Archive for October 2009

Indstillinger og tweaks for Terminal Server/XenApp 5.0 – Part 1

Jeg vil i denne blog-post beskrive de indstillinger og tweaks jeg laver for en ny XenApp 5.0 farm.
XenApp 5.0  er desværre ikke supporteret på Windows Server 2008 R2. Det kommer først med den nye version (Project Parra), som forventes i Q1 2010.
http://support.citrix.com/article/CTX122601

Jeg tester her på en XenApp 5.0 farm, som afvikles på en Windows Server 2008 x64 platform (SP2 + fuld windows Update).
Min XenApp 5.0 farm består at følgende enheder.

WIN-XAP-001 = (SQL Express – Data Collector – TS License server – XenApp license server).
WIN-XAP-002 = (Application Server – Office 2007 – Adobe mfl.)
WIN-XAP-003 = (Application Server – Office 2007 – Adobe mfl)

Link’s til design og installations guide for XenApp 5.0.

Memory Limits for Windows Releases.
http://msdn.microsoft.com/en-us/library/aa366778(VS.85).aspx

Communication Ports Used By Citrix Technologies.
http://support.citrix.com/article/CTX101810

Citrix Product Documentation Links.
http://support.citrix.com/productdocs/

XenApp and XenServer – Reference Architechture.
http://support.citrix.com/article/CTX117922

Citrix XenApp 5.0 for Microsoft Windows Server 2008 Installation Checklist.
http://support.citrix.com/article/CTX113392

Learning the Basics of XenApp 5 for Windows Server 2008 (Part 1 of 7).
http://carlwebster.com/blogs/webster/archive/2009/01/03/Learning-the-Basics-of-XenApp-5-for-Windows-Server-2008-Part-1-of-7.aspx

Link’s til Roaming User Profile Share.

Oprettelse af TS/XenApp Roaming User Profile Share med permissions, se nedenstående link.
http://blogs.technet.com/askds/archive/2008/06/30/automatic-creation-of-user-folders-for-home-roaming-profile-and-redirected-folders.aspx

Der er her vigtig at disable “Cache Option for Offline Files”.
http://support.microsoft.com/kb/287566


 

CMD script til de enkelte XenApp application servere.

Nedenstående script starter ESC GUI (disables), disabler DEP og installerer danish MUI silent.

 

REM Platform: Windows 2008 SP2 x64

REM Remove Internet Explorer Enhanced Security
start /wait Rundll32 iesetup.dll, IEShowHardeningDialog

REM Disable Data Execution Prevention
start /wait bcdedit.exe /set {current} nx AlwaysOff

REM  install a Language Pack/MUI – Danish – Silent
start /wait lpksetup.exe /i da-dk /r /s /p \win-vs-002ISOMUIlangpacks

Link til danish MUI (Group 6 – 6002.18005.090410-1830_AMD64fre_Server_LP_6-KRTMSxLP6_DVD.iso)
http://www.microsoft.com/Downloads/details.aspx?familyid=3A7FB7A2-3519-495B-9BC5-2007082CA9A6&displaylang=en

Tilretninger til Java, Adobe og Flash.

Java.
http://wpkg.org/Java
http://www.appdeploy.com/packages/detail.asp?id=38

Adobe.
http://wpkg.org/Adobe_Reader_9
http://www.appdeploy.com/packages/detail.asp?id=1303

Flash.
http://wpkg.org/Flash_Player
http://www.appdeploy.com/packages/detail.asp?id=1382

XenApp GPO’er.

Ok, det første jeg laver, er at oprette en ny OU (XenApp), hvor jeg placere alle mine XenApp servere.

 

Herefter laver jeg en sikkerhedsgruppe (TS 2008 Machine), hvori jeg placerer, mine 2 applicationsservere (win-xap-002 og 003).
Denne gruppe bliver indsat for TS 2008 Machine GPO’en. License og datacollect serveren bliver i dette tilfælde holdt udenfor.

Jeg er nu klar til at lave en række “Group Policies”, som skal styre mine Computer og user settings for min XenApp farm.
Jeg vælger her, at oprette 2 GPO’er, som følger.

1. TS 2008 Policy – Machine (Indeholder kun settings for computer configuration)
2. TS 2008 Policy – User – Lockdown (Indeholder kun settings for user configuration, herunder Folder Redirect – IE – Office – mfl.)

