I've been working on a Xendesktop 7.6 project, which consists on two flexcast models. Static with PvD and Pooled random desktops. The client wanted a solution that could be used to convert their existing workstations into Thin Client devices--capable of connecting directly to a Hosted VDI desktop. We tested IGEL UDC2 and were impressed with how it worked. There were some initial tweaks, but in general this is a very good solution. The UMS console can be used to easily deploy thin client settings to the UDC2 devices, but also, any IGEL thin client devices.
There are quite articles out there which explain how to create disclaimers on previous versions on Netscaler, but I could not find any way of creating a pre-authentication disclaimer on the Netscaler 10.5 vpx appliance. With that in mind, I decided to create my own simple disclaimer. I've included the details on how this can be done below. I'm not a Web Developer, so you might find better ways to design the Disclaimer screen.
Netscaler Front End Changes
In Netscaler Global Configuration Settings, Change the Client theme to Custom. Then make your changes.
http://www.icenlemon.co.uk/blog/?p=232
Storefront Front End Changes
Disclaimer
Create a CSS file called "Disclaimer.css" and store this in “/var/netscaler/gui/vpn”.
Rename the Index.html file in “/var/netscaler/gui/vpn” to Indexhome.html
Create an Index.html file and save it to “/var/netscaler/gui/vpn”
Copy the following into the "Disclaimer.css" file (You can change the colours later):
body {
background-image: url("/vpn/media/bg_bubbles.jpg");
background-color:#14235C;
color:Black;
}
.container{
}
.DText{
Position:absolute;
font-family:Verdana;
Font-Size:12px;
font-weight:bold;
color:Black;
top:50%;
left:50%;
em:50px;
transform: translate(-50%, -50%);
background-color:#FFFFFF;
padding:20px;
margin:20px;
line-height:200%;
}
.DButton {
margin-left:45%;
top: 30%;
}
#navcontainer { }
#navcontainer ul
{
margin-left: 0;
padding-left: 0;
list-style-type: none;
font-family: Arial, Helvetica, sans-serif;
text-align: center;
}
#navcontainer a
{
display: block;
background-color: #14235C;
border-bottom: 1px solid #14235C;
}
#navcontainer a:link, #navlist a:visited
{
color: #FFF;
text-decoration: none;
}
#navcontainer a:hover
{
background-color: #6B79AD;
color: #fff;
}
The next thing would be to copy the following Disclaimer information into the Index.html page that you created. Replace the lorem ipsum text with your own disclaimer text:
<html>
<head>
<link rel="stylesheet" type="text/css" href="disclaimer.css">
</head>
<body>
<DIV Class="Container">
<DIV Class="DText">
<P>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed vitae justo dictum, aliquam nulla nec, maximus lacus. Etiam pharetra, dui sed viverra consequat, felis sem faucibus nibh, eget vestibulum turpis augue eu risus. Donec consectetur vulputate accumsan. Cras vel est dignissim, dignissim orci non, volutpat est. Sed mattis lorem ac urna luctus consequat. Nunc volutpat neque vitae euismod finibus. Mauris dictum at lacus non pulvinar. Nullam tempor ex vel ipsum tincidunt, sit amet fermentum eros condimentum. Donec enim risus, tempor sed enim eu, ornare cursus orci. Nam ipsum nunc, mollis non turpis sit amet, consectetur convallis tortor.
</P>
<div id="navcontainer">
<ul id="navlist">
<li id="active"><a href="indexhome.html" id="current">I Agree</a></li>
</ul>
</div>
</DIV>
</DIV>
</body>
</html>
The Netscaler loads “Index.html”, which will use the external cascading style sheet called “Disclaimer.css”
These two files are found in the directory called “/var/netscaler/gui/vpn”. These files are responsible for the initial Disclaimer page that appears when a user browses https:\\yournetscaler.com
The “I agree” button on the Disclaimer page will redirect the user to the Netscaler logon page when it is pressed. The netscaler Logon file is called “indexhome.html” and is linked to numerous style sheets, so you would need to use the IE/Chrome to identify and change element on that page (As described in in the sections above)
I have tried to add a disclaimer text translation, but haven't got this working yet. So you will be able to modify and improve on this.
