Navigation
Change Log
VDA Virtual Machine Hardware
Windows Configuration
Install Virtual Delivery Agent 7.17
Citrix Desktop Helper Service
Customer Experience Improvement Program (CEIP)
Connection Quality Indicator
Adaptive Transport
Slow Logons
Change Controller VDA Registration Port to something other than port 80
Verify VDA Registration with Controller
Receivers:
Citrix File Access 2.0.3 for Receiver for Chrome
Framehawk Configuration
Remote Desktop Licensing Configuration
Reduce C: Drive Permissions
Configure Pagefile for Provisioning Services
Direct Access Users Group – allow non-administrators to RDP to the VDA
Enable Windows Profiles v3/v4 – Windows 2012 R2 only
Registry Settings – black screen, published Explorer, Screen Saver, HTML5 Clipboard, HTML5 Upload Folder, 4K Monitors, COM Ports
Restore Legacy Client Drive Mapping
Print Driver for Mac and Linux Clients
HTML5 Receiver – SSL for VDA
Anonymous Accounts
Antivirus
Optimize Performance
Seal and Shut Down
Troubleshooting – Graphics
Uninstall VDA
� = Recently Updated
Change Log
2018 Feb 26 – updated Install VDA section for version 7.17
2018 Feb 17 – in the Verify VDA Registration section, added link to The Most Common VDA Registration Issues & Troubleshooting Steps at Citrix Blogs
2018 Feb 8 – in Optimize Performance > Citrix Links section, added info from CTX232313 Citrix Provisioning Services: Slow Login Performance with Windows 10 VDA Machines
2018 Jan 13 – in Change VDA Port section, added link to CTX229493 VDAs Do Not Register in LHC Mode When Registration Port is Not Set To Default
2018 Jan 10 – in Install VDA section, added link to Citrix Blog Post Citrix VDA Commandline Helper Tool
2018 Jan 5 – added VDA 7.16 Hotfix 1 for RDSH VDAs
2018 Jan 2 – in Profiles v4 section, added link to CTX230343 Reset Profile Options Is Greyed Out In Citrix Director
2017 Dec 8 – in Registry > Login Timeout section, added link to Citrix CTX138404 Application Connection Starts but Disappears after Timeout
Hardware
Hypervisor Host Hardware
Citrix Blog Post Citrix Scalability — The Rule of 5 and 10: Simply take the number of physical cores in a hypervisor host, multiply it by 5 or 10, and the result will be your Single Server Scalability. Use 5 if you’re looking for the number of XenDesktop VMs you can host on a box, and use 10 if you’re looking for the number of XenApp user sessions you can host on a box.
Virtual Machine Hardware
Operating system version support: VDA 7.17 supports Windows 10 (1607 and newer), Windows Server 2012 R2 (RDSH only), and Windows Server 2016 (RDSH or Server VDI).
For older operating systems (e.g Windows 7 or Windows Server 2008 R2), install VDA 7.15 with the latest Cumulative Update. VDA 7.15 will work with newer Delivery Controllers (e.g. Delivery Controller 7.17).
CTX224843 Windows 10 compatibility with Citrix XenDesktop
Citrix provides partial support for Semi-Annual Channel Targeted (aka Current Branch) versions of Windows 10
Citrix provides full support for Semi-Annual Channel Broad (aka Current Branch for Business) versions of Windows 10, starting with the VDA version released after a Windows 10 version is designated as Broad (typically 4 months [4 patches] after initial release).
CTX229052 Windows 10 Fall Creators Update (v1709) – Citrix Known Issues.
CTX231942 Windows 10 Redstone 4 (Insider Preview builds) – Citrix Known Issues.
Firewall – VDA 7.17 enables the UDP-based EDT protocol by default. Make sure the UDP ports are open for ICA/HDX:
UDP 1494
UDP 2598
UDP 443 – from Internet to NetScaler Gateway.
UDP 443 can also be used by internal ICA connections if VDA SSL is configured.
For EDT through NetScaler Gateway, make sure your NetScaler firmware is up to date, preferably 11.1 build 56 or newer.
VDA virtual machine sizing:
For Windows 10 virtual desktops, give the virtual machine: 2+ vCPU and 2+ GB of RAM
For Windows 2012 R2 RDSH, give the virtual machine 8 vCPU, and 24-48 GB of RAM
See Daniel Feller Sizing Windows 2016, Windows 2012 And Windows 10 Virtual Machines
If using RAM caching (MCSIO or PvS), add more RAM for the cache
Remove the floppy drive
Remove any serial or LPT ports
If vSphere:
To reduce disk space, reserve memory. Memory reservations reduce or eliminate the virtual machine .vswp file.
