Failed to launch session with the error code “Your session ‘AppName’ did not launch successfully due to error code 3505. Please contact your administrator for more information about the error.” on Citrix Workspace App During App/Desktop Launch

This article is intended for Citrix administrators and technical teams only.

Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information.

When launching an application or desktop session using Citrix Workspace App, the session fails to launch with the error code “Your session ‘AppName’ did not launch successfully due to error code 3505. Please contact your administrator for more information about the error.”

Related:

  • No Related Posts

Failed to launch session with the error code “Your session ‘AppName’ did not launch successfully due to error code 3500. Please contact your administrator for more information about the error.” on Citrix Workspace App During App/Desktop Launch

Causes and Solutions

Cause 1: For Multi-session OS machines, the VDA machine is reaching the maximum load you specified in one of following load management policies:

  • Maximum number of sessions
  • CPU usage
  • Disk usage
  • Memory usage
  • Memory usage base load

Solution 1: Please confirm if the VDA Server has reached the settings you specified in above HDX policies. This can be checked:

  • Using Citrix Director: Trends => Load Evaluator Index tab.
  • Using PowerShell:
Get-BrokerMachine |Select DNSName, LoadIndex, LoadIndexes

When troubleshooting the issue, please consider:

  • Logging off idle or disconnected sessions
  • Increasing the number of VDA servers hosting the published resource to the Delivery Group.
  • Resolving the performance issue on the VDA server if it is running into performance problems.

Cause 2: The Random single-session OS or multi-session OS machine the user is connecting to is in maintenance mode.

Solution 2: Please turn off Maintenance Mode for that machine from Citrix Studio or PowerShell cmdlet:

Set-BrokerMachineMaintenanceMode -InputObject <domainname><hostname> $false

Cause 3: The user attempts to launch an app or desktop in Citrix Workspace app after access to the resource in the Delivery Group has been removed, but before the user has refreshed avaialbe apps in Citrix Workspace app.

Solution 3:

  • If Citrix Workspace app Self-Service Plug-in is disabled by Manage SelfServieMode policy , right click the Citrix Workspace app icon in Windows notification area and click Refresh.
  • From the Citrix Workspace app, click the user name, in the dropdown list, and click Refresh Apps.

Cause 4: The VDA machine to host the HDX session is not registered to any of the Delivery Controller servers in the site.

Solution 4: Please refer to How to Troubleshoot Virtual Delivery Agent (VDA) Registration issues to resolve VDA registration issue.

Cause 5: There are insufficient random/non-persistent Windows desktop VDA machines available for the user to successfully launch one.

Solution 5: Please power on more VMs in the Delivery Group or add more VDA machines to the Delivery Group.

Cause 6: Pass-through authentication to Citrix Workspace app is attempted but the XML trust service is not correctly configured.

Solution 6: Please run the following PowerShell command as an administrator on the Delivery Controller:

Set-BrokerSite -TrustRequestsSentToTheXmlServicePort $True

Cause 7: SSL related registry settings under “HKLMSYSTEMCurrentControlSetControlTerminal ServerWdsicawd” are rolled back to the default values after installing CU on VDA 1912 LTSR. (This is problem only when HdxSslEnabled is true on your delivery group.)

Solution 7: Please refer to Configure TLS on a VDA using the PowerShell script and enable TLS with “Enable-VdaSSL.ps1” on VDA. This is a bug. Investigation is in progress under CVADHELP-17421. Please contact technical support if you need help.

Related:

  • No Related Posts

On-screen keyboard in the endpoint pops up when the published desktop is launched

Add the below registry key for disabling the pop-up and reboot the machine –

Location: HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixICA ClientEngineConfigurationAdvancedModulesMobileReceiver.

Name: DisableKeyboardPopup

Type: Reg_Dword

Value: 1

Refer below documentation for more details –

https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/configure.html#printer

Related:

  • No Related Posts

Unable to access Storefront via WorkSpace through Citrix Gateway Vsrever and getting “Cannot contact server” error

Users will get ” Cannot contact server” error after entering the user credentials through Citrix Workspace.

