Director 7.8

Last Modified: Nov 7, 2020 @ 6:35 am

Navigation

Director on Standalone Server

If you are installing Director 7.8 on a standalone server, see Citrix CTX142260 Installing or Upgrading to Citrix Director 7.6.200

  1. If you intend to install Director on a standalone server, start with running AutoSelect.exe from the XenApp/XenDesktop 7.8 media.
  2. On the right, click Citrix Director.
  3. It will ask you for the location of one Controller in the farm. Then finish the installation wizard.
  4. In IIS Manager, go to Default Web Site > Director > Application Settings, find Service.AutoDiscoveryAddresses and make sure it points to a Controller and not to localhost.

  5. If you built multiple Director servers, then use NetScaler to load balance them.

Director Grooming

If XenDesktop is not Platinum Edition then all historical Director data is groomed at 7 days.

For XenDesktop/XenApp Platinum Edition, by default, most of the historical Director data is groomed at 90 days. This can be adjusted up to 367 days by running a PowerShell cmdlet.

  1. On a XenDesktop Delivery Controller, run PowerShell and run asnp Citrix.*

  2. Run Get-MonitorConfiguration to see the current grooming settings.
  3. Run Set-MonitorConfiguration to change the grooming settings.

Director Single Sign-on

You can configure Director 7.8 to support Integrated Windows Authentication (Single Sign-on). Note: there seem to be issues when not connecting from the local machine or when connecting through a load balancer.

  1. Run IIS Manager. You can launch it from Server Manager (Tools menu) or from the Start Menu or by running inetmgr.
  2. On the left, expand Sites, expand Default Web Site, and click Director.
  3. In the middle, double-click Authentication in the IIS section. 
  4. Right-click Windows Authentication and Enable it.
  5. Right-click Anonymous Authentication and Disable it.
  6. Pass-through auth won’t work from another computer until you set the http SPN for the Director server. See Director 7.7 Windows Authentication not working with NS LB at discussions.citrix.com.
  7. If Director is not installed on a Controller then you’ll need to configure Kerberos delegation.
  8. If you are load balancing Director then additional config is required. See Director 7.7 Windows Authentication not working with NS LB at discussions.citrix.com for more info.
    1. Create an AD service account that will be used as the Director’s ApplicationPoolIdentity.
    2. Create SPN and link it to the service account.
      setspn -S http/loadbalanced_URL domain\user
    3. Trust the user account for delegation to any service (Kerberos only) (trust the Director servers for delegation is not necessary in this case). You have to create the SPN before you can do this step.
    4. In IIS manager, on the Application Pools (Director), specify the Identity as user we have created in step 1.
    5. In IIS manager, select Default Web Site and open the Configuration Editor.
    6. Use the drop-down to navigate to the following section:

      system.webServer/security/authentication/windowsAuthentication
    7. Set useAppPoolCredentials = True and useKernelMode = False. Click Apply on the top right.

  9. When you connect to Director you will be automatically logged in. You can change the login account by first logging off.
  10. Then change the drop-down to User credentials.

Director – Multiple XenDesktop Sites

  1. Run IIS Manager. You can launch it from Server Manager (Tools menu) or from the Start Menu or by running inetmgr.
  2. On the left, expand Sites, expand Default Web Site, and click Director.
  3. In the middle pane, double-click Application Settings.
  4. Find the entry for Service.AutoDiscoveryAddresses and double-click it.
  5. If Director is installed on a Controller, localhost should already be entered.
  6. Add a comma and the NetBIOS name of one of the controllers in the 2nd XenDesktop Site (farm). Only enter one Controller name. If you have multiple Director servers, you can point each Director server to a different Controller in the 2nd XenDesktop Site (farm).
  7. According to Citrix CTX200543 Desktop Director Access Fails After XenDesktop 7.5 is Upgraded to 7.6, the addresses should be NetBIOS names, not FQDN. Click OK.

