Session Policies don't seem to be working as Idle Sessions stay connected

In CTX216719 you did see that "This policies only apply to publish desktops and not publish apps (To XenDesktop and not XenApp)".

I did, but there are 2 sets around 'sessions', and in the past this can be set against the session itself/published app or not.  So, what is the equivalent now in XenApp 7.15?

Have you looked at

How to configure a session disconnect timer in XenApp 7.x

Arg, no I hadn't was trying to handle things through Citrix Policies rather than GPO's as  our domain level is only at 2008 right now, working towards 2012 and wasn't sure if the templates would work with my 2016 XenApp systems.

Was nice and tidy in XenApp 6.5 to have everything in one place.... so sprawling I guess.

Welcome to the new world. :)

Just wait until you move to the new and "improved" Citrix Cloud. Sorry, I can't seem to find EE's sarcasm font!

LOL... Taking some training on the Cloud at the end of the month.  We're not there, but will be moving there at some point in the next couple of years.

So really are the policies you can set within Citrix Studio useless for my design then?  Do I really just have to use GPO's since I"m not using XenDesktop?

Hmm.. ok, do you use published apps' or just Desktops?  Curious....

I am a consultant. I have customers who do everything. I prefer published apps so users have no access to the desktop.

Gotcha - all we're using as well, why I was curious.

So looks like the only policy that would work in Studio would be the Server idle timer interval, everything else is not applicable.  So arguing that, that is set, but still doesn't work.  

So looks like I'll have to go down the road of GPO's for all Citrix related settings in XenApp 7.15.  And thinking out loud the templates would work as they are based on Citrix not the OS.

All the policy settings in Studio are available in the Citrix Policies node in a GPO configured from a Delivery Controller. There are also some AD only settings for Citrix. I used to maintain the huge Excel spreadsheet of all the policy settings for XenApp 6.x/XD 5.xx/ and XA/XD 7.xx until Citrix started supplying a CSV file with every release. That Excel file goes through the initial release of 7.15.

https://carlwebster.com/downloads/download-info/citrix-policy-settings/

Nice, thanks.. I'll be perusing that now. :)

Not sure if I'm just having a case of the Monday's on a Friday but where exactly to I obtain the templates themselves?

Thanks

The Citrix Templates are built-in.

Ok now I'm confused.  When we last spoke I was trying to use the templates in Citrix Studio policies and determined that since we are using Published apps and not Desktops, it was ignoring my session settings and sessions weren't picking up the timeout requirements.  Your suggestion was to use AD GPO's, so now I'm confused.  To use in AD, I need adm templates to add into my Group Policy on the Domain Controller to take affect in AD and apply to the appropriate OU.

Thanks

YOu missed something I stated.

All the policy settings in Studio are available in the Citrix Policies node in a GPO configured from a Delivery Controller.

By the way, that means you have to install the Group Policy Management Console feature on your delivery controller.

Ok, I'm running Citrix Studio on my Delivery Controller's.  So if  I go to the mmc on my Delivery Controller and pull up the Group Policy Object Editor, this is where you're referencing?  So yeah, I see the Unfiltered here but not the additional I setup via Studio.

So to clarify, you are saying I should be setting the templates up here in the local GPO settings and not in Studio.  So is there a way to export/import or replicate across the Other Delivery Controller's?

The Policies you configure in Studio are never seen in GPMC for AD.
The Policies you configure in GPMC are never seen in Studio.

I know of no way to export from Studio and import to AD and vice versa.

You can run my CVAD V2 doc script to document the policy settings you have and then manually enter them into an AD policy.

Ok, I can do the policies here and set manually.  I still have one area of confusion, if these are AD policies, these are only defined at the local server level, not at the domain level.  Looking in GP Management on the AD Domain Controller, this doesn't exist.  This makes sense to me, the issue is how to ensure that the Delivery Controller's all see the same policies since it's set at the Local Group Policy layer.

