Why Session Disconnect Policy doesn’t work on server OS when applied from Studio

As we know the major difference between a Windows Server OS and Windows Desktop OS is that the server OS can take multiple sessions however Desktop OS can only take one session at a time because of the Listeners.

When we connect to a Desktop OS using Citrix, Port ICA is responsible for the connection and Session timeout policies from CItrix Studio will work as expected.

When we connect to a Server OS using Citrix, precedence is given to RDP as the server is acting as a session host and ICA protocol is running on top of RDP protocol and that is the reason we recommend to apply the Session Disconnect Timeout policy from MS GPO for Server OS. However, Session Idle timer policy will still apply from Citrix Studio for Server OS.

Why do we have this in Studio, if it doesn’t work for Server OS?

This policy is in added to Citrix from older Presentation server/XenDesktop versions to control the idle and disconnect time out on Desktop OS as this works for Desktop OS and we haven’t made any changes to the code for the policy.


  • No Related Posts

How to manage Citrix GPOs outside of the DDC using MS’ gpmc?

Install the Group Policy Management feature on the machine:

1. On a Windows Server machine, use the “Add Roles and Features” wizard from Server Manager to add the “Group Policy Management” feature.

2. On a Windows Desktop machine, install the Remote Server Administration Tools for the specific OS, once the installation is complete you will find the Group Policy Management console in the Start Menu.

Take into account the installation has to be performed with a domain admin account.


When opening the Group Policy Management Editor on a Windows 10 machine you might get the following warning:


According to the following Microsoft article, this is an informational event and can be safely ignored:


Install the Citrix Group Policy management package (CitrixGroupPolicyManagement_x64.msi).

This msi can be found in the XD/XA installation media under x64Citrix Policy.


At this point you should be able to create and configure Citrix policies using the MS gpmc:


However, you will notice that if you try to use GPO filters that are specific to Citrix policies like the Delivery Group filter or the Tag filter you might get an error like:


In order to be able to use these filters from the gpmc you need to install Citrix Studio on the machine:


The following article explains the details in case you want to manually install Studio (for scripted installations):


Once Studio is correctly installed, you will now be able to use the mentioned filters:



  • No Related Posts

CSPs & Citrix Content Collaboration

Types of StorageZones

Currently, CSPs are not able to provide hybrid storage to their tenant accounts, i.e. cloud and on-premise StorageZones on the same account. Rather, the CSP can provide exclusively on-premise or cloud storage to each of their tenants.

Multi-Tenant StorageZone: This is a single storage repository, managed by the CSP, which can be shared by an unlimited amount of CSP Content Collaboration tenants. This type of StorageZone is classified as an on premise StorageZone it can be linked to the partner’s cloud blob.

User-added image

Normal or Standard StorageZone: This is a storage repository, managed by the CSP, which is dedicated to one Content Collaboration account. This type of StorageZone is classified as an on premise StorageZone it can be linked to the partner’s cloud blob.

Cloud StorageZone: This is a storage repository managed by Citrix, and not the CSP. This offering for CSPs provides an unlimited of storage to each Content Collaboration tenant.

Getting Started with Reselling Content Collaboration as a CSP

1. Log-in to citrix.cloud.com with partner MyCitrix credentials. Within the main dashboard, select the “Resell” button under the Content Collaboration badge. If the button appears as “Manage” the partner can skip to step #4.

2. Create or Link a Content Collaboration Partner Account: Fill out the necessary fields in order to create a new Content Collaboration partner account or link an existing Content Collaboration partner account. If the partner has an existing Content Collaboration partner account but it doesn’t appear for automatic linking, please contact Citrix Support.

3. Optional – Set up a Multi-Tenant StorageZone: If the CSP decides to provide a Multi-Tenant StorageZone then the CSP needs to ensure the following:

  1. The Multi-Tenant StorageZone needs to be registered and live on the partner’s Content Collaboration account before the CSP creates a Content Collaboration tenant account.

  2. To check that the partner has successfully installed and registered a Multi-Tenant StorageZone to their partner Content Collaboration account, they can check by logging into their partner account from the Content Collaboration web app and navigate to “Admin Settings” >> “StorageZones.” Here, the Multi-Tenant StorageZone should be located under “Partner-Managed” tab.

  3. If their StorageZone is under the “Customer-Managed” tab then they accidentally installed and registered a standard StorageZone (not Multi-Tenant enabled). In order to change their standard StorageZone to a Multi-Tenant StorageZone the partner will have to “Delete this Zone” within the Content Collaboration web app, remove the StorageZone from their designated server, and re-create the StorageZone and run the Multi-Tenant command prompt.