Director Alerts and Notifications

Director 7.8 supports alert conditions and email notifications. This feature requires XenApp/XenDesktop to be licensed with Platinum Edition. See Citrix Blog Post Configuring & Managing Alerts and Notifications Using Director for more information.

  1. While logged into Director, at the top of the page click the Alerts button.
  2. Switch to the Email Server Configuration tab.
  3. Enter your SMTP information and click Send Test Message. Then click Save.

  4. Switch to the Citrix Alerts Policy tab.
  5. There are three high-level categories of alerts: Site Policy, Delivery Group Policy, and Server OS Policy. Click whichever one you want to configure.
  6. Then click Create.
  7. Give the alert a name.
  8. On the bottom left, select a condition and enter thresholds.
  9. On the bottom right, in the Notifications preferences section, click Add.
  10. Enter an email address and click Add.
  11. Click Save when done. Feel free to create more alerts and notifications.
  12. Citrix has an experimental Desktop Notification Tool. See Citrix Blog Post Desktop Notification Tool For Citrix XenDesktop. 💡
    ablogpic2

Director – SCOM Integration

Director 7.8 can display alerts from System Center Operations Manager 2012 R2. This feature requires XenApp/XenDesktop Platinum Edition.

  1. See Configure SCOM integration at docs.citrix.com for detailed configuration instructions. Also see Marius Sandbu Integrating Citrix XenDesktop 7.7 and System Center Operations Manager.
  2. If Director server or System Center Operations Manager server is 2008 R2, then login to the 2008 R2 server, open PowerShell and run Enable-PSRemoting. Yes to everything. This is not needed on Windows Server 2012 R2 servers.
  3. On Director 7.8 server, run C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /configscom
  4. FYI, the DirectorConfig.exe /configscom command enables the following features on the Director server: /FeatureName:IIS-NetFxExtensibility45 /FeatureName:IIS-ASPNET45 /FeatureName:WCF-HTTP-Activation45
  5. FYI, the System Center Operations Manager server is listed in IIS Manager at Default Web Site > Director > Application Settings (middle pane) > Connector.SCOM.ManagementServer.
  6. On the System Center Operations Manager server, edit Remote Management Users local group and add Citrix Admins and other Director users.
  7. In System Center Operations Manager Console, go to Administration > User Roles and edit Operations Manager Operators. Add the Citrix Admins and other Director users.
  8. See Citrix Blog Post SCOM Alerts in Citrix Director for information on how to view System Center Operations Manager alerts in Director.

Director Tweaks

Prepopulate the domain field

From http://www.xenblog.dk/?p=33: On the Controllers having the Director role installed, locate and edit the ‘LogOn.aspx’ file. By default you can find it at “C:\inetpub\wwwroot\Director\Logon.aspx”

In line 450 you will have the following. To find the line, search for ID=”Domain”. Note: onblur and onfocus attributes were added in newer versions of Director.

<asp:TextBox ID="Domain" runat="server" CssClass="text-box" onfocus="showIndicator(this);" onblur="hideIndicator(this);"></asp:TextBox>

In the ID=”Domain” element, insert a Text attribute and set it to your domain name. Don’t change or add any other attributes. Save the file.

<asp:TextBox ID="Domain" runat="server" Text="Corp" CssClass="text-box" onfocus="showIndicator(this);" onblur="hideIndicator(this);"></asp:TextBox>

This will prepopulate the domain field text box with your domain name and still allow the user to change it, if that should be required. Note: this only seems to work if Single Sign-on is disabled.

Session timeout

By default the idle time session limit of the Director is 245 min. If you wish to change the timeout, here is how to do it.

  1. Log on to the Director Server as an administrator
  2. Open the ‘IIS Manager’
  3. Browse to ‘SitesDefault Web SiteDirector’ in the left hand pane.
  4. Open ‘Session State’ in the right hand pane
  5. Change the ‘Time-out (in minutes)’ value under ‘Cookie Settings’
  6. Click ‘Apply’ in the Actions list

SSL Check

From http://euc.consulting/blog/citrix-desktop-director-2-1: If you are not securing Director with an SSL certificate you will get this error at the logon screen.

