User session stuck on XenApp server


  • Windows Server 2008 R2
  • Citrix XenApp 6.5


User’s session is stuck on XenApp server, logging off from AppCenter doesn’t remove them.


1.Log onto the RDS server and launch Remote Desktop Services Manager or connect via another server.

2.Get the Session ID of the hung session from the Session tab:

  • Session: Disconnected
  • User: <Blank>
  • ID: <number>
  • State: Disconnected
  • ClientName: <Blank>
  • LogOnTime: Unknown

3.Click on Processes tab

4.Click on ID column to sort the processes by ID

5.Find the hung ID number

6.There is normally 3 processes visible

  • LogonUI.exe
  • Winlogon.exe
  • Csrss.exe

7.Right-click on winlogon.exe and End Process, once you end this process the other 2 will disappear.

8.DO NOT end process on csrss.exe, this will crash and reboot the RDS server

9.Now the user has cleared from the RDS server and from AppCenter.


Windows cannot connect to the printer – error 0x00000006


  • Windows Server 2008 R2 SP1
  • Citrix XenApp 6.5 RU5


Attempting to add a network printer the following error is displayed

  • “Connect to Printer. Windows cannot connect to the printer. No printers were found”
  • Operation failed with error 0x00000006


Microsoft’s resolution for this issue is to install KB2778831, however there are instance of this hotfix being applied and the issue still occurring.

Manual Fix:

  1. Open Registry Editor
  2. Browse to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers
  3. Back up then delete the Client Side Rendering Print Providers key
  4. Restart the Printer Spooler service
  5. Printers should now add successfully

Local Printer not printing in Citrix XenApp session


Windows Server 2008 R2 SP1

Citrix XenApp 6.5

Local HP Printer

Configured Policies:

– Auto-create client printers: (Auto-create the client’s default printer only)

– Automatic installation of in-box printer drivers (Disabled)

– Universal driver preference (EMF;XPS;PCL5c;PCL4;PS)


User has a local printer and logs into a Citrix desktop\application. The policy is configured to map through user’s local default printer. The printer maps through and appears in the users session. User prints to the local printer, print job spools, disappears and nothing prints out.



Reconfigured the ‘Universal driver preference’ driver order from




Automatically deploy SSL Certificates to Users profile

1. Deployment ScriptsUpdate the variables between <……>

Script 1 – ImportPFX.vbs

Set objShell = CreateObject(“”)“powershell -executionpolicy bypass -windowstyle hidden -file \\<domain>\netlogon\Certificates\ImportPFX.ps1”)


Script 2 – ImportPFX.ps1

function Import-PfxCertificate {

param([String]$certPath,[String]$certRootStore = “CurrentUser”,[String]$certStore = “My”,$pfxPass = $null)

$pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2

if ($pfxPass -eq $null) {$pfxPass = read-host “Enter the pfx password” -assecurestring}


$store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)








# Call the “Import-PfxCertificate” function.

Import-PfxCertificate “<path to certificate>\<Certificate.pfx>” “CurrentUser” “My” “<password>

Import-PfxCertificate Command Syntax


<path to certificate>\<Certificate.pfx>” = Location of the Certificate File

“CurrentUser”                                                        = Personal User Store

“My”                                                                           = Personal Cert Store

<Password>”                                                       = Password of the PFX Certificate

2. Deploy Script via GPO

I created an additional GPO and modified the Logon Script path to run the vbs file above.

User Configuration > Policies > Windows Settings > Scripts > Logon

– Script Name: \\<domain>\NETLOGON\Certificates\ImportPFX.vbs

2a. Apply Security to GPO

In our case we wanted to deploy the certificates to users in a certain AD Group.

Follow this procedure exactly otherwise the GPO won’t apply

  1. Under Security Filtering leave Authenticated Users, do not remove!!
  2. Click Delegation tab
  3. Click Advanced button
  4. Select Authenticated Users, untick ‘Apply Group Policy’ under Allow only
  5. Add in AD Group, tick ‘Apply Group Policy’ under Allow
  6. If you go back to Security Filtering you’ll notice Authenticated Users has now gone and your AD Group is listed, don’t worry about this..

“The display settings can’t be changed from a remote session”


When selecting “Make text and other items larger or smaller” the option is greyed out and displays “The display settings can’t be changed from a remote session”.

Yet another option Microsoft has removed the ability to do. This option was available in Windows 2003 Terminal Services.


Microsoft have released a hotfix that re-enables this option again for users

Error: Shadow failed. Error code 120


When trying to shadow users with multi-monitors you get an Error Code 120.


There is no Citrix resolution for this, it’s a Microsoft RDS issue which effects XenApp shadowing (

Microsoft workaround for this is to install Remote Assistance and use this tool for Shadowing (

Provisioned XenApp Server not joining the farm


Citrix Provisioning Services 6.1

Citrix XenApp 6.5


The Citrix Independent Management Architecture (IMA) service is exiting. This XenApp server supports only session-host mode and is attempting to join a zone that does not include another server to perform data collection. To resolve this issue, add a server to zone Default Zone that is configured as a controller and restart the IMA service.


When prepping a server for Provisioning, in the Provisioning Options ensure that ‘Clear database location settings from this server’ is checked