All Exam Updates

free elearning on 2008 R2

Exam Updates for 70-640 / 70-642 / 70-643 / 70-646 / 70-647

Microsoft has updated the exam content for the Server 2008 exams with R2 content.

The following “FREE” text covers R2 updates to Server 2008.

Introducing Windows Server 2008 R2, by Charlie Russell and Craig Zacker with the Windows Server Team at Microsoft.

Chapter 1    What’s New in Windows Server R2    1
Chapter 2    Installation and Configuration: Adding R2 to Your World    9
Chapter 3    Hyper-V: Scaling and Migrating Virtual Machines    25
Chapter 4    Remote Desktop Services and VDI: Centralizing Desktop and Application Management    47
Chapter 5    Active Directory: Improving and Automating Identity and Access    65
Chapter 6    The File Services Role    91
Chapter 7    IIS 7.5: Improving the Web Application Platform    109
Chapter 8    DirectAccess and Network Policy Server    129
Chapter 9    Other Features and Enhancements    147
Index    163

This book can be downloaded here (XPS file) , here (PDF file) and here (EPUB)

Posted in Windows Server 2008 | Leave a comment


Configuring Domain Name System (DNS) for Active Directory (16%)
Configure zones

What’s New in DNS in Windows Server 2008DNS Server Overview
Understanding Active Directory DomainServices Integration
DNS Architecture
DNS Overview
Configuring Zone Properties
Adding Zones
Managing Resource Records

Configure DNS server settings
Understanding Forwarders
Using Forwarders
Checklist: Use Forwarders
Understanding Zone Delegation
Updating Root Hints
Use Aging and Scavenging

Configure zone transfers and replication
Understanding DNS Zone Replication in Active Directory Domain Services
Planning DNS Zones
Create a DNS Application Directory Partition
DNS Notify
Troubleshooting zone problems

Configuring the Active Directory infrastructure (25%)
Configure a forest or a domain
Requirements for Installing AD DS
Steps for Installing AD DS
Active Directory Domain Services (AD DS) Installation and Removal Step-by-Step Guide
Steps for Removing AD DS
Appendix of Unattended Installation Parameters
Download details: ADMT v3.1 Guide: Migrating and Restructuring Active Directory Domains
Scenarios for Installing AD DS
Appendix of Functional Level Features

Configure trusts
Managing Trusts
Managing Forest Trusts
Configuring SID Filter Quarantining: Domain and Forest Trusts; Active Directory

Configure sites
Overview of Active Directory Sites and Services
Checklist: Configure an Additional Site
Changing site link properties: Active Directory
Creating a Site Link Bridge Design

Configure Active Directory replication
DFS Replication: What’s new in Windows Server™ 2008 R2
Introduction to Administering Intersite Replication: Active Directory
Managing Intersite Replication: Active Directory
Introduction to Administering DFS-Replicated SYSVOL: Active Directory
SYSVOL Replication Migration Guide: FRS to DFS Replication
Forcing Replication

Configure the global catalog
Enabling Universal Group Membership Caching in a Site
Understanding the Global Catalog
Introduction to Administering the Global Catalog: Active Directory
Checklist: Add a Global Catalog Server
Configuring a Global Catalog Server: Active Directory

Configure operations masters
Introduction to Administering the Windows Time Service: Windows Time Service
Introduction to Administering Operations Master Roles: Active Directory
Transferring an operations master role: Active Directory
Seizing an operations master role: Active Directory
Designating a standby operations master: Active Directory
Active Directory Schema
Planning Operations Master Role Placement

Configuring additional Active Directory server roles (9%)
Configure Active Directory Lightweight Directory Service (AD LDS)
Running Domain Controllers in Hyper-V
Server Core Installation Option Getting Started Guide…61(WS.10).aspx
Active Directory Lightweight Directory Services Operations Guide

Configure Active Directory Rights Management Service (AD RMS).
Active Directory Rights Management Services Overview
Active Directory Rights Management Services Role
Active Directory Rights Management Services
Active Directory Rights Management Services

