XenServer 5.6 Update 1 Released

Hi all,

The entire XenServer team is pleased to announce the release of Citrix XenServer 5.6 Feature Pack 1  to Citrix.com and MyCitrix.com.

Customers and partners can find the downloads on MyCitrix: https://www.citrix.com/English/SS/downloads/details.asp?downloadId=2306109&productId=683148 as well as through the trial download section from http://www.citrix.com/xenserver

What’s New in this release

Highlights for this release are:

·         Distributed Virtual Switching. Provides distributed, fine-grained networking configuration and control policies, which increase visibility into XenServer virtual networks. Support for the vSwitch has been added as a post-install option on XenServer hosts, as well as a Controller for administration of multiple vSwitches and cross-server internal networks.
Jumbo Frames are now supported for storage networks when the vSwitch is used.

·         VM Protection and Recovery. Configure scheduled snapshots and (optional) archive of virtual machines.

·         Web Self-Service. Provides browser-based access to selected virtual machines by delegated administrators.

·         Boot from SAN with multipathing support. Boot XenServer hosts with HBAs from a SAN, with multipathing support.

·         HA Restart Priority. Configure HA policies to restart specific VM(s) first.

·         Enhanced XenCenter. Including StorageLink configuration entirely within XenCenter, workload reporting for VM utilization and chargeback.

·         Improved MPP RDAC multipathing including path health reporting and alerting in XenCenter.

·         Snapshot improvements. Improved reclamation of space after VM snapshots are deleted, even if the VM is running.

·         Enhanced guest OS support for Windows 7 SP1, Windows Server 2008 R2 SP1, and Suse Linux Enterprise Server (SLES) 11 SP1.

·         Generic Red Hat Enterprise Linux (RHEL) 5.x support. RHEL / CentOS / Oracle Enterprise Linux versions 5.0 to 5.5 support with a generic .RHEL 5. template.

·         Brocade HBA drivers and command-line tools are included in XenServer.

·         Provisioning Services improvements to Windows volume license (MAK and KMS) support.

·         XenDesktop platform enhancements. Provides local host caching of VM images to reduce storage TCO for XenDesktop VDI deployments. (Note: these platform enhancements will be enabled by a future version of XenDesktop).

·         Lab Manager 3.9 Service Pack 1 which includes various updates and bugfixes

More details can be found in the Release notes on the Knowledge Base: http://support.citrix.com/article/CTX127362. Full documentation is accessible through the MyCitrix download page, or on the KB here: http://support.citrix.com/product/xens/v5.6/component/fp1/#tab-doc. Internal deliverables will be made available by the Product Marketing team through MyCitrite.

Defender Elite by Kanguru now Citrix Raedy

This looks like a great product that will meet the stringent security requirements for data transfer for goverment, forces, education, etc.

Highly secure, hardware encrypted flash drives meeting government, healthcare and financial industry standards.  • 256-bit AES Hardware Encrypted • Central/Remote Management Ready  • Windows, Mac and Linux Compatible • Real-time Antivirus Scanning  • On Chip Password Matching • FIPS 140-2 Certified  • HIPAA, SOX and GLB Compliant

View product page here https://www.kanguru.com/index.php/kanguru-defender-elite

Cisco, VMware unveil Desktop Virtualization product

Since my post regarding Citrix and Cisco taking on VMware:
http://virtualben.blogspot.com/2010/09/cisco-citrix-and-netapp-vs-vmwareding.html

It looks like Cisco have since decided to widen the market and jump into bed with VMware.
"Cisco and virtualisation software specialist VMware have unveiled a Desktop Virtualization product based on Cisco Unified Computing System and VMware ViewTM 4.5. Cisco and VMware are supporting this product with new channel initiatives that will enable channel partners accelerate deployment of virtual desktop products. Cisco Desktop Virtualisation with VMware View will simplify the physical and virtual infrastructure and management associated with desktop deployments."
Please read the full article here:
http://www.telecompaper.com/news/cisco-vmware-unveil-desktop-virtualization-product

Introduction to UEFI

To follow up on my previsou post on UEFI causing boot issues on IBM Servers.