In the CDF Trace logs, the below message will be seen:

———————————————————————————

2465 2 2020/08/14 11:45:14:73284 19268 16068 1 CitrixReceiver 0 9 Information [2020-08-14 11:45:14:734] [19268] [networklocation.cpp:593] Network location tracking disabled

Related:

Support statement on storage migration of MCS machines

Background :

Customers using XenDesktop Machine Creation Service (MCS) with VMWare, Xenserver or Hyper-v as hypervisor may want to relocate the desktops to another datastore for various reasons such as datastore running out of space or datastore performance. This article tells why Citrix does not support the datastore migration of VMs.

Reason :

During the MCS catalog creation :

MCS creates a Provisioning scheme which is associated to the HypervisorconectionID and storage ID, the storages which are defined under the hosting unit in the hosting tab on Studio console has those catalog IDs mapped, also all these information gets stored in the database during the creation of the catalog.

So if we go ahead and migrate those VMs and put them on a new storage, first of all DDC do not identify those VMs as our DB has those VMs mapped to other storage IDs and Provisioning IDs.

Even if we create a new host connection, we will not be able to map the existing Provisioning scheme with the new Hypervisor Connection due to limitation of Xendesktop Powershell SDKs.

1. When we create a MCS catalog HypervisorconnectionID and HostingUnitID gets mapped to the MCS catalog or Proviosning Scheme. Examples :

This is our Hypervisor connection which we created using studio under hosting tab :

User-added image

Can retrieve the same information using powershell using the following commands :

PS C:Usersadministrator.ANUJ>asnp Citrix*

PS C:Usersadministrator.ANUJ> cd xdhyp:

PS XDHyp:> cd .connections

PS XDHyp:Connections> ls

User-added image

Same goes to hostingunit :

User-added image

Using powershell :

Run the following commands :

PS C:Usersadministrator.ANUJ>asnp Citrix*

PS C:Usersadministrator.ANUJ> cd xdhyp:

PS XDHyp:> cd .hostingunits

PS XDHyp:Connections> ls

User-added image


2. Now we have to consider the Hypervisorconnection ID and HostingunitID From our example :

HypervisorConnectionName : XDHost

HypervisorConnectionUid : 4fcfdde4-6799-43d8-a7c1-4aec168889ce

HostingUnitName : XDresource

HostingUnitUid : a567b103-d54e-4dc8-9455-a04171c35d68

A. Run Get-ProvScheme to get an output of MCS created catalogs and match the hosting unit name and hostingunit ID :

User-added image

b. Prov scheme or MCS catalog created with that Hosting resource should show the same ID.

3. One more alternate to check the same thing using VMs identity :

PS XDHyp:HostingUnits> Get-ProvVM -VMName “PVD2″(PVD2 is the machine name)

User-added image

Take the output and compare with above IDs.

If the IDs matches, we will get to know the machines are associated to these storages, and there is no way to change these IDs using commands or GUI.

Note : Modifying the DB tables using DB queries are not supported.

Work Around currently available:

  1. If it is a case of MCS Random catalog, we strictly recommend to create a new catalog with the available master image.
  2. If it is a MCS Dedicated catalog , we can remove the machines from the catalog (via Studio, this operation will delete the machine’s entry from the XenDesktop database), leave them in hypervisor and their machine accounts on active directory, we can now use the same machine to create a new catalog (non MCS/PVS) and import those machine in this catalog. (You can also add these machines to an existing non MCS/PVS catalog).
  3. If it is a case of MCS with PVD machines, we can go through backup and restore process as per http://docs.citrix.com/en-us/xenapp-and-xendesktop/7/cds-manage-wrapper-rho/cds-about-personal-vdisks/cds-manage-personal-vdisks.html

Note :

This documentation is only valid for MCS not PVS or any 3rd party technology to add machines into the catalog.

Related:

How to Remove Files Remaining on System after Uninstalling Receiver for Mac

After uninstalling the Receiver and rebooting the system, ensure that the files or folders listed in this section have been removed from your system. If they still exist, remove them manually.

