How to ADD local certificate for Storefront store to use HTTPS

Prerequisite you should have ADCS available in your environment –

1. Go to IIS Manager –

2. Click on server certificate –

3. Click on Create Domain certificate

4. You will see the below form appear on your screen and punching the below details.What matter the most is the name of the company where the server will be created –

Company name – FQDN for ex – (DC name).domain.com
Org – name of the org
OU – Organizational unit
City/locality – Name of the location
State – Name of the state
Country – Name of the country

5. Click next and you will asked for the certificate authority which is going to be your domain controller and any friendly name of tagging purpose –                                                                                                                                                                                                                      
6. Click finish and you have the certificate available and now adjust the bindings for the storefront website. By going to default web site and in the right pane chose bindings > click add > select type as https choose the port as 443 > select the certificate you created from the drop down of SSL certificate.
7. Post that you can go back to storefront and change the base url by going to Server group > change base url and it will change all the subsequent base url required updating.

How to disable the URL prompt for the users using Citrix Desktop?

HKEY_CURRENT_USER\Software\Citrix\PNAgent : “SuppressURLPromptAtLogin“=DWORD:00000001

Crack License administration console password cracking version – 11.11.1 build 13012

when we clicked on the administration it was asking for user name and password where it by default the user by which it Citrix license server was installed but the password was not working.
In these case you can reset the password by browsing to the location which is – C:\Program Files (x86)\Citrix\Licensing\LS\conf
locate the file server.xml open in the notepad and look for the password and it will show you something like below –
password=”(ENC-01)UaFz17cJ2oNQ+LkskjkzUyVV5ZcmaoJCDCiuiusbB6zk2P0uR”
you can change the password by changing the data under the “”. below is the example –
password=”Password01″
and save the server.xml and use the default username and enter the password you changed and bingo you are in the administration section of license admin console.

If license server is down, how does licensing work in the grace period?

Ans : Almost every who is supporting Citrix XenApp know that the moment license server goes down Citrix XenApp server goes to grace period for 30 days giving administrator the opportunity to recover the License server or build a new one.
But when asked about how exactly XenApp server holds the license information the question mark appears on the admin face luckily i was one of them but i did some digging on google and Citrix XenApp server registries and found the answer.

How licensing work in the grace period?
Initially i thought it is LHC which hold that information but every XenApp server cache License information in .ini file and the exact name of the file is MPS-WSXICA_MPS-WSXICA.ini which is saved at – C:\Program Files (x86)\Citrix\system32\cache

MPS-WSXICA_MPS-WSXICA.ini can be opened in notepad and if you have ever opened the LIC file in notepad you will be able to find the similarity. It looks like below –

This is finally gets updated automatically whenever you add any new license or make any changes to the License information. Please correct if am wrong if you server is down IMA pick the cache information with the help of below key

Xenapp and Netscaler

Q: The disk is full on a NetScaler appliance but NO alerts were generated by the SNMP traps.
What is the likely cause of this failed alert?
A: The threshold was not set for the alarm.

Q: What type of protocol does AppFlow use for reporting?

A: UDP

Q: NetScaler is configured with two-factor authentication. A user reported that authentication failed.
How can an engineer determine which factor of the authentication method failed?
A: Use CAT AAAD debug command

Q: A network engineer needs to add an NTP server to a NetScaler appliance. The NTP
service is configured on 10.10.1.49. Which command should the network engineer use within the command-line interface to add in an NTP server for time synchronization?

A: add ntp server 10.10.1.49

Q - You will be migrating from XenApp 6.5 to XenApp 7.6, what are two differences between IMA and FMA?

A – Some answers include: FMA uses Sites and no longer utilizes Zones or Zone Data Collectors, FMA uses Virtual Desktop Agents (VDA’s), FMA leverages MCS for Servers and Desktops, IMA uses Local Host Cache (LHC), IMA uses IMA Service.

Q - How does Citrix Netscaler licensing differ from the other Citrix product licensing?

A - As an appliance or hardware, Netscaler is separate from most other Citrix products that use a license server. It is licensed independently.

Q - Can you name two of the services required to be running on the Provisioning Server for it to function?

A - SOAP and STREAM services must be running on the PVS Servers

Q - What are the two most common ports used on XenApp ICA sessions? What are each used for?

A - Ports 1494 (ICA/HDX) and 2598(Session Reliability)


 

NetScaler VPX System Requirements

Q: Can the NetScaler VPX be a part of a high availability setup with a NetScaler appliance?

