Workspace Environment Manager 4.2

Last Modified: Mar 18, 2017 @ 9:49 am


ūüí° = Recently Updated


Workspace Environment Manager¬†(WEM) is Citrix’s Performance Management and UEM tool for all XenApp/XenDesktop Enterprise or Platinum Customers with active Software Maintenance (Subscription Advantage is not sufficient). The WEM Agent is supported on XenApp 6.5, and XenApp/XenDesktop 7.x. Videos:

Note: WEM does not replace Citrix Profile Management. You usually implement both.

Upgrade WEM¬† ūüí°

To upgrade Citrix WEM:

  1. In-place upgrade the WEM Server. No special instructions.
  2. Use the Database Maintenance tool to upgrade the WEM database. You might have to run the WEM Broker Configuration Tool on each Broker to point to the upgraded database.
  3. In-place upgrade the WEM Console. No special instructions.
  4. In-place upgrade the WEM Agents. No special instructions.

Install WEM Server (Broker Service)

The WEM Broker Service can be installed on one or more servers. The WEM Agent cannot be installed on the Broker Server.

A WEM Server with 4 vCPU and 8 GB RAM can support 3,000 users.

  1. Go to the downloaded Workspace Environment Manager 4.2, and run Citrix Workspace Environment Management Infrastructure Services v4.02.00.00 Setup.exe.
  2. Click Install to install the prerequisites.
  3. In the Welcome to the InstallShield Wizard for Citrix Workspace Environment Magement Infrastructure Services page, click Next.
  4. In the License Agreement page, select I accept the terms, and click Next.
  5. In the Customer Information page, click Next.
  6. In the Setup Type page, click Next.
  7. In the Ready to Install the Program page, click Install.
  8. In the InstallShield Wizard Completed page, click Finish.
  9. C:\Program Files (x86)\Norskale\Norskale Infrastructure Services must be excluded from Antivirus scanning. Or exclude: Norskale Broker Service.exe; Norskale Broker Service Configuration Utility.exe; Norskale Database Management Utility.exe.
  10. Ensure firewall allows the following to the WEM Broker servers:
    • Agent Port defaults to TCP 8286.
    • AgentSyncPort defaults to TCP 8285.
    • AdminPort defaults to TCP 8284.
    • Monitoring Port defaults to TCP 8287.
  11. See¬†CTX218965¬†Error: “Server sent back a fault indicating it is too busy to process the request” and the WEM Agent fails to connect to the Broker Service if you need to throttle the number of connections if you have insufficient resources on the WEM Broker server.¬† ūüí°

Upgrade WEM Database

  1. If this is a new install, skip to Create WEM Database.
  2. The person running Database Management must be a sysadmin on the SQL Server. Or you can enter a SQL login.
  3. On the WEM server, run Database Management from the Start Menu.
  4. If upgrading, in the ribbon, click Upgrade Database.
  5. Enter the SQL Server Name.
  6. Enter the existing WEM Database Name.
  7. Configure the credentials for the WEM service account.
  8. If your account is not a sysadmin on Citrix, then enter a SQL account in the Database Credentials fields.
  9. Click Upgrade.
  10. Click Yes when asked to proceed.
  11. Click OK when prompted that database upgraded successfully.

Create WEM Database

  1. The person running Database Management must be a sysadmin on the SQL Server. Or you can enter a SQL login.
  2. On the WEM server, run Database Management from the Start Menu.
  3. If a new install, in the ribbon, click Create Database.
  4. In the Create database Wizard page, click Next.
  5. In the Database Informations page, enter the SQL server name, and enter a new Database Name. The paths might not be correct so double check them. Then click Next.
  6. In the Database Server Credentials page, if your account has sysadmin permissions, then leave the box checked. Otherwise, uncheck the box, and enter a SQL login that has sysadmin permissions. Click Next.
  7. In the VUEM Administrators section, click Browse, and select your Citrix Admins group.
  8. In the Database Security page, if you intend to load balance multiple WEM servers, then specify a Windows service account for database access. The Broker Service will run as this account. Ryan Revord¬†Load balancing Citrix Workspace Environment Manager. And the new load balancing topic at Install the Citrix Workspace Environment Management Infrastructure Services at Citrix Docs.¬† ūüí°
  9. The Database Creation Wizard also creates a SQL account called¬†vuemUser with an 8 character alphanumeric password. If you want it more complex, check the box and specify the password. Note: if you intend to implement AlwaysOn Availability Group, then you must specify this password, since you’ll be asked for it again when adding the database to the Availability Group. Click Next.¬† ūüí°

