citrix edocs
DESCRIPTION
Citrix edocsTRANSCRIPT
-
XenApp Server Utilities Reference
2015-07-07 19:42:13 UTC
2015 Citrix Systems, Inc. All rights reserved. Terms of Use | Trademarks | Privacy Statement
-
Contents
XenApp Server Utilities Reference........................................................................ 3ALTADDR........................................................................................... 4
APP ................................................................................................. 6AUDITLOG ......................................................................................... 9CTXKEYTOOL...................................................................................... 12
CTXXMLSS.......................................................................................... 14
DSCHECK........................................................................................... 15
DSMAINT ........................................................................................... 17
ICAPORT ........................................................................................... 22
IMAPORT ........................................................................................... 24
QUERY FARM ...................................................................................... 25
QUERY PROCESS .................................................................................. 28QUERY SESSION ................................................................................... 30QUERY TERMSERVER ............................................................................. 32QUERY USER....................................................................................... 34
2
-
3XenApp Server Utilities Reference
Citrix XenApp server utilities provide an alternative method to using the console formaintaining and configuring servers and farms. Citrix XenApp server utilities must be runfrom a command prompt on a server running Citrix XenApp.
Command Description
altaddr Specify server alternate IP address.
app Run application execution shell.
auditlog Generate server logon/logoff reports.
ctxkeytool Generate farm key for IMA encryption.
ctxxmlss Change the Citrix XML Service port number.
dscheck Validate the integrity of the server farm data store.
dsmaint Maintain the server farms data store.
icaport Configure TCP/IP port number used by the ICA protocol on theserver.
imaport Change IMA ports.
query View information about server farms, processes, ICA sessions,and users.
-
4ALTADDR
Use altaddr to query and set the alternate (external) IP address for a server running CitrixXenApp. The alternate address is returned to clients that request it and is used to access aserver that is behind a firewall.
Syntaxaltaddr [/server:servername] [/set alternateaddress] [/v]
altaddr [/server:servername] [/set adapteraddress alternateaddress] [/v]
altaddr [/server:servername] [/delete] [/v]
altaddr [/server:servername] [/delete adapteraddress] [/v]
altaddr [/?]
Parametersservername
The name of a server.
alternateaddress
The alternate IP address for a server.
adapteraddress
The local IP address to which an alternate address is assigned.
Options/server:servername
Specifies the server on which to set an alternate address. Defaults to the current server.
/set
Sets alternate TCP/IP addresses. If an adapteraddress is specified, alternateaddress isassigned only to the network adapter with that IP address.
/delete
-
Deletes the default alternate address on the specified server. If an adapter address isspecified, the alternate address for that adapter is deleted.
/v (verbose)
Displays information about the actions being performed.
/?
Displays the syntax for the utility and information about the utilitys options.
RemarksThe server subsystem reads the altaddr settings for server external IP addresses at startuponly. If you use altaddr to change the IP address setting, you must restart the CitrixIndependent Management Architecture service for the new setting to take effect.
If altaddr is run without any parameters, it displays the information for alternate addressesconfigured on the current server.
ExamplesSet the servers alternate address to 1.1.1.1:
altaddr /set 1.1.1.1
Set the servers alternate address to 2.2.2.2 on the network interface card whose adapteraddress is 1.1.1.1:
altaddr /set 2.2.2.2 1.1.1.1
Security RestrictionsNone.
ALTADDR
5
-
6APP
App is a script interpreter for secure application execution. Use App to read executionscripts that copy standardized .ini type files to user directories before starting anapplication, or to perform application-related cleanup after an application terminates. Thescript commands are described below.
Syntaxapp scriptfilename
Parametersscriptfilename
The name of a script file containing app commands (see script commands below).
Script Commandscopy sourcedirectory\filespec targetdirectory
Copies files from sourcedirectory to targetdirectory. Filespec specifies the files to copyand can include wild cards (*,?).
deletedirectory\filespec
Deletes files owned by a user in the directory specified. Filespec specifies the files todelete and can include wild cards (*,?). See the Examples section for more information.
deleteall directory\filespec
Deletes all files in the directory specified.
execute
Executes the program specified by the path command using the working directoryspecified by the workdir command.
path executablepath
Executablepath is the full path of the executable to be run.
workdir directory
-
Sets the default working directory to the path specified by directory
Script Parametersdirectory
A directory or directory path.
executablepath
The full path of the executable to be run.
filespec
Specifies the files to copy and can include wildcards (*,?).
sourcedirectory
The directory and path from which files are to be copied.
targetdirectory
The directory and path to which files are to be copied.
