Tuesday Sep 25, 2007

Citrix releases updated Solaris x86 ICA client

I have three things to say:

1) Finally

2) Thank you Citrix! (and our mutual customers thank you as well!)

3) Game Freaking On!

Get the download here: 


A couple of notes:

Smart card authentication does not work with SRSS 4 U2 and PCSC-Lite 1.0.  Sun is working on that.  Seems to work just fine with SRSS 3.1 and SRCOM 2.0

Some X Windowing errors when used with TSOL. (Sun investigating that as well)

Friday Jul 27, 2007

Hot Desking with Topaz Signature Pads On Citrix

You can use serial based signature capture pads such as the Topaz SigLite 1X5 with Windows Sessions using either Citrix or an RDP client.  Normally these things work just fine, however you will find that if you attempt to hot desk to another Sun Ray you'll get an error trying to use the signature pad stating basically that the COM Port is in use or does not exist.  There are three things that you must do.

You'll want to ensure that you are using the utports script along with a utaction so that the mapping to the com ports is always correct and the port you mapped (i.e. COM1:) gets mapped to the new Sun Ray.

Under Citrix, you must also do net use com1: \\\\client\\com1:

Normally that should be it.   Unless you hot desk.  Citrix holds the ports open and when you hot desk, not only does Sun Ray close the port, the mapping also changes from one physical Sun Ray to another.  This will render the sig pad useless and it won't recover even if you close the app, unmap and remap the com port.  You can add the following line to the wfclient.ini to the [WFClient] section


The only subtlety is which file to edit.  If a normal Solaris user, you'd edit $HOME/.ICAClient/wfclient.ini, if CAM using prototypes you'd edit the copy of wfclient.ini in the prototypes directory, and if using the master files you'd edit /usr/lib/ICAClient/config/wfclient.ini.

 You can now hot desk between Sun Rays and use your signature pad as you move.  Depending on how the application that accesses the pad opens and closes the com port, you might have to stop and start the application however.  Since most users write their own application to use these devices, make sure that you close the port after the signature is captured.

Monday Jul 02, 2007

Don't use xmodmap fix to Alt+Tab with RDP Clients

I've seen a few CAM scripts here and there that use the following command in order to fix an issue with Alt+Tab:

xmodmap -e "clear mod1"

This command is for only for CAM scripts that call the Citrix client, and only when using dtsession to send the alt+tab to windows rather than the local window manager (CDE) since the Solaris version of the ICA client does not have the option (yet) to grab the whole keyboard.

This command does bad things when used with the Sun Ray Connector for Windows or RDesktop (both of which do grab the whole keyboard) such as messing up normal alt+function key behaviors.

There really is no need to use dtsession for any full screen windows deployment, even if using xvkbd to lock the screen.  See the following entry for more details on using xvkbd without dtsession.


Monday Feb 12, 2007

Disabling PIN based logins to Citrix

Sure, most people want to know how to do smart card based logins to windows.  However, some people don't want the hassle. 

Recently we had a customer that wanted to access a smart card from a Solaris perspective, but did not want to do so from Windows. 

That presents a problem since the customer uses Citrix and the ICA client detects the presence of the library libpcsclite that is loaded as part of SUNWsrcbp (Sun Ray PCSC SRCOM Bypass).

With this package loaded (required to do the Solaris smart card stuff) the Citrix client would automatically redirect the smart card channel.  Normally that's a "good thing".  In this case it's not. 

This will result in one of two things happening:

1) User gets prompted for a PIN at the Windows login screen.  They then have to click cancel to get to the username/password entry.  Annoying at best.

2) User gets a message that the required drivers are not supplied on the Server.  Really annoying and probably will result in a lot of help desk calls.  This would happen if you used Payflex cards or any other smart card that is not supported by default under Windows.

Brad and I started bouncing around ideas in our normal one-upmanship tone via email.

First thought, remove the reg key for Citrix smart card hooks.  I like it, Brad doesn't.  He's right though, what if they want to use smart cards from other clients.  They don't but hey, I'll give the whipper-snapper a point there.  What he could have said that would have "slam dunked" me with was to not require changes to the Windows Servers to support Sun Ray.  I wouldn't have had a comeback for that.  He'll learn.  :)

Brad thinks moving the library and fooling the ICAClient is good idea, I don't.  I'm thinking about support implications (Sir you are missing libraries X,Y,and Z).  Score one for me for actually thinking about support implications.  For those of you that don't know me, that's a huge step.  Kind of like an alcoholic admitting they have a problem.

Fortunately the answer was right in front of us the whole time.  Since Citrix is fairly modular, we can turn off the smart card channel in a config file. 

Solution:  Edit /usr/lib/ICAClient/config/module.ini.  Under the [ICA 3.0] section change SmartCard=On to SmartCard=Off.

Wednesday Nov 22, 2006

Windows Lock Screen Update

If you read my earlier post, you'd see a caveat that states "xvkbd requires a window manager, so leave dtsession as an application to launch in CAM".

Well, that's not entirely correct.  In fact it's not correct at all.  Rdeskop, Sun Ray Connector, and Even SGD work just fine if you try to lock the screen without dtsession.  The trick is to not have utaction call a script.   i.e.:

/opt/SUNWut/bin/utaction -i -d "/usr/openwin/bin/xvkbd -text '\\Ml'" &

(or what ever sequence you need...See the post mentioned above for SGD, XP, Win2K)

But...(there is always a but).  It does not work with Citrix.  It only seems to work with Citrix if you have dtsession enabled.

Until now.  You can dump dtsession and have the smart card lock the screen using xvkbd using Citrix.  The trick here, not really a trick, is to have utaction call a script.  It's the magic in the script that tells xvkbd what window to send the keystrokes to.  Let's say your CAM script that called Citrix looked like this:

set -x
/opt/SUNWut/bin/utaction -i -d "/opt/Citrix/winlock" &
/usr/lib/ICAClient/wfica -desc Desktop

Your winlock will look like this:

set -x
WINID=`/usr/openwin/bin/xwininfo -name "Desktop "|grep xwininfo |awk '{print $4}'`
/usr/openwin/bin/xvkbd -window $WINID -text '\\Ml'

The key is the -name part.  It actually matches exactly what you call your published app (i.e. the -desc part of your wfica script).  It also needs to be in quotes and have the trailing space.  If you have a different name, you can figure it out doing the follow:

Before removing dtsession, add a new CAM app for dtterm (/usr/dt/bin/dtterm).  Set it to be default so it launches.  So on your screen you may have a full screen Citrix session and a terminal.  The terminal may be behind the ICA window, so you might have to alt+tab to get to it.
Then you can just type xwininfo in the dtterm and click on the Citrix session to get the proper name (quotes/# of trailing spaces/etc) to use for your winlock script.

That's it.  This little tip will save you at least 30 MB of RAM per session.

Monday Nov 06, 2006

Citrix Presentation Server Developer License

In the past it has been somewhat of a hassle to get a copy of Citrix Presentation Server for testing purposes.  90 day evals could be had by contacting a Citrix Partner.  If you were lucky enough to be part of the Citrix Business Alliance, you could get Not for Resale licenses.

Now Citrix has made it easier for everyone by offering free developer licenses for Presentation Server.  All you need to do is create an account on My Citrix.

Once that's done, log in, Download > Product Software > Citrix Presentation Server - Developer Edition.

(h/t Matt Hatley )

Update:  It's kind of neat.  A 732 day grace period.  Amazing grace.




Think Thin is a collection of bloggers that work with Oracle's Virtual Desktop portfolio of products.


« February 2017