  10. In the Database Information Summary page, click Create Database.
  11. Click OK when prompted that the database was created successfully.
  12. Click Finish.
  13. There is a log file at¬†“C:\Program Files (x86)\Norskale\Norskale Infrastructure Services\Citrix WEM Database Management Utility Debug Log.log”

WEM Broker Configuration

  1. On the WEM Server, run Broker Service Configuration from the Start Menu.
  2. On the Database Settings tab, enter the SQL Server name and database name.
  3. Switch to the Advanced Settings tab.
  4. If you intend to load balance WEM Servers, then Browse to a service acccount. This service account must have access to the database. Ryan Revord Load balancing Citrix Workspace Environment Manager.
  5. The service account must be in the local Administrators group on the WEM server.
  6. On the Database Maintenance tab, consider checking Enable Scheduled Database Maintenance.
  7. On the Licensing tab, you can enter a Citrix License Server or newer that has valid licenses. Or you can enter the license server later in the admin console.
  8. Click Save Configuration in the ribbon.
  9. Click Yes when asked to restart the Broker Service.
  10. If you are load balancing WEM servers, then you must also create a Kerberos SPN, where [accountname] is the service account you are using for the Norskale service. Ryan Revord Load balancing Citrix Workspace Environment Manager.
    setspn -U -S Norskale/BrokerService [accountname]

Install WEM Console

  1. Run Citrix Workspace Environment Management Console v4.02.00.00 Setup.exe.
  2. In the Welcome to the InstallShield Wizard for Citrix Workspace Environment Management Console page, click Next.
  3. In the License Agreement page, select I accept the terms, and click Next.
  4. In the Customer Information page, click Next.
  5. In the Setup Type page, click Next.
  6. In the Ready to Install the Program page, click Install.
  7. In the InstallShield Wizard Completed page, click Finish.

WEM Sites

  1. From the Start Menu, run Administration Console.
  2. In the ribbon, click Connect.
  3. In the Database Broker Informations window, enter the WEM Server name, and click Connect.
  4. Some WEM Console settings are global (every agent gets the same setting). So if you want different global settings for different agents, then you create multiple WEM sites. At the top of the window, you can create a new WEM site and/or select an existing WEM site. A “site” is a complete WEM configuration and is completely unrelated to a XenDesktop site. An Agent can only point to one WEM site. Different Agents can point to different WEM sites.
  5. The WEM Group Policy template has a GPO setting to specify the WEM Site name that an agent should use.

Import Recommended Settings

  1. If you have multiple WEM sites, this process should be repeated for each WEM site.
  2. On the right side of the ribbon, click Import Settings.
  3. In the Settings Import Wizard page, click Next.
  4. In the Export File Load section, click Browse, and browse to the \Workspace-Environment-Management-v-4-01-00\Configuration Templates\Default Recommended Settings folder that was included in the WEM download.
  5. In the Settings Type Selection section, check all available boxes, and click Next.
  6. In the Settings Import Processing window, click Import Settings.
  7. Click Yes when prompted to replace.
  8. Click Finish.

WEM Agent Configuration

  1. In the WEM Administration Console, in the Advanced Settings workspace, there are several tabs for configuring the agent.
  2. One you might want to enable is Launch Agent for admins.
  3. Also consider enabling Launch Agent at Reconnect.
  4. On the right, on the Reconnection Actions tab, you can select which modules should be refreshed on reconnect.
  5. The Agent Options tab defaults to processing printers and drives asynchronously.
  6. Setting on these tabs are mostly self-explanatory. Feel free to change any as desired.
  7. The Service Options tab has a setting for Bypass ie4uinit Check. Enabling this eliminates a 2 minute delay before WEM Agent starts. See Marco Hofman at for details.
  8. On the left, in the Advanced Settings workspace, there’s a¬†UI Agent Personalization node.
  9. On the right, in the UI Agent Options tab, you can change the Agent skin, and Preview it.
  10. Other settings on this page let you hide the splash screen.
  11. The Helpdesk Options tab lets you enable Screen Capture.