RemarksIf no scriptfilename is specified, app displays an error message.
The Application Execution Shell reads commands from the script file and processes them insequential order. The script file must reside in the %SystemRoot%\Scripts directory.
ExamplesThe following script runs the program Notepad.exe. When the program terminates, thescript deletes files in the Myapps\Data directory created for the user who launched theapplication:
PATH C:\Myapps\notepad.exeWORKDIR C:\Myapps\DataEXECUTEDELETE C:\Myapps\Data\*.*
The following script copies all the .wri files from the directory C:\Write\Files, executesWrite.exe in directory C:\Temp.wri, and then removes all files from that directory whenthe program terminates:
PATH C:\Wtsrv\System32\Write.exeWORKDIR C:\Temp.wriCOPY C:\Write\Files\*.wri C:\Temp.wriEXECUTEDELETEALL C:\Temp.wri\*.*
The following example demonstrates using the script file to implement a front-endregistration utility before executing the application Coolapp.exe. You can use this methodto run several applications in succession:
APP
7
-
PATH C:\Regutil\Reg.exeWORKDIR C:\RegutilEXECUTEPATH C:\Coolstuff\Coolapp.exeWORKDIR C:\TempEXECUTEDELETEALL C:\Temp
Security RestrictionsNone.
APP
8
-
9AUDITLOG
Auditlog generates reports of logon/logoff activity for a server based on the Windows Serversecurity event log. To use auditlog, you must first enable logon/logoff accounting. You candirect the auditlog output to a file.
Syntaxauditlog [username | session] [/eventlog:filename] [/before:mm/dd/yy] [/after:mm/dd/yy] [[/write:filename] | [/detail | /time] [/all]]
auditlog [username | session] [/eventlog:filename] [/before:mm/dd/yy] [/after:mm/dd/yy] [[/write:filename] | [/detail] | [/fail ] | [ /all]]
auditlog [/clear:filename]
auditlog [/?]
Parametersfilename
The name of the eventlog output file.
session
Specifies the session ID for which to produce a logon/logoff report. Use this parameter toexamine the logon/logoff record for a particular session.
mm/dd/yy
The month, day, and year (in two-digit format) to limit logging.
username
Specifies a user name for which to produce a logon/logoff report. Use this parameter toexamine the logon/logoff record for a particular user.
Options/eventlog:filename
Specifies the name of a backup event log to use as input to auditlog. You can back up thecurrent log from the Event Log Viewer by using auditlog /clear: filename.
-
/before:mm/dd/yy
Reports on logon/logoff activity only before mm/dd/yy.
/after:mm/dd/yy
Reports on logon/logoff activity only after mm/dd/yy.
/write:filename
Specifies the name of an output file. Creates a comma-delimited file that can beimported into an application, such as a spreadsheet, to produce custom reports orstatistics. It generates a report of logon/logoff activity for each user, displayinglogon/logoff times and total time logged on. If filename exists, the data is appended tothe file.
/time
Generates a report of logon/logoff activity for each user, displaying logon/logoff timesand total time logged on. Useful for gathering usage statistics by user.
/fail
Generates a report of all failed logon attempts.
/all
Generates a report of all logon/logoff activity.
/detail
Generates a detailed report of logon/logoff activity.
/clear:filename
Saves the current event log in filename and clears the Event log. This command does notwork if filename already exists.
/?
Displays the syntax for the utility and information about the utilitys options.
RemarksAuditlog provides logs you can use to verify system security and correct usage. Theinformation can be extracted as reports or as comma-delimited files that can be used asinput to other programs.
You must enable logon/logoff accounting on the local server to collect the information usedby auditlog. To enable logon/logoff accounting, log on as a local administrator and enablelogon/logoff accounting with the Audit Policy in Microsoft Windows.
