Director 2402 LTSR

Last Modified: Apr 17, 2024 @ 3:28 am

Leave a comment

Navigation

💡 = Recently Updated

Change Log

  • 2024 April 17 – Updated Install section for version 2402
    • Replaced screenshots with new theme

Director Licensing – Premium Edition

Here’s a list of Director features that require CVAD Premium Edition licensing.

  • Up to a year’s worth of performance data
    • Other editions keep up to 30 days of performance data
  • Probes
  • Alerts
  • OS usage reporting
  • Create customized reports
  • Reboot warnings
  • NetScaler Console integration – HDX Insight

See Citrix Docs Feature compatibility matrix for a list of which Director feature came with each version, and the licensing Edition needed for each feature.

Install/Upgrade Director 2402 on Standalone Server

Current Release vs LTSR – Director version 2402 is a Long Term Support Release, which is supported for 5 years from its February 2024 release date. Citrix Support might require you to install the latest Cumulative Update for 2402.

Install on Delivery Controller? – The Citrix Virtual Apps and Desktops (CVAD) Delivery Controller metainstaller has an option to install Director on the Delivery Controller machine. Or you can install Director on separate, dedicated machines.

  • If Director will connect to multiple sites/farms, then install Director on its own servers.
  • For small environments, it might be OK to install Director on the Delivery Controller machines. Otherwise, Director is usually installed on separate machines.
  • Director is an IIS website. If you install Director, then IIS is also installed.

Scripted install – To install and configure Director using a script, see Dennis Span Citrix Director unattended installation with PowerShell.

Manual installation – To install Director manually:

  1. Run AutoSelect.exe from the Citrix Virtual Apps and Desktops 2402 ISO.
  2. In the Extend Deployment section, on the bottom left, click Citrix Director.
  3. In the Licensing Agreement page, select I have read, understand, and accept the terms, and click Next.
  4. In the Core Components page, click Next.
  5. In the Delivery Controller page, it will ask you for the location of one Delivery Controller in each farm. Only enter one Delivery Controller per farm. If you have multiple Director servers, each Director server can point to a different Delivery Controller in each farm.
    • From Citrix Docs: Director automatically discovers all other Delivery Controllers in the same Site and falls back to those other Delivery Controllers if the Controller you specified fails. Click Test Connection, and then click Add.
  6. You can optionally force SSL/TLS for the Monitoring service by following the instructions at Data Access Security at Citrix Developer Documentation. Also see CTX224433 Error: “Cannot Retrieve Data” on Citrix Director Dashboard After Securing OData Interface Through TLS.
  7. In the Features page, click Next.
  8. In the Firewall page, click Next.
  9. In the Summary page, click Install.
  10. In the Finish page, click Finish.
  11. In IIS Manager, go to Default Web Site > Director > Application Settings, find Service.AutoDiscoveryAddresses and make sure it points to one Delivery Controller in the farm and not to localhost. From Citrix Docs: Director automatically discovers all other Delivery Controllers in the same Site and falls back to those other Delivery Controllers if the Delivery Controller you specified fails.
  12. If you built multiple Director servers, use NetScaler to load balance them.
  13. Reconfigure the default domain in LogOn.aspx since upgrading overwrote your domain name configuration.
  14. For info on the new monitoring features in Director, see Use Director below.

Director Default Web Page

From Carl Webster How to Make Director the Default Page within IIS: If Director is installed on a standalone server, do the following to set /Director as the default path. If Director and StoreFront are on the same server, then you’ll probably want StoreFront Receiver for Web as the default web page instead of Director.

  1. Open Notepad elevated (as administrator) and paste the following text: 
    <script type="text/javascript">
<!--
window.location="https://director.corp.com/Director";
// -->
</script>
  2. Adjust the window.location line to match your FQDN.
  3. Select File > Save As and browse to the IIS folder, by default C:\inetpub\wwwroot is the IIS folder.
  4. Select the Save as type to All types.
  5. Type a file name with an html extension and select Save.
  6. Open IIS Manager.
  7. Select the SERVERNAME node (top-level), and double-click Default Document, as shown in the following screen shot:
  8. On the right, click Add…,
  9. Enter the file name of the .html file provided in Step 5.
  10. Ensure the .html file is located at the top of the list, as shown in the following screen shot:

Director Domain Field

On the Director servers, locate and edit the ‘LogOn.aspx’ file. By default, you can find it at C:\inetpub\wwwroot\Director\Logon.aspx

In line 472 you will have the following. To find the line, search for ID=”Domain”.

