Point-and-Print Restrictions and XenApp

I'm running a provisioned XenApp 6.5 Farm and recently updated the HP Universal Print Driver (UPD) on the Print Server to the newest Version because we needed the support for some newer Printer Models.

But after the HP UPD Update the Users weren't able to map HP Printers (with the updated HP UPD) from the Print Server. They would always receive an "Access Denied" Error when trying to map a Printer.

I hadn't updated my provisioned XenApp Image with the new HP Drivers but wanted to to let the Users install the new Drivers until I could update my XenApp Image. But I had disabled the Point and Print Restrictions via GPO and wondered why Users still couldn't install Print Drivers.

While disabling Point and Print Restrictions alone works perfectly on Windows 7 Systems but for Windows Server 2008 R2 disabling Point and Print alone is not enough. You also have to disable the following Security Policy on your XenApp Servers:

And here is the GPO I'm currently using to allow Users to install Print Drivers on my XenApp Servers. Instead of disabling the Point and Print Restrictions completely you can of course also set it to enabled and adjust it accordingly. You can find more information on TechNet.

DPI Settings in an RDP/ICA Session on Windows Server 2008 R2 andWindows 7

In quite a few XenApp 6/6.5 Projects the Customer complained that the Users were not able to change the DPI Size when connected to a XenDesktop running Windows 7 or a XenApp Desktop hosted on Windows Server 2008 R2. This was due to a limitation in the Remote Desktop Services Stack from Microsoft.

There were some Workarounds with importing/injecting Values into the Registry for those Users to change the DPI Size but they were far from perfect.

Microsoft just recently released an Hotfix to enable the Adjustment of the DPI Size over Remote Desktop Protocol Sessions like RDP and ICA. You can find and download the Hotfix here:


And this is how the new DPI Menu looks (on a German Windows Server 2008 R2):

PVS and KMS Licensing - Unexpected MAPI Error

Just a very quick Post regarding the often encountered Error Message "An unexpected MAPI Error occurred" when promoting a vDisk from private Mode to Standard Mode while having the Microsoft Licensing Option set to KMS.


Add the User account that runs the SOAP Service into the Local Admin Group on your Provisioning Server(s). Afterwards you should restart your SOAP and Stream Service.

I don't know if this Solution is applicable if you run your PVS SOAP and Stream Service under the Network Service (and therefor not under an Domain Account). Feel free to let me know via the Comments.

Citrix Clipboard Redirection causes Session Disconnect

This week I had to troubleshoot a Problem where a lot of Copy and Pasting in a published Desktop caused the XenApp Session to freeze or disconnect.

The Customer reported a Problem where some of his Users were getting disconnected as soon as they ran a specific Excel Macro. At first I suspected that the Macro used some kind of Screen Refresh or something similar which would cause the ICA/HDX Session to disconnect or frezze but the Macro only involved copy and pasting a lot of information in quick succession. That led me to focus on the Clipboard Redirection because everytime I copied a large amount of Data my Session frozze up.

Solution: We finally fixed the Session Disconnects by disabling the Clipboard Redirection via Citrix Policies because the Customer solely relies on published Desktops and therefore he doesnt need to copy and paste things between the XenApp Systems and the Endpoints.

If you need the Clipboard Redirection to be enabled and want to avoid the Session Disconnects/Freezes you should try the new Citrix Receiver 3.1 Cumulative Update 1 or downgrade to the Online Plug-in 12.x.

Note: This Problem should also apply to XenDesktop as long as you use the Receiver 3.0 or 3.1 which seems to be affected with this "Clipboard Redirection Bug".

Update: This should be fixed in the Receiver 3.2 aka Online Plug-in 13.1.200.x or later.

EdgeSight and the Payload Error

During a Performance Troubleshooting I noticed that some EdgeSight Agents weren't uploading their Performance Data to the EdgeSight Server.

Under the "Configure" > "Company Configuration" > "Agents" > "Run Worker" Tab some of the EdgeSight Agents indeed showed the following Error:

Error: -2147209300 SendPayload error: Invalid data returned from server

In the Windows Event Viewer under the Applications Tab were also many Warnings with the Event Source: ASP.NET 2.0.50727.0 and the Event ID: 1309. 

After some research it all came down to the MS11-100 Security Patch (http://support.microsoft.com/kb/2661403) from Microsoft regarding an ASP.NET Vulnerability.

There is also a Citrix Support Article regarding this Problem: http://support.citrix.com/article/CTX132116 and a fairly large Thread in the Citrix Support Forums here: http://forums.citrix.com/thread.jspa?threadID=300165

Solution: My "quick and dirty" Solution was to remove the Security Patch from the EdgeSight Server and after rebooting the Server all the EdgeSight Agents were able to upload their Performance Data successfully. I guess the better Solution is to play around with the "MaxHttpCollectionKeys" Value in IIS (as described in the MS and Citrix Article) and to not remove the Security Patch.