Citrix policy gone after editing


Citrix policies are gone after editing.


Restore \\Domain\SYSVOL\domain\Policies\{UniqueID}\User\Citrix\GroupPolicy\Policies.gpf


VDA Redirector melding Citrix IE


I noticed in some environments that after installing XA650W2K8R2X64025 and HDXFlash200WX64001 for XenApp 6.5 The users are getting an popup in Internet Explorer about the VDAredirector.exe opening outside IE protected mode:

Citrix FTA, URL VDA Redirector - Security Warning

This program will open outside of Protected mode. Internet Explorer’s Protected mode helps protect your computer. If you do not trust this website, do not open this program.

Name: Citrix FTA, URL VDA Redirector Publisher: Citrix Systems, INC


After selecting “Do not show me the warning for this program again” and clicking on “Allow” i searched the registry and found the following key :

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFFC40A2-FFE2-4E6F-B179-3641561D4FCD}] “AppName”=”VDARedirector.exe” “AppPath”=”C:\\Program Files (x86)\\Citrix\\system32″ “Policy”=dword:00000003

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C1359F1-E04E-4231-9E7E-955DE92A17E1}] “AppName”=”redirector.exe” “AppPath”=”C:\\Program Files (x86)\\Citrix\\ICA Client” “Policy”=dword:00000003

Import these settings using Group Policy or using a Workspace management solution like RES or AppSense.


Enable WinRM for Windows Remote Shell


When you need to perform a remote CDF trace or would like to use the HDX monitor for remote monitoring you need to enable the Windows Remote Shell.


  1. Logon into the Windows console.
  2. Optional (For Windows Vista serve as remote server): Start the service “Windows Remote Management ” and set it for auto start after reboot.
  3. Write the command prompt : “WinRM quickconfig” and press on the “Enter” button.
  4. The following output should appear:

    WinRM is not set up to allow remote access to this machine for management. The following changes must be made:

    Set the WinRM service type to delayed auto start. Start the WinRM service. Create a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.

    Make these changes [y/n]? y

  5. After pressing the “y” button, the following output should appear:

    WinRM has been updated for remote management.

    WinRM service type changed successfully. WinRM service started. Created a WinRM listener on HTTP://* to accept WS-Man requests to any IP on this machine.


Hide Citrix vDisk icon


You like to hide the Citrix Provisioning vDisk icon form taskbar.


Create a new Dword key named “ShowIcon” and set the value to 0 in the following location:


You can also use the Group Policy to deploy the Registry key.


Install Citrix Receiver on Windows Embedded


Installing the Citrix Receiver on a Windows Embedded isn’t possible when using the default receiver.exe.


Extract the receiver using the following command: CitrixReceiverEnterprise.exe /extract [Destination_name]

Then install the individual MSI in the following order:

  • RIInstaller.msi
  • ICAWebWrapper.msi
  • SSONWrapper.msi
  • GenericUSB.msi
  • DesktopViewer.msi
  • CitrixHDXMediaStreamForFlash-ClientInstall.msi
  • PNAWrapper.msi
  • Vd3d.msi

When you need to remove the installer then uninstall in the following order:

  1. Vd3d.msi
  2. PNAWrapper.msi
  3. CitrixHDXMediaStreamForFlash-ClientInstall.msi
  4. DesktopViewer.msi
  5. GenericUSB.msi
  6. SSONWrapper.msi
  7. ICAWebWrapper.msi
  8. RIInstaller.msi


ICA Client File Security


When connecting to a Citrix application/Desktop and remote devices are allowed you will receive the following message:

 “A remote application is trying to access files on your computer. Do you want to give permission to do this?”


When you want this message to disappear for all users in your network, create a new file called Webica.ini with the following values:



Put the file on the client machine into the following location: <root directory>\Documents and Settings\<username>\Application Data\ICAClient or <root directory>\Users\<username>\AppData\ICAClient


The connection to “Desktop” failed with status 1030


When connecting to a Published App/Desktop when using NetScaler and StoreFront, you receive an error:  The connection to “Desktop” failed with status (1030).


Solution 1:

Make sure Session Reliability is disabled on de Secure Ticket Authority within StoreFront.

 Desktop failed with status 1030

After this the error is gone and the App/Desktop works like a charm.

Solution 2:

Make sure you allowed port 1494 and 2598 from the DMZ (Netscaler) to ALL the internal ip addresses of the Citrix Servers.

When using MCS or Provisioning make DHCP reservations to make sure you only allow just the Citrix servers.



A request was sent to service ‘Store Service’ that was detected as passing through a gateway. However no gateways are configured for this service.


Event ID 1
Task Catagory: (2007)

A request was sent to service ‘Store Service’ that was detected as passing through a gateway. However no gateways are configured for this service. Request details:
X-Citrix-Via-VIP: 192.168.x.x
Remote Address: fe80::cc97:f8be:cf29:x
X-Forwarded-For: x.x.x.x,192.168.x.x


Check if you enabled remote access.

Goto Stores >> Enable Remote Access and check if a remote access connection is selected and if the information is wright.

Enable Remote Access


Internet Explorer settings Security tab are greyed out


When logging in as a new user my Internet Explorer Security Settings are greyed out, when I perform a reset everything is working perfect. I don’t use any GPO’s the change settings.


1) Login as user with the problem.

2) Reset the internet Explorer setting in the Advanced tab.

3) Export the registry settings of the following key:
     HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\

4) Load the ntuser.dat from the default user as “Default” using Load Hive in Regedit.

5) Edit the Exported .reg file and use find and replace
        Replace: HKEY_Users\Default

6) Import the changed settings.