<asp:TextBox ID="Domain" runat="server" CssClass="text-box" onfocus="showIndicator(this);" onblur="hideIndicator(this);"></asp:TextBox>

In the ID=”Domain” element, insert a Text attribute and set it to your domain name inside quotes. Don’t change or add any other attributes. Save the file.

<asp:TextBox ID="Domain" runat="server" Text="Corp.local" CssClass="text-box" onfocus="showIndicator(this);" onblur="hideIndicator(this);"></asp:TextBox>

This configuration prepopulates the domain field text box with your domain name and still allow the user to change it, if that should be required. Note: this only seems to work if Single Sign-on is disabled.

Director Tweaks

Session timeout

By default, the idle time session limit of the Director is 65 min. If you wish to change the timeout, here is how to do it:

  1. Log on to the Director Server as an administrator.
  2. Open the ‘IIS Manager’
  3. Browse to ‘Sites > Default Web Site > Director’ in the left-hand pane.
  4. Open ‘Session State’ in the right-hand pane.
  5. Change the ‘Time-out (in minutes)’ value under ‘Cookie Settings’
  6. Click ‘Apply’ in the Actions list

SSL Check

If you are not securing Director with an SSL certificate you will get this error at the logon screen.

To stop this:

  1. Log on to the Director Server as an administrator
  2. Open the ‘IIS Manager’
  3. Browse to ‘Sites > Default Web Site > Director’ in the left-hand pane.
  4. Open ‘Application Settings’ in the right-hand pane.
  5. Set UI.EnableSslCheck to false.

Disable Activity Manager

From Disable the visibility of running applications in the Activity Manager in Advanced Configuration at Citrix Docs: By default, the Activity Manager in Director displays a list of all the running applications and the Windows description in the title bars of any open applications for the user’s session. This information can be viewed by all administrators that have access to the Activity Manager feature in Director. For Delegated Administrator roles, this includes Full administrator, Delivery Group administrator, and Help Desk Administrator.

To protect the privacy of users and the applications they are running, you can disable the Applications tab from listing running applications.

  • On the VDA, modify the registry key located at HKLM\Software\Citrix\Director\TaskManagerDataDisplayed. By default, the key is set to 1. Change the value to 0, which means the information will not be displayed in the Activity Manager.
  • On the server with Director installed, modify the setting that controls the visibility of running applications. By default, the value is true, which allows visibility of running applications in the Applications tab. Change the value to false, which disables visibility. This option affects only the Activity Manager in Director, not the VDA. Modify the value of the following setting:
    UI.TaskManager.EnableApplications = false

Large Active Directory / Multiple Forests

From CTX133013 Desktop Director User Account Search Process is Slow or Fails: By default, all the Global Catalogs for the Active Directory Forest are searched using Lightweight Directory Access Protocol (LDAP). In a large Active Directory environment, this query can take some time or even time out.

If multiple forests, see Citrix Blog Post Using Citrix Director in a MultiForest Environment.

  1. In Information Server (IIS) Management, under the Desktop Director site, select Application Settings and add a new value called Connector.ActiveDirectory.ForestSearch. Set it to False. This disables searching any domain except the user’s domain and the server’s domain.
  2. To search more domains, add the searchable domain or domains in the Connector.ActiveDirectory.Domains field.

Site Groups

From Citrix Blog Post Citrix Director 7.6 Deep-Dive Part 4: Troubleshooting Machines:

If there are a large number of machines, the Director administrator can now configure site groups to perform machine search so that they can narrow down searching for the machine inside a site group. The site groups can be created on the Director server by running the configuration tool via command line by running the command:

C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /createsitegroups

Then provide a site group name and IP address of the delivery controller of the site to create the site group.

