Solved

Can personal certificates move with a user's profile in Citrix XenDesktop?

Posted on 2013-10-24
6
3,037 Views
Last Modified: 2013-10-28
I have users which need to be ported over to a pooled-random Citrix XenDesktop environment.
We are currently conducting testing in the VDI to ensure functionality in their programs.

One web-based app they use is called CoStar.
CoStar installs a trusted root certificate and a personal certificate.

I logged into a test vm in Citrix and installed the certs and got onto the CoStar site just fine.
I logged off and logged back into Citrix, which spun up a new Windows 7 Ent. image. As I feared, the certificates did not follow and CoStar could not find the cert.

How can I migrate these guys to XD while still having them be able to log into CoStar?

Things to note:
-The certificate is personal to the user and can't be embedded in the master image. (can I add everyone's certs/profiles to the image?)

-CoStar doesn't know where the cert is stored in Windows so I can't file redirect the folder. It's tied to Windows anyway, and not their profile.

-Due to the ISP screwing us, I have to migrate these guys in the next 6 days since they will be losing their MPLS connection and won't have a way to get to their "stuff".

UPDATE
.....
I tried running a few tests in a pooled-static environment and the certificates appear to stick. (I thought it only kept licensing stuff)
What kinds of problems can I run into in the future if I keep static vs. random?
(i.e.- can "bad" settings remain like viruses, improper programs, etc?)
0
Comment
Question by:Paul Wagner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 24

Expert Comment

by:Dirk Kotte
ID: 39598140
personal certificates should roam with the user profile.
check the certificate-location after installing them with mmc.
take a look to "local computer" and "user" store.

are you sure the xd-profiles roaming? take a link to the user desktop - is the link there afrer using the next desktop?

do you use MS or Citrix profile management?
0
 
LVL 19

Expert Comment

by:basraj
ID: 39598505
You can use Personal Vdisk with basic static image. The image should have very basic apps, which gives flexibility to retain user installed apps along with basic image. This way root certificate stays with the image and each user can use their own certificates roaming.
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39601015
@dkotte
-No, it looks like personal certificates were not following in the pooled-random environment. It looks like they do in pooled-static, though.
-The personal certificate ends up in Certificates->Personal->Certificates in certmgr.msc.
-The profile is using file redirection for "most of" the profile. To be honest, I don't know yet.... The environment didn't have much documentation when I took over.
-Yes, the link/certificate is there after logging out/in using the pooled-static environment.

@basraj
If I use Personal w/vdisk won't that greatly inflate my storage costs (in terms of space used)? It might also present a problem when trying to deploy a new master image to everyone, I believe.

To all:
Since it looks like pooled-static is working, do you know if this will cause any problems or config differences in the future vs. the other users who are in pooled-random?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 24

Expert Comment

by:Dirk Kotte
ID: 39603697
as exclaimed within TechNet
http://msdn.microsoft.com/en-us/library/windows/desktop/aa388136(v=vs.85).aspx
user-certificates should be stored within the user-registry.
therefor the certs should roam with the user-profiles ...  (works for me)
but the trusted root cert can be stored within the device-registry.
If so you have to place the  trusted root cert  within the image.

don't know why pooled static should run. this devices are rebuild with every logon also...
(if you really shutdown/reboot the device)
http://support.citrix.com/proddocs/topic/xendesktop-rho/cds-choose-scheme-type-rho.html
0
 
LVL 5

Author Comment

by:Paul Wagner
ID: 39606820
@dkotte

Interesting find. I have discovered that pooled-static in fact does not work once rebooted. hrmmmm. bummer, right?

I would have thought that the profile keeps the certs but it appears to not come over. One thing to note is that the web app developer makes us install the first cert in the trusted root (not in the profile, right?) and the second cert 'just installs' but I can't find it in personal certs of certmgr.msc once it gets installed so I'm guessing that it too gets installed in trusted root.
Would that explain why it isn't following, or maybe XD with pooled-static doesn't truly pull "everything" over when it logs into a newly rebooted image.

I'm thinking at this point that I'll have to go dedicated.
0
 
LVL 24

Accepted Solution

by:
Dirk Kotte earned 500 total points
ID: 39606846
if you can't see the the personal certificate, the app don't use the system cert store for this certificate. (like firefox )
you should try to use the citrix profile management because this save more files and directories than the MS profile service.

to find the certificate you can use filemonitor from sysinternals. it is the only way some times.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After several days of searching and hunting for limited documentation, I wanted to share this guide to hopefully save someone the hassle of trying to figure this out on their own. I have tested this on Xendesktop 7.1 and PS 4.5 running simultaneous…
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question