Configure the read-only domain controller (RODC).
AD DS: Read-Only Domain Controllers
Read-only Domain Controllers (RODC) Step-by-Step Guide
Read-Only Domain Controller (RODC) Planning and Deployment Guide
Read-Only Active Directory Database, SYSVOL, and Unidirectional Replication
RODC Filtered Attribute Set, Credential Caching, and the Authentication Process with an RODC
Administrator Role Separation
Administering the Password Replication Policy
RODC Frequently Asked Questions

Configure Active Directory Federation Services (AD FS).
Active Directory Federation Services v2
Active Directory Federation Services Overview
Active Directory Federation Services Role
Active Directory Federation Services (AD FS) Step-by-Step Guide
Active Directory Federation Services
AD FS Design Guide
AD FS Deployment Guide
Deploying Federation Servers
Deploying Federation Server Proxies

Creating and maintaining Active Directory objects (24%) 
Automate creation of Active Directory accounts
Administering Distribution Lists for Message Queuing

Maintain Active Directory accounts
Dsmod group
AGDLP – Wikipedia, the free encyclopedia
User Account Control
Delegating Administration of Account OUs and Resource OUs

Create and apply Group Policy objects (GPOs).
Group Policy
Download details: Planning and Deploying Group Policy
Download details: Group Policy Preferences Overview
Deploying Basic Settings by Using Group Policy
Loopback processing of Group Policy

Configure GPO templates
Managing Group Policy ADMX Files Step-by-Step Guide
Download details: Starter Group Policy Objects (GPOs)
Overview of AGPM

Configure software deployment GPOs
Applocker resources – TechNet
How to use Group Policy to remotely install software in Windows Server 2003

Configure account policies
Offline Domain Join: Step-by-Step Guide
Active Directory Domain Services (AD DS)
Fine-Grained Password and Account Lockout Policy Step-by-Step Guide

AD DS: Fine-Grained Password Policies

Configure audit policy by using GPOs.
What’s new in Windows Security Auditing
Advanced Security Auditing in Windows 7 and Server 2008 R2
Advanced Security Audit Policy Step-by-Step Guide
Advanced Security Auditing FAQ
Active Directory Domain Services (AD DS)
Auditing Step-by-Step Guide

Download details: Group Policy Settings Reference for Windows Server 2008
How to use Group Policy to configure detailed security auditing settings for Windows Vista-based and Windows Server 2008-based computers in a Windows Server 2008 domain, in a Windows Server 2003 domain, or in a Windows 2000 domain.

Maintaining the Active Directory environment (13%)
Configure backup and recovery
Active Directory Recycle Bin Step-by-Step Guide
Windows Server Backup Step-by-Step Guide for Windows Server 2008
Backing Up Your Server
Recovering Your Server
Active Directory Domain Services (AD DS) Backup and Recovery Step-by-Step Guide
Introduction to Administering Active Directory Backup and Recovery: Active Directory
Backing Up Active Directory Domain Services: Active Directory
Set DSRM password
Authoritative restore
Backing Up Group Policy Objects

Perform offline maintenance
Active Directory Database Mounting Tool Step-by-Step Guide
Restartable Active Directory Domain Services (AD DS) Step-by-Step Guide
Compact the directory database file (offline defragmentation): Active Directory

Monitor Active Directory
Performance and Reliability Monitoring Step-by-Step Guide for Windows Server 2008
Windows Reliability and Performance Monitor

Configuring Active Directory Certificate Services (13%)
Install Active Directory Certificate Services
Active Directory Certificate Services Overview
Active Directory Certificate Services Step-by-Step Guide
Designing a Public Key Infrastructure: Public Key

Configure CA server settings
AD CS: Enterprise PKI (PKIView)
Download details: Active Directory Certificate Services Longhorn Beta3 Key Archival and Recovery Whitepaper

Manage certificate templates
Certificate Templates Overview
Download details: Implementing and Administering Certificate Templates in Windows Server 2008

Manage enrollments
Certificate Enrollment Web Services in Windows Server 2008 R2
Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide
Cross-Forest Certificate Enrollment for Wndows Server 2008 R2

Certificate Autoenrollment in Windows Server 2003

What’s new in Wndows Security Auditing
Advanced Security Auditing in Windows 7 and Server 2008 R2
Advanced Security Audit Policy Step-by-Step Guide
Advanced Security Auditing FAQ

AD CS: Network Device Enrollment Service
AD CS: Web Enrollment
AD CS: Restricted Enrollment Agent
Download details: Microsoft SCEP Implementation Whitepaper.