User-added image

4.Create a Content Collaboration Tenant Account: From the partner’s Citrix Cloud customer dashboard, select “Invite or Add.” If the partner would like to add a new Citrix customer they will be prompted to fill out information about their new tenant’s Citrix Cloud account. If the partner would like to invite an existing Citrix Cloud customer to their customer dashboard, they can send them a link. Once that customer receives that link and accepts the terms and conditions of becoming a tenant of the CSP. The partner can then add services to their tenants through the customer dashboard by selecting the three dots by the tenant’s company name, then selecting “Add Service” >> “Content Collaboration.”

  1. The partner will select the primary StorageZone that the Content Collaboration tenant will consume. If they select a Multi-Tenant StorageZone, they are required to specify the existing StorageZone (live, and registered on their Content Collaboration partner account).

  2. Master Admin user information must be specified, and will be added to the tenant’s account, along with a partner admin user.

  3. All tenant accounts receive 1,000 available licenses. The CSP payment model is based on the total number of used licenses, and not on total number of all licenses.

Managing CSP Content Collaboration Tenants

How to Update Tenant Accounts:

A partner admin user is always provisioned on the CSP’s Content Collaboration tenant account. This allows the partner to manage the customer’s account, such as configure account settings, manage employee users, run reports, etc. This partner admin is added to the Super User group within their tenant’s account, giving this user complete access to all files and folders. If the partner does not want access to the customer’s Content Collaboration data, they will need to remove the partner admin user from the Super User group. Once the partner admin is removed from the Super User group then that user will only receive access to files that are specifically shared by other employee users.

  • Change their Content Collaboration subdomain: Any admin user on the Content Collaboration account is able to change the subdomain under “Admin Settings” >> “Company Account Info”
  • Add more licenses: Prior to creating tenant accounts within the partner’s Citrix Cloud account, CSPs had to request an account through an online form. This form allowed partners to specify the amount of licenses on the account. If this is how the CSP created the tenant account and the partner is looking to add licenses to that account, they can submit that type request here. This request will automatically increase the total license count to 1,000 for that tenant account.
  • Change Master Admin user: Find directions here.
  • Cancel an account: Request here.
  • Convert a trial or POC account to an in-production account: Request here.

Tenant Management:

If the CSP has managed Content Collaboration tenants prior to establishing their Citrix Cloud partner account, then their existing tenants will not appear on their Citrix Cloud customer dashboard. Instead, these tenants will only appear on the partner’s Content Collaboration account under “Admin Settings” >> “Advanced Preferences” >> “Tenant Management.” If “Tenant Management” is not an option, then this particular partner user will need to enable the “Manage Tenants” user permission. There is currently not a way to import or show these existing tenants in the CSP’s Citrix Cloud customer dashboard.If the CSP creates a tenant from within Citrix Cloud, then that tenant will appear in their Citrix Cloud tenant dashboard.

If the CSP has created some tenants via the online form and some via Citrix Cloud, then the partner can easily see all tenants from within the partner’s Content Collaboration account (first bullet).

For Multi-Tenant StorageZones:

Each tenant onboarded to a partner’s Multi-Tenant StorageZone receives their own root-level folder within the StorageZone. The name of the root-level folder is the tenant’s unique Content Collaboration account ID (starts with an “a”).

  • This folder structure, with each tenant having their own root-level folder, ensures that tenant data within their Content Collaboration account is separated from other tenants sharing the Multi-Tenant StorageZone. Tenant end-users will only have access files and folders created and uploaded within their own Content Collaboration account.

For CSP reporting (i.e. payment model):

CSPs are required to report on the amount of used licenses by their Content Collaboration tenants to their preferred Citrix distributor. For directions on capturing the accurate number of licenses for monthly reporting:

  • If the partner created a Content Collaboration tenant within Citrix Cloud: Log-in to the CSP Citrix Cloud account and navigate to the customer dashboard.
  • If the CSP has Content Collaboration created tenants from a third-party online form, rather than Citrix Cloud: Log-in to the CSP Content Collaboration partner account and navigate to “Admin Settings” >> “Advanced Preferences” >> “Tenant Management”
  • Within either of these dashboards, sort the Content Collaboration tenant accounts by “Paid” status.
  • From list of “paid” Content Collaboration tenants, further separate them by storage type and see if they are defaulted to a Citrix-managed cloud StorageZone or a partner-managed on-premise StorageZone.
  • Then, the partner must total up the amount of used licenses from all the “paid” cloud tenants and the “paid” on-premise tenants. The reason for separating the used license count by storage type is because they have different reporting SKUs (and subsequent partner price).
  • Please consult with your preferred Citrix Distributor for reporting SKUs and their pricing, which will be based on the Content Collaboration tenant’s storage type.