AUDITLOG
10
-
Security RestrictionsTo run auditlog, you must have Windows administrator privileges.
AUDITLOG
11
-
12
CTXKEYTOOL
Use ctxkeytool to enable and disable the IMA encryption feature and generate, load,replace, enable, disable, or back up farm key files.
Syntaxctxkeytool [generate | load | newkey | backup] filepath
ctxkeytool [enable | disable | query]
Optionsgenerate
Generates a new key and saves it to the filepath. This command alone is not sufficient toenable IMA encryption.
load
Can be used to load:
A new key onto a server with no preexisting key
The correct key onto a server that has an existing key
A new key onto a computer and the farmnewkey
Creates a new encryption key in the data store using the local farm key.
backup
Backs up the existing farm key to a file.
enable
Enables the IMA encryption feature for the farm.
disable
Disables the IMA encryption feature for the farm.
query
Can be used to check:
-
For a key on the local computer
To see if IMA encryption is enabled for the farm
If your key matches the farm key
RemarksThe first time you generate a key for the first server on the farm on which you are enablingIMA encryption, use the following sequence of options: generate, load, and newkey. Oneach subsequent server in the farm, you just need to load the key. After you activate theIMA encryption feature on one server, the feature is enabled for the entire farm.
If you lose the key file for a server, you can get a duplicate key file by running the backupoption on another server in the same farm that still has its key. This command recreatesthe key file. After recreating the key file, use load to load it to the server on which it waslost.
After using the disable option to disable the IMA encryption feature, you must reenter theconfiguration logging database password. If you want to activate the IMA encryption featureagain, run enable on any server in the farm.
Security RestrictionsYou must be a Citrix administrator with local administrator privileges to run ctxkeytool.
CTXKEYTOOL
13
-
14
CTXXMLSS
Use ctxxmlss to change the Citrix XML Service port number.
Syntaxctxxmlss [/rnnn] [/u] [/knnn] [/b:a] [/b:l] [/?]
Options/rnnn
Changes the port number for the Citrix XML Service to nnn.
/u
Unloads Citrix XML Service from memory.
/knnn
Keeps the connection alive for nnn seconds. The default is nine seconds.
/b:a
Binds the service to all network interfaces. This is the default setting.
/b:l
Binds the service to localhost only.
/?
Displays the syntax for the utility and information about the utilitys options.
Security RestrictionsNone.
RemarksFor more information, see System Requirements.
-
15
DSCHECK
Use dscheck to validate the consistency of the database used to host the server farms datastore. You can then repair any inconsistencies found. dscheck is often used after runningdsmaint.
Syntaxdscheck [/clean] [/?]
Options/clean
Attempts to fix any consistency error that is found.
/?
Displays the syntax for the utility and information about the utilitys options.
RemarksDscheck performs a variety of tests to validate the integrity of a server farms data store.When run without parameters, only these tests are run. Run dscheck on a server in the farmthat has a direct connection to the data store.
When you run dscheck with the /clean option, the utility runs tests and removesinconsistent data (typically servers and applications) from the data store. Because removingthis data can affect the farms operation, be sure to back up the data store before usingthe /clean option.
When you run the utility with the /clean option, you may need to run the dsmaint commandwith the recreatelhc parameter on each server in the farm to update the local host caches.Running this command sets the PSRequired registry value to 1 inHKLM\SOFTWARE\Wow6432Node\Citrix\IMA\RUNTIME, orHKLM\SOFTWARE\Citrix\IMA\RUNTIME on XenApp, 32-bit Edition.
Dscheck reports the results of the tests in several ways. First, it sends any errors found aswell as a summary to the Event log and to the command window. You can also write theoutput produced by dscheck to a file.
Second, several performance monitor values are updated under the performance object forCitrix XenApp. These values include a count of server errors, a count of application errors,a count of group errors, and an overall flag indicating that errors were detected.
-
Third, dscheck returns an error code of zero for a successful scan (no errors are found) andan error code of one if any problems are encountered.
Dscheck looks primarily at three data store objects: servers, applications, and groups. Foreach of these object types, dscheck performs a series of tests on each object instance.