To stop this:

  1. Log on to the Director Server as an administrator
  2. Open the ‘IIS Manager’
  3. Browse to ‘SitesDefault Web SiteDirector’ in the left hand pane.
  4. Open ‘Application Settings’ in the right hand pane
  5. Set EnableSslCheck to false.

Disable Activity Manager

From Disable the visibility of running applications in the Activity Manager in Advanced Configuration at docs.citrix.com: By default, the Activity Manager in Director displays a list of all the running applications and the Windows description in the title bars of any open applications for the user’s session. This information can be viewed by all administrators that have access to the Activity Manager feature in Director. For Delegated Administrator roles, this includes Full administrator, Delivery Group administrator, and Help Desk Administrator.

To protect the privacy of users and the applications they are running, you can disable the Applications tab from listing running applications.

  • On the VDA, modify the registry key located at HKLM\Software\Citrix\Director\TaskManagerDataDisplayed. By default, the key is set to 1. Change the value to 0, which means the information will not be displayed in the Activity Manager.
  • On the server with Director installed, modify the setting that controls the visibility of running applications. By default, the value is true, which allows visibility of running applications in the Applications Change the value to false, which disables visibility. This option affects only the Activity Manager in Director, not the VDA. Modify the value of the following setting:
    UI.TaskManager.EnableApplications = false

Large Active Directory

From CTX133013 Desktop Director User Account Search Process is Slow or Fails: By default, all the Global Catalogs for the Active Directory Forest are searched using Lightweight Directory Access Protocol (LDAP). In a large Active Directory environment, this query can take some time or even time out.

  1. In Information Server (IIS) Management, under the Desktop Director site, select Application Settings and add a new value called ActiveDirectory.ForestSearch. Set it to False. This disables searching any domain except the user’s domain and the server’s domain.
  2. To search more domains, add the searchable domain or domains in the ActiveDirectory.Domains field.

Site Groups

From Citrix Blog Post Citrix Director 7.6 Deep-Dive Part 4: Troubleshooting Machines:

If there are a large number of machines, the Director administrator can now configure site groups to perform machine search so that they can narrow down searching for the machine inside a site group. The site groups can be created on the Director server by running the configuration tool via command line by running the command:

C:\inetpub\wwwroot\Director\tools\DirectorConfig.exe /createsitegroups

Then provide a site group name and IP address of the delivery controller of the site to create the site group.

Director – Saved Filters

From Scott Osborne and Jarian Gibson at Citrix Discussions: In Director, you can create a filter and save it.

The saved filter is then accessible from the Filters menu structure.

The saved filters are stored on each Director server at C:\Inetpub\wwwroot\Director\UserData. Observations:

  • Each user has their own saved filters.
  • The saved filters are not replicated across Director servers. You can schedule a robocopy script to do this automatically.
  • When upgrading Director, the saved filters are deleted?

Director – Custom Reports

The Monitoring database contains more data than is exposed in Director. To view this data, the Monitoring service has an OData Data Feed that can be queried.

Go to Citrix Blog Post Obtain XenDesktop Custom report through Citrix Director and download the tool. Once installed, in Director, go to Trends > CustomReport to construct an oData query.


55 thoughts on “Director 7.8”

  1. I have Director 7.8 installed and I’m running into issues when trying to test email alerts. (Some data source unknown error). Is there a way to remove the email comfirguration settings? When I’m on the email server configuration tab there is no “remove settings” button.

    1. Have you considered upgrading your Controllers to a supported version? I suspect that Citrix Support will tell you to upgrade if you call them.

      1. Director and VDA are both on version 7.8. Are you saying I would need to upgrade both? Is 7.8 not a supported version?

        1. The only officially supported versions are 7.6 LTSR, and 7.13 and 7.14 (the two recent Current Releases).

          Yes, Director also needs upgrading. VDAs can probably stay at 7.8 and you can upgrade at your leisure.