  1. /Applications-

    Citrix Receiver.app

  2. /Library

    – /Internet plug-ins/CitrixICAClientPlugIn.plugin

    – /LaunchAgents/com.citrix.AuthManager_Mac.plist

    – /LaunchAgents/com.citrix.ServiceRecords.plist

  3. /Users/Shared

    – /Citrix/Receiver Integration (entire folder)

  4. ~/Library

    – /Internet plug-ins/CitrixICAClientPlugIn.plugin

    – /Application Support/Citrix Receiver

    – CitrixID

    – Config

    – Module

    – /Preferences/com.citrix.receiver.nomas.plist

    – /Preferences/com.citrix.receiver.nomas.plist.lockfile

    – /Preferences/com.citrix.ReceiverFTU.AccountRecords.plist (added in 11.6)

    – /Preferences/com.citrix.ReceiverFTU.AccountRecords.plist.lockfile (added in 11.6)

  5. ~/Applications

    – Under this folder, you can delete any applications you previously added via the Receiver UI.

  6. /private/var/db/receipts

    – com.citrix.ICAClient.bom

    – com.citrix.ICAClient.plist

Important Notes

  • A tilde (~) placed at the beginning of a folder path refers to that folder’s location within the user profile. For example, ~/Library/Preferences/ refers to the Preferences folder within the user’s Library folder (e.g. /Users/<username>/Library/Preferences/). A path without a tilde refers to the system-wide version of that folder at the root of the system (e.g. /Library/Preferences/).

  • Note that certain folder mentioned in the list can be hidden directories on the system.

  • It is important to remember that certain items mentioned in this article might not exist on your system depending on the Receiver version(s) you previously installed.

Follow Me Data Notes

In version 11.6, the Follow Me Data feature is integrated into the Citrix Receiver for Mac. The files and folders that are compatible with this feature are listed.

You can remove the files that were not properly cleaned up by the uninstaller. You can also keep the user data that was previously synchronized on your system by Follow Me Data.

  1. The following locations should be cleaned up after running the uninstaller utility:

    – ~/Applications/Citrix/FollowMeData (this is a hidden folder that contains the application binary)

    – ~/Library/Application Support/ShareFile (contains user specific configurations)

    – /Library/PreferencePanes/FMDSysPrefPane.prefPane

  2. Installation information files that are okay to remove after uninstall:

    – /private/var/db/receipts/com.citrix.ShareFile.installer.plist

    – /private/var/db/receipts/com.citrix.ShareFile.installer.bom

File not cleaned up during uninstall that you may or may not want to delete depending on your needs:

– ~/ShareFile (contains the user data synchronized by Follow Me Data)

– /private/var/db/receipts

– com.citrix.ShareFile.installer.plist

– com.citrix.ShareFile.installer.bom


If you are Unable to find the Citrix WorkSpace App running on your MAC and if you want to forcefully quit

Press Cmd + Alt + Escape to see the Force Quit Applications menu.

This will show running apps, and lets you force-quit them if necessary – just highlight the Citrix WorkSpace App and click Force Quit.

Related:

Citrix Director Displays “In Supplemental Grace Period Time until grace expires”

The site went over the number of licenses about 9 days ago which triggered the Supplemental Grace Period.

According to the Citrix Documentation: https://docs.citrix.com/en-us/licensing/11-14/technical-overview.html

“If all licenses are in use, the supplemental grace period enables users to connect to a product for a limited period of time allowing you to address the issue. The default supplemental grace period is 15 days. During this period there is no limit on connections. After it expires, normal (to the extent of license availability) connection limits are enforced. Users are not disconnected, but as they disconnect, no new connections occur until license levels return to normal. Supplemental grace periods are granted per product and edition and per Subscription Advantage Eligibility date (per product) and only for Retail licenses. For example, if you have two clients requesting XenDesktop Enterprise Concurrent, with different Subscription Advantage Eligibility dates, two supplemental grace periods are granted. Rearming the supplemental grace period – When you take corrective action (for example, installing an additional Retail license), the supplemental grace period is rearmed, and normal license limits are enforced again. If you take action while the supplemental grace period is in force, the License Server exits the supplemental grace period before rearming. When the supplemental grace period is rearmed, you can trigger a new 15 day supplemental grace period the next time you go over the license limit.”

So this behavior is normal and the only way to turn this off would be to follow –

1) Go To:C:Program Files (x86)CitrixLicensingMyFiles

2) Open the file: “CITRIX.opt” with Notepad.

3) At the bottom of that file, add

“#CITRIX SGPOFF”

4) Save

5) Restart all Citrix Services (or Reboot)

to remove supplemental all together or to add new license files.