This article is worth a read if working with the new UEFI firmware.

ftp://ftp.software.ibm.com/systems/support/system_x_pdf/introducing_uefi-compliant_fireware_on_ibm_system_x.1.1.pdf

Specifically interesting sections are Page 12:

Optimizing boot-time performance

The simplest way to achieve quicker boot times for a configuration is to install and boot UEFIaware operating systems whenever possible. For deployments in which a UEFI-aware operating

system is not available, this section introduces concepts and techniques for optimally configuring adapter support for legacy boots. The major variable determinants of server boot-time performance are how much memory capacity is available and what adapters are installed. Other determinants of boot-time performance are inherent to the design and core technologies of the server design (such as

CRTM/TPM, platform self-test, and power management) and are not configurable. Always usethe latest available firmware, because any optimizations to these core features will be in the latest firmware releases.

Memory

The more memory that is installed, the more there is to initialize ECC and test. You can install less memory, but that usually does not result in significant boot-time improvement. The best approach for optimizing boot time and memory use is to balance DIMMs and memory capacity across installed processors. Balancing memory optimizes memory initialization on servers with integrated memory controllers (such as Intel Xeon® 5500 based servers). For details, see the Optimizing the Performance of IBM System x and BladeCenter Servers using Intel Xeon 5500 Series Processors white paper.

Adapters

Some classes of server adapters, such as network or RAID controllers, can take considerable time to initialize in the pre-operating-system UEFI or BIOS environment. Because IBM System x Server Firmware simultaneously supports both UEFI and BIOS boot mechanisms, there can be unwanted repetition of adapter initialization when BIOS operating systems are booted. This repetition can occur with an adapter that includes native UEFI device drivers in addition to BIOS code on its adapter ROM. For suggested approaches to tuning adapter support for better boot-time performance, see “UEFI and BIOS adapter support details” and “Enabling and disabling adapter ROM support.”

Page 24 also advised how to disable adapters for UEFI.

IBM X3650 UEFI Causes XenServer 5.6 Boot Issues

I have been installing XenServer on to some new IBM X3650 M3 Servers recently and have experienced very slow boot times and also issues in connecting to Fibre attached storage.

Symptom:

It takes some 10-20+ minutes every boot for the QLogic cards to present all the LUNS/Paths to the UEFI before continuing the ordinary boot-sequence.

When XenServer is installed without any HBA cards installed the servers will boot without issue. When the HBA cards are installed the XenServer fails to boot.

Issue:

The new Unified Extensible Firmware Interface (UEFI) which replaces BIOS causes issues. The problem is that XenServer does not support UEFI Yet!

The problem happened when we assigned a LUN to the Qlogic FC, after that, the server won't boot into local drive, which is where XenServer is installed.

Resolution:

To fix this, you need
1. Press F1 to get into uefi bios
2. Add "legacy only" as a boot option
3. set "legacy only" as the first in boot order
4. commit to all the changes

Finding a Better Way to Estimate IOPS for VDI

 

Great article from Paul Wilson at Citrix on IOPS calcualtions for VDI. Well worth a read.

http://community.citrix.com/display/ocb/2010/10/31/Finding+a+Better+Way+to+Estimate+IOPS+for+VDI

Citrix Project GoldenGate

Has anybody tried out Project GoldenGate?

Project GoldenGate

Available to download from mycitrix

Technology Concept Release

As part of this research Citrix Labs is pleased to announce the availability of Project GoldenGate Technology Concept Release.

GoldenGate incorporates email, calendaring, contact, and collaboration capabilities into a single Micro App that runs securely in the data center and is delivered to mobile devices by Citrix XenApp.

As this is a new capability for Citrix, we have chosen to assess market interest and opportunity via a Technology Concept Release.  As yet, no decisions have been made around commercialization of this technology.

XIV Storage Configuration Demo

Excellent web site showing how easy it is to configure the IBM XIV storage platform.

I have been designing the Pools and Volumes on this platform this week and looks like one of the most dynamic and easy to configure shared storage platforms around at the moment.

http://www.xivstorage.com/demo/GUI_Demo.html

Access Gateway VPX 5.0 NEW!

Access Gateway VPX 5.0 is a virtual appliance for Citrix XenServer or VMWare ESX/ESXi that provides secure access to virtual desktops, applications and data while allowing users to work from anywhere. It offers the same capabilities as an Access Gateway physical appliance (Model 2010) while giving greater flexibility and more deployment options to IT administrators. Access Gateway VPX is the best choice for organizations who need to rapidly provision secure access, reduce infrastructure requirements, and minimize power consumption.