Director – Saved Filters

In Director, you can create a filter and save it.

The saved filter is then accessible from the right side of the Filters node by clicking the Saved Filters tab.

The saved filters are stored on each Director server at C:\Inetpub\wwwroot\Director\UserData. Each user has their own saved filters. The saved filters are not replicated across Director servers.

You can instead configure multiple Director servers to store the filters on a shared UNC path:

  1. Create and share a folder (e.g. DirectorData).
  2. The Director server computer accounts need Modify permission to the share.
  3. On each Director server, run IIS Manager.
  4. Go to Sites > Default Web Site > Director. In the middle, double-click Application Settings.
  5. Change the Service.UserSettingsPath setting to the UNC path of the new share.
  6. Repeat this on other load balanced Director servers.

Director and HDX Insight

You can connect Director to NetScaler Console (formerly ADM) to add Network tabs to Director’s Trends and Machine Details views. Citrix Blog Post Configure Director with NetScaler Management & Analytics System (MAS).

  1. Run “C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe” /confignetscaler
  2. Select NetScaler Management and Analytics System

Director Grooming

If Citrix Virtual Apps and Desktops (CVAD) is not Premium Edition, then all historical Director data is groomed at 30 days.

For Citrix Virtual Apps and Desktops (CVAD) Premium Edition, by default, most of the historical Director data is groomed at 90 days. This can be adjusted up to 367 days by running a PowerShell cmdlet.

  1. On a Delivery Controller, run Get-MonitorConfiguration to see the current grooming settings.
  2. Run Set-MonitorConfiguration to change the grooming settings.

More details on Monitor Service data aggregation and retention can be found at Data granularity and retention at Citrix Docs.

Director Single Sign-on

You can configure Director to support Integrated Windows Authentication (Single Sign-on). Note: there seem to be issues when not connecting from the local machine or when connecting through a load balancer.

  1. Run IIS Manager. You can launch it from Server Manager (Tools menu), or from the Start Menu, or by running inetmgr.
  2. On the left, expand Sites, expand Default Web Site, and click Director.
  3. In the middle, double-click Authentication in the IIS section.
  4. Right-click Windows Authentication and Enable it.
  5. Right-click Anonymous Authentication and Disable it.
  6. Pass-through auth won’t work from another computer until you set the http SPN for the Director server. See Director 7.7 Windows Authentication not working with NS LB at Citrix Discussions.
  7. If Director is not installed on a Controller, then you’ll need to configure Kerberos delegation.
  8. If you are load balancing Director then additional config is required. See Director 7.7 Windows Authentication not working with NS LB at Citrix Discussions for more info.
    1. The FQDN for Director load balancing should be different than the FQDN for StoreFront load balancing.
    2. Create an AD service account that will be used as the Director’s ApplicationPoolIdentity.
    3. Create SPN and link it to the service account. 
      setspn -S http/loadbalanced_URL domain\user
    4. Trust the user account for delegation to any service (Kerberos only) (trust the Director servers for delegation is not necessary in this case). You have to create the SPN before you can do this step.
    5. In IIS manager, on the Application Pools (Director), specify the Identity as user we have created earlier.
    6. In IIS manager, expand Default Web Site, select Director, and open the Configuration Editor (bottom of the middle pane).
    7. Use the drop-down to navigate to the following section: system.webServer/security/authentication/windowsAuthentication
    8. Set useAppPoolCredentials = True, and useKernelMode = False. Click Apply on the top right.

  9. When you connect to Director you will be automatically logged in. You can change the login account by first logging off.
  10. Then change the drop-down to User credentials.

Director – Multiple Citrix Virtual Apps and Desktops (CVAD) Sites/Farms

  1. Run IIS Manager. You can launch it from Server Manager (Tools menu) or from the Start Menu, or by running inetmgr.
  2. On the left, expand Sites, expand Default Web Site, and click Director.
  3. In the middle pane, double-click Application Settings.
  4. Find the entry for Service.AutoDiscoveryAddresses, and double-click it.
  5. If Director is installed on a Controller, localhost should already be entered.
  6. Add a comma, and the NetBIOS name of one of the controllers in the 2nd Citrix Virtual Apps and Desktops Site (farm). Only enter one Delivery Controller name. If you have multiple Director servers, you can point each Director server to a different Delivery in the 2nd Citrix Virtual Apps and Desktops Site (farm).
    1. From Citrix Docs: Director automatically discovers all other Delivery Controllers in the same Site and falls back to those other Delivery Controllers if the Delivery Controller you specified fails.
    2. You can optionally force SSL/TLS for the Monitoring service by following the instructions at Data Access Security at Citrix Developer Documentation.