For example, for each server object in the data store, dscheck verifies that there is acorresponding common server object and then further verifies that both objects havematching host IDs and host names.
ExamplesTo run consistency checks only:
dscheck
To check consistency and fix errors:
dscheck /clean
DSCHECK
16
-
17
DSMAINT
Run dsmaint on farm servers to perform XenApp data store maintenance tasks, includingbacking up the data store, migrating the data store to a new server, and compacting theXenApp data store or the Streaming Offline database. Not all dsmaint commands apply toall database types.
When using this command, user names and passwords may be case-sensitive, depending onthe database and the operating system you are using.
Syntaxdsmaint config [/rade] [/user:username] [/pwd:password] [/dsn:filename]
dsmaint backup destination_path
dsmaint compactdb [/lhc]
dsmaint migrate [{/srcdsn:dsn1 /srcuser:user1 /srcpwd:pwd1}] [{/dstdsn:dsn2 /dstuser:user2 /dstpwd:pwd2}]
dsmaint publishsqlds {/user:username /pwd:password}
dsmaint recover
dsmaint recreatelhc
dsmaint recreaterade
dsmaint verifylhc [/autorepair]
dsmaint [/?]
Parametersdestination_path
Local path for the backup data store. Do not use the same path as the original databaseor a share point.
dsn1
The name of the DSN file for the source data store.
dsn2
-
The name of the DSN file for the destination data store.
filename
The name of the data store.
password
The password to connect to the data store.
pwd1
The source data store password.
pwd2
The destination data store password.
user1
The source data store user logon.
user2
The destination data store user logon.
username
The name of the user to use when connecting to the data store.
Optionsconfig
Changes configuration parameters used to connect to the data store. Enter the full pathto the DSN file in quotation marks. For example,
dsmaint config /user:ABCnetwork\administrator /pwd:Passw0rd101/dsn:"C:\Program Files (x86)\Citrix\Independent Management Architecture\mf20.dsn"
Stop the Citrix Independent Management Architecture service before using config withthe /pwd option.
Caution: Specify a /dsn for dsmaint config or you will change the security context foraccess to the SQL Server or Oracle database.
/rade
Compacts the offline data store.
/user:username
The user name to connect to a data store.
DSMAINT
18
-
/pwd:password
The password to connect to a data store.
/dsn:filename
The filename of an IMA data store.
backup
Creates a backup copy of the SQL Server Express deployment data store. Run thiscommand on the XenApp server that hosts the data store. Requires a path to a localfolder to which the backup database file is copied. Do not use this parameter to back upSQL Server or Oracle data stores.
Caution: When running dsmaint backup, specifying the same path as the existingdata store can damage it irreparably.
compactdb
Compacts the local database file. During database compaction, the database istemporarily unavailable for both reading and writing. The compacting time can vary froma few seconds to a few minutes, depending on the size of the database and the usage.
/lhc
Compacts the local host cache on the server where this parameter is run. Run dsmaint/lhc after your farm has been running for a long period of time as a maintenance task.
migrate
Migrates data from one data store database to another. Run this command on anyXenApp server that has a connection to the data store. Use this command to move a datastore to another server, rename a data store in the event of a server name change, ormigrate the data store to a different type of database (for example, migrate from SQLServer Express to SQL Server).
To migrate the data store to a new server:
1. Prepare the new database server using the steps you did before running XenAppSetup for the first time.
2. Create a DSN file for this new database server on the server where you will berunning dsmaint migrate.
3. Run dsmaint migrate on any server with a connection to the data store.
4. Run dsmaint config on each server in the farm to point it to the new database./srcdsn:dsn1
The name of the data store from which to migrate data.
/srcuser:user1
The user name to use to connect to the data store from which the data is migrating.
DSMAINT
19
-
/srcpwd:pwd1
The password to use to connect to the data store from which the data is migrating.
/dstdsn:dsn2
The name of the data store to which to migrate the data.
/dstuser:user2
The user name that allows you to connect to the data store to which you are migratingthe source data store.