  12. After Agents are installed, the Administration workspace,¬†Agents node, shows the list of Agents, allowing you to perform actions against an Agent. For example, if UPM settings are not applying to your Agents, you can right-click the Agent, and click¬†Reset Citrix Upm Settings. See¬†Workspace Environment Manager UPM at Citrix Discussions.¬† ūüí°
  13. The System Optimization workspace lets you configure the various optimizations.
  14. Fast Logoff disconnects a session and lets logoff processes run in the background.
  15. CPU Spikes Protection gives processes equal access to the CPU.
  16. From Hal Lange: “CPU Usage Limit should never be set to higher a percentage than one CPU. This will keep a single threaded application from thrashing a CPU.¬† Example:¬†if 2 CPU’s are available, the CPU setting should not be set above 49%,¬†if 4 CPU’s are available, the CPU setting should not be set above 24%”
  17. Hal Lange demonstrates Citrix WEM Performance Optimizations in a YouTube video.
  18. Other tabs on the right let you manually specify CPU priority and/or clamping.
  19. Memory Management periodically reclaims memory from running processes.
  20. IO Management can prioritize process IO.
  21. Process Management lets you Blacklist processes. There’s also a WhiteList, but once something is added to the WhiteList, then all other processes are blocked.
  22. The Policies and Profiles workspace has four nodes.
  23. You can enable Environmental Settings, and configure restrictions that are usually configured in group policy. Peruse the various tabs on the right. Administrators can be excluded from these restrictions.
  24. If you switch to the Citrix UPM Settings node, you can use WEM to configure Citrix¬†Profile Management.¬†WEM 4.2 includes the latest UPM 5.5 and 5.6 features, including: Active Write Back Registry, NTUSER.DAT Backup, and Default Exclusion Lists.¬† ūüí°
  25. If you use WEM to configure UPM settings, but the settings are not applying to the WEM Agent, then see Citrix CTX219086¬†Some UPM or WEM Agent parameters may not be applied by the agent after switching from GPO settings to Workspace Environment Management settings.¬† ūüí°
  26. The File System tab has a useful Profile Cleansing button to remove excluded folders from an existing UPM profile share.

  27. The Monitoring workspace lets you see Logon Time and Boot Time reports.
  28. Double-click a category to see more info.
  29. Configuration node lets you configure Work Day Filtering for Login/Boot Time Reports.

WEM Agent Group Policy

  1. In the WEM Download, go to the \Workspace-Environment-Management-v-4-01-00\Configuration ADM РADMX folder, and copy the .admx file, and the en-US folder to the clipboard.
  2. Go \\\sysvol\\Policies. If you have a PolicyDefinitions folder here, paste the file and folder.
  3. If you don’t have PolicyDefinitions in Sysvol, then instead go to¬†C:\Windows\PolicyDefinitions, and paste the file and folder there.
  4. Edit a GPO that applies to the VDAs that will run the WEM Agent.
  5. Go to Computer Configuration | Policies | Administrative Templates | Citrix | Workspace Environment Manager | Agent Host Configuration.
  6. On the right, double-click Connection Broker Name.
  7. Enable the setting, enter the FQDN of the WEM server (or load balanced name), and click OK. Note: It must be FQDN. Ryan Revord Load balancing Citrix Workspace Environment Manager.
  8. If you want the WEM Agents to connect to a non-default WEM site, then configure the Site Name GPO setting.