Director Process Monitoring

Director has Process Monitoring, which is detailed in Citrix Blog Post Citrix Director: CPU, Memory Usage and Process Information.

Process Monitoring is disabled by default. To enable it, configure the Enable process monitoring setting in a Citrix Policy. For Citrix Policies in a GPO, find this setting in the computer half of the GPO. Note: this setting could significantly increase the size of the Monitoring database.

Director Alerts and Notifications

Director supports alert conditions and email notifications. This feature requires Citrix Virtual Apps and Desktops (CVAD) to be licensed with Premium Edition. See Citrix Blog Post Configuring & Managing Alerts and Notifications Using Director for more information.

For CPU, Memory, and ICT RTT alerts, see Citrix Blog Post 7 New Categories in Director for Proactive Notifications & Alerts

Director supports Hypervisor Alerts from vSphere and Citrix Hypervisor. The alerts are configured in the hypervisor (e.g., vCenter). When triggered, the hypervisor alerts can be viewed in Director. Director can send email notifications when hypervisor alerts are triggered.

  • Hypervisors can generate many alerts, but Director does not have a bulk method of clearing those alerts. Citrix wrote a PowerShell script named DismissAlerts.ps1 that runs a SQL query to clear the Hypervisor alerts.

To configure alerts in Director:

  1. While logged into Director, click the Alerts node.
  2. On the right, switch to the Email Server Configuration tab.
  3. Enter your SMTP information and click Send Test Message. Then click Save.


  4. Switch to the Citrix Alerts Policies tab.
  5. There are four high-level categories of alerts: Site Policy, Delivery Group Policy, Multi-session OS Policy (aka Server OS Policy), and User Policy. Click whichever one you want to configure.
  6. Director has built-in alert policies. All you need to do is add notification email addresses to the built-in policies.
  7. In Director 1811 and newer, in the Site Policy tab, click Edit for the built-in Hypervisor Health policy.

    • In the Send mails field, enter a destination email address and click Add. Click Save when done.
  8. On the Delivery Group Policies tab, find the built-in Smart Alert, and then click Edit. Note: this Smart Alert might not appear until you create a Delivery Group in Citrix Studio.

    1. Notice the Conditions that are already enabled. You can change them or add more.
    2. At the bottom of the page, you can enter a destination email address and click Add. Then click Save.
  9. You can create custom Alert Policies by clicking the Create button on any of these tabs.
  10. For Multi-session OS Policy (aka Server OS Policy) and User Policy, there are ICA RTT alerts.
  11. Citrix has an experimental Desktop Notification Tool. See Citrix Blog Post Desktop Notification Tool For Citrix XenDesktop.

Director – StoreFront Probes

If you are licensed for Premium Edition, then you can install probe agents on remote machines and the probe agents can periodically check if an application can be launched through StoreFront.

Custom Studio Role for Probe Administrator

  1. Create a new user account just for probe administration (e.g CORP\ProbeAdmin).
  2. In Citrix Web Studio, at Administrators, on the Roles tab, create a new Role with the permissions shown below.

    • Delivery Groups > Read-only
    • Director > Create\Edit\Remove Alert Email Server Configuration
    • Director > Create\Edit\Remove Probe Configurations
    • Director > View Applications page
    • Director > View Configurations page
    • Director > View Trends page
  3. On the Administrators tab, add an administrator, select your ProbeAdmin account, and assign it the custom Probe Administrator role that you just created.

StoreFront HTTP Basic Authentication

  1. In StoreFront Console, right-click your Store, and click Manage Authentication Methods.
  2. Check the box next to HTTP Basic, and click OK.

