Category Archives: Citrix

Start IE in lock down mode

When we publish a website URL via Citrix, we always to lockdown the website user can access.
The easiest way is to use IE lock down mode. To enable lock down mode is simple, you only need to add “-p” parameter.
For example,

Then when user start the application, they will get a full screen IE with no addressbar, no bottons.
But please be aware that, in lock down mode there is no exit botton, so User need to press ALT+F4 to close IE.

Is there any better option?
Yes, you can use below script:

Then publish “IE.vba”

disable or enable Citrix License Management Service


-enable enables license management. The first upload to Citrix occurs seven days after you install the License Server.

-disable disables license management. We recommend that you use the License Management Service to manage your licensing environment.

-query displays the current configuration.

Citrix Netscaler VPX high CPU usage? almost 100%

I’m running a Citrix Netscaler VPX in my lab, and I just noticed that even though there is no connection, the CPU usage for this VPX is 100%.

You can change this behavior by doing the following:

On the left, go to System > Settings.

On the right, in the bottom of the second column, click Change VPX Configuration Settings.

Change the CPU Yield drop-down to YES, and click OK.

After making this change, you can see an immediate drop-off in CPU consumption.

Understanding Citrix Performance Issues

Bottleneck: provisioning services. Customers note there is excessive Network I/O and CPU utilization.
Bottleneck: vDisk fragmentation or server virtual instances. Customer notes there is excessive page file utilization and disk I/O.
Bottleneck: delays mounting new vDisks. Check for excessive Network and Disk I/O on delivery controllers.
Bottleneck: delivery controllers. Check for excessive historical CPU utilization.
Bottleneck: slow application enumeration. Check for excessive disk and network I/O on the data collectors.
Bottleneck: slow session creation noted within the director console: Check for historical CPU and Memoyr consumption, consider adding VCPU and memory when/where needed.
Bottleneck: higher than expected user logons. Check for high CPU and/or network utilization (not historical but may trend at random intervals). Add processing or new delivery controller if necessary to handle the expected loads.
Bottleneck: issues with local host cache (LHC). Disk and Page File I/O in excess can cause unanticipated issues with LHC. Alert and adjust when/where needed.
Bottleneck: Processor intensive apps. Check questionable servers for larger disk I/O and page file utilization. Consider adding more VCPU’s and/or memory to offset the demand on disk and page file.
Bottleneck: vDisk and/or Provisioning Services. Check for higher than normal CPU and/or Memory consumption as a deficiency will slow down the loading of vDisks and caching via Provisioning Services (PVS).
Bottleneck: Web interface authentication. Consider adding more memory and looking at network utilization trends. It may be necessary to either add more memory or to add an additional WI to your GSLB URL.
Bottleneck: slow PXE and vDisk. Check for memory and/or network utilization and consider addresssing depending on noted trends.
Bottleneck: target device latency. Check CPU and network I/O for spikes and/or trending issues.

Use a Specific SQL Port with XenDesktop

Citrix Error: The connection to *** failed with status 1030

In most situation, if you get this error, it means that there are some configuration errors in your Citrix environment. You can refer to below Citrix article for more information.

But, this week when we tried to renewal our netscaler certificate, we got a problem that:
1. Windows Machines works well with the new certificate. End users can start their VDIs with out any problem;
2. Windows Thin client which is running Windows Embedded XP can’t start VDI. They always got the error code’1030′
3. Some Linux thin client users can start their VDI, while some of them can’t. For who can’t start their VDI they got an error message said that S’SSL error’

Finally, after two days investigation, we fixed this issue.

1. Use Symantec SSL toolbox to scan the certificate installed on our server. We found below error message

It means that for some old client, they may get problem without the chain. So download the chain and put it into the certificate on Netscaler.

2. After we fixed the chain issue, our thin client still can’t connect. And we found that for the thin client which is running Citrix Receiver 13.1, it can connect. And then we checked Citrix Receiver version changelog and we found

Well, that’s the key point. For thin client have, they are still using citrix online plugin 11.2 or Citrix Receiver 13.0 for Linux.
So we changed our certificate to SHA1, and all works.

The next step is to upgrade Citrix Receiver to the latest version on all Thin Client and then deprecation SHA-1 certificate and moving to SHA-2.