          1. Director is heavily dependent on the Monitoring service built into the Controllers.

  2. Hello Carl, I went through the steps to configure SSO with Director (XenApp 7.6 LTSR CU3) with a single server and couldn’t get it to work. I went back and reverted the changes back to the way it was before but now Director is take 20-30 seconds after login to load the screens. Any idea what would have caused this? Thanks

      1. That’s correct. Kicking myself for not taking a snap shot. lol. Would I need to delete the spn for some reason?

      2. Or maybe a Director re-install? Does it hurt anything to uninstall Director and re-install it? I only have the 1 server so I would hate to lose any data or break it even further.

        1. Other than Saved Filters, there’s no data on Director server. It gets its data from the Monitoring database. So uninstall/reinstall is fine.

          1. Well I uninstalled Director, removed IIS, reinstalled both…still the same thing. 30 seconds to login. I installed director on a different random server and it works fine. any other ideas?

          2. Finally got things back to normal after wiping out director and IIS again and making sure everything got deleted correctly.

  3. Carl,
    Have you been able to get SSO working from a remote computer or through a load balancer?

    It currently works fine if i am logged into the director server but if I access the URL from any other computer no go, same result though a LBVIP on the NS.

    Any suggestions would be greatly appreciated.

    XenApp/Desktop 7.11, Director 7.11

  4. Hi,
    In our old desktop director 2.0.1 we have several VDI desktop groups created we have to have such as VDI’s used as robots, for training, pooled, testing etc..we can easily find as they are all grouped together under their own names with x amount of VDI’s under each group. In the new desktop director 7.8 we currently have no such thing. Can 7.8 be configured to show the same groupings ?

    1. Are you asking about custom machine groups that are different from your Delivery Groups? In Director 7.x, you can create Custom Filters and save them. Otherwise, it shows machines based on Delivery Group.

  5. Hi Carl,
    short update to Director Tweaks -> Prepopulate the domain field:
    I found a solution for pre populate the Domain field even if SSON is enabled:
    You need to adjust the following line:

    313: domain.value = “”;

    within the function enableSelectedAuthentication()

    Best regards,
    Steffen

  6. Hello Carl,

    Thanks for such very good documents.
    I have to increase Director grooming up to 367 days. Could you please let me know what is the exact parameters need to change via power shell command Set-MonitorConfiguration.

    My Citrix Director version is 7.9.

  7. HI carl

    we have 4 director servers we need one name given to service desk for website to open . is that possible ? we are not using netscaler to load balance though

  8. Hi Carl

    We have an admin server (192.168.x.x) which connects to Director server in another net (172.25.x.x), same domains. Enabling the SSO brings up the credentials window to fill in – is there a way to use SSO as well?

    Thanks
    Udo

  9. We are running Director 7.6.100.1 with XenDesktop 7.6. When you try connect to director from a pc or publish app it takes a very long time to populate, sometime it doesn’t populate. Either Director is not configured right or it needs some hotfixes.

    1. By “hotfixes”, are you asking if there are updates for Director? If you’re on LTSR, then I would install the Director that’s in 7.6 LTSR Cumulative Update 2.

  10. Quick question about Director 7.8.
    I see in your documentation that you show how to add multiple domains/site for Director.
    I am wondering if you have any tips for doing the opposite.
    I am setting up a multi tenant environment with 1 AD. Using CPSM.
    Each tenant gets their own OU under the Customers OU.
    I want to empower tenant admins to be able to go into Director, search for their users and logoff sessions etc.
    I have added the “PROXY tenant USERS” domain group as an Administrator with HelpDesk role in XA7.8.
    Problem is, when the tenant admin does a user search, they see accounts from other OUs like the USER OU.
    This appears to be because the Authenticated Users group has read permissions on the other OUs.
    Do you know if there is any way to lock down the Director User Search function to a specific root OU?
    e.g. CN=Customers,DC=V1,DC=COM

  11. Is it possible for SSO to work with accounts from trusted domains? I can only SSO if I am logged in with a user account in the same domain as the DDC.