DON'T USE GPEDIT.MSC USE GPMC.

I do appreciate your help, but feel I'm not understanding causing circular conversation here.  If I use GPMC (That is Group Policy management Console) that exists on  a Domain Controller.  I am not able to get to any Citrix Templates unless I import the .admx.  

If I look at the path where I have my build 7.15.5000 installation files and go to Citrix Policy CitrixGroupPolicyManagement_x64, and run it, it is already installed.  

I can see the templates if I pull up the local Group Policy Editor on my Citrix Delivery Controller which is just a member server in the domain.  So that's where I don't get how these are supposed to work in Active Directory or the latter, how this replicates across other Citrix Delivery Controller's in its farm.

Sorry in advance, but I'm missing a piece of the puzzle.

That is because there is nothing installed on your domain controller that allows it to read or see any Citrix policies. That is why I stated you have to do your Citrix AD-based policies on a delivery controller with GPMC installed.

If you want your DCs to see/read/write your Citrix policies, install Studio on your DCs. I really hope you don't do that though.

No, I can't put Citrix Studio on our Domain Controller's, not an option.  Just trying to get this working with the best effort to keep everything in Citrix land.  So it sounds like rather I need to install GPMC (Group Policy Management Console) on my Citrix Delivery Controller. So if I execute this, CitrixGroupPolicyManagement_x64 says it's already installed.  How do I open on the Delivery Controller appropriately then... this is what I seem to be missing.  Thanks.

Install the AD Feature Group Policy Management Console.

From PowerShell:

Install-WindowsFeature GPMC

Thanks I'll give that a shot and hopefully have everything I need.  Appreciate your help.

Thanks, I'm in so will convert my Current Citrix Studio Policies to AD policies and remove those. but will tackle this next week.  Have a nice weekend and thanks :)

Glad to help.

I haven't had a chance to convert my policies to AD policies just yet.  But had one more question, once I do, what do I do within Studio to ensure that it's using the AD GPO's and not the Studio GPO's?  Do I simply delete all that is there, though the unfiltered won't delete or ?  Or is this really meant to be more of a hybrid, some base things set in Studio Policy and the rest in AD GPO?

Thanks in advance.

You can safely DISABLE the Studio policies. Don't delete them yet.

ok, thanks, was just thinking how does it know what to do, but that makes sense.  Hoping to get to this soon to keep moving forward.  Thanks.

Hello.  Just an update, I have updated the policy via Group Policy management on my Citrix Delivery Controller.  I can see the contents at this level.  I have confirmed the Citrix XenApp servers are seeing this GPO - however; the timeout settings per published applications and sessions still are not applying.  I have attached what I have set currently.  Thoughts?

Thanks in advance.
CtxGPO1.pngCtxGPO2.png

Do a GPResult /h test.html and see what policies are applying. You may have a conflicting GPO somewhere.

"I have confirmed the Citrix XenApp servers are seeing this GPO - however; the timeout settings per published applications and sessions still are not applying."

Session limits policy settings not applying as expected 

Solution

This policies only apply to publish desktops and not publish apps (To XenDesktop and not XenApp).
This setting enables or disables a timer that specifies the maximum duration of an uninterrupted connection between a user device and a desktop.  The key phrase here is: "between a user and a desktop" This settings does not apply to application sessions.  

Understood, but there has to be a way to control the Published App sessions, so how can those be controlled?

I know of no way to control that with published applications. Remember, those are Microsoft controlled settings. Citrix doesn't control them. Behind the scenes of every published application is a desktop running hidden (most people don't know that). Why those settings don't apply is beyond my thinking. I am sure Microsoft has its reasons. There may be a third-party tool that can handle what you need, but I don't know what it is.

Interesting but disappointing.... this worked flawlessly in XenApp 6.5. I also can't believe we're the only ones using more of the Published Application side and not just Published Desktops... so there has to be a solution.  Appreciate your input.

Welcome to the new and "improved" world of post-Server 2008 R2.