Install WEM Agent

  1. On a VDA Master, run the downloaded Citrix Workspace Environment Management Agent Host v4.02.00.00 Setup.exe.
  2. If you are installing the Agent on a Provisioning Services vDisk, there are a couple Agent Installer Switches that let you move the WEM cache file to the PvS cache disk:
    "\\fs01\bin\Citrix\Workspace-Environment-Management-v-4-01-00\Citrix Workspace Environment Management Agent v4.02.00.00 Setup.exe" /v"AgentCacheAlternateLocation=\"D:\WEMCache\" AgentServiceUseNonPersistentCompliantHistory=\"1\""
  3. You can use the¬†ARPSYSTEMCOMPONENT=1 switch to prevent the Agent from showing up in the Programs and Features¬†list where it can be uninstalled. Citrix¬†CTX218964¬†How To Secure a Citrix WEM Agent Installation in Cases Where Users are Local Administrators also details how to configure a group policy to prevent local administrators from stopping the Agent service.¬† ūüí°
  4. Click Install to install the prerequisites.
  5. In the Welcome to the InstallShield Wizard for Citrix Workspace Environment Manager Agent Host page, click Next.
  6. In the License Agreement page, select I accept the terms, and click Next.
  7. In the Customer Information page, click Next.
  8. In the Setup Type page, click Next.
  9. In the Ready to Install the Program page, click Install.
  10. In the InstallShield Wizard Completed page, click Finish.
  11. After installation, check the registry under HKLM\System\CurrentControlSet\Control\Norskale\Agent Host to verify your command line switches applied correctly.
  12. Citrix¬†CTX219839¬†How to Enable Debug Logging on Workspace Environment Management Agent manually, if no connectivity to Broker exists. Set¬†AgentDebugModeLocalOverride and¬†AgentServiceDebugModeLocalOverride to 1.¬†The Norskale Agent Host Service Debug.log file will be written to %ProgramFiles(x86)%\Norskale\Norskale Agent Host.¬†The Agent Log file will be written to the User Profile (i.e. under %UserProfile%).¬† ūüí°
  13. Optionally, you can pre-build the Agent Cache by running AgentCacheUtility.exe, which is located in C:\Program Files (x86)\Norskale\Norskale Agent Host.
  14. It needs the following switches:
    -refreshcache -brokername:MyWEMServer
    From Hal Lange: “AgentCacheUtility does except short values (Eg AgentCacheUtility -r -b:)¬† the broker name should always be in FQDN since this does use Kerberos for the authentication.”
  15. From Hal Lange: “Need to optimize the client by running ngen for .NET optimizations¬†in the x64 and x86 directories. These commands will help optimize ANY .NET application installed on the system
    ngen.exe update
    ngen.exe eqi 1
    ngen.exe eqi 3
  16. C:\Program Files (x86)\Norskale\Norskale Agent Host must be excluded from Antivirus scanning. Or exclude Norskale Agent Host Service.exe; VUEMUIAgent.exe; Agent Log Parser.exe; AgentCacheUtility.exe; AppsMgmtUtil.exe; PrnsMgmtUtil.exe; VUEMAppCmd.exe; VUEMAppCmdDbg.exe; VUEMAppHide.exe; VUEMCmdAgent.exe; VUEMMaintMsg.exe; VUEMRSAV.exe.
  17. If you use WEM to configure UPM settings, but the settings are not applying to the WEM Agent, then see Citrix CTX219086¬†Some UPM or WEM Agent parameters may not be applied by the agent after switching from GPO settings to Workspace Environment Management settings.¬† Delete the machine cache, which is at the following registry location:¬†ūüí°

    This will force VUEM to re-apply the per-machine settings (Microsoft USV or Citrix UPM settings, respectively).

WEM Agent on Provisioning Services

From CTA David Ott at Using Citrix Workspace Environment Management to Redirect Folders via Symbolic Links ‚Äď Speed Up Logon:¬†before shutting down your maintenance/private mode vdisk to re-seal, kill the Norskale Agent Host Service. For whatever reason if you don‚Äôt do this it can cause your vms in standard mode to take an obscenely long time to shutdown.

If you have a PVS environment and you have redirected the WEM cache to the persistent drive, use a startup task to refresh the cache, force restart the Norskale Agent Host Service, and start netlogon after. If the cache doesn’t already exist, WEM doesn’t seem to check with the WEM server. You have to create the cache, and then restart the service so that it reads it, and force restarting the Norskale Agent Host Service will stop netlogon (dependent on it).

WEM Actions Configuration

WEM Actions are similar to Group Policy Preferences.

The general process is as follows:

  • Create the Actions
  • Add AD user groups to the WEM Console.
  • Assign Actions to user groups. Use¬†Conditions and Rules to perform the Action for only a subset of machines or users in the user group.