A: This is not a supported configuration.
 

Q: What is the minimum hardware requirement for NetScaler VPX?

A:  system requirements. NetScaler VPX requires:

• Processor requirements: Dual core server with Intel VTx or AMD-V
• Memory available: 2GB RAM, 20 GB hard drive
• Hypervisor: Citrix XenServer 6.0 or later; VMWare ESX/ESXi 4.1 or later; Microsoft Hyper-V Server 2008 R2, Microsoft Hyper-V Server 2012 and 2012 R2
• Connectivity: 100 Mbps minimum; 1 Gbps recommended
• A network interface card compatible with the hypervisor

Q: What are Intel VTx and AMD-V?

A: These features, sometimes referred to as "hardware assist" or "virtualization assist", trap sensitive or privileged CPU instructions executed by the guest OS out to the hypervisor. This simplifies hosting guest OSs (BSD for a NetScaler VPX) on the hypervisor.

Q: How common are VTx and AMD-V?

A: Virtually all servers shipped within the last two years support either VTx or AMD-V.
Note: Many servers ship with virtualization assist disabled in BIOS. Before assuming you cannot run NetScaler VPX, examine if you need to change this setting on the server.

Q: Is there a hardware compatibility list (HCL) for NetScaler VPX?

A: As long as the server supports Intel VTX or AMD-V, NetScaler VPX should run on any server compatible with the underlying hypervisor. See the hypervisor HCL for a comprehensive list of supported platforms.

Q: What version of NetScaler OS is NetScaler VPX based on?

A: NetScaler VPX is based upon NetScaler 9.1 , 10.1, 10.5or later releases.
 

NetScaler VPX Capacity Planning/Sizing

Q: Given that server CPU power will vary, how can we estimate maximum performance of a NetScaler VPX instance?

A: Using a faster CPU could result in higher performance (up to the maximum allowed by the license), while using a slower CPU can certainly limit the performance.

Q: Are NetScaler VPX bandwidth/throughput limits for inbound only traffic, or both inbound and outbound traffic?

A: NetScaler VPX bandwidth limits are enforced for traffic inbound to the NetScaler only, regardless of whether this is request traffic or response traffic. This indicates that a NetScaler VPX-1000 (for example) can process both 1 Gbps of inbound traffic and 1 Gbps of outbound traffic simultaneously. Note that inbound and outbound traffic are not the same as request and response traffic. To NetScaler, both traffic coming from endpoints (request traffic) and traffic coming from origin servers (response traffic) is "inbound" (that is, coming into the NetScaler).

Q: Can multiple instances of NetScaler VPX be run on the same server?

A: Yes. However, ensure that the physical server has enough CPU and I/O capacity to support the total workload running on the host, or NetScaler VPX performance could be impacted.

Q: If more than one instance of NetScaler VPX is running on a physical server, what is the minimum hardware requirement per NetScaler VPX instance?

A: Each NetScaler VPX instance should be allocated 2GB of physical RAM, 20 GB of hard disk space, and 2 vCPUs.

Q: Can I host NetScaler VPX and other applications on the same server?

A: Yes. For example, NetScaler VPX, XenApp Web Interface and XenApp XML Broker could all be virtualized and can run on the same server. For best performance, ensure that the physical host has enough CPU and I/O capacity to support all the running workloads.

Q: Will adding CPU cores to a single NetScaler VPX instance increase the performance of that instance?

A: Depending on the license, a NetScaler VPX instance can use up to 4 vCPU today. Adding additional CPU to a NetScaler VPX instance that can use more CPUs will increase the performance.

Q: Even though NetScaler VPX is idle, it looks like it is consuming more than 90% of CPU. Why is this?

A: This is normal behavior and NetScaler appliances exhibit the same behavior. To see the true extent of NetScaler VPX CPU utilization, use the stat cpu command in the NetScaler CLI, or view NetScaler VPX CPU utilization from the NetScaler GUI. The NetScaler packet processing engine is always "looking for work", even when there is no work to be done. Therefore, it will do everything it can to take control of the CPU and not release it. On a server installed with NetScaler VPX and nothing else, this results in it looking like (from the hypervisor perspective) that NetScaler VPX is consuming the entire CPU. Looking at the CPU utilization from "inside NetScaler" (by using the CLI or the GUI) provides a picture of NetScaler VPX CPU capacity being used.