/dstpwd:pwd2
The password that allows you to connect to the data store to which you are migrating thesource data store.
publishsqlds
Publishes a SQL Server data store for replication. Run publishsqlds only from the serverthat created the farm. The publication is named MFXPDS.
recover
Restores a SQL Server Express data store to its last known good state. Run this directly onthe server while the Citrix Independent Management Architecture service is not running.
recreatelhc
Recreates the local host cache database. Run if prompted after running dsmaintverifylhc. After running dsmaint recreatelhc, restart the IMA Service. When the IMAService starts, the local host cache is populated with fresh data from the data store.
recreaterade
Recreates the application streaming offline database. Run as a troubleshooting step ifthe Citrix Independent Management Architecture service stops running and the local hostcache is not corrupted.
verifylhc
Verifies the integrity of the local host cache. If the local host cache is corrupt, you areprompted with the option to recreate it. With the verifylhc /autorepair option,the local host cache is automatically recreated if it is found to be corrupted.Alternatively, you can use dsmaint recreatelhc to recreate the local host cache.
/?
Displays the syntax and options for the utility.
DSMAINT
20
-
RemarksAfter using dsmaint, Citrix recommends running dscheck to check the integrity of the dataon the XenApp data store.
Security RestrictionsThe dsmaint config and dsmaint migrate commands can be run only by a user with thecorrect user name and password for the database.
DSMAINT
21
-
22
ICAPORT
Use icaport to query or change the TCP/IP port number used by the ICA protocol on theserver.
Syntaxicaport {/query | /port:nnn | /reset} [/?]
Options/query
Queries the current setting.
/port:nnn
Changes the TCP/IP port number to nnn.
/reset
Resets the TCP/IP port number to 1494, which is the default.
/?
Displays the syntax for the utility and information about the utilitys options.
RemarksThe default port number is 1494. The port number must be in the range of 065535 andmust not conflict with other well-known port numbers.
If you change the port number, restart the server for the new value to take effect. If youchange the port number on the server, you must also change it on every Receiver or plug-inthat will connect to that server. For instructions for changing the port number on receiversor plug-ins, see the Receiver or plug-in documentation.
ExamplesTo set the TCP/IP port number to 5000
icaport /port:5000
-
To reset the port number to 1494
icaport /reset
Security RestrictionsOnly Citrix administrators with Windows administrator privileges can run icaport.
ICAPORT
23
-
24
IMAPORT
Use imaport to query or change the IMA port.
Syntaximaport {/query | /set {IMA:nnn | ds:nnn}* | /reset {IMA | DS | ALL} } [/?]
Options/query
Queries the current setting.
/set
Sets the designated TCP/IP port to a specified port number.
ima:nnn
Sets the IMA communication port to a specified port number.
ds:nnn
Sets the data store server port to a specified port number.
/reset
Resets the specified TCP/IP port to the default.
ima
Resets the IMA communication port to 2512.
ds
Resets the data store server port to 2512.
all
Resets all of the applicable ports to the defaults.
/?
Displays the syntax for the utility and information about the utilitys options.
-
25
QUERY FARM
Use query to display information about server farms within the network.
Syntaxquery farm [server [/addr | /app | /app appname | /load | /ltload]]
query farm [ /tcp ] [ /continue ]
query farm [ /app | /app appname | /disc | /load | /ltload | /lboff | /process]
query farm [/online | /online zonename]
query farm [/offline | /offline zonename]
query farm [/zone | /zone zonename]
query farm [/?]
Parametersappname
The name of a published application.
server
The name of a server within the farm.
zonename
The name of a zone within the farm.
Optionsfarm
Displays information about servers within an IMA-based server farm. You can use qfarmas a shortened form of query farm.
server /addr
Displays address data for the specified server.
-
/app
Displays application names and server load information for all servers within the farm orfor a specific server.
/app appname
Displays information for the specified application and server load information for allservers within the farm or for a specific server.
/continue
Do not pause after each page of output.
/disc
Displays disconnected session data for the farm.
/load
Displays server load information for all servers within the farm or for a specific server.
/ltload
Displays server load throttling information for all servers within the farm or for a specificserver.
/lboff
Displays the names of the servers removed from load balancing by Health Monitoring &Recovery.
/process
Displays active processes for the farm.
/tcp
Displays TCP/IP data for the farm.
/online
Displays servers online within the farm and all zones. The data collectors are representedby the notation D.