Jeg opretter således de 2 GPO’er og konfigurere dem på følgende måde.

TS 2008 Policy – Machine.

Jeg disabler først “User Configuration Settings” for denne GPO og indsætter TS 2008 Machine gruppen med read og apply.
Link herefter denne GPO til den føroprettede OU XenApp.


Nedenstående lister de settings jeg angiver for denne GPO. Den er oprettet med GPO manager fra en 2008 R2 dc’er.
“Terminal Services” er således rettet til “Remote Desktop Services”

Computer Configuration – Administrative Templates – System.
Display Shutdown Event Tracker = Disabled

Computer Configuration – Administrative Templates – System.
Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services = Enabled.
User Group Policy loopback processing mode = Enabled med værdien “Replace”.

Computer Configuration – Administrative Templates – System – Server Manager.
Do not display Initial Configuration Tasks window automatically at logon = Enabled
Do not display Server Manager automatically at logon = Enabled


Computer Configuration – Administrative Templates – System – User Profiles.
Add the Administrators security group to roaming user profiles = Enabled
Delete cached copies of roaming profiles = Enabled

Computer Configuration – Administrative Templates – Windows Components – Remote Desktop Services – Remote Desktop Session Host – Profiles.
Set path for Remote Desktop Services Roaming User Profile = Enabled (\win-vs-002XenProfiles$)
Set Remote Desktop Services User Home Directory = Enabled (\win-vs-002.win.localUserHome$)

Computer Configuration – Administrative Templates – Windows Components – Windows Error Reporting.
Disable Windows Error Reporting = Enabled

Computer Configuration – Administrative Templates – Windows Components – Remote Desktop Services – Remote Desktop Session Host – Licensing.
Use the specified Remote Desktop license servers = Enabled med værdien win-xap-001, som er min TS license server.
Set the Remote Desktop licensing mode = Enabled med værdien “Per User”.

Computer Configuration – Preferences – Windows Settings – Registry.
Disable Console error Messages.
HKLMSYSTEMCurrentControlSetControlWindows – ErrorMode (reg_dword) = 2


 

Disables Windows Update Service.
HKLMSYSTEMCurrentControlSetServiceswuauserv – Start (reg_dword) = 4

Disables Logging of Print Events.
HKLMSOFTWAREWow6432NodeCitrixPrint – DefaultPrnFlags (reg_dword) = 134217728

Disables Spooler errors from being displayed on the server console.
HKLMSYSTEMCurrentControlSetServicesSpooler – ErrorControl (reg_dword) = 2

Disables Logging of Printer Events.
HKLMSYSTEMCurrentControlSetControlPrintProviders – EventLog (reg_dword) = 0

Disable Beep Sound.
HKLMSYSTEMCurrentControlSetControlTerminal Server – DisableBeep (reg_dword) = 1

Endvidere disabler jeg “System speaker” og “Beep” under devices som også er en del af preferences.

 

Delete følgende applikationer under startup (msconfig).
HKLMSOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionRun
SunJavaUpdateSched – Adobe Reader Speed Launcher – Adobe ARM – GrooveMonitor


Disable diverse RDP redirection’s for de enkelte XenApp application servere, som vist på nedenståene billede.
Jeg benytter kun RDP for suppport/maintenance og ønsker således ikke nedenstående redirection.

 

HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp – fDisableCpm (reg_dword) = 1
HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp – fDisableCdm (reg_dword) = 1
HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp – fDisableCcm (reg_dword) = 1
HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp – fDisableCam (reg_dword) = 1
HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp – fDisableLPT  (reg_dword) = 1
HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp – fDisablePNPRedir (reg_dword) = 1
HKLMSYSTEMCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp – fForceClientLptDef (reg_dword) = 0


Link til ovenstående GPO (htm report).
http://cid-a78115db432a8db0.skydrive.live.com/self.aspx/XenApp/TS%202008%20Policy%20-%20Machine.htm

Yderligere info til ovenstående, samt settings til Windows 2003.
http://www.xenappblog.com/2009/terminal-server-xenapp-tuning-tips-group-policy/
http://www.citrixtools.net/en/Articles/articleType/ArticleView/articleId/36/Terminal-Server-XenApp-Tuning-Tips.aspx