Install WinSCP on your management device. WinsSCP will allow you to access and modify the Netscaler CSS and
image files. The main CSS sheet for the Netscaler logon page is called
“Caxtonstyle.css”. This file can be found in the following Netscaler
directory: /netscaler/ns_gui/vpn/images/caxtonstyle.css.
http://www.icenlemon.co.uk/blog/?p=232
Storefront Front End Changes
The Storefront website can be configured by modifying the “C:\inetpub\wwwroot\Citrix\StoreWeb\contrib\custom.style.css” file. This
file will initially be blank, apart from a few basic CSS settings. You
can use IE built in Development tools to identify elements on the webpage and
their corresponding CSS element name. You will then be able to add the name
into this custom css file, so that your changes overwrite the default
settings. The image files are stored in “C:\inetpub\wwwroot\Citrix\StoreWeb\uiareas\Store\media”.
Create a CSS file called "Disclaimer.css" and store this in “/var/netscaler/gui/vpn”.
Rename the Index.html file in “/var/netscaler/gui/vpn” to Indexhome.html
Create an Index.html file and save it to “/var/netscaler/gui/vpn”
Copy the following into the "Disclaimer.css" file (You can change the colours later):
body {
background-image: url("/vpn/media/bg_bubbles.jpg");
background-color:#14235C;
color:Black;
}
.container{
}
.DText{
Position:absolute;
font-family:Verdana;
Font-Size:12px;
font-weight:bold;
color:Black;
top:50%;
left:50%;
em:50px;
transform: translate(-50%, -50%);
background-color:#FFFFFF;
padding:20px;
margin:20px;
line-height:200%;
}
.DButton {
margin-left:45%;
top: 30%;
}
#navcontainer { }
#navcontainer ul
{
margin-left: 0;
padding-left: 0;
list-style-type: none;
font-family: Arial, Helvetica, sans-serif;
text-align: center;
}
#navcontainer a
{
display: block;
background-color: #14235C;
border-bottom: 1px solid #14235C;
}
#navcontainer a:link, #navlist a:visited
{
color: #FFF;
text-decoration: none;
}
#navcontainer a:hover
{
background-color: #6B79AD;
color: #fff;
}
The next thing would be to copy the following Disclaimer information into the Index.html page that you created. Replace the lorem ipsum text with your own disclaimer text:
<html>
<head>
<link rel="stylesheet" type="text/css" href="disclaimer.css">
</head>
<body>
<DIV Class="Container">
<DIV Class="DText">
<P>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed vitae justo dictum, aliquam nulla nec, maximus lacus. Etiam pharetra, dui sed viverra consequat, felis sem faucibus nibh, eget vestibulum turpis augue eu risus. Donec consectetur vulputate accumsan. Cras vel est dignissim, dignissim orci non, volutpat est. Sed mattis lorem ac urna luctus consequat. Nunc volutpat neque vitae euismod finibus. Mauris dictum at lacus non pulvinar. Nullam tempor ex vel ipsum tincidunt, sit amet fermentum eros condimentum. Donec enim risus, tempor sed enim eu, ornare cursus orci. Nam ipsum nunc, mollis non turpis sit amet, consectetur convallis tortor.
</P>
<div id="navcontainer">
<ul id="navlist">
<li id="active"><a href="indexhome.html" id="current">I Agree</a></li>
</ul>
</div>
</DIV>
</DIV>
</body>
</html>
The Netscaler loads “Index.html”, which will use the external cascading style sheet called “Disclaimer.css”
These two files are found in the directory called “/var/netscaler/gui/vpn”. These files are responsible for the initial Disclaimer page that appears when a user browses https:\\yournetscaler.com
The “I agree” button on the Disclaimer page will redirect the user to the Netscaler logon page when it is pressed. The netscaler Logon file is called “indexhome.html” and is linked to numerous style sheets, so you would need to use the IE/Chrome to identify and change element on that page (As described in in the sections above)
You will be able to use the Storefront custom CSS file to
design and match the storefront logon (Green Bubbles) with the Netscaler
logon.
When a PVS server reads from the Vdisk image in the PVS store, the data from that image would normally be read into the System Cache memory of the server- this means that if the PVS server has sufficient RAM, then there would be little need thereafter to read from the image saved on disk. The target devices will have the image data streamed to them from the PVS server's system Cache memory (RAM). A PVS server is able to read the data into memory if the image is stored on block level storage, but it will not read any of the data from a Vdisk that is stored on a CIFS/SMB share. You will wonder why this is the case, as a Windows server has no issue reading any other type of file into system cache at any other time.