/online zonename
Displays servers online within a specified zone. The data collectors are represented bythe notation D.
/offline
Displays servers offline within the farm and all zones. The data collectors arerepresented by the notation D.
/offline zonename
QUERY FARM
26
-
Displays servers offline within a specified zone. The data collectors are represented bythe notation D.
/zone
Displays all data collectors in all zones.
/zone zonename
Displays the data collector within a specified zone.
/?
Displays the syntax for the utility and information about the utilitys options.
RemarksQuery farm returns information for IMA-based servers within a server farm.
Security RestrictionsYou must be a Citrix administrator to run query farm .
QUERY FARM
27
-
28
QUERY PROCESS
Use query to display information about processes within the network.
Syntaxquery process [ * | processid | username | sessionname | /id:nn | programname ] [ /server:servername ] [ /system ]
query process [/?]
Parameters*
Displays all visible processes.
processid
The three- or four-digit ID number of a process running within the farm.
programname
The name of a program within a farm.
servername
The name of a server within the farm.
sessionname
The name of a session, such as ica-tcp#7.
username
The name of a user connected to the farm.
Optionsprocess
Displays information about processes running on the current server.
process *
-
Displays all visible processes on the current server.
process processid
Displays processes for the specified processid.
process username
Displays processes belonging to the specified user.
process sessionname
Displays processes running under the specified session name.
process /id:nn
Displays information about processes running on the current server by the specified IDnumber.
process programname
Displays process information associated with the specified program name.
process /server:servername
Displays information about processes running on the specified server. If no server isspecified, the information returned is for the current server.
process /system
Displays information about system processes running on the current server.
/?
Displays the syntax for the utility and information about the utilitys options.
Security RestrictionsNone.
QUERY PROCESS
29
-
30
QUERY SESSION
Use query to display information about sessions within the network.
Syntaxquery session [sessionname | username | sessionid]
query session [/server:servername] [/mode] [/flow] [/connect] [/counter]
query session [/?]
Parametersservername
The name of a server within the farm.
sessionname
The name of a session, such as ica-tcp#7.
sessionid
The two-digit ID number of a session.
username
The name of a user connected to the farm.
Optionssession sessionname
Identifies the specified session.
session username
Identifies the session associated with the user name.
session sessionid
Identifies the session associated with the session ID number.
-
session /server: servername
Identifies the sessions on the specified server.
session /mode
Displays the current line settings.
session /flow
Displays the current flow control settings.
session /connect
Displays the current connection settings.
session /counter
Displays the current Remote Desktop Services counter information.
/?
Displays the syntax for the utility and information about the utilitys options.
Security RestrictionsNone.
QUERY SESSION
31
-
32
QUERY TERMSERVER
Use query to display information about terminal servers within the network.
Syntaxquery termserver [servername] [/domain:domain] [/address] [/continue]
query termserver [/?]
Parametersservername
The name of a server within the farm.
domain
The name of a domain to query.
Optionstermserver servername
Identifies a Terminal Server.
/address
Displays network and node addresses.
/continue
Do not pause after each page of output.
/domain: domain
Displays information for the specified domain. Defaults to the current domain if nodomain is specified.
/?
Displays the syntax for the utility and information about the utilitys options.
-
RemarksIf no parameters are specified, query termserver lists all Terminal Servers within thecurrent domain.
Security RestrictionsNone.
QUERY TERMSERVER
33
-
34
QUERY USER
Use query to display information about users within the network.
Syntaxquery user [ username | sessionname | sessionid ] [ /server:servername ]
query user [/?]
Parametersservername
The name of a server within the farm.
sessionname
The name of a session, such as ica-tcp#7.
sessionid
The ID number of a session.
username
The name of a user connected to the farm.
Optionsuser username
Displays connection information for the specified user name.
user sessionname
Displays connection information for the specified session name.
user sessionid
Displays connection information for the specified session ID.
user /server: servername
-
Defines the server to be queried. The current server is queried by default.
/?
Displays the syntax for the utility and information about the utilitys options.
RemarksIf no parameters are specified, query user displays all user sessions on the current server.You can use quser as a shortened form of the query user command.
Security RestrictionsNone.
QUERY USER
35