TechTip: Microsoft TS/RDS Updates for Windows Server 2008 and 2012

My colleague Aaron Silber sent over a handy-dandy table with hyperlinks to the Microsoft pages of patches and updates available for Windows Server 2008 and Windows Server 2012.

Terminal Services (Remote Desktop Services) in Windows Server 2008	KB 2312539
Remote Desktop Services (Terminal Services) on Windows Server 2008 R2 SP1	KB 2601888
Remote Desktop Services in Windows Server   2012	KB 2821526
Remote Desktop Services in Windows Server   2012 R2	KB 2933664

StoreFront 2.6 and Windows 10 Edge Browser

If you've been following Feng Huang's blog on customizing Receiver, you've probably seen StoreFront 3.0 and Windows 10 Edge Browser. In it, Feng explains how StoreFront 3.0 has been given the smarts to allow you to use the native Receiver with Edge.
What if you are still running StoreFront 2.6 (or 2.5)? Since Edge cannot run the ActiveX controls necessary for client detection, only the HTML5 Receiver would be used (see: Receiver Feature Matrix for HTML5 Receiver limitations).

This post will use a slightly modified version of another one of Feng's posts - Preparing for NPAPI Being Disabled by Google Chrome - to give you the ability to use the native Receiver with Edge.
In that post, Feng discusses how to:

• Disable the prompt to install the Receiver
• Provide a permanent link for downloading the Receiver
• Provide a link to switch between the native (full) Receiver and the HTML5 Receiver (referred to as the 'Lite' version of the Receiver).

However, the modifications discussed in the post are specific to Chrome. With just a bit of tweaking, we can add the above features for any browser.

We begin by adding the following strings to custom.wrstrings.en.js and a localized version for every language you need to support to custom.wrstrings.[language].js. 

Next, we need to add the code below to custom.script.js (in the contrib folder of the StoreWeb site).

The code above adds the following links to the dropdown next to the user's name:

How to Add a Domain Name Drop-Down for NetScaler Gateway 11

You may have a scenario where users might need to authenticate to different authentication servers (LDAP Domain Controllers) based on their domain. This article describes how to add a drop-down menu with domain names on the logon page for NetScaler Gateway version 11, and have the NetScaler send the authentication request to the appropriate server. While Citrix Support Article CTX118657 describes a procedure to add domain names to the NetScaler logon page, the article is targeted for NetScaler firmware version 10.x, and will not work with version 11.

Citrix has actually added built-in support for a domain drop-down in version 11, but it is not quite fully functional. With a little bit of tweaking, however, it can be up and running in no time.

Note: The following modifications are provided as-is, and are not officially supported by Citrix Tech Support. You may be asked to reverse these changes when calling in for support.

INSTRUCTIONS:

CTX118657 contains four sections:

• Create the drop-down menu with the list of domain names
• Create a cookie on the user’s computer with the domain selected by the user
• Create a procedure to ensure that the modifications will survive a reboot
• Modify the authentication policy to be selected based on the cookie created

In this post, we will deal with the first two sections. Please refer to the support article for the remaining two sections.

Create the drop-down menu with the list of domain names

The first step is to give NetScaler the list of domain names. To do that, open PuTTY session to the NSIP of your NetScaler, and issue the following command:

> set vpn vServer "<AG vServer>" –userDomains Domain1,Domain2,Domain3

Now fire up WinSCP and go to the directory /netscaler/ns_gui/vpn/js.

Make a backup copy of gateway_login_form_view.js, and search for:

The correct cookie name should be userDomains:

At this point, if you saved the file, and refreshed the NetScaler logon screen, you would see the domain drop-down:

You may notice that there are still two issues … while the drop-down is now being displayed (and there is an entry corresponding to each domain), all the entries are blank!

  

The second issue is more of a cosmetic issue … the screen would look a lot better if the length of the drop-down was the same as the text boxes above it.

To correct the first issue, go back to gateway_login_form_view.js and search for:

The reason that the entries are blank is because the second attribute is incorrect. It should be “text”:

Alternatively, either of the following lines would also work:

   

var option = '<option value="' + domains[j] + '">' + domains[j] + '</option>';

var option = $("<option></option>").val(domains[j]).html(domains[j]);  

Now save the file and refresh the logon page. We now have our drop-down populated with our domains:

 

However, we want to stretch the drop-down to match the length of the text boxes above. We can do that by adding cascading style sheet (CSS) overrides for the height and width of the drop-down. There are 3 built-in themes with NetScaler 11 – Default, Greenbubble, and X1, and the overrides are different for each theme.

In WinSCP, browse to each theme directory, /var/netscaler/logon/themes/<theme>/css/, and create a file called custom.css. Insert the appropriate override values for each theme.

For the default theme, insert:

.domain_select {
       width: 176px;
       height: 23px;
}

For the Greenbubble theme, insert:

.domain_select {
       width: 208px;
       height: 28px;
}

For the X1 theme, insert:

.domain_select {
      width: 361px;
      height: 42px;
}

After saving custom.css, our domain drop-down is now aligned with the rest of the input fields:

Default theme

Greenbubble theme

X1 Theme

Now that we’ve completed the drop down, let’s move on to the next section.
 

Create a cookie on the user’s computer with the domain selected by the user

Fire up WinSCP and make a backup of /netscaler/ns_gui/vpn/login.js.