Create Actions

  1. In the WEM Console, use the Actions workspace to map drives, map printers, create shortcuts (Applications), set registry keys, etc. Click the Add button on the bottom of each node. These Actions are self explanatory.
  2. Some Actions, on the Options tab, have a Self-Healing option. To optimize performance, WEM only applies an action once. The Self Healing option causes it reapply at every logon.
  3. Note: Network Drives have no field for selecting a drive letter. Instead, you configure the drive letter later when assigning the action as detailed below.
  4. Note: Applications have no option for placing a shortcut on the Desktop. Instead, you configure shortcut placement later when assigning the action as detailed below.
  5. After you create Applications (Shortcuts) and assign them, on the agent, there’s a¬†Manage Applications tool that lets users control where shortcuts are created, including pinning to Taskbar and Start Menu.

  6. Applications can be placed in Maintenance Mode. Edit an Application, and find the Maintenance Mode setting on the Options tab.
  7. This causes the icon to change, and a maintenance message to be displayed to the user.

  8. The Applications node has a Start Menu View tab.
  9. For the¬†Printers Action, in the ribbon, there’s a¬†Import Network Print Server button.

  10. For the Registry Entries Action, in the ribbon, there’s an¬†Import Registry File button.
  11. For File System Operations, each Action has an Options tab that lets you set the Type of Action.
  12. For File Associations, “Command” is just the parameters without the executable.

Create Conditions and Rules

  1. Once the Actions are created, you then need to decide under what conditions the Actions are performed. Go to the Filters workspace.
  2. On the top left, switch to the Conditions node, and create Conditions. One or more Conditions are combined into a Rule.
  3. Then switch to the Rules node and create Rules. If you add multiple Conditions to a Rule, all (AND) Conditions must match. There doesn’t appear to be an OR option. The Rules are used later when assigning an Action to a user group.

Add AD Groups to WEM Console

  1. Go to the Configured Users workspace, and add groups and/or users that will receive the Action assignments.

Assign Actions to User Groups

  1. Go to the Assignments workspace. Initially the bottom half is empty. Double-click a group to show the Actions that are available for assignment.
  2. Move an available Action from the left to the right. This assigns the Action to the user group.
  3. You will be prompted to select a Filter, which contains one or more Conditions.
  4. When you move a Network Drive to the right, you’re prompted to select a drive letter.
  5. The list of drive letters is restricted based on the configuration at Advanced Settings workspace > Configuration node > Console Settings tab.
  6. On the right, some Actions have additional options that you can right-click. For example, you can create shortcuts on the desktop.

Modeling Wizard

  1. You can use the Modeling Wizard node to see what Actions apply to a particular user.


In WEM 4.1 and newer, you can enable Transformer, which puts the WEM Agent in Kiosk mode. Users can only launch icons (e.g. Citrix icons). Everything else is hidden. This is an alternative to Receiver Desktop Lock. The interface is customizable.

  1. In the WEM Console, there’s a¬†Transformer Settings workspace with two nodes:¬†General and¬†Advanced.
  2. Enable Transformer and point it to your StoreFront URL. Note, this applies to all users and all agents in this WEM site.
  3. Other settings on the General Settings tab let you customize the appearance, and specify an unlock password. You probably want to disable the Clock. The Navigation Buttons are browser navigation.
  4. Transformer can be unlocked by pressing Ctrl+Alt+U and entering the unlock password.
  5. On the Site Settings tab, you can add website URLs that can be launched from within Transformer.
  6. At the top of the Transformer window is a Sites icon that lets you go to the sites listed in the WEM Console.
  7. The Advanced node lets you configure Transformer to launch a process other than a browser.
  8. The Advanced & Administration Settings tab lets you hide features from Transformer.
  9. To prevent users from accessing the local system, consider checking Hide Taskbar & Start Button.
  10. You probably want Log Off Screen Redirection to redirect users to the logon page when StoreFront logs off.
  11. The Logon/Logoff & Power Settings tab lets you configure the WEM Agent to autologon as a specific account. Transformer then displays the StoreFront webpage where the user enters his or her credentials.