    1. I don’t think I’ve tried other domains. But I’ve had so many problems with it I’ve basically given up.

      1. Well, Kerberos delegation is supported in single-forest/single-domain setup only. There is support for Kerberos delegation proxy that can cross AD forests/domain in 2012 Server, need sometime to experiment with it.

  12. Hey Carl. If I had 2 x Controllers and also had the Director Role installed on the same servers as the Controller VM’s is it possible to Load Balance Director via Netscaler VIP using say a round-robin config to load balance?

    1. Are you asking if you can load balance? Of course.

      Or are you asking if round robin is a good load balancing algorithm? Usually it’s preferred to do Least Connections with Persistence.

        1. Yep, works fine. Only browser users (Director users) will use the VIP. Your VDAs will continue to go directly to each Controller.

  13. Hi Carl, we have a problem with the Director and killing a process. If we want to kill a process like adobe reader, we will get the error “Action failed. Data source unresponsive or reported an error. View server event logs for further information.” In our log is this: ‘Failed to execute broker synchronous command=EndProcess’ and ‘Failed to execute broker synchronous command=GetRunningApplications’. May you can help us?

  14. Do you know if SCOM & Director 7.8 integration is working if running SCOM server with Windows Server 2012? Pre-reqs says that SCOM should be running Windows Server 2012 R2.

    1. I have not tried it so not sure. Try posting your question to discussions.citrix.com where the Citrix product managers sometimes reply.

  15. Hi Carl/All,

    Great article! I just tried to upgrade director 7.6 to 7.8 using the XenDesktop 7.8 dvd, but after I performed the upgrade, the version shows up as 7.6.100. The controllers are at 7.7. After upgrading Director to 7.8 does anyone know what version shows up on the pull-down menu at the top when you select “About Director” ?

    –Max

      1. Carl,
        Thanks for your reply! I was finally able to get it to show 7.8. I tried your suggestion but it still showed 7.6. I think I had a bad installation, because I tried the installation again and it worked fine.
        –Max

  16. custom report is a great idea. Sadly it doesn’t work in our environment due to pop up’s blocked. I’d imagine this is quite common in a lot of environments which renders the plugin a bit useless. Seems like loads of other people have the same problem with the export button not doing anything or data not being exported. Hopefully they can sort this out and include custom reports in a future director as standard.

  17. Hi Carl,

    Presently have been deployed complete Xendesktop 7.6 with director 7.6.300 Build 2 but there is Alert and notification feature is missing I want to upgrade my director server without upgrading other management server for getting other features i.e. 7.7 or 7.8 is it possible?

    1. You can upgrade Director any time. But you only get alerts if the Controllers are also 7.7 or newer.

  18. Hi Carl —
    Nice blog, great info.

    We’re currently running XenApp 6.5 with Edgesight 5.4. I do a LOT of reporting to our business lines on user/application usage primarily using Edgesight’s Session Duration report. I have Edgesight set to capture 45 days worth of usage data (the data “grooming” settings).

    How would this be done in XA 7.8/Director? Is there a back-end database for historical data? Do I have the flexibility to define the data capture intervals such as what’s in Grooming in Edgesight? Does Director use Reporting Services or some other reporting method?

    What I want is (from my vantage point) pretty simple, but I haven’t been able to find anything in the docs that tells me if this can be done, and if so how and how configurable is it?

    TIA for any insight you may have!

    Greg

  19. I’m surprised there is not a Self Service Role for Director. It would be nice if a user could login, reset their profile and logoff any hung sessions. I’ve been doing some searching to see if it can be done in Director, otherwise, I will continue to use custom scripts as published applications. Do you know of any good self service tools that integrate easily with XenApp 7.8 and AppSense?

  20. Hi Carl
    thanks once again for the information. Do you know if director 7.7 or 7.8 can be used with xda 7.6.

Leave a Reply to OLZ Cancel reply

Your email address will not be published. Required fields are marked *