  • No Related Posts

Notice-of-Change Announcement for Version 10.5 of the Citrix ADC Operating System

Software Solution Disclaimer

This package contains a software solution that has been replaced by a more recent version available for download from the Citrix support website (support.citrix.com). It is provided merely for your convenience. Citrix recommends applying the most up-to-date version of the software, which addresses the fix or enhancement being targeted. Later versions of the release may include multiple changes that address different areas including security vulnerabilities, code fixes, and enhancements. Installation of this software should only be performed on test or developmental environments. This software is not supported and is provided “AS IS.” You are solely responsible for your selection and use of the software. Any reported issues will require the most current revision of the software (http://www.citrix.com/English/SS/supportThird.asp?slID=5107&tlID=1861652). Please visit our security site for additional security notices and information (support.citrix.com/securitybulletins ).



  • No Related Posts

DPA: Data collection for NetWorker Server fails, “Error running jobquery against”

Article Number: 485562 Article Version: 4 Article Type: Break Fix

Data Protection Advisor 6.3,NetWorker 9.0.1,NetWorker 9.0.50

Data collection for the NetWorker job monitor is failing with the error:

Error running jobquery against the server
User-added image

Within the dpaagent.log the following errors are seen as well:

com.base.os – cfindpath(): couldn’t find file jobquery.exe

com.base.runcmd – csystemopen(): cannot find jobquery.exe in path

agent.mod.nsr – nsrRunQuery(): error running jobquery against server “NetWorker_Server

When NetWorker 9 is monitored using local agent all the required binaries will be present.

But if monitoring NetWorker 9 from a remote agent that is either by App Server or Datastore Server or Proxy Server, having the NetWorker 9 client binary is not enough for the data collection to run.

In NetWorker 9 the client no longer contains the jobquery binary, which is required by the DPA agent.

NetWorker Client or Extended Client was not installed or incorrect version was installed or the NetWorker binaries where damaged/missing on the DPA Remote Agent server.

NetWorker server was upgraded from 8.x to 9.0.x.

Install the NetWorker Extended Client package on the remote agent and restart the DPA agent service.

Check the data collection of NetWorker and it should start to work fine. If the issue still presents, contact EMC Technical Support for assistance.

DPA is able to monitor NetWorker 9.x either from an Agent running on the backup server or remotely using an Agent running on the DPA Server or any other remote computer in the environment. If monitoring NetWorker 9.x remotely the NetWorker 9.x Client and Extended Client packages must be installed on the agent system.

The NetWorker Data Collection requests uses commands such as jobquery and nsradmin to communicate with the NetWorker server which are included in the NetWorker Client and Extended Client packages. These requirements are documented in the DPA Installation and Administration Guide:

If you are monitoring NetWorker and later remotely, install NetWorker Client and NetWorker Extended Client. The NetWorker 9 Client and Extended Client must be installed on the DPA Agent host. If you have a previous version of the NetWorker Client, then you need to upgrade. If you are monitoring older versions of NetWorker, use the NetWorker 9 Client and Extended Client to monitor those other versions if the DPA Agent is used to also monitor a NetWorker 9 Server.


  • No Related Posts

SEP 14.x does not allow users’ registry to dismount after logoff

I need a solution

I’ve had this issue for quite some time and surprised no one else has noticed this bug.

After about a day of running SEP, when I look in Regedit under HKEY_USERS I’ll see everyone’s hive who has previously logged into the Windows Server 2016/XenApp 1808 VM’s.  If these users attempted to return to the affected VM, they would be denied logging in until their hive was dismounted.  The bug is able to suvive a reboot.

This issue seems to manifest when the Symantec registry key LaunchSMCGui is set to zero.

I used to temporarily mitigate the problem by running SMC -Stop and SMC -Start but this no longer works in 14.2 MP1.  SEP 14.2 would cause my XenApp VM’s to BSOD a lot.



