Detecting Citrix

I wanted to know how you can detect Citrix and its Session ID?
Armon14Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ThePerfectKCommented:
I'm not sure exactly what you are trying to "Detect", nor what the "Session ID" is to which you are referring.  To find if Citrix is installed, you can look either in the All Programs menu found in the Start menu within windows, or you could look in the Program Files folder.  Look for Citrix and ICA Client folders.

If you are trying to determine if Citrix is currently running, there should be a System Tray icon in the lower right corner of your screen which will look like a small cityscape/skyscraper.  You can double click on that icon, and it should display any active Citrix connections, and give you most of the details about them including to which server you are connected, and the username with which you logged in.

Please let me know if that gives you any clues, or provide more specific details so I can better assist you.  Thanks...
0
engineer_dellCommented:
Hey ThePerfectK ;)

Read this information, I hope this answer all your queries.

"LSVIEW.EXE" can be run on Terminal Server to check the Discovery Process

* Verify the terminal server can access the license server.

Make sure there is no firewall software on the terminal server or license server
that would block necessary ports. Same for a hardware firewall between them. TS
licensing works over RPC, which means port 135 and a dynamically assigned port
above 1024 must be open.

Make sure DNS is properly configured on the client,terminal server, and license
server. Verify you can ping in between them all by IP address, FQDN, and NetBIOS
name. Also try "ping -l 1472 -f <IP address>" to determine if the MTU is too small
on the network, in which case you can change it on the router, or configure the
machines to use a smaller MTU in the registry. Setting the MaxMTU to 576 and or
setting EnablePMTUDiscovery to 0 may allow them towork.

Windows NT 4.0
==============

HKLM\System\CurrentControlSet\Services\<Adapter
Name>\Parameters\Tcpip
Value Type:      REG_DWORD
Value Name:      MTU
Value: Valid Range: 68 - <the MTU of the underlying
network>

In Windows 2000 and later this value is under the following key:
==================================================

HKLM\System\CurrentControlSet\Services
Tcpip\Parameters\Interfaces\<ID for
Adapter>
Value Type:      REG_DWORD
Value Name:      MTU
Value: Valid Range: 68 - <the MTU of the underlying
network>


* Verify CALs are available.

The license server must be activated and have CALs available. For Windows Server
2003 terminal servers, the license mode on the terminal server, must match the type
of CALs that are available on the license server. For example if Per User CALs have
been installed on the license server, the terminal server must be set to Per User
license mode.

* Delete the "MSLicensing" registry key and verify that the users have at least
Read access on the HKLM\Software\Microsoft key.


* Verify Authenticated Users have "Access this computer from the network" and
"Bypass Traverse Checking"

By default, the only group policy object that has the "Access this computer from
the network" right defined is the Default Domain Controllers policy. All other
machines (member servers, clients, machines in a workgroup) have that right defined

in their local security policy.

* Check RestrictAnonymous.

If RestrictAnonymous is 2 on the license server, it won't be able to issue
licenses. Values of 0 or 1 work fine.

NOTE: The exception to this is when a 2003 TS is using a 2003 TSL, then
RestrictAnonymous=2 will work fine and does not need to be changed. In all other
scenarios (2000 TS/2000 TSL,2000 TS/2003 TSL) RA=2 is bad.

* Verify network adapter bindings.

Network adapters must have File and Printer Sharing bound to them. If there are
multiple adapters on the license server, the adapter that is on the same network as
the terminal server should be first in the binding order.

10. Verify the RDP-tcp connection is enabled and that "Maximum Connection Count" on
the Network Adapter tab of RDP-Tcp properties is set to Unlimited.

Verify that Everyone has Full Control on the RDP-Tcp properties, Security tab
(Everyone Full Control isn't required, just so the users trying to connect have
permissions to it).

In Terminal Services Configuration click Connections,right-click RDP-Tcp, select
All Tasks. If Enable Connection is an option, the connection is currently disabled.
There will also be a red X over the icon for the specified connection when
disabled.

If RDP-tcp encryption level is set to High, and clients are failing to connect, try
setting the encryption level to low, or keeping it on high but using the latest RDP
client on the client machines.

* Verify if the license server is Enterprise or Domain.


Role can be verified:
=====================
HKLM\System\CurrentControlSet\Services\TermServLicensing\Parameters,

if
Role=0 it is a domain/workgroup license server, if
Role=1, it is an Enterprise license server.


* Delete the certificate registry values on the client and terminal server.


* Event 201/221 and the license logging service.