New Features
Some of the key new features available in Access Gateway version 5.0 include:

• Access Gateway VPX for VMWare ESX/ESXi — Access Gateway VPX running on VMware ESX and ESXi hypervisors allows organizations to leverage their existing server virtualization investments and provides additional deployment flexibility.
• Simple and Intuitive Administration — Access Gateway 5.0 uses a new Flash-based administration tool for the appliance that makes it easy to install certificates, configure access control and monitor activity from any Flash-enabled web browser.
• Basic High Availability support for Model 2010 and VPX appliances — Two Access Gateway appliances can be configured as a failover pair. The appliances operate in active/passive mode, with the primary appliance servicing all user connections and the secondary appliance monitoring the primary and synchronizing session information. If the primary appliance fails, the secondary appliance takes over.
• Variable Logon Points — Each Access Gateway appliance can host multiple logon points for support of different features or different user communities. Basic logon points enable unlimited logins for secure access to Citrix XenApp and XenDesktop only and are enabled by the free Access Gateway platform license; SmartAccess logon points enable rich access control features such as network-layer VPN, endpoint analysis, clientless access to web sites and file shares, and adaptive access control.
• Endpoint Remediation — When users fail to access the system because of a failed endpoint analysis scan, you can provide a customized HTML message informing them of why they failed and what steps to take for remediation.
• Improved architecture — Significant updates have been made to the appliance firmware and Access Controller web services in this release to improve the overall performance, stability and feature set of Access Gateway.

Important Licensing Changes
Platform License Required
Each appliance running Access Gateway 5.0 requires a platform license in order to function. Without the platform license installed, the gateway will not allow logins after a 48-hour grace period. Platform licenses are delivered electronically when an appliance is ordered. If you have an existing Access Gateway Model 2010 appliance covered by Warranty, you can obtain your Access Gateway Platform License using the Upgrade My Products toolbox on MyCitrix.
User Licenses Optional
The required Access Gateway platform license enables unlimited logins through Basic logon points. Each concurrent login to a SmartAccess logon point requires an Access Gateway user license. Access Gateway Standard Edition or Access Gateway Universal licenses may be used for this purpose.
Subscription Advantage Eligibility Date
To use your existing Access Gateway licenses with this version, the Subscription Advantage on those licenses must be valid on or after September 1, 2010.
Supported Platforms
Access Gateway 5.0 is supported only on the following appliance platforms:

• Access Gateway Model 2010
• Access Gateway VPX

Citrix Online Plug-in 12.1 for Windows Released!

http://support.citrix.com/article/CTX126965

What's New

• ICA File Signing. Helps protect users from unauthorized application or desktop launches by digitally signing .ICA files. You can configure the online plug-in security policy and digital-signing requirements using Group Policy Objects or the Citrix Merchandising Server with the online plug-in. The online plug-in verifies that a trusted source generated the application launch and based on administrative policy, protects against application launches from untrusted servers.
• Enhanced printing performance. Improves user printing performance and speed when printing to redirected client printers. Install the XenApp Printing Optimization Pack on the server running XenApp 6 for Windows Server 2008 R2 and configure the server-side policy settings for:
  • Dynamic Client Printer Mapping. Redirected printers are discovered dynamically and created automatically.
  • Optimized EMF Universal Print Driver. Reduction in bandwidth consumption for the most demanding printing applications.
  • Enhanced XPS Universal Print Driver. Improved printing performance on Window 7 clients.
• New decoder for HDX 3D Pro Graphics. A new deep compression codec is included in the online plug-in to receive 3D professional graphics over low bandwidths. For details about HDX 3D Pro Graphics, see http://support.citrix.com/article/CTX124443

XenServer Peformance: Disable Checksum Offload on PIF's/VIF's

Please create a backup copy of the xapi database.
You can do it using the following command:
xe pool-dump-database file-name=/tmp/xapi1.xml

Please use WinSCP to download the file xapi1.xml from the /tmp location to your workstation and keep it in a safe place.

We need to disable all the checksum offloading on all the interfaces in XenServer (this one will require XenServer reboot – do it in a maintenance window):

Please upload the unzipped script attached, into. e.g. /root directory and execute it, using the following guide:
Please note this file will generate a error if it is modified in windows and contains CR/LF.

if-set

Change directory
cd /root
Allow the script to be executed:
chmod u+x if-set
Execute:
./if-set
Now, script is disabling all the offload settings for all PIF and VIF interfaces. 

It is necessary to reboot the XenServer afterwards.

Get "Ready" - NEW Citrix Ready 2.0 Catalog!