Manage certificate revocations

AD CS: Online Certificate Status Protocol Support
Online Responder Installation, Configuration, and Troubleshooting Guide

Posted in Windows Server 2008 | Leave a comment


A link to the Microsoft Learning Page discussing 70-642 (Click Here)

Free Elearning form Microsoft:

Clinic 5936: Introducing Security and  Policy Management in Windows Server® 2008

Clinic 5939: Introducing Server Management in Windows Server®2008


Configuring IP Addressing and Services (24 percent)
Configure IPv4 and IPv6 addressing.
Learn To Subnet:* A Free, Lecture-Based Presentation on IP Addressing and Subnetting
Microsoft Internet Protocol Version 6 (IPv6)
TCP/IP (v4 and v6) Technical Reference
Netsh Commands for Interface (IPv4 and IPv6)
How IPv6 Works
IPv6 Address Reference Card

Configure Dynamic Host Configuration Protocol (DHCP).
Microsoft Windows DHCP Team Blog
Dynamic Host Configuration Protocol
DHCP Server

Configure routing.
How to configure Windows 2008 Server IP Routing

Configure IPsec.
Creating and Using IPsec Policies
Monitoring IPsec
IPsec – Wikipedia, the free encyclopedia

Configure DirectAccess.
TechNet Video: Introducing DirectAccess
TechNet Video: Using Windows 7 Direct Access
Enabling Secure Always-on Connectivity using DirectAccess Video 1 of 2
Enabling Secure Always-on Connectivity using DirectAccess Video 2 of 2
DirectAccess with Devrim
Windows 7 DirectAccess User Experience
TechNet Video: Windows Firestarter Events (Part 2 of 5): Windows 7: Diving Deeper –
DirectAccess and RAS Features

TechNet Video: Windows 7 Firestarter Event (Part 2 of 4): Why VPN? Connect Seamlessly
with DirectAccess

TechNet Video: TechNet Radio Community Corner: John Weston and Doug Spindler discuss DirectAccess and IPv6
TechNet Video: How Do I: Windows 7 and DirectAccess

Configure BranchCache.
TechNet Video: How Do I:Reduce WAN costs with Windows Server 2008 R2, Windows 7 and BranchCache?
TechNet Video: Using Windows 7 BranchCache
Branch Cache in Windows 7
Configuring Name Resolution (27 percent)
The Cable Guy: DNS Enhancements in Windows Server 2008

Configure a Domain Name System (DNS) server
Installing and Configuring Servers
Server Core Installation Option Getting Started Guide

Configure DNS zones
Configuring Zone Properties
Adding Zones

Configure DNS records
DNS Reference Information
Managing ResourceRecords

Configure DNS replication.
Change the Zone Replication Scope
Use Aging and Scavenging

Configure name resolution for client computers.
Windows Internet Name Service
Managing DNS Clients

Configuring Network Access (22 percent)
Configure remote access
TechNet Virtual Lab: Deploying SSTP Remote Access
What’s New in Routing and Remote Access in Windows Server 2008
Routing and Remote Access Service

Configure Network Access Protection (NAP).
TechNet Virtual Lab: Understanding NAP in Windows Server 2008
TechNet Virtual Lab: Network Access Protection with IPSec Enforcement
Network Access Protection

Configure network authentication.
Network Policy Server
Network Policy and Access Services Overview
Remote Access Authentication Methods
The Cable Guy: IEEE 802.1X Wired Authentication

Configure wireless access
802.1X Authenticated Wireless Access
The Cable Guy: Wireless Group Policy Settings for Windows Vista
Creating a Wireless Network Group Policy, Part 1
Wi-Fi Protected Access – Wikipedia, the free encyclopedia

Configure firewall settings.
TechNet Virtual Lab: Managing Network Security using Windows  Firewall with Advanced Security in Windows Server 2008 Beta 3
Windows Firewall with Advanced Security and IPsec

Configuring File and Print Services (13 percent)
File Services for Windows Server 2008

