Category Archives: Windows Server 2008 R2

Getting rid of the ‘Internet Explorer Enhanced Security Configuration is enabled’ page when publishing IE through XenApp

Environment: Citrix XenApp 6.5, Windows Server 2008 R2, Internet Explorer 8.

Scenario: you published IE as a XenApp application, you turned IESEC off through GPOs (or through the Server Manager) and you configured a default home page for all users through a GPOs.

Problem description: at their first logon, your users get the ‘res://iesetup.dll/HardAdmin.htm’ start page which says something like ‘Internet Explorer Enhanced Security Configuration is enabled’. You don’t understand why this happens as you are sure you correctly set the default home page and disabled IESEC. Anyway, when users log on a second time they see their correct home page. This problem might be very annoying when every user has a local profile which is deleted and then needs to be recreated each time.

Problem cause: this problem happens if you disable IESEC after installing XenApp and enabling Remote Desktop Services, in fact, when you do so, the NTUSER.DAT file located in the Default User folder retains some settings that bring you to the ‘res://iesetup.dll/HardAdmin.htm’ on your first logon.

Problem resolution: to avoid this problem disable IESEC before installing XenApp. If it’s too late and you have already installed XenApp without disabling IESEC first, you can replace the NTUSER.DAT file located in the Default User folder with a correct one; to do so follow step #4 described in this Microsoft article: http://support.microsoft.com/kb/933991

XenApp 6 – Disconnecting ICA session attempts to restart the server

System: XenApp 6 on Windows 2008 R2

Event description:

“The attempt by user domain\user to restart/shutdown computer XXXXXXXXXXX failed”

Event id: 1073 Source USER32

This event is generated when a user logs off from an ICA or RDP session. There is no actual attempt to restart or shutdown by a user or apps. The event is generated immediately after the log off.

Workaround:

  • Open the RemoteApp Manager (Under Administrative tools – Remote Desktop Services) as admin user. 
  • Close the RemoteApp Manager Console.
  • Clear the system log from event viewer.
  • Now you should not see the event anymore.
This temporary workaround has been found by Colm Naish:  http://forums.citrix.com/

XenApp 6 How To: force the ICA listener on one NIC in multihomed installations

Sometimes, if you have your XenApp 6 servers in a multihomed environment, you may need to force the ICA listener to listen on only one NIC. For example it might happen that your web interface returns an ICA.launch which includes the wrong IP address.

The following steps shows how to perform the required configuration:

  • Then you have to set the binding order of your network card, putting the one you want to be associaated with the ICA listener at the bottom of the list, to do so:
      1. Open “Control Panel”
      2. Open “Network and Sharing Center”
      3. Click on “Manage Network Connection”
      4. Press “Alt” on your Keyboard
      5. Click on “Advanced” and then on “Advanced Settings”
      6. Put the connection you want to use at the bottom (XenApp 6 binds in descending order)
  • Open “ICA Listener Configuration”

  • Click on “Edit” –> “Network Adapter” and select the adapter you want
  • Click “OK” and close the console.
  • Restart the IMA service

  • Open a command prompt and run “qfarm”, you will see that your server is not listed along the others (here is explained why: http://support.citrix.com/article/CTX126871 )
  • Open the ICA listener console and put all NIC to listen again
  • Restart the IMA service again
  • Run “qfarm” again, now you’ll see that your server is listed twice and the first row contains the IP of the NIC you chose to use for the ICA listener