (UDP port 6969), here TFTP will still be used.

As of XenDesktop version 7.x, when using XenDesktop setup wizard we can create and assign a small BDM hard disk partition, which will be attached to the virtual machine as a separate virtual disk. Using this method the above mentioned two-stage approach is no longer needed because partition already contains all the PVS drivers. This way all the information needed will be directly available without the need of PXE,TFTP & DHCP.

Note:

As and added advantage using the BDM method will also decrease the boot time by around 5 to 10 sec since we don’t have to wait for PXE and TFTP

Provisioning Services Boot Process Diagram

https://support.citrix.com/content/dam/supportWS/kA460000000CcClCAK/Provisioning_Services_Boot_Process.pdf

Related:

  • No Related Posts

7022987: Error 4701 “Server services not running”

This document (7022987) is provided subject to the disclaimer at the end of this document.

Environment

Verastream Host Integrator

Situation

  • Connection attempts by a remote client fail with error ID 4701 “Server services not running.”
  • Session server log (viewed in Administrative Console; see also KB 7021303) contains error MessageID 3152 “Allocated session timed out waiting for client connection.”
  • Local connections on the server (such as with SOAP Services tester) work fine.
  • Firewall or device with Network Address Translation (NAT) may be between the server and client, or the server’s machine name may not be resolvable from the client system.

Resolution

With version VHI 7.5 or higher:
  1. Temporarily stop the session server service. (See also KB 7021352.)
  2. Manually edit the %VHI_ROOT%/etc/sesssrvr.config file in a text editor to set the ApptrieveServer > Server property to the fully qualified host name or IP address as the server is known on the client’s side of the network.
  3. Save the edited file and start the session server service.

Cause

The client connector is able to establish the initial connection to the session server to request the session, and the server readies the session and tells the client the address to connect to it, but the client fails to make the secondary connection. That is, the client can’t connect to the address the server told it to use. The session server must be configured to tell clients (connectors, Design Tool, and model deployment utilities) to use a different address.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.

Related:

  • No Related Posts

The Tftp service is not running on the PVS server


To resolve this issue:

1. Launch the Services console: Click **Start** and then type **Services**.

2. Verify the TFTP Service is present and restart the service: From the Services console, right-click **Citrix PVS TFTP Service** and select **Start**.

3. Check the Event Log for any errors.

For more information, see Starting, stopping, or restarting Provisioning Services in the product documentation

Note: If you are not using the Boot Device Manager boot partition, this service is not required. Click **Hide Alert** to prevent this alert from appearing. You can show this alert again by clicking **Site Options > Show Hidden Alerts**. For more information, see Manage Smart Check alerts and notifications in the product doumentation.

Related:

  • No Related Posts