Sharefile SAML AD Authentication Fails on Chrome and Firefox

After configuring our ShareFile to integrate our AD accounts using AD FS 2.0 and SAML for login, we found several user could not log in with Chrome or Firefox.  They would go to the SAML login URL and then enter their correct AD credentials.  The login would then fail.  Using IE with the same credentials was successful.  After investigation, the issue was linked to AD FS 2.0 and Chrome/Firefox, not ShareFile.

The Solution below was found at http://exitcodezero.wordpress.com/2013/05/30/adfs-authentication-issues-with-chrome-and-firefox/

To correct the issues, disable Extended Protection in IIS on your ADFS server

  1. Open IIS Manager on your ADFS Server
  2. Expand your ADFS Server
  3. Expand Sites
  4. Expand Default Web Site
  5. Expand adfs
  6. Click to select ls
  7. Double-click Authentication 2013.05.30_adfs_auth_2
  8. Right-click Windows Authentication and select Advanced Settings… 2013.05.30_adfs_auth_3
  9. Set Extended Protection to Off 2013.05.30_adfs_auth_4
  10. Restart IIS or perform an iisreset

Citrix is all new in June

If you’ve been paying attention to Twitter lately, you’ve probably noticed that there have been a lot of new announcements and releases from Citrix over the past 7 days.   So many in fact it can be difficult to keep straight exactly what is going on.  I’m going to try to clear up some of the murk and hopefully help you understand how these announcements are going to impact your plans for the near future. I’ll try to detail each of the announcements and product updates and what’s new with them.

XenDesktop 7: This is Citrix’s flagship VDI product, which competes head to head with VMware’s Horizon View.   Hopefully most Citrix customers are also aware that most of the license editions for XenDesktop also include rights to Citrix XenApp (also knows as Presentation Server or MetaFrame).  Despite the bundling, XenApp and XenDesktop have always been two distict products with separate infrastructures and management frameworks.  XenDesktop 7 changes all that.  With the v7 release XenDesktop now fully encompasses all the functionality for application and desktop publishing from both server OS (XenApp/RDS – aka Hosted Shared) as well as desktop OS (XenDestkop/VDI – aka Hosted).  This means that from a single console you can configure desktops and apps published from Windows XP, 7, 8, Server 2008R2 and Server 2012.  Yes, I said desktops and apps!  Actually XenDesktop has had the ability to do “VM Hosted Apps” for a while but it was infrequently used; that capability is now core functionality and delivers the “seamless” published apps from both destkop and server environments.

Did I mention this is all in a single console?  Well, actually there are two consoles – the management/configuration interface which is now named “Studio” and a helpdesk and monitoring interface named “Director”.  XenDesktop admins will be familiar with both of these.  By the way, Director now has the ability to mine Edgesight data to provide historical information about users, apps, sessions, and hosts.

With the merger there is now a 4th edition of XenDesktop – now giving us Platinum, Enterprise, VDI, and Apps.  The Apps edition will map to the functionality which was previously provided by XenApp.

XenDesktop 7 also brings a host of new features and functionality including the H.264 supercodec, reverse seamless applications, and App DNA integration.  RemotePC is now configured from within the Studio console.   One of the more interesting capabilities is that you can now use MCS to manage your published app server farms which will greatly simplify single image management for smaller environments. Check out this blog for more details and a link to the Citrix TV session detailing the new features.

XenDesktop 7 brings with it a host of other updates:

  • StoreFront 1.2 -> StoreFront 2.0
  • Web Interface 5.4 -> StoreFront 2.0 (StoreFront is now required)
  • Provisioning Services 6.1 -> Provisioning Services 7.0
  • XenServer 6.1 -> XenServer 6.2
  • Receiver 3.4 -> 4.0  (and new receivers for iOS, Android, and OSX too)

It’s a pretty safe bet that if you use XenDesktop or XenApp you’ve got some new code in your future.