Configure a file server
Introduction to File Server Resource Manager
Managing Permissions
The Storage Team at Microsoft – File Cabinet Blog : Offline Files in Windows Vista
What’s New in Offline Files for Windows Vista
Encrypting File System
Encrypting File System

Configure Distributed File System (DFS).
Overview of the Distributed File System Solution in Microsoft Windows Server 2003 R2
Distributed File System
DFS Step-by-Step Guide for Windows Server 2008

Configure shadow copy services
Shadow Copies for Shared Folders Technical Reference: Data Recovery
How to Use the Shadow Copy Client
Configuring Volume Shadow Copy on Windows Server 2008 – Techotopia

Configure backup and restore.
Backup and Recovery Overview
Volume Shadow Copy Service Technical Reference: Data Recovery
Windows Server Backup

Manage disk quotas.
Working with Quotas

Configure and monitor print services
Print Services Role
Print Management Step-by-Step Guide
Print Management
Print Services
Managing Windows Server 2008 Print Services – Techotopia
Deploying TCP/IP Printers with Group Policy Preferences Clay Moore’s Blog

Monitoring and Managing a Network Infrastructure (14 percent)
Configure Windows Server Update Services (WSUS) server settings
Windows Server Update Services (WSUS) Home
Microsoft Windows Server Update Services 3.0 SP1 Operations Guide
Update and Configure the Automatic Updates Client
Set Up a Disconnected Network (Import and Export the Updates)

Capture performance data.
Performance and Reliability Monitoring Step-by-Step Guide for Windows Server 2008

Monitor event logs
Event Viewer and Resulting Internet Communication in Windows Server 2008
Installation and Configuration for Windows Remote Management (Windows)
Yung Chou is a PC : Windows Server 2008 Event Subscription with Task Scheduling

Gather network data
Download details: Microsoft Network Monitor 3.3
Network  Monitor
What Is SNMP?: Simple Network Management  Protocol (SNMP); Services for Macintosh
Microsoft Baseline Security Analyzer 2.1 Availability Download FAQ Resources

Posted in Windows Server 2008 | Leave a comment

1Y0-A18 XenApp 6 Study Guide

The License Manage Console communicates through port 8082.

The client device communicates with the Access Gateway appliance through port 443.

Unsecured client to XenApp server communication travels on port 1494. When Session Reliability is enabled, and then it is through port 2598.

IMA server to server communication is on port 2512.

A data collector is a server that hosts an in-memory database that maintains dynamic information about the servers in the zone, such as server loads, session status, published applications, users connected, and license usage. Data collectors receive incremental data updates and queries from servers within the zone. Data collectors relay information to all other data collectors in the farm.

There is no exact formula for determining the ideal number of farms, but general guidelines can help: In general, a single farm meets the needs of most deployments. A significant benefit to deploying a single farm is needing only one data store database. Consider using multiple farms when you have geographically dispersed data centers that can support their own data store database, or when you do not want communication between servers within the farm to cross a firewall or WAN. For very large deployments with thousands of servers, breaking the environment into multiple farms can increase performance.

When servers in a farm come online, they query the data store for configuration information. The data store provides a repository of persistent information. For this reason, you would want your data store to be in the same location as most of the servers to minimize the XenApp server to data store traffic travelling over the WAN.

While installing XenApp 6, the administrator can choose to add anonymous users, authenticated users or a list of the users from the users group to the Remote Desktop Users.

Use the XenApp Server Role Manager by selecting “Leave the current server farm” and once removed, “Join an existing server farm”. CHFARM is no longer supported in XenApp 6. The Delivery Services Console only removes server from farm so that it is not visible in the console however the Server is not removed from the data store.

The Citrix online plug-in and Citrix offline plug-in are installed automatically when you install the XenApp role. These plug-ins do not appear in the components lists, and you cannot disable these installations during a wizard-based installation.

The XenApp Server Role Manager deploys the Windows Server Remote Desktop Services role if it is not already installed and enables the RDP client connection option. You will be asked to restart the server and resume the installation when you log on again.

You cannot grant permissions to applications and servers directly. To grant permissions to applications and servers, you must first place the applications or servers in folders and then grant permissions at the folder level. Therefore, before you delegate tasks for applications and servers, make sure you group the applications and servers in folders that allow you to delegate the tasks in a meaningful way.

