Solved

Can personal certificates move with a user's profile in Citrix XenDesktop?

Posted on 2013-10-24
6
2,761 Views
Last Modified: 2013-10-28
I have users which need to be ported over to a pooled-random Citrix XenDesktop environment.
We are currently conducting testing in the VDI to ensure functionality in their programs.

One web-based app they use is called CoStar.
CoStar installs a trusted root certificate and a personal certificate.

I logged into a test vm in Citrix and installed the certs and got onto the CoStar site just fine.
I logged off and logged back into Citrix, which spun up a new Windows 7 Ent. image. As I feared, the certificates did not follow and CoStar could not find the cert.

How can I migrate these guys to XD while still having them be able to log into CoStar?

Things to note:
-The certificate is personal to the user and can't be embedded in the master image. (can I add everyone's certs/profiles to the image?)

-CoStar doesn't know where the cert is stored in Windows so I can't file redirect the folder. It's tied to Windows anyway, and not their profile.

-Due to the ISP screwing us, I have to migrate these guys in the next 6 days since they will be losing their MPLS connection and won't have a way to get to their "stuff".

UPDATE
.....
I tried running a few tests in a pooled-static environment and the certificates appear to stick. (I thought it only kept licensing stuff)
What kinds of problems can I run into in the future if I keep static vs. random?
(i.e.- can "bad" settings remain like viruses, improper programs, etc?)
0
Comment
Question by:Paul Wagner
  • 3
  • 2
6 Comments
 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 39598140
personal certificates should roam with the user profile.
check the certificate-location after installing them with mmc.
take a look to "local computer" and "user" store.

are you sure the xd-profiles roaming? take a link to the user desktop - is the link there afrer using the next desktop?

do you use MS or Citrix profile management?
0
 
LVL 19

Expert Comment

by:basraj
ID: 39598505
You can use Personal Vdisk with basic static image. The image should have very basic apps, which gives flexibility to retain user installed apps along with basic image. This way root certificate stays with the image and each user can use their own certificates roaming.
0
 
LVL 3

Author Comment

by:Paul Wagner
ID: 39601015
@dkotte
-No, it looks like personal certificates were not following in the pooled-random environment. It looks like they do in pooled-static, though.
-The personal certificate ends up in Certificates->Personal->Certificates in certmgr.msc.
-The profile is using file redirection for "most of" the profile. To be honest, I don't know yet.... The environment didn't have much documentation when I took over.
-Yes, the link/certificate is there after logging out/in using the pooled-static environment.

@basraj
If I use Personal w/vdisk won't that greatly inflate my storage costs (in terms of space used)? It might also present a problem when trying to deploy a new master image to everyone, I believe.

To all:
Since it looks like pooled-static is working, do you know if this will cause any problems or config differences in the future vs. the other users who are in pooled-random?
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 
LVL 23

Expert Comment

by:Dirk Kotte
ID: 39603697
as exclaimed within TechNet
http://msdn.microsoft.com/en-us/library/windows/desktop/aa388136(v=vs.85).aspx
user-certificates should be stored within the user-registry.
therefor the certs should roam with the user-profiles ...  (works for me)
but the trusted root cert can be stored within the device-registry.
If so you have to place the  trusted root cert  within the image.

don't know why pooled static should run. this devices are rebuild with every logon also...
(if you really shutdown/reboot the device)
http://support.citrix.com/proddocs/topic/xendesktop-rho/cds-choose-scheme-type-rho.html
0
 
LVL 3

Author Comment

by:Paul Wagner
ID: 39606820
@dkotte

Interesting find. I have discovered that pooled-static in fact does not work once rebooted. hrmmmm. bummer, right?

I would have thought that the profile keeps the certs but it appears to not come over. One thing to note is that the web app developer makes us install the first cert in the trusted root (not in the profile, right?) and the second cert 'just installs' but I can't find it in personal certs of certmgr.msc once it gets installed so I'm guessing that it too gets installed in trusted root.
Would that explain why it isn't following, or maybe XD with pooled-static doesn't truly pull "everything" over when it logs into a newly rebooted image.

I'm thinking at this point that I'll have to go dedicated.
0
 
LVL 23

Accepted Solution

by:
Dirk Kotte earned 500 total points
ID: 39606846
if you can't see the the personal certificate, the app don't use the system cert store for this certificate. (like firefox )
you should try to use the citrix profile management because this save more files and directories than the MS profile service.

to find the certificate you can use filemonitor from sysinternals. it is the only way some times.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Is your company's data protection keeping pace with virtualization? Here are 7 dynamic ways to adapt to rapid breakthroughs in technology.
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now