It is worth noting that the Supplemental Grace Period is normal when a user goes over the allotted number of Citrix license. It is also normal for the error to show up in Director even after no SGP licenses are being used. The SGP is a one time grace period that last 15 days. After this there can be no more SGP licenses applied to uses but normal ICA licensing will occur. The idea is that you have 15 days to correct the issue before the SGP and only the SGP licenses expire. The only way to rearm is to buy more.

Related:

How to update RAM or CPU within MCS Catalog

To change RAM size for a catalog follow these steps.

1. Load Citrix snappin:

asnp citrix*

2. On XenDesktop Controller Server, run the command to validate the name of the catalog and memory size:

Memory size in the example is 2048

Get-ProvScheme “Name of Catalog to Modify RAM”

User-added image
3. Change the RAM size of the catalog by running the command:

Set-ProvScheme -ProvisioningSchemeName MCS-Windows7 -VMMemoryMB 3072

User-added image

Additional Notes:

  1. Before modifying the catalog on Citrix Studio, all the virtual machines running on the hypervisor associated to the catalog has to be manually updated to the new allocated RAM.
  2. Manually update the master image to reflect the new changes.
  3. All new machines created from the catalog will be allocated with the new memory size.

Related:

How to Install, Configure and Use Citrix Receiver For Windows 4.6

Installation and Configuration

  1. Navigate to https://www.citrix.com/go/receiver.html in a web browser, then click Download Receiver. The newest version available would be Receiver 4.6.
    User-added image

  2. Find the downloaded file and launch it.

  3. Check the box next to “I accept the license agreement”, then click Next.

  4. Choose whether to enable single sign-on. Single sign-on remembers the user’s credential for the device, so the user can connect to other Citrix applications without logging on. Then begin the installation.

    User-added image

Configuration and Logging on

  1. After installation, you will find the receiver icon on the toolbar. Right click on it and select Open.

  2. You can choose to enter either the corporate email address if IT team has configured the address, or the server address provided by IT. Then click Add.

    User-added image

  3. Then enter the domain user name and password, then choose Log On.

    User-added image

Using Citrix Windows Receiver

Citrix receiver interface is now loaded, and all the resources can be seen from StoreFront.

  1. Click FAVORITES to view the desktops and apps you added to FAVORITES
    User-added image

  2. You can also view the assigned desktops by clicking the DESKTOPS
    User-added image

  3. Then click Details; You can add these desktops to FAVORITES, open and restart the desktops.
    User-added image

  4. After clicking APPS, you can view all available applications.
    User-added image

  5. Click Details to add the applications to FAVORITES and open the apps.
    User-added image

Citrix Receiver for Windows provides users with secure, self-service access to virtual desktops and apps provided by XenDesktop and XenApp. Apart from using the windows receiver interface, users can also use the receiver with storefront from the website.

User-added image

Secure User Environment

To maximize the security of the environment, the connections between Citrix Receiver for Windows and the resources you publish must be secured. You can configure various types of authentication for Citrix Receiver for Windows software, including smart card authentication, certificate revocation list checking, and Kerberos pass-through authentication.

1. Configure domain pass-through authentication

To enable domain pass-through using the graphical user interface:

  1. Locate the Citrix Receiver for Windows installation file (CitrixReceiver.exe).

  2. Double click CitrixReceiver.exe to launch the installer.

  3. In the Enable Single Sign-on installation wizard, select the Enable single sign-on checkbox to install Citrix Receiver for Windows with the SSON feature enabled. The image below illustrates how to enable single sign-on:

    User-added image

2. Configure domain pass-through authentication with Kerberos

Citrix Receiver for Windows supports Kerberos for domain pass-through authentication for deployments that use smart cards. Kerberos is one of the authentication methods included in Integrated Windows Authentication (IWA).

When users install Citrix Receiver for Windows, include the following command-line option: /includeSSON. This option installs the single sign-on component on the domain-joined computer, enabling Citrix Receiver for Windows to authenticate to StoreFront using IWA (Kerberos). The single sign-on component stores the smart card PIN, which is then used by the HDX engine when it remotes the smart card hardware and credentials to XenDesktop. A related option, ENABLE_SSON, is enabled by default and should remain enabled.

