Citrix NetScaler Storefront Load Balancing

A quick Guide on how to setup your Storefront Servers for Load Balancing under NetScaler.

The first Step is to add your Storefront Servers as Servers in the NetScaler GUI under Load Balancing -> Servers. My Storefront Servers are my existing Citrix WebInterface Servers who are currently running WebInterface 5.4 and Storefront 2.0 side by side.

The next Step is to configure the needed Storefront Monitors. Since NetScaler Release 10.1 there is a new builtin Storefront Monitor. For every Storefront Server you are going to load balance you should create a separate Monitor (see my older Blogpost for more Information).

pdate: Since Netscaler Build 10.1-123.9 the Storefront Monitor Script has been updated by Citrix and no longer requires the Hostname. So you can now use a single Storefront Monitor for all your Storefront Servers.

If you are loadbalancing a HTTPS/SSL Storefront Deployment make sure to tick the "Secure" Box when configuring the NetScaler Monitor under Standard Parameters (not shown in the Screenshot because of a Bug in the older Netscaler Builds before 10.1-123.9)

Under the "Special Parameters" Tab fill in the Hostname of your Server hosting the Storefront Services and also fill in the Store Name you choose during the initial Storefront Installation and Configuration.

Step 3 is to create your Storefront Services under Load Balancing -> Services. Bind your newly created Storefront Monitors to your Services. If you have created separate Monitors for every Storefront Server, make sure to bind the correct Monitor to the corresponding Storefront Service or else your Monitor will mark your Service as DOWN.

Under the "Advanced" Tab you'll have to enable the "Client IP" checkbox and put X-Forwarded-For into the Textfield (like in the Screenshot).

The last step is to create the Virtual Server who will be load balancing your two (or more) Storefront Servers. Choose an IP and activate the previously created Storefront Services (svc_sf01 and svc_sf02 in my case). I would recommend creating a new DNS A Record pointing to your new Virtual IP (should be the same Alias you choose during the Storefront Configuration).

Under "Method and Persistence" choose Round Robin or Least Connection as LB Method. Under Persistence you should select SOURCEIP and set the Time-out to 20 Minutes (Default Timeout in Storefront).

Finally create a new SSL Cert pointing to the DNS Alias you created earlier and bind the SSL Cert to the Virtual Server. Done. 

Feel free to leave a comment if you have questions.

Skip vDisk Boot Menu under PVS 7.0/7.1

Under Provisioning Services 6.1 I had disabled the vDisk Boot Menu for all of my Maintenance/Test Target Devices by setting the "SkipBootMenu" DWORD Registry Key as described in the Citrix Support Article CTX135299.

After upgrading my Provisioning Servers to Version 7.x the PVS vDisk Boot Menu reappeared even though the SkipBootMenu was still present. After a quick Call with Citrix it was determined that the Registry Key has been moved from:

  • Old: HKLM\Software\Citrix\ProvisioningServices\SkipBootMenu (PVS 6.x)
  • New: HKLM\Software\Citrix\ProvisioningServices\StreamProcess\SkipBootMenu (PVS 7.x)

The correct Registry Key Location for PVS 7.0

After moving the Registry Key to the new Location and restarting the StreamService my Maintenance/Test Target Devices are now skipping the vDisk Boot Menu again. Problem solved!

Uploads to Sharefile Storage Zone fail with 100% completed

I'm currently implementing a ShareFile Proof of Concept with On-Premise Storage (also known as Storage Center) and stumbled upon an Error while trying to upload my first Files into the On-Premise Storage Zone and thought I'd share my Solution.

When trying to upload my first Files into the On-Premise Storage Zone via the Sharefile Website the File Upload itself would continue up to 100% but then fail while completing/finishing with an Error.

In the Logfiles where the Sharefile Storage Center is installed (usually found under: C:\inetpub\wwwroot\Citrix\StorageCenter\SC\logs) I found the following Error Messages:

HE [scerr] StorageCenter Error - Unhandled exception in upload-threaded-3.aspx - 'Unable to generate a temporary class (result=1)
error CS2001: Source file 'C:\Windows\TEMP\vr2z302t.0.cs' could not be found
error CS2008: No inputs specified 

Because the ShareFile Services are running under the Network Service Account (if you haven't changed it) I had to give the Network Service Account Full Access on the C:\Windows\TEMP Folder on the Storage Center Server itself.

Configuring the new Storefront Monitor in NetScaler 10.1

With the new NetScaler 10.1 Release Citrix is shipping an "built-in" Storefront Monitor so you no longer have to use an https-evc Monitor (or something else) as Monitor like I described in my previous Blogpost.

UPDATE: The Problem I describe below seems to be fixed in the new NetScaler Release 10.1 Build 120.13 according to the Release Log.

Issue ID 0398327: Monitoring of StoreFront servers fails if they are part of a cluster and the StoreFront monitor is bound to the entire service group. The StoreFront monitor probe fails because individual members have different host names.

In this Example my Storefront Servers are named storefrontserver01 and storefrontserver02 and they are load balanced under the DNS Record lb-storefront.domain.local which is pointing to the Virtual IP Address (VIP) on my NetScaler responsible for load balancing the two Storefront Servers.

When configuring the new Storefront Monitor don't put the load balanced Storefront DNS Record in the Field "Host Name". Here is the Screenshot how NOT to do it:

You shouldn't use the load balanced DNS Record because as soon as your two (or more) Storefront Servers are down at the same time and therefor your Storefront Virtual Server is marked as Down too, the Storefront Monitor will never report the Storefront Services as up again even though the Storefront Servers might have recovered in the meantime. This is because the Storefront Monitor is checking the DNS Record pointing to the marked as "Down" Virtual Server load balancing your Storefront Servers which in turn is down because the Monitors are "Down" and the Monitors are "Down" because your Virtual Server is "Down"... the NetScaler is caught in a Loop.

To prevent this from happening you should instead create a separate Storefront Monitor for every Storefront Server you are going to be load balancing and put the FQDN of your Storefront Servers in the Field "Host Name". In my example this would be storefrontserver01.domain.local and in the second Monitor it would be storefrontserver02.domain.local.

You should then bind the new Monitors to their corresponding Service as shown in the Screenshot below:

If something is not understandable or my explanations are too weird feel free to let me know in the Comments :) 

Point-and-Print Restrictions and XenApp

I'm running a provisioned XenApp 6.5 Farm and recently updated the HP Universal Print Driver (UPD) on the Print Server to the newest Version because we needed the support for some newer Printer Models.

But after the HP UPD Update the Users weren't able to map HP Printers (with the updated HP UPD) from the Print Server. They would always receive an "Access Denied" Error when trying to map a Printer.

I hadn't updated my provisioned XenApp Image with the new HP Drivers but wanted to to let the Users install the new Drivers until I could update my XenApp Image. But I had disabled the Point and Print Restrictions via GPO and wondered why Users still couldn't install Print Drivers.

While disabling Point and Print Restrictions alone works perfectly on Windows 7 Systems but for Windows Server 2008 R2 disabling Point and Print alone is not enough. You also have to disable the following Security Policy on your XenApp Servers:

And here is the GPO I'm currently using to allow Users to install Print Drivers on my XenApp Servers. Instead of disabling the Point and Print Restrictions completely you can of course also set it to enabled and adjust it accordingly. You can find more information on TechNet.