There were traditionally 4 main Oplock types used:
L1 - Exclusive lock placed on a file. A client can cache Read or Write operations to the file (cached on client). This locks other users and systems form using the file
L2 - Shared Read Only Lock. Caches RO Locks. Because only RO operations are being cached, it will allow multiple clients to access the file
The old "Opslock" system was replaced by "Leasing" in SMB version 2.1 (Server 2008R2)
If you look at the above two locks, you will notice that it should have been possible for the Vdisk to be accessed if an L2 lock is placed on the file, but this functionality was disabled by the PVS installation, to reduce failover times. However, the failover scenarios described by Citrix are only relevant to Write cache files that are stored on the PVS server or Vdisks placed in Private mode. Each of those options aren't recommended in the majority of scenarios, so it's ok to enable the Opslock settings again.
Server 2008 R2 File Server:
HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters
“autodisconnect” = dword:0000ffff
‘Smb2″ = dword:00000001
Windows 2008 R2 Provisioning Server:
HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters
“EnableOplocks” = dword:0×00000001
HKLM\SYSTEM\CurrentControlSet\services\mrxsmb\Parameters
“OplocksDisabled” = dword:0×00000000
“CscEnabled” = dword:0×00000001
HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters
“autodisconnect” = dword:0x0000ffff
“Smb2″ = dword:0×00000001
Allocate enough RAM to your file server so that the Vdisk can be read into System Cache of that server. Do this for your PVS server too.
There will be an impact on system performance, so make sure you test this and also read up on how you can make this highly available (Clustered). There are some articles that explain how to use Microsoft SOFS configurations for this, but be aware that at the tie this blog post was written, there where issues with Vdisk updates and performance when using Server 2012 SOFS for the Vdisk store.
There were traditionally 4 main Oplock types used:
L1 - Exclusive lock placed on a file. A client can cache Read or Write operations to the file (cached on client). This locks other users and systems form using the file
L2 - Shared Read Only Lock. Caches RO Locks. Because only RO operations are being cached, it will allow multiple clients to access the file
The old "Opslock" system was replaced by "Leasing" in SMB version 2.1 (Server 2008R2)
If you look at the above two locks, you will notice that it should have been possible for the Vdisk to be accessed if an L2 lock is placed on the file, but this functionality was disabled by the PVS installation, to reduce failover times. However, the failover scenarios described by Citrix are only relevant to Write cache files that are stored on the PVS server or Vdisks placed in Private mode. Each of those options aren't recommended in the majority of scenarios, so it's ok to enable the Opslock settings again.
Server 2008 R2 File Server:
HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters
“autodisconnect” = dword:0000ffff
‘Smb2″ = dword:00000001
Windows 2008 R2 Provisioning Server:
HKLM\SYSTEM\CurrentControlSet\services\LanmanWorkstation\Parameters
“EnableOplocks” = dword:0×00000001
HKLM\SYSTEM\CurrentControlSet\services\mrxsmb\Parameters
“OplocksDisabled” = dword:0×00000000
“CscEnabled” = dword:0×00000001
HKLM\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters
“autodisconnect” = dword:0x0000ffff
“Smb2″ = dword:0×00000001
Allocate enough RAM to your file server so that the Vdisk can be read into System Cache of that server. Do this for your PVS server too.
There will be an impact on system performance, so make sure you test this and also read up on how you can make this highly available (Clustered). There are some articles that explain how to use Microsoft SOFS configurations for this, but be aware that at the tie this blog post was written, there where issues with Vdisk updates and performance when using Server 2012 SOFS for the Vdisk store.
LMdiag -c
lmhostid -hostname
lmhostid -hostname
If your Citrix Director user is unable to search users within a specific AD Domain, this may be because your login account is no a member of that forest or the Web Server isn't part of that forest either.
You can change the following IIS setting to make this work for the account:
connector.activedirectory.domains=(user),(server),ENDUSERDOMAIN
You can change the following IIS setting to make this work for the account:
connector.activedirectory.domains=(user),(server),ENDUSERDOMAIN
