Category Archives: XenApp

Citrix Security Advisory Bulletins – March 2015

Here is a handy table listing the various Citrix Security bulletins for March 2015, including SSLv3, FREAK, NTP, GHOST, RSA and ShellShock advisories.
 

Security Bulletin: Updated: Products:
Citrix Security Advisory for CVE-2014-3566 – SSLv3 Protocol Flawhttps://support.citrix.com/article/CTX200238 March 19, 2015 NetScaler ADC NetScaler Gateway Secure Gateway

Storefront, Web Interface

XenMobile

 

Citrix Security Advisory for NTP Vulnerabilitieshttps://support.citrix.com/article/CTX200355  March 19, 2015 NetScaler ADC NetScaler Gateway
Citrix Security Advisory for glibc GHOST Vulnerability(CVE-2015-0235)https://support.citrix.com/article/CTX200391

 

March 19, 2015 Netscaler SDXXenServer 
Citrix Security Advisory for RSA Export Key FREAK Vulnerabilityhttps://support.citrix.com/article/CTX200491  March 13, 2015 NetScaler ADC NetScaler Gateway
Citrix Security Advisory for GNU Bash Shellshock Vulnerabilitieshttps://support.citrix.com/article/CTX200217  March 2, 2015 NetScaler ADC NetScaler Gateway Netscaler SDX

XenApp, XenDesktop

XenMobile

Thanks to Michael Pahl [Virtualization Sales Engineer – Rockies] for assembling this list of recent Citrix security bulletins into a single table.
 
 

After Performing a DSMAINT /RECREATELHC the IMAService Does Not Start

Problem:

After running a DSMAINT /RECREATLHC on a XenApp server, the IMAService  does not restart.  Error messages in the log indicate the following:

EventID 3609 IMAService

Failed to load plugin MfSrvSs.dll with error IMA_RESULT_REGISTRY_ERROR

EventID 3601 IMAService

Failed to load initial plugins with error IMA_RESULT_REGISTRY_ERROR

EventID 7024 Service Control Manager

The Independent Management Architecture service terminated with service-specific error 2147483690 (0x8000002A).

Solution:

Make the following change to the registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\IMA\Runtime\PSRequired

Value=0

The IMAService should now start normally.

Reference:

https://support.citrix.com/article/CTX759510

 

 

How to Save Access Management Console Settings

 

Problem:

You have installed the Access Management Console (AMC) on a Citrix server, or a management PC, and wish to save the settings.   By default, you have to reconfigure it each time it's run.

Solution:

To improve efficiency and minimize per-user configuration, you can modify this behavior. The following steps outline the process required to deliver a preconfigured and discovered console to support personnel such as help desk analysts.

1. On a XenApp server, run mmc.exe (for 64-bit, use mmc /32 so you bring up the 32-bit version if the MMC). Under the File menu, select Add/Remove Snap-in.

2. Within the Add/Remove Snap-in dialog, click Add. Select Citrix Access Management Console and then click Add, Close, and OK.

3. Within the Microsoft Management Console (MMC) tree, expand the Citrix Access Management Console node. The discovery wizard should launch, however if it does not, right-click on the node and select Configure and run discovery.

4. Complete the discovery wizard as applicable, but specify LOCALHOST as the Citrix XenApp Server to discover, if you intend to manage a XenApp farm.

5. Once the discovery wizard has completed, under the File menu within the MMC, select Options. In the Options dialog, under the Console mode dropdown, select User mode – limited access, single window. Leave the rest of the options unchanged and click OK.

6. Save the modified MMC window using the Save As option in the File menu. You can choose any name and location. For example, custom_amc.msc.

7. To deliver your custom Access Management Console to your administrators, copy the MSC file saved in step 6 to your desired XenApp server. Publish the console using the publish application wizard. The command line path should be as follows:

<WINDIR>\System32\mmc.exe “<path>\custom_amc.msc

Where <path> is the location to which you copied the custom_amc.msc file.

More Information:

CTX114692 – The Access Management Console Discovery Process Runs Each Time the Access Management Console Opens
CTX115866 – How to Customize the Access Management Console

 

 

Useful XenApp 6 Hotfix & Patch Resources

 

There are a lot of followup hotfixes and patches for XenApp 6.0.   If you are unable to upgrade to XenApp 6.5, here are some very useful links for XenApp 6.0.

These links include necessary hotfixes, patches, and update scripts.

 

Various Sources Regarding Maintenance @ Citrix Links
https://www.citrix-links.com/xenapp/xenapp-6/xenapp-6-maintenance/

Great Resources from Thomas Koetzing, including an automatic XenApp Update Script
https://www.thomaskoetzing.de/index.php?option=com_content&task=view&id=287&Itemid=299

Recommended Citrix and Microsoft Hotfixes for XenApp 6 and Windows Server 2008 R2
https://support.citrix.com/article/CTX129229

 

 

XenApp IMAService Failed: "Error while connecting to database….login failed"

 

Problem:

IMAService fails to start with the following error:

Citrix XenApp failed to connect to the Data Store. ODBC error while connecting to the database: 37000 -> [Microsoft][ODBC SQL Server Driver][SQL Server]Cannot open database "MF20" requested by the login. The login failed.

Solution:

Check to see if account used to connect to SQL database credentials/password has recently changed. This may be a username/password issue.

To input new credentials on server, execute the following command:

DSMAINT CONFIG /USER:<domain>\<username> /pwd:<password>

After executing this command, restart the IMA service on the XenApp server, and re-check services.