Wallpaper in Terminal Session

A customer of mine told me that since we upgaded his Citrix Server to Windows Server 2003 his users was not able set a wallpaper anymore. I know… wallpapers slow down performance in terminal sessions 🙂

Apparently Windows Server 2003 has a default policy that prevents changing the desktop wallpaper. You can find
it under Computer Configuration -> Administrative Templates -> Windows Components -> Terminal Services. Here look for the policy called “Enforce Removal of Remove Desktop Wallpaper“. Set this policy to disabled. If this is domain environment make sure that you set this policy where it will apply to your terminal server (e.g. OU where TS computer account is in).

Using IP of TS Client in session

A customer of mine needed to be able to map a printer on a client computer tunning TS client to an LPT port in the TS Session… After a little googling I found a cool little utility at DABCC called ENVTSCIP from Ctrl-Alt-Del IT Consultancy. These guys has a couple of cool tools for TS and Citrix.

ENVTSCIP together with a little script it takes the client IP address and puts it in an environment variable.

Links:

DABCC
Ctrl-Alt-Del IT Consultancy

Problems with Custom ICA Connections

When migrating a Citrix Server to a new domain I ran into a problem.

After the migration I tried to connect to the server with a custom ICA connection and got the following error message:

“The desktop you are trying to open is currently only available to administrators. Contact your administrator to confirm that the correct settings are in place for your client connection.”

To solve this problem go to “Client Connection Configuration Tool” and open properties for ica-tcp. Click “Advanced…” and uncheck “Only Launch Published Applications”.

Thankyou Anna @ AKS for this info.

Cursor Not Blinking on Windows Server 2003 TS and Citrix

I ran into a, to me, insignificant problem that I hadn´t even reflected over before… Apparently there is a design change in Windows Server 2003 which means that the blinking cursor is disabled when you run in the TS interface.

How to add the CursorBlinkEnable registry entry to enable cursor blinking

After you install the hotfix, you can enable cursor blinking. To do this, add the CursorBlinkEnable registry entry to the following registry sub-key, and then set the registry entry to 1:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server

To enable cursor blinking, follow these steps:

1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate, and then click the following registry key:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlTerminal Server
3. On the Edit menu, point to New, and then click String Value.
4. Type CursorBlinkEnable, and then press ENTER.
5. Right-click CursorBlinkEnable, and then click Modify.
6. Type 1 in the Value data box, and then click OK.
7. Quit Registry Editor.

Source: Microsoft Knowledgebase

ICA Client connections via Secure Gateway & SSL Relay fail due to expired VeriSign Global Server Intermediate Root CA

The VeriSign Global Server Intermediate Root Certificate expires on January 7, 2004. If your Secure Gateway or SSL Relay server is using a VeriSign Global Server ID certificate, you may need to update the intermediate certificate.

Symptoms

All Citrix ICA Clients versions connecting via Secure Gateway or the Citrix SSL Relay Service through NFuse and/or Web Interface using the VeriSign Global Server Intermediate Root Certificate fails.

When you try to connect to a MetaFrame presentation server through Secure Sockets Layer (SSL), you may receive one of the following error messages:

1. The connection was rejected. The SSL certificate is no longer valid. Please contact your Citrix Administrator (SSL error 70)

2. The server sent an expired security certificate. The certificate “O=Verisign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA – Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign” is valid from Thursday, April 17, 1997 to Wednesday, January 7, 2004.

3. Security alert: A security certificate has expired or is not yet valid. The certificate “O=Verisign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA – Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign” is valid from Thursday, 17 April, 1997 to Wednesday, 7 January, 2004.

Cause

This problem occurs because the old VeriSign [128-bit SSL] Global Server Intermediate Root CA expires on January 7, 2004. Servers that are using this public root certificate that have not been updated with the new Global Server Intermediate Root CA may encounter problems when they try to establish SSL sessions after January 7, 2004.

This problem will be observed by all ICA client platforms and versions attempting to connect through an affected Secure Gateway or SSL Relay service.

Citrix Administrators

Verify that all Secure Gateway and SSL Relay servers that are currently running with VeriSign certificates have updated the Intermediate Root Certificate Authorities (CA’s). As of January 7, 2004 they will no longer be able to establish SSL sessions if they haven’t.

The Gateway & SSL Relay Services need to be restarted for the changes to take effect.

More information

For more information about this problem, please visit the following VeriSign Web site:

http://verisign.com/support/vendors/exp-gsid-ssl.html

For information about how to replace the VeriSign Global Server ID Intermediate Root CA, visit the following VeriSign Web site:

https://www.verisign.com/support/site/caReplacement.html

Please read the directions at this site carefully prior to attempting to update your servers Intermediate CA information. The updated certificate must be imported to the Local Computer > Intermediate Certification Authorities > Certificates store using the MMC Certificates snap-in. After updating the certificate, restart the Secure Gateway or SSL Relay service.

You will need to verify that all web servers, Secure Gateway servers and MetaFrame servers running the Citrix SSL Relay Service with VeriSign certificates have updated the Intermediate Root Certificate Authorities (CA’s). After January 7, 2004 they will not be able to establish SSL sessions until the intermediate certificate is updated.

Note: The updated intermediate root certificate has the following properties:

Issued to: www.verisign.com/CPS <http://support.citrix.com/article/CTX103235&searchID=-1

Removing Terminal Server licenses from an RDP client

32 bit RDP clients store their license under the key HKEY_LOCAL_MACHINESoftwareMicrosoftMSLicensing.

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To clean the client’s license cache, just delete this key and its subkeys. The next time the client connects to the server, it will obtain another license.