Configuring XenApp Sessions

The web plug-in has a minimal feature set and the user launches applications from their web browser.

If you want to share sessions, ensure all applications are published with the same settings. Inconsistent results may occur when applications are configured for different requirements, such as encryption.

For session sharing to occur, both applications must be hosted on the same server. Session sharing is configured by default when you specify that applications appear in seamless window mode. Session sharing always takes precedence over load balancing.

Plug-ins can be delivered to multiple users using the Receiver, which allows you to deliver the plug-ins automatically with the Merchandising server, or using Active Directory with an MSI file in a Group Policy Object.

HDX MediaStream for Flash detects the level of network latency between the server and user device the first time an individual browser or browser tab accesses an embedded Flash Player. If latency is determined to be within an acceptable threshold, HDX MediaStream for Flash is used to render Flash content on the user device. If the latency is above this threshold, the network server renders the content if a Flash player is available there. The default threshold setting is 30 milliseconds.

SpeedScreen Image Acceleration applies a lossy compression scheme to reduce the size of image files that the server sends to the client for faster throughput. The compression scheme removes redundant or extraneous data from the files while attempting to minimize the loss of information. The lossy compression levels are as follows: High – low quality, lowest bandwidth; Medium (default) – good quality, lower bandwidth; Low – high image quality, higher bandwidth; None – same quality as original, highest bandwidth.

HDX MediaStream multimedia acceleration optimizes multimedia files that are encoded with codecs that adhere to Microsoft’s DirectShow, DirectX Media Objects (DMO), and Media Foundation standards. To play back a given multimedia file, a codec compatible with the encoding format of the multimedia file must be present on the client device.

SmoothRoaming, more commonly known as Workspace Control, is configured in Web Interface. To use workspace control, you must enable the “Override user device names” setting in the Session Preferences task in the Citrix Web Interface Management console.

Configuring XenApp Policies

Shadow policy settings include: Input from shadow connections, Log shadow attempts, Notify user of pending shadow connections, Users who can shadow other users, Users who cannot shadow other users.

To configure CPU Utilization Management, in the Policies node of the Delivery Services Console, select the Computer tab. The Memory/CPU section contains policy settings for managing CPU utilization and memory optimization.

Remove Server From Load Balancing excludes the server from load balancing. Clients do not attempt to make new connections to this server through Load Manager. However, existing connections are maintained, and attempts are made to reconnect disconnected sessions.

Policies with the highest priority get applied last and take priority over lower policies.

The IMA encryption feature provides a robust AES encryption algorithm to protect sensitive data in the IMA data store. Enabling IMA encryption provides an additional layer of security for the data preserved by the Configuration Logging feature.

If you want administrators to be able to make changes to the server farm when log entries cannot be saved to the Configuration Logging database, select the “Allow changes to the farm when logging database is disconnected” check box.
When a Custom Citrix Administrator is created, his only role by default is “Log on to Management Console”.

Publishing Applications and Content

Publishing the desktop presents users with an entire Windows Server desktop when they log onto XenApp. For security, the desktop should be locked down, or course.

Configure content redirection from client to server by associating published applications with file types and then assigning them to the users you want to be affected. When you configure client to server content redirection, users running the online plug-in open all files of the associated type with applications published on the server. Content redirection from client to server is available only for users connecting with the online plug-in. On the Web Interface server, configure Web Interface to allow content redirection for the farm.

Using application streaming to a client desktop, you make available the full set of application streaming features. You can publish applications as “streamed to client” or any other method for streaming. When you stream applications directly to client desktops, some of the application files are cached locally and the application runs using the resources of the user device.

Selecting “Accessed from a server” grants users access to applications that run on a XenApp server. Choose this option because you cannot stream the application to the thin clients. When you select “Accessed from a server” you must also select the server application type. “Streamed to server” grants users access to stream a profiled application from the file share to a XenApp server (so the application does not have to be installed on a XenApp server, keeping the servers in the state they are currently in) and launch it from XenApp through an ICA connection.

Configure the profiler workstation to provide a run-time environment that is as close to your user device environment as possible. After you create a profile, save it to a file share in your App Hub.

