XenDesktop

From Network Security Wiki
Jump to navigation Jump to search


Brief Steps for XenDesktop v7.6 Setup

  1. Sysprep
  2. Hostname, Static IP, Activate, Firewall Off, Windows Updates Off, Timezone/Time Set
  3. AD Install, DNS
  4. New Server -> Install DDC, SQL, License Server, VDA, SF
  5. Import License
  6. DDC create Machine Catalog
  7. Create Delivery Group
  8. Create Store on Storefront
  9. VDA add SF FQDN
  10. Create Certificates & use HTTPS


Troubleshooting

  1. Check if Machine is registered
  2. Change port no of farm to 8080(XML Broker port)

Brief Steps for XenApp 6.5 Setup

  1. Sysprep
  2. Hostname, Static IP, Activate, Firewall Off, Windows Updates Off, Timezone/Time Set
  3. AD Install, DNS
  4. New Server -> XenApp, License Server, Web Interface, SQL Server Install
  5. Configuration -> Add Roles, Create a new Farm, Select Controller and session host, Remote Users Tab = uncheck all & select Authenticated Users.
  6. Web Interface -> Create a Website/Service, Add Farm(Xenapp server), Change farm port to 8080
  7. App Center -> Run Discovery, add Local Computer, Add Applications.


Troubleshooting

  1. Check Event log for errors

Netscaler Integration into XenDesktop

Initial Config

  • Install License
  • Configure Subnet IP (SNIP)
  • Configure DNS server address

Certificate

  • Enable SSL feature in Netscaler [1],[2]
  1. If you see an Orange icon next to 'SSL', you need to right click and enable feature.
  2. If you see a Red Icon there, then you need to install correct License.
  • Generate Private Key(in Create RSA Key section).
  • Generate CSR
  • Create Certificate from CA

Integrate XenDesktop

  • Goto XenDesktop & XenApp.
  • Select StoreFront
  • Enter "NetScaler Gateway IP Address". This is called VIP.
  • Also enter FQDN of VIP address under "Virtual Server Name".
  • Select Certificate-Key Pair.
  • Enter Authentication info:
  1. AD Server IP
  2. Base DN
  3. Admin account
  4. Server Logon Name Attribute (sAMAccountName for XenApp/XenDesktop)
  • Enter StoreFront Info:
  1. Storefront FQDN
  2. Site Path - add 'Web' at the end in case it is a web store(not receiver based).
  3. Domain name
  4. STA server info (this is generally http://<Storefront FQDN>)
  5. SF IP
  6. Protocol (default is 80)

Testing and Troubleshooting

  • If you get the error "internal Server Error 43531"
  1. Check the DNS settings in NS
  2. NG can't connect to SF because a firewall is blocking
  3. Could be incorrect FQDN of StoreFront - try IP instead for test
  4. LB vserver if you do load balance SF servers - try IP instead for test
  5. Check if correct store name is defined
  6. Could be wrong subnet IP defined
  • Certificate not bound issue.
  1. Goto Virtual Servers
  2. Bind Certificate to the VIP.
  3. It should now appear as UP (Green Button).



References





blog comments powered by Disqus