202 thoughts on “Workspace Environment Manager 4.2”

  1. Since installing WEM in the environment on different servers both PVS and NonPVS images I am seeing a lot of BSOD referencing REGISTRY_FILTER_DRIVER_EXCEPTION (135)”upmjit.sys. It actually happened while on a support call with Citrix. I have a ticket open but I was speaking with a “XenApp” tech had heard of Workspace Environment Manager before but knew little to nothing about it and didn’t know who I should even speak with about it. Why am I paying thousands of dollars in support? Anyway…I have submitted the memory dumps and a scout report for Citrix to analyze and get back to me on…this should be interesting.

    1. Another issue I’m seeing is the CitrixProfileManager.exe is eating RAM like Pacman after getting a power pellet. Still no support from Citrix on these WEM issues. Does active write back cause the CPM.exe to eat RAM more than normal?

        1. I updated to XenApp LTSR CU3 about 2 weeks ago and installed UPM 5.6 on the Delivery Controllers since that what the documentation listed as LTSR compatible. Should I update profile management on the Delivery Controllers to 5.7? Is there a piece that needs updated on the Server VDA’s to fix the UserProfileManager.exe process?

          1. Is that separate than the User Profile Manager that gets installed when you install the VDA (C:\Program Files\Citrix\User Profile Manager) or does running the 5.7 installer update those files in that path?

          2. Alright thanks. I’ll submit that for a change next week and hopefully that fixes the UPM issue. Now on to the modified RAM issues with Citrix support…

            Again…thanks for everything. Your guidance is always greatly appreciated.

  2. Carl, I’m not sure if I have something configured wrong or what but it appears RAM optimizations aren’t working correctly. I’m on XenApp 7.6 LTSR CU3 and have WEM installed on 48 servers all running the same image. The policy kicks in correctly and takes the RAM back from the process but under the resource monitor it put’s it in the “Modified” section of RAM saying “Memory whose contents must be written to disk before it can be used for another purpose”. The “modified” RAM just keeps growing and never releases the RAM back to be used. Am I missing a setting somewhere? Thanks,

  3. Hi, does anyone know WEM support NetScaler GSLB for the broker services?
    How does it this solution support the active/active datacenter solutions?

    1. Assuming you’ve handled SQL, I don’t see why not. I assume each Broker instance shares the same SQL database.

    1. I created a startup script that restarts netlogon and the agent service then applied it to a gpo for the servers. Haven’t had any issues as of yet in my testing…but I could be off the mark on that one.

  4. Any chance you can shed some light on the login times under monitoring? What exactly does that measure? In my test environment it’s saying the login times are 1-3 seconds but in reality it’s about 10 seconds before the app is actually launched and usable in the client device. Is that simply meaduring login time to the server and not app launch time?

  5. Carl I could use a little help with the Citrix UPM vs the WEM settings. You say WEM doesn’t replace Citrix UPM but you use both? How exactly does that work? If I have Citrix policies configured in Studio and WEM policies configured for the same thing what happens? Or if there’s differences between the 2 which one wins? I’m guess I’m just confused as to which to use and why one over the other? Any clarification would be greatly appreciated.

    1. Most UEM products have Profile (Personalization) capabilities. WEM does not. So you need to deploy both.

      As for configuring UPM, you can use WEM to configure it. Or you can use more traditional GPO or Studio.

      1. So if I already have UPM setup in Studio and working fine I don’t need to worry about configuring WEM profile settings? If I want to use the WEM settings do I need to turn off the Studio policies? What personalization capabilities are you referring to? Is there a benefit to using UPM over WEM or WEM over UPM besides WEM looking pretty with nice buttons?

        As always, thanks for the help. I don’t know what the Citrix community would do without your guides.

        1. UEM products with Personalization are more capable than UPM. Most of them have a method of specifying specific folders/registry for each application and storing each application in a separate location. When the app is launched, the application’s settings are restored at that time. Check out AppSense, VMware UEM, RES, LiquidWare Labs ProfileUnity, etc.

          1. Ahh thanks. We currently don’t have any of that in place and don’t have any specific profile settings configured besides redirection and minor things. Do you have a preference on using the settings in WEM vs UPM?

          2. If you’re anti-GPO, then you can use WEM to configure it. WEM also has a handy profile cleanup tool if you used WEM to configure UPM.

  6. Is there any way of placing desktop icons of assigned applications in sub directories of the desktop/start menu and not directly on the desktop/start menu, so that we can group in categories?
    If all applications will be put directly on the desktop this will end up in a mess sooner or later.