The Citrix Ready team announced the launch of the brand new partner product catalog version 2.0 earlier this week. Check it out: www.citrix.com/ready
The idea was to pull out all the stops, using only the current best practices in the industry, to give customers what we think is a really great way to showcase our growing ecosystem of partner products verified for Citrix. The new catalog is the outcome of a collaborative effort with feedback from Citrix partners and working closely with UI designers and information architects to design a catalog that is packed with great new features and capabilities.

It looks good and its easy to use. This is a great reference site when considering vendor and version support.

Great XenDesktop Tuning Policy for Windows 7

XenApp blogs have produced yet another excellent tuning policy for Citrix deployments. This is a worthwhile read and should always be part of best practice standards.

http://www.xenappblog.com/2010/vdi-tuning-group-policy/

Exchange 2010 - Architecture Poster

Great Exchange 2010 poster with some good images

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=cea0cf7e-d824-49bb-8924-39d66a5fb88e

Citrix Knowledge Center Top 10 - September 2010

Find below the Citrix Knowledge Center Top 10 for September 2010.

Top 10 Technical Articles

Article Number	Article Title
CTX368624	Troubleshooting Citrix Pass-through Authentication (Single Sign-On)
CTX711855	Common SSL Error Messages, and Respective Cause and Resolution
CTX238200	Troubleshooting Client Drive Mapping
CTX101644	Seamless Configuration Settings
CTX106531	Troubleshooting the Citrix XTE Service and Errors: There is no route to the specified address ... Protocol Driver Error
CTX107572	Troubleshooting Tools for Citrix Environments
CTX677542	Advanced Concepts - Farm Maintenance
CTX106192	Access Gateway Software Updates
CTX564283	Troubleshooting 1003 and 1004 Terminal Server Licensing Errors
CTX101705	Troubleshooting Slow Logons

Top 10 Whitepapers

Article Number	Article Title
CTX110351	User Profile Best Practices for MetaFrame Presentation Server
CTX124565	Best Practices: Customizing Microsoft Office 2010 for Streaming Environments
CTX117913	Technical Guide for Upgrading / Migrating to XenApp 5.0
CTX124087	XenDesktop Modular Reference Architecture
CTX126190	Desktop Virtualization Top 10 Mistakes Made
CTX101997	Citrix Secure Gateway Secure Ticket Authority Frequently Asked Questions
CTX101739	Microsoft SQL Server 2000 Data Store Replication
CTX119036	User Profile Manager Deployment Best Practices
CTX118735	XenServer Demo and Evaluation Setup Guide
CTX124799	User Profiles for XenApp and XenDesktop

Top 10 Hotfixes

Article Number	Article Title
CTX122756	Hotfix Rollup Pack 6 for Citrix XenApp 5.0 and Citrix Presentation Server 4.5 for Microsoft Windows Server 2003 32-bit Edition
CTX125480	Citrix Offline Plug-in 6.0.1 for Windows - English
CTX125235	Citrix Online Plug-in 12.0.3 for Windows
CTX116550	Citrix Presentation Server Client 10.200 for Windows
CTX120923	Hotfix Rollup Pack 5 for Citrix XenApp 5.0 and Citrix Presentation Server 4.5 for Microsoft Windows Server 2003 32-bit Edition
CTX118445	Citrix XenApp Plug-in for Hosted Apps 11.0 and Streamed Apps 1.2 for Windows
CTX122761	Hotfix Rollup Pack 6 for Citrix XenApp 5.0 and Citrix Presentation Server 4.5 for Microsoft Windows Server 2003 64-bit Edition
CTX109307	Hotfix Rollup Pack PSE400W2K3R02 - For Citrix Presentation Server 4.0, Citrix Access Essentials 1.0 and 1.5 for Windows Server 2003
CTX125388	Hotfix XA600W2K8R2X64001 - For Citrix XenApp 6.0 for Windows Server 2008 R2 - English
CTX126398	Hotfix CPVS51SP2E030 - For Citrix Provisioning Services 5.1 SP2

Top 10 Presentations

Article Number	Article Title
CTX105908	Get the Most Out of Your Resource Manager Summary Database
CTX111920	Selected Citrix Troubleshooting Tools
CTX111560	Health Checks for Citrix Services Using Advanced Monitors
CTX125175	TechEdge 2010 - Debugging a Citrix XenApp and XenDesktop Environment
CTX123530	XenDesktop 4.0 Core Infrastructure and Features - GoToWebinar
CTX125180	Troubleshooting XenDesktop, Provisioning Services & XenServer Integration
CTX121117	Troubleshooting Tools and Methodology for Citrix XenApp 5 Environment
CTX111562	Troubleshooting the Citrix NetScaler Application Switch
CTX119104	TechEdge 2008 - Troubleshooting Tools for a XenApp Environment
CTX125177	TechEdge 2010 - Troubleshooting XenDesktop Deployments