Install Probe Agent

To automate the installation and configuration of the Probe Agent, see CTX493268 Automating Citrix Probe Agent Installation and Configuration, or see CTA Dennis Span Citrix Application Probe Agent unattended installation.

On one or more remote machines, download and install the Probe Agent.

  1. Download the Citrix Application Probe Agent 2402. To see it, expand Components that are on the Component ISO but also packaged separately.
  2. On a physical machine in a remote office, install Workspace app 1903 or newer if it isn’t installed already.
  3. Run the downloaded CitrixProbeAgent2402.msi.
  4. In the Welcome to the Citrix Probe Agent Setup Wizard page, click Next.
  5. In the End-User License Agreement page, check the box next to I accept the terms, and click Next.
  6. In the Destination Folder page, click Next.
  7. In the Ready to install Citrix Probe Agent page, click Install.
  8. In the Completed the Citrix Probe Agent Setup Wizard page, click Finish.

Configure Probe Agent

  1. Every Probe Agent machine should have unique StoreFront test user credentials. Create unique accounts for each machine.
  2. From the Start Menu of the remote machine, launch Citrix Probe Agent.
  3. Click Start.
  4. In the Configure Workspace Credentials page, enter the StoreFront Receiver for Web URL, or enter a Citrix Gateway URL.
    • For Citrix Gateway, the Citrix Gateway Virtual Server must be configured with RfWebUI theme. Other themes, like X1 theme, do not work.
    • Probe Agent 2308 and newer support Citrix Gateway authentication with Native OTP.
  5. Enter the username and password for the probe user for this machine.
  6. Click Next.
  7. In the Configure to Display Probe Result page, enter the URL to Director. Make sure you include /Director at the end of the URL.
  8. Enter the Probe Admin credentials and click Validate.
  9. Select a Site (farm) if there’s more than one.
  10. Click Next.
  11. In the View Summary page, you may close the window.
  12. Login to Director as the Probe Admin account.
  13. On the left, click Probes. On the right, click the Configuration tab.
  14. At the top of the page, select either Application Probe, or Desktop Probe.
  15. Click Create Probe.
  16. In the Create Probe page:
    1. Give the probe configuration a name.
    2. Select one or more Applications or Desktops to test.
    3. Select the registered Probe Agent machine(s) to run the probe from.
    4. Enter an email address for probe result notifications.
    5. Select one time per day to run the probe. You can create multiple probe configurations to run the probe multiple times per day.
  17. Click Save.
  18. The probe configurations are stored in the Monitoring database so there shouldn’t be any concerns with load balancing of Director.
  19. To view the probe results, switch to the Probe Runs tab.

Director – Custom Reports

In Director, in the Trends view, there’s a Custom Reports tab that guides you through creating a custom OData Query. This tab only appears if you have Citrix Virtual Apps and Desktops (CVAD) Premium Edition.

The Monitoring database contains more data than is exposed in Director. To view this data, the Monitoring service has an OData Data Feed that can be queried.

Use Director

The newer Director features usually require Delivery Controllers and VDAs to be at the same version or newer than Director. Director depends on the Monitoring Service that is built into the Delivery Controller. The Monitoring Service gathers data from the VDAs.

See Site Analytics at Citrix Docs.

See the various Troubleshoot topics at Citrix Docs.

Director 2402 new features

Director 2402 has a new theme. Tabs are now shown on the left.

When you Search for a user and select a session you see the Activity Manager page. It has a new theme.

The User Details page also has a new theme. Search for the user and then click View Details.

The Session Performance tab shows you trends of some network metrics. See Diagnose Session Performance issues.

Session Details shows if Teams is optimized or not. Teams 2.1 is supported in Director 2402 with VDA 2402.

Session Details has an option to enable Session Recording for the session. Dynamic Session Recording requires the Session Recording cloud service. Policy based Session Recording requires running C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /configsessionrecording on the Director server.
 

The Session Selector button lets you play recordings.

Session Logon tab in the User Details page has an enhanced visualization of the logon duration phases. The new representation shows the overlapping of the individual logon phases.

Leave a Reply

Your email address will not be published. Required fields are marked *