The NIC should be VMXNET3.
If this VDA will boot from Provisioning Services:
For vSphere, the NIC must be VMXNET3.
For vSphere, configure the CD-ROM to boot from IDE instead of SATA. SATA comes with VM hardware version 10. SATA won’t work with PvS.
Install the latest version of hypervisor drivers (e.g. VMware Tools).
The vSphere Activity Monitoring Feature with NSX Guest Introspection feature uses a TDI driver (vnetflt.sys), which might cause a “Connection Interrupted” message when users log off of Citrix. See CTX221206 “Connection Interrupted” error message displayed while logging off ICA session.
If vSphere, disable NIC Hotplug
Users could use the systray icon to Eject the Ethernet Controller. Obviously this is bad.
To disable this functionality, power off the virtual machine.
Once powered off, right-click the virtual machine, and click Edit Settings.
On the VM Options tab, expand Advanced, and then click Edit Configuration.
On the bottom left, enter devices.hotplug. On the right, enter false. Then click Add.
Then click OK a couple times to close the windows.
The VM can then be powered on.
Windows Preparation
Computer Group Policy – Make sure the Master VM is in the same OU as the Linked Clones so the Master VM will get the computer-level GPO settings in its registry. Run gpupdate on the master after moving the VM to the correct OU. When Clones are created from the Master, the computer-level GPO settings will already be applied, thus eliminating a timing issue.
If Server OS, disable IE Enhanced Security Configuration in Server Manager > Local Server.
Optionally, go to Action Center (Windows 2012 R2) or Control Panel > Security and Maintenance (Windows 10/2016) to disable User Account Control, and enable SmartScreen.
In Windows 10 1703 and newer, search the Settings app for Change User Account Control settings.
SmartScreen is configured in Windows Defender Security Center > App & browser control.
Run Windows Update. Do not skip this step. Many VDA installation problems are fixed by simply updating Windows.
Defer Feature Updates – For Windows 10, since Citrix VDA does not immediately support new Windows 10 versions, configure Windows Update to defer feature updates.
Add your Citrix Administrators group to the local Administrators group on the VDA. Computer Management.
The Remote Desktop Services “Prompt for Password” policy prevents Single Sign-on to the Virtual Delivery Agent. Check registry key HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services. If fPromptForPassword = 1 then you need to fix group policy. The following GPO setting will prevent Single Sign-on from working.
Computer Configuration | Policies | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Session Host | Security | Always prompt for password upon connection
Or set the registry value HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\PorticaAutoLogon (DWORD) = 0x10.
To remove the built-in apps in Windows 10, see Robin Hobo How to remove built-in apps in Windows 10 Enterprise.
For Remote Assistance in Citrix Director, configure the GPO setting Computer Configuration | Policies | Administrative Templates | System | Remote Assistance | Offer Remote Assistance. See Jason Samuel – How to setup Citrix Director Shadowing with Remote Assistance using Group Policy for more details.
If you intend to use Citrix’s SCOM Management Packs for XenApp/XenDesktop, make sure WinRM is enabled on the VDA by running winrm quickconfig. Or you can enable WinRM using Group Policy.
Install Virtual Delivery Agent 7.17
For virtual desktops, make sure you are logged into the console. The VDA won’t install if you are connected using RDP.
Make sure .NET Framework 4.5.2 or newer is installed.
CLI Install:
Command Line Install Options are detailed at Install using the command line at Citrix Docs.
The Citrix Telemetry Service seems to cause problems. You can use the Command Line Installer to exclude Telemetry Service as detailed at VDA upgrade cmdlet at Citrix Discussions.
Citrix Blog Post Citrix VDA Commandline Helper Tool: a GUI to configure the VDA installation options.
GUI Install:
Mount the downloaded XenDesktop 7.17 ISO, and and run AutoSelect.exe.
Alternatively, you can download the standalone VDA package and run that instead. Go the main XenDesktop 7.17 download page. Expand the section labelled Components that are on the product ISO but also packaged separately. There is a VDA installer called Desktop OS Core Services that is designed for Remote PC deployments.
Click Start next to either XenApp or XenDesktop. The only difference is the product name displayed in the installation wizard.