Top 10 Tools

Article Number	Article Title
CTX122536	Citrix Quick Launch
CTX113472	Citrix ICA File Creator
CTX106226	Repair Clipboard Chain 2.0.1
CTX116063	XenAppPrep Integration Utility for XenApp and Provisioning Services
CTX111961	CDFControl
CTX116474	Print Detective
CTX122962	Citrix Printing Tool
CTX109374	StressPrinters 1.3.2 for 32-bit and 64-bit Platforms
CTX126491	HDX Experience Monitor for XenApp
CTX107935	MedEvac 2.5

CCIA Accreditation achieved

I passed the 1Y0-A16 Architecting a Citrix Virtualization Solution exam yesteday which is the final part of the CCIA accrediation. Now thats out of the way it time to move on to the next technology...

XenClient 1.0 Released

Citrix have announced general availability of XenClient 1.0 and the Synchronizer for XenClient 1.0 as part of XenDesktop 4 Feature Pack 2.

As a new addition to XenDesktop, XenClient enables virtual desktops "To Go" allowing virtual desktops to run directly on client devices online or disconnected. It enables IT to deliver a secure centrally managed desktop without compromising the user experience and at the same time opening up the option of allowing users to have a second personal virtual desktop. It gives users the freedom they want and IT the control and security they demand.
Download Link
XenClient 1.0 and Synchronizer for XenClient 1.0
New Features since RC2 release
The time between RC2 and GA was mainly focused on bug fixing but our amazing engineering team still managed to pack in some great new features and expanded our HCL to cover twice the systems we supported in the first RC. You can read about the new features added in the recent RC2 release here and here below are the latest additions:
Integrated Disk Encryption
VMs delivered to XenClient from the Synchronizer can now be protected with AES-XTS disk encryption. This ensures that sensitive data is fully protected when deployed on XenClient systems. In the event a system is lost or stolen all the data remains protected from unauthorized access. On systems with Core i5 and Core i7 vPro technology XenClient will use Intel AES-NI to offload encryption operations to the hardware.
External Monitor/Projector Support
The latest generation of Intel Core i5 and i7 vPro systems now fully support use of external monitors and projectors. Previously using external monitors and projectors required running a VM with 3D graphics support enabled.
XenClient to Synchronizer Communication Hardening
XenClient systems will now use client side digital certificates along with user credentials to authenticate to the Synchronizer. Additionally all VHD files are encrypted with AES CBC encryption to allow secure delivery and caching of components over http.
VM Switching Enhancements
The in-guest VM switcher bar has been re-skinned with updated graphics and new pull-down behavior. And the switching process has been revamped with a beautiful fade on switch between VMs.
Revamped Synchronizer Web Interface
The Synchronizer for XenClient has a revamped UI and refreshed graphics showing off the latest Citrix UI standards.
This groundbreaking new technology is ready to allow you to extend all the great benefits of virtual desktops to your mobile users and a powerful tool for IT Pros looking to run multiple isolated virtual machines on the same system. If you have not tried XenClient yet we invite you to download it today and give it a try.

EasyCall EOL announcement

While many of you are taking advantage of EasyCall's many benefits, overall use of EasyCall is not as extensive as expected. As a result, Citrix will be ending its availability and support for the Citrix EasyCall product over the coming months.

The Citrix EasyCall virtual appliances and client software will continue to be available for download until November 30th, 2010.
You can continue to use EasyCall subject to license agreement terms as long as you want. Full support for the product will be available until April 30, 2011. After that, support will be limited to existing Citrix Technical Support Knowledgebase articles.

New Release: XenServer 5.6 Feature Pack 1 Beta "Project Cowley"

The entire XenServer product team is pleased to announce the release of XenServer 5.6 Feature Pack 1 Beta “Project Cowley” to MyCitrix.com. The landing page for this release can be found here and contains links to all relevant resources for this release. The ISO downloads, Virtual Appliances, Beta license file and the beta documentation can all be found at the appropriate downloads section on MyCitrix.com. For external communication the use of the landing page URL is preferred.