Packages created with the profiler are PROFILE files. Example: msword.profile

Inter-isolation communication is a feature that links individual profiles so that applications in separate profiles can communicate with each other when launched on the user device. An associated profile does not include any additional installation.

You link existing profiles and set their hierarchy so that they can communicate when launched on the user device. By associating these two profiles, Outlook and the Reader can interact as users expect, even though the individual applications are profiled separately. This happens because they are now aware of each other and can interact as though they are profiled together.

The application in the profile is streamed from the App Hub to the XenApp server, where the offline plug-in is installed by default.

Additional Management

Power and Capacity Management can help reduce power consumption and manage XenApp server capacity by dynamically scaling up or scaling down the number of online XenApp servers. As users log on to the system and reduce the idle capacity, other servers in the workload are powered up. As users log off and idle capacity increases, idle servers are shut down. This helps optimize capacity for XenApp workloads. Scheduling provides an automated approach.

Roaming profiles used in Profile Management use the file extension .dat. Mandatory profiles use .man.

Monitoring and Managing Performance and Load
XenApp servers are contained in worker groups.

Load balancing policies can consist of a worker group preference list to determine the servers to which users are directed when logging on.

To ensure users are directed to the appropriate servers, create a worker group preference list to prioritize the servers that users can access. A priority of 1 is considered the highest priority. When a user launches a published application, the load balancing policy directs the user to servers in the highest priority worker groups first. Users are directed to servers in lower priority worker groups if servers in the higher priority worker groups are offline or have reached maximum capacity.

The scheduling rule schedules the availability of selected servers or published applications. This rule sets the weekly days and hours during which the server or published application is available to users and can be load managed.

The IP rule must be used in conjunction with another rule and defines a range of allowed or denied client IP addresses for a published application.

The Default Load Evaluator contains Load Throttling and Server User Load rules. The Load Throttling rule can only be applied to servers, not to applications. Load Throttling limits the number of concurrent connection attempts that a server handles. This prevents the server from failing when many users try to connect to it simultaneously. Server User Load limits the number of users allowed to connect to a selected server.

The Advanced Load Evaluator contains the CPU Utilization Load, Memory Usage, Page Swaps, and Load Throttling rules.

Memory Usage defines a range of memory used by a server. This rule uses the “Memory: % Committed Bytes in Use” performance counter to determine load.

Configuring Printing

The Session Printers setting “Set default printer to client’s main printer” sets the default printer for the session to the client’s current default printer while allowing the reporting group to use other network printers.

The setting “Redirect only the default client printer” in Microsoft’s Printer Redirection only allows the default printer in the session.

To specify how client printer drivers are installed on the XenApp 6 servers, configure the following Citrix policy settings: “Automatic installation of in-box printer drivers” which controls whether Windows native drivers are automatically installed when auto-creating either a client or network printer. Disabling this setting prevents the automatic installation of printer drivers.

“Printer driver mapping and compatibility” lists driver substitution settings for auto-created printers. It allows or prevents printers to be created with the specified driver.

Citrix Universal Printer drivers allow users to print regardless of whether they have the correct printer drivers installed.

If the servers in your farm have the same drivers as the client printers but the drivers themselves are named differently, XenApp may not recognize the drivers are the same and users will have difficulty printing or printer auto-creation may fail. You can resolve this issue by overriding, or mapping, the printer driver name the client provides and substituting an equivalent driver on the server.

You can use a printer driver mapping policy to substitute good printer drivers for outdated or corrupted drivers, specific Windows printer drivers for manufacturer’s client printer drivers and a driver that is available on Windows Server for a client driver name.

To specify that specific printers are created in sessions rather than auto-create all the network printing devices available from the client device, configure the Citrix policy setting Session printers.

Enabling and Securing Web Access to Published Applications and Content

To add a farm to an existing XenApp Services site using the Web Interface Management Console, in the left pane click XenApp Services Sites and select your site in the results pane. In the Action pane, click Server Farms. Click Add. Enter a name for the server farm in the Farm name box. In the Server Settings area, click Add to specify a server name.