On the top right, click Virtual Delivery Agent for Windows Desktop OS, or Windows Server OS, depending on which type of VDA you are building.
In the Environment page, select Create a Master Image, and click Next.
In the Core Components page, if you don’t need Citrix Receiver installed on your VDA, then uncheck the box. Receiver is usually only needed for double-hop connections (connect to first VDA, and then from there, connect to second VDA). Click Next.
In the Additional Components page, uncheck Citrix AppDisk/Personal vDisk. This feature has been deprecated and is being replaced by Citrix App Layering (Unidesk). Click Next.
In the Delivery Controller page, select Do it manually. Enter the FQDN of each Controller. Click Test connection. And then make sure you click Add. Click Next when done.
In the Features page, check boxes. Only the top box is checked by default. If you want to use the other features, check the boxes. If this is a virtual desktop, you can leave Personal vDisk unchecked now and enable it later. Then click Next.
In the Firewall page, click Next.
In the Summary page, click Install.
If RDSH, click Close when you are prompted to restart.
After the machine reboots twice, login and installation should continue.
If you see a Locate ‘XenDesktop’ installation media window, click Cancel.
Mount the XenApp_and_XenDesktop_7_17.iso.
Run AutoSelect.exe.
Click the Virtual Desktop Agent box to resume installation.
Installation will continue automatically.
Note: NT SERVICE\CitrixTelemetryService needs permission to login as a service.
In the Smart Tools page, click Connect, enter your MyCitrix.com credentials, and then click Next.
In the Finish page, click Finish to restart the machine again.
According to CTX225819 When Launching an Application Published from Windows Server 2016, a Black Screen Appears for Several Seconds Before Application is Visible, HKLM\SOFTWARE\Citrix\Citrix Virtual Desktop Agent\DisableLogonUISuppression (DWORD) should be set to 0.
Citrix Desktop Helper Service
Citrix Blog Post Augment Your XenDesktop Deployment with the Desktop Helper Service: this installable service adds the following functionality to your VDAs:
The “Shutdown Inactive Desktops” feature allows Citrix administrators to enable a timer that shuts down a virtual desktop after it has been registered for a configured amount of minutes without a user connection.
Delaying the Citrix Desktop Service start by a configurable amount of time allows the desktop to finish performing on-boot tasks before a user is brokered to it.
The “Force Group Policy Update” feature give administrators the ability to force a group policy update after a configured amount of time.
If these features are desirable, download the tool from the blog post and install it.
Configurable Registry keys are located at HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\DesktopHelper. Each value is detailed in the accompanying Word document.
Customer Experience Improvement Program (CEIP)
Customer Experience Improvement Program (CEIP) is enabled by default. To disable it, create the registry value HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Telemetry\CEIP\Enabled (DWORD), and set it to 0 (zero). Also see CEIP at Citrix Insight Services at Citrix Docs.
See http://www.carlstalhood.com/delivery-controller-7-17-and-licensing/#ceip for additional places where CEIP is enabled.
Connection Quality Indicator
The Connection Quality Indicator tells the user the quality of the connection. For example:
Position of the indicator is configurable by the user. Thresholds are configurable through group policy.
Download it from CTX220774 Connection Quality Indicator and install it. The article is very detailed.
Group Policy templates are located at C:\Program Files (x86)\Citrix\Connection Quality Indicator\Configuration. Copy the files and folder to <Sysvol>\Policies\PolicyDefinitions, or C:\Windows\PolicyDefinitions.
Find the settings under Computer Config | Policies | Administrative Templates | Citrix Components | Virtual Desktop Agent | CQI
Version 1.2 adds the GPO settings to the user half of a GPO.
Notification display settings lets you customize the user notifications, or disable them.
Connection Threshold Settings lets you set the notification thresholds.
Adaptive Transport
XenApp/XenDesktop 7.17 includes Adaptive Transport, which uses EDT protocol, which uses UDP Ports 1494/2598 for HDX connections to the VDA. The UDP ports should already be open in the Windows Firewall.
For EDT through NetScaler Gateway, make sure your NetScaler firmware is up to date, preferably 11.1 build 56 or newer.
In 7.17, Adaptive Transport defaults to Preferred, which means it’s enabled by default. It can be configured in the Citrix Policy setting HDX Adaptive Transport.
Slow Logons
Citrix Discussions Xenapp 7.9: Wait for local session manager: “I have a Xenapp 7.9 environment on Windows 2012 R2. When logging in through Citrix I got message “Wait for local session manager” for 20-30 seconds. When logging in to the server with RDS, I do not have to wait for this.”