XenApp 6.5 Feature Pack 2: Much less hubbub about 6.5 FP2, but very noteworthy that in this same timeframe Citirx has chosen to issue an update to the existing XenApp product which offers many of the end-user benefits associated with XenDesktop 7.  This appears to be a recognition on Citrix’s part that customers probably will not migrate off of XenApp 6.5 in any great hurry, and this update removes much of the need.  XenApp 6.5 was originally released in August of 2011 and is widely deployed.  Details of the new features can be found here.

Cloudgateway is now XenMobile Apps: So if you’re looking for an updated App Controller, you need to look in a new place.  This heralds future integration between the XenMobile MDM solution and Citrix’s Web/SaaS/Mobile Application management.  We also saw a new release of XenMobile MDM 8.5 on June 28.

ShareFile Storage Center and Connectors are now Storage Controller 2.0: This brings the integration of the on-prem storage options for ShareFile all into one product, reducing the number of servers needed to connect to local storage zones, CIFS shares, and SharePoint.  It also provides read/write access to SharePoint sites!

XenServer 6.2: The latest release of Citrix’s XenServer hypervisor is more incremetnal and has not received much fanfare, with the largest announcement being that the product is now fully open source.  More details on the future strategy and new features can be found here.

NetScaler 10.1: It seems like this release has been kept fairly quiet, however the new HDX Insight reporting feature will offer great value to shops using NetScaler for its Access Gateway Enterprise Edition features.  Want to know how much data user sessions are moving?  Look no further!

VDI in a Box: Even VDI in a Box got an update, now at version 5.3. ViaB gets updates to support better 3D graphics. newer hypervisors, the H.264 supercodec, Windows 8 and Personal vDisk.  More info can be found here.

So June has been a huge month for Citirx with updates across nearly the entire product portfolio.  If you have or use Citrix products these changes will affect you.  If you need help or just want more information reach out to your Lewan Account Executive.  We’re here to help.

Enable Alt+Tab Application Toggling in a Citrix XenApp Desktop Session

I recently had a request for a user to be able to toggle between different applications inside their Citrix desktop session with alt+tab. The Citrix receiver provides this functionality with a registry change. There are a couple ways to send the hot key combo of Alt+tab to the Citrix session, but below I will show how to pass the physical hot key combo of Alt+tab from the client workstation to the Active Citrix session window (non-fullscreen mode).
This work will be done on the Client workstation and I am assuming the client has Windows 7 with Citrix receiver installed.
My background information was found here:
http://support.citrix.com/article/CTX118974
http://support.citrix.com/proddocs/topic/ica-settings/ica-settings-transparentkeypassthrough.html
1. Open regedit on the client device to edit the registry
2. Navigate to the key
HKEY_LOCAL_MACHINE \SOFTWARE\Citrix\ICAClient\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Keyboard\
3. Open Key: TransparentKeyPassthrough
4. Set the value to: RemoteRegistry changes for Alt Tab setting

5. Exit the Citrix receiver if it is started and log back into your Citrix desktop.
6. When the Citrix desktop session is the Active window, you will be able to toggle between the applications in that session with Alt+Tab

Lewan Synergy of the Rockies

Our Lewan Synergy of the Rockies event was yesterday, here are some highlights and links from the event.

Citrix Support – Premier Support calculator citrix.com/pscalculator. AutoSupport released for automated diagnosis of issues http://support.citrix.com/article/CTX135408

Citrix GotoMeeting – mobile clients have the ability to start and host a meeting as well as present content from the device. Whiteboard functionality is also built in.

Citrix XenServer – XenServer 6.1 released, includes support for Storage XenMotion, LACP (up to 4) support, batch conversion of VMware virtual machines

Citrix XenClient – added support for ultrabooks

Citrix ShareFile- What ShareFile does is: Store, Sync, Share

  • Sync and device with user files
  • Selective offline access on mobile devices
  • Data protection – encryption, lock, remote wipe, poison pill
  • Enables file sharing with anyone
  • Online file sharing space for virtual teams

With ShareFile Enterprise released, control plane resides at Citrix Online while the data plane can reside inside your datacenter, your data never resides outside. StorageZone Connect (tech preview) allows integration of existing file shares.