When configuring secure access for a XenApp Services or Web site with Access Gateway or Secure Gateway in your deployment, you must configure the Web Interface for gateway support. You can use Gateway Direct, Gateway Alternate or Gateway Translated.

Citrix recommends using Gateway Direct when users are connecting through Access Gateway to a server farm.

You can specify backup servers for the Citrix online plug-in to contact if the primary Web Interface server is not available.

Choose the XenApp Services site and use the Server Settings task in the Citrix Web Interface Management console to specify URLs for backup servers.

In the event of a server failure, users are connected automatically to the backup server specified first on the Backup site paths list. If this server fails, the Citrix online plug-in attempts to contact the next server on the list.

The online plug-in initiates a Secure Sockets Layer (SSL) connection to the full qualified domain name (FQDN) of Access Gateway, which then terminates the SSL connection and completes an ICA connection to the real address of the target XenApp server. This method relies on the Secure Ticket Authority (STA) to validate incoming connections. Gateway Direct is used if users are outside the LAN and have not established a connection using the Access Gateway Plug-in.

After you create the Web Interface site, use Web Interface Management console to configure settings for Access Gateway.

To enable pass-through with smart card authentication for XenApp Web sites, open Citrix Web Interface Management. Select the “Pass-through with smart card” check box.

Some of the settings to use when configuring Web Interface on the internal network with Access Gateway in the DMZ and load balancing two STAs are: In Access Method, select Gateway direct, click OK and click Next. In Address (FQDN), type the Access Gateway full qualified domain name (FQDN). In Port, use the default, 443. Click “Enable session reliability” and “Request tickets from two STAs, where available” and click Next. Under Secure Ticket Authority URLs, click Add. In the Add Secure Ticket Authority dialog box, in Secure Ticket Authority URL, type the name of the master server running the XML Service on XenApp, click OK and then click Finish. Repeat for each STA server you want to add. Click “Use for load balancing”.

To put it simply, in a basic Web Interface deployment, the user device communicates with the Web Interface server, which communicates with the XML Service, which locates the least busy XenApp server and returns that information to the Web Interface server to send back to the user’s web browser.


An administrator can use either QUERY FARM or QFARM to get information about servers in the server farm.

To get the load of a specific server, use QFARM ServerName/load or QUERY FARM ServerName/load (where ServerName is replaced with the actual name of the server).

To get the load of all servers in the farm, just use /load. Examples: QFARM /load or QUERY FARM /load.
The XML Service port default is 80.
Without configuring IIS to support it, HTTPS would not work.
Without configuring the XML ports on the XenApp servers, SSL Relay would not work.

In many environments, especially large ones, Citrix recommends that you auto-create only one default printer. Auto-creating a smaller number of printers creates less overhead on the server and is better for CPU utilization.

If you do not want large numbers of printers created at the beginning of each session, consider specifying XenApp to use the Citrix Universal Printer.
Load Manager values: 0 to 9998 – This is the normal range for Load Manager;

99999 – No load evaluator is configured;
10000 – Load is at 100 percent (full load);
20000 – XenApp Advanced Configuration contains an incorrect server edition or a license mismatch;
99990 – Results when a custom administrator with restricted rights runs the following QFARM commands: QFARM SERVER /APP, QFARM /APP, QFARM /APP <appname> or QFARM /ZONEAPP.

With the Delivery Services Console you can reset, logoff and disconnect sessions, and terminate processes in a session.

When the ActiveX Controller is being deployed to a client, if Internet Explorer does not place the XenApp Web site in the “Local intranet” or “Trusted sites” zone, it displays an error message.

Load Manager user loads are calculated using active ICA sessions only.
Citrix Universal Printing might not work in your environment if you don’t have compatible client devices or plug-ins.

If you want the Citrix Universal Printer to appear in sessions, make sure that the Citrix policy setting Client printer names is not set to Legacy printer names in any policies affecting those sessions.

When the IMA Service is restarted, users who are already connected will continue working uninterrupted, however, new connections will not be allowed until the IMA service is running.

Session reliability travels through TCP port 2598. Make sure the port is open for users outside of the firewall.

The policy setting “Do not auto-create client printers” turns off auto-create for all client printers when users log on.

Posted in Citrix XenApp | Leave a comment