“Add the following 2 registry keys to your 7.9 VDA server – then try connecting to it using ICA to see if the issue still occurs:
Add reg keys in “HKLM\SOFTWARE\Citrix\GroupPolicy”
Dword: “CacheGpoExpireInHours” – Value = 5-24 (# of Hours) ***start with value of 5***
Dword: “GpoCacheEnabled” – Value = 1
Restart the machine after adding these registry keys and attempt an ICA connection (at least twice) to see if that helps the Login delay.”
Mark DePalma at XenApp slow logon times, user get black screen for 20 seconds at Citrix Discussions says that pushing Tile Refresh to a background task speeds up logons.
Regedit:
UPM Exclusions:
Marvin Neys at XenApp slow logon times, user get black screen for 20 seconds at Citrix Discussions says that deleting HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC at logoff reduces logon times from 40 seconds to 6 seconds.
For additional logon delay troubleshooting, see Alexander Ollischer XenApp/XenDesktop – “Please Wait For Local Session Manager” message when logging into RDS. He found some Windows Updates that caused a logon delay.
XenApp recalculates WMI filters on every reconnect. CTX212610 Session Reconnect 30 sec Delay – DisableGPCalculation – WMI Filters indicates that recalculation can be disabled by setting HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Reconnect\DisableGPCalculation (DWORD) to 1.
CTX212439 Desktop Session Stuck in Pre-Logon State with Message “Please wait for the Local Session Manager”:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters\MaxTokenSize (DWORD) = 48000
Delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod\L$RTMTIMEBOMB
Controller Registration Port
Some environments will not accept the default port 80 for Virtual Delivery Agent registration, even though registration is authenticated and encrypted on port 80. To change the port, do the following on the Virtual Delivery Agent:
Open Programs and Features. If Windows 10 1703 or newer, open Apps and Features.
Find Citrix Virtual Delivery Agent, and click Change or Modify (Windows 10 1703 and newer).
Click Customize Virtual Delivery Agent Settings.
Edit the Delivery Controllers, and click Next.
On the Protocol and Port page, change the port number, and click Next.
In the Summary page, click Reconfigure.
If you see a Smart Tools page, make a selection for Call Home, and click Next.
In the Finish Reconfiguration page, click Finish.
Restart the VDA machine.
You must also change the VDA registration port on the Delivery Controllers by running BrokerService.exe /VDAPort.
For Local Host Cache, on the Delivery Controller, run C:\Program Files\Citrix\Broker\Service\HighAvailabilityService.exe –VdaPort <CORRECT PORT #>. Source = CTX229493 VDAs Do Not Register in LHC Mode When Registration Port is Not Set To Default.
Verify that VDA registered with a Controller
If you restart the Virtual Delivery Agent machine, or restart the Citrix Desktop Service…
In Windows Logs > Application log, you should see an event 1012 from Citrix Desktop Service saying that it successfully registered with a controller.
If you don’t see successful registration, then you’ll need to fix the ListOfDDCs registry key.
See VDA registration with Controllers at Citrix Docs.
See The Most Common VDA Registration Issues & Troubleshooting Steps at Citrix Blogs.
You can also run Citrix’s Health Assistant on the VDA.
See CTX220772 Technical Primer: VDA Registration for a very detailed explanation of the VDA Registration process.
Citrix PDF Printer for Receiver for HTML5/Chrome
VDA 7.17 installs the PDF Printer automatically so there’s no need for a separate installation.
To enable the PDF printer for HTML5 connections, configure the Citrix Policy setting called Auto-create PDF Universal Printer in the user half of a Citrix Policy GPO.
Citrix File Access 2.0.3 for Receiver for Chrome
If you support Receiver for Chrome (Chromebook) and want published applicatons to open files on Google Drive, install Citrix File Access on the VDAs. Get it from the Receiver for Chrome download page, in the Additional Components section.
Go to the extracted Citrix_File_Access_2.0.3, and run FileAccess.msi.
In the Please read the File Access License Agreement page, check the box next to I accept the terms, and click Install.
In the Completed the File Access Setup Wizard page, click Finish.
File Access is listed in Programs and Features (or Apps & Features) as version 2.0.3.33.
File Access has a default list of supported file extensions. The list can be expanded by editing the registry on the VDA. See CTX219983 Receiver for Chrome Error: Invalid command line arguments: Unable to open the file as it has an unsu