7) Unload the hive for Default.

Now when a new user logs in the Internet Eplorer settings are correct.



View if all servers are using the latest Disk Image MCS


When updating a machine Catalog in XenDesktop with a new Disk Image (MCS) and you reboot the machines you would like to know if all the machines use the latest dick images.

This only works when using Machine Creation Service


Use the following powershell command to see if there are machines using a older version of de image:

Add-PsSnapin Citrix.*
Get-BrokerMachine -ImageOutOfDate 1

Now you see all the machines that have a Out Of Date image. You can check the Machine name to see which machine it is and ImageOUtOfDate if it is True than it needs to update.


When you only need to see the MachineNames then use the following command:

Get-BrokerMachine -ImageOutOfDate 1 | select machineName

After a reboot you can use the following powershell command:

Get-BrokerMachine -MachineName “domain\MachineName” -ImageOutOfDate 1


The application was unable to start correctly (0xc01500002). ConfigWizard.exe


After installing Provisioning Server 7.1 and you want to start the Configuration Wizard you receive the following error: “The application was unable to start correctly (0xc01500002)”

Error configwizard


When looking at the Event Log you will see the following error message:

Activation context generation failed for “C:\Program Files\Citrix\Provisioning Services\LicHelp.dll”. Dependent Assembly Microsoft.VC90.CRT,processorArchitecture=”amd64″,publicKeyToken=”1fc8b3b9a1e18e3b”,type=”win32″,version=”9.0.21022.8″ could not be found. Please use sxstrace.exe for detailed diagnosis.


This means the program needs the Visual C++ 2008 Redistributable Package. Download and install it and you will be able to open the Configuration Wizard.

Download link for Visual C++ 2008 SP1 Redistributable Package:


Failed to connect to data source


I was receiving the following error: Failed to connect to data source ‘The broker service reported an error. See the event log for more information.’  in the event viewer ( Event ID 5) when using Desktop Director, and the latency wasn’t displayed.



It looks like the performance counters are corrupted, I repaired them using the following command lodctr /r.






Reset startcount adding machines



When you delete machines added through XenDesktop and want to add new machines with the same name this isn’t possible.


Use the following command to view the startcount of the current machines:

Add-PsSnapin Citrix.*
Get-AcctIdentityPool > c:\pools.txt

MCS StartCount

When you want to reset the Startcount to 1 (new machines will start with XA01 and so on) the use the following command:

New-AcctADAccount -IdentityPoolName “” -Count 1 -StartCount 1

When you now use: Get-AcctIdentityPool > c:\pools.txt then the StartCount is set to 1.



Unable to unmount vhd provisioning server


When mounting a VHD file using the provisioning server console you normally get an orange arrow which indicates the vDisk is mounted, but sometimes you don’t receive the arrow and then you can’t unmount the vdisk.



To unmount a vDisk which isn’t indicated as mounted in the Provisioning Services console, use cvhdmount.exe.

cvhdmount.exe is at the following location: C:\Program Files\Citrix\Provisioning Services\.

Use the following command: cvhdmount.exe -u <sn> where <sn> is the  serial number and must be greater than zero, in my case I didn’t mounted other vDisks so went for number 1 and did worked for me.


Network path not found when using Published Application


When opening a file which is located at a Mapped network drive (f:\ which is mapped to \\fileserver\data$\) you receive the error: the network path not found. I used Process Monitor on the server where the published application is located to see the following message: BAD NETWORK PATH  and the path is: \\Client\F$\Rapportages en begrotingen\



Because we don’t allow “Client network drives” the mapped drive isn’t redirected to the new session. Allowing Client network drives solves the problem.


Changing isopath VMware VM’s when using Provisioning boot from ISO


When using a bootable ISO to get the Provisioning server settings and need to change the ISO because you add more servers and don’t use some sort of load balancing, you can do this by hand but this is very time consuming.


With VMWare PowerCLI it’s possible to do this automated. Download PowerCLI from VMWare, after installing PowerCLI you can use the following command to change the ISOPath:

Get-vm -Name VMNAME* |Get-CDDrive | set-cddrive -isopath “[Templates-Iso] XenDesktopNew.iso”

The Get-VM -Name is used to create a filter to which machines you would like to apply the new settings.

First connect to vcenter using Connect-VIServer, enter the vcenter server FQDN and the credentials.


PowerCLI 5.5:


Google embedded streetview shows Grey screen


When connecting to a Windows 2008 server using ICA and watching a site which using embedded streetview, the streetview section is grey and only lets you show the controls for streetview.
When connecting using RDP the problem doesn’t occur.


After searching I found that disabling speedscreen will do the trick.

Configure SpeedScreen Browser Acceleration for a farm

  1. Depending on the version of XenApp you have installed, from the Start menu, select All Programs > Citrix > Management Consoles and choose Access Management Console or Delivery Services Console.
  2. In the left pane, select the farm.
  3. From the Action menu, select Modify farm properties > Modify all properties.
  4. From the Properties list, select Server Default > SpeedScreen > Browser Acceleration.
  5. Deselect the SpeedScreen Browser Acceleration check box to disable speedscreen browser acceleration.

Now the streetview images are displayed and everything is working.



Using with Outlook connector


You receive the following error: There was a problem connecting to ShareFile. Please verify that you are connected to the Internet or contact ShareFile support if the problem persists.

When you use the domain for your ShareFile installation, you need to configure the Outlook connector to search the mail address on the domain instead of the default domain.

Outlook Connector Error


Create the following registry key:


  • Type: REG_SZ
  • Name: ApiCP
  • Value:

Now the Outlook connector will search the domain.