Citrix CloudGateway Enterprise – enabled mobile application management of iOS and Android devices, wrapped native app deployment via the Citrix AppController. AppController integrates mobile, web/saas, follow-me-data.

Just announced last week is @WorkWeb and @WorkMail, videos of this solution in action are here.

Citrix Receiver – Citrix Receiver for HTML 5 was released this summer, requires Access Gateway 10 and StoreFront 1.2. Enabled clientless access to Windows apps, Desktops, web and SAAS apps.

One Citrix Receiver look and feel across desktops and mobile platforms. First Time User experience allows setup and configuration with just a users email address.

Citrix RemotePC – Citrix RemotePC was released as part of Citrix XenDesktop 5.6 Feature Pack 1. RemotePC is the secure brokering of a physical endpoint (desktop or laptop) that is in your office (typically) via Citrix HDX technology. Think of it as GotoMyPC but with the centralized control over virtual channels (printing, clipboard, local drives, etc), automated provisioning of PC and end users, and the high performance of Citrix HDX. RemotePC is available in Citrix XenDesktop Enterprise and Platinum and in most cases won’t require any additional Microsoft licensing…as in you won’t need VDA licenses!

Universal Print Server- Combined with the previously available Universal Print Driver, administrators may now install a single driver in the virtual desktop image or application server to permit local or network printing from any device, including thin clients and tablets, leveraging HDX optimization technology to reduce bandwidth load over wide area networks and manage printing communications outside of the virtual desktop channel for enhanced Quality of Service. Use of the Citrix Universal Print Driver had previously been constrained to Windows devices because we relied on Windows to translate from Windows-centric print formats. With UPS, the print engine runs on a server, and we’re no longer limited to printing from Windows devices because the format translation is done on the server. There’s now little or no need to install 3rd party, non-native printer drivers, so overall stability is also improved.

Project Excalibur (XenDesktop v.Next) – Part of Project Avalon. Unification and simplification of XenApp/XenDesktop into a single architecture. XenApp IMA architecture has been around since Metaframe XP and in Project Avalon is being integrated into the Citrix XenDesktop FMA architecture.

Excalibur will also bring support for Windows Server 2012 and Windows 8 machine groups.

Also announced was a new SuperCodec using H.264 encode/decode. With so many devices support H.264 decode via hardware acceleration this could be a fallback encoding method for devices that don’t support offloading the multimedia to the client (ex: AVI, WMV, Flash). With the upcoming vGPU (GPU virtualization) the encoding could also potentially benefit from hardware based encoding. This technology will also support transcoding down high bit-rate video down to adapt to available bandwidth so that you can take 1080p video and transcode down to stream on 3G networks.

You can watch Citrix Synergy Barcelona session SYN133 on CitrixTV which goes thru the Excalibur release.

Excalibur will be available for download as a tech preview on November 1st.

Citrix Netscaler – Citrix Netscaler 10 now support scale-up, scale-in, and scale-out (TriScale) options with new Active-Active-Active-Ac.. scale-out options. Citrix and Cisco also announced a new partnership where Cisco will be selling Citrix Netscaler into their customers who are looking for Application Delivery Controllers as Cisco recently discontinued their ACE product line. Citrix also announced new partnerships with a number of key vendors who will be building joint solutions on their Netscaler product line.

Streaming Citrix apps directly

If you want to get around publishing the applications through PNAgent or Web Interface you can use this method to run streamed applications.  Obviously don’t call support if this doesn’t work…use only for testing, but it’s an interesting article and definitely helps understand more about the streaming architecture of Citrix XenApp.

http://community.citrix.com/display/ocb/2009/03/05/App+Streaming+-+Running+apps+via+RadeRun

Citrix Provisioning Server

If you’ve never heard of this product call us!  Pretty slick video, it’s a few years old now and is now used everywhere within the Citrix XenDesktop solution.  Even if you decide not to virtualize desktops you can use technology like this to centrally manage the images for your desktop and instantly deploy and update your clients!  Sweet stuff.