Add the following JavaScript functions after the first line where indicated above:

 function getCookie(name) {
    // use: getCookie("name");
    var re = new RegExp(name + "=([^;]+)");
    var value = re.exec(document.cookie);
    return (value != null) ? unescape(value[1]) : null;  }

  var today = new Date();
  var expiry = new Date(today.getTime() + 28 * 24 * 3600 * 1000); // +28 days
  var expired = new Date(today.getTime() - 24 * 3600 * 1000); // less 24 hours

  function setCookie(name, value) { 
    // use: setCookie("name", value);
    document.cookie=name + "=" + escape(value) + "; path=/; expires=" + 
                expiry.toGMTString();
  }

  function setDomainCookie(form) {
    setCookie("domainvalue", form.domainvalue.value);
    return true;
  }

Save the file. Now go back to gateway_login_form_view.js (in the js directory).

Look for the line beginning var form = …  At the end of the line, you should see:

Add setDomainCookie(this); right before clean_name_cookie(); (you can optionally also correct the ‘margin’ typo!). This tells the NetScaler to save the user's domain selection before submitting the page.

Save the file.

Now go back to CTX118657, and follow the last 2 sections to complete the modification.

-Sam

Documenting Citrix StoreFront with PowerShell

Up-to-date StoreFront documentation is essential because it allows you to:

• Clone a StoreFront server group,
• Help troubleshoot any issues with the deployment, and
• Re-create servers after a crash.

Up until now, however, there was no easy way to create reliable StoreFront documentation. Carl Webster has created an amazing collection of automated documentation scripts for Citrix and Microsoft products like Active Directory, XenDesktop, and XenApp, which he offers for free on his website. After talking to Webster, I offered to build a Citrix StoreFront documentation script based on his PowerShell script template for generating documentation in Microsoft Word or Adobe PDF. Being able to use his template gives me the ability to focus just on the StoreFront piece and have Webster worry about Word versions, language packs, etc.


What are they?

The StoreFront scripts are a pair of PowerShell files which create documentation in MS Word, PDF, HTML, or formatted text. The first script (SFServer.ps1) uses the StoreFront PowerShell cmdlets to iterate through the StoreFront configuration which is output to an XML file. This file is used as input to the second script (SFClient.ps1) to produce the actual documentation.


Where can I get them?

The StoreFront scripts have been put into the public domain, and have been added to the extensive collection of scripts on Webster's website. You can always find the latest version of the scripts on his download page.

Please see the included README file for instructions on running the scripts, which may be run either command-line, or GUI (the default).
The scripts have been tested on version 2.x and version 3.0 of StoreFront, though the new features of v3.0 (e.g. App Groups) are not documented in this version.

Thank you to Webster, Barry Schiffer, and all those who helped with testing and suggestions.

Making a Splash with StoreFront - A Deep Dive!

It’s official! StoreFront is here to stay so let’s ensure StoreFront servers are production-ready through solid documentation. Documentation is essential because is allows you to:

• Clone a StoreFront server group,
• Help troubleshoot any issues, and
• Re-create servers after a crash.

Dive deep with me during my session at Citrix Synergy, where you will see how easy it is to automagically generate awesome StoreFront documentation (in MS Word or PDF format) using the StoreFront PowerShell SDK. You will learn which PowerShell cmdlets are used to document a StoreFront server group  (there are also complementary cmdlets with which you can create/modify your server group).

Plus, the techniques you will learn in this session are not limited to StoreFront! You will learn how to create an intuitive GUI for your PowerShell scripts that can modify itself based upon variables in the script. You will also learn how to add custom icons and graphics to the forms used in your scripts.

As usual, all source code for the session customizations will be made available to presentation attendees.

So join me at Citrix Synergy for SYN417: StoreFront PowerShell documentation deep dive, on Tuesday, May 12 from 4:00-4:45 PM PST time in Valencia Ballroom D. Let me show you how to produce awesome StoreFront documentation, and become more proficient in PowerShell in the process.  Hope to see you there! 

Exercise Caution When Upgrading your SSL Certificate(s)

I received a call from a client recently. They renewed the SSL certificate on their NetScaler, and while their iOS Receiver users could still authenticate and enumerate applications, they could no longer launch applications and desktops. All intermediate certificates were properly installed and linked.

The issue turned out to be the encryption method - SHA2 - used to hash the digital signature.

While SHA2 certificates have been around for a while, SHA1 certs had been the standard – until now. Microsoft has announced a new policy for CAs (Certification Authorities) who are members of the Windows Root Certificate Program (who issue publicly trusted certificates). The policy dictates that SHA1 certificates will be deprecated on January 1, 2016. After that date, only SHA2 certificates will be allowed to be issued. Unfortunately, the latest iOS (5.8) and Android (3.4) Citrix Receivers (among others) do not support SHA2 certificates when proxied through the NetScaler. See the full Receiver product matrix.

While Citrix has promised a NetScaler upgrade in 2004 Q2 to remedy the issue, if you are supporting remote iOS or Android users through NetScaler and you need to upgrade your SSL certificate, make sure that you purchase a SHA1 cert and not a SHA2 cert.

Note: I do find it curious, however, that Microsoft is still using a SHA1 certificate on their own site. ;-)

Synergy 2014 - Migrating Web Interface Customizations to StoreFront

Didn’t make it to Citrix Synergy this year? Not to worry! 

While this year’s session was not videotaped for SynergyTV, you can still download all presentation materials and source code:

·        Session PowerPoint presentation (includes speaker notes) 

·        Complete session source code:

o   Demo 1 – The Power of jQuery

o   Demo 2 – New StoreFront Skin

o   Demo 3 – Adding Help Desk information

o   Demo 4 – Alternate Application Views

o   Demo 5 – StoreFront Store Customization SDK

You can also view the presentation on SlideShare!
If you have any questions on the above, you can reach me at Sam.Jacobs@ipm.com