To apply the settings, restart Citrix Receiver for Windows on the user device. After that, users also need to configure StoreFront:

  1. In the default.ica file located on the StoreFront server, set DisableCtrlAltDel to false.
  2. When you configure the authentication service on the StoreFront server, select the Domain pass-through check box. That setting enables Integrated Windows Authentication. You do not need to select the Smart card check box unless you also have non domain joined clients connecting to Storefront with smart cards.

3. Configure smart card authentication

a. To enable single sign-on for smart card authentication

To configure Citrix Receiver for Windows, include the following command-line option when users install it: ENABLE_SSON=Yes. Single sign-on is another term for pass-through authentication. Enabling this setting prevents Citrix Receiver for Windows from displaying a second prompt for a PIN.

b. To enable user devices for smart card use

  1. Import the certificate authority root certificate into the device’s keystore.
  2. Install your vendor’s cryptographic middleware.
  3. Install and configure Citrix Receiver for Windows.
  4. Details on certification installation can be found here in – https://docs.citrix.com/en-us/citrix-workspace-app-for-windows/system-requirements.html

​c. To change how certificates are selected

Change how certificates are selected by using either of the following methods:

  1. On the Citrix Receiver for Windows command line, specify the option AM_CERTIFICATESELECTIONMODE={ Prompt | SmartCardDefault | LatestExpiry }.
  2. Add the following key value to the registry key HKCU or HKLMSoftware[Wow6432Node]CitrixAuthManager: CertificateSelectionMode={ Prompt | SmartCardDefault | LatestExpiry }.

d. To use CSP PIN prompts

Change how PIN entry is handled by using either of the following methods:

  1. On the Citrix Receiver for Windows command line, specify the option AM_SMARTCARDPINENTRY=CSP.
  2. Add the following key value to the registry key HKLMSoftware[Wow6432Node]CitrixAuthManager: SmartCardPINEntry=CSP.

4. Enabling certificate revocation list checking

When certificate revocation list (CRL) checking is enabled, Citrix Receiver checks whether or not the server’s certificate is revoked. By forcing Citrix Receiver to check this, users can improve the cryptographic authentication of the server and the overall security of the TLS connection between a user device and a server.

Advanced Preferences

Users can right click on the receiver icon on the toolbar and select Advanced Preferences to view an advanced preferences list like the picture below.

User-added image

  1. The Citrix Connection Center displays all connections established from Citrix Receiver. The Connections window displays a list of active sessions. Each server entry in the list represents a session. For each seamless session, below each server entry, a list of the hosted resources you are running on that server appears. The Connection Center offers various options to view statistics and control sessions and applications.
    User-added image

  2. Resetting receiver will delete all apps, desktops, accounts and configurations, and will return receiver to default settings. It will also close all active sessions. This feature will only be used to serious problems.

  3. When users click Settings Options in the advanced Preferences menu, users then will have 2 tabs. Users can choose the application display settings and reconnect options in this two tabs.
    User-added image

  4. If users delete the passwords, users are asked for the password the next time they log in.

  5. Data collection is designed to ask users whether they agree to send anonymous data and usage statistics to Citrix, which help Citrix to provide better products.

  6. Starting with Release 4.5 of Citrix Receiver for Windows, Configuration Checker helps users to run a test to ensure Single sign-on is configured properly. The test runs on different checkpoints of the Single sign-on configuration and displays the configuration results.

    User-added image

When users log in to the Citrix Receiver for Windows, users can launch a published desktop session. From the Desktop Viewer toolbar, users can select Preference to configure some preferences.

  1. When click File access, users can choose the way that they want to use to access files on the computer. It contains 4 ways: read and write, read only ,no access and ask me each time.

    User-added image

  2. When comes to the connection part, users can choose how devices, including microphone, webcam, digital camera and scanner, will connect to the virtual session. Also, there is a Relative Mouse setting providing an option to interpret the mouse position in a relative rather than an absolute manner. This capability is required for applications that demand relative mouse input rather than absolute.
    User-added image

  3. The display part provides a choice about the way the virtual desktops display. We recommend our users to use the Best Resolution since this kind of resolution will fit the screen perfectly automatically.
    User-added image

  4. The flash part provides a choice about whether user want to optimize the content of flash player. If users optimize content, the playback quality will be improved but the security will be reduced. If not, just basic playback quality will provided but with high security.

    User-added image

Related: