Computer config > Administrative templates > Windows components > Remote desktop services >Remote desktop Session host >Security:
2. Allow prompt for password upon connection= disabled
2. Calculate the video memory that is required for monitors using the following formula:
Note: This formula is specific to VDA version 7.11. SumOfAllMons (Width * Height) * 4 / 0.3, where width and height are resolution of the monitor.
For VDA 7.9 and earlier, refer http://support.citrix.com/article/CTX200257
Example: Consider the resolution of monitor 1 is 1920*1200 and monitor 2 is 1366*768.
Then SumOfAllMons will be (1920*1200 + 1366*768).
Note: There is no hard and fast rule that will work for all cases as composited desktops have random overhead in video memory so we have to allocate additional memory for this overhead.
To get a visualization of the video memory required and size up the MaxVideoMemoryBytes for your specific environment, download sysinternals process explorer and observe the GPU Dedicated Memory graph (View > System Information, or Ctrl+I >GPU tab) inside an active Citrix connection:
3. Open the registry (regedit) and navigate to:
4. Increase the value of “MaxVideoMemoryBytes” REG_DWORD value to the above calculated memory.
5. Reboot the VDA.
Note: The MaxVideoMemoryBytes key(s) should only be used in conjunction with the “Citrix Systems – WDDM Display Driver”. If the “Citrix Display Only Adapter” is in use then these keys should not be set as memory is allocated dynamically.
Location: HKEY_LOCAL_MACHINESOFTWAREWow6432NodeCitrixICA ClientEngineConfigurationAdvancedModulesMobileReceiver.
Refer below documentation for more details –
“There was an error adding user accounts in the Administrators local group to the CitrixStorefrontAdministrators local group. See the log files described in the article ‘Troubleshoot Storefront’ in the Storefront product documentation. Try adding these user accounts manually, then reboot the server and re-run the installer.”
From the Storefront installer log file, could see following exceptions:
Actions in Outlook, such as sending/receiving mail result in changes to the Outlook search index database. This data is stored in the Windows search index database: Windows.edb.
This is a machine-based file, which means it holds search index data for all users logging onto the machine. If a user launches an Outlook session (or opens Outlook in a desktop session) on a VDA machine that they haven’t access previously or haven’t accessed for a while, the Outlook search index has to be rebuilt in Windows.edb. Outlook searches have to wait until re-indexing finishes. The location of the Windows search index database is typically: C:ProgramDataMicrosoftSearchDataApplicationsWindowsWindows.edb
We can see this design in the image below:
Behavior using VHDX-based Outlook cache and Outlook search index on a user basis
The Profile Management 7.18 release introduced a feature to address these Outlook-related performance challenges.
To explain we’ll use the same user as above, but logging on to a 7.18 version VDA for the first time.
During the Profile Management logon, the user’s Outlook-related search index is split out of the Windows search index database (Windows.edb) and written to a VHDX file created at:
The remote VHDX file is then mounted locally in the user’s local profile at:
From this point, the user has their own profile-based version of the Outlook search index database. Within the Search.vhdx mount-point folder, the Outlook search index database is named < userSID>.edb
The Outlook .OST file is converted into a VHDX file and stored at:
The remote VHDX file is then mounted locally in the user’s local profile at (default):
During the Outlook session, changes to the Outlook search index and Outlook .OST are made directly to their respective VHDX files over SMB.
The feature also requires additional registry settings to be created. Read the Registry Changes section for further information.
When the user logs off the session, both VHDX files are unmounted from the local profile. Because the VHDX files had been mounted over SMB, no synchronization is required at Profile Management logoff. The additional registry settings are synchronized to the user’s profile store (or before if the Active Writeback Registry feature has been enabled).
Feature Enhancements introduced in Citrix Virtual Apps and Desktops 1808
The Profile Management 1808 release Outlook search index feature supports groups explicitly excluded through the Profile Management Excluded Groups policy as well and groups implicitly excluded through the Profile Management Processed Groups policy (see Feature Limitations for further information).
This release also introduced support for Windows 10 1803.
When publishing an application, only the main executable file is specified. However, some applications might spawn additional processes that run in the background and are not closed by the corresponding main executable file. Additional processes might also be created, from scripts that are executed, or from specific registry keys, such as the RunOnceKey:
Some processes might create a visible window for added functionality, and others might not.
Because the Explorer.exe Desktop is not running when launching an application in one of these ways, there is no default mechanism in either Presentation Server or Windows to terminate these background processes when a user has exited the main application.
Presentation Server has a hard coded list of what are considered ‘System’ type secondary processes that are checked for and terminated once all user application processes have terminated, these include:
Note: To specify additional processes specific to your environment, see the Solution section of this article.
Examples of Secondary Processes
Cwbprovd.exe is a process initiated by IBM Client Access. If you have IBM Client Access on your system and observe the same behavior as stated above, complete the following tasks:
Verify the sessionID, which is experiencing this issue.
Before logoff, type the following command from the command prompt to manually kill Cwbprovd.exe:
kill cwbprovd.exe session id
Gracefully exit the published application.
The Cwbprovd.exe process (among two other processes) is being launched at logon by IBM Client Access (even if you do not run it) through the following registry key:
Contact IBM for a utility called CWBCFWTS to remove these processes from the registry.
Note: Servers running IBM’s Client Access Express ARE NOT known to exhibit this behavior.
Proquota.exe is a process initiated by having a Windows 2000 policy, Limit Profile Size, enabled. This might conflict with the Seamgr.exe process. Manually terminating either of these two processes temporarily fixes the problem and allows the session to reset. This issue is resolved by installing Service Pack 2 for MetaFrame 1.8 for Windows 2000.
Sxplog32.exe is a process initiated by the Software Delivery Agent by Computer Associates and can be found in the userinit value of the winlogon registry key. Manually terminating the process temporarily fixes the problem and allows the session to reset.
Etlits.exe and Entell50.exe are processes initiated by Entrust 6.1 and can be found in the userinit value of the winlogon registry key. Manually terminating the process temporarily fixes the problem and allows the session to reset.
Wisptis.exe is a process that runs as a system service that provides pen-data collection for other components of the SDK. When a component needs to interact with the pen (for example, to collect ink or to detect gestures), this executable is spawned as a service to communicate directly with the input device. On a Tablet PC, Wisptis.exe interacts with the digitizer, whereas on a desktop it interacts with the mouse as well. The executable’s name is an acronym that references an outdated internal name for the team that developed it (Windows Ink Services Platform Tablet Input Subsystem). You cannot remove wisptis.exe by renaming or deleting it: Windows File Protection would reinstall the file the next time Adobe Acrobat 6.0 started. In general, the ways in which wisptis.exe can get installed on the system are by installing Journal Viewer using the Windows Update or installing Microsoft Office 2003.
If a starting program was specified under the Environment tab in the User Account Properties and if the ICA pass-through Client had pass through authentication enabled, Ssonsvr.exe was running in the ICA session of the user. When the user exited the application (specified in the Environment tab in User Account Properties), the ICA session could not be logged off; the administrator had to manually stop the Ssonsvr.exe process. The thread that caused the Ssonsvr.exe process to exit when the user logged off from the application was not being started.
Now the thread that causes the Ssonsvr.exe process to exit is started when the user logs off from the application.
From Hotfix XE103W2K030:
Group Policy was modified on the Cloud Connectors restricting kerberos to only support encryption method AES128_HMAC_SHA1 & AES256_HMAC_SHA1
Kerberos session ticket being denied from the domain controller due to non-supported encryption type.
Error found in trace file: “KRB5KDC_ERR_ETYPE_NOSUPP”
When users attempt to open a MS Visio file from their local computer, the application fails to start with the following error: “App” failed to start. The Citrix server is unable to process your request to start this published application. Please try again. If the problem persists, contact your administrator.
On the VDA, we get error Event ID 1480: Failed to launch application App with command line ‘”C:Program Files….” ‘ on client ‘xxx’ for domain/user ‘xxx’ in session ‘x’. Ensure that the application is installed and that the user has permission to launch it.
Confirm whether it is caused by the MDX encryption by turning it off and testing the affected apps. If issues/crashes no longer occur Citrix recommends utilizing the new Encryption Platform via the Encryption Management Feature.
Please note, MDX encryption is being deprecated in the coming months – Targeted Date: September 2020