XenApp/XenDesktop 7.X : Basic Powershell Cmdlets for Delivery Controller’s Health Check

Please run the following command to do a Delivery Controller’s health check from an elevated powershell window:

To load the Citrix modules run asnp citrix*

1. Run Get-BrokerController to list the information about all the Delivery Controllers in the site.

Note down the SID of the controller and match it with the SID value in the chb_configcontrollers XenApp/XenDesktop Site database table (Browse to the database for your XenDesktop environment, expand tables and then check for the table by the chb.config controller)

Also ensure that the status of all the Delivery Controllers is “Active”

2. To check the service status of all the Citrix Services , run the following command:

Get-command get-*servicestatus

Copy all the values in ‘Name’ and paste it in the next command line

OUTPUT: Service status should come up as ‘OK

3. To measure the number of instances getting registered from the controller with the database:

Get-ConfigRegisteredServiceInstance | measure

OUTPUT: Will give the consolidated number. (With every version we have few new services and instances which get added, i.e, with 7.6 we have 49 instances. If you have 2 controllers in the environment then the value will come up to be 49*2=98)

4. For environment where we have separate databases for Logging and Monitor service, the following command can be run to check the status:

(In case you have a single database for Ste, Monitoring and Logging the String value will be same. For environment with different databases, the string value will be different for Logging and Monitor datastore)



5. To check the connection string which connects the Delivery Controller uses to communicate to the site database, run the following command:


OUTPUT: Server= SQL Server name;Initial Catalog=Name of the XenApp/XenDesktop database

6. Run the following command to verify the installed db version for all the services. Example for Broker Service run:


Similarly, you can check for the other services as well:


Get-AnalyticsInstalledDbVersion and so on.

You will get the list of Citrix services from Get-command get-*servicestatus as stated earlier.

7. To check the Connection strings in the registry, browse to the following location and check the value of the connection string:


This can as well be checked for all the services installed:

Browse to the following location and verify the value for the Connection String:

HKLMComputerHKEY_LOCAL_MACHINESOFTWARECitrixXDServices”Service name”DatastoreConnections

8. Run the below cmdlet to test Database connectivity of individual Citrix Services.


Test-BrokerDBconnection “<connection strings>”

Test-ConfigDBConnection “<connection strings>”


“Error 1722 . There is a problem with the Windows Installer package” on Provisioning Services

  • Reinstall PVS Server Console from the PVS Server 5.0 Service Pack 1a installation files.

    SOLUTION 2: To resolve the issue, disable the group policy using the following steps:

    1. Logon to the system (Administrative Privileges is required).

    2.Open Windows Control Panel.

    3.Search for Group Policy.

    The search results display a link to the “Local Group Policy Editor”.

    4.In the editor, go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Application Compatibility

    5.In the right pane, right-click Turn off Windows Installer RDS Compatibility and select Edit from the drop down menu.

    6.Select the Radio Button Enable.

    7.Click OK.

  • Related:

    How to troubleshoot Virtual Delivery Agent (VDA) Registration issues

    Citrix Virtual Apps and Desktops, formerly XenDesktop, fits the enterprise need to bring both VDI and apps into a user-centric experience.

    Citrix Virtual Apps, formerly XenApp, fits the enterprise need to bring legacy apps into a cloud management environment.

    This article contains information about troubleshooting Virtual Desktop Agent Registration with Controllers in Citrix Virtual Apps and Desktops.


    In order to broker connections to Virtual Machines, the Delivery Controller (on-prem)/ Connector (Cloud) relies upon an installed software component on each virtual machine – the Virtual Desktop Agent (VDA) – being in communication with one of the controllers/connectors in your site. This state is referred to as the VDA being registered.

    Note: This article applies only to 7.X versions.


    XenApp/XenDesktop: Application Launch Gets Stuck At “Connection Established. Negotiating Capabilities” For A Few Minutes Minute And Then Closes Out.

    • XenApp/XenDesktop: Application launch gets stuck at “Connection Established. Negotiating Capabilities” for a few minute and then closes out.
    • In Citrix Studio the session is found in Prelogon State.
    • Csrss.exe and winlogon.exe get created for that session till the time it is stuck at “Connection Established. Negotiating Capabilities” and then once the windows disappears, winlogon.exe and csrss.exe for that session also close out.
    • In CDF Trace collected from VDA side ConnectionFailure’s are seen.

    52719,1,2018/07/05 11:26:07:36798,2860,1740,1,BrokerAgent,,0,,5,EntryExit,”=========>>>>> StackManager.NotifySessionEvent(09b84615-b5bc-4235-b19e-9a18192ea3ad): Enter(SessionEvent:SESSION_EVENT_TERMINATE, SessionReasonCode:SESSION_EVENT_REASON_CONNECTION_FAILURE, rdsCalId:0)”,””

    52745,1,2018/07/05 11:26:07:39686,3880,1740,1,DirectorVdaPlugin,,0,,5,EntryExit,”OnPrepareSession: [SessionKey=09b84615-b5bc-4235-b19e-9a18192ea3ad, TerminateReasonCode=ConnectionFailure]”,””

    • In the Application Event logs Error 4005: The Windows logon process has unexpectedly terminated is logged.