Monday, July 30, 2012

NSIP, MIP, SNIP, VIP explanation

NSIP, MIP, SNIP, VIP explanation


  • The NetScaler IP (NSIP) address is the IP address at which you access the NetScaler for management purposes
  • The NetScaler can have only one NSIP
  • The NSIP is also called the Management IP address
  • You must add this IP address when you configure the NetScaler for the first time
  • If you modify this address, you must reboot the NetScaler
  • You cannot remove an NSIP address
  • For security reasons, NSIP should be a non-routable IP address on your organization's LAN.
  • Configuring the NetScaler IP address is mandatory.
  • With an IPv6 address configured as the NSIP in NetScaler running on release 8.1, when upgrading from release 8.1 to 9.2 the NSIP changes to a SNIP. If you want this IPv6 address as the NSIP, you need to first delete this IPv6 address and then add this IPv6 address as the NSIP.


  • Mapped IP addresses (MIP) are used for server-side connections
  • A MIP can be considered a default Subnet IP (SNIP) address, because MIPs are used when a SNIP is not available or Use SNIP (USNIP) mode is disabled.
  • If the mapped IP address is the first in the subnet, the NetScaler appliance adds a route entry, with this IP address as the gateway to reach the subnet
  • You can create or delete a MIP during run time without rebooting the appliance.
  • As an alternative to creating MIPs one at a time, you can specify a consecutive range of MIPs.


  • A subnet IP (SNIP) address is used in connection management and server monitoring
  • It is not mandatory to specify a SNIP when you initially configure the NetScaler appliance
  • In a multiple-subnet scenario, the NetScaler IP (NSIP) address, the mapped IP (MIP) address, and the IP address of a server can exist on different subnets
  • To eliminate the need to configure additional routes on devices such as servers, you can configure subnet IP addresses (SNIPs) on the NetScaler
  • With Use SNIP (USNIP) mode enabled, a SNIP is the source IP address of a packet sent from the NetScaler to the server, and the SNIP is the IP address that the server uses to access the NetScaler. This mode is enabled by default.
  • When you add a SNIP, a route corresponding to the SNIP is added to the routing table. The NetScaler determines the next hop for a service from the routing table, and if the IP address of the hop is within the range of a SNIP, the NetScaler uses the SNIP to source traffic to the service.
  • When multiple SNIPs cover the IP addresses of the next hops, the SNIPs are used in round robin manner.


  • Virtual IP address (VIP or VIPA) is an IP address assigned to multiple domain names, servers or applications residing on a single server instead of connected to a specific server or network interface card (NIC) on a server
  • Incoming data packets are sent to the VIP address which are routed to actual network interfaces.
  • A server IP address depends on the Media Access Control (MAC) address of the attached NIC, and only one logical IP address may be assigned per card. However, VIP addressing enables hosting for several different applications and virtual appliances on a server with only one logical IP address.
  • VIP have several variations and implementation scenarios, including Common Address Redundancy Protocol (CARP) and Proxy Address Resolution Protocol (Proxy ARP).
  • VIPs are mostly used to consolidate resources through the allocation of one network interface per hosted application.
  • It is also used for connection redundancy by providing alternative fail-over options on one machine; A VIP address may still be available if a computer or NIC fails, because an alternative computer or NIC replies to connections.

Citrix Troubleshooting - Citrix MCFOM Service

This article will go over troubleshooting the error message "Citrix MCFOM Service did not respond as expected." Today while trying to build up a Citrix XenApp 5.0 box, I ran into this error while trying to run discovery from the Access Management Console (AMC). Below is the error I was seeing.

There are four very likely causes for this error message to occur:

  1. The Network COM+ is not enabled
  2. The user is not a member of the "Distributed COM Users group" on the local server
  3. The user does not have the proper Citrix Farm Permissions
  4. The user needs to be added to the Citrix IMA COM Interop Roles

Enabling The Network COM+ Role/Service

1. Open up "Server Manager" and expand Roles > Application Server
    • Click "Add Role Services"

2. Select "COM+ Network Access"
    • Click "Next"

3. Click "Install"

4. Click "Close"

Adding the user to the "Distributed COM Users group" on the local server

  1. Open Computer Management and add the user to the local group called "Distributed COM Users group"

Add the user as a Citrix Farm Administrator

  1. Log into the Access Management Console
  2. Click on the name of your Farm in the left panel
  3. Click on Administrators in the Right panel
  4. Click "Add Administrator"

The user needs to be added to the Citrix IMA COM Interop Roles

1. Open "Server Manager"
2. Expand the following
  • Roles
    • Application Server
      • Component Services
        • COM+ Applications
          • Citrix IMA COM Interop
            • Roles

3. Right click on "Roles" and enter in "Citrix Administrators"

4. Expand "Citrix Administrators"
5. Right Click "Users" and select "New" and then "User"

6. Select the group you would like to administer your farm

Out of the above steps, in my case, I had to enable the Network COM+ service, and also add the "Domain Admin" group to the "Citrix IMA COM Interop Roles". After doing that, i was able to successfully run discovery on the Citrix farm from the AMC.