What’s New in this release

Feature highlights for this beta release are:

·    Distributed Virtual Switching Integrated, Open vSwitch technology provides distributed fine-grained networking configuration and control policies – increasing visibility into XenServer virtual networks and providing a centralized Controller for administration of multiple vSwitches and cross-host internal networks. The open vSwitch also includes support for jumbo frames configuration on storage networks.

·    VM Protection and Recovery Policy based snapshotting and archiving of selected VMs across a XenServer resource pool enables administrators to schedule and recover when needed from the XenCenter management console.

·    Web Self-Service Portal Allows XenServer administrators to delegate VM rights to select individuals and enables users to request and access VMs via a simple to use web-based portal.

·    XenDesktop performance improvements Further enhances the best-in-class performance for XenDesktop on XenServer including local storage caching for better TCO and increased scalability via performance tuning in the control domain (requires a future version of XenDesktop to use).

·    Enhanced XenCenter Including StorageLink configuration entirely within XenCenter, workload reporting for VM utilization and chargeback.

·    Boot from SAN with multi-pathing support Boot XenServer hosts with Fibre Channel and iSCSI HBAs from a SAN, with multi-pathing support.

·    HA Restart Priority Configure HA policies to restart specific VM(s) first, such as StorageLink Gateway VMs or the Distributed vSwitch Controller VM.

·    Enhanced guest OS support for Windows 7 SP1, Windows Server 2008 R2 SP1, RHEL 6.0 (RTM), CentOS 6.0 (RTM), Oracle Enterprise Linux 6.0 (RTM), Debian Squeeze (32 and 64-bit), and SLES 11 SP1. Generic RHEL 5.x support..RHEL / CentOS / Oracle Enterprise Linux 5.0- 5.5 support with a generic “RHEL 5” template.

Please read the release notes and documentation for more details.

Support

Partner and customer support for this beta will be provided through the Cowley support forums which will be monitored by several members of the PM and engineering teams. The external bugtracker will also be utilized for collecting information from the field (see the announcement section on the forum for more details).

Post-Beta Deliverables

We are currently working hard to have an updated Evaluation Virtual Appliance available which will include the latest WLB and SL components as well as a pre-installed beta license file. We expect that the updated EVA will be available over the next couple of days.

Virtual Reality Check - Phase III Released

In this whitepaper Windows XP and Windows 7 are extensively compared. Specifically, the I/O behavior of Windows XP and Windows 7 is investigated in detail
The new whitepaper can be downloaded from the following link.
http://www.virtualrealitycheck.net/

Application Virtualization Smackdown

Great article by Ruben Spruijt and a link to another great white paper. This time its the Application virtualisation products that are under the microscope. A worthwhile read for anyone who deal with application delivery on a daily basis.

http://www.brianmadden.com/blogs/rubenspruijt/archive/2010/09/23/application-virtualization-smackdown-head-to-head-analysis-of-endeavors-citrix-installfree-microsoft-spoon-symantec-and-vmware.aspx

Password Manager - What happens when a certificate expires?

Well the answer is lots of errors, some event log entries and a pretty un-usable Password manager solution.
I have just seen this in a customer site where an Internal Certifcate Authority server had been used to create the web certificates for the web interface and password manager servers. The certificates expired after a year and Password Manager stopped functioning.

In order to resolve the issue a new certificate was issued from the CA server and assigned to the relevent servers.
We then needed to resign the data following the guidelines in the following admin guide. Pages 316/317

http://support.citrix.com/servlet/KbServlet/download/11635-102-15687/Password_Manager_Administrators_Guide45.pdf

In simple terms:
1. Create a new certificate.
Run CtxCreateSigningCert.exe from %ProgramFiles%\Citrix\MetaFrame Password Manager\Server folder. Enter the public key file name, the private key file name, and the time, in months, before the signing certificate expires. The new certificate is created.

Example:

ctxcreatesigningcert “C:\PublicKeyCert.cert” “C:\PrivateKeyCert.cert” “36”

2. Resign data at central store using the ctxsigndata command.

Example.

ctxsigndata -r mpmserver.mycompany.com/MPMService "C:\PrivateKeyCert.cert" mycompany.com AD

3. Verify data signatures at central store using the ctxsigndata command.

Example.

ctxsigndata -v mpmserver.mycompany.com/MPMService “https://mpmserver.mycompany.com/MPMService” mycompany.com AD

Done!