    1. Yes, under actions, applications, there’s a tab called “Start menu view”, in there you can add subfolders for the startmenu, then by editing an application in the bottom you can select in which folder of the startmenu you want the app to be placed.

      1. Thank you Peter, that improves things for the start menu, but in most cases placing icons on the desktop in sub folders would be much more important. But there is no equivalent like “Desktop View” or something similar to the “Start Menu View”.
        Is there any way to get this done otherwise?

  7. Hi Carl, do you have details on configuring a WEM server to work across multiple domains? I’ve built a WEM server on domain A, with VM’s running on domain B. When a user logs in from domain A every thing works fine, however when a user logs in from domain B, a Norskale Agent Service event log error shows the following:

    Error while retrieving user directory services groups list check log for more details (some sids may not have been translated properly)

  8. I assume there no way to limit how much RAM a user can consume in a session? I can in AppSense Performance Manager but it has a bug where user’s process get permanent placed in Suspended Mode.

  9. Hey Carl do you know if there is a way to trigger the Memory Management outside the application? I’m not even sure this would be possible, but it would be interesting if the Norskale Agent could except command lines so I could do a custom Idle time cleanup on memory. Something like Norskale Agent.exe -MemoryManagement 5 which would then cause anything that has been idle for 5 minutes to be cleaned up. I was thinking I could put something in the external Tasks that on refresh would trigger this.

  10. I’m curious about the flexibly of the server specs. One server at 4vCPU and 8GB RAM will support 3000 users. We don’t have near the need to support that many users currently but we have a dual (active-active) datacenter setup so when we build a server on one side we build the same on the other. I really don’t need two 3000 user servers so can I just run 2vCPUs and 4GB RAM on each server behind the load balancer to equal out to the same thing or is the 4×8 the minimum supported?

      1. Thank you. That’s my initial plan. I’ll update this if I see issues down the road. Great article…always helpful!

  11. In the steps above you call out License Server 11.14.1 or newer but the latest version I see is Is that just a type or am I missing something somewhere.

  12. Thanks for this great article! I have the problem, that the agent cache sync is not working. Synchronization state shows always an error. Running the agentcacheutility.exe doesn’t help. The logs don’t show anything interesting. How can I completly recreate the agent cache?

      1. In the WEM Console I have a red cross under synchronization state. When I run the agentcacheutility.exe I receive the following error: Local Agent cache synchronization occured, please Check debug log for more details. I checked the debug log but there is no further information about this problem.

        1. We’ve had the local change totally stuff itself, especially when moving between sites. We had to remove the agent via appwiz and the manually remove the local database, and then reinstall the agent.

  13. Hi,

    What is the process of upgrading from 4.1 to 4.2 please, I couldn’t see it in the above. The was a section about upgrading the database, but I’m sure there are other areas to upgrade.


    1. Every component is in-place upgrade using a standard install. It’s only the database that is separate. I’ll add a section to clarify.

  14. Hey Carl,

    Does the Transformer agent automatically launch a desktop when you configure it? We’re using WI 5.4 and when we connect to the same site in Internet Explorer, the single desktop launches fine. WEM on the other hand, when using the same site, looks like it ties to auto launch it (you see the spinning graphic for a few seconds) but nothing ever happens (the blue play graphic is shown). You can then click on it and see it launch without issue. It’s almost as if the IE frame it’s rendering is sort of incapable of handling the ICA download. Or maybe we’ve broken something.


    1. We’ve tried the site in both local intranet and trusted and still no dice via WEM, but fine via the full browser. This is 64-bit Windows 10 (1607).

        1. Citrix have confirm they will not release a private for this. They have asked us to submit a business case for a feature enhancement. On we go..

  15. One of Citrix related document mention that in case WEM on XenApp, DFSS or any other CPU optimization should be disabled. Any information on that with right approach? I our case I am trying to load WEM for Windows 2016 and this portion is unclear, if anything should be done prior WEM agent installation.

    Thank you in advance,

      1. Thought WEM was only for XenApp 7.9 (or 7.6) and higher?
        1 off the things that i faced was in the GPO settings, the field for brokername and site-name contained unwanted spaces, cleaing those, made the agents show up in my console.