Wednesday, July 25, 2012

Setup Citrix Universal Print Driver through a Citrix Policy (CTX UPD)

How to Setup a Citrix Universal Print Driver via a Citrix Policy

I get a lot of questions about getting printing working inside of Citrix. Below are screen shots of all the settings I apply to my Citrix XenApp servers via a Citrix Policy. I find that the below will get 98% of your printers within Citrix sessions working. For the 2% of printers that I see that don't work, manually assigning a  printer driver mapping or using the HP Laser Jet 4 print driver corrects the issue. I have never had good luck with PCL6 or post script drivers. I try to stick with either PCL5 or PCL5E.

My Citrix Print Policy

  • Auto-creation
    • Enabled
      • Auto-create all client printers

  • Print job routing
    • Enabled
      • Always connect to indirectly as a client printer

  • Native printer driver auto
    • Enabled
      • Do not automatically install drivers

  • Universal driver
    • Enabled
      • Use universal driver only if requested driver is unavailable

  • Session printers
    • Enabled
      • Do not adjust the user's default printer

  • After creating the policy you need to apply it
    • Right Click your policy and click "Apply this policy to"

  • I like to apply my printer policy by server
    • Select "Servers" from the left menu
    • On the right pane, select the XA servers you want to apply the policy to and then click ok

User's printers inside Citrix for the most part (98%), should work now. Now all you need to do is setup print driver mapping's for the remaining printers that don't work with the Citrix UPD.

Tuesday, July 17, 2012

PVS is SEX !!!

Yes, PVS could be compared to sex in the IT world. It really is that great! I love Citrix Provisioning Server, and am an avid promoter of it. I am constantly talking about it, and am working with it. A lot of my discussions are held with other PVS lovers over at the Citrix IRC Channel. Below is a link on more information and how to log into it.

As put best by "RedHelix", one of the other Citrix IRC members, "PVS is SEX". That's where this article stemmed from.

By virtualizing the workload of a datacenter server ‑ operating system, applications and configuration ‑ and streaming the workload on-demand to physical or virtual servers from the network, Provisioning Server reduces total cost of ownership (TCO) and improves both manageability and business agility. 

What does this mean? It means that if I have one PVS server and 55 XenApp Servers, I can do an update to one server and have the update pushed out to all 55 XA boxes. This in return means i need less bodies on update nights, and also it increases your personal time. Changing my update night times from 8pm - midnight to now just doing 8pm - 9pm. 

With Citrix PVS, you attach multiple servers to a single vDisk. This disk is then put into standard mode so that if any server is rebooted, all newly added changes get reverted. If you get a virus on one of the servers, just reboot, and everything corrects itself. But how do you roll out changes? During the day, you can copy the vDisk and attach it to a change control server, and make any changes you need to while in private mode. You then assign the new vDisk to your machines, and set up a scheduled reboot after hours. Once the reboot is completed, all your servers will have the new image with all the changes you made during the day.

Need to add 10 XenApp servers to a farm? Quick and easy. In about 10 minutes, you can create and boot up new XA boxes. Just copy one of your existing XA boxes 10 times. Record the MAC on each of the machines, add the machine accounts into the Citrix PVS Console and create the AD machine accounts, setup the DHCPreservations for the machine per there MAC's, and Wah-Lah!

The list of possibilities with Citrix PVS is never ending. I could write a book on "Personalities" alone. It's one of the most interesting aspects of PVS. Essentially you set your personalities per each machine in the PVS console. These strings get written to a file called personalities.ini on each machine. From these ini files, you can write your own scripts to extract these strings, and there for personalize each machine. You can enable or disable IIS, change registry keys, or turn on or off specific features. The possibilities are endless.

Below are some of the key features that Citrix Provisioning provides:

On-Demand Server Workload Streaming

  • Delivers the OS, applications, and server configuration information in a real‑time stream, maximizing performance and minimizing network load
  • Risk‑free server workload rollout ‑ roll back to previous working image in time it takes to reboot
  • Minimizes downtime for roll forward, roll backward operations
  • Maximizes boot performance
  • Minimizes network load

Standard Server Workload Image Streaming

  • Provisions multiple servers from a single virtual disk image
  • Minimizes storage and image management requirements
  • Ensures server build consistency

Dynamic server workload assignment

  • Allows switching of server workloads in the time it takes to reboot
  • Maximizes flexibility by enabling real-time changes to data center workloads
  • Reduces the number of servers needed to support disaster recovery & business continuity requirements
  • Up to 23% fewer servers needed – disk drives eliminated

High Availability

  • Built-in support for redundant servers, networks, and databases
  • Eliminates single points of failure
  • Supports high datacenter SLA's

Static or Dynamic Boot Configuration

  • Chose between dynamic (DHCP/PXE) or static (USB or CD‑ROM) bootstrap delivery and configuration
  • Supports a variety of different datacenter infrastructure and management models

Windows and Linux OS Support

  • Provision server workload images based on Windows Server or Linux operating systems

Where’s my enabled Users?

Where’s my enabled Users? I’m going through and fine tuning our Proodpoint Spam solution and noticed one of the filters needs to be updated....