The license logging service is separate from TS licensing, however it can affect
terminal server connections. If Windows licensing on the terminal server is
configured for Per Server, and has run out of Windows licenses (regardless of TS
licenses) connections will be denied. Disabling the license logging service is the
quickest way to test for this, and it is actually recommended to keep license
logging disabled. It is disabled by default on Windows Server 2003.

* Disable the License Server Security Group policy under Computer

Configuration\Administrative Templates\Windows components\Terminal
Services\Licensing.

Note: This policy setting is only available on 2003. When enabled, a Terminal
Services Computers local group is created,and TS licenses will only be granted to
computer accounts that are a member of that group.

* If the error is "You do not have access to logon to this session" and they are
using the Internet Connector License (2000) or External Connector License (2003)
then only TSInternetUser credentials will work.

* Issues with thin clients.

Try resetting the thin client to factory defaults and/or updating its firmware.
Thin clients can be reset to factory defaults by unplugging the unit from the wall
for about five minutes (bleeding down the capacitors is the only way to cold start
the thing, per Compaq) and the holding down the "G" key while plugging in and restarting the unit.

Good Luck !!

Ritesh
Dell support professional
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
engineer_dellCommented:
Hey The perfectK

Here is the list of commands, to qery session id and much more,
QUERY replaces QUSER, QPROCESS, QOBJECT, QAPPSERV, QWINSTA from Citrix Winframe.

The query utilities are used to display current information about the system such as the current allocation of resources and system status. The query command can invoke any one of the query utilities. The command line format is:
query [appservers | object | process | session | user] [/?]
/? (help)
                         
Displays the syntax for the command and information about the command's options.

Syntax
Query Appservers:


Displays the available application servers on the network.

Query appservers [servername] [/domain:domainname] [/address] [/continue] [/?]
Parameters
servername
Identifies an application server.

/domain:domainname
Displays application server information for the specified domainname. Defaults to the current domain.

/address
Displays the network and node addresses for each server.

/continue
Pauses after each screen of information until a key is pressed.

/? (help)
Displays the syntax for the command and information about the command's options.

Query Appservers -- Additional Notes
Query Appservers searches the network for all attached application servers and returns the following information:

The servername. The network and node address (if the /address option is used).

The following is an example for query appservers:
   C:\>query appserversAPPLICATION SERVERfast_eddieengineeringaccess_1
   *brand_x
                         
The asterisk (*) indicates the current servername. APPLICATION SERVER identifies the servername.
Query Appservers -- Examples
To display information about all application servers found on the network, type:
query appservers

To display information about the fasteddie application server, type:
query appservers fasteddie

To display information about all application servers in domain SYSTEM, type:
query appservers /domain:system

To display the network and node address for the NABBY application server, type:
query appservers NABBY /address

Syntax
Query Object:
Displays information about the system's Object Manager Namespace.

query object [Objectname] [/device] [/?]
Parameters
Objectname
Identifies the object type to query.

/device
Displays devices in the \DosDevices namespace in a modified format.

/? (help)
Displays the syntax for the command and information about the command's options.

Query Object -- Examples
To display information about the objects that are in the \Driver namespace, type:
query object \Driver

To display information about the objects that are in the \DosDevices namespace in a modified format, type:
query object /device

Syntax
Query Process:
Displays information about processes.

query process [processID] [/server:servername] [/system] [/?]
query process[username] [/server:servername] [/system] [/?]
query process[sessionname] [/server:servername] [/system] [/?]
query process[/ID:sessionID] [/server:servername] [/system] [/?]
query process[programname] [/server:servername] [/system] [/?]
query process[*] [/system] [/server:servername] [/?]

Parameters
processID
Identifies a process.

username
Identifies the name of the user whose processes you want to display.

sessionname
Identifies the name of the session. The name was created by the system administrator when the session was configured.

/ID:sessionID
Identifies the session whose processes you want to display.

programname
Identifies the name of the program whose processes you want to display. The .exe extension is required.

/server:servername
The Terminal Server to be queried. Otherwise, the current Terminal Server is used.

/system
Displays process information for system processes.

/? (help)
Displays the syntax for the command and information about the command's options.

Security Restrictions
Query process is used to query only those processes belonging to the current user, unless the current user has sufficient security classification to query processes belonging to other users. Administrators have full access to all query process functions.
Query Process -- Additional Notes
If no process or session is specified, query process queries all processes belonging to the current user. If a session is specified, it must identify an active session. You can use wildcards to identify the process. If a single wildcard is present (*), all processes in the system are identified.