      2. Got Fixed as we use F: for cache disk

        Have another query though,I have created multiple sites as per my WG but how to do I force site details to agents on their respective sited. Do I need to have a policy at each OU level with respective site names. Or can I edit the reg for site.

  16. I have been trying to make a silent install of the agent, but haven’t been able to find the correct parameters yet.
    I am also using the paramters suggested in this article:
    /v”AgentCacheAlternateLocation=\”D:\WEMCache\” AgentServiceUseNonPersistentCompliantHistory=\”1\””

    And if I add /? so the agent .exe file, it tells me a silent install need this paramters:
    /S /v/qn

    If I then try to install it with these paramters:
    /S /v/qn”AgentCacheAlternateLocation=\”D:\WEMCache\” AgentServiceUseNonPersistentCompliantHistory=\”1\””
    Then it installs silently, but it doesn’t add the AgentCacheAlternateLocation and AgentServiceUseNonPersistentCo… to the registry.

    I also tried with /S /qn /v”AgentCacheAlternateLocation=\”D:\WEMCache\” AgentServiceUseNonPersistentCompliantHistory=\”1\”” – but then it doesn’t make a silent install.

    Has anyone tried making a silent install?

    1. Hi Kim,

      The /v option tells the setup.exe to parse parameters to the Windows Installed (msiexec.exe). The parameter /QN is a Windows Installer parameter. So it has be come after the /v command, like this: Setup.exe /s /v‚ÄĚ/qn /norestart /l ‚Äú\C:\Logs\WEM.log\‚ÄĚ‚ÄĚ
      Please allow me to direct you to an article I wrote this week explaining this in more detail:



  17. We have checked the “Launch Agent for Admins” flag in the Main Configuration, but on some machines (not on all!) the settings for the one and the same admin user are not applied.

    Digging around we then found that the ClientResultantActionsViewer is showing no admin privileges for this admin user, even though the Windows User Manager is clearly stating that he IS domain admin.

    Then, as soon as we start the VUEMUIAgent.exe with administrative privileges from the context menu, suddenly the WEM settings get applied and also the ClientResultantActionsViewer us showing the admin privileges!

    And the strange thing is that on some identically deployed other machines in other subnets, everything is ok without explicitly running the applications with admin privileges.

    Anyone with some insights on this?

  18. Carl – awesome write up on this as usual! You mentioned 3000 users for a 4vCPU & 8 GB RAM server which I can see comes directly from the Citrix WEM administration guide. Do you have any guidance larger environments? Would you just add a 2nd server and load balance them? Or would you have to increase the size of the server? Both? Just curious your thoughts on this. Thanks!

    1. Hal Lange has done several large deployments. I think he said he’s seen 5,000 users on a single server. But yes, you can easily scale out by load balancing. Or you can make it more of a pod architecture.

      1. We spoke to Citrix about this specifically, and the advice was to throw more VMs at it and jam them it in front of a load balancer. It’s all stateless UDP so that’s pretty easy. You can scale the individual VMs further if you wish, but I’m always cautions about the number of vCPUs I allocate to a given VM.

  19. Great Stuff.
    Just facing 1 issue, when a user starts a published XenApp desktop (7.9), the sessions freezes completely, and will only unfreeze when I click “Refresh Workspace Agents” from the administration console. (then the icon in the taskbar pops-up and all works great)
    (using WEM 4.1)
    Any hints or clues?

  20. Anyone use WEM and UPM together? Im having this issue that WEM loads like after 2 minutes when logged on when UPM is enabled. When i disable the UPM service WEM agents start instant on logon.

    1. Check:
      Bypass ie4uinit Check: by default, the Agent service will wait for ie4uinit to run before launching the Agent executable. This setting forces the Agent service to not wait for ie4uinit.

  21. I have an issue with creating application links. On my WEM administration server are not installed any apps (e.g. MS Office). That’s why I have to copy the whole path (e.g. of MS Word) from another server to the wizard. But this path is not available at the WEM server. As a result I can create the application but I don’t have an icon for it.

    1. You can easely start the WEM administration console from your VDI. Logon to you VDI with admin cred’s, and browse to the \\adminserver\c$ and launch the console there.

Leave a Reply