Solved

Citrix XenApp 7.9 StandAlone

Posted on 2016-08-19
16
65 Views
Last Modified: 2016-09-09
Migrating a client from a MetaFrame Server to an Azure based Server 2012R2.  Have everything installed, but when I load Citrix, it's complaining that I'm not logged into a domain.

I'm not.  Old server ran as a true standalone without Active Directory.

Is there any other solution aside from spinning up a second machine to act as a Domain Controller?
0
Comment
Question by:NEMC
  • 7
  • 6
  • 3
16 Comments
 
LVL 8

Expert Comment

by:James Rankin
ID: 41763096
Pretty sure citrix needs to be part of a domain to install these days. If you want citrix in azure, have you looked into citrix workspace cloud? Or citrix cloud as it is now known.
1
 
LVL 36

Accepted Solution

by:
Carl Webster earned 250 total points
ID: 41763123
AD is required now.

https://docs.citrix.com/en-us/xenapp-and-xendesktop/7-9/technical-overview/active-directory.html

Active Directory is required for authentication and authorization. The Kerberos infrastructure in Active Directory is used to guarantee the authenticity and confidentiality of communications with the Delivery Controllers.

This product supports:
Deployments in which the user accounts and computer accounts exist in domains in a single Active Directory forest. User and computer accounts can exist in arbitrary domains within a single forest. All domain functional levels and forest functional levels are supported in this type of deployment.
Deployments in which user accounts exist in an Active Directory forest that is different from the Active Directory forest containing the computer accounts of the controllers and virtual desktops. In this type of deployment, the domains containing the Controller and virtual desktop computer accounts must trust the domains containing user accounts. Forest trusts or external trusts can be used. All domain functional levels and forest functional levels are supported in this type of deployment.
Deployments in which the computer accounts for Controllers exist in an Active Directory forest that is different from one or more additional Active Directory forests that contain the computer accounts of the virtual desktops. In this type of deployment a bi-directional trust must exist between the domains containing the Controller computer accounts and all domains containing the virtual desktop computer accounts. In this type of deployment, all domains containing Controller or virtual desktop computer accounts must be at "Windows 2000 native" functional level or higher. All forest functional levels are supported.
Writable domain controllers. Read-only domain controllers are not supported.
1
 

Author Comment

by:NEMC
ID: 41763241
Thanks for the two helpful responses.

We already have the server up and licensed, so although Citrix Cloud may have been a viable alternative at the outset, we have moved past that point now.

Hoping (praying really) someone else may have a work around, although that appears unlikely.
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 41763243
There is no work around. AD is now mandatory.
0
 
LVL 8

Expert Comment

by:James Rankin
ID: 41763244
Can't you just use pure RDSH? It has come a long way, still not as easy to manage IMO but may work in a non-domain scenario
0
 

Author Comment

by:NEMC
ID: 41763246
James:

RD is certainly a technical option, but that would involve changing many locked down field workstations.  In addition, client just paid for Citrix, so there's that as well.  

But, yes, on most levels RD alone would work.
0
 

Author Comment

by:NEMC
ID: 41763247
On a tangential note . . . my understanding is that an Azure Windows 2012R2 server cannot host Hyper-V VMs because the hypervisor is already active in Azure itself.

Said another way, we will need to spin up a second Azure machine to act as a Domain Controller.

Is that correct?
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 41763248
You can't run full AD in Azure.
0
Why do Marketing keep bothering you?

Is your marketing department constantly asking for new email signature updates? Are they requesting a different design for every department? Do they need yet another banner added? Don’t let it get you down! There is an easy way to manage all of these requests...

 

Author Comment

by:NEMC
ID: 41763251
Carl:

Well that will certainly be an issue.

When you say "Full AD" is there a variation of AD that would be supported by both Azure and XenApp?
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 41763257
Sure, a connection from your on premises ad to azure ad.
0
 

Author Comment

by:NEMC
ID: 41763260
Carl:

Thanks for the dialog.

There is not preexisting AD environment.  This server, as a standalone Metaframe server just used local USER accounts.  

We could create an on premises AD environment and link it but we're adding a lot of points of failure to what had originally been a self contained system.

So the bottom line is there's not way to run a XenApp Server in Azure without linking to an on-premises AD?
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 41763280
Not that I am aware of. Even the Citrix Cloud, iirc, requires a connector to on premises AD. If I am wring, I am sure someone will correct me.

I am correct.

https://www.citrix.com/products/citrix-cloud/tech-info.html

Look at the slide show comparing traditional to cloud.
0
 

Author Comment

by:NEMC
ID: 41763283
You're killing me, Carl.

Thanks for your time and insight.
0
 
LVL 36

Expert Comment

by:Carl Webster
ID: 41763292
Who sold them on 7.9 as a solution?
0
 

Author Comment

by:NEMC
ID: 41763299
I did.

Went with the most recent version of what they had been running, but clearly it has evolved in some very significant ways.

it's a perfect storm.  Most of my clients aren't running Citrix in the cloud, all of them have local AD environments.  This is just a big one-off.
0
 
LVL 8

Assisted Solution

by:James Rankin
James Rankin earned 250 total points
ID: 41763420
I suppose you could always install the AD roles on the Citrix server, but as far as I remember that's not supported by citrix - and in the latest versions there's a possibility it might refuse to install on a DC (not sure what would happen if you installed citrix then the AD roles, but pretty sure it would be unsupported)
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Monitoring systems evolution, cloud technology benefits and cloud cost calculators business utility.
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now