ipsec service fails to start and no network

apparently a known issue.  had no network after some windows updates on a windows 2003 VM

in the eventvwr:

The IPSec driver has entered Block mode. IPSec will discard all inbound and outbound TCP/IP network traffic that is not permitted by boot-time IPSec Policy exemptions.

The IPSEC Services service terminated with the following error:
The system cannot find the file specified.

  • check if there are any entries in HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local
  • if so, delete that subkey
  • then run regsvr32 polstore.dll
  • restart the ipsec service

Citrix Provisioning Server Links

Some must read links about Citrix Provisioning Server before you start playing with it.


citrix session doesn’t close after the user closes the application.

Sometimes a seamless user session doesn’t get closed properly after the seamless applications got closed.

Investigate which executables are keeping the session open, and add the executable to the following registry key.

Value Name: LogoffCheckSysModules
Type: REG_SZ
String: executabletoclose.exe

xenapp 6 issues and tips

black screen during logon (= no logon feedback to user)

this one is annoying.  While the user is logging on to the desktop, the ICA client only displays a Black Window, untill the user is logged on.
Citrix forum thread here :
best workaround until citrix delivers a server side fix : disable citrix enhanced logon feedback. Citrix KB here , regkey is HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Citrix\Logon\DisableStatus (64 bit os)

server hanging during shutdown

known, fixed issue.  Servers hang during a shutdown, which is risky with sheduled reboots at night.
more info, citrix kb & citrix forum

Progressive Compression causes flickering in a published internet explorer

from the citrix forums :

1. Obtain an experimental private fix from Citrix Technical Support that will disable Off Screen Surfaces from an ICA level. This can be obtained by contacting Citrix Technical Support (if you have a support agreement) and referencing Citrix Problem Report #236384. At this time, we have a fix for XenDesktop 4.0 available and other products would require development of the fix as required.


2. Disable the Off Screen Surfaces feature from the client side by changing the EnableOSS registry entry located under:

HKEY_CURRENT_USER\Software\Citrix\ICA Client\Engine\Lockdown Profiles\All Regions\Lockdown\Virtual Channels\Thinwire Graphics\

citrix list of recommended hotfixes :

citrix came up with a list of recommended hotfixes for XenApp 6 & Windows 2008R2 (SP1)  here : http://support.citrix.com/article/CTX129229

qfarm /load gives 20000 and no license server found

check http://support.citrix.com/article/CTX125363 & request limited release hotfix if applicable.

Client Drives Cannot be Accessed in XenApp 6.0 Running on VMWare ESX

issue between vmware tools & citrix client drive mapping.  only happens when a full vmware tools install (including vmware shared folders) has happened.
more info, here at citrix KB

hide and disable windows libraries

not exactly an issue, currently the only way i’ve found to hide & disable windows libraries is :










get rid of power shell & server manager icons for all users

only found an old skool solution for this.  Remove user access to the shortcuts before the profiles get created.  Done via GPO.  More here @ technet

default printer & devices reveals too much information

create a folder called printers.{2227A280-3AEA-1069-A2DE-08002B30309D} on a desires place in the start menu.

or publish / creaste shortcut with as command : C:\Windows\explorer.exe” ::{2227A280-3AEA-1069-A2DE-08002B30309D}

or publish / create shortcut with as command : RUNDLL32 SHELL32.DLL,SHHelpShortcuts_RunDLL PrintersFolder

install telnet client & dsa.msc

Like to have these two on all my servers for troubleshooting :

PS C:\Windows\system32> Import-Module ServerManager
PS C:\Windows\system32> Add-WindowsFeature RSAT-ADDS-Tools
PS C:\Windows\system32> Add-WindowsFeature Telnet-Client

novell vs ad vs wireless nic vs slow logon time

If you would have a mixed Novell / AD combo, you might experience slow logon times on your laptop (2-3 minutes delay or more after pressing CTRL ALT DEL).  Just check if the windows wireless zero configuration service is disabled.  If you have, enable it.  Even if you’re not using the wireless nic.  Other option : disable the wireless nic.

more info can be found here @ novell
or at this forum post, or this one

howto configure proxy info in Virtual Center Update Manager 2.5

1) user proxy auhtentication can be set via the command line util VUM-proxyauthcfg,exe

2) proxy settings can be set in vci-integrity.xml

both can be found in the update manager install dir

provisioning services vs w2k8r2 system reserved partition

2 nice posts on http://www.vmwareinfo.com about provisioning Windows 2008 / Windows 7 with Citrix Provisioning services.

one post explains howto create a Windows 2008R2 server without a 100MB system reserved partition

and one post that explains how to get rid of that 100MB partition if it’s already there