Jul 252017

Clonepost from my blog.

There are some good guides out there (such as Carl Stalhood’s) that cover the details of setting up Citrix App Layering, but currently don’t have a birds eye overview of what an App Layering implementation requires.

After going through many of these hurdles myself, I considered that a “light on the details” overview might be useful for the masses that are new to the tech.

This guide is written from the perspective of a VMware admin, so if you’re using a cloud implementation, the details may differ in places.


  1. Download the “Citrix App Layering” package from Citrix.
  2. Import the “Enterprise Layer Manager” or ELM (this is the UniDesk VM appliance) into your Hypervisor (VMware, XenServer, or cloud whatever.)
  3. Configure the ELM network from the hypervisor console.
  4. Login to the ELM via Internet Explorer (requires SilverLight) using administrator:Unidesk1
  5. Configure the ELM
    1. Change default password
    2. Configure HTTPS Certificate
    3. Setup a connector to a network share (also setup the share, see the link to Carl’s guide above)
    4. Setup Active Directory
    5. Setup Provisioning Services connector (if used) (requires an agent on the PVS server, and a reboot of the ELM after completing configuration)
  6. Create your OS Layer
    1. Create a new VM and install the desired OS
    2. Run Patches
    3. Install VM Toolstack/drivers
    4. Install/configure App Layering Package
    5. Shutdown, then Import into the ELM, creating your ELM Hypervisor connector in the process
  7. Create your Platform Layer
    1. Create platform layer from OS Layer (This creates a new VM on your hypervisor, you make the changes in that new VM)
    2. Install your VDA (Note details in Carl’s guide about user accounts and groups that need recreation)
    3. If using PVS, join the domain
    4. Run ngen updates
    5. Finalize from the administrator desktop shortcut
    6. After the VM finishes shutting down, finalize the platform layer from within the ELM.(This deletes the newly created VM, and captures the changes)
  8. Create your App Layers
    1. This is largely the same as the platform layer, create, install, finalize. There are suggestions and “recipies” that can make these easier/more functional on Carl’s guide.
  9. Create an “Image” from your collection of Layers
  10. Publish your “Image” to the configured connector.
  11. Throw something because you have to go back and fix a detail in a layer that you missed =)
Hopefully this helps in your planning.
Jul 112017

I have been using Full Desktop’s inside of XenApp forever. Lately I have been working on a project where I will be using only published apps. We are a CSP and a managed service provider who uses LabTech (Now ConnectWise Automate) to control all of our systems. LabTech uses a great remote access product called ScreenConnect to connect to the systems. All of this works flawlessly inside of a full desktop. However, when I published LabTech as a seamless app (LTClient.exe), everything seems to work fine except for ScreenConnect. I got a great Citrix engineer on the line who actually used all of the collected data I uploaded and troubleshot the issue. ConnectWise is actually a “ClickOnce” application which leverages dfsvc.exe to install and launch ScreenConnect. You can read this super exciting article on ClickOnce applications here.

Technically Citrix, nor Microsoft support any of these ClickOnce applications. Kudos on the Citrix engineer for continuing to work the issue with me, even though this is true. Luckily I already built a 2012R2 RemoteApp environment and was able to get this working to show Citrix this was not an application issue, but a Citrix seamless app issue. During troubleshooting he pointed me to this interesting article on ClickOnce and XenApp 6.5 here. I’m on 7.6 LTSR CU3, but still a good article on how this stuff works.

Anyway, after looking at the procmon information in the ticket, he quickly found that in the working scenario dfsvc.exe was calling ScreenConnect.WindowsClient.exe, where the seamless app was not. His “solution” was to simply run dfsvc.exe before calling LTClient.exe. Not really a “fix” but hell, it worked! So, I created a simple powershell script.

start-process "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe"
start-process "C:\Program Files (x86)\LabTech Client\LTClient.exe"

Lastly, I added dfsvc.exe to LogoffCheckSysModules per this CTX article.