Query process returns the following information:
  The user that owns the process.
  The session that owns the process.
  The ID of the session.
  The process name.
  The process state.
  The ID of the process.
                         
The following is an example for query process:
   C:>query process
   USERNAME SESSION ID STATE PID
   >edj rdp-tcp#002 0 wait 353 progman.exe
   >edj rdp-tcp#002 0 wait 49 cmd.exe
   >edj rdp-tcp#002 0 wait 139 query.exe
   >edj rdp-tcp#002 0 run 375 qprocess.exe
                         
The > character identifies the current user. Session identifies the session where the user is logged on the system. ID specifies the ID of the session.

State indicates the state of the process. PID identifies the processID of the program that follows.
Query Process -- Examples
To display information about process 8, type:
query process 8

To display information about all processes for user EDDIEJ, type:
query process EDDIEJ

To display information about all processes in session rdp-tcp#002, type:
query process rdp-tcp#002

To display information about all processes in session 4, type:
query process /id:4

To display information about the process Netclient.exe, type:
query process Netclient.exe

To display information about all processes in the system, type:
query process *

To displays information about all processes on the system, including system processes, type:
query process * /system

Syntax
Query Session:
Displays information about sessions.

Query session [sessionname] [/server:servername] [/mode] [/flow] [/connect] [/?]
Query session[username] [/server:servername] [/mode] [/flow] [/connect] [/?]
Query session[sessionID] [/server:servername] [/mode] [/flow] [/connect] [/?]
Parameters
sessionname
Identifies the name of the session. The name was created by the system administrator when the session was configured.

username
Identifies the user of the session.

sessionID
Specifies the ID of the session.

/server:servername
The Terminal Server to be queried. Otherwise, the current Terminal Server is used.

/mode (session mode)
Displays the current line settings.

/flow (flow control)
Displays the current flow control settings.

/connect (connect settings)
Displays the current connect settings.

/? (help)
Displays the syntax for the command and information about the command's options.

Security Restrictions
A user can always query the session where the user is currently logged on. The user must have Query Information access permission to query other sessions.
Query Session -- Additional Notes
If no session is specified, query session displays all active sessions in the system. Otherwise, the session must identify an active session.

The following is an example for query session:
   C:>query session
   SESSION USERNAME ID STATE TYPE DEVICE
   >console administrator 0 active
   rdp-tcp#003 eddiej 1 active
   rdp-tcp 2 listen
   rdp-tcp 3 listen
   rdp-tcp 4 idle 5 idle
                         
The > character identifies the current session. Session specifies the session name. Username identifies the name of the user connected at the session, if any. ID identifies the ID of the session connected to the system, if any. State provides information on the current state of the session and can be any of the following:
   Active. The session is connected and active.
   Conn. The session is connected. No user is logged on.
   ConnQ. The session is in the process of connecting. If this state
        continues, it indicates a problem with the connection.
   Shadow. The session is shadowing another session.
   Listen. The session is ready to accept a client connection.
   Disc. The session is disconnected.
   Idle. The session is initialized.
   Down. The session is down, indicating the session failed to initialize correctly.
   Init. The session is initializing.
                         
Type indicates the session type. Device is the device name assigned to the session (not present for the console or network-connected sessions). The comment following the session information is from the profile.

A session initially configured as disabled does not show up in the query session list until it is enabled.
Query Session -- Examples
To display information about all active sessions on server ACCTG, type:
query session /server:ACCTG

To display information about session MODEM02, if it is active, type:
query session MODEM02

Syntax
Query User:
Displays information about users who are logged on the system.

query user [username] [/server:servername] [/?]
query user[sessionname] [/server:servername] [/?]
query user[sessionID] [/server:servername] [/?]
Parameters
username
Identifies the user.

sessionname
Identifies the name of the session. The name was created by the system administrator when the session was configured.

sessionID
Specifies the ID of the session.

/server:servername
The Terminal Server to be queried. Otherwise, the current Terminal Server is used.

/? (help)
Displays the syntax for the command and information about the command's options.

Security Restrictions
A user must have Query Information access permission to query other users.

Cheers !!
Ritesh
0
ThePerfectKCommented:
Thanks Ritesh.  The question wasn't mine, however that is all the useful information in the world for Metaframe...   does that answer your question Armon14?
0
engineer_dellCommented:
Hey ThePerfectK !!
I am sorry..but my answer was for Armon14. And I believe that it should answer his query.

regards,
Ritesh.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.