Are you setting up a new Proof of Concept 
I have posted a new Tuning Policy for Citrix XenApp 6 available in the Download section of this blog. Most of the registry keys have been imported from the previous Terminal Server & XenApp Tuning Tips Group Policy v1.1. There are some Group Policy Best Practices templates around, but the power of mine are that they are ready to go. There are no extra configuration required.
Remember that UPHClean is natively embedded into Windows 2008 and later and it’s recommended to Disable Data Execution Prevention on Windows 2008. This can be done with this command : bcdedit.exe /set {current} nx AlwaysOff
Change log :
- Moved keys from HKLMSoftware to HKLMSOFTWAREWow6432Node
- Added more StubPath’s to speed up the profile creation for new users
- Added instructions on How To Import the settings in GPMC within the zip file
- Deleted “WFDontAppendUserNameToProfile“
- Deleted “NoRemoteChangeNotify“
Resources :
Note :
Please note that these policy’s are provided “as is” and that using these is at your own risk. Please feel free to leave comments below regarding bugs & suggested improvements in future releases.
{ 32 comments… read them below or add one }
Can you explain why you remove those two keys. Should we keep them if we apply those hotfix from Microsoft to optimized things up?
Hi Martin,
The first policy only applies to mandatory profile for Windows 2003. The reason why I removed “NoRemoteChangeNotify” is simple. You could get some better network performance on WAN, but the user experience gets worse. If this setting is on and the user creates a document on a network drive, he’ll need to press F5 to see the document.
When I try to import the gpo I get a version error.
Hi Martin,
Are you following the instructions in the pdf that’s included in the zip file ? Make sure to do this with GPMC on a Windows 2008 Server.
Looks like you need to change the default domain parameter for you location. Just a note for people wanting to use this out of the box.
Hi Derek,
Yeah, that’s correct, maybe I missed mention it in the documentation. I will check it up, thanks for the comment.
Hi,
I’m implementing this template and running into a few questions maybe other users have too.
I will state them below:
=
Settings: KeepAliveTime, KeepAliveInterval, TCPMaxDataRetransmissions
?: Are hardcoded according to this blog and cannot be changed via registry
http://blogs.technet.com/b/nettracer/archive/2010/06/03/things-that-you-may-want-to-know-about-tcp-keepalives.aspx
=
=
Setting: LargeSystemCache
?: I read it might produce unstable systems. Is this true?
=
=
Setting: IOPageLockLimit
?: Doesn’t seem to do anything from W2K SP1
http://www.msfn.org/board/topic/25684-registry-myths-%231-iopagelocklimit/
=
=
Settings: LanManServer
?: Don’t they have only a positive result when they are set on fileservers etc. as well?
=
Thanks for posting Mark,
I don’t have to many XA6 solutions running so we have to see what other of the Citrix Community users are coming up with. That being said I’ve not experienced any problems with these settings, more on XA6 that have some bugs…
@Mark B,
Nice to see someone doing their homework.
As you’ve found – TCP keepalives are hardcoded.
IOPageLockLimit does jack shit.
Lanmanserver settings are good in WS 2000/2003 begin_of_the_skype_highlighting 2000/2003 end_of_the_skype_highlighting, solves freezes in TS (logon/off) MS KB 324446. But I bet that it is unnecessary in 2008, will look into deeper some time.
LargeSystemCache won’t give you unstable systems, this is the key for the Memory usage setting in System Options/Performance; enabled prioritizes System cache, disabled prioritizes Programs. In a multi user environment you’d rather set this to System cache as in the adm…
Thanks Fredrik for this in-depth feedback.
The registry settings from KB324446 are valid on a XenApp 6.x server if you are using a Windows Server 2003 as file server. This is because you will be using SMB 1.0.
If the file server is Windows Server 2008/2008R2, then the registry settings has no value.
2008R2 is using SMB 2.0 and doesn’t use the registry values from KB324446.
Read this great blog article: http://www.danieletosatto.com/2010/10/22/smb-tuning-for-xenapp-and-file-servers-on-windows-server-2008/
Haakon
Thanks Haakon, that’s correct. This GPO template is provided as a starting point. Every environment are different, so some customization is always required. The blog article from Daniele are great for verifying the SMB stuff.
Hi, just curious as to how the importable settings you’ve facilitated compare to the following updated article based on the post you listed as a reference:
http://www.citrixtools.net/en/Articles/articleType/ArticleView/articleId/5610/Windows-2008-R2-Remote-Desktop-and-XenApp-6-Tuning-Tips-Update.aspx
Hi Michael,
The policy have not been updated since its release in July, so the content on Pierre’s site is more up to date (December 2010).
The best thing would be to sort the registry keys and check them one by one. Still my policy would save you a lot of time.
Please let me know if you find any new or modified registry keys that I should add to the policy. Currently I have no time to do this since I’m working hard on releasing my Citrix XenApp 6 Video Training Course.
Just noticed a new updated “date” for this Sep 2011. Version is the same. Doest it mean there were updates to it?
No Mike, it’s the same. This happened when I moved the blog to a faster hosting company and I needed to re-enter all the downloads.
I’m setting up a new XenApp 6.5 farm and using all server 2008 R2 64 bit policies. Will I be able to use this GPO out of the box?
Hi Ken. The GPO for XA6 also applies to XA65 and are ready to go.
Hiya
I’m using this GPO policies on XA65 Win2k8R2 but have problems with one of these settings when mapping network drive (Webdav). Connection works fine (authentication) but browsing the webdav structure doesn’t work. I always get reconnected to the starting point showing the root folder structure.
Disabling this GPO makes everything work ok. Any idea which of all these reg changes i should change? Using Webdav to a box.com account.
Thx //(laudio
I’ve got no idea…I’m aware of one of this settings making you needing to press F5 for refresh if you add files.
Applied to a XenApp 6.5 server, absolutely no changes to registry occurred. No errors in the event logs.
Thanks for the comment Chris. Did you follow the PDF guide lines inside of the ZIP file? Remember to link to the right OU where the servers are located
Hi,
As someone already mentioned the GPO refers to a test domain and needs to be changed when importing the settings. Is this done by using a migration table in GPMC or do you have any other tips?
/Emile
Hi Emile, the DefaultDomainName registry key in the GPO needs to be change to match the name of your domain. Currently the value is set to ctxlab.local
Hello Trond,
Thank you for the preference export! I found a bug, I believe. Policy Preference #62 (Suppression Policy) has the wrong path (by one character).
The path I imported was:
*\shellex\PropertySheetHandlers\{883373C3-BF89-11S1-BE35-080036B11A03}
It should be:
*\shellex\PropertySheetHandlers\{883373C3-BF89-11D1-BE35-080036B11A03}
Reference: http://support.microsoft.com/kb/829700/EN-US
Kind Regards,
Brett
Thanks Brett, great work, will update this GPO sometime soon
Hi,
Also, on all three Suppression settings the value is incorrect, according to the KB it should be 100000 hex (1048576 dec), the GPO is missing a zero so it’s setting 10000 hex (65536 dec).
Cheers
David
Thanks David, will upgrade with the correct values soon.
I’m looking at all the registry settings in the XenApp Tuning Policy. Why is there repeat entries? Should I delete them and just leave one? Thanks.
Hi Chris,
There shouldn’t be any duplicates, they’re all valid. Make sure you expand to see the registry key locations.
Thanks!
I am just curious but apply the policy to my XenApp 6.5 2008 R2 servers there seem to be an error when users launch an application “you cannot access published resources because